Batch File

[yurckk 0]

assalamualaikum,

mod2 or sp2 b4 ne ada buat batch file .bat utk remove virus kn? mean 1 jenis je..nk mintak cth2 batch file. nk buat rujukan. thx in advance.

[kecik-88 4]

assalamualaikum,

mod2 or sp2 b4 ne ada buat batch file .bat utk remove virus kn? mean 1 jenis je..nk mintak cth2 batch file. nk buat rujukan. thx in advance.

code remove virus....nak remove virus aper..??

kalo contoh code remove virus mesti pakai registry,del,attrib,goto,if,cd,tskill,dan sebagainye...

cube ko bukak command prompt pastue taip help dan enter

[yurckk 0]

code remove virus....nak remove virus aper..??

kalo contoh code remove virus mesti pakai registry,del,attrib,goto,if,cd,tskill,dan sebagainye...

cube ko bukak command prompt pastue taip help dan enter

dlu kalo xslh de mod buat batch file utk remove virus bro_act, just nk tau flow commands. dlm batch file tu ada lines utk edit/remove/add registry etc.

[kecik-88 4]

dlu kalo xslh de mod buat batch file utk remove virus bro_act, just nk tau flow commands. dlm batch file tu ada lines utk edit/remove/add registry etc.

Nie aku punye yang lame untuk buang virus Kernel32.dll.vbs, MS32DLL.dll.vbs dan buang [lanun] windows logo

@ECHO OFF
TITLE Membetulkan Registry Windows Anda
color 1a    
cls
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f 
REG add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL /v CheckedValue /t REG_DWORD /d 1 /f
REG add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN /v CheckedValue /t REG_DWORD /d 2 /f
REG add "HKCU\Control Panel\Desktop /v menushowdelay /t REG_SZ /d 0 /f 
REG add HKCU\Software\Policies\Microsoft\Windows\System /v DisableCMD /t REG_DWORD /d 0 /f 
REG add HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D} /v LocalizedString /t REG_SZ /d "My Computer" /f 
REG add HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E} /v LocalizedString /t REG_SZ /d "Recycle BIn" /f 
REG add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DisableCAD /t REG_DWORD /d 0 /f
REG add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v LegalNoticeCaption /t REG_SZ /d "" /f 
REG add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v LegalNoticeText /t REG_SZ /d "" /f 
REG add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /t REG_SZ /d C:\WINDOWS\system32\userinit.exe /f
REG add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v UIHost /t REG_EXPAND_SZ /d logonui.exe /f
REG add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t REG_SZ /d Explorer.exe /f
REG add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v Administrator /t REG_DWORD /d 0 /f 
REG add HKCU\Software\Policies\Microsoft\WindowsMediaPlayer /v TitleBar /t REG_SZ /d "" /f 
REG add "HKCU\Software\Microsoft\Internet Explorer\Toolbar" /v backbitmap /t REG_SZ /d c:/windows /f 
REG add "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Search Page" /t REG_SZ /d yahoo.com /f 
REG add "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /t REG_SZ /d Yahoo.com /f 
REG add "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Window Title" /t REG_SZ /d "" /f 
REG add "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v HomePage /t REG_DWORD /d 0 /f 
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDrives /t REG_DWORD /d 0 /f 
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoViewOnDrive /t REG_DWORD /d 0 /f 
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoViewContextMenu /t REG_DWORD /d 0 /f 
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoTrayContextMenu /t REG_DWORD /d 0 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoNetworkConnections /t REG_DWORD /d 0 /f 
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoControlPanel /t REG_DWORD /d 0 /f 
REG add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoControlPanel /t REG_DWORD /d 0 /f 
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v ShowSuperHidden /t REG_DWORD /d 0 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v Hidden /t REG_DWORD /d 2 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v SeparateProcess /t REG_DWORD /d 0 /f
REG add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DontDisplayLastUserName /t REG_SZ /d 0 /f 
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoEntireNetwork /t REG_DWORD /d 0 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoNetSetup /t REG_DWORD /d 0 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoNetSetupIDPage /t REG_DWORD /d 0 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFileSharing /t REG_DWORD /d 0 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoPrintSharing /t REG_DWORD /d 0 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoWorkgroupContents /t REG_DWORD /d 0 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoNetSetupSecurityPage /t REG_DWORD /d 0 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoClose /t REG_DWORD /d 0 /f 
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v StartMenuLogOff /t REG_DWORD /d 0 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoStartMenuMyMusic /t REG_DWORD /d 0 /f 
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoStartMenuNetworkPlaces /t REG_DWORD /d 0 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoSMMyDocs /t REG_DWORD /d 0 /f 
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoSMMyPictures /t REG_DWORD /d 0 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoSMHelp /t REG_DWORD /d 0 /f 
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoSetFolders /t REG_DWORD /d 0 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoStartMenuMorePrograms /t REG_DWORD /d 0 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoSimpleStartMenu /t REG_DWORD /d 0 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoSMBalloonTip /t REG_DWORD /d 0 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoUserNameInStartMenu /t REG_DWORD /d 0 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v HideClock /t REG_DWORD /d 0 /f 
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoTaskGrouping /t REG_DWORD /d 0 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NotoolBarsOnTaskBar /t REG_DWORD /d 0 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFileMenu /t REG_DWORD /d 0 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoShellSearchButton /t REG_DWORD /d 0 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFind /t REG_DWORD /d 0 /f 
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoRun /t REG_DWORD /d 0 /f  
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoTrayItemsDisplay /t REG_DWORD /d 0 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 0 /f --> X 
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v ClearRecentDocsOnExit /t REG_DWORD /d 1 /f 
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoRecentDocsHistory /t REG_DWORD /d 1 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoAutoUpdate /t REG_DWORD /d 1 /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f
REG ADD HKCU\Software\Policies\Microsoft\MMC\ /v RestrictToPermittedSnapins /t REG_DWORD /d 0 /f 
cls
"%windir%\system32\wgatray.exe /u"
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon" /f
del /f /q "%windir%\system32\dllcache\wgatray.exe"
del /f /q "%windir%\system32\dllcache\WGAlogon.dll"
del /f /q "%windir%\system32\wgatray.exe"
del /f /q "%windir%\system32\WGAlogon.dll"
rmdir /s /q "%windir%\SoftwareDistribution\Download\6c4788c9549d437e76e1773a7639582a"
cls
tskill wscript /a
tskill wscript /a
tskill wscript /a
tskill wscript /a
tskill wscript /a
tskill wscript /a
tskill wscript /a
tskill wscript /a
tskill wscript /a
tskill wscript /a
tskill wscript /a
tskill wscript /a
tskill wscript /a
tskill wscript /a
tskill wscript /a
tskill wscript /a
cd..
cd..
cd..
cd..
cd..
cd..
cd..
cd..
cd..
cd..
attrib -r -a -s -h MS32DLL.dll.vbs
attrib -r -a -s -h Kernel32.dll.vbs
attrib -r -a -s -h autorun.inf
del /f /q MS32DLL.dll.vbs
del /f /q Kernel32.dll.vbs
del /f /q autorun.inf
cd Windows
attrib -r -a -s -h MS32DLL.dll.vbs
attrib -r -a -s -h Kernel32.dll.vbs
del /f /q %windir%\MS32DLL.dll.vbs
del /f /q %windir%\Kernel32.dll.vbs
REG add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v MS32DLL /t REG_SZ /d "" /f
REG add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Kernel32 /t REG_SZ /d "" /f
REG add "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Window Title" /t REG_SZ /d "" /f
d:
attrib -r -a -s -h MS32DLL.dll.vbs
attrib -r -a -s -h Kernel32.dll.vbs
attrib -r -a -s -h autorun.inf
del /f /q "MS32DLL.dll.vbs"
del /f /q "Kernel32.dll.vbs"
del /f /q "autorun.inf"
e:
attrib -r -a -s -h MS32DLL.dll.vbs
attrib -r -a -s -h Kernel32.dll.vbs
attrib -r -a -s -h autorun.inf
del /f /q "MS32DLL.dll.vbs"
del /f /q "Kernel32.dll.vbs"
del /f /q "autorun.inf"
f:
attrib -r -a -s -h MS32DLL.dll.vbs
attrib -r -a -s -h Kernel32.dll.vbs
attrib -r -a -s -h autorun.inf
del /f /q "MS32DLL.dll.vbs"
del /f /q "Kernel32.dll.vbs"
del /f /q "autorun.inf"
g:
attrib -r -a -s -h MS32DLL.dll.vbs
attrib -r -a -s -h Kernel32.dll.vbs
attrib -r -a -s -h autorun.inf
del /f /q "MS32DLL.dll.vbs"
del /f /q "Kernel32.dll.vbs"
del /f /q "autorun.inf"
cls

Edited September 10, 2008 by kecik-88

[yurckk 0]

ok kecik, thx a lot. tp for those yg ada sample code utk dishare, dialu-alukan.thx in advance!

[baok 0]

yurckk, kalau kau betul2 nak mahir dalam batch command, study 2 laman web di bawah...

http://www.ss64.com/nt/

http://www.allenware.com/icsw/icswidx.htm

Itu sahaja yang boleh aku bantu kau.. I won't spoon-feed anyone..

[yurckk 0]

err..kalo nk del kn cmne r? aku dah xigt command. del registry using batch file.. reg del then? or?

ok ok..thx..aku cari dlm web tp xjmpe..btw thx for all those.

[cixent 0]

err..kalo nk del kn cmne r? aku dah xigt command. del registry using batch file.. reg del then? or?

yup..

EXAMPLE:

REG DEL HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN /V <Valuename> /T <REG Type> /d <Data Value>

use option /F untuk force command tu..

Edited September 10, 2008 by Cixent

[yurckk 0]

yup..

EXAMPLE:

REG DEL HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN /V <Valuename> /T <REG Type> /d <Data Value>

use option /F untuk force command tu..

REG DEL HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V "aa" /T REG_SZ /d "ss"

bad operation. ? asal? tp kalau aku tukar "del" kepada "add" jadi lak.

ade 1 command aku buat td, xsalah aku pakai REG DELETE, delete smua dlm run.

Edited September 10, 2008 by yurckk

[cixent 0]

REG DEL HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V "aa" /T REG_SZ /d "ss"

bad operation. ? asal? tp kalau aku tukar "del" kepada "add" jadi lak.

ade 1 command aku buat td, xsalah aku pakai REG DELETE, delete smua dlm run.

silap...

untuk reg del tak payah ader

/T <REG Type> /d <Data Value>

cuma perlu ader /V <value name>

sorry... x perasan..

AAA??? Del sume dlm run?? hbislah sume startup program dlm pc ngko.. isk2... buat backup x?

Edited September 10, 2008 by Cixent

[yurckk 0]

REG del HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V "aa"

still same. xdpt gak. ke aku wat slh command?

pasal run dah kne del rs xde mslh..pc ofis..lbh krg pc sblh kot..haha..

hehe dpt dah.. actually guna DELETE bkn del..lupe leh view help guna cmd..hehe..btw thx help..

[cixent 0]

REG del HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V "aa"

still same. xdpt gak. ke aku wat slh command?

pasal run dah kne del rs xde mslh..pc ofis..lbh krg pc sblh kot..haha..

hehe dpt dah.. actually guna DELETE bkn del..lupe leh view help guna cmd..hehe..btw thx help..

a`ah DELETE...

[ihsan94 0]

ko nak belajar nie nak buat anti-virus ker virus?hak3...

BTW,Try check youtube or google..belajar dulu bahasa nie..then baru ar bleh buat av or pe2 jer bende ko nak buat...

lol..sengal

[kecik-88 4]

try kaji cara buat program guna batch file nie...

http://forum.putera.com/tanya/t45919.html

[yurckk 0]

ko nak belajar nie nak buat anti-virus ker virus?hak3...

BTW,Try check youtube or google..belajar dulu bahasa nie..then baru ar bleh buat av or pe2 jer bende ko nak buat...

lol..sengal

haha senegal ang ne..sj je nk blaja..dlu de blaja.tp byk dah lupe..

[dawos 0]

aku taknak buka topik baru.....sajer aku nak tanye....boleh tak kite hidden notepad.bat??? aper2 yang dah kite buat so kite nak hidden kan....kalu hidden biasa kebanyakkannya dah tau mcam man nak unhidden kan die...boleh tak kite hidden kan sebagai (hide protected operating system)? sape2 yang pandai coding kat sini ajarla aku...sbb aku dah buat2 2 3 cara tapi tak berjaya...aku dah try renamekan notepad.bat.sys/ini pun tetap tak hidden gakk? @ nak kene restart...sape2 yang pro tolong bgtau..

[yurckk 0]

aku taknak buka topik baru.....sajer aku nak tanye....boleh tak kite hidden notepad.bat??? aper2 yang dah kite buat so kite nak hidden kan....kalu hidden biasa kebanyakkannya dah tau mcam man nak unhidden kan die...boleh tak kite hidden kan sebagai (hide protected operating system)? sape2 yang pandai coding kat sini ajarla aku...sbb aku dah buat2 2 3 cara tapi tak berjaya...aku dah try renamekan notepad.bat.sys/ini pun tetap tak hidden gakk? @ nak kene restart...sape2 yang pro tolong bgtau..

yg aku tau super hidden, dimana file tu akan jd system file. cuba ne:

attrib +s +h <path><filename>

cth : attrib +s +h "C:\Documents and Settings\Werks\notepad.bat" or

attrib +s +h C:\notepad.bat

beza 2 cth tu ialah menggunakan "" . aku guna "" sebab dlm file path tu ada space iaitu jarak perkataan.

try kt run ke dos ke.

kalo -s -h utk unhide blk.

k.

[yurckk 0]

try kaji cara buat program guna batch file nie...

http://forum.putera.com/tanya/t45919.html

orait kecik, thx bebanyak!act aku byk nk blaja dr ang lg..

[dawos 0]

yg aku tau super hidden, dimana file tu akan jd system file. cuba ne:

attrib +s +h <path><filename>

cth : attrib +s +h "C:\Documents and Settings\Werks\notepad.bat" or

attrib +s +h C:\notepad.bat

beza 2 cth tu ialah menggunakan "" . aku guna "" sebab dlm file path tu ada space iaitu jarak perkataan.

try kt run ke dos ke.

kalo -s -h utk unhide blk.

k.

terima kasih banyak2...aku dah buat dan berjaya..terima kasih..

[dawos 0]

ade sinie sape2 tau tak mcam mana nak buat folder undeleteable??? kalau buat read only boleh gak delete... mcam mana nak gune attrib +i <<<yang ini untuk undeleteable ker?

[yurckk 0]

ade sinie sape2 tau tak mcam mana nak buat folder undeleteable??? kalau buat read only boleh gak delete... mcam mana nak gune attrib +i <<<yang ini untuk undeleteable ker?

kalo xslh aku attrib utk +i xwujud.yg aku ase ade

+-R = read only file attribute

+-A = archive file attribute

+-S = system file attribute

+-H = hidden file attribute

tp jgn takat mati kt cne je..buat lagi research..

[dawos 0]

kalo xslh aku attrib utk +i xwujud.yg aku ase ade

+-R = read only file attribute

+-A = archive file attribute

+-S = system file attribute

+-H = hidden file attribute

tp jgn takat mati kt cne je..buat lagi research..

ooo yeke sebab aku just terbaca dalam internet ajer untuk buat undeleteable ajer...so mungkin gak aku silap//...tapi aku akan terus mencari

[yurckk 0]

ooo yeke sebab aku just terbaca dalam internet ajer untuk buat undeleteable ajer...so mungkin gak aku silap//...tapi aku akan terus mencari

aku ase, bg aku..file dlm windows kebanyakkan sume leh del..selagi file tu xrun dlm process..ble2 ms leh del..xtau lak kalau satu2 file tu leh set undeletable..mayb leh wat 1 prog securekn file tu.ask for passwd kalo nk del.possible.

[kecik-88 4]

ade sinie sape2 tau tak mcam mana nak buat folder undeleteable??? kalau buat read only boleh gak delete... mcam mana nak gune attrib +i <<<yang ini untuk undeleteable ker?

Ade caranya....dalam buku yg aku buat ade trick nie...

die x menggunakan attrib tapi die hanya menggunakan command prompt jer untuk folder tersebut tidak boleh di delete.

[yurckk 0]

Ade caranya....dalam buku yg aku buat ade trick nie...

die x menggunakan attrib tapi die hanya menggunakan command prompt jer untuk folder tersebut tidak boleh di delete.

dasat buat buku sniri, mn nk tau buku ang tu? on9 ke?