|
Hi Everyone
I know this is ambitious my 1st time out But I have a major need to do this. See how this script looks and see if i missed anything
Thanks
;; W32.Friendgreet.worm
;;
;; 1. Remove the "WinSrv Reg" program by using the Add/Remove
;; Programs applet in the Control Panel.
;;
;; 2. Update the virus definitions.
;;
;; 3. Run a full system scan, and delete all files that are
;; detected as W32.Friendgreet.worm.
;;
;; 4. Delete the other files that the program added to the system.
;;
;; 5. Reverse the changes that the program made to the registry.
;; Backup the Registry
Shell Scanreg /Backup
;; Clean Up the Registry Entrys
;; Deleteing the following Value
$PMedia=ReadValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" , "PMedia")
if @error = 0
DelValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run","PMedia")
Else Endif
;; Deleteing the following Value
$DisplayName=ReadValue("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinSrv Reg" , "DisplayName")
if @error = 0
DelValue("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinSrv Reg","DisplayName")
Else Endif
;; Deleteing the following Value
$WinSrv=ReadValue("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinSrv Reg" , "WinSrv")
if @error = 0
DelValue("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinSrv Reg","WinSrv")
Else Endif
;; Deleteing the following Value
$Reg=ReadValue("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinSrv Reg" , "Reg")
if @error = 0
DelValue("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinSrv Reg","Reg")
Else Endif
;; Shorten long Value
$R2=UninstallString C:\Program Files\Common Files\Media\UNINSTAL.EXE C:\Program Files\Common Files\Media\INSTALL.LOG WinSrv Reg Uninstall
$R2=ReadValue("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinSrv Reg","$R2")
if @error = 0
DelValue("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinSrv Reg","$R2")
Else Endif
;; Shorten long Value
$R3=HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{7011471D-3F74-498E-88E1-C0491200312D}
;; Then Delete the following Value
IF EXISTKEY("$R3") = 0
DELTREE("$R3")
ELSE ENDIF
;; Removing the following key
IF EXISTKEY("HKEY_LOCAL_MACHINE\Software\CLASSES\IEEvtCatcher.IEEvtCatcherObj.1") = 0
DELTREE("HKEY_LOCAL_MACHINE\Software\CLASSES\IEEvtCatcher.IEEvtCatcherObj.1")
ELSE ENDIF
;; Removing the following key
IF EXISTKEY("HKEY_LOCAL_MACHINE\Software\CLASSES\IEEvtCatcher.IEEvtCatcherObj") = 0
DELTREE("HKEY_LOCAL_MACHINE\Software\CLASSES\IEEvtCatcher.IEEvtCatcherObj")
ELSE ENDIF
;; Removing the following key
IF EXISTKEY("HHKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{7011471D-3F74-498E-88E1-C0491200312D}") = 0
DELTREE("HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{7011471D-3F74-498E-88E1-C0491200312D}")
ELSE ENDIF
;; Removing the following key
IF EXISTKEY("HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{7677C920-9CC3-4621-AF8C-AD45402DC2FD}") = 0
DELTREE("HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{7677C920-9CC3-4621-AF8C-AD45402DC2FD}")
ELSE ENDIF
;; Removing the following key
IF EXISTKEY("HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{3972ADCE-8737-45DE-A6E2-A253348E5A1E}") = 0
DELTREE("HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{3972ADCE-8737-45DE-A6E2-A253348E5A1E}")
ELSE ENDIF
;; Remove the following key
IF EXISTKEY("HKEY_LOCAL_MACHINE\Software\CLASSES\Interface\{059D8C85-A00F-40AF-8078-7692A0A79F19}") = 0
DELTREE("HKEY_LOCAL_MACHINE\Software\CLASSES\Interface\{059D8C85-A00F-40AF-8078-7692A0A79F19}")
ELSE ENDIF
;;
;; Take Out The Trash!
;;
$Trash=C:\Program Files\Common Files\Media\
If Exist (("$Trash") + ("Install.log"))
Del (("$Trash") + ("Install.log"))
Else Endif
If Exist (("$Trash") + ("Otdock.dll"))
Del (("$Trash") + ("Otdock.dll"))
Else Endif
If Exist (("$Trash") + ("Otglove.dll"))
Del (("$Trash") + ("Otglove.dll"))
Else Endif
If Exist (("$Trash") + ("Otms.exe"))
Del (("$Trash") + ("Otms.exe"))
Else Endif
If Exist (("$Trash") + ("Otupdate.exe"))
Del (("$Trash") + ("Otupdate.exe"))
Else Endif
If Exist (("$Trash") + ("Uninstal.exe"))
Del (("$Trash") + ("Uninstal.exe"))
Else Endif
If Exist (("$Trash") + ("Winsrvc.dat"))
Del (("$Trash") + ("Winsrvc.dat"))
Else Endif
If Exist (("$Trash") + ("Winsrvc.exe"))
Del (("$Trash") + ("Winsrvc.exe"))
Else Endif
If Exist "$Trash"
RD "$Trash"
Else Endif
| 
