设为首页收藏本站
开启辅助访问 切换到宽版

无忧启动论坛

 找回密码
 注册
搜索
无忧启动论坛»论坛 ::启动制作:: 脚本讨论区 exe文件运行后,强制删除自身程序,并且程序还要正常运行?
系统gho:最纯净好用系统下载站投放广告、加入VIP会员,请联系 微信:wuyouceo
返回列表 发新帖
查看: 12547|回复: 20
打印 上一主题 下一主题

exe文件运行后,强制删除自身程序,并且程序还要正常运行?

[复制链接]
安情
跳转到指定楼层
1#
发表于 2006-8-20 15:02:35 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
加入VIP会员,获无忧币,赠积分,送勋章,下载无限制,获论坛最高级会员权限 !
exe文件运行后,强制删除自身程序,并且程序还要正常运行?
有什么办法没有?
此exe运行在xp下?
回复

使用道具 举报

2#
发表于 2006-8-20 18:24:30 | 只看该作者
ms lz 真得在研究病毒。。。

不会编程不可能吧
回复

使用道具 举报

namejm
3#
发表于 2006-8-20 18:40:40 | 只看该作者
  安情,你这想法也太离谱了吧。皮之不存,毛将焉附?程序都被你删了,你还能指望它能运行,并且正常运行吗?

[ 本帖最后由 namejm 于 2006-8-20 08:06 PM 编辑 ]
回复

使用道具 举报

bdfcy
4#
发表于 2006-8-20 19:27:50 | 只看该作者
运行时把自身复制到临时目录,再运行临时目录的,删除自身
回复

使用道具 举报

安情
5#
 楼主| 发表于 2006-8-20 20:05:52 | 只看该作者
原帖由 bdfcy 于 2006-8-20 07:27 PM 发表
运行时把自身复制到临时目录,再运行临时目录的,删除自身



这种方法,我想过.不过,在进程表里,还是能找到它的路径,如果能隐藏自身的进程,这处方法,可取!
在批处理中,实现这种可能,应该不可能吧?我找不到,所以发在dos区了?
回复

使用道具 举报

6#
发表于 2006-8-20 22:01:08 | 只看该作者
你的要求根本就是运行病毒,只有病毒可以在进程里面不显示。
回复

使用道具 举报

cjzzz
7#
发表于 2006-8-20 22:24:08 | 只看该作者
fu.exe    隐藏进程   杀毒软件会报

https://www.rootkit.com/vault/fuzen_op/FU_Rootkit.zip
回复

使用道具 举报

安情
8#
 楼主| 发表于 2006-8-21 00:19:12 | 只看该作者
原帖由 cjzzz 于 2006-8-20 10:24 PM 发表
fu.exe    隐藏进程   杀毒软件会报

https://www.rootkit.com/vault/fuzen_op/FU_Rootkit.zip


谢谢提供,不过,杀毒软件会报,哪根本无法运行.实时监控会kill它的

声明,我不是制造病毒,可没哪种水平
只是,想保护指定的程序,不被复制和剪切,本来,已经做成一半了,就差后半部分了.
回复

使用道具 举报

9#
发表于 2006-8-21 09:14:20 | 只看该作者
可以参考一些病毒、木马的做法,运行时在系统文件夹按随机名称生成一个可执行文件,执行完毕再删除它,这样会比较安全些,一般人也不会在运行这个文件的当儿去扫描他的系统文件夹有什么变化。
回复

使用道具 举报

安情
10#
 楼主| 发表于 2006-8-21 17:40:48 | 只看该作者
原帖由 老毛桃 于 2006-8-21 09:14 AM 发表
可以参考一些病毒、木马的做法,运行时在系统文件夹按随机名称生成一个可执行文件,执行完毕再删除它,这样会比较安全些,一般人也不会在运行这个文件的当儿去扫描他的系统文件夹有什么变化。



不知老毛桃的想法,可不可以用批处理实现它
如果能,请帮写一段作为参考.谢谢
前提是,我已经用了qbfc,所以是在bat中,调用可执行程序.但是qbfc,会释放出原程序,这样,就失去保护的作用了.我指在本机上
回复

使用道具 举报

11#
发表于 2006-8-22 15:15:44 | 只看该作者
你可以做成个自解包,自解包解压到临时目录,并且自解包解压后运行cmd,在icmd里再删除那些个文件
回复

使用道具 举报

安情
12#
 楼主| 发表于 2006-8-23 08:43:18 | 只看该作者
只要文件运行中,就无法删除,而运行副本文件,通过进程管理器,又能找到副本的位置.所以,需要用专门的程序语言进行编译.才能达到我要的目地.
此帖可以删除了.
回复

使用道具 举报

13#
发表于 2006-8-29 09:47:08 | 只看该作者
偶现在遇到一个:
1、在注册 表键值中删除了那个恶意代码,它会自动再加上;
2、删除原文件后它会很快再复原;
。。。。。。也就是这个文件不能从我的机器上弄走

。。。晕了晕!

\windows\winlogon.exe
\windows\ExeRoute.exe

注册表中的是:Trojan Program >\windows\winlogon.exe
回复

使用道具 举报

zts59
14#
发表于 2006-8-29 18:55:17 | 只看该作者
让他自己改一下自己程序名
回复

使用道具 举报

namejm
15#
发表于 2006-8-29 22:48:56 | 只看该作者
  呵呵,恭喜你,你中了最近比较流行的木马——落雪。

  在网上找到了一个比较完美的批处理解决方案,张贴如下:

  2. @echo off
  3. cls
  4. echo ***********************************************************
  5. echo   此文件用于清除WINLOGON系列木马并修复其破坏的注册表信息
  6. echo                 警告:只适用于XP操作系统
  7. echo   空指针 制作     感谢 风乱舞 鼎力相助并提供系统优化功能
  8. echo ***********************************************************
  9. echo    名称:WINLOGON系列木马修复程序
  10. echo    功能:
  11. echo        1. 删除木马相关文件
  12. echo        2. 修复被木马修改的系统关联
  13. echo        3. 部分系统优化(ADSL拨号.桌面速度.IE速度.等部分系统优化)
  14. echo.        

  16. pause
  17. cls
  18. @SETLOCAL
  19. @rem 活动代码页设为中文
  20. @chcp 936>nul 2>nul
  21. @echo.
  22. @echo ************************************************************
  23. @echo *                                                          *
  24. @echo *    欢迎使用WINLOGON系列木马清除/修复程序              *
  25. @echo *                                                          *
  26. @echo ************************************************************

  28. :chkOS
  29. @echo.
  30. @ver|find "XP"
  31. @if "%ERRORLEVEL%"=="0" goto :XP
  32. @echo.
  33. @echo #您的操作系统不是Windows XP,无法使用。
  34. @goto quit

  36. @rem 在下面语句插不同系统的不同命令
  37. :XP
  38. @set UpdatePolicy=GPUpdate /Force
  39. @goto Selection

  41. :Selection
  42. @rem User Choice
  43. @echo.
  44. @echo    请注意选择您的操作系统安装在哪个分区
  45. @echo    我要进行功能选择:
  46. @echo.
  47. @echo 1: 我的XP系统安装在C盘
  48. @echo 2: 我的XP系统安装在D盘
  49. @echo 3: 我想做部分系统优化(网络.桌面.速度)
  50. @echo 4: 退出
  51. @echo.
  52. @set /p UserSelection=请输入您的选择(1=C盘、2=D盘、3=系统优化、4=退出程序)后按回车:
  53. @if "%UserSelection%"=="1" goto C
  54. @if "%UserSelection%"=="2" goto D
  55. @if "%UserSelection%"=="3" goto good
  56. @if "%UserSelection%"=="4" goto quit
  57. @rem 输入其他字符
  58. @cls
  59. @goto Selection


  62. :C
  63. if exist c:\windows\1.com  attrib -s -r -h c:\windows\1.com
  64. if exist c:\windows\exeroute.exe  attrib -s -r -h c:\windows\exeroute.exe
  65. if exist c:\windows\explorer.com  attrib -s -r -h c:\windows\explorer.com
  66. if exist C:\WINDOWS\EXERT.exe  attrib -s -r -h C:\WINDOWS\EXERT.exe
  67. if exist c:\windows\finder.com attrib -s -r -h c:\windows\finder.com
  68. if exist C:\WINDOWS\IO.SYS.BAK attrib -s -r -h C:\WINDOWS\IO.SYS.BAK
  69. if exist C:\WINDOWS\lsass.exe attrib -s -r -h C:\WINDOWS\lsass.exe
  70. if exist c:\windows\services.exe attrib -s -r -h c:\windows\services.exe
  71. if exist c:\windows\SMSS.EXE attrib -s -r -h c:\windows\SMSS.EXE
  72. if exist c:\windows\WINLOGON.exe attrib -s -r -h c:\windows\WINLOGON.exe
  73. if exist c:\windows\debug\debugprogram.exe attrib -s -r -h c:\windows\debug\debugprogram.exe
  74. if exist c:\progra~1\common~1\iexplore.pif attrib -s -r -h c:\progra~1\common~1\iexplore.pif
  75. if exist c:\progra~1\intern~1\iexplore.com attrib -s -r -h c:\progra~1\intern~1\iexplore.com
  76. if exist c:\windows\system32\command.pif attrib -s -r -h c:\windows\system32\command.pif
  77. if exist c:\windows\system32\dxdiag.com attrib -s -r -h c:\windows\system32\dxdiag.com
  78. if exist c:\windows\system32\finder.com attrib -s -r -h c:\windows\system32\finder.com
  79. if exist c:\windows\system32\i.com attrib -s -r -h c:\windows\system32\i.com
  80. if exist c:\windows\system32\msconfig.com attrib -s -r -h c:\windows\system32\msconfig.com
  81. if exist c:\windows\system32\regedit.com attrib -s -r -h c:\windows\system32\regedit.com
  82. if exist c:\windows\system32\rundll32.com attrib -s -r -h c:\windows\system32\rundll32.com
  83. if exist d:\pagefile.pif attrib -s -r -h d:\pagefile.pif
  84. if exist d:\command.com attrib -s -r -h d:\command.com
  85. if exist d:\autorun.inf attrib -s -r -h d:\autorun.inf

  87. echo ************************************************************
  88. @echo 删除病毒文件

  90. @echo off
  91. if exist c:\windows\1.com  del c:\windows\1.com
  92. if exist c:\windows\exeroute.exe  del c:\windows\exeroute.exe
  93. if exist c:\windows\explorer.com  del c:\windows\explorer.com
  94. if exist C:\WINDOWS\EXERT.exe  del C:\WINDOWS\EXERT.exe
  95. if exist c:\windows\finder.com del c:\windows\finder.com
  96. if exist C:\WINDOWS\IO.SYS.BAK del C:\WINDOWS\IO.SYS.BAK
  97. if exist C:\WINDOWS\lsass.exe del C:\WINDOWS\lsass.exe
  98. if exist c:\windows\services.exe del c:\windows\services.exe
  99. if exist c:\windows\SMSS.EXE del c:\windows\SMSS.EXE
  100. if exist c:\windows\WINLOGON.exe del c:\windows\WINLOGON.exe
  101. if exist c:\windows\debug\debugprogram.exe del c:\windows\debug\debugprogram.exe
  102. if exist c:\progra~1\common~1\iexplore.pif del c:\progra~1\common~1\iexplore.pif
  103. if exist c:\progra~1\intern~1\iexplore.com del c:\progra~1\intern~1\iexplore.com
  104. if exist c:\windows\system32\command.pif del c:\windows\system32\command.pif
  105. if exist c:\windows\system32\dxdiag.com del c:\windows\system32\dxdiag.com
  106. if exist c:\windows\system32\finder.com del c:\windows\system32\finder.com
  107. if exist c:\windows\system32\i.com del c:\windows\system32\i.com
  108. if exist c:\windows\system32\msconfig.com del c:\windows\system32\msconfig.com
  109. if exist c:\windows\system32\regedit.com del c:\windows\system32\regedit.com
  110. if exist c:\windows\system32\rundll32.com del c:\windows\system32\rundll32.com
  111. if exist d:\pagefile.pif del d:\pagefile.pif
  112. if exist d:\command.com del d:\command.com
  113. if exist d:\autorun.inf del d:\autorun.inf

  115. @echo ***********************************************************
  116. @echo *         已删除可能的病毒文件,按任意键修复注册表信息     *
  117. @echo ***********************************************************



  121. @echo Windows Registry Editor Version 5.00>Fix.reg
  122. @echo [HKEY_CLASSES_ROOT\exefile\shell\open\command]>>Fix.reg
  123. @echo @=hex(2):22,00,25,00,31,00,22,00,20,00,25,00,2A,00,00,00>>Fix.reg
  124. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe]>>Fix.reg
  125. @echo @="exefile">>Fix.reg
  126. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command]>>Fix.reg
  127. @echo @=hex(2):22,00,43,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,00,00>>Fix.reg

  129. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\shell\open\command]>>Fix.reg
  130. @echo @=hex(2):22,00,43,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,20,00,25,00,31,00,00,00>>Fix.reg

  132. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\command]>>Fix.reg
  133. @echo @=hex(2):22,00,43,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,20,00,25,00,31,00,00,00>>Fix.reg

  135. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\open\command]>>Fix.reg
  136. @echo @=hex(2):22,00,43,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,20,00,2D,00,6E,00,6F,00,68,00,6F,00,6D,00,65,00,00,00>>Fix.reg

  138. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HTTP\shell\open\command]>>Fix.reg
  139. @echo @=hex(2):22,00,43,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,20,00,2D,00,6E,00,6F,00,68,00,6F,00,6D,00,65,00,00,00>>Fix.reg

  141. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet]>>Fix.reg
  142. @echo @=hex(2):49,00,45,00,58,00,50,00,4C,00,4F,00,52,00,45,00,2E,00,45,00,58,00,45,00,00,00>>Fix.reg

  144. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfc\ShellNew\Command]>>Fix.reg
  145. @echo @=->>Fix.reg

  147. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\find\command]>>Fix.reg
  148. @echo @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00>>Fix.reg

  150. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\print\command]>>Fix.reg
  151. @echo @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00>>Fix.reg

  153. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\Install\command]>>Fix.reg
  154. @echo @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,73,00,65,00,74,00,75,00,70,00,61,00,70,00,69,00,2c,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,48,00,69,00,6e,00,66,00,53,00,65,00,63,00,74,00,69,00,6f,00,6e,00,20,00,44,00,65,00,66,00,61,00,75,00,6c,00,74,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,20,00,31,00,33,00,32,00,20,00,25,00,31,00,00,00>>Fix.reg

  156. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]>>Fix.reg
  157. @echo @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,4f,00,70,00,65,00,6e,00,41,00,73,00,5f,00,52,00,75,00,6e,00,44,00,4c,00,4c,00,20,00,25,00,31,00,00,00>>Fix.reg

  159. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\ShellNew\Command]>>Fix.reg
  160. @echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,61,00,70,00,70,00,77,00,69,00,7A,00,2E,00,63,00,70,00,6C,00,2C,00,4E,00,65,00,77,00,4C,00,69,00,6E,00,6B,00,48,00,65,00,72,00,65,00,20,00,25,00,31,00,00,00>>Fix.reg

  162. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cplfile\shell\cplopen\command\]>>Fix.reg
  163. @echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,73,00,68,00,65,00,6C,00,6C,00,33,00,32,00,2E,00,64,00,6C,00,6C,00,2C,00,43,00,6F,00,6E,00,74,00,72,00,6F,00,6C,00,5F,00,52,00,75,00,6E,00,44,00,4C,00,4C,00,20,00,22,00,25,00,31,00,22,00,2C,00,25,00,2A,00,00,00>>Fix.reg

  165. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\shell\open\command\]>>Fix.reg
  166. @echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,73,00,68,00,64,00,6F,00,63,00,76,00,77,00,2E,00,64,00,6C,00,6C,00,2C,00,4F,00,70,00,65,00,6E,00,55,00,52,00,4C,00,20,00,6C,00,00,00>>Fix.reg

  168. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scrfile\shell\install\command\]>>Fix.reg
  169. @echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,64,00,65,00,73,00,6B,00,2E,00,63,00,70,00,6C,00,2C,00,49,00,6E,00,73,00,74,00,61,00,6C,00,6C,00,53,00,63,00,72,00,65,00,65,00,6E,00,53,00,61,00,76,00,65,00,72,00,20,00,6C,00,00,00>>Fix.reg

  171. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scriptletfile\Shell\Generate Typelib\command\]>>Fix.reg
  172. @echo @=hex(2):22,00,43,00,3A,00,5C,00,57,00,49,00,4E,00,44,00,4F,00,57,00,53,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,33,00,32,00,5C,00,52,00,55,00,4E,00,44,00,4C,00,4C,00,33,00,32,00,2E,00,45,00,58,00,45,00,22,00,20,00,43,00,3A,00,5C,00,57,00,49,00,4E,00,44,00,4F,00,57,00,53,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,33,00,32,00,5C,00,73,00,63,00,72,00,6F,00,62,00,6A,00,2E,00,64,00,6C,00,6C,00,2C,00,47,00,65,00,6E,00,65,00,72,00,61,00,74,00,65,00,54,00,79,00,70,00,65,00,4C,00,69,00,62,00,20,00,22,00,25,00,31,00,22,00,00,00>>Fix.reg

  174. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\telnet\shell\open\command\]>>Fix.reg
  175. @echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,75,00,72,00,6C,00,2E,00,64,00,6C,00,6C,00,2C,00,54,00,65,00,6C,00,6E,00,65,00,74,00,50,00,72,00,6F,00,74,00,6F,00,63,00,6F,00,6C,00,48,00,61,00,6E,00,64,00,6C,00,65,00,72,00,20,00,6C,00,00,00>>Fix.reg

  177. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]>>Fix.reg
  178. @echo "Shell"="Explorer.exe">>Fix.reg

  180. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]>>Fix.reg
  181. @echo "Userinit"=hex(2):43,00,3A,00,5C,00,77,00,69,00,6E,00,64,00,6F,00,77,00,73,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,33,00,32,00,5C,00,75,00,73,00,65,00,72,00,69,00,6E,00,69,00,74,00,2E,00,65,00,78,00,65,00,00,00>>Fix.reg>>Fix.reg

  183. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>Fix.reg
  184. @echo "ToP"=->>Fix.reg

  186. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>Fix.reg
  187. @echo "TProgram"=->>Fix.reg

  189. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]>>Fix.reg
  190. @echo "TProgram"=->>Fix.reg

  192. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>Fix.reg
  193. @echo "Torjan Program"=->>Fix.reg

  195. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]>>Fix.reg
  196. @echo "Torjan Program"=->>Fix.reg
  197. echo.

  199. @pause
  200. start /w regedit /s Fix.reg
  201. del Fix.reg
  202. echo.
  203. @echo ***********************************************************
  204. @echo *                修复已知被破坏的文件关联成功               *
  205. @echo ***********************************************************
  206. echo.
  207. @echo 按任意键,返回选择
  208. @pause
  209. @cls
  210. @goto Selection

  212. :D
  213. if exist d:\windows\1.com  attrib -s -r -h d:\windows\1.com
  214. if exist d:\windows\exeroute.exe  attrib -s -r -h d:\windows\exeroute.exe
  215. if exist d:\windows\explorer.com  attrib -s -r -h d:\windows\explorer.com
  216. if exist d:\WINDOWS\EXERT.exe  attrib -s -r -h d:\WINDOWS\EXERT.exe
  217. if exist d:\windows\finder.com attrib -s -r -h d:\windows\finder.com
  218. if exist d:\WINDOWS\IO.SYS.BAK attrib -s -r -h d:\WINDOWS\IO.SYS.BAK
  219. if exist d:\WINDOWS\lsass.exe attrib -s -r -h d:\WINDOWS\lsass.exe
  220. if exist d:\windows\services.exe attrib -s -r -h d:\windows\services.exe
  221. if exist d:\windows\SMSS.EXE attrib -s -r -h d:\windows\SMSS.EXE
  222. if exist d:\windows\WINLOGON.exe attrib -s -r -h d:\windows\WINLOGON.exe
  223. if exist d:\windows\debug\debugprogram.exe attrib -s -r -h d:\windows\debug\debugprogram.exe
  224. if exist d:\progra~1\common~1\iexplore.pif attrib -s -r -h d:\progra~1\common~1\iexplore.pif
  225. if exist d:\progra~1\intern~1\iexplore.com attrib -s -r -h d:\progra~1\intern~1\iexplore.com
  226. if exist d:\windows\system32\command.pif attrib -s -r -h d:\windows\system32\command.pif
  227. if exist d:\windows\system32\dxdiag.com attrib -s -r -h d:\windows\system32\dxdiag.com
  228. if exist d:\windows\system32\finder.com attrib -s -r -h d:\windows\system32\finder.com
  229. if exist d:\windows\system32\i.com attrib -s -r -h d:\windows\system32\i.com
  230. if exist d:\windows\system32\msconfig.com attrib -s -r -h d:\windows\system32\msconfig.com
  231. if exist d:\windows\system32\regedit.com attrib -s -r -h d:\windows\system32\regedit.com
  232. if exist d:\windows\system32\rundll32.com attrib -s -r -h d:\windows\system32\rundll32.com
  233. if exist d:\pagefile.pif attrib -s -r -h d:\pagefile.pif
  234. if exist d:\autorun.inf attrib -s -r -h d:\autorun.inf

  236. echo ************************************************************
  237. @echo 删除病毒文件

  239. @echo off
  240. if exist d:\windows\1.com  del d:\windows\1.com
  241. if exist d:\windows\exeroute.exe  del d:\windows\exeroute.exe
  242. if exist d:\windows\explorer.com  del d:\windows\explorer.com
  243. if exist d:\WINDOWS\EXERT.exe  del d:\WINDOWS\EXERT.exe
  244. if exist d:\windows\finder.com del d:\windows\finder.com
  245. if exist d:\WINDOWS\IO.SYS.BAK del d:\WINDOWS\IO.SYS.BAK
  246. if exist d:\WINDOWS\lsass.exe del d:\WINDOWS\lsass.exe
  247. if exist d:\windows\services.exe del d:\windows\services.exe
  248. if exist d:\windows\SMSS.EXE del d:\windows\SMSS.EXE
  249. if exist d:\windows\WINLOGON.exe del d:\windows\WINLOGON.exe
  250. if exist d:\windows\debug\debugprogram.exe del d:\windows\debug\debugprogram.exe
  251. if exist d:\progra~1\common~1\iexplore.pif del d:\progra~1\common~1\iexplore.pif
  252. if exist d:\progra~1\intern~1\iexplore.com del d:\progra~1\intern~1\iexplore.com
  253. if exist d:\windows\system32\command.pif del d:\windows\system32\command.pif
  254. if exist d:\windows\system32\dxdiag.com del d:\windows\system32\dxdiag.com
  255. if exist d:\windows\system32\finder.com del d:\windows\system32\finder.com
  256. if exist d:\windows\system32\i.com del d:\windows\system32\i.com
  257. if exist d:\windows\system32\msconfig.com del d:\windows\system32\msconfig.com
  258. if exist d:\windows\system32\regedit.com del d:\windows\system32\regedit.com
  259. if exist d:\windows\system32\rundll32.com del d:\windows\system32\rundll32.com
  260. if exist d:\pagefile.pif del d:\pagefile.pif
  261. if exist d:\autorun.inf del d:\autorun.inf

  263. @echo ***********************************************************
  264. @echo *         已删除可能的病毒文件,按任意键修复注册表信息     *
  265. @echo ***********************************************************

  267. @echo Windows Registry Editor Version 5.00>Fix.reg

  269. @echo [HKEY_CLASSES_ROOT\exefile\shell\open\command]>>Fix.reg
  270. @echo @=hex(2):22,00,25,00,31,00,22,00,20,00,25,00,2A,00,00,00>>Fix.reg
  271. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe]>>Fix.reg
  272. @echo @=hex(2):65,00,78,00,65,00,66,00,69,00,6C,00,65,00,00,00>>Fix.reg
  273. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command]>>Fix.reg
  274. @echo @=hex(2):22,00,44,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,00,00>>Fix.reg

  276. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\shell\open\command]>>Fix.reg
  277. @echo @=hex(2):22,00,44,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,20,00,25,00,31,00,00,00>>Fix.reg

  279. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\command]>>Fix.reg
  280. @echo @=hex(2):22,00,44,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,20,00,25,00,31,00,00,00>>Fix.reg

  282. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\open\command]>>Fix.reg
  283. @echo @=hex(2):22,00,44,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,20,00,2D,00,6E,00,6F,00,68,00,6F,00,6D,00,65,00,00,00>>Fix.reg

  285. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HTTP\shell\open\command]>>Fix.reg
  286. @echo @=hex(2):22,00,44,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,20,00,2D,00,6E,00,6F,00,68,00,6F,00,6D,00,65,00,00,00>>Fix.reg

  288. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet]>>Fix.reg
  289. @echo @=hex(2):49,00,45,00,58,00,50,00,4C,00,4F,00,52,00,45,00,2E,00,45,00,58,00,45,00,00,00>>Fix.reg

  291. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfc\ShellNew\Command]>>Fix.reg
  292. @echo @=->>Fix.reg

  294. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\find\command]>>Fix.reg
  295. @echo @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00>>Fix.reg

  297. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\print\command]>>Fix.reg
  298. @echo @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00>>Fix.reg

  300. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\Install\command]>>Fix.reg
  301. @echo @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,73,00,65,00,74,00,75,00,70,00,61,00,70,00,69,00,2c,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,48,00,69,00,6e,00,66,00,53,00,65,00,63,00,74,00,69,00,6f,00,6e,00,20,00,44,00,65,00,66,00,61,00,75,00,6c,00,74,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,20,00,31,00,33,00,32,00,20,00,25,00,31,00,00,00>>Fix.reg

  303. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]>>Fix.reg
  304. @echo @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,4f,00,70,00,65,00,6e,00,41,00,73,00,5f,00,52,00,75,00,6e,00,44,00,4c,00,4c,00,20,00,25,00,31,00,00,00>>Fix.reg

  306. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\ShellNew\Command]>>Fix.reg
  307. @echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,61,00,70,00,70,00,77,00,69,00,7A,00,2E,00,63,00,70,00,6C,00,2C,00,4E,00,65,00,77,00,4C,00,69,00,6E,00,6B,00,48,00,65,00,72,00,65,00,20,00,25,00,31,00,00,00>>Fix.reg

  309. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cplfile\shell\cplopen\command\]>>Fix.reg
  310. @echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,73,00,68,00,65,00,6C,00,6C,00,33,00,32,00,2E,00,64,00,6C,00,6C,00,2C,00,43,00,6F,00,6E,00,74,00,72,00,6F,00,6C,00,5F,00,52,00,75,00,6E,00,44,00,4C,00,4C,00,20,00,22,00,25,00,31,00,22,00,2C,00,25,00,2A,00,00,00>>Fix.reg

  312. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\shell\open\command\]>>Fix.reg
  313. @echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,73,00,68,00,64,00,6F,00,63,00,76,00,77,00,2E,00,64,00,6C,00,6C,00,2C,00,4F,00,70,00,65,00,6E,00,55,00,52,00,4C,00,20,00,6C,00,00,00>>Fix.reg

  315. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scrfile\shell\install\command\]>>Fix.reg
  316. @echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,64,00,65,00,73,00,6B,00,2E,00,63,00,70,00,6C,00,2C,00,49,00,6E,00,73,00,74,00,61,00,6C,00,6C,00,53,00,63,00,72,00,65,00,65,00,6E,00,53,00,61,00,76,00,65,00,72,00,20,00,6C,00,00,00>>Fix.reg

  318. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scriptletfile\Shell\Generate Typelib\command\]>>Fix.reg
  319. @echo @=hex(2):22,00,44,00,3A,00,5C,00,57,00,49,00,4E,00,44,00,4F,00,57,00,53,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,33,00,32,00,5C,00,52,00,55,00,4E,00,44,00,4C,00,4C,00,33,00,32,00,2E,00,45,00,58,00,45,00,22,00,20,00,44,00,3A,00,5C,00,57,00,49,00,4E,00,44,00,4F,00,57,00,53,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,33,00,32,00,5C,00,73,00,63,00,72,00,6F,00,62,00,6A,00,2E,00,64,00,6C,00,6C,00,2C,00,47,00,65,00,6E,00,65,00,72,00,61,00,74,00,65,00,54,00,79,00,70,00,65,00,4C,00,69,00,62,00,20,00,22,00,25,00,31,00,22,00,00,00>>Fix.reg

  321. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\telnet\shell\open\command\]>>Fix.reg
  322. @echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,75,00,72,00,6C,00,2E,00,64,00,6C,00,6C,00,2C,00,54,00,65,00,6C,00,6E,00,65,00,74,00,50,00,72,00,6F,00,74,00,6F,00,63,00,6F,00,6C,00,48,00,61,00,6E,00,64,00,6C,00,65,00,72,00,20,00,6C,00,00,00>>Fix.reg

  324. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]>>Fix.reg
  325. @echo "Shell"="Explorer.exe">>Fix.reg

  327. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]>>Fix.reg
  328. @echo "Userinit"=hex(2):43,00,3A,00,5C,00,77,00,69,00,6E,00,64,00,6F,00,77,00,73,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,33,00,32,00,5C,00,75,00,73,00,65,00,72,00,69,00,6E,00,69,00,74,00,2E,00,65,00,78,00,65,00,00,00>>Fix.reg>>Fix.reg

  330. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>Fix.reg
  331. @echo "ToP"=->>Fix.reg

  333. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>Fix.reg
  334. @echo "TProgram"=->>Fix.reg

  336. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]>>Fix.reg
  337. @echo "TProgram"=->>Fix.reg

  339. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>Fix.reg
  340. @echo "Torjan Program"=->>Fix.reg

  342. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]>>Fix.reg
  343. @echo "Torjan Program"=->>Fix.reg
  344. echo.

  346. @pause
  347. start /w regedit /s Fix.reg
  348. del Fix.reg
  349. echo.
  350. @echo ***********************************************************
  351. @echo *                修复已知被破坏的文件关联成功               *
  352. @echo ***********************************************************
  353. echo.
  354. @echo 按任意键,返回选择
  355. @pause
  356. @cls
  357. @goto Selection

  359. :good
  360. @cls
  361. @echo Windows Registry Editor Version 5.00>Fix.reg

  363. @echo [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]>>Fix.reg
  364. @echo "MaxConnectionsPerServer"=dword:00000020>>Fix.reg
  365. @echo "MaxConnectionsPer1_0Server"=dword:00000020>>Fix.reg

  367. @echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]>>Fix.reg
  368. @echo "SackOpts"=dword:00000001>>Fix.reg
  369. @echo "TcpWindowSize"=dword:0003ebc0>>Fix.reg
  370. @echo "Tcp1323Opts"=dword:00000001>>Fix.reg
  371. @echo "DefaultTTL"=dword:00000040>>Fix.reg
  372. @echo "EnablePMTUBHDetect"=dword:00000000>>Fix.reg
  373. @echo "EnablePMTUDiscovery"=dword:00000001>>Fix.reg
  374. @echo "GlobalMaxTcpWindowSize"=dword:0003ebc0>>Fix.reg

  376. @echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]>>Fix.reg
  377. @echo "MaxConnectionsPerServer"=dword:00000020>>Fix.reg
  378. @echo "MaxConnectionsPer1_0Server"=dword:00000020>>Fix.reg

  380. @echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vxd\BIOS]>>Fix.reg
  381. @echo "CPUPriority"=dword:00000001>>Fix.reg
  382. @echo "PCIConcur"=dword:00000001>>Fix.reg
  383. @echo "FastDRAM"=dword:00000001>>Fix.reg
  384. @echo "AGPConcur"=dword:00000001>>Fix.reg

  386. @echo[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]>>Fix.reg
  387. @echo "MaxConnectionsPer1_0Server"=dword:00000009>>Fix.reg
  388. @echo "MaxConnectionsPerServer"=dword:00000009>>Fix.reg

  390. @echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]>>Fix.reg
  391. @echo "ConfigFileAllocSize"=dword:000001f4>>Fix.reg

  393. @echo [HKEY_CURRENT_USER\Control Panel\desktop]>>Fix.reg
  394. @echo "MenuShowDelay"="0">>Fix.reg

  396. @echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\CleanupWiz]>>Fix.reg
  397. @echo "NoRun"=dword:00000001>>Fix.reg

  399. @echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\Tour>>Fix.reg
  400. @echo "RunCount"=dword:00000000>>Fix.reg

  402. @echo [-HKEY_CLASSES_ROOT\.zip\CompressedFolder]>>Fix.reg
  403. @echo [-HKEY_CLASSES_ROOT\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}]>>Fix.reg
  404. @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CompressedFolder]>>Fix.reg

  406. @echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters]>>Fix.reg
  407. @echo "EnableBigLba"=dword:00000001>>Fix.reg

  409. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction]>>Fix.reg
  410. @echo "Enable"="Y">>Fix.reg
  411. @echo.

  413. echo ******************************
  414. echo    *   正在进行系统优化   *
  415. echo ******************************
  416. pause
  417. start /w regedit /s Fix.reg
  418. del Fix.reg

  420. echo ******************************
  421. echo     *   系统优化完毕   *
  422. echo ******************************
  423. echo.
  424. @echo 按任意键,返回选择
  425. @pause
  426. @cls
  427. @goto Selection


  430. :quit
  431. exit
复制代码

[ 本帖最后由 namejm 于 2006-9-3 12:24 AM 编辑 ]
回复

使用道具 举报

16#
发表于 2006-8-29 23:53:47 | 只看该作者
好多反弹病毒就是运用这种技术的,用在远程控制软件,首先在服务端生成一个可执行的EXE客户端,选种运行后自己删除自己.也就把目标文件删除了,自己在后台运行.而且主动联接服务端.在后台以EXPLORER或SVCHOST出现,让人真假难辨

[ 本帖最后由 haiou327 于 2006-8-29 11:57 PM 编辑 ]
回复

使用道具 举报

安情
17#
 楼主| 发表于 2006-9-2 11:23:47 | 只看该作者
批处理用来杀毒,作者对bat的理解有够强!!!!!
回复

使用道具 举报

18#
发表于 2006-9-2 12:49:37 | 只看该作者
这一句有问题, 这样用find能真正得到OS的版本吗? errorlevel将永为零
@ver find "XP"
@if "%ERRORLEVEL%"=="0" ...

[ 本帖最后由 小军军 于 2006-9-2 12:51 PM 编辑 ]
回复

使用道具 举报

19#
发表于 2006-9-2 19:03:49 | 只看该作者
把内存中运行的代码复制一份注入到某个系统进程中,然后在新的代码中结束原来的进程,再删除文件

哈哈,要有本事不让杀毒、木马查杀软件杀掉才行哦
回复

使用道具 举报

namejm
20#
发表于 2006-9-3 00:23:33 | 只看该作者
原帖由 小军军 于 2006-9-2 12:49 PM 发表
这一句有问题, 这样用find能真正得到OS的版本吗? errorlevel将永为零
@ver find "XP"
@if "%ERRORLEVEL%"=="0" ...

那一句确实有问题,应该改为ver|find /i "XP"
回复

使用道具 举报

21#
发表于 2006-9-3 02:31:54 | 只看该作者
还是 ver|find "98" 最稳当,2003会被处理成非 XP
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则

小黑屋|手机版|Archiver|捐助支持|无忧启动 ( 闽ICP备05002490号-1 )

闽公网安备 35020302032614号

GMT+8, 2024-11-14 23:22

Powered by Discuz! X3.3

© 2001-2017 Comsenz Inc.

快速回复 返回顶部 返回列表