无忧启动论坛

 找回密码
 注册
搜索
系统gho:最纯净好用系统下载站投放广告、加入VIP会员,请联系 微信:wuyouceo
查看: 12541|回复: 20
打印 上一主题 下一主题

exe文件运行后,强制删除自身程序,并且程序还要正常运行?

[复制链接]
跳转到指定楼层
1#
发表于 2006-8-20 15:02:35 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
exe文件运行后,强制删除自身程序,并且程序还要正常运行?
有什么办法没有?
此exe运行在xp下?
2#
发表于 2006-8-20 18:24:30 | 只看该作者
ms lz 真得在研究病毒。。。

不会编程不可能吧
回复

使用道具 举报

3#
发表于 2006-8-20 18:40:40 | 只看该作者
  安情,你这想法也太离谱了吧。皮之不存,毛将焉附?程序都被你删了,你还能指望它能运行,并且正常运行吗?

[ 本帖最后由 namejm 于 2006-8-20 08:06 PM 编辑 ]
回复

使用道具 举报

4#
发表于 2006-8-20 19:27:50 | 只看该作者
运行时把自身复制到临时目录,再运行临时目录的,删除自身
回复

使用道具 举报

5#
 楼主| 发表于 2006-8-20 20:05:52 | 只看该作者
原帖由 bdfcy 于 2006-8-20 07:27 PM 发表
运行时把自身复制到临时目录,再运行临时目录的,删除自身



这种方法,我想过.不过,在进程表里,还是能找到它的路径,如果能隐藏自身的进程,这处方法,可取!
在批处理中,实现这种可能,应该不可能吧?我找不到,所以发在dos区了?
回复

使用道具 举报

6#
发表于 2006-8-20 22:01:08 | 只看该作者
你的要求根本就是运行病毒,只有病毒可以在进程里面不显示。
回复

使用道具 举报

7#
发表于 2006-8-20 22:24:08 | 只看该作者
fu.exe    隐藏进程   杀毒软件会报

https://www.rootkit.com/vault/fuzen_op/FU_Rootkit.zip
回复

使用道具 举报

8#
 楼主| 发表于 2006-8-21 00:19:12 | 只看该作者
原帖由 cjzzz 于 2006-8-20 10:24 PM 发表
fu.exe    隐藏进程   杀毒软件会报

https://www.rootkit.com/vault/fuzen_op/FU_Rootkit.zip


谢谢提供,不过,杀毒软件会报,哪根本无法运行.实时监控会kill它的

声明,我不是制造病毒,可没哪种水平
只是,想保护指定的程序,不被复制和剪切,本来,已经做成一半了,就差后半部分了.
回复

使用道具 举报

9#
发表于 2006-8-21 09:14:20 | 只看该作者
可以参考一些病毒、木马的做法,运行时在系统文件夹按随机名称生成一个可执行文件,执行完毕再删除它,这样会比较安全些,一般人也不会在运行这个文件的当儿去扫描他的系统文件夹有什么变化。
回复

使用道具 举报

10#
 楼主| 发表于 2006-8-21 17:40:48 | 只看该作者
原帖由 老毛桃 于 2006-8-21 09:14 AM 发表
可以参考一些病毒、木马的做法,运行时在系统文件夹按随机名称生成一个可执行文件,执行完毕再删除它,这样会比较安全些,一般人也不会在运行这个文件的当儿去扫描他的系统文件夹有什么变化。



不知老毛桃的想法,可不可以用批处理实现它
如果能,请帮写一段作为参考.谢谢
前提是,我已经用了qbfc,所以是在bat中,调用可执行程序.但是qbfc,会释放出原程序,这样,就失去保护的作用了.我指在本机上
回复

使用道具 举报

11#
发表于 2006-8-22 15:15:44 | 只看该作者
你可以做成个自解包,自解包解压到临时目录,并且自解包解压后运行cmd,在icmd里再删除那些个文件
回复

使用道具 举报

12#
 楼主| 发表于 2006-8-23 08:43:18 | 只看该作者
只要文件运行中,就无法删除,而运行副本文件,通过进程管理器,又能找到副本的位置.所以,需要用专门的程序语言进行编译.才能达到我要的目地.
此帖可以删除了.
回复

使用道具 举报

13#
发表于 2006-8-29 09:47:08 | 只看该作者
偶现在遇到一个:
1、在注册 表键值中删除了那个恶意代码,它会自动再加上;
2、删除原文件后它会很快再复原;
。。。。。。也就是这个文件不能从我的机器上弄走

。。。晕了晕!

\windows\winlogon.exe
\windows\ExeRoute.exe

注册表中的是:Trojan Program >\windows\winlogon.exe
回复

使用道具 举报

14#
发表于 2006-8-29 18:55:17 | 只看该作者
让他自己改一下自己程序名
回复

使用道具 举报

15#
发表于 2006-8-29 22:48:56 | 只看该作者
  呵呵,恭喜你,你中了最近比较流行的木马——落雪。

  在网上找到了一个比较完美的批处理解决方案,张贴如下:

  1. @echo off
  2. cls
  3. echo ***********************************************************
  4. echo   此文件用于清除WINLOGON系列木马并修复其破坏的注册表信息
  5. echo                 警告:只适用于XP操作系统
  6. echo   空指针 制作     感谢 风乱舞 鼎力相助并提供系统优化功能
  7. echo ***********************************************************
  8. echo    名称:WINLOGON系列木马修复程序
  9. echo    功能:
  10. echo        1. 删除木马相关文件
  11. echo        2. 修复被木马修改的系统关联
  12. echo        3. 部分系统优化(ADSL拨号.桌面速度.IE速度.等部分系统优化)
  13. echo.        

  14. pause
  15. cls
  16. @SETLOCAL
  17. @rem 活动代码页设为中文
  18. @chcp 936>nul 2>nul
  19. @echo.
  20. @echo ************************************************************
  21. @echo *                                                          *
  22. @echo *    欢迎使用WINLOGON系列木马清除/修复程序              *
  23. @echo *                                                          *
  24. @echo ************************************************************

  25. :chkOS
  26. @echo.
  27. @ver|find "XP"
  28. @if "%ERRORLEVEL%"=="0" goto :XP
  29. @echo.
  30. @echo #您的操作系统不是Windows XP,无法使用。
  31. @goto quit

  32. @rem 在下面语句插不同系统的不同命令
  33. :XP
  34. @set UpdatePolicy=GPUpdate /Force
  35. @goto Selection

  36. :Selection
  37. @rem User Choice
  38. @echo.
  39. @echo    请注意选择您的操作系统安装在哪个分区
  40. @echo    我要进行功能选择:
  41. @echo.
  42. @echo 1: 我的XP系统安装在C盘
  43. @echo 2: 我的XP系统安装在D盘
  44. @echo 3: 我想做部分系统优化(网络.桌面.速度)
  45. @echo 4: 退出
  46. @echo.
  47. @set /p UserSelection=请输入您的选择(1=C盘、2=D盘、3=系统优化、4=退出程序)后按回车:
  48. @if "%UserSelection%"=="1" goto C
  49. @if "%UserSelection%"=="2" goto D
  50. @if "%UserSelection%"=="3" goto good
  51. @if "%UserSelection%"=="4" goto quit
  52. @rem 输入其他字符
  53. @cls
  54. @goto Selection


  55. :C
  56. if exist c:\windows\1.com  attrib -s -r -h c:\windows\1.com
  57. if exist c:\windows\exeroute.exe  attrib -s -r -h c:\windows\exeroute.exe
  58. if exist c:\windows\explorer.com  attrib -s -r -h c:\windows\explorer.com
  59. if exist C:\WINDOWS\EXERT.exe  attrib -s -r -h C:\WINDOWS\EXERT.exe
  60. if exist c:\windows\finder.com attrib -s -r -h c:\windows\finder.com
  61. if exist C:\WINDOWS\IO.SYS.BAK attrib -s -r -h C:\WINDOWS\IO.SYS.BAK
  62. if exist C:\WINDOWS\lsass.exe attrib -s -r -h C:\WINDOWS\lsass.exe
  63. if exist c:\windows\services.exe attrib -s -r -h c:\windows\services.exe
  64. if exist c:\windows\SMSS.EXE attrib -s -r -h c:\windows\SMSS.EXE
  65. if exist c:\windows\WINLOGON.exe attrib -s -r -h c:\windows\WINLOGON.exe
  66. if exist c:\windows\debug\debugprogram.exe attrib -s -r -h c:\windows\debug\debugprogram.exe
  67. if exist c:\progra~1\common~1\iexplore.pif attrib -s -r -h c:\progra~1\common~1\iexplore.pif
  68. if exist c:\progra~1\intern~1\iexplore.com attrib -s -r -h c:\progra~1\intern~1\iexplore.com
  69. if exist c:\windows\system32\command.pif attrib -s -r -h c:\windows\system32\command.pif
  70. if exist c:\windows\system32\dxdiag.com attrib -s -r -h c:\windows\system32\dxdiag.com
  71. if exist c:\windows\system32\finder.com attrib -s -r -h c:\windows\system32\finder.com
  72. if exist c:\windows\system32\i.com attrib -s -r -h c:\windows\system32\i.com
  73. if exist c:\windows\system32\msconfig.com attrib -s -r -h c:\windows\system32\msconfig.com
  74. if exist c:\windows\system32\regedit.com attrib -s -r -h c:\windows\system32\regedit.com
  75. if exist c:\windows\system32\rundll32.com attrib -s -r -h c:\windows\system32\rundll32.com
  76. if exist d:\pagefile.pif attrib -s -r -h d:\pagefile.pif
  77. if exist d:\command.com attrib -s -r -h d:\command.com
  78. if exist d:\autorun.inf attrib -s -r -h d:\autorun.inf

  79. echo ************************************************************
  80. @echo 删除病毒文件

  81. @echo off
  82. if exist c:\windows\1.com  del c:\windows\1.com
  83. if exist c:\windows\exeroute.exe  del c:\windows\exeroute.exe
  84. if exist c:\windows\explorer.com  del c:\windows\explorer.com
  85. if exist C:\WINDOWS\EXERT.exe  del C:\WINDOWS\EXERT.exe
  86. if exist c:\windows\finder.com del c:\windows\finder.com
  87. if exist C:\WINDOWS\IO.SYS.BAK del C:\WINDOWS\IO.SYS.BAK
  88. if exist C:\WINDOWS\lsass.exe del C:\WINDOWS\lsass.exe
  89. if exist c:\windows\services.exe del c:\windows\services.exe
  90. if exist c:\windows\SMSS.EXE del c:\windows\SMSS.EXE
  91. if exist c:\windows\WINLOGON.exe del c:\windows\WINLOGON.exe
  92. if exist c:\windows\debug\debugprogram.exe del c:\windows\debug\debugprogram.exe
  93. if exist c:\progra~1\common~1\iexplore.pif del c:\progra~1\common~1\iexplore.pif
  94. if exist c:\progra~1\intern~1\iexplore.com del c:\progra~1\intern~1\iexplore.com
  95. if exist c:\windows\system32\command.pif del c:\windows\system32\command.pif
  96. if exist c:\windows\system32\dxdiag.com del c:\windows\system32\dxdiag.com
  97. if exist c:\windows\system32\finder.com del c:\windows\system32\finder.com
  98. if exist c:\windows\system32\i.com del c:\windows\system32\i.com
  99. if exist c:\windows\system32\msconfig.com del c:\windows\system32\msconfig.com
  100. if exist c:\windows\system32\regedit.com del c:\windows\system32\regedit.com
  101. if exist c:\windows\system32\rundll32.com del c:\windows\system32\rundll32.com
  102. if exist d:\pagefile.pif del d:\pagefile.pif
  103. if exist d:\command.com del d:\command.com
  104. if exist d:\autorun.inf del d:\autorun.inf

  105. @echo ***********************************************************
  106. @echo *         已删除可能的病毒文件,按任意键修复注册表信息     *
  107. @echo ***********************************************************



  108. @echo Windows Registry Editor Version 5.00>Fix.reg
  109. @echo [HKEY_CLASSES_ROOT\exefile\shell\open\command]>>Fix.reg
  110. @echo @=hex(2):22,00,25,00,31,00,22,00,20,00,25,00,2A,00,00,00>>Fix.reg
  111. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe]>>Fix.reg
  112. @echo @="exefile">>Fix.reg
  113. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command]>>Fix.reg
  114. @echo @=hex(2):22,00,43,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,00,00>>Fix.reg

  115. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\shell\open\command]>>Fix.reg
  116. @echo @=hex(2):22,00,43,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,20,00,25,00,31,00,00,00>>Fix.reg

  117. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\command]>>Fix.reg
  118. @echo @=hex(2):22,00,43,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,20,00,25,00,31,00,00,00>>Fix.reg

  119. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\open\command]>>Fix.reg
  120. @echo @=hex(2):22,00,43,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,20,00,2D,00,6E,00,6F,00,68,00,6F,00,6D,00,65,00,00,00>>Fix.reg

  121. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HTTP\shell\open\command]>>Fix.reg
  122. @echo @=hex(2):22,00,43,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,20,00,2D,00,6E,00,6F,00,68,00,6F,00,6D,00,65,00,00,00>>Fix.reg

  123. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet]>>Fix.reg
  124. @echo @=hex(2):49,00,45,00,58,00,50,00,4C,00,4F,00,52,00,45,00,2E,00,45,00,58,00,45,00,00,00>>Fix.reg

  125. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfc\ShellNew\Command]>>Fix.reg
  126. @echo @=->>Fix.reg

  127. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\find\command]>>Fix.reg
  128. @echo @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00>>Fix.reg

  129. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\print\command]>>Fix.reg
  130. @echo @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00>>Fix.reg

  131. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\Install\command]>>Fix.reg
  132. @echo @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,73,00,65,00,74,00,75,00,70,00,61,00,70,00,69,00,2c,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,48,00,69,00,6e,00,66,00,53,00,65,00,63,00,74,00,69,00,6f,00,6e,00,20,00,44,00,65,00,66,00,61,00,75,00,6c,00,74,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,20,00,31,00,33,00,32,00,20,00,25,00,31,00,00,00>>Fix.reg

  133. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]>>Fix.reg
  134. @echo @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,4f,00,70,00,65,00,6e,00,41,00,73,00,5f,00,52,00,75,00,6e,00,44,00,4c,00,4c,00,20,00,25,00,31,00,00,00>>Fix.reg

  135. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\ShellNew\Command]>>Fix.reg
  136. @echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,61,00,70,00,70,00,77,00,69,00,7A,00,2E,00,63,00,70,00,6C,00,2C,00,4E,00,65,00,77,00,4C,00,69,00,6E,00,6B,00,48,00,65,00,72,00,65,00,20,00,25,00,31,00,00,00>>Fix.reg

  137. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cplfile\shell\cplopen\command\]>>Fix.reg
  138. @echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,73,00,68,00,65,00,6C,00,6C,00,33,00,32,00,2E,00,64,00,6C,00,6C,00,2C,00,43,00,6F,00,6E,00,74,00,72,00,6F,00,6C,00,5F,00,52,00,75,00,6E,00,44,00,4C,00,4C,00,20,00,22,00,25,00,31,00,22,00,2C,00,25,00,2A,00,00,00>>Fix.reg

  139. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\shell\open\command\]>>Fix.reg
  140. @echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,73,00,68,00,64,00,6F,00,63,00,76,00,77,00,2E,00,64,00,6C,00,6C,00,2C,00,4F,00,70,00,65,00,6E,00,55,00,52,00,4C,00,20,00,6C,00,00,00>>Fix.reg

  141. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scrfile\shell\install\command\]>>Fix.reg
  142. @echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,64,00,65,00,73,00,6B,00,2E,00,63,00,70,00,6C,00,2C,00,49,00,6E,00,73,00,74,00,61,00,6C,00,6C,00,53,00,63,00,72,00,65,00,65,00,6E,00,53,00,61,00,76,00,65,00,72,00,20,00,6C,00,00,00>>Fix.reg

  143. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scriptletfile\Shell\Generate Typelib\command\]>>Fix.reg
  144. @echo @=hex(2):22,00,43,00,3A,00,5C,00,57,00,49,00,4E,00,44,00,4F,00,57,00,53,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,33,00,32,00,5C,00,52,00,55,00,4E,00,44,00,4C,00,4C,00,33,00,32,00,2E,00,45,00,58,00,45,00,22,00,20,00,43,00,3A,00,5C,00,57,00,49,00,4E,00,44,00,4F,00,57,00,53,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,33,00,32,00,5C,00,73,00,63,00,72,00,6F,00,62,00,6A,00,2E,00,64,00,6C,00,6C,00,2C,00,47,00,65,00,6E,00,65,00,72,00,61,00,74,00,65,00,54,00,79,00,70,00,65,00,4C,00,69,00,62,00,20,00,22,00,25,00,31,00,22,00,00,00>>Fix.reg

  145. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\telnet\shell\open\command\]>>Fix.reg
  146. @echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,75,00,72,00,6C,00,2E,00,64,00,6C,00,6C,00,2C,00,54,00,65,00,6C,00,6E,00,65,00,74,00,50,00,72,00,6F,00,74,00,6F,00,63,00,6F,00,6C,00,48,00,61,00,6E,00,64,00,6C,00,65,00,72,00,20,00,6C,00,00,00>>Fix.reg

  147. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]>>Fix.reg
  148. @echo "Shell"="Explorer.exe">>Fix.reg

  149. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]>>Fix.reg
  150. @echo "Userinit"=hex(2):43,00,3A,00,5C,00,77,00,69,00,6E,00,64,00,6F,00,77,00,73,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,33,00,32,00,5C,00,75,00,73,00,65,00,72,00,69,00,6E,00,69,00,74,00,2E,00,65,00,78,00,65,00,00,00>>Fix.reg>>Fix.reg

  151. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>Fix.reg
  152. @echo "ToP"=->>Fix.reg

  153. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>Fix.reg
  154. @echo "TProgram"=->>Fix.reg

  155. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]>>Fix.reg
  156. @echo "TProgram"=->>Fix.reg

  157. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>Fix.reg
  158. @echo "Torjan Program"=->>Fix.reg

  159. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]>>Fix.reg
  160. @echo "Torjan Program"=->>Fix.reg
  161. echo.

  162. @pause
  163. start /w regedit /s Fix.reg
  164. del Fix.reg
  165. echo.
  166. @echo ***********************************************************
  167. @echo *                修复已知被破坏的文件关联成功               *
  168. @echo ***********************************************************
  169. echo.
  170. @echo 按任意键,返回选择
  171. @pause
  172. @cls
  173. @goto Selection

  174. :D
  175. if exist d:\windows\1.com  attrib -s -r -h d:\windows\1.com
  176. if exist d:\windows\exeroute.exe  attrib -s -r -h d:\windows\exeroute.exe
  177. if exist d:\windows\explorer.com  attrib -s -r -h d:\windows\explorer.com
  178. if exist d:\WINDOWS\EXERT.exe  attrib -s -r -h d:\WINDOWS\EXERT.exe
  179. if exist d:\windows\finder.com attrib -s -r -h d:\windows\finder.com
  180. if exist d:\WINDOWS\IO.SYS.BAK attrib -s -r -h d:\WINDOWS\IO.SYS.BAK
  181. if exist d:\WINDOWS\lsass.exe attrib -s -r -h d:\WINDOWS\lsass.exe
  182. if exist d:\windows\services.exe attrib -s -r -h d:\windows\services.exe
  183. if exist d:\windows\SMSS.EXE attrib -s -r -h d:\windows\SMSS.EXE
  184. if exist d:\windows\WINLOGON.exe attrib -s -r -h d:\windows\WINLOGON.exe
  185. if exist d:\windows\debug\debugprogram.exe attrib -s -r -h d:\windows\debug\debugprogram.exe
  186. if exist d:\progra~1\common~1\iexplore.pif attrib -s -r -h d:\progra~1\common~1\iexplore.pif
  187. if exist d:\progra~1\intern~1\iexplore.com attrib -s -r -h d:\progra~1\intern~1\iexplore.com
  188. if exist d:\windows\system32\command.pif attrib -s -r -h d:\windows\system32\command.pif
  189. if exist d:\windows\system32\dxdiag.com attrib -s -r -h d:\windows\system32\dxdiag.com
  190. if exist d:\windows\system32\finder.com attrib -s -r -h d:\windows\system32\finder.com
  191. if exist d:\windows\system32\i.com attrib -s -r -h d:\windows\system32\i.com
  192. if exist d:\windows\system32\msconfig.com attrib -s -r -h d:\windows\system32\msconfig.com
  193. if exist d:\windows\system32\regedit.com attrib -s -r -h d:\windows\system32\regedit.com
  194. if exist d:\windows\system32\rundll32.com attrib -s -r -h d:\windows\system32\rundll32.com
  195. if exist d:\pagefile.pif attrib -s -r -h d:\pagefile.pif
  196. if exist d:\autorun.inf attrib -s -r -h d:\autorun.inf

  197. echo ************************************************************
  198. @echo 删除病毒文件

  199. @echo off
  200. if exist d:\windows\1.com  del d:\windows\1.com
  201. if exist d:\windows\exeroute.exe  del d:\windows\exeroute.exe
  202. if exist d:\windows\explorer.com  del d:\windows\explorer.com
  203. if exist d:\WINDOWS\EXERT.exe  del d:\WINDOWS\EXERT.exe
  204. if exist d:\windows\finder.com del d:\windows\finder.com
  205. if exist d:\WINDOWS\IO.SYS.BAK del d:\WINDOWS\IO.SYS.BAK
  206. if exist d:\WINDOWS\lsass.exe del d:\WINDOWS\lsass.exe
  207. if exist d:\windows\services.exe del d:\windows\services.exe
  208. if exist d:\windows\SMSS.EXE del d:\windows\SMSS.EXE
  209. if exist d:\windows\WINLOGON.exe del d:\windows\WINLOGON.exe
  210. if exist d:\windows\debug\debugprogram.exe del d:\windows\debug\debugprogram.exe
  211. if exist d:\progra~1\common~1\iexplore.pif del d:\progra~1\common~1\iexplore.pif
  212. if exist d:\progra~1\intern~1\iexplore.com del d:\progra~1\intern~1\iexplore.com
  213. if exist d:\windows\system32\command.pif del d:\windows\system32\command.pif
  214. if exist d:\windows\system32\dxdiag.com del d:\windows\system32\dxdiag.com
  215. if exist d:\windows\system32\finder.com del d:\windows\system32\finder.com
  216. if exist d:\windows\system32\i.com del d:\windows\system32\i.com
  217. if exist d:\windows\system32\msconfig.com del d:\windows\system32\msconfig.com
  218. if exist d:\windows\system32\regedit.com del d:\windows\system32\regedit.com
  219. if exist d:\windows\system32\rundll32.com del d:\windows\system32\rundll32.com
  220. if exist d:\pagefile.pif del d:\pagefile.pif
  221. if exist d:\autorun.inf del d:\autorun.inf

  222. @echo ***********************************************************
  223. @echo *         已删除可能的病毒文件,按任意键修复注册表信息     *
  224. @echo ***********************************************************

  225. @echo Windows Registry Editor Version 5.00>Fix.reg

  226. @echo [HKEY_CLASSES_ROOT\exefile\shell\open\command]>>Fix.reg
  227. @echo @=hex(2):22,00,25,00,31,00,22,00,20,00,25,00,2A,00,00,00>>Fix.reg
  228. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe]>>Fix.reg
  229. @echo @=hex(2):65,00,78,00,65,00,66,00,69,00,6C,00,65,00,00,00>>Fix.reg
  230. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command]>>Fix.reg
  231. @echo @=hex(2):22,00,44,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,00,00>>Fix.reg

  232. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\shell\open\command]>>Fix.reg
  233. @echo @=hex(2):22,00,44,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,20,00,25,00,31,00,00,00>>Fix.reg

  234. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\command]>>Fix.reg
  235. @echo @=hex(2):22,00,44,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,20,00,25,00,31,00,00,00>>Fix.reg

  236. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\open\command]>>Fix.reg
  237. @echo @=hex(2):22,00,44,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,20,00,2D,00,6E,00,6F,00,68,00,6F,00,6D,00,65,00,00,00>>Fix.reg

  238. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HTTP\shell\open\command]>>Fix.reg
  239. @echo @=hex(2):22,00,44,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,20,00,2D,00,6E,00,6F,00,68,00,6F,00,6D,00,65,00,00,00>>Fix.reg

  240. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet]>>Fix.reg
  241. @echo @=hex(2):49,00,45,00,58,00,50,00,4C,00,4F,00,52,00,45,00,2E,00,45,00,58,00,45,00,00,00>>Fix.reg

  242. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfc\ShellNew\Command]>>Fix.reg
  243. @echo @=->>Fix.reg

  244. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\find\command]>>Fix.reg
  245. @echo @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00>>Fix.reg

  246. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\print\command]>>Fix.reg
  247. @echo @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00>>Fix.reg

  248. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\Install\command]>>Fix.reg
  249. @echo @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,73,00,65,00,74,00,75,00,70,00,61,00,70,00,69,00,2c,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,48,00,69,00,6e,00,66,00,53,00,65,00,63,00,74,00,69,00,6f,00,6e,00,20,00,44,00,65,00,66,00,61,00,75,00,6c,00,74,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,20,00,31,00,33,00,32,00,20,00,25,00,31,00,00,00>>Fix.reg

  250. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]>>Fix.reg
  251. @echo @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,4f,00,70,00,65,00,6e,00,41,00,73,00,5f,00,52,00,75,00,6e,00,44,00,4c,00,4c,00,20,00,25,00,31,00,00,00>>Fix.reg

  252. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\ShellNew\Command]>>Fix.reg
  253. @echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,61,00,70,00,70,00,77,00,69,00,7A,00,2E,00,63,00,70,00,6C,00,2C,00,4E,00,65,00,77,00,4C,00,69,00,6E,00,6B,00,48,00,65,00,72,00,65,00,20,00,25,00,31,00,00,00>>Fix.reg

  254. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cplfile\shell\cplopen\command\]>>Fix.reg
  255. @echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,73,00,68,00,65,00,6C,00,6C,00,33,00,32,00,2E,00,64,00,6C,00,6C,00,2C,00,43,00,6F,00,6E,00,74,00,72,00,6F,00,6C,00,5F,00,52,00,75,00,6E,00,44,00,4C,00,4C,00,20,00,22,00,25,00,31,00,22,00,2C,00,25,00,2A,00,00,00>>Fix.reg

  256. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\shell\open\command\]>>Fix.reg
  257. @echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,73,00,68,00,64,00,6F,00,63,00,76,00,77,00,2E,00,64,00,6C,00,6C,00,2C,00,4F,00,70,00,65,00,6E,00,55,00,52,00,4C,00,20,00,6C,00,00,00>>Fix.reg

  258. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scrfile\shell\install\command\]>>Fix.reg
  259. @echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,64,00,65,00,73,00,6B,00,2E,00,63,00,70,00,6C,00,2C,00,49,00,6E,00,73,00,74,00,61,00,6C,00,6C,00,53,00,63,00,72,00,65,00,65,00,6E,00,53,00,61,00,76,00,65,00,72,00,20,00,6C,00,00,00>>Fix.reg

  260. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scriptletfile\Shell\Generate Typelib\command\]>>Fix.reg
  261. @echo @=hex(2):22,00,44,00,3A,00,5C,00,57,00,49,00,4E,00,44,00,4F,00,57,00,53,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,33,00,32,00,5C,00,52,00,55,00,4E,00,44,00,4C,00,4C,00,33,00,32,00,2E,00,45,00,58,00,45,00,22,00,20,00,44,00,3A,00,5C,00,57,00,49,00,4E,00,44,00,4F,00,57,00,53,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,33,00,32,00,5C,00,73,00,63,00,72,00,6F,00,62,00,6A,00,2E,00,64,00,6C,00,6C,00,2C,00,47,00,65,00,6E,00,65,00,72,00,61,00,74,00,65,00,54,00,79,00,70,00,65,00,4C,00,69,00,62,00,20,00,22,00,25,00,31,00,22,00,00,00>>Fix.reg

  262. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\telnet\shell\open\command\]>>Fix.reg
  263. @echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,75,00,72,00,6C,00,2E,00,64,00,6C,00,6C,00,2C,00,54,00,65,00,6C,00,6E,00,65,00,74,00,50,00,72,00,6F,00,74,00,6F,00,63,00,6F,00,6C,00,48,00,61,00,6E,00,64,00,6C,00,65,00,72,00,20,00,6C,00,00,00>>Fix.reg

  264. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]>>Fix.reg
  265. @echo "Shell"="Explorer.exe">>Fix.reg

  266. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]>>Fix.reg
  267. @echo "Userinit"=hex(2):43,00,3A,00,5C,00,77,00,69,00,6E,00,64,00,6F,00,77,00,73,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,33,00,32,00,5C,00,75,00,73,00,65,00,72,00,69,00,6E,00,69,00,74,00,2E,00,65,00,78,00,65,00,00,00>>Fix.reg>>Fix.reg

  268. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>Fix.reg
  269. @echo "ToP"=->>Fix.reg

  270. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>Fix.reg
  271. @echo "TProgram"=->>Fix.reg

  272. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]>>Fix.reg
  273. @echo "TProgram"=->>Fix.reg

  274. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>Fix.reg
  275. @echo "Torjan Program"=->>Fix.reg

  276. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]>>Fix.reg
  277. @echo "Torjan Program"=->>Fix.reg
  278. echo.

  279. @pause
  280. start /w regedit /s Fix.reg
  281. del Fix.reg
  282. echo.
  283. @echo ***********************************************************
  284. @echo *                修复已知被破坏的文件关联成功               *
  285. @echo ***********************************************************
  286. echo.
  287. @echo 按任意键,返回选择
  288. @pause
  289. @cls
  290. @goto Selection

  291. :good
  292. @cls
  293. @echo Windows Registry Editor Version 5.00>Fix.reg

  294. @echo [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]>>Fix.reg
  295. @echo "MaxConnectionsPerServer"=dword:00000020>>Fix.reg
  296. @echo "MaxConnectionsPer1_0Server"=dword:00000020>>Fix.reg

  297. @echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]>>Fix.reg
  298. @echo "SackOpts"=dword:00000001>>Fix.reg
  299. @echo "TcpWindowSize"=dword:0003ebc0>>Fix.reg
  300. @echo "Tcp1323Opts"=dword:00000001>>Fix.reg
  301. @echo "DefaultTTL"=dword:00000040>>Fix.reg
  302. @echo "EnablePMTUBHDetect"=dword:00000000>>Fix.reg
  303. @echo "EnablePMTUDiscovery"=dword:00000001>>Fix.reg
  304. @echo "GlobalMaxTcpWindowSize"=dword:0003ebc0>>Fix.reg

  305. @echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]>>Fix.reg
  306. @echo "MaxConnectionsPerServer"=dword:00000020>>Fix.reg
  307. @echo "MaxConnectionsPer1_0Server"=dword:00000020>>Fix.reg

  308. @echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vxd\BIOS]>>Fix.reg
  309. @echo "CPUPriority"=dword:00000001>>Fix.reg
  310. @echo "PCIConcur"=dword:00000001>>Fix.reg
  311. @echo "FastDRAM"=dword:00000001>>Fix.reg
  312. @echo "AGPConcur"=dword:00000001>>Fix.reg

  313. @echo[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]>>Fix.reg
  314. @echo "MaxConnectionsPer1_0Server"=dword:00000009>>Fix.reg
  315. @echo "MaxConnectionsPerServer"=dword:00000009>>Fix.reg

  316. @echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]>>Fix.reg
  317. @echo "ConfigFileAllocSize"=dword:000001f4>>Fix.reg

  318. @echo [HKEY_CURRENT_USER\Control Panel\desktop]>>Fix.reg
  319. @echo "MenuShowDelay"="0">>Fix.reg

  320. @echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\CleanupWiz]>>Fix.reg
  321. @echo "NoRun"=dword:00000001>>Fix.reg

  322. @echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\Tour>>Fix.reg
  323. @echo "RunCount"=dword:00000000>>Fix.reg

  324. @echo [-HKEY_CLASSES_ROOT\.zip\CompressedFolder]>>Fix.reg
  325. @echo [-HKEY_CLASSES_ROOT\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}]>>Fix.reg
  326. @echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CompressedFolder]>>Fix.reg

  327. @echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters]>>Fix.reg
  328. @echo "EnableBigLba"=dword:00000001>>Fix.reg

  329. @echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction]>>Fix.reg
  330. @echo "Enable"="Y">>Fix.reg
  331. @echo.

  332. echo ******************************
  333. echo    *   正在进行系统优化   *
  334. echo ******************************
  335. pause
  336. start /w regedit /s Fix.reg
  337. del Fix.reg

  338. echo ******************************
  339. echo     *   系统优化完毕   *
  340. echo ******************************
  341. echo.
  342. @echo 按任意键,返回选择
  343. @pause
  344. @cls
  345. @goto Selection


  346. :quit
  347. exit
复制代码

[ 本帖最后由 namejm 于 2006-9-3 12:24 AM 编辑 ]
回复

使用道具 举报

16#
发表于 2006-8-29 23:53:47 | 只看该作者
好多反弹病毒就是运用这种技术的,用在远程控制软件,首先在服务端生成一个可执行的EXE客户端,选种运行后自己删除自己.也就把目标文件删除了,自己在后台运行.而且主动联接服务端.在后台以EXPLORER或SVCHOST出现,让人真假难辨

[ 本帖最后由 haiou327 于 2006-8-29 11:57 PM 编辑 ]
回复

使用道具 举报

17#
 楼主| 发表于 2006-9-2 11:23:47 | 只看该作者
批处理用来杀毒,作者对bat的理解有够强!!!!!
回复

使用道具 举报

18#
发表于 2006-9-2 12:49:37 | 只看该作者
这一句有问题, 这样用find能真正得到OS的版本吗? errorlevel将永为零
@ver find "XP"
@if "%ERRORLEVEL%"=="0" ...

[ 本帖最后由 小军军 于 2006-9-2 12:51 PM 编辑 ]
回复

使用道具 举报

19#
发表于 2006-9-2 19:03:49 | 只看该作者
把内存中运行的代码复制一份注入到某个系统进程中,然后在新的代码中结束原来的进程,再删除文件

哈哈,要有本事不让杀毒、木马查杀软件杀掉才行哦
回复

使用道具 举报

20#
发表于 2006-9-3 00:23:33 | 只看该作者
原帖由 小军军 于 2006-9-2 12:49 PM 发表
这一句有问题, 这样用find能真正得到OS的版本吗? errorlevel将永为零
@ver find "XP"
@if "%ERRORLEVEL%"=="0" ...

那一句确实有问题,应该改为ver|find /i "XP"
回复

使用道具 举报

21#
发表于 2006-9-3 02:31:54 | 只看该作者
还是 ver|find "98" 最稳当,2003会被处理成非 XP
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

小黑屋|手机版|Archiver|捐助支持|无忧启动 ( 闽ICP备05002490号-1 )

闽公网安备 35020302032614号

GMT+8, 2024-11-14 10:42

Powered by Discuz! X3.3

© 2001-2017 Comsenz Inc.

快速回复 返回顶部 返回列表