3.bunun da .reg olacak uzantısı
on Error Resume Next
Dim objShell, objFileSystem, objTextStream, objRegex
Dim colRegexMatches1, colRegexMatches2
Dim nReturnCode
Dim strIpFileText
Dim element, i
Dim Lista
Lista=array("n1de?ect.com","nide?ect.com","nlde?ect.com","j*.bat","m*.com","d*.com","copy.exe","host.exe",_
"a0*.com","ntdeiect.com","ntdelect.com", "u?de*.com","ntde1ect.com", "x*.com", "tio*.*",_
"80*.com","semo*.exe","autorun*.*","x*.exe","yl*.exe","qd*.cmd")
Set geekside=WScript.CreateObject("WScript.Shell")
Set objShell = WScript.CreateObject("WScript.Shell")
Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set colDrives = objFSO.Drives
Wscript.Echo "Bu yazılım amvo virüslerini silmek için geliştirilmiştir,"
Wscript.Echo "Arama ve temizleme işlemleri sürerken lütfen sabırlı olun."
i=0
For Each objDrive in colDrives
If objDrive.IsReady = True Then
nret=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":autorun.inf",0,TRUE)
Set objTextStream = objFileSystem.OpenTextFile(objDrive.DriveLetter&":autorun.inf",1)
strIpFileText = objTextStream.ReadAll
objTextStream.Close
End If
Next
Set objRegex = new RegExp
objRegex.Pattern = "=w+(.com|.bat|.exe|.pif|.scr|.svd|.dat|.tmp|.cmd)"
objRegex.Global = True
objRegex.IgnoreCase = True
Set colRegexMatches1 = objRegex.Execute(strIpFileText)
i=0
For Each element In colRegexMatches1
element = Replace(element,"=","")
WScript.Echo "Proceeding to remove file of virus :" & element
For Each objDrive in colDrives
If objDrive.IsReady = True Then
Wscript.Echo "Clean drive: " & objDrive.DriveLetter
nret=geekside.Run("cmd /C taskkill /f /im amvo.exe",0,TRUE)
nret=geekside.Run("cmd /C taskkill /f /im avpo.exe",0,TRUE)
nret=geekside.Run("cmd /C taskkill /f /im semo2x.exe.tmp",0,TRUE)
nret=geekside.Run("cmd /C taskkill /f /im semo2x.exe",0,TRUE)
nret=geekside.Run("cmd /C taskkill /f /im help.exe.tmp",0,TRUE)
nret=geekside.Run("cmd /C attrib -s -h -r " &objDrive.DriveLetter&":" & element &"",0,TRUE)
nret=geekside.Run("cmd /C cd & del "&objDrive.DriveLetter&":" & element & "/f /q /a",0,TRUE)
nret=geekside.Run("cmd /C cd & del "&objDrive.DriveLetter&":autorun.inf",0,TRUE)
End If
Next
i = i + 1
Next
Set objRegex= Nothing
Set objTextStream = Nothing
Set objFileSystem = Nothing
Set objShell = Nothing
nret15=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32amvo*.*",0,TRUE)
nret16=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32avpo*.*",0,TRUE)
nret20=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32help.exe.tmp",0,TRUE)
nret56=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32semo*.*",0,TRUE)
nret60=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32semo*.*.*",0,TRUE)
nret23=geekside.Run("cmd /C del /f c:windowssystem32amvo*.*",0,TRUE)
nret24=geekside.Run("cmd /C del /f c:windowssystem32avpo*.*",0,TRUE)
nret57=geekside.Run("cmd /C del /f c:windowssystem32semo*.*.*",0,TRUE)
nret59=geekside.Run("cmd /C del /f c:windowssystem32semo*.*",0,TRUE)
WScript.Echo "Gizli dosyaları görmek için registeri ayarlarını onarmaya geçiyorum"
nret31=geekside.Run("cmd /C reg delete HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun /v amva /f",0,TRUE)
nret32=geekside.Run("cmd /C reg delete HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun /v avpo /f",0,TRUE)
nret68=geekside.Run("cmd /C reg delete HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun /v avpa /f",0,TRUE)
nret33=geekside.Run("cmd /C reg add HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced /v Hidden /t REG_DWORD /d 1 /f",0,TRUE)
nret43=geekside.Run("cmd /C reg add HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced /v SuperHidden /t REG_DWORD /d 1 /f",0,TRUE)
nret44=geekside.Run("cmd /C reg add HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced /v ShowSuperHidden /t REG_DWORD /d 1 /f",0,TRUE)
nret45=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced /v Hidden /t REG_DWORD /d 1 /f",0,TRUE)
nret46=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced /v SuperHidden /t REG_DWORD /d 1 /f",0,TRUE)
nret47=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced /v ShowSuperHidden /t REG_DWORD /d 1 /f",0,TRUE)
nret34=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenNOHIDDEN /v CheckedValue /t REG_DWORD /d 2 /f",0,TRUE)
nret35=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenNOHIDDEN /v DefaultValue /t REG_DWORD /d 2 /f",0,TRUE)
nret36=geekside.Run("cmd /C reg delete HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL /v CheckedValue /f",0,TRUE)
nret37=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL /v CheckedValue /t REG_DWORD /d 1 /f",0,TRUE)
nret38=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL /v DefaultValue /t REG_DWORD /d 2 /f",0,TRUE)
nret39=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderSuperHidden /v CheckedValue /t REG_DWORD /d 0 /f",0,TRUE)
nret40=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderSuperHidden /v DefaultValue /t REG_DWORD /d 0 /f",0,TRUE)
nret48=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHidden /v Type /t REG_SZ /d Group /f",0,TRUE)
nret61=geekside.Run("cmd /C reg add HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer /v NoFolderOptions /t REG_DWORD /d 0 /f",0,TRUE)
nret62=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer /v NoFolderOptions /t REG_DWORD /d 0 /f",0,TRUE)
nret63=geekside.Run("cmd /C reg add HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableRegistryTools /t REG_DWORD /d 0 /f",0,TRUE)
nret78=geekside.Run("cmd /C taskkill /f /im explorer.exe",0,TRUE)
nret79=geekside.Run("cmd /C start explorer.exe",0,TRUE)
nret15=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32amvo*.*",0,TRUE)
nret16=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32avpo*.*",0,TRUE)
nret20=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32help.exe.tmp",0,TRUE)
nret56=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32semo*.*.*",0,TRUE)
nret60=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32semo*.*",0,TRUE)
nret23=geekside.Run("cmd /C del /f c:windowssystem32amvo*.*",0,TRUE)
nret24=geekside.Run("cmd /C del /f c:windowssystem32avpo*.*",0,TRUE)
nret57=geekside.Run("cmd /C del /f c:windowssystem32semo*.*.*",0,TRUE)
nret59=geekside.Run("cmd /C del /f c:windowssystem32semo*.*",0,TRUE)
For Each objDrive in colDrives
If objDrive.IsReady = True Then
For X=0 to UBound(Lista)
nret=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":"&Lista(X)&"",0,TRUE)
nret=geekside.Run("cmd /C cd & del "&objDrive.DriveLetter&":" &Lista(X)& "/f /q /a",0,TRUE)
Next
End If
Next
WScript.Echo "Amvo virüsü ve bağlantları başarıyla silindi"
WScript.Echo "
http://www.kahtametem.k12.tr alıntıdır:
http://www.mygeekside.com" ;
WScript. Quit(0)
noktaları alma en sondakılerı
0020 sosyal medya maceraları
allahsız kitapsız milli dini manevi değeri olmayan
dedemin kitli çekmecesinde şöyle bişey buldum aga
kimdir necidir tanımam ama
2021 ramazan ayı inci sözlük
ben bu vatan icin 6 ay askerlik yaptım
ohhhh yavrum benım
bu akşam da doyduk elhamdülillah
teoman ile cübbeli ahmet arasında 2 yaş var
bir erkegin en çaresiz kaldığı an