注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

c.pass 的博客

众里寻他千百度,蓦然回首,那人却在,灯火阑珊处。

 
 
 

日志

 
 

用脚本批量创建病毒假体  

2009-08-06 23:51:35|  分类: 默认分类 |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |

  网上看到的,并做了小量的更改!

创建病毒假体:

md c:\ntldr.exe
md c:\pagefile.pif
md c:\Pegefile.pif
md c:\OSO.exe
md c:\auto.bat
md c:\mplay.pif
md c:\sxs.exe
md c:\GameSetup.exe
md C:\WINDOWS\system32\drivers\nvmini.sys
md C:\WINDOWS\system32\drivers\Arp8023.sys

cacls "C:\WINDOWS\system32\drivers\nvmini.sys" /e /t /d everyone  (添加系统属性)
cacls "C:\WINDOWS\system32\drivers\Arp8023.sys" /e /t /d everyone

md d:\ntldr.exe
md d:\pagefile.pif
md d:\Pegefile.pif
md d:\OSO.exe
md d:\auto.bat
md d:\mplay.pif
md d:\sxs.exe
md d:\GameSetup.exe

md e:\ntldr.exe
md e:\pagefile.pif
md e:\Pegefile.pif
md e:\OSO.exe
md e:\auto.bat
md e:\mplay.pif
md e:\sxs.exe
md e:\GameSetup.exe

 

md f:\ntldr.exe
md f:\pagefile.pif
md f:\Pegefile.pif
md f:\OSO.exe
md f:\auto.bat
md f:\mplay.pif
md f:\sxs.exe
md f:\GameSetup.exe

 

(为假体添加系统属性)

attrib c:\ntldr.exe +r +h +s
attrib c:\pagefile.pif +r +h +s
attrib c:\Pegefile.pif +r +h +s
attrib c:\OSO.exe +r +h +s
attrib c:\auto.bat +r +h +s
attrib c:\mplay.pif +r +h +s
attrib c:\GameSetup.exe +r +h +s
attrib c:\sxs.exe +r +h +s
attrib c:\Pegefile.pif +r +h +s

attrib d:\ntldr.exe +r +h +s
attrib d:\pagefile.pif +r +h +s
attrib d:\Pegefile.pif +r +h +s
attrib d:\OSO.exe +r +h +s
attrib d:\auto.bat +r +h +s
attrib d:\mplay.pif +r +h +s
attrib d:\GameSetup.exe +r +h +s
attrib d:\sxs.exe +r +h +s
attrib d:\Pegefile.pif +r +h +s


attrib e:\ntldr.exe +r +h +s
attrib e:\pagefile.pif +r +h +s
attrib e:\Pegefile.pif +r +h +s
attrib e:\OSO.exe +r +h +s
attrib e:\auto.bat +r +h +s
attrib e:\mplay.pif +r +h +s
attrib e:\GameSetup.exe +r +h +s
attrib e:\sxs.exe +r +h +s
attrib e:\Pegefile.pif +r +h +s


attrib f:\ntldr.exe +r +h +s
attrib f:\pagefile.pif +r +h +s
attrib f:\Pegefile.pif +r +h +s
attrib f:\OSO.exe +r +h +s
attrib f:\auto.bat +r +h +s
attrib f:\mplay.pif +r +h +s
attrib f:\GameSetup.exe +r +h +s
attrib f:\sxs.exe +r +h +s
attrib f:\Pegefile.pif +r +h +s

cacls "c:\ntldr.exe" /e /t /d everyone(更改权限)
cacls "c:\pagefile.pif" /e /t /d everyone
cacls "c:\OSO.exe" /e /t /d everyone
cacls "c:\auto.bat " /e /t /d everyone
cacls "c:\mplay.pif" /e /t /d everyone
cacls "c:\GameSetup.exe" /e /t /d everyone.
cacls "c:\sxs.exe" /e /t /d everyone
cacls "c:\Pegefile.pif" /e /t /d everyone


cacls "d:\ntldr.exe" /e /t /d everyone
cacls "d:\pagefile.pif" /e /t /d everyone
cacls "d:\OSO.exe" /e /t /d everyone
cacls "d:\auto.bat " /e /t /d everyone
cacls "d:\mplay.pif" /e /t /d everyone
cacls "d:\GameSetup.exe" /e /t /d everyone.
cacls "d:\sxs.exe" /e /t /d everyone
cacls "d:\Pegefile.pif" /e /t /d everyone


cacls "e:\ntldr.exe" /e /t /d everyone
cacls "e:\pagefile.pif" /e /t /d everyone
cacls "e:\OSO.exe" /e /t /d everyone
cacls "e:\auto.bat " /e /t /d everyone
cacls "e:\mplay.pif" /e /t /d everyone
cacls "e:\GameSetup.exe" /e /t /d everyone.
cacls "e:\sxs.exe" /e /t /d everyone
cacls "e:\Pegefile.pif" /e /t /d everyone.


cacls "f:\ntldr.exe" /e /t /d everyone
cacls "f:\pagefile.pif" /e /t /d everyone
cacls "f:\OSO.exe" /e /t /d everyone
cacls "f:\auto.bat " /e /t /d everyone
cacls "f:\mplay.pif" /e /t /d everyone
cacls "f:\GameSetup.exe" /e /t /d everyone.
cacls "f:\sxs.exe" /e /t /d everyone
cacls "f:\Pegefile.pif" /e /t /d everyone


md c:\auto.exe
md d:\auto.exe
md e:\auto.exe
md f:\auto.exe
attrib c:\auto.exe +r +h +s
attrib d:\auto.exe +r +h +s
attrib e:\auto.exe +r +h +s
attrib f:\auto.exe +r +h +s

cacls c:\auto.exe /e /t /d everyone
cacls d:\auto.exe /e /t /d everyone
cacls e:\auto.exe /e /t /d everyone
cacls f:\auto.exe /e /t /d everyone

echo y|cacls c:\windows\system32\userinit.exe /g everyone:r
md c:\windows\system32\usrinit.exe
cacls c:\windows\system32\usrinit.exe /e /t /d everyone
md "C:\Program Files\conime0.exe"
cacls "C:\Program Files\conime0.exe" /e /t /d everyone
md "c:\windows\system32\IGW.exe"
cacls "c:\windows\system32\IGW.exe" /e /t /d everyone
md "c:\windows\system32\vml.exe"
cacls "c:\windows\system32\vml.exe" /e /t /d everyone


md C:\WINDOWS\system32\Com\smss.exe
cacls "C:\WINDOWS\system32\Com\smss.exe" /e /t /d everyone

md C:\WINDOWS\system32\Com\lsass.exe
cacls "C:\WINDOWS\system32\Com\lsass.exe" /e /t /d everyone

md "c:\windows\system32\swchost.exe"
cacls "c:\windows\system32\swchost.exe" /e /t /d everyone
md "c:\windows\system32\533931MM.DLL"
cacls "c:\windows\system32\533931MM.DLL" /e /t /d everyone
md "c:\windows\system32\533931WL.DLL"
cacls "c:\windows\system32\533931WL.DLL" /e /t /d everyone
md "c:\windows\system32\533931WO.DLL"
cacls "c:\windows\system32\533931WO.DLL" /e /t /d everyone
md C:\WINDOWS\SWCHOST.EXE
md C:\WINDOWS\SYSTEM32\DRIVERS\SCVHOST.EXE
md c:\WINDOWS\AVPSrv.exe  >nul 2>nul
md c:\WINDOWS\DiskMan32.exe  >nul 2>nul
md c:\WINDOWS\IGM.exe  >nul 2>nul
md c:\WINDOWS\Kvsc3.exe  >nul 2>nul
md c:\WINDOWS\lqvytv.exe  >nul 2>nul
md c:\WINDOWS\MsIMMs32.exe  >nul 2>nul
md c:\WINDOWS\system32\3CEBCAF.EXE  >nul 2>nul
md %windir%\system32\drivers\svchost.exe >nul 2>nul
md c:\WINDOWS\system32\a.exe  >nul 2>nul
md c:\WINDOWS\upxdnd.exe  >nul 2>nul
md c:\WINDOWS\WinForm.exe  >nul 2>nul
md c:\WINDOWS\system32\rsjzbpm.dll  >nul 2>nul
md c:\WINDOWS\system32\racvsvc.exe  >nul 2>nul
md c:\WINDOWS\cmdbcs.exe  >nul 2>nul
md c:\WINDOWS\dbghlp32.exe  >nul 2>nul
md c:\WINDOWS\nvdispdrv.exe  >nul 2>nul
md c:\WINDOWS\system32\cmdbcs.dll  >nul 2>nul
md c:\WINDOWS\system32\dbghlp32.dll  >nul 2>nul
md c:\WINDOWS\system32\upxdnd.dll  >nul 2>nul
md c:\WINDOWS\system32\yfmtdio?.dll  >nul 2>nul
md C:\WINDOWS\SYSTEM32\Drivers\PCIHDD.SYS >nul 2>nul
echo y|cacls.exe c:\WINDOWS\AVPSrv.exe /d everyone >nul 1>nul
echo y|cacls.exe %windir%\system32\drivers\svchost.exe /d everyone >nul 1>nul
echo y|cacls.exe c:\WINDOWS\DiskMan32.exe /d everyone >nul 1>nul
echo y|cacls.exe c:\WINDOWS\IGM.exe /d everyone >nul 1>nul
echo y|cacls.exe c:\WINDOWS\Kvsc3.exe /d everyone >nul 1>nul
echo y|cacls.exe c:\WINDOWS\lqvytv.exe /d everyone >nul 1>nul
echo y|cacls.exe c:\WINDOWS\MsIMMs32.exe /d everyone >nul 1>nul
echo y|cacls.exe c:\WINDOWS\system32\3CEBCAF.EXE /d everyone >nul 1>nul
echo y|cacls.exe c:\WINDOWS\system32\a.exe /d everyone >nul 1>nul
echo y|cacls.exe c:\WINDOWS\upxdnd.exe /d everyone >nul 1>nul
echo y|cacls.exe c:\WINDOWS\WinForm.exe /d everyone >nul 1>nul
echo y|cacls.exe c:\WINDOWS\system32\rsjzbpm.dll /d everyone >nul 1>nul
echo y|cacls.exe c:\WINDOWS\system32\racvsvc.exe /d everyone >nul 1>nul
echo y|cacls.exe c:\WINDOWS\cmdbcs.exe /d everyone >nul 1>nul
echo y|cacls.exe c:\WINDOWS\dbghlp32.exe /d everyone >nul 1>nul
echo y|cacls.exe c:\WINDOWS\nvdispdrv.exe /d everyone >nul 1>nul
echo y|cacls.exe c:\WINDOWS\system32\cmdbcs.dll /d everyone >nul 1>nul
echo y|cacls.exe c:\WINDOWS\system32\dbghlp32.dll /d everyone >nul 1>nul
echo y|cacls.exe c:\WINDOWS\system32\upxdnd.dll /d everyone >nul 1>nul
echo y|cacls.exe  c:\WINDOWS\system32\yfmtdio?.dll /d everyone >nul 1>nul
echo y|cacls C:\WINDOWS\SYSTEM32\Drivers\PCIHDD.SYS /p everyone:n >nul 1>nul
echo reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IGM.EXE" /v debugger /t reg_sz /d debugfile.exe /f
echo gpupdate

@echo off
:: 去掉权限
echo y|cacls  c:\autorun.inf /c /p everyone:f
echo y|cacls  d:\autorun.inf /c /p everyone:f
echo y|cacls  e:\autorun.inf /c /p everyone:f
echo y|cacls  f:\autorun.inf /c /p everyone:f
echo y|cacls  g:\autorun.inf /c /p everyone:f

echo y|cacls  c:\setup.exe /c /p everyone:f
echo y|cacls  d:\setup.exe /c /p everyone:f
echo y|cacls  e:\setup.exe /c /p everyone:f
echo y|cacls  f:\setup.exe /c /p everyone:f
echo y|cacls  g:\setup.exe /c /p everyone:f


echo y|cacls  c:\windows\crasos.exe  /c /p everyone:f
echo y|cacls  c:\windows\system32\mswsock30.dll  /c /p everyone:f
echo y|cacls  c:\windows\system32\msxos.dll  /c /p everyone:f
echo y|cacls  c:\windows\system32\tmp.zip  /c /p everyone:f
echo y|cacls  c:\windows\system32\maindownloadselfinfo.tmp  /c /p everyone:f
echo y|cacls  c:\windows\system32\wsp_fix.dll  /c /p everyone:f
echo y|cacls  c:\windows\system32\win_std32.dll  /c /p everyone:f
echo y|cacls  c:\windows\system32\shell32_cn.dll  /c /p everyone:f
echo y|cacls  c:\windows\system32\seh_dbg.dll  /c /p everyone:f
echo y|cacls  c:\windows\system32\msspi.dll  /c /p everyone:f


del c:\windows\crasos.exe /f /q
del c:\windows\system32\mswsock30.dll /f /q
del c:\windows\system32\msxos.dll /f /q
del c:\windows\system32\tmp.zip /f /q
del c:\windows\system32\maindownloadselfinfo.tmp /f /q
del c:\windows\system32\wsp_fix.dll /f /q
del c:\windows\system32\win_std32.dll /f /q
del c:\windows\system32\shell32_cn.dll /f /q
del c:\windows\system32\seh_dbg.dll /f /q
del c:\windows\system32\msspi.dll /f /q

 

:: 去掉属性
attrib c:\*.* -r -h -s
attrib d:\*.* -r -h -s
attrib e:\*.* -r -h -s
attrib f:\*.* -r -h -s

:: 清除文件
del c:\autorun.inf /f /q
del d:\autorun.inf /f /q
del e:\autorun.inf /f /q
del f:\autorun.inf /f /q
del g:\autorun.inf /f /q


del c:\setup.exe /f /q
del d:\setup.exe /f /q
del e:\setup.exe /f /q
del f:\setup.exe /f /q
del g:\setup.exe /f /q

:: 建立免疫文件
md  c:\autorun.inf
md  d:\autorun.inf
md  e:\autorun.inf
md  f:\autorun.inf
md  c:\setup.exe
md  d:\setup.exe
md  e:\setup.exe
md  f:\setup.exe


md c:\windows\0Sy.exe
md c:\windows\1.com
md c:\windows\1Sy.exe
md c:\windows\2Sy.exe
md c:\windows\3Sy.exe
md c:\windows\4Sy.exe
md c:\windows\5Sy.exe
md c:\windows\6Sy.exe
md c:\windows\7Sy.exe
md c:\windows\8Sy.exe
md c:\windows\9Sy.exe
md c:\windows\215366.DLL
md c:\windows\215366M.BMP
md c:\windows\cmdbcs.exe
md c:\windows\dll.dll
md c:\windows\exerouter.exe
md c:\windows\EXP10RER.com
md c:\windows\finders.com
md c:\windows\logo1_.exe
md c:\windows\logo_1.exe
md c:\windows\logo_.exe
md c:\windows\LSASS.EXE
md c:\windows\msccrt.exe
md c:\windows\Ravdm.exe
md c:\windows\RichDll.dll
md c:\windows\rund1l32.exe
md c:\windows\rundl132.exe
md c:\windows\RUNDLL32.exe
md c:\windows\Shell.sys
md c:\windows\smss.exe
md c:\windows\SVCHOST.EXE
md c:\windows\tdll.dll
md c:\windows\vdll.dll
md c:\windows\WINLOGON.EXE
md c:\windows\wldll.dll
md c:\windows\wsttrs.exe
md c:\windows\wsvs.exe
md c:\windows\system32\0Sy.exe
md c:\windows\system32\1.com
md c:\windows\system32\1Sy.exe
md c:\windows\system32\2Sy.exe
md c:\windows\system32\3Sy.exe
md c:\windows\system32\4Sy.exe
md c:\windows\system32\5Sy.exe
md c:\windows\system32\6Sy.exe
md c:\windows\system32\7Sy.exe
md c:\windows\system32\8Sy.exe
md c:\windows\system32\9Sy.exe
md c:\windows\system32\215366.DLL
md c:\windows\system32\215366M.BMP
md c:\windows\system32\cmdbcs.exe
md c:\windows\system32\exerouter.exe
md c:\windows\system32\EXP10RER.com
md c:\windows\system32\finders.com
md c:\windows\system32\logo1_.exe
md c:\windows\system32\logo_1.exe
md c:\windows\system32\logo_.exe
md c:\windows\system32\LSASS.EXE
md c:\windows\system32\msccrt.exe
md c:\windows\system32\Ravdm.exe
md c:\windows\system32\RichDll.dll
md c:\windows\system32\rund1l32.exe
md c:\windows\system32\rundl132.exe
md c:\windows\system32\RUNDLL32.exe
md c:\windows\system32\SERVICES.EXE
md c:\windows\system32\Shell.sys
md c:\windows\system32\smss.exe
md c:\windows\system32\SVCHOST.EXE
md c:\windows\system32\tdll.dll
md c:\windows\system32\vdll.dll
md c:\windows\system32\WINLOGON.EXE
md c:\windows\system32\wldll.dll
md c:\windows\system32\wsttrs.exe
md c:\windows\system32\wsvs.exe
md %SystemRoot%\system32\drivers\nvscv32.exe
md C:\WINDOWS\SYSTEM32\Drivers\PCIHDD.SYS

 

:: 防范洪水猛兽!!
md  c:\windows\Logo1_.exe
md  c:\windows\rundl132.exe
md  c:\windows\0Sy.exe
md  c:\windows\vDll.dll
md  c:\windows\1Sy.exe
md  c:\windows\2Sy.exe
md  c:\windows\rundll32.exe
md  c:\windows\3Sy.exe
md  c:\windows\5Sy.exe
md  c:\windows\1.com
md  c:\windows\exerouter.exe
md  c:\windows\EXP10RER.com
md  c:\windows\finders.com
md  c:\windows\Shell.sys
md  c:\windows\smss.exe
md %windir%\system32\cmdbcs.dll
md %windir%\system32\msccrt.dll
md %windir%\system32\wc1.exe
md %windir%\system32\wc2.exe
md %windir%\system32\wsttrs.dll
md %windir%\system32\wsvs.dll
md %windir%\system\1.exe
md %windir%\system\4.exe
md %windir%\system\7.exe
md %windir%\system\C.dll
md %windir%\system\CMD.DLL
md %windir%\system\IceHBO.dll
md %windir%\system\internat.exe
md %windir%\system\internat.exe.tmp
md %windir%\system\SYSTEM32.vxd
md %windir%\system\taskmgr.exe.tmp
md %windir%\system\wc1.exe
md %windir%\system\wc2.exe
md %windir%\1.exe
md %windir%\4.exe
md %windir%\7.exe
md %windir%\cmdbcs.exe
md %windir%\mppds.exe
md %windir%\wsttrs.exe
md %windir%\wsvs.exe
md %windir%\wc1.exe
md %windir%\wc2.exe

md %windir%\crasos.exe
md %windir%\system32\mswsock30.dll
md %windir%\system32\msxos.dll
md %windir%\system32\tmp.zip
md %windir%\system32\maindownloadselfinfo.tmp
md %windir%\system32\wsp_fix.dll
md %windir%\system32\win_std32.dll
md %windir%\system32\shell32_cn.dll
md %windir%\system32\seh_dbg.dll
md %windir%\system32\msspi.dll

 

 

:: 加属性
attrib c:\*.* +r +h +s

attrib c:\setup.exe +r +h +s
attrib d:\setup.exe +r +h +s
attrib e:\setup.exe +r +h +s
attrib f:\setup.exe +r +h +s

 

 

attrib c:\windows\crasos.exe +r +h +s
attrib c:\windows\system32\mswsock30.dll +r +h +s
attrib c:\windows\system32\msxos.dll +r +h +s
attrib c:\windows\system32\tmp.zip +r +h +s
attrib c:\windows\system32\maindownloadselfinfo.tmp +r +h +s
attrib c:\windows\system32\wsp_fix.dll +r +h +s
attrib c:\windows\system32\win_std32.dll +r +h +s
attrib c:\windows\system32\shell32_cn.dll +r +h +s
attrib c:\windows\system32\seh_dbg.dll +r +h +s
attrib c:\windows\system32\msspi.dll +r +h +s

 

attrib c:\autorun.inf +r +h +s
attrib d:\autorun.inf +r +h +s
attrib e:\autorun.inf +r +h +s
attrib f:\autorun.inf +r +h +s

attrib c:\windows\0Sy.exe +r +h +s
attrib c:\windows\1.com +r +h +s
attrib c:\windows\1Sy.exe +r +h +s
attrib c:\windows\2Sy.exe +r +h +s
attrib c:\windows\3Sy.exe +r +h +s
attrib c:\windows\4Sy.exe +r +h +s
attrib c:\windows\5Sy.exe +r +h +s
attrib c:\windows\6Sy.exe +r +h +s
attrib c:\windows\7Sy.exe +r +h +s
attrib c:\windows\8Sy.exe +r +h +s
attrib c:\windows\9Sy.exe +r +h +s
attrib c:\windows\215366.DLL +r +h +s
attrib c:\windows\215366M.BMP +r +h +s
attrib c:\windows\cmdbcs.exe +r +h +s
attrib c:\windows\dll.dll +r +h +s
attrib c:\windows\exerouter.exe +r +h +s
attrib c:\windows\EXP10RER.com +r +h +s
attrib c:\windows\finders.com +r +h +s
attrib c:\windows\logo1_.exe +r +h +s
attrib c:\windows\logo_1.exe +r +h +s
attrib c:\windows\logo_.exe +r +h +s
attrib c:\windows\LSASS.EXE +r +h +s
attrib c:\windows\msccrt.exe +r +h +s
attrib c:\windows\Ravdm.exe +r +h +s
attrib c:\windows\RichDll.dll +r +h +s
attrib c:\windows\rund1l32.exe +r +h +s
attrib c:\windows\rundl132.exe +r +h +s
attrib c:\windows\RUNDLL32.exe +r +h +s
attrib c:\windows\Shell.sys +r +h +s
attrib c:\windows\smss.exe +r +h +s
attrib c:\windows\SVCHOST.EXE +r +h +s
attrib c:\windows\tdll.dll +r +h +s
attrib c:\windows\vdll.dll +r +h +s
attrib c:\windows\WINLOGON.EXE +r +h +s
attrib c:\windows\wldll.dll +r +h +s
attrib c:\windows\wsttrs.exe +r +h +s
attrib c:\windows\wsvs.exe +r +h +s

attrib c:\windows\system32\0Sy.exe +r +h +s
attrib c:\windows\system32\1.com +r +h +s
attrib c:\windows\system32\1Sy.exe +r +h +s
attrib c:\windows\system32\2Sy.exe +r +h +s
attrib c:\windows\system32\3Sy.exe +r +h +s
attrib c:\windows\system32\4Sy.exe +r +h +s
attrib c:\windows\system32\5Sy.exe +r +h +s
attrib c:\windows\system32\6Sy.exe +r +h +s
attrib c:\windows\system32\7Sy.exe +r +h +s
attrib c:\windows\system32\8Sy.exe +r +h +s
attrib c:\windows\system32\9Sy.exe +r +h +s
attrib c:\windows\system32\215366.DLL +r +h +s
attrib c:\windows\system32\215366M.BMP +r +h +s
attrib c:\windows\system32\cmdbcs.exe +r +h +s
attrib c:\windows\system32\exerouter.exe +r +h +s
attrib c:\windows\system32\EXP10RER.com +r +h +s
attrib c:\windows\system32\finders.com +r +h +s
attrib c:\windows\system32\logo1_.exe +r +h +s
attrib c:\windows\system32\logo_1.exe +r +h +s
attrib c:\windows\system32\logo_.exe +r +h +s
attrib c:\windows\system32\LSASS.EXE +r +h +s
attrib c:\windows\system32\msccrt.exe +r +h +s
attrib c:\windows\system32\Ravdm.exe +r +h +s
attrib c:\windows\system32\RichDll.dll +r +h +s
attrib c:\windows\system32\rund1l32.exe +r +h +s
attrib c:\windows\system32\rundl132.exe +r +h +s
attrib c:\windows\system32\RUNDLL32.exe +r +h +s
attrib c:\windows\system32\SERVICES.EXE +r +h +s
attrib c:\windows\system32\Shell.sys +r +h +s
attrib c:\windows\system32\smss.exe +r +h +s
attrib c:\windows\system32\SVCHOST.EXE +r +h +s
attrib c:\windows\system32\tdll.dll +r +h +s
attrib c:\windows\system32\vdll.dll +r +h +s
attrib c:\windows\system32\WINLOGON.EXE +r +h +s
attrib c:\windows\system32\wldll.dll +r +h +s
attrib c:\windows\system32\wsttrs.exe +r +h +s
attrib c:\windows\system32\wsvs.exe +r +h +s
attrib %SystemRoot%\system32\drivers\nvscv32.exe +r +h +s

:: 洪水猛兽加属性


:: 洪水猛兽加属性

attrib  c:\windows\Logo1_.exe  +r +h +s
attrib  c:\windows\rundl132.exe +r +h +s
attrib  c:\windows\0Sy.exe +r +h +s
attrib  c:\windows\vDll.dll +r +h +s
attrib  c:\windows\1Sy.exe +r +h +s
attrib  c:\windows\2Sy.exe +r +h +s
attrib  c:\windows\rundll32.exe +r +h +s
attrib  c:\windows\3Sy.exe +r +h +s
attrib  c:\windows\5Sy.exe +r +h +s
attrib  c:\windows\1.com +r +h +s
attrib  c:\windows\exerouter.exe +r +h +s
attrib  c:\windows\EXP10RER.com +r +h +s
attrib  c:\windows\finders.com +r +h +s
attrib  c:\windows\Shell.sys +r +h +s
attrib  c:\windows\smss.exe +r +h +s
attrib %windir%\system32\cmdbcs.dll +r +h +s
attrib %windir%\system32\msccrt.dll +r +h +s
attrib %windir%\system32\wc1.exe +r +h +s
attrib %windir%\system32\wc2.exe +r +h +s
attrib %windir%\system32\wsttrs.dll +r +h +s
attrib %windir%\system32\wsvs.dll +r +h +s
attrib %windir%\system\1.exe +r +h +s
attrib %windir%\system\4.exe +r +h +s
attrib %windir%\system\7.exe +r +h +s
attrib %windir%\system\C.dll +r +h +s
attrib %windir%\system\CMD.DLL +r +h +s
attrib %windir%\system\IceHBO.dll +r +h +s
attrib %windir%\system\internat.exe +r +h +s
attrib %windir%\system\internat.exe.tmp +r +h +s
attrib %windir%\system\SYSTEM32.vxd +r +h +s
attrib %windir%\system\taskmgr.exe.tmp +r +h +s
attrib %windir%\system\wc1.exe +r +h +s
attrib %windir%\system\wc2.exe +r +h +s
attrib %windir%\1.exe +r +h +s
attrib %windir%\4.exe +r +h +s
attrib %windir%\7.exe +r +h +s
attrib %windir%\cmdbcs.exe +r +h +s
attrib %windir%\mppds.exe +r +h +s
attrib %windir%\wsttrs.exe +r +h +s
attrib %windir%\wsvs.exe +r +h +s
attrib %windir%\wc1.exe +r +h +s
attrib %windir%\wc2.exe +r +h +s

 

:: 加权限

下面便是加权限了!
echo y|cacls  c:\autorun.inf /c /p everyone:n
echo y|cacls  d:\autorun.inf /c /p everyone:n
echo y|cacls  e:\autorun.inf /c /p everyone:n
echo y|cacls  f:\autorun.inf /c /p everyone:n
echo y|cacls  c:\setup.exe /c /p everyone:n
echo y|cacls  d:\setup.exe /c /p everyone:n
echo y|cacls  e:\setup.exe /c /p everyone:n
echo y|cacls  f:\setup.exe /c /p everyone:n

 


echo y|cacls c:\windows\crasos.exe /c /p everyone:r
echo y|cacls c:\windows\system32\mswsock30.dll /c /p everyone:r
echo y|cacls c:\windows\system32\msxos.dll /c /p everyone:r
echo y|cacls c:\windows\system32\tmp.zip /c /p everyone:r
echo y|cacls c:\windows\system32\maindownloadselfinfo.tmp /c /p everyone:r
echo y|cacls c:\windows\system32\wsp_fix.dll /c /p everyone:r
echo y|cacls c:\windows\system32\win_std32.dll /c /p everyone:r
echo y|cacls c:\windows\system32\shell32_cn.dll /c /p everyone:r
echo y|cacls c:\windows\system32\seh_dbg.dll /c /p everyone:r
echo y|cacls c:\windows\system32\msspi.dll /c /p everyone:r

echo y|cacls c:\windows\0Sy.exe /c /p everyone:r
echo y|cacls c:\windows\1.com /c /p everyone:r
echo y|cacls c:\windows\1Sy.exe /c /p everyone:r
echo y|cacls c:\windows\2Sy.exe /c /p everyone:r
echo y|cacls c:\windows\3Sy.exe /c /p everyone:r
echo y|cacls c:\windows\4Sy.exe /c /p everyone:r
echo y|cacls c:\windows\5Sy.exe /c /p everyone:r
echo y|cacls c:\windows\6Sy.exe /c /p everyone:r
echo y|cacls c:\windows\7Sy.exe /c /p everyone:r
echo y|cacls c:\windows\8Sy.exe /c /p everyone:r
echo y|cacls c:\windows\9Sy.exe /c /p everyone:r
echo y|cacls c:\windows\215366.DLL /c /p everyone:r
echo y|cacls c:\windows\215366M.BMP /c /p everyone:r
echo y|cacls c:\windows\cmdbcs.exe /c /p everyone:r
echo y|cacls c:\windows\dll.dll /c /p everyone:r
echo y|cacls c:\windows\exerouter.exe /c /p everyone:r
echo y|cacls c:\windows\EXP10RER.com /c /p everyone:r
echo y|cacls c:\windows\finders.com /c /p everyone:r
echo y|cacls c:\windows\logo1_.exe /c /p everyone:r
echo y|cacls c:\windows\logo_1.exe /c /p everyone:r
echo y|cacls c:\windows\logo_.exe /c /p everyone:r
echo y|cacls c:\windows\LSASS.EXE /c /p everyone:r
echo y|cacls c:\windows\msccrt.exe /c /p everyone:r
echo y|cacls c:\windows\Ravdm.exe /c /p everyone:r
echo y|cacls c:\windows\RichDll.dll /c /p everyone:r
echo y|cacls c:\windows\rund1l32.exe /c /p everyone:r
echo y|cacls c:\windows\rundl132.exe /c /p everyone:r
echo y|cacls c:\windows\RUNDLL32.exe /c /p everyone:r
echo y|cacls c:\windows\Shell.sys /c /p everyone:r
echo y|cacls c:\windows\smss.exe /c /p everyone:r
echo y|cacls c:\windows\SVCHOST.EXE /c /p everyone:r
echo y|cacls c:\windows\tdll.dll /c /p everyone:r
echo y|cacls c:\windows\vdll.dll /c /p everyone:r
echo y|cacls c:\windows\WINLOGON.EXE /c /p everyone:r
echo y|cacls c:\windows\wldll.dll /c /p everyone:r
echo y|cacls c:\windows\wsttrs.exe /c /p everyone:r
echo y|cacls c:\windows\wsvs.exe /c /p everyone:r

echo y|cacls c:\windows\system32\0Sy.exe /c /p everyone:r
echo y|cacls c:\windows\system32\1.com /c /p everyone:r
echo y|cacls c:\windows\system32\1Sy.exe /c /p everyone:r
echo y|cacls c:\windows\system32\2Sy.exe /c /p everyone:r
echo y|cacls c:\windows\system32\3Sy.exe /c /p everyone:r
echo y|cacls c:\windows\system32\4Sy.exe /c /p everyone:r
echo y|cacls c:\windows\system32\5Sy.exe /c /p everyone:r
echo y|cacls c:\windows\system32\6Sy.exe /c /p everyone:r
echo y|cacls c:\windows\system32\7Sy.exe /c /p everyone:r
echo y|cacls c:\windows\system32\8Sy.exe /c /p everyone:r
echo y|cacls c:\windows\system32\9Sy.exe /c /p everyone:r
echo y|cacls c:\windows\system32\215366.DLL /c /p everyone:r
echo y|cacls c:\windows\system32\215366M.BMP /c /p everyone:r
echo y|cacls c:\windows\system32\cmdbcs.exe /c /p everyone:r
echo y|cacls c:\windows\system32\exerouter.exe /c /p everyone:r
echo y|cacls c:\windows\system32\EXP10RER.com /c /p everyone:r
echo y|cacls c:\windows\system32\finders.com /c /p everyone:r
echo y|cacls c:\windows\system32\logo1_.exe /c /p everyone:r
echo y|cacls c:\windows\system32\logo_1.exe /c /p everyone:r
echo y|cacls c:\windows\system32\logo_.exe /c /p everyone:r
echo y|cacls c:\windows\system32\LSASS.EXE /c /p everyone:r
echo y|cacls c:\windows\system32\msccrt.exe /c /p everyone:r
echo y|cacls c:\windows\system32\Ravdm.exe /c /p everyone:r
echo y|cacls c:\windows\system32\RichDll.dll /c /p everyone:r
echo y|cacls c:\windows\system32\rund1l32.exe /c /p everyone:r
echo y|cacls c:\windows\system32\rundl132.exe /c /p everyone:r
echo y|cacls c:\windows\system32\RUNDLL32.exe /c /p everyone:r
echo y|cacls c:\windows\system32\SERVICES.EXE /c /p everyone:r
echo y|cacls c:\windows\system32\Shell.sys /c /p everyone:r
echo y|cacls c:\windows\system32\smss.exe /c /p everyone:r
echo y|cacls c:\windows\system32\SVCHOST.EXE /c /p everyone:r
echo y|cacls c:\windows\system32\tdll.dll /c /p everyone:r
echo y|cacls c:\windows\system32\vdll.dll /c /p everyone:r
echo y|cacls c:\windows\system32\WINLOGON.EXE /c /p everyone:r
echo y|cacls c:\windows\system32\wldll.dll /c /p everyone:r
echo y|cacls c:\windows\system32\wsttrs.exe /c /p everyone:r
echo y|cacls c:\windows\system32\wsvs.exe /c /p everyone:r
echo y|cacls %SystemRoot%\system32\drivers\nvscv32.exe /c /p everyone:r

:: 洪水猛兽加权限


echo y|cacls C:\WINDOWS\SWCHOST.EXE /p everyone:n
echo y|cacls C:\WINDOWS\SYSTEM32\DRIVERS\SCVHOST.EXE /p everyone:n
echo y|cacls %windir%\system32\cmdbcs.dll /p everyone:n
echo y|cacls %windir%\system32\msccrt.dll /p everyone:n
echo y|cacls %windir%\system32\wc1.exe /p everyone:n
echo y|cacls %windir%\system32\wc2.exe /p everyone:n
echo y|cacls %windir%\system32\wsttrs.dll /p everyone:n
echo y|cacls %windir%\system32\wsvs.dll /p everyone:n
echo y|cacls %windir%\system\1.exe /p everyone:n
echo y|cacls %windir%\system\4.exe /p everyone:n
echo y|cacls %windir%\system\7.exe /p everyone:n
echo y|cacls %windir%\system\C.dll /p everyone:n
echo y|cacls %windir%\system\CMD.DLL /p everyone:n
echo y|cacls %windir%\system\IceHBO.dll /p everyone:n
echo y|cacls %windir%\system\internat.exe /p everyone:n
echo y|cacls %windir%\system\internat.exe.tmp /p everyone:n
echo y|cacls %windir%\system\SYSTEM32.vxd /p everyone:n
echo y|cacls %windir%\system\taskmgr.exe.tmp /p everyone:n
echo y|cacls %windir%\system\wc1.exe /p everyone:n
echo y|cacls %windir%\system\wc2.exe /p everyone:n
echo y|cacls %windir%\1.exe /p everyone:n
echo y|cacls %windir%\4.exe /p everyone:n
echo y|cacls %windir%\7.exe /p everyone:n
echo y|cacls %windir%\cmdbcs.exe /p everyone:n
echo y|cacls %windir%\mppds.exe /p everyone:n
echo y|cacls %windir%\wsttrs.exe /p everyone:n
echo y|cacls %windir%\wsvs.exe /p everyone:n
echo y|cacls %windir%\wc1.exe /p everyone:n
echo y|cacls %windir%\wc2.exe /p everyone:n
echo y|cacls c:\wc1.exe /p everyone:n
echo y|cacls c:\wc2.exe /p everyone:n
echo y|cacls d:\wc1.exe /p everyone:n
echo y|cacls d:\wc2.exe /p everyone:n
echo y|cacls e:\wc1.exe /p everyone:n
echo y|cacls e:\wc2.exe /p everyone:n
echo y|cacls f:\wc1.exe /p everyone:n
echo y|cacls f:\wc2.exe /p everyone:n
echo y|cacls c:\autorun.inf /p everyone:n
echo y|cacls D:\autorun.inf /p everyone:n
echo y|cacls E:\autorun.inf /p everyone:n
echo y|cacls F:\autorun.inf /p everyone:n
echo y|cacls c:\setup.exe /p everyone:n
echo y|cacls D:\setup.exe /p everyone:n
echo y|cacls E:\setup.exe /p everyone:n
echo y|cacls F:\setup.exe /p everyone:n
echo y|cacls C:\WINDOWS\SYSTEM32\Drivers\PCIHDD.SYS /p everyone:n

                                                                            可有效的防arp病毒


  原文来自:http://www.ixp .net/viewthread.php?tid=767978&extra=&page=1

    

                                                                首页http://www.2345.com/?kwimmnl

  评论这张
 
阅读(544)| 评论(0)
推荐 转载

历史上的今天

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017