Solve : Killing 'Nircmd.com' what does this mean?? – InterviewSolution

InterviewSolution

1.	Solve : Killing 'Nircmd.com' what does this mean??
Answer» Killing 'Nircmd.com' PUSHD "C:\32788R22FWJFW\" IF NOT EXIST C:\Windows\system32\cmd.exe GOTO Not_NT VER 1>OsVer "C:\Windows\system32\Find.exe" "5.2." OsVer ---------- OSVER IF 1 == 0 GOTO Not_NT "C:\Windows\system32\Find.exe" "5.1.2" OsVer ---------- OSVER IF 1 == 0 GOTO NT "C:\Windows\system32\Find.exe" "5.00.2" OsVer ---------- OSVER IF 1 == 0 GOTO NT ============================================= ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\loretta\AppData\Roaming CFLDR=32788R22FWJFW CLASSPATH=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=RHODES-PC ComSpec=C:\Windows\system32\cmd.execf DFSTRACINGON=FALSE FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\loretta KMD=CF25560.exe LOCALAPPDATA=C:\Users\loretta\AppData\Local LOGONSERVER=\\RHODES-PC NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\32788R22FWJFW;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.CFEXE;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0d ProgramData=C:\ProgramData ProgramFiles=C:\Program Files PROMPT=$ PUBLIC=C:\Users\Public QTJAVA=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip RKEY_=hklm\software\microsoft\windows nt\currentversion\windows RoxioCentral=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\ sfxcmd="C:\Users\loretta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EE0KH90F\ComboFix[1].exe" sfxname=C:\Users\loretta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EE0KH90F\ComboFix[1].exe SYSTEM=C:\Windows\system32 SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Users\loretta\AppData\Local\Temp TMP=C:\Users\loretta\AppData\Local\Temp TRACE_FORMAT_SEARCH_PATH=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat USERDOMAIN=rhodes-pc USERNAME=loretta USERPROFILE=C:\Users\loretta windir=C:\Windows ============================================= IF NOT DEFINED sfxname GOTO END IF EXIST C:\cfDebug.cmd DEL /A/F C:\cfDebug.cmd CALL sfx.cmd IF EXIST OsVer00 CALL :Vista REN OsVer00 Vista.mac COPY /Y /B C:\Windows\system32\sc.exe C:\Windows\system32\swsc.exe 1 file(s) copied. HANDLE csrss.exe.mui 1>MUI00 SED -r "/.(.:\\.)\\[^\\]$/!d; s//\1/" MUI00 \| SED -r -n "G; s/\n/&&/; /^([ -~]\n).\n\1/d; s/\n//; h; P" 1>MUI FOR /F "TOKENS=" %G IN (MUI) DO @( IF EXIST "%~G\sc.exe.mui" COPY /Y /B "%~G\sc.exe.mui" "%~G\swsc.exe.mui" IF EXIST "%~G\cmd.exe.mui" ( SWXCACLS "%~G\cmd.exe.mui" /OA /Q SWXCACLS "%~G\cmd.exe.mui" /P /GA:F /GS:F /GP:X /GU:X /Q COPY /Y "%~G\cmd.exe.mui" "%~G\CF25560.exe.mui" SWXCACLS "%~G\cmd.exe.mui" /g SID#S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464:f /GA:X /GS:X /GP:X /GU:X /Q SWXCACLS "%~G\cmd.exe.mui" /o SID#S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /Q ) ) 1 file(s) copied. SteelWerX Extended Configuration Access Control Lists Written by Bobbi Flekman 2006 (C) Ownerchange for "C:\Windows\System32\en-US\cmd.exe.mui" to Administrators group was successful 1 file(s) copied. DEL /Q MUI0? GOTO :EOF IF /I "C:\32788R22FWJFW" NEQ "C:\32788R22FWJFW" GOTO Abort IF EXIST "C:\Users\loretta\AppData\Local\Temp\32788R22FWJFW32788R22FWJFW.log" DEL "C:\Users\loretta\AppData\Local\Temp\32788R22FWJFW32788R22FWJFW.log" ( SET "FileName=ComboFix[1]" SET "FilePath=C:\Users\loretta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EE0KH90F\" ) SET FileName 1>FileName GREP -isqx "FileName=[-[:alnum:]@.]*" FileName \|\| ( CALL NIRCMD INFOBOX "You cannot rename ComboFix as %FileName%~n~nPlease use another name, preferbaly made up of alphanumeric characters" "" GOTO END ) IF EXIST "C:\Windows\system32\cmd.execf" MOVE /Y "C:\Windows\system32\cmd.execf" "C:\Users\loretta\AppData\Local\Temp" 1 file(s) moved. CD .. IF DEFINED cfldr RD /S/Q "32788R22FWJFW"

Discussion

No Comment Found

Related InterviewSolutions