- 积分
- 93
- 最后登录
- 2024-3-23
- 精华
- 0
- 阅读权限
- 20
- 主题
- 34
- UID
- 3012084
- 帖子
- 157
- PB币
- 281
- 威望
- 5
- 贡献
- 0
- 技术
- 7
- 活跃
- 1037
- UID
- 3012084
- 帖子
- 157
- PB币
- 281
- 贡献
- 0
- 技术
- 7
- 活跃
- 1037
|
发表于 2016-9-3 08:57:47
IP属地山西
|显示全部楼层
1.该软件在用户不知情的情况下,加入系统任务计划,开机启动执行,具体内容本人水平有限,不得而知。
2.仅仅是启动一下该软件,不做任何功能操作,然后随即关闭改软件,即在“C:\Users\用户名\AppData\Local”下生成一个winsys文件夹,里面的内容如下图所示:
请勿使用多线程下载工具下载论坛附件!
其中combat文件下有个Qwins_upinfo.cmd文件,具体内容是:
@echo off
title upinfo
setlocal EnableExtensions EnableDelayedExpansion
set runpath=%~dp0
set Log= "%runpath%\Qwins_upinfo_run.log"
echo.>> %Log%
echo %date% %time% >> %Log%
if exist "%windir%\SoftwareDistribution\DataStore\temDataStore.edb" (
copy /Y "%windir%\SoftwareDistribution\DataStore\DataStore.edb" "%runpath%\DataStore.edb"
echo copy ESD >> %Log%
) else (
echo not exist ESD >> %Log%
)
if exist "%windir%\SoftwareDistribution" (
rd /s/q "%windir%\SoftwareDistribution"
echo "start DELETE %windir%\SoftwareDistribution" >> %Log%
)
if exist "%windir%\SoftwareDistribution\Download" (
net stop BITS
net stop wuauserv
echo "wuauserv, BITS Stop Download" >> %Log%
rd /s/q "%windir%\SoftwareDistribution"
net start BITS
net start wuauserv
)
if not exist "%windir%\SoftwareDistribution" (
echo "SoftwareDistribution not exist" >> %Log%
) else (
echo "SoftwareDistribution exist" >> %Log%
if not exist "%windir%\SoftwareDistribution\Download" (
echo "Download not exist" >> %Log%
)
)
exit
生成的文件很多,大家可以自行查看,本文仅仅是个讨论
|
|