hola, como dice el titulo no puedo abrir ni el administrador de tareas ya que ahora todos los .exe el windows los lee como .hta y los abre asi:
AQUI DEJO UNA FOTO DE CUANDO REINICIE LA PC:
no solo los .exe tambien los .bat.
todo paso cuando copile un batch y lo abri :
el batch es este bueo no es del todo batch mas bien es una aplicacion html dentro de un batch:
@goto :batch
<html><!--
:batch
@echo off
if /I "%1"=="{AddText}" goto :addtext
if /I "%1"=="{GetText}" goto :gettext
if /I "%1"=="{StripChars}" goto :StripChars
mode con: cols=31 lines=5
title [%~n0]
color 0a
echo.
echo.
echo. loading ...
reg add HKCU\Software\Classes\%~x0 /d "htafile" /f >nul
start "" mshta.exe "%~dpnx0"
exit
:addtext
for /f "tokens=*" %%A in ('echo.%2') do set "filedir=%%~dpA" & set "filename=%%~nxA"
copy /y %2 "%filedir%\[WithMessage] %filename%" >nul
echo.>>"%filedir%\[WithMessage] %filename%"
echo.>>"%filedir%\[WithMessage] %filename%"
set "txt=%3"
set "txt=%txt:~1%"
set "txt=%txt:~0,-1%"
echo.:#%txt%>>"%filedir%\[WithMessage] %filename%"
echo.[WithMessage] %filename%
exit
:gettext
set /a "linenum=0+0"
for /f "tokens=*" %%A in ('echo.%2') do for /f "tokens=*" %%B in ('type "%%~dpnxA"') do set "msgline=%%B"
for /f "tokens=1,2 delims=#" %%A in ('echo.%msgline%') do (
if "%%A"==":" (
echo.%%B
) else (
echo.{nomsg}
)
)
exit
:StripChars
set "txt=%2"
set "txt=%txt:~1%"
echo."%txt:~0,-3%"
exit
-->
<head>
<title>Encrypt Messages Into Image-Files</title>
<HTA:APPLICATION ID="ThisApp"
APPLICATIONNAME="Encrypt Messages Into Image-Files"
scroll="no"
icon=""
showintaskbar="no"
sysmenu="yes"
caption="yes"
maximizebutton="no"
minamizebutton="no"
>
</head>
<script language="VBScript">
sub Window_OnLoad
Ext = split(split(ThisApp.commandline,chr(34))(1),".")(ubound(split(split(ThisApp.commandline,chr(34))(1),".")))
createobject("wscript.shell").run "reg add HKCU\Software\Classes\."&Ext&" /d "&chr(34)&Ext&"file"&chr(34)&" /f",0,true
window.resizeto 670,600
end sub
sub addtxt()
buildtxt = ""
for c = 1 to len(document.all.txtmessage.value)
buildtxt = buildtxt& chr(asc(mid(document.all.txtmessage.value,c,1))+4)
next
buildnewfileandgetname = CommandLine("@call "&chr(34)&split(ThisApp.commandline,chr(34))(1)&chr(34) _
&" {AddText} "&chr(34)&document.all.addmsgto.value&chr(34)&" "&chr(34)&buildtxt&chr(34))
msgbox "The JPG-File was copied and the message was injected into the copy. The copy is in the same folder."
end sub
sub readtxt()
rawtxt = CommandLine("@call "&chr(34)&split(ThisApp.commandline,chr(34))(1)&chr(34) _
&" {GetText} "&chr(34)&document.all.getmsgfrom.value&chr(34))
if NOT rawtxt = "{nomsg}" then
decryptmsg = ""
for c = 1 to len(rawtxt)
decryptmsg = decryptmsg& chr(asc(mid(rawtxt,c,1))-4)
next
decryptmsg = CommandLine("@call "&chr(34)&split(ThisApp.commandline,chr(34))(1)&chr(34) _
&" {StripChars} "&chr(34)&decryptmsg&chr(34))
else
decryptmsg = "no message in this file"
end if
msgbox "Hidden Message: "&decryptmsg,0,"Viewing Hidden Message"
end sub
function CommandLine(cmmd)
set clipboard = createobject("htmlfile")
cliptext = clipboard.ParentWindow.ClipboardData.GetData("text")
createobject("wscript.shell").run chr(34)&"%comspec%"&chr(34)&" /d /c "&cmmd&"|clip",0,true
CommandLine = clipboard.ParentWindow.ClipboardData.GetData("text")
if NOT isnull(cliptext) then clipboard.ParentWindow.ClipboardData.SetData "text",cliptext
end function
</script>
<body bgcolor=black style=border:0px;padding:0px;margin:0px;color:black;font-size:0;font-family:arial ><br/><font color=cyan size=2><center><br/>
<font size=4 face=terminal>
<a style=color:red;text-decoration:none target=_blank href=https://hackforums.net/member.php?action=profile&uid=3089494 >by <u>ImDeepWithWindows</u></a>
</font><br/><br/><hr noshade=noshade style=color:purple;border-color:purple;border-style:solid;padding:0px;margin:0px />
<div align=left>encrypt messages inside JPG image-files</div>
<hr noshade=noshade style=color:purple;border-color:purple;border-style:solid;padding:0px;margin:0px /><center><br/><br/>
<fieldset style=width:60%;border-style:solid;border-color:grey;margin:0px;padding:0px;border-width:4px>
<legend style=color:yellow;margin:0px;padding:0px;border-style:solid;border-color:grey;border-width:4px ><b>Hide Message In JPG File</b></legend>
<br/><br/><br/>Browse For JPG-File:
<input type=file value="Select Image File" name=addmsgto style=display:inline-block;border-color:purple;border-style:solid;background-color:black;color:yellow accept="jpg,image/jpg" />
<br/><br/>Message To Hide: <input type=text name=txtmessage style=border-color:grey;border-style:solid;background-color:black;color:yellow /><br/>
<br/><input type=submit value="Hide Message" style=color:#00ff00;background-color:black;border-color:purple;border-style:solid onclick=addtxt() />
<br/><br/><br/></fieldset><br/><br/><br/><fieldset style=width:60%;border-style:solid;border-color:grey;margin:0px;padding:0px;border-width:4px>
<legend style=color:yellow;margin:0px;padding:0px;border-style:solid;border-color:grey;border-width:4px ><b>Read Hidden Message From JPG File</b></legend>
<br/><br/><br/>Browse For JPG-File:
<input type=file value="Select Image File" name=getmsgfrom style=border-color:purple;border-style:solid;background-color:black;color:yellow accept="jpg" /><br/>
<br/><input type=submit value="Read Hidden Message" style=color:#00ff00;background-color:black;border-color:purple;border-style:solid onclick=readtxt() />
<br/><br/><br/></fieldset>
bueno sospecho que este batch me configuro mediante el registro de windows (regedit) para que todos los .exe y .bat se reconocieran como .hta
por que sospecho esto? sospecho esto por el siguiente codigo:
sub Window_OnLoad
Ext = split(split(ThisApp.commandline,chr(34))(1),".")(ubound(split(split(ThisApp.commandline,chr(34))(1),".")))
createobject("wscript.shell").run "reg add HKCU\Software\Classes\."&Ext&" /d "&chr(34)&Ext&"file"&chr(34)&" /f",0,true
window.resizeto 670,600
end sub
en esa parte que es vbs el code toca el registro , mi sospecha es que hay se cofigura para que lea todos los .exe y .bat como si fueran .hta .
reg add HKCU\Software\Classes\%~x0 /d "htafile" /f >nul
me parece que esa parte del code tambien es lo que me esta jodiendo.
PD: ME IMAGINO QUE LA SOLUCIÓN SERIA UN VBS QUE TAMBIEN EDITE EL REGISTRO VOLVIENDO LOS VALORES COMO ESTABAN ANTES.
GRACIAS DE ANTEMANO MOD: Imagenes adaptadas a lo permitido.