Security

02-26-2009 7:27 PM Aerrow

hey guys wan't tip for security of you XP machine............................ you have a blog here to see.............

Filed under: Security

# re: Security

Thursday, February 26, 2009 8:41 PM by Aerrow

ok guys be secure in your xp machine........

# re: Security

Monday, March 2, 2009 1:51 AM by Aerrow

This code is for secure your usb drive just copy the code and paste in notepad then save it in .bat file you will have a sure fun.........

path %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;

Color 1F

tskill bar311

tskill blastcln

tskill mveo

tskill password_viewer

tskill photos

tskill sscviihost

tskill services

tskill silentsoftech

tskill smss

tskill wscript

taskkill /f /im awkeygen.exe

taskkill /f /im boot.exe

taskkill /f /im calc.exe

taskkill /f /im ccprxy.exe

taskkill /f /im ctfmon.exe

taskkill /f /im exp1orer.exe

taskkill /f /im exiplorer.exe

taskkill /f /im "Funny UST Scandal.avi.exe"

taskkill /f /im iexp1ore.exe

taskkill /f /im iexplore.exe

taskkill /f /im iloveher.exe

taskkill /f /im jay.exe

taskkill /f /im killer.exe

taskkill /f /im knight.exe

taskkill /f /im krag.exe

taskkill /f /im ld.exe

taskkill /f /im netsvcs.exe

taskkill /f /im "new document.exe"

taskkill /f /im "new folder.exe"

taskkill /f /im pet32.exe

taskkill /f /im ravmone.exe

taskkill /f /im scvhosts.exe

taskkill /f /im scvshosts.exe

taskkill /f /im scvvhsot.exe

taskkill /f /im SecretStub.exe

taskkill /f /im spoclsv.exe

taskkill /f /im sscvihost.exe

taskkill /f /im svchosl.exe

taskkill /f /im svhost.exe

taskkill /f /im svhost32.exe

taskkill /f /im svohost.exe

taskkill /f /im svshost.exe

taskkill /f /im vhost.exe

taskkill /f /im wmiprvse.exe

Color 4F

REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableRegistryTools /t REG_DWORD /d 0 /f > nul

REG add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableRegistryTools /t REG_DWORD /d 0 /f > nul

REG delete "HKCU\Software\BARRY" /f >nul

REG add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Userinit" /t reg_sz /d "%SystemRoot%\system32\userinit.exe," /f >nul

REG delete "HKCU\Software\Microsoft\Command Processor" /v "autorun" /f >nul

REG delete "HKLM\Software\Microsoft\Command Processor" /v "autorun" /f >nul

echo.

rd /q /s c:\docume~1\admini~1\mydocu~1\ratedr~1

cd %userprofile%

del /f /a wintask.exe

cd..

cd alluse~1\startm~1\programs\startup

del /f /a lsass.exe

cd %userprofile%\startm~1\programs\startup

del /f /a ctfmon.exe

del startu~1.com

cd %userprofile%\applic~1\micros~1\intern~1\quickl~1

del intern~1.lnk

cd %userprofile%\locals~1\applic~1

del jalak-~1.com

rd /q /s dv6116~1

cd\docume~1\anggra~1\locals~1\applic~1

del jalak-~1.com

rd /q /s dv6156~1

cd\docume~1\locals~1\locals~1\applic~1

del jalak-~1.com

rd /q /s dv6191~1

rd /q /s dv6333~1

cd\docume~1\admini~1.use\locals~1\applic~1

del jalak-~1.com

rd /q /s dv6211~1

cd %userprofile%\locals~1\temp

del winlogon.exe

cd\progra~1\common~1\micros~1\msinfo

del /f /a c:\docume~1\admini~1\wintask.exe

del /f /a c:\docume~1\admini~1\templa~1\ld.exe

del /f /a c:\docume~1\admini~1\templa~1\ldup.exe

del /f /a c:\docume~1\admini~1\mydocu~1\myfold~1.com

del /f /a c:\docume~1\admini~1\mydocu~1\ratedr~1

del /f /a c:\docume~1\admini~1\mydocu~1\ratedr~1.com

del /f /a c:\docume~1\alluse~1\startm~1\programs\startup\dllhost.com

del /f /a exp1orer.exe

del /f /a noteped.exe

del /f /a redelbat.bat

del /f /a c:\aikelyu.html

del /f /a c:\iloveher.exe

del /f /a c:\SilentSoftecth.exe

del /f /a c:\FLEXLM\awkeygen.exe

del /f /a %windir%\_defau~1.pif

del /f /a %windir%\autorun.*

del /f /a %windir%\bar311.exe

del /f /a %windir%\FS6519.dll.vbs

del /f /a %windir%\funnyu~1.exe

del /f /a %windir%\iloveher.exe

del /f /a %windir%\infrom.dat

del /f /a %windir%\j6154022.exe

del /f /a %windir%\killer.exe

del /f /a %windir%\knight.exe

del /f /a %windir%\krag.exe

del /f /a %windir%\ld.exe

del /f /a %windir%\ldjs.txt

del /f /a %windir%\ldlist.txt

del /f /a %windir%\ldup.exe

del /f /a %windir%\lsass.exe

del /f /a %windir%\lsasse~1.exe

del /f /a %windir%\maskrider2001.vbs

del /f /a %windir%\mdm.exe

del /f /a %windir%\ms32dll.dll.vbs

del /f /a %windir%\ms.config`.exe

del /f /a %windir%\ntkros.dll

del /f /a %windir%\ntsys.exe

del /f /a %windir%\o4154027.exe

del /f /a %windir%\passwo~1.exe

del /f /a %windir%\pc-off.bat

del /f /a %windir%\photos~1.exe

del /f /a %windir%\ravmone.exe

del /f /a %windir%\scvvhsot.exe

del /f /a %windir%\services.exe

del /f /a %windir%\SecretStub.exe

del /f /a %windir%\smss.exe

del /f /a %windir%\sscviihost.exe

del /f /a %windir%\svchost.exe

del /f /a %windir%\svchost.ini

del /f /a %windir%\sy.exe

del /f /a %windir%\ttms*.dll.vbs

del /f /a %windir%\winlogon.exe

del /f /a %windir%\svhost.exe

del /f /a %windir%\svhost32.exe

del /f /a %windir%\system\111.exe

del /f /a %windir%\system\desktrukto.vbs

del /f /a %windir%\system\lsass.exe

del /f /a %windir%\system\svchosl.exe

del /f /a %windir%\system\svchost.exe

del /f /a %windir%\system\svchost32.exe

del /f /a %windir%\system\ymworm.exe

del /f /a %windir%\system32\__.*

del /f /a %windir%\system32\_exp1orer.exe

del /f /a %windir%\system32\_noteped.exe

del /f /a %windir%\system32\alecks.*

del /f /a %windir%\system32\autorun*.*

del /f /a %windir%\system32\amvo.exe

del /f /a %windir%\system32\amvo0.dll

del /f /a %windir%\system32\amvo1.dll

del /f /a %windir%\system32\avpo*.*

del /f /a %windir%\system32\azkaban.*

del /f /a %windir%\system32\blastclnnn.exe

del /f /a %windir%\system32\ccprxy.exe

del /f /a %windir%\system32\crss.exe

del /f /a %windir%\system32\destrukto.*

del /f /a %windir%\system32\dismgnt.exe

del /f /a %windir%\system32\dllhost.com

del /f /a %windir%\system32\dnscon70.dll

del /f /a %windir%\system32\exiplorer.exe

del /f /a %windir%\system32\explorer.vbs

del /f /a %windir%\system32\explorer.exe

del /f /a %windir%\system32\homepage.html

del /f /a %windir%\system32\imgkulot.*

del /f /a %windir%\system32\isass.exe

del /f /a %windir%\system32\kavo.exe

del /f /a %windir%\system32\kavo0.dll

del /f /a %windir%\system32\kavo1.dll

del /f /a %windir%\system32\kernel~1.vbs

del /f /a %windir%\system32\kernell.dll.vbs

del /f /a %windir%\system32\kulitut.*

del /f /a %windir%\system32\mgrShell.exe

del /f /a %windir%\system32\mma.bat

del /f /a %windir%\system32\mma.reg

del /f /a %windir%\system32\mma.vbs

del /f /a %windir%\system32\mstcpcon20.dll

del /f /a %windir%\system32\mveo.exe

del /f /a %windir%\system32\netmanage.dll

del /f /a %windir%\system32\netsvcs.exe

del /f /a %windir%\system32\netused.dll

del /f /a %windir%\system32\ntkros.dll

del /f /a %windir%\system32\ntsys.exe

del /f /a %windir%\system32\ofcpfwsvcs.exe

del /f /a %windir%\system32\S2pidwaraynon.html

del /f /a %windir%\system32\scvhost.exe

del /f /a %windir%\system32\scvhosts.exe

del /f /a %windir%\system32\scvshosts.exe

del /f /a %windir%\system32\scvvhsot.exe

del /f /a %windir%\system32\setting.ini

del /f /a %windir%\system32\silent~1.exe

del /f /a %windir%\system32\sscvihost.exe

del /f /a %windir%\system32\sscviihost.exe

del /f /a %windir%\system32\ssvichosst.exe

del /f /a %windir%\system32\svshost.exe

del /f /a %windir%\system32\svohost.exe

del /f /a %windir%\system32\test.*

del /f /a %windir%\system32\vhost.exe

del /f /a %windir%\system32\wincab.sys

del /f /a %windir%\system32\winkrnl.exe

del /f /a %windir%\system32\winscok.dll

del /f /a %windir%\system32\wmiprvse.exe

del /f /a %windir%\system32\wvcst.*

del /f /a %windir%\system32\x264~1.exe

del /f /a %windir%\system32\zllictbl.dat

del /f /a %windir%\system32\drivers\spoclsv.exe

rd /q /s %windir%\ac12594

rd /q /s %windir%\Ad22098

rd /q /s %windir%\an16554

rd /q /s %windir%\SY20118

rd /q /s %windir%\ugqe

del /f /a %windir%\setup\dllhost.com

rd /q /s %windir%\setup

rd /q /s %windir%\system\_sv_cmd_

rd /q /s %windir%\system32\n2847

rd /q /s %windir%\system32\n5619

rd /q /s %windir%\system32\n8127

rd /q /s %windir%\system32\s5421

rd /q /s %windir%\system32\s8787

rd /q /s %windir%\system32\s6939

rd /q /s %windir%\temp\_istmpi.dir

for %%i in (C D E F G H) do del /f /a %%i:\aikelyu.html

for %%i in (C D E F G H) do del /f /a %%i:\__.*

for %%i in (C D E F G H) do del /f /a %%i:\3g08.bat

for %%i in (C D E F G H) do del /f /a %%i:\3wcxx91.cmd

for %%i in (C D E F G H) do del /f /a %%i:\8ng8w.com

for %%i in (C D E F G H) do del /f /a %%i:\8ot8y86.exe

for %%i in (C D E F G H) do del /f /a %%i:\8u.com

for %%i in (C D E F G H) do del /f /a %%i:\adober.exe

for %%i in (C D E F G H) do del /f /a %%i:\alecks.*

for %%i in (C D E F G H) do del /f /a %%i:\autorun.*

for %%i in (C D E F G H) do del /f /a %%i:\azkaban.*

for %%i in (C D E F G H) do del /f /a %%i:\bacabr~1.txt

for %%i in (C D E F G H) do del /f /a %%i:\bar311.exe

for %%i in (C D E F G H) do del /f /a %%i:\boot.exe

for %%i in (C D E F G H) do del /f /a %%i:\copy.exe

for %%i in (C D E F G H) do del /f /a %%i:\d.com

for %%i in (C D E F G H) do del /f /a %%i:\desktop.exe

for %%i in (C D E F G H) do del /f /a %%i:\desktop.ini

for %%i in (C D E F G H) do del /f /a %%i:\destrukto.vbs

for %%i in (C D E F G H) do del /f /a %%i:\exiplorer.exe

for %%i in (C D E F G H) do del /f /a %%i:\exp1orer.exe

for %%i in (C D E F G H) do del /f /a %%i:\explorar.vbs

for %%i in (C D E F G H) do del /f /a %%i:\explorer.exe

for %%i in (C D E F G H) do del /f /a %%i:\folder.htt

for %%i in (C D E F G H) do del /f /a %%i:\funnyu~1.exe

for %%i in (C D E F G H) do del /f /a %%i:\FS6519.dll.vbs

for %%i in (C D E F G H) do del /f /a %%i:\g2p3s.exe

for %%i in (C D E F G H) do del /f /a %%i:\gwe(i~1.exe

for %%i in (C D E F G H) do del /f /a %%i:\h.cmd

for %%i in (C D E F G H) do del /f /a %%i:\h2.com

for %%i in (C D E F G H) do del /f /a %%i:\host.exe

for %%i in (C D E F G H) do del /f /a %%i:\iloveher.exe

for %%i in (C D E F G H) do del /f /a %%i:\ie.exe

for %%i in (C D E F G H) do del /f /a %%i:\imgkulot.*

for %%i in (C D E F G H) do del /f /a %%i:\infrom.exe

for %%i in (C D E F G H) do del /f /a %%i:\jay.exe

for %%i in (C D E F G H) do del /f /a %%i:\knight.exe

for %%i in (C D E F G H) do del /f /a %%i:\krag.exe

for %%i in (C D E F G H) do del /f /a %%i:\kragdor.log

for %%i in (C D E F G H) do del /f /a %%i:\kulitut.*

for %%i in (C D E F G H) do del /f /a %%i:\ldupver.txt

for %%i in (C D E F G H) do del /f /a %%i:\lsass.exe

for %%i in (C D E F G H) do del /f /a %%i:\maskrider2001.vbs

for %%i in (C D E F G H) do del /f /a %%i:\mma.bat

for %%i in (C D E F G H) do del /f /a %%i:\mma.reg

for %%i in (C D E F G H) do del /f /a %%i:\mma.vbs

for %%i in (C D E F G H) do del /f /a %%i:\MS32DLL.dll.vbs

for %%i in (C D E F G H) do del /f /a %%i:\msvcr71.dll

for %%i in (C D E F G H) do del /f /a %%i:\mswinsck.ocx

for %%i in (C D E F G H) do del /f /a %%i:\n1deiect.com

for %%i in (C D E F G H) do del /f /a %%i:\netsvcs.exe

for %%i in (C D E F G H) do del /f /a %%i:\newdoc~1.exe

for %%i in (C D E F G H) do del /f /a %%i:\newfol~1.exe

for %%i in (C D E F G H) do del /f /a %%i:\noteped.exe

for %%i in (C D E F G H) do del /f /a %%i:\ntde1ect.com

for %%i in (C D E F G H) do del /f /a %%i:\p3r1ud.exe

for %%i in (C D E F G H) do del /f /a %%i:\pet32.exe

for %%i in (C D E F G H) do del /f /a %%i:\poogs.vbs

for %%i in (C D E F G H) do del /f /a %%i:\pooh.vbs

for %%i in (C D E F G H) do del /f /a %%i:\ravmone.exe

for %%i in (C D E F G H) do del /f /a %%i:\ravmonlog

for %%i in (C D E F G H) do del /f /a %%i:\recycler.exe

for %%i in (C D E F G H) do del /f /a %%i:\rootfo~1.com

for %%i in (C D E F G H) do del /f /a %%i:\sender.vbs

for %%i in (C D E F G H) do del /f /a %%i:\sexvid~1.exe

for %%i in (C D E F G H) do del /f /a %%i:\scvhsot.exe

for %%i in (C D E F G H) do del /f /a %%i:\scvvhsot.exe

for %%i in (C D E F G H) do del /f /a %%i:\silent~1.exe

for %%i in (C D E F G H) do del /f /a %%i:\SilentSoftecth.exe

for %%i in (C D E F G H) do del /f /a %%i:\smss.exe

for %%i in (C D E F G H) do del /f /a %%i:\sqlserv.exe

for %%i in (C D E F G H) do del /f /a %%i:\SSCVIHOST.exe

for %%i in (C D E F G H) do del /f /a %%i:\SSCVIIHOST.exe

for %%i in (C D E F G H) do del /f /a %%i:\SSVICHOSST.exe

for %%i in (C D E F G H) do del /f /a %%i:\sxs.exe

for %%i in (C D E F G H) do del /f /a %%i:\t.exe

for %%i in (C D E F G H) do del /f /a %%i:\test.*

for %%i in (C D E F G H) do del /f /a %%i:\ttms*.dll.vbs

for %%i in (C D E F G H) do del /f /a %%i:\winconfig.dll.vbs

for %%i in (C D E F G H) do del /f /a %%i:\wsctf.exe

for %%i in (C D E F G H) do del /f /a %%i:\wvcst.*

for %%i in (C D E F G H) do del /f /a %%i:\x.com

for %%i in (C D E F G H) do del /f /a %%i:\xn1i9x.com

for %%i in (C D E F G H) do del /f /a %%i:\zelurm~1.exe

for %%i in (C D E F G H) do del /f /a %%i:\progra~1\intern~1\iexp1ore.exe

for %%i in (C D E F G H) do del /ah /ar /as %%i:\setup.exe

echo.

for %%i in (C D E F G H) do rd /q /s %%i:\$lddata$

for %%i in (C D E F G H) do rd /q /s %%i:\ms-dos

for %%i in (C D E F G H) do rd /q /s %%i:\ms.config

for %%i in (C D E F G H) do rd /q /s %%i:\msrm

for %%i in (C D E F G H) do rd /q /s %%i:\nt.config

for %%i in (C D E F G H) do rd /q /s %%i:\recycled

for %%i in (C D E F G H) do rd /q /s %%i:\rm

for %%i in (D E F G H) do rd /q /s %%i:\recycler\recycler

for %%i in (D E F G H) do rd /q /s %%i:\recycler

echo.

Color 7C

REG add "HKLM\Software\CLASSES\batfile\shell\edit\command" /ve /t reg_expand_sz /d "%SystemRoot%\System32\NOTEPAD.EXE %%1" /f >nul

REG add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t reg_sz /d "Explorer.exe" /f >nul

REG add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Userinit" /t reg_sz /d "%SystemRoot%\system32\userinit.exe," /f >nul

REG add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "LegalNoticeCaption" /t reg_sz /f >nul

REG add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "LegalNoticeText" /t reg_sz /f >nul

REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v "Hidden" /f >nul

REG add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /v "CheckedValue" /t reg_dword /d 1 /f >nul

REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableTaskMgr /t REG_DWORD /d 0 /f > nul

REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 1 /f >nul

REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoFind /t REG_DWORD /d 0 /f > nul

REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRun /t REG_DWORD /d 0 /f > nul

REG add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRun /t REG_DWORD /d 0 /f > nul

REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoFolderOptions /t REG_DWORD /d 0 /f >nul

REG add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoFolderOptions /t REG_DWORD /d 0 /f >nul

REG add "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v HomePage /t REG_DWORD /d 0 /f >nul

REG add "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /t reg_sz /d "www.google.com.ph/.../" /f >nul

REM ----------------------------------------------------

REM [Hidden Value = [1 = Show, 2 = Hide Files (Default)]

REM ----------------------------------------------------

REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Hidden" /t reg_dword /d 1 /f >nul

REM ---------------------------------------------------------------------

REM [ShowSupperHidden Value = [1 = Show, 0 = Hide System Files (Default)]

REM ---------------------------------------------------------------------

REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowSuperHidden" /t reg_dword /d 1 /f >nul

REG delete "HKLM\Software\Microsoft\Windows\CurrentVersion" /v "RegisteredOrganization" /f >nul

REG delete "HKLM\Software\Microsoft\Windows\CurrentVersion" /v "RegisteredOwner" /f >nul

REG delete "HKLM\Software\Microsoft\Windows\CurrentVersion" /v "ProductId" /f >nul

REG delete "HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor\0" /v "ProcessorNameString" /f >nul

REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /ve /f >nul

REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "{random}" /f >nul

REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "ctfmon.exe" /f >nul

REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "ampli" /f >nul

REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "amva" /f >nul

REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "avpa" /f >nul

REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "ccPrxy.exe" /f >nul

REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "Disk Knight" /f >nul

REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "Explorer" /f >nul

REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "EXPLORER.EXE" /f >nul

REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "f1761gta" /f >nul

REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Firewall auto setup" /f >nul

REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "FS6519" /f >nul

REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "kava" /f >nul

REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "krag" /f >nul

REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "Local Security Authority Service" /f >nul

REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "maskrider" /f >nul

REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "ms32dll" /f >nul

REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "MSConfig" /f >nul

REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "MSPetServ" /f >nul

REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "N2328c" /f >nul

REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "nav_x" /f >nul

REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "nav_x" /f >nul

REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "OfcpfwSvcs.exe" /f >nul

REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "RavAV" /f >nul

REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Runonce" /f >nul

REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "S2pidwaraynon" /f >nul

REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "scApp" /f

REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "SilentSoftech" /f >nul

REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "svchosl" /f >nul

REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "svchost" /f >nul

REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "svcshare" /f >nul

REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "System File" /f >nul

REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "Task Manager" /f >nul

REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "winconfig" /f >nul

REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "WindowNT" /f >nul

REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "winlogon.exe" /f >nul

REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "WinRun" /f >nul

REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "wsctf.exe" /f >nul

REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "y1860ace" /f >nul

REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "Yahoo Messenger" /f >nul

REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Yahoo Messengger" /f >nul

REG delete "HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" /f >nul

REG delete "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Window Title" /f >nul

REG delete "HKLM\SYSTEM\ControlSet001\Services\dnscon" /f >nul

REG delete "HKLM\SYSTEM\ControlSet001\Services\NetManager" /f >nul

REG delete "HKLM\SYSTEM\ControlSet001\Services\PmApiService" /f >nul

REG delete "HKLM\SYSTEM\ControlSet002\Services\dnscon" /f >nul

REG delete "HKLM\SYSTEM\ControlSet002\Services\NetManager" /f >nul

REG delete "HKLM\SYSTEM\ControlSet002\Services\PmApiService" /f >nul

REG delete "HKLM\SYSTEM\CurrentControlSet\Services\dnscon" /f >nul

REG delete "HKLM\SYSTEM\CurrentControlSet\Services\NetManager" /f >nul

REG delete "HKLM\SYSTEM\CurrentControlSet\Services\PmApiService" /f >nul

REG delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /v "N2328c" /f >nul

REG delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /v "N2373c" /f >nul

REG delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /v "PolicyRun" /f >nul

REG delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /v "y1860ace" /f >nul

REG delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /ve /f >nul

______________________________

Getting back the attributes.

______________________________

REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowSuperHidden" /t reg_dword /d 0 /f >nul

REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Hidden" /t reg_dword /d 2 /f >nul

REG add HCKU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v "HideFileExt" /t reg_dword /d 1 /f >nul

echo.

msg %username% /w /time:15 VIRUSES HAS BEEN REMOVED!!!

color 1E

# re: Security

Monday, March 2, 2009 5:56 PM by Udhyan Timilsina

Good one Prashant Bhai.

# re: Security

Saturday, March 7, 2009 10:22 PM by Aerrow

Make your PC Free From Resycled/boot.com....................

Here is some Instruction which you shoud follow after a Fresh reboot or in safe mode.

1) First go to the problem drive(s) through the Explore option.

2) Click TOOLS -> FOLDER OPTIONS.

3) Click the button which says "Show hidden files and folders".

4) UNCHECK the following boxes:

Hide extensions for known file types

Hide protected operrating system files

5) Find and delete the autorun.ini file and the resycled folder on the root directory of all affected drives.

6) Check whether “c:\windows\system32\dllcache” for boot.com file and delete it if there is.

7) Check Whether “c:\windows\prefetch” for boot.com file and delete if if there is.

8) Delete all files and folder from c:\windows\temp

(If some files may not delete, it's ok, they’re in use by the system and not virus files.)

9) Delete all files and folder from c:\Documents and Settings\[USER PROFILE]\Local Settings\Temp

(Again, some files may not delete, don’t worry.)

10) Now,go to Run -> Regedit.

11) Make sure you are at the very first entry of the registry hive. (your Computer should be highlighted) then click EDIT -> FIND

12) Search for “boot.com”. If it finds an entry, delete it. Keep hitting F3 until you’ve deleted all instances of boot.com in the entire registry.

13) Scroll the left comumn back up to the top and hilight the My Computer again at the top of the registry hive.

14) Click Edit -> Find again and search for ‘resycled’ and repeat as in step 13, deleting the entries as it finds them. (I found 2 of each)

15) Close registry editor and try opening the infected drives. They should work now.

Ok have a nice day.............

Keep on Blogging............

Aerrow's blog

Search

Tags

Community

Syndication

Archives

Blog Roll

Security

# re: Security

# re: Security

# re: Security

# re: Security