Dear,
Complete script:
code:
$name="bDenyFloppyMountIfInfected" $type="REG_DWORD" $value="1"
GOSUB write_registry $name="bDontScanBootSectors" $type="REG_DWORD" $value="0"
GOSUB write_registry $name="bDontScanMBRSectors" $type="REG_DWORD" $value="0"
GOSUB write_registry $name="bFileCacheEnabled" $type="REG_DWORD" $value="1"
GOSUB write_registry $name="bLoadAtStartup" $type="REG_DWORD" $value="1"
GOSUB write_registry $name="bNetworkScanEnabled" $type="REG_DWORD" $value="0"
GOSUB write_registry $name="bScanAllFiles" $type="REG_DWORD" $value="0"
GOSUB write_registry $name="bScanAllOLE" $type="REG_DWORD" $value="0"
GOSUB write_registry $name="bScanCompressed" $type="REG_DWORD" $value="1"
GOSUB write_registry $name="bScanDefaultFiles" $type="REG_DWORD" $value="1"
GOSUB write_registry $name="bScanFloppyOnShutdown" $type="REG_DWORD" $value="1"
GOSUB write_registry $name="bScanIncoming" $type="REG_DWORD" $value="1"
GOSUB write_registry $name="bScanOutgoing" $type="REG_DWORD" $value="1"
GOSUB write_registry $name="DisableFilterLocalScansOptimisation" $type="REG_DWORD" $value="1"
GOSUB write_registry $name="DisableFilterNetworkScansOptimisation" $type="REG_DWORD" $value="1"
GOSUB write_registry $name="DisablePLADMinusOne" $type="REG_DWORD" $value="1"
GOSUB write_registry $name="DisableResetLastAccessDate" $type="REG_DWORD" $value="1"
GOSUB write_registry $name="DontDetectJokes" $type="REG_DWORD" $value="0"
GOSUB write_registry $name="DontDetectTrojans" $type="REG_DWORD" $value="0"
GOSUB write_registry $name="DotVirOnQuarantine" $type="REG_DWORD" $value="0"
GOSUB write_registry $name="dwDebugFlags" $type="REG_DWORD" $value="0"
GOSUB write_registry $name="dwLastModified" $type="REG_DWORD" $value="13"
GOSUB write_registry $name="dwMacroHeuristicsLevel" $type="REG_DWORD" $value="0"
GOSUB write_registry $name="dwProgramHeuristicsLevel" $type="REG_DWORD" $value="0"
GOSUB write_registry $name="ExcludedItem_0" $type="REG_SZ" $value=": \_RESTORE\||25|1" ; possible it must be REG_MULTI_SZ as type
GOSUB write_registry $name="ExcludeSFPList" $type="REG_DWORD" $value="1"
GOSUB write_registry $name="ExtensionFilterOption" $type="REG_DWORD" $value="2"
GOSUB write_registry $name="NumberOfScanners" $type="REG_DWORD" $value="4"
GOSUB write_registry $name="NumExcludeItems" $type="REG_DWORD" $value="1"
GOSUB write_registry $name="ScanArchiveFindAll" $type="REG_DWORD" $value="0"
GOSUB write_registry $name="ScanArchives" $type="REG_DWORD" $value="0"
GOSUB write_registry $name="ScanArchiveTimeout" $type="REG_DWORD" $value="5"
GOSUB write_registry $name="ScannerThreadTimeout" $type="REG_DWORD" $value="7530"
GOSUB write_registry $name="SmoothWritesExtensions" $type="REG_SZ" $value="INI"
GOSUB write_registry $name="SmoothWritesTime" $type="REG_DWORD" $value="1"
GOSUB write_registry $name="szMoveToFolder" $type="REG_SZ" $value="C:\Program Files\Network Associates\VirusScan\Infected"
GOSUB write_registry $name="szProgExts" $type="REG_SZ"
$value= "::: ??_ {?? 001 002 386 3GR ACM ADT AP? ASD ASP AX? BAT BIN BO? CC? CDR CHM CLA CMD CNV CO? CP? CSC D?B DAT DEV DIF DL? DO? DRV EE? EX?"
$value=$value+" FMT FO? GMS GZ? HDI HLP HT? IM? IN? JS? LIB MB? MD? MHT MOD MPD MPP MPT MRC MS? OB? OC? OL? OLE OTM OV? PCI PD? PHP PIF PLG POT PP? PRC"
$value=$value+" QLB QPW QTC REG RTF SCR SH? SIS SMM SYS TD0 TGZ TLB TSP VB? VS? VWP VXD WBK WIZ WP? WRI WS? X32 XL? XML XSL XTP XX? ZL?"
GOSUB write_registry $name="TSDisableAll" $type="REG_DWORD" $value="1"
GOSUB write_registry $name="uAction" $type="REG_DWORD" $value="5"
GOSUB write_registry $name="UnloadDriver" $type="REG_DWORD" $value="0"
GOSUB write_registry $name="UseEngineGFS" $type="REG_DWORD" $value="1"
GOSUB write_registry $name="VSDenyAccessMode" $type="REG_DWORD" $value="1"
GOSUB write_registry
EXIT
:write_registry
$key="HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\Configuration"
IF (WriteValue($key,$name,$value,$type) <> 0)
? "Warning KIX: write problems with key "$name". error @error (@serror)"
ENDIF
RETURN
greetings.
