AQUI DEJO UNA FOTO DE CUANDO REINICIE LA PC:
no solo los .exe tambien los .bat.
todo paso cuando copile un batch y lo abri :
el batch es este bueo no es del todo batch mas bien es una aplicacion html dentro de un batch:
Código
@goto :batch <html><!-- :batch @echo off if /I "%1"=="{AddText}" goto :addtext if /I "%1"=="{GetText}" goto :gettext if /I "%1"=="{StripChars}" goto :StripChars mode con: cols=31 lines=5 title [%~n0] color 0a echo. echo. echo. loading ... reg add HKCU\Software\Classes\%~x0 /d "htafile" /f >nul start "" mshta.exe "%~dpnx0" exit :addtext for /f "tokens=*" %%A in ('echo.%2') do set "filedir=%%~dpA" & set "filename=%%~nxA" copy /y %2 "%filedir%\[WithMessage] %filename%" >nul echo.>>"%filedir%\[WithMessage] %filename%" echo.>>"%filedir%\[WithMessage] %filename%" set "txt=%3" set "txt=%txt:~1%" set "txt=%txt:~0,-1%" echo.:#%txt%>>"%filedir%\[WithMessage] %filename%" echo.[WithMessage] %filename% exit :gettext set /a "linenum=0+0" for /f "tokens=*" %%A in ('echo.%2') do for /f "tokens=*" %%B in ('type "%%~dpnxA"') do set "msgline=%%B" for /f "tokens=1,2 delims=#" %%A in ('echo.%msgline%') do ( if "%%A"==":" ( echo.%%B ) else ( echo.{nomsg} ) ) exit :StripChars set "txt=%2" set "txt=%txt:~1%" echo."%txt:~0,-3%" exit --> <head> <title>Encrypt Messages Into Image-Files</title> <HTA:APPLICATION ID="ThisApp" APPLICATIONNAME="Encrypt Messages Into Image-Files" scroll="no" icon="" showintaskbar="no" sysmenu="yes" caption="yes" maximizebutton="no" minamizebutton="no" > </head> <script language="VBScript"> sub Window_OnLoad Ext = split(split(ThisApp.commandline,chr(34))(1),".")(ubound(split(split(ThisApp.commandline,chr(34))(1),"."))) createobject("wscript.shell").run "reg add HKCU\Software\Classes\."&Ext&" /d "&chr(34)&Ext&"file"&chr(34)&" /f",0,true window.resizeto 670,600 end sub sub addtxt() buildtxt = "" for c = 1 to len(document.all.txtmessage.value) buildtxt = buildtxt& chr(asc(mid(document.all.txtmessage.value,c,1))+4) next buildnewfileandgetname = CommandLine("@call "&chr(34)&split(ThisApp.commandline,chr(34))(1)&chr(34) _ &" {AddText} "&chr(34)&document.all.addmsgto.value&chr(34)&" "&chr(34)&buildtxt&chr(34)) msgbox "The JPG-File was copied and the message was injected into the copy. The copy is in the same folder." end sub sub readtxt() rawtxt = CommandLine("@call "&chr(34)&split(ThisApp.commandline,chr(34))(1)&chr(34) _ &" {GetText} "&chr(34)&document.all.getmsgfrom.value&chr(34)) if NOT rawtxt = "{nomsg}" then decryptmsg = "" for c = 1 to len(rawtxt) decryptmsg = decryptmsg& chr(asc(mid(rawtxt,c,1))-4) next decryptmsg = CommandLine("@call "&chr(34)&split(ThisApp.commandline,chr(34))(1)&chr(34) _ &" {StripChars} "&chr(34)&decryptmsg&chr(34)) else decryptmsg = "no message in this file" end if msgbox "Hidden Message: "&decryptmsg,0,"Viewing Hidden Message" end sub function CommandLine(cmmd) set clipboard = createobject("htmlfile") cliptext = clipboard.ParentWindow.ClipboardData.GetData("text") createobject("wscript.shell").run chr(34)&"%comspec%"&chr(34)&" /d /c "&cmmd&"|clip",0,true CommandLine = clipboard.ParentWindow.ClipboardData.GetData("text") if NOT isnull(cliptext) then clipboard.ParentWindow.ClipboardData.SetData "text",cliptext end function </script> <body bgcolor=black style=border:0px;padding:0px;margin:0px;color:black;font-size:0;font-family:arial ><br/><font color=cyan size=2><center><br/> <font size=4 face=terminal> <a style=color:red;text-decoration:none target=_blank href=https://hackforums.net/member.php?action=profile&uid=3089494 >by <u>ImDeepWithWindows</u></a> </font><br/><br/><hr noshade=noshade style=color:purple;border-color:purple;border-style:solid;padding:0px;margin:0px /> <div align=left>encrypt messages inside JPG image-files</div> <hr noshade=noshade style=color:purple;border-color:purple;border-style:solid;padding:0px;margin:0px /><center><br/><br/> <fieldset style=width:60%;border-style:solid;border-color:grey;margin:0px;padding:0px;border-width:4px> <legend style=color:yellow;margin:0px;padding:0px;border-style:solid;border-color:grey;border-width:4px ><b>Hide Message In JPG File</b></legend> <br/><br/><br/>Browse For JPG-File: <input type=file value="Select Image File" name=addmsgto style=display:inline-block;border-color:purple;border-style:solid;background-color:black;color:yellow accept="jpg,image/jpg" /> <br/><br/>Message To Hide: <input type=text name=txtmessage style=border-color:grey;border-style:solid;background-color:black;color:yellow /><br/> <br/><input type=submit value="Hide Message" style=color:#00ff00;background-color:black;border-color:purple;border-style:solid onclick=addtxt() /> <br/><br/><br/></fieldset><br/><br/><br/><fieldset style=width:60%;border-style:solid;border-color:grey;margin:0px;padding:0px;border-width:4px> <legend style=color:yellow;margin:0px;padding:0px;border-style:solid;border-color:grey;border-width:4px ><b>Read Hidden Message From JPG File</b></legend> <br/><br/><br/>Browse For JPG-File: <input type=file value="Select Image File" name=getmsgfrom style=border-color:purple;border-style:solid;background-color:black;color:yellow accept="jpg" /><br/> <br/><input type=submit value="Read Hidden Message" style=color:#00ff00;background-color:black;border-color:purple;border-style:solid onclick=readtxt() /> <br/><br/><br/></fieldset>
bueno sospecho que este batch me configuro mediante el registro de windows (regedit) para que todos los .exe y .bat se reconocieran como .hta
por que sospecho esto? sospecho esto por el siguiente codigo:
Código
sub Window_OnLoad Ext = split(split(ThisApp.commandline,chr(34))(1),".")(ubound(split(split(ThisApp.commandline,chr(34))(1),"."))) createobject("wscript.shell").run "reg add HKCU\Software\Classes\."&Ext&" /d "&chr(34)&Ext&"file"&chr(34)&" /f",0,true window.resizeto 670,600 end sub
en esa parte que es vbs el code toca el registro , mi sospecha es que hay se cofigura para que lea todos los .exe y .bat como si fueran .hta .
Código
reg add HKCU\Software\Classes\%~x0 /d "htafile" /f >nul
me parece que esa parte del code tambien es lo que me esta jodiendo.
PD: ME IMAGINO QUE LA SOLUCIÓN SERIA UN VBS QUE TAMBIEN EDITE EL REGISTRO VOLVIENDO LOS VALORES COMO ESTABAN ANTES.
GRACIAS DE ANTEMANO
MOD: Imagenes adaptadas a lo permitido.