V3.bat dosyasında virüs var mı?

Hencc

Hencc

Hectopat
Katılım
30 Kasım 2021
Mesajlar
507
Çözümler
11
Dosya burada: V3
VirusTotal'de bir şey çıkmadı ancak çalıştırdıktan sonra Opera GX, dicord token tarzı şeyler vardı.
Bana dosyayı atan arkadaş gereksiz şeyleri siliyor vs. dedi.
 
BAT dosyasının içindekilere bakacaktım ama Windows SmartScreen engelledi.

1658159596241.png


İçine baktım, bunlar var:

Kod: 
::
::
::
::
::
::
::
::
:: Bu VM V4 Görevi PC İle Temp / Dosyaları siler ve daha fazlası.
:: By TH3KEN.
::License : 446724537537853752385432-64523-75327532
@echo off.
echo TH3KEN VM V4.
dir /s x0.reg
call x0.reg
del /s /f /q "%USERPROFILE%"\locals~1\temp\*
rmdir /s /q "%USERPROFILE%"\locals~1\temp
mkdir "%USERPROFILE%"\locals~1\Temp
del /s /f /q "%USERPROFILE%"\locals~1\tempor~1\*
del /s /f /q /a:s "%USERPROFILE%"\locals~1\tempor~1\*
del /s /f /q /a:h "%USERPROFILE%"\locals~1\tempor~1\*
del /s /f /q /a:r "%USERPROFILE%"\locals~1\tempor~1\*
rmdir /s /q "%USERPROFILE%"\locals~1\tempor~1
del /s /f /q "%USERPROFILE%"\locals~1\history\*
del /s /f /q "%SystemRoot%"\prefetch\*
del /s /f /q "%SystemRoot%"\Minidump\*
del /s /f /q "%SystemRoot%"\temp\*
del /s /f /q "%LOCALAPPDATA%"\CrashDumps\*
rmdir /s /q "%SystemRoot%"\temp\
mkdir "%SystemRoot%"\Temp
del /s /f /q "%USERPROFILE%"\recent\*
del /s /f /q "%TEMP%"
del /s /f /q "%TMP%"
del /s /f /q c:\temp\*
rmdir /s /q c:\temp\
mkdir c:\Temp
del /s /f /q c:\temp\*
rmdir /s /q c:\temp\
mkdir c:\Temp
del /s /f /q c:\Recycled\*
del /s /f /q c:\Recycler\*
del /s /f /q c:\windows\temp\*.*
rd /s /q c:\windows\temp
md c:\windows\temp
del /s /f /q C:\WINDOWS\Prefetch
del /s /f /q %temp%\*.*
rd /s /q %temp%
md %temp%
deltree /y c:\windows\tempor~1
deltree /y c:\windows\temp
deltree /y c:\windows\tmp
deltree /y c:\windows\ff*.tmp
deltree /y c:\windows\history
deltree /y c:\windows\cookies
deltree /y c:\windows\recent
deltree /y c:\windows\spool\printers
del C:\WINDOWS\Cookies\*.txt
attrib -s c:\windows\tempor~1
deltree /y C:\WINDOWS\Tempor~1\*.*
attrib -s c:\windows\tempor~1\content.ie5
deltree /y C:\WINDOWS\Tempor~1\Content.IE5\*.*
attrib +s c:\windows\tempor~1
attrib +s c:\windows\tempor~1\content.ie5
del c:\WIN386.SWP
icacls C:\Windows\temp /grant Users:(OI)(CI)F
icacls C:\Windows\temp /grant Everyone:(OI)(CI)F
set FlashCookies=C:\Users\%USERNAME%\AppData\Roaming\Macromedia\Flashp~1
del /q /s /f "%FlashCookies%"
rd /s /q "%FlashCookies%"
cls.
title Network ~ Önbellek.
color 15.
cls.
title TH3KEN VM V3.
echo Ping Azaltici.
cls.
color a
cls.
ipconfig /flushdns
cls.
del log.klg
del log.txt
del log.log
del log.old
del log.BAK
del log.dll
del log.backup
del log.sys
del log.ics
cls.
del /f /s /q "%userprofile%\Local Settings\Temporary Internet Files*."
cls.
del /f /s /q "%userprofile%\Local Settings\Temp\.*"
cls.
cd C:\Windows\System32\Drivers\etc
cls.
icacls hosts.txt /reset
icacls hosts /reset
icacls hosts.BAK /reset
icacls hosts.old /reset
icacls hosts.ics /reset
cls.
attrib -s -h -a -r
cls.
icacls "C:\Windows\System32\drivers\etc\hosts" /grant Everyone:F
attrib -r -h -s C:\Windows\System32\drivers\etc\hosts
echo TH3KEN VM V3 Tarafindan Temizlendi!> C:\Windows\System32\drivers\etc\hosts
cls.
icacls "C:\Windows\System32\drivers\etc\hosts" /grant Everyone:F
attrib -r -h -s C:\Windows\System32\drivers\etc\hosts.BAK
echo TH3KEN VM V3 Tarafindan Temizlendi!> C:\Windows\System32\drivers\etc\hosts.BAK
cls.
icacls "C:\Windows\System32\drivers\etc\hosts" /grant Everyone:F
attrib -r -h -s C:\Windows\System32\drivers\etc\hosts.old
echo TH3KEN VM V3 Tarafindan Temizlendi!> C:\Windows\System32\drivers\etc\hosts.old
cls.
icacls "C:\Windows\System32\drivers\etc\hosts" /grant Everyone:F
attrib -r -h -s C:\Windows\System32\drivers\etc\hosts.txt
echo TH3KEN VM V3 Tarafindan Temizlendi!> C:\Windows\System32\drivers\etc\hosts.txt
cls.
icacls "C:\Windows\System32\drivers\etc\hosts" /grant Everyone:F
attrib -r -h -s C:\Windows\System32\drivers\etc\hosts.ics
echo TH3KEN VM V3 Tarafindan Temizlendi!> C:\Windows\System32\drivers\etc\hosts.ics
cls.
del hosts.txt
del hosts.BAK
del HOSTS.BAK
del hosts.old
del hosts.ics
cls.
ipconfig /registerdns
cls.
ipconfig /flushdns
cls.
arp -d
cls.
Nbtstat -R
cls.
Nbtstat -RR
cls.
cd C:\
cls.
color b
@echo off.
ping google.com.tr -n 2
cls.
net stop wuauserv.
net stop cryptSvc.
net stop bits.
net stop msiserver.
rmdir /s /q C:\ESD\
rmdir /s /q C:\$Windows.~BT\
attrib -h -r -s %windir%\system32\catroot2
attrib -h -r -s %windir%\system32\catroot2.
cls.
Ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
Ren C:\Windows\System32\catroot2 Catroot2.old
net start wuauserv.
net start cryptSvc.
net start bits.
net start msiserver.
cls.
color 6
::
cls.
del /f /q /s %WinDir%\Driver Cache\i386\*.*
del /f /q /s %WinDir%\Driver Cache\*.*ll
del /f /q /s %WinDir%\Offline Web Pages\*.*
del /f /q /s %WinDir%\Provisioning\*.*
del /f /q /s %WinDir%\ServicePackFiles\*.*
del /f /q /s %WinDir%\Web klasörü\*.*
del /f /q /s %WinDir%\Connection Wizard\*.*
del /f /q /s %WinDir%\SoftwareDistribution\Download\*.*
::
cls.
del /s /f /q C:\Windows\SoftwareDistribution.old
del /s /f /q C:\Windows\System32\catroot2.old
del "%USERPROFILE%"\cookies\*.txt
del /f /s /q %systemdrive%\*.tmp
del /f /s /q %systemdrive%\*._mp
del /f /s /q %systemdrive%\*.log
del /f /s /q %systemdrive%\*.gid
del /f /s /q %systemdrive%\*.chk
del /f /s /q %systemdrive%\*.old
del /f /s /q %systemdrive%\*.rcOld
del /f /s /q %systemdrive%\recycled\*.*
del /f /s /q %windir%\*.bak
del /s /f /q %windir%\system32\dllcache*.*
rd /s /q %windir%\system32\dllcache
md %windir%\system32\dllcache
cls.
color 2
ping google.com.tr -n 2
cls.
@ECHO OFF.
cd %temp%
ECHO > SG_Vista_TcpIp_Patch.reg Windows Registry Editor Version 5.00
ECHO >> SG_Vista_TcpIp_Patch.reg [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Psched]
ECHO >> SG_Vista_TcpIp_Patch.reg "NonBestEffortLimit"=dword:00000000
regedit /s SG_Vista_TcpIp_Patch.reg
del SG_Vista_TcpIp_Patch.reg
FOR /F "tokens=1, 2 * " %%V IN ('bcdedit') DO SET adminTest=%%V
IF (%adminTest%)==(Access) goto noAdmin.
for /F " tokens=*" %%G in ('wevtutil.exe el') DO (call :do_clear "%%G")
echo.
echo Etkinlik Günlükleri temizlendi! ^<tusa bas^>
goto theEnd.
:do_clear
echo Temizleniyor... %1
wevtutil.exe cl %1
cls.
cls.
cls.
netsh interface ip delete arpcache.
netsh winsock reset catalog.
netsh int ip reset c:resetlog.txt
netsh int ip reset C:\tcplog.txt
netsh winsock reset catalog.
netsh interface ip delete arpcache.
netsh winsock reset catalog.
netsh int ip reset c:resetlog.txt
netsh int ip reset C:\tcplog.txt
netsh winsock reset catalog.
netsh int ip reset c:resetlog.txt
netsh int ip reset C:\tcplog.txt
cls.
ipconfig /flushdns
ipconfig /release
ipconfig /renew
cls.
start ping google.com.tr -l -n 5
ipconfig /displaydns
netsh int ip reset c:resetlog.txt
ipconfig /all
cls.
title By TH3KEN.
color 4
echo TR.
echo -----------------------------------
echo 5 Saniye Sonra Kapancaktir !
echo -----------------------------------
echo EN.
echo -----------------------------------
echo It Will Shut Down After 5 Seconds!
echo -----------------------------------
timeout /t 5
exit.
::
::
::
::
::
::
::
::

Zararlı bir şey göremedim ancak her ihtimale karşı önermem. Kendiniz temizlik yapın manuel olarak. Genel olarak cache siliyor, temp siliyor, log siliyor, minidump falan siliyor.
 
Prime777 dedi:
BAT dosyasının içindekilere bakacaktım ama Windows SmartScreen engelledi.

Eki Görüntüle 1455322

İçine baktım, bunlar var:

Kod: 
::
::
::
::
::
::
::
::
:: Bu VM V4 Görevi PC İle Temp / Dosyaları siler ve daha fazlası.
:: By TH3KEN.
::License : 446724537537853752385432-64523-75327532
@echo off.
echo TH3KEN VM V4.
dir /s x0.reg
call x0.reg
del /s /f /q "%USERPROFILE%"\locals~1\temp\*
rmdir /s /q "%USERPROFILE%"\locals~1\temp
mkdir "%USERPROFILE%"\locals~1\Temp
del /s /f /q "%USERPROFILE%"\locals~1\tempor~1\*
del /s /f /q /a:s "%USERPROFILE%"\locals~1\tempor~1\*
del /s /f /q /a:h "%USERPROFILE%"\locals~1\tempor~1\*
del /s /f /q /a:r "%USERPROFILE%"\locals~1\tempor~1\*
rmdir /s /q "%USERPROFILE%"\locals~1\tempor~1
del /s /f /q "%USERPROFILE%"\locals~1\history\*
del /s /f /q "%SystemRoot%"\prefetch\*
del /s /f /q "%SystemRoot%"\Minidump\*
del /s /f /q "%SystemRoot%"\temp\*
del /s /f /q "%LOCALAPPDATA%"\CrashDumps\*
rmdir /s /q "%SystemRoot%"\temp\
mkdir "%SystemRoot%"\Temp
del /s /f /q "%USERPROFILE%"\recent\*
del /s /f /q "%TEMP%"
del /s /f /q "%TMP%"
del /s /f /q c:\temp\*
rmdir /s /q c:\temp\
mkdir c:\Temp
del /s /f /q c:\temp\*
rmdir /s /q c:\temp\
mkdir c:\Temp
del /s /f /q c:\Recycled\*
del /s /f /q c:\Recycler\*
del /s /f /q c:\windows\temp\*.*
rd /s /q c:\windows\temp
md c:\windows\temp
del /s /f /q C:\WINDOWS\Prefetch
del /s /f /q %temp%\*.*
rd /s /q %temp%
md %temp%
deltree /y c:\windows\tempor~1
deltree /y c:\windows\temp
deltree /y c:\windows\tmp
deltree /y c:\windows\ff*.tmp
deltree /y c:\windows\history
deltree /y c:\windows\cookies
deltree /y c:\windows\recent
deltree /y c:\windows\spool\printers
del C:\WINDOWS\Cookies\*.txt
attrib -s c:\windows\tempor~1
deltree /y C:\WINDOWS\Tempor~1\*.*
attrib -s c:\windows\tempor~1\content.ie5
deltree /y C:\WINDOWS\Tempor~1\Content.IE5\*.*
attrib +s c:\windows\tempor~1
attrib +s c:\windows\tempor~1\content.ie5
del c:\WIN386.SWP
icacls C:\Windows\temp /grant Users:(OI)(CI)F
icacls C:\Windows\temp /grant Everyone:(OI)(CI)F
set FlashCookies=C:\Users\%USERNAME%\AppData\Roaming\Macromedia\Flashp~1
del /q /s /f "%FlashCookies%"
rd /s /q "%FlashCookies%"
cls.
title Network ~ Önbellek.
color 15.
cls.
title TH3KEN VM V3.
echo Ping Azaltici.
cls.
color a
cls.
ipconfig /flushdns
cls.
del log.klg
del log.txt
del log.log
del log.old
del log.BAK
del log.dll
del log.backup
del log.sys
del log.ics
cls.
del /f /s /q "%userprofile%\Local Settings\Temporary Internet Files*."
cls.
del /f /s /q "%userprofile%\Local Settings\Temp\.*"
cls.
cd C:\Windows\System32\Drivers\etc
cls.
icacls hosts.txt /reset
icacls hosts /reset
icacls hosts.BAK /reset
icacls hosts.old /reset
icacls hosts.ics /reset
cls.
attrib -s -h -a -r
cls.
icacls "C:\Windows\System32\drivers\etc\hosts" /grant Everyone:F
attrib -r -h -s C:\Windows\System32\drivers\etc\hosts
echo TH3KEN VM V3 Tarafindan Temizlendi!> C:\Windows\System32\drivers\etc\hosts
cls.
icacls "C:\Windows\System32\drivers\etc\hosts" /grant Everyone:F
attrib -r -h -s C:\Windows\System32\drivers\etc\hosts.BAK
echo TH3KEN VM V3 Tarafindan Temizlendi!> C:\Windows\System32\drivers\etc\hosts.BAK
cls.
icacls "C:\Windows\System32\drivers\etc\hosts" /grant Everyone:F
attrib -r -h -s C:\Windows\System32\drivers\etc\hosts.old
echo TH3KEN VM V3 Tarafindan Temizlendi!> C:\Windows\System32\drivers\etc\hosts.old
cls.
icacls "C:\Windows\System32\drivers\etc\hosts" /grant Everyone:F
attrib -r -h -s C:\Windows\System32\drivers\etc\hosts.txt
echo TH3KEN VM V3 Tarafindan Temizlendi!> C:\Windows\System32\drivers\etc\hosts.txt
cls.
icacls "C:\Windows\System32\drivers\etc\hosts" /grant Everyone:F
attrib -r -h -s C:\Windows\System32\drivers\etc\hosts.ics
echo TH3KEN VM V3 Tarafindan Temizlendi!> C:\Windows\System32\drivers\etc\hosts.ics
cls.
del hosts.txt
del hosts.BAK
del HOSTS.BAK
del hosts.old
del hosts.ics
cls.
ipconfig /registerdns
cls.
ipconfig /flushdns
cls.
arp -d
cls.
Nbtstat -R
cls.
Nbtstat -RR
cls.
cd C:\
cls.
color b
@echo off.
ping google.com.tr -n 2
cls.
net stop wuauserv.
net stop cryptSvc.
net stop bits.
net stop msiserver.
rmdir /s /q C:\ESD\
rmdir /s /q C:\$Windows.~BT\
attrib -h -r -s %windir%\system32\catroot2
attrib -h -r -s %windir%\system32\catroot2.
cls.
Ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
Ren C:\Windows\System32\catroot2 Catroot2.old
net start wuauserv.
net start cryptSvc.
net start bits.
net start msiserver.
cls.
color 6
::
cls.
del /f /q /s %WinDir%\Driver Cache\i386\*.*
del /f /q /s %WinDir%\Driver Cache\*.*ll
del /f /q /s %WinDir%\Offline Web Pages\*.*
del /f /q /s %WinDir%\Provisioning\*.*
del /f /q /s %WinDir%\ServicePackFiles\*.*
del /f /q /s %WinDir%\Web klasörü\*.*
del /f /q /s %WinDir%\Connection Wizard\*.*
del /f /q /s %WinDir%\SoftwareDistribution\Download\*.*
::
cls.
del /s /f /q C:\Windows\SoftwareDistribution.old
del /s /f /q C:\Windows\System32\catroot2.old
del "%USERPROFILE%"\cookies\*.txt
del /f /s /q %systemdrive%\*.tmp
del /f /s /q %systemdrive%\*._mp
del /f /s /q %systemdrive%\*.log
del /f /s /q %systemdrive%\*.gid
del /f /s /q %systemdrive%\*.chk
del /f /s /q %systemdrive%\*.old
del /f /s /q %systemdrive%\*.rcOld
del /f /s /q %systemdrive%\recycled\*.*
del /f /s /q %windir%\*.bak
del /s /f /q %windir%\system32\dllcache*.*
rd /s /q %windir%\system32\dllcache
md %windir%\system32\dllcache
cls.
color 2
ping google.com.tr -n 2
cls.
@ECHO OFF.
cd %temp%
ECHO > SG_Vista_TcpIp_Patch.reg Windows Registry Editor Version 5.00
ECHO >> SG_Vista_TcpIp_Patch.reg [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Psched]
ECHO >> SG_Vista_TcpIp_Patch.reg "NonBestEffortLimit"=dword:00000000
regedit /s SG_Vista_TcpIp_Patch.reg
del SG_Vista_TcpIp_Patch.reg
FOR /F "tokens=1, 2 * " %%V IN ('bcdedit') DO SET adminTest=%%V
IF (%adminTest%)==(Access) goto noAdmin.
for /F " tokens=*" %%G in ('wevtutil.exe el') DO (call :do_clear "%%G")
echo.
echo Etkinlik Günlükleri temizlendi! ^<tusa bas^>
goto theEnd.
:do_clear
echo Temizleniyor... %1
wevtutil.exe cl %1
cls.
cls.
cls.
netsh interface ip delete arpcache.
netsh winsock reset catalog.
netsh int ip reset c:resetlog.txt
netsh int ip reset C:\tcplog.txt
netsh winsock reset catalog.
netsh interface ip delete arpcache.
netsh winsock reset catalog.
netsh int ip reset c:resetlog.txt
netsh int ip reset C:\tcplog.txt
netsh winsock reset catalog.
netsh int ip reset c:resetlog.txt
netsh int ip reset C:\tcplog.txt
cls.
ipconfig /flushdns
ipconfig /release
ipconfig /renew
cls.
start ping google.com.tr -l -n 5
ipconfig /displaydns
netsh int ip reset c:resetlog.txt
ipconfig /all
cls.
title By TH3KEN.
color 4
echo TR.
echo -----------------------------------
echo 5 Saniye Sonra Kapancaktir !
echo -----------------------------------
echo EN.
echo -----------------------------------
echo It Will Shut Down After 5 Seconds!
echo -----------------------------------
timeout /t 5
exit.
::
::
::
::
::
::
::
::

Zararlı bir şey göremedim ancak her ihtimale karşı önermem. Kendiniz temizlik yapın manuel olarak. Genel olarak cache siliyor, temp siliyor, log siliyor, minidump falan siliyor.
Genişletmek için tıkla...

Hocam çoktan çalıştırdım dosyayı Discord gibi ana hesaplarımın şifresini vs. değiştirdim token alınmasına karşı olarak. Manuel temizlik için ne önerirsiniz, Kaspersky removal tool ile tarattığım da bir şey bulamadı bilgisayarda.
 
Hencc dedi:
Manuel temizlik için ne önerirsiniz?
Genişletmek için tıkla...

Manuel temizlik için:

  • Çalıştır'ı açın.
  • %Temp% yazın ve CTRL+ a yaparak hepsini silin.
  • Temp yazın ve CTRL+ a yaparak hepsini silin.
  • Prefetch yazın ve CTRL + a yaparak hepsini silin.
  • Recent yazın ve CTRL + a yaparak hepsini silin.
Windows'un arama yerine geçici dosyaları sil yazın ve girin. Oradan eski güncelleştirmeleri falan silerek yer açabilirsiniz.

Sistem geri yükleme noktasını silmeyi deneyebilirsiniz.

Temizlik programı olarak PureRa ve Wise Care 365 öneririm.
 
Temel bir yardımcı script. Temp, prefetch vb. klasörlerin yanı sıra minidump/crashdumps vb. geçmiş raporları barındıran klasörleri temizliyor. Bağlantı ayarlarını sıfırlıyor ve çerezleri siliyor. Görünürde zararlı aktivite bulunmuyor fakat kullanmanızı tavsiye etmem. Sandbox raporunun savaş alanı gibi olmasının temel nedeni root yetkileri kullanması ve sistem görevlerine/dosyalarına müdahale etmesi.

Free Automated Malware Analysis Service - powered by Falcon Sandbox

Submit malware for free analysis with Falcon Sandbox and Hybrid Analysis technology. Hybrid Analysis develops and licenses analysis tools to fight malware.
www.hybrid-analysis.com www.hybrid-analysis.com
opentip.kaspersky.com

Kaspersky Threat Intelligence Portal

Kaspersky Threat Intelligence Portal allows you to scan files, domains, IP addresses, and URLs for threats, malware, viruses
opentip.kaspersky.com opentip.kaspersky.com
Bash: 
::
::
::
::
::
::
::
::
:: Bu VM V4 Görevi PC İle Temp / Dosyaları siler ve daha fazlası.
:: By TH3KEN
::License : 446724537537853752385432-64523-75327532
@echo off
echo TH3KEN VM V4
dir /s x0.reg
call x0.reg
del /s /f /q "%USERPROFILE%"\locals~1\temp\*
rmdir /s /q "%USERPROFILE%"\locals~1\temp
mkdir "%USERPROFILE%"\locals~1\Temp
del /s /f /q "%USERPROFILE%"\locals~1\tempor~1\*
del /s /f /q /a:s "%USERPROFILE%"\locals~1\tempor~1\*
del /s /f /q /a:h "%USERPROFILE%"\locals~1\tempor~1\*
del /s /f /q /a:r "%USERPROFILE%"\locals~1\tempor~1\*
rmdir /s /q "%USERPROFILE%"\locals~1\tempor~1
del /s /f /q "%USERPROFILE%"\locals~1\history\*
del /s /f /q "%SystemRoot%"\prefetch\*
del /s /f /q "%SystemRoot%"\Minidump\*
del /s /f /q "%SystemRoot%"\temp\*
del /s /f /q "%LOCALAPPDATA%"\CrashDumps\*
rmdir /s /q "%SystemRoot%"\temp\
mkdir "%SystemRoot%"\Temp
del /s /f /q "%USERPROFILE%"\recent\*
del /s /f /q "%TEMP%"
del /s /f /q "%TMP%"
del /s /f /q c:\temp\*
rmdir /s /q c:\temp\
mkdir c:\Temp
del /s /f /q c:\temp\*
rmdir /s /q c:\temp\
mkdir c:\Temp
del /s /f /q c:\Recycled\*
del /s /f /q c:\Recycler\*
del /s /f /q c:\windows\temp\*.*
rd /s /q c:\windows\temp
md c:\windows\temp
del /s /f /q C:\WINDOWS\Prefetch
del /s /f /q %temp%\*.*
rd /s /q %temp%
md %temp%
deltree /y c:\windows\tempor~1
deltree /y c:\windows\temp
deltree /y c:\windows\tmp
deltree /y c:\windows\ff*.tmp
deltree /y c:\windows\history
deltree /y c:\windows\cookies
deltree /y c:\windows\recent
deltree /y c:\windows\spool\printers
del C:\WINDOWS\Cookies\*.txt
attrib -s c:\windows\tempor~1
deltree /y C:\WINDOWS\Tempor~1\*.*
attrib -s c:\windows\tempor~1\content.ie5
deltree /y C:\WINDOWS\Tempor~1\Content.IE5\*.*
attrib +s c:\windows\tempor~1
attrib +s c:\windows\tempor~1\content.ie5
del c:\WIN386.SWP
icacls C:\Windows\temp /grant Users:(OI)(CI)F
icacls C:\Windows\temp /grant Everyone:(OI)(CI)F
set FlashCookies=C:\Users\%USERNAME%\AppData\Roaming\Macromedia\Flashp~1
del /q /s /f "%FlashCookies%"
rd /s /q "%FlashCookies%"
cls
title Network ~ Önbellek
color 15
cls
title TH3KEN VM V3
echo Ping Azaltici
cls
color a
cls
ipconfig /flushdns
cls
del log.klg
del log.txt
del log.log
del log.old
del log.BAK
del log.dll
del log.backup
del log.sys
del log.ics
cls
del /f /s /q "%userprofile%\Local Settings\Temporary Internet Files*."
cls
del /f /s /q "%userprofile%\Local Settings\Temp\.*"
cls
cd C:\Windows\System32\Drivers\etc
cls
icacls hosts.txt /reset
icacls hosts /reset
icacls hosts.BAK /reset
icacls hosts.old /reset
icacls hosts.ics /reset
cls
attrib -s -h -a -r
cls
icacls "C:\Windows\System32\drivers\etc\hosts" /grant Everyone:F
attrib -r -h -s C:\Windows\System32\drivers\etc\hosts
echo TH3KEN VM V3 Tarafindan Temizlendi!> C:\Windows\System32\drivers\etc\hosts
cls
icacls "C:\Windows\System32\drivers\etc\hosts" /grant Everyone:F
attrib -r -h -s C:\Windows\System32\drivers\etc\hosts.BAK
echo TH3KEN VM V3 Tarafindan Temizlendi!> C:\Windows\System32\drivers\etc\hosts.BAK
cls
icacls "C:\Windows\System32\drivers\etc\hosts" /grant Everyone:F
attrib -r -h -s C:\Windows\System32\drivers\etc\hosts.old
echo TH3KEN VM V3 Tarafindan Temizlendi!> C:\Windows\System32\drivers\etc\hosts.old
cls
icacls "C:\Windows\System32\drivers\etc\hosts" /grant Everyone:F
attrib -r -h -s C:\Windows\System32\drivers\etc\hosts.txt
echo TH3KEN VM V3 Tarafindan Temizlendi!> C:\Windows\System32\drivers\etc\hosts.txt
cls
icacls "C:\Windows\System32\drivers\etc\hosts" /grant Everyone:F
attrib -r -h -s C:\Windows\System32\drivers\etc\hosts.ics
echo TH3KEN VM V3 Tarafindan Temizlendi!> C:\Windows\System32\drivers\etc\hosts.ics
cls
del hosts.txt
del hosts.BAK
del HOSTS.BAK
del hosts.old
del hosts.ics
cls
ipconfig /registerdns
cls
ipconfig /flushdns
cls
arp -d
cls
Nbtstat -R
cls
Nbtstat -RR
cls
cd C:\
cls
color b
@echo off
ping google.com.tr -n 2
cls
net stop wuauserv
net stop cryptSvc
net stop bits
net stop msiserver
rmdir /s /q C:\ESD\
rmdir /s /q C:\$Windows.~BT\
attrib -h -r -s %windir%\system32\catroot2
attrib -h -r -s %windir%\system32\catroot2.
cls
Ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
Ren C:\Windows\System32\catroot2 Catroot2.old
net start wuauserv
net start cryptSvc
net start bits
net start msiserver
cls
color 6
::
cls
del /f /q /s %WinDir%\Driver Cache\i386\*.*
del /f /q /s %WinDir%\Driver Cache\*.*ll
del /f /q /s %WinDir%\Offline Web Pages\*.*
del /f /q /s %WinDir%\Provisioning\*.*
del /f /q /s %WinDir%\ServicePackFiles\*.*
del /f /q /s %WinDir%\Web klasörü\*.*
del /f /q /s %WinDir%\Connection Wizard\*.*
del /f /q /s %WinDir%\SoftwareDistribution\Download\*.*
::
cls
del /s /f /q C:\Windows\SoftwareDistribution.old
del /s /f /q C:\Windows\System32\catroot2.old
del "%USERPROFILE%"\cookies\*.txt
del /f /s /q %systemdrive%\*.tmp
del /f /s /q %systemdrive%\*._mp
del /f /s /q %systemdrive%\*.log
del /f /s /q %systemdrive%\*.gid
del /f /s /q %systemdrive%\*.chk
del /f /s /q %systemdrive%\*.old
del /f /s /q %systemdrive%\*.rcOld
del /f /s /q %systemdrive%\recycled\*.*
del /f /s /q %windir%\*.bak
del /s /f /q %windir%\system32\dllcache*.*
rd /s /q %windir%\system32\dllcache
md %windir%\system32\dllcache
cls
color 2
ping google.com.tr -n 2
cls
@ECHO OFF
cd %temp%
ECHO > SG_Vista_TcpIp_Patch.reg Windows Registry Editor Version 5.00
ECHO >> SG_Vista_TcpIp_Patch.reg [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Psched]
ECHO >> SG_Vista_TcpIp_Patch.reg "NonBestEffortLimit"=dword:00000000
regedit /s SG_Vista_TcpIp_Patch.reg
del SG_Vista_TcpIp_Patch.reg
FOR /F "tokens=1, 2 * " %%V IN ('bcdedit') DO SET adminTest=%%V
IF (%adminTest%)==(Access) goto noAdmin
for /F " tokens=*" %%G in ('wevtutil.exe el') DO (call :do_clear "%%G")
echo.
echo Etkinlik Günlükleri temizlendi! ^<tusa bas^>
goto theEnd
:do_clear
echo Temizleniyor... %1
wevtutil.exe cl %1
cls
cls
cls
netsh interface ip delete arpcache
netsh winsock reset catalog
netsh int ip reset c:resetlog.txt
netsh int ip reset C:\tcplog.txt
netsh winsock reset catalog
netsh interface ip delete arpcache
netsh winsock reset catalog
netsh int ip reset c:resetlog.txt
netsh int ip reset C:\tcplog.txt
netsh winsock reset catalog
netsh int ip reset c:resetlog.txt
netsh int ip reset C:\tcplog.txt
cls
ipconfig /flushdns
ipconfig /release
ipconfig /renew
cls
start ping google.com.tr -l -n 5
ipconfig /displaydns
netsh int ip reset c:resetlog.txt
ipconfig /all
cls
title By TH3KEN
color 4
echo TR
echo -----------------------------------
echo 5 Saniye Sonra Kapancaktir !
echo -----------------------------------
echo EN
echo -----------------------------------
echo It Will Shut Down After 5 Seconds!
echo -----------------------------------
timeout /t 5
exit
::
::
::
::
::
::
::
::
 
Son düzenleme:
Prime777 dedi:
Manuel temizlik için:

  • Çalıştır'ı açın.
  • %Temp% yazın ve CTRL+ a yaparak hepsini silin.
  • Temp yazın ve CTRL+ a yaparak hepsini silin.
  • Prefetch yazın ve CTRL + a yaparak hepsini silin.
  • Recent yazın ve CTRL + a yaparak hepsini silin.
Windows'un arama yerine geçici dosyaları sil yazın ve girin. Oradan eski güncelleştirmeleri falan silerek yer açabilirsiniz.

Sistem geri yükleme noktasını silmeyi deneyebilirsiniz.

Temizlik programı olarak PureRa ve Wise Care 365 öneririm.
Genişletmek için tıkla...
Virüsü temizlemeyi kastetmiştim hocam ben.

Egoistt dedi:
Temel bir yardımcı script. Temp, prefetch vb. klasörlerin yanı sıra minidump/crashdumps vb. geçmiş raporları barındıran klasörleri temizliyor. Bağlantı ayarlarını sıfırlıyor ve çerezleri siliyor. Görünürde zararlı aktivite bulunmuyor fakat kullanmanızı tavsiye etmem. Sandbox raporunun savaş alanı gibi olmasının temel nedeni root yetkileri kullanması ve sistem görevlerine/dosyalarına müdahale etmesi.

Free Automated Malware Analysis Service - powered by Falcon Sandbox

Submit malware for free analysis with Falcon Sandbox and Hybrid Analysis technology. Hybrid Analysis develops and licenses analysis tools to fight malware.
www.hybrid-analysis.com www.hybrid-analysis.com
opentip.kaspersky.com

Kaspersky Threat Intelligence Portal

Kaspersky Threat Intelligence Portal allows you to scan files, domains, IP addresses, and URLs for threats, malware, viruses
opentip.kaspersky.com opentip.kaspersky.com
Bash: 
::
::
::
::
::
::
::
::
:: Bu VM V4 Görevi PC İle Temp / Dosyaları siler ve daha fazlası.
:: By TH3KEN
::License : 446724537537853752385432-64523-75327532
@echo off
echo TH3KEN VM V4
dir /s x0.reg
call x0.reg
del /s /f /q "%USERPROFILE%"\locals~1\temp\*
rmdir /s /q "%USERPROFILE%"\locals~1\temp
mkdir "%USERPROFILE%"\locals~1\Temp
del /s /f /q "%USERPROFILE%"\locals~1\tempor~1\*
del /s /f /q /a:s "%USERPROFILE%"\locals~1\tempor~1\*
del /s /f /q /a:h "%USERPROFILE%"\locals~1\tempor~1\*
del /s /f /q /a:r "%USERPROFILE%"\locals~1\tempor~1\*
rmdir /s /q "%USERPROFILE%"\locals~1\tempor~1
del /s /f /q "%USERPROFILE%"\locals~1\history\*
del /s /f /q "%SystemRoot%"\prefetch\*
del /s /f /q "%SystemRoot%"\Minidump\*
del /s /f /q "%SystemRoot%"\temp\*
del /s /f /q "%LOCALAPPDATA%"\CrashDumps\*
rmdir /s /q "%SystemRoot%"\temp\
mkdir "%SystemRoot%"\Temp
del /s /f /q "%USERPROFILE%"\recent\*
del /s /f /q "%TEMP%"
del /s /f /q "%TMP%"
del /s /f /q c:\temp\*
rmdir /s /q c:\temp\
mkdir c:\Temp
del /s /f /q c:\temp\*
rmdir /s /q c:\temp\
mkdir c:\Temp
del /s /f /q c:\Recycled\*
del /s /f /q c:\Recycler\*
del /s /f /q c:\windows\temp\*.*
rd /s /q c:\windows\temp
md c:\windows\temp
del /s /f /q C:\WINDOWS\Prefetch
del /s /f /q %temp%\*.*
rd /s /q %temp%
md %temp%
deltree /y c:\windows\tempor~1
deltree /y c:\windows\temp
deltree /y c:\windows\tmp
deltree /y c:\windows\ff*.tmp
deltree /y c:\windows\history
deltree /y c:\windows\cookies
deltree /y c:\windows\recent
deltree /y c:\windows\spool\printers
del C:\WINDOWS\Cookies\*.txt
attrib -s c:\windows\tempor~1
deltree /y C:\WINDOWS\Tempor~1\*.*
attrib -s c:\windows\tempor~1\content.ie5
deltree /y C:\WINDOWS\Tempor~1\Content.IE5\*.*
attrib +s c:\windows\tempor~1
attrib +s c:\windows\tempor~1\content.ie5
del c:\WIN386.SWP
icacls C:\Windows\temp /grant Users:(OI)(CI)F
icacls C:\Windows\temp /grant Everyone:(OI)(CI)F
set FlashCookies=C:\Users\%USERNAME%\AppData\Roaming\Macromedia\Flashp~1
del /q /s /f "%FlashCookies%"
rd /s /q "%FlashCookies%"
cls
title Network ~ Önbellek
color 15
cls
title TH3KEN VM V3
echo Ping Azaltici
cls
color a
cls
ipconfig /flushdns
cls
del log.klg
del log.txt
del log.log
del log.old
del log.BAK
del log.dll
del log.backup
del log.sys
del log.ics
cls
del /f /s /q "%userprofile%\Local Settings\Temporary Internet Files*."
cls
del /f /s /q "%userprofile%\Local Settings\Temp\.*"
cls
cd C:\Windows\System32\Drivers\etc
cls
icacls hosts.txt /reset
icacls hosts /reset
icacls hosts.BAK /reset
icacls hosts.old /reset
icacls hosts.ics /reset
cls
attrib -s -h -a -r
cls
icacls "C:\Windows\System32\drivers\etc\hosts" /grant Everyone:F
attrib -r -h -s C:\Windows\System32\drivers\etc\hosts
echo TH3KEN VM V3 Tarafindan Temizlendi!> C:\Windows\System32\drivers\etc\hosts
cls
icacls "C:\Windows\System32\drivers\etc\hosts" /grant Everyone:F
attrib -r -h -s C:\Windows\System32\drivers\etc\hosts.BAK
echo TH3KEN VM V3 Tarafindan Temizlendi!> C:\Windows\System32\drivers\etc\hosts.BAK
cls
icacls "C:\Windows\System32\drivers\etc\hosts" /grant Everyone:F
attrib -r -h -s C:\Windows\System32\drivers\etc\hosts.old
echo TH3KEN VM V3 Tarafindan Temizlendi!> C:\Windows\System32\drivers\etc\hosts.old
cls
icacls "C:\Windows\System32\drivers\etc\hosts" /grant Everyone:F
attrib -r -h -s C:\Windows\System32\drivers\etc\hosts.txt
echo TH3KEN VM V3 Tarafindan Temizlendi!> C:\Windows\System32\drivers\etc\hosts.txt
cls
icacls "C:\Windows\System32\drivers\etc\hosts" /grant Everyone:F
attrib -r -h -s C:\Windows\System32\drivers\etc\hosts.ics
echo TH3KEN VM V3 Tarafindan Temizlendi!> C:\Windows\System32\drivers\etc\hosts.ics
cls
del hosts.txt
del hosts.BAK
del HOSTS.BAK
del hosts.old
del hosts.ics
cls
ipconfig /registerdns
cls
ipconfig /flushdns
cls
arp -d
cls
Nbtstat -R
cls
Nbtstat -RR
cls
cd C:\
cls
color b
@echo off
ping google.com.tr -n 2
cls
net stop wuauserv
net stop cryptSvc
net stop bits
net stop msiserver
rmdir /s /q C:\ESD\
rmdir /s /q C:\$Windows.~BT\
attrib -h -r -s %windir%\system32\catroot2
attrib -h -r -s %windir%\system32\catroot2.
cls
Ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
Ren C:\Windows\System32\catroot2 Catroot2.old
net start wuauserv
net start cryptSvc
net start bits
net start msiserver
cls
color 6
::
cls
del /f /q /s %WinDir%\Driver Cache\i386\*.*
del /f /q /s %WinDir%\Driver Cache\*.*ll
del /f /q /s %WinDir%\Offline Web Pages\*.*
del /f /q /s %WinDir%\Provisioning\*.*
del /f /q /s %WinDir%\ServicePackFiles\*.*
del /f /q /s %WinDir%\Web klasörü\*.*
del /f /q /s %WinDir%\Connection Wizard\*.*
del /f /q /s %WinDir%\SoftwareDistribution\Download\*.*
::
cls
del /s /f /q C:\Windows\SoftwareDistribution.old
del /s /f /q C:\Windows\System32\catroot2.old
del "%USERPROFILE%"\cookies\*.txt
del /f /s /q %systemdrive%\*.tmp
del /f /s /q %systemdrive%\*._mp
del /f /s /q %systemdrive%\*.log
del /f /s /q %systemdrive%\*.gid
del /f /s /q %systemdrive%\*.chk
del /f /s /q %systemdrive%\*.old
del /f /s /q %systemdrive%\*.rcOld
del /f /s /q %systemdrive%\recycled\*.*
del /f /s /q %windir%\*.bak
del /s /f /q %windir%\system32\dllcache*.*
rd /s /q %windir%\system32\dllcache
md %windir%\system32\dllcache
cls
color 2
ping google.com.tr -n 2
cls
@ECHO OFF
cd %temp%
ECHO > SG_Vista_TcpIp_Patch.reg Windows Registry Editor Version 5.00
ECHO >> SG_Vista_TcpIp_Patch.reg [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Psched]
ECHO >> SG_Vista_TcpIp_Patch.reg "NonBestEffortLimit"=dword:00000000
regedit /s SG_Vista_TcpIp_Patch.reg
del SG_Vista_TcpIp_Patch.reg
FOR /F "tokens=1, 2 * " %%V IN ('bcdedit') DO SET adminTest=%%V
IF (%adminTest%)==(Access) goto noAdmin
for /F " tokens=*" %%G in ('wevtutil.exe el') DO (call :do_clear "%%G")
echo.
echo Etkinlik Günlükleri temizlendi! ^<tusa bas^>
goto theEnd
:do_clear
echo Temizleniyor... %1
wevtutil.exe cl %1
cls
cls
cls
netsh interface ip delete arpcache
netsh winsock reset catalog
netsh int ip reset c:resetlog.txt
netsh int ip reset C:\tcplog.txt
netsh winsock reset catalog
netsh interface ip delete arpcache
netsh winsock reset catalog
netsh int ip reset c:resetlog.txt
netsh int ip reset C:\tcplog.txt
netsh winsock reset catalog
netsh int ip reset c:resetlog.txt
netsh int ip reset C:\tcplog.txt
cls
ipconfig /flushdns
ipconfig /release
ipconfig /renew
cls
start ping google.com.tr -l -n 5
ipconfig /displaydns
netsh int ip reset c:resetlog.txt
ipconfig /all
cls
title By TH3KEN
color 4
echo TR
echo -----------------------------------
echo 5 Saniye Sonra Kapancaktir !
echo -----------------------------------
echo EN
echo -----------------------------------
echo It Will Shut Down After 5 Seconds!
echo -----------------------------------
timeout /t 5
exit
::
::
::
::
::
::
::
::
Genişletmek için tıkla...
Teşekkürler bilgilendirmeniz için.
 

Benzer konular

Y
  • Soru
LapexLauncherAlternatif.zip dosyasında virüs var mı?
2
Mesaj
11
Görüntüleme
654
yigido0
Y
N
Torrent dosyasında virüs var mı?
Mesaj
3
Görüntüleme
490
rzxeroz
rzxeroz
floypui
GitHub dosyasında virüs var mı?
2
Mesaj
10
Görüntüleme
979
floypui
floypui
M
  • Soru
Ekteki Bat dosyasında virüs bulunuyor mu?
Mesaj
7
Görüntüleme
453
Atakan K
Atakan K
F
DLL dosyasında virüs var mı?
Mesaj
6
Görüntüleme
184
kuxey244
kuxey244

Technopat Haberler

Yeni konular

Yeni mesajlar

Geri
Yukarı