u盘中了vbs病毒怎么办_u盘vbs病毒杀不干净_vbs病毒(11)

CallWriteReg('HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\open\command\',Value1, 'REG_EXPAND_SZ')

CallWriteReg('HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\explore\command\',Value2, 'REG_EXPAND_SZ')

End Sub

Function GetSerialNumber(Drv)'获取驱动器序列号的绝对值

On Error Resume Next

Set d=fso.GetDrive(Drv)

GetSerialNumber=d.SerialNumber'返回十进制序列号，用于唯一标识一个磁盘卷

GetSerialNumber=Replace(GetSerialNumber,'-','')'去掉负号

End Function

Function GetMainVirus(N)'根据N的值获取不同的字符串

On Error Resume Next

MainVirusName=GetSerialNumber(GetSystemDrive())&'.vbs''以驱动器的序列号绝对值为vbs病毒的名字

If GetFileSystemType(GetSystemDrive())='NTFS' Then'系统盘是NTFS分区

If N=1 Then

GetMainVirus=Fso.GetSpecialFolder(N)&'\smss.exe:'&MainVirusName'返回'c:\windows\system32\smss.exe:72161642.vbs'

End If

If N=0 Then

GetMainVirus=Fso.GetSpecialFolder(N)&'\explorer.exe:'&MainVirusName'返回'c:\windows\explorer.exe:72161642.vbs'

End If

Else'系统盘是FAT32分区

GetMainVirus=Fso.GetSpecialFolder(N)&'\'&MainVirusName'返回'c:\windows\72161642.vbs'或者'c:\windows\system32\72161642.vbs'

End If

End Function

Function VBSProcessCount(VBSPath)'返回指定路径vbs脚本的运行个数

On Error Resume Next

Dim WMIService, ProcessList, Process

VBSProcessCount=0

Set WMIService=GetObject('winmgmts:\\.\root\cimv2')

Set ProcessList=WMIService.ExecQuery('Select * from Win32_ProcessWhere '&'Name='cscript.exe' or or')

For Each Process in ProcessList

If InStr(Process.CommandLine, VBSPath)>0 Then

VBSProcessCount=VBSProcessCount+1

本文来自电脑杂谈，转载请注明本文网址：
http://www.pc-fly.com/a/jisuanjixue/article-25802-11.html