Self-made control process and control boot-up batch processing (ntsd mandatory end version)


Automatic End Forced Intelligent End.vbs

VBS mainly plays the role of running bat and transmitting data

Copy codeThe code is as follows:
set wshshell=createobject(“”) “Targeted process management.bat”
wscript.sleep 2000

for x=1 to 30
wscript.sleep 1000
wshshell.sendkeys “{enter 3}”

Targeted process management. bat

Copy codeThe code is as follows:
@echo off&setlocal enabledelayedexpansion
ping -n 3 127.0>nul
if exist tem.txt del /f /q tem.txt
Echo. The selection process is in progress….
echo>>tem.txt explorer.exe
echo>>tem.txt System Idle Process
echo>>tem.txt System
echo>>tem.txt smss.exe
echo>>tem.txt csrss.exe
echo>>tem.txt winlogon.exe
echo>>tem.txt services.exe
echo>>tem.txt TheWorld.exe
echo>>tem.txt lsass.exe
echo>>tem.txt svchost.exe
echo>>tem.txt spoolsv.exe
echo>>tem.txt alg.exe
echo>>tem.txt ctfmon.exe
echo>>tem.txt ekrn.exe
echo>>tem.txt wdfmgr.exe
echo>>tem.txt 360tray.exe
echo>>tem.txt egui.exe
echo>>tem.txt wmiprvse.exe
echo>>tem.txt QQ.exe
echo>>tem.txt cmd.exe
echo>>tem.txt IEXPLORE.EXE
echo>>tem.txt TXPlatform.exe
echo>>tem.txt tasklist.exe
echo>>tem.txt conime.exe
echo>>tem.txt safeboxTray.exe
echo>>tem.txt wscript.exe
for /f “eol= tokens=1,2 delims=,” %%i in (‘tasklist /nh /fo csv’) do (
findstr /i /x %%i tem.txt >nul
if errorlevel 1 (
echo =============================================================
echo =============================================================
Echo%% I is located in the following path
wmic process where processid=%%j get executablepath|findstr /v /i “executablepath”
ntsd -c q -p %%j 1>nul 2>nul
ping -n 1 127.0>nul
tasklist|findstr /i %%i >nul
if errorlevel 1 (
Echo% I has been completely successful
) else (
The echo% I hasn’t completely ended. It’s supposed to be a rogue program.
Deltem.txt & echo finish the process task basically
taskkill /f /im wscript.exe
Mshta vbscript: msgbox (“My job is done! See the details, “Brush Selection Process” (window. close)
taskkill /f /im cmd.exe