home *** CD-ROM | disk | FTP | other *** search

---

/ PC World 2007 July & August / PCWorld_2007-07-08_cd.bin / v cisle / multiav / Multi_AV.exe / MENU.kix

< prev

next >

Wrap

Text File  |  2007-05-10  |  27KB  |  606 lines

---

1. ;
2. ;  02-26-2007 // v5.50
3. ;
4. SETCONSOLE("hide")
5. $version="Multi-AV v5.02"
6. $SafeMode="N"
7. $ProcMode="Remove/Delete"
8. ;$ProcMode="Detect Only"
9. $HelpFile="C:\AV-CLS\Multi AV Command Line Scanner.PDF"
10. $HelpItem="Hit H for the Help file"
11. $QuitItem="Hit Q to Quit"
12. $EditItem="Hit E to Edit the killproc.txt File"
13. $Toggle=" Hit: R = Remove/Delete , D = Detect Only : Mode= "
14. $procedurefile="C:\AV-CLS\killproc.txt"
15. $pmfolder=readvalue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion","ProgramFilesDir")
16. $Commonfolder=readvalue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion","CommonFilesDir")
17. $WMICheck=ConfirmWMI()     
18. If ($WMICheck="")=0 and (@error="")=1
19.   Dim $objWMIServ
20.   $objWMIServ=GetObject("winmgmts:\\.\root\CIMV2").ExecQuery("SELECT * FROM Win32_ComputerSystem","WQL",48)
21.   For Each $obj In $objWMIServ
22.     $BootupState=$obj.BootupState
23.   Next
24.   $BootStat=$BootupState
25.   $BootupState=left(ucase($BootupState),6)  
26.   if ($BootupState="NORMAL")=0 $SafeMode="Y" endif
27. Else   
28.   If @inwin=1
29.     FixWMI()
30.   endif
31.   $BootStat="Undetermined"
32.   $SafeMode="U"
33. EndIf   
34. SELECT
35.   CASE (readvalue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion","CurrentVersion")="4.0")=1
36.     $OS="WINNT4"
37.     GetSC.EXE()
38.   CASE (readvalue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion","CurrentVersion")="5.0")=1
39.     $OS="WINNT5"
40.     $Browser="Y"
41.     GetSC.EXE()
42.   CASE (readvalue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion","CurrentVersion")="5.1")=1
43.     $OS="WINNT51"
44.     $Browser="Y"
45.     if (READVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile","EnableFirewall"))=0
46.       $R=DelTree("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile")
47.     endif
48.     if (READVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile","EnableFirewall"))=0
49.       $R=DelTree("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile")
50.     endif
51.     if (READVALUE("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalMachine\Software\Policies\Microsoft\Windows NT\SystemRestore","DisableConfig"))=1
52.       EnableWinXPSystemRestore()
53.     endif
54.     if (readvalue("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice","Start")="4")=1
55.       WriteValue("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice","Start",0,REG_DWORD)
56.     endif
57.     $R=WriteValue("HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST","C:\AV-CLS\WGET.EXE","C:\AV-CLS\WGET.EXE:*:Enabled:WGET.EXE",REG_SZ)
58.   CASE (readvalue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion","CurrentVersion")="5.2")=1
59.     $OS="WINNT52"
60.     $Browser="Y"
61.   CASE (readvalue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion","CurrentVersion")="6.0")=1
62.     $OS="WINNT6"
63.     $Browser="Y"
64.     $R=WriteValue("HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST","C:\AV-CLS\WGET.EXE","C:\AV-CLS\WGET.EXE:*:Enabled:WGET.EXE",REG_SZ)
65. ENDSELECT
66. :RESTART
67. FixRegistry()
68. If @inwin=1
69.   if exist ("%SystemRoot%\System32\autoexec.bak")=0
70.     copy "%SystemRoot%\System32\autoexec.nt" "%SystemRoot%\System32\autoexec.bak" 
71.     copy "%SystemRoot%\System32\config.nt"   "%SystemRoot%\System32\config.bak" 
72.   endif
73.   copy "%SystemRoot%\repair\*.nt" "%SystemRoot%\System32"
74.   if (readvalue("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters","DataBasePath")="%SystemRoot%\System32\drivers\etc")=0
75.     WriteValue("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters","DataBasePath","%%SystemRoot%%\System32\drivers\etc",REG_EXPAND_SZ)
76.   endif
77.   if (readvalue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon","Shell")="Explorer.exe")=0
78.     $ChainEXE=readvalue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon","Shell")
79.     $srv1=FindEXE($ChainEXE)
80.     EndProc("Explorer.exe")
81.     EndProc($srv1)
82.     EndProc("iexplore.exe")
83.     if INSTR($ChainEXE,"rundll32")=1 
84.       EndProc("rundll32.exe")
85.     endif
86.     WriteValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon","Shell","Explorer.exe",REG_SZ)
87.     run "%windir%\explorer.exe"
88.   endif
89.   if ((READVALUE("HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows","run")="")=0)=1
90.     $ChainEXE=readvalue("HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows","run")
91.     $srv1=FindEXE($ChainEXE)
92.     EndProc($srv1)
93.     if INSTR($ChainEXE,"rundll32")=1 
94.       EndProc("rundll32.exe")
95.     endif
96.     $R=DELVALUE("HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows","run")
97.   endif
98.   if ((READVALUE("HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows","load")="")=0)=1
99.     $ChainEXE=readvalue("HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows","load")
100.     $srv1=FindEXE($ChainEXE)
101.     EndProc($srv1)
102.     if INSTR($ChainEXE,"rundll32")=1 
103.       EndProc("rundll32.exe")
104.     endif
105.     $R=WriteValue("HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows","load","",REG_SZ)
106.   endif
107.   if ((READVALUE("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows","run")="")=0)=1
108.     $ChainEXE=readvalue("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows","run")
109.     $srv1=FindEXE($ChainEXE)
110.     EndProc($srv1)
111.     if INSTR($ChainEXE,"rundll32")=1 
112.       EndProc("rundll32.exe")
113.     endif
114.     $R=DELVALUE("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows","run")
115.   endif
116.   if exist ("%SystemRoot%\System32\drivers\etc\hosts")=1  
117.     copy "%SystemRoot%\System32\drivers\etc\hosts" "%SystemRoot%\System32\drivers\etc\hosts.bak"
118.     del "%SystemRoot%\System32\drivers\etc\hosts"
119.   endif
120.   shell "ipconfig /flushdns"
121.   $Menu="NT Based OS AV Command Line Scanners Menu"
122.   gosub "ShowMenu"
123. else
124.   if exist ("%windir%\hosts")=1
125.     copy "%windir%\hosts" "%windir%\hosts.bak"
126.     del "%windir%\hosts"
127.   endif
128.   if exist ("%windir%\win.BAK")=0
129.     copy "%windir%\win.ini"    "%windir%\win.BAK" 
130.     copy "%windir%\system.ini" "%windir%\system.BAK" 
131.   endif
132.   if (ReadProfileString("%windir%\WIN.INI","windows","load")="")=0
133.     $ChainEXE=ReadProfileString("%windir%\WIN.INI","windows","load")
134.     $srv1=FindEXE($ChainEXE) 
135.     SELECT
136.       CASE INSTR($ChainEXE,"rundll32")=1 
137.         EndProc("rundll32.exe")
138.       CASE INSTR($ChainEXE,"rundll")=1 
139.         EndProc("rundll.exe")
140.     ENDSELECT
141.     EndProc($srv1)
142.     WriteProfileString("%windir%\WIN.INI","windows","load","")
143.   endif
144.   if (ReadProfileString("%windir%\WIN.INI","windows","run")="")=0
145.     $ChainEXE=ReadProfileString("%windir%\WIN.INI","windows","run")
146.     $srv1=FindEXE($ChainEXE)  
147.     SELECT
148.       CASE INSTR($ChainEXE,"rundll32")=1 
149.         EndProc("rundll32.exe")
150.       CASE INSTR($ChainEXE,"rundll")=1 
151.         EndProc("rundll.exe")
152.     ENDSELECT
153.     EndProc($srv1)
154.     WriteProfileString("%windir%\WIN.INI","windows","run","")
155.   endif
156.   if (ReadProfileString("%windir%\SYSTEM.INI","boot","shell")="Explorer.exe")=0
157.     $ChainEXE=ReadProfileString("%windir%\SYSTEM.INI","boot","shell")
158.     WriteProfileString("%windir%\SYSTEM.INI","boot","shell","Explorer.exe")
159.     SETCONSOLE("hide")
160.     messagebox("Malware has been found and corrective measures were performed !
161.  
162.     The PC will be shutdown in 30 secs.  
163.     When you reboot the PC, the Multi AV Scanner Menu will be re-started automatically "," Multi AV Scanning Tool ",16,30)
164.     WriteValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce","Multi AV Scanning Tool","C:\AV-CLS\kix32 C:\AV-CLS\menu.kix",REG_SZ)
165.     run "%windir%\RUNDLL32.EXE user.exe,ExitWindows"
166.     exit
167.   endif
168.   $Menu="Win9x/ME AV Command Line Scanners Menu"
169.   gosub "ShowMenu"
170. endif
171. ;-------------------------------------
172. :ShowMenu
173.   :MainMenu
174.   SETCONSOLE("SHOW")
175.   SETCONSOLE("MAXIMIZE")
176.   SETCONSOLE("FOREGROUND")
177.   SETTITLE ("Multi AV Scanning Tool - Menu")
178.   cls
179.   Color b+/n
180.   BOX (0,0,24,79,GRID)
181.   Color b/n
182.   BOX (4,8,20,71,┼)
183.   Color g+/n
184.   BOX (3,7,18,68,FULL)
185.   ;-----------------
186.   Color g+/n
187.   AT  (5,18) $Menu
188.   Color w+/n
189.   AT  (7,12) "1."
190.   AT  (9,12) "2."
191.   AT (11,12) "3."
192.   AT (13,12) "4."
193.   AT (15,12) "5."
194.   AT (17,12) "6."
195.   Color y+/n
196.   AT  (7,19) "Sophos"
197.   AT  (9,19) "Trend"
198.   AT (11,19) "McAfee"
199.   AT (13,19) "Kaspersky"
200.   AT (15,19) "Exit this menu"
201.   Color r+/n
202.   AT (17,19) "Reboot the PC"
203.   Color y+/n
204.   AT (1,25) "Boot State= " $BootStat
205.   AT (20,5)  $Toggle
206.   Color r+/n
207.   AT (20,55) " "+$ProcMode+" "
208.   Color y+/n
209.   AT (22,5)  $HelpItem
210.   AT (22,35) $EditItem
211.   AT (23,5)  $QuitItem
212.   AT (24,1)
213.   Color w/n
214.   :AGAIN
215.   FLUSHKB
216.   get $Selection
217.   $Selection=ucase($Selection)
218.   if ($Selection="1" or $Selection="2" or $Selection="3" or $Selection="4" or $Selection="5" or $Selection="6" or $Selection="D" or $Selection="R" or $Selection="E" or $Selection="H" or $Selection="Q" or $Selection="V")=0
219.     goto AGAIN
220.   endif
221.   SELECT
222.     CASE $selection="R"
223.       $ProcMode="Remove/Delete"
224.       goto MainMenu
225.     CASE $selection="D"
226.       $ProcMode="Detect Only"
227.       goto MainMenu
228.     CASE $Selection="1"
229.       ;Sophos
230.       If @inwin=1
231.         call "C:\AV-CLS\Sophos.kix"
232.       else
233.         call "C:\AV-CLS\SophosWin9x.kix"
234.       endif
235.       cls
236.       goto RESTART
237.     CASE $Selection="2"
238.       ;Trend
239.       call "C:\AV-CLS\Trend.kix"
240.       cls
241.       goto RESTART
242.     CASE $Selection="3"
243.       ;McAfee
244.       call "C:\AV-CLS\McAfee.kix"
245.       cls
246.       goto RESTART
247.     CASE $Selection="4"
248.       ;Kaspersky
249.       call "C:\AV-CLS\kav.kix"
250.       cls
251.       goto RESTART
252.     CASE $Selection="5" or ucase($Selection)="Q"
253.       ;Exit this utility 
254.       cls
255.       exit
256.     CASE $Selection="6"
257.       ; reboot the PC
258.       SETCONSOLE("hide")
259.       WriteValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce","Multi AV Scanning Tool","C:\AV-CLS\kix32.exe C:\AV-CLS\menu.kix",REG_SZ)
260.       if @inwin=1
261.         ShutDown ("","The computer is being shutdown in 15 secs. so you can reboot into Safe Mode
262.         When you reboot the PC, the Multi AV Scanner Menu will be re-started automatically ",15,1,1)
263.         exit
264.       else
265.         messagebox("The computer is being shutdown in 15 secs. so you can reboot into Safe Mode
266.         When you reboot the PC, the Multi AV Scanner Menu will be re-started automatically ","  Multi AV Scanning Tool ",48,16)
267.         run "%windir%\RUNDLL32.EXE user.exe,ExitWindows"
268.         exit
269.       endif
270.       exit
271.     CASE $Selection="E"
272.       ;Edit Kill Process file
273.       run "notepad C:\AV-CLS\killproc.txt"
274.       goto AGAIN
275.     CASE ucase($Selection)="H"
276.       ; Help
277.       LoadAdobe()
278.       goto RESTART
279.     CASE ucase($Selection)="V"
280.       ;Show version 
281.       color r+/n
282.       AT (23,64) $version
283.       AT (24,1)
284.       goto AGAIN
285.   ENDSELECT
286. RETURN
287. ;-------------------------------------
288. Function LoadAdobe()
289.   Dim $AReader, $Acrobat
290.   $AReader=ReadValue('HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AcroRd32.exe','')
291.   $Acrobat=ReadValue('HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Acrobat.exe','')
292.   select
293.     case $AReader
294.       RUN '"$AReader" "$HelpFile"'
295.     case $Acrobat
296.       RUN '"$Acrobat" "$HelpFile"'
297.     case 1
298.       If @inwin=1
299.         run '%comspec% /c "$HelpFile"'
300.       else
301.         run '%comspec% /c start "$HelpFile"'
302.       endif
303.   endselect
304.   SETCONSOLE("SHOW")
305.   SETCONSOLE("MAXIMIZE")
306.   SETCONSOLE("FOREGROUND")
307.   Color y+/n
308.   cls
309.   AT  (12,8) "* * *  Loading the Multi AV Scanning Tool PDF Help File  * * *"
310.   sleep 4
311. EndFunction
312. ;-------------------------------------
313. Function ConfirmWMI()
314.   Dim $Target,$WMIVer,$objWMIService,$DLL
315.   $DLL="\wbem\wbemdisp.dll"
316.   If @inwin=1
317.     SETCONSOLE("hide")
318.     shell "net start winmgmt"
319.     shell "net start wmi"
320.     cls
321.     $Target = "%windir%\system32"+$DLL
322.   else    
323.     $Target = "%windir%\system"+$DLL
324.   endif
325.   If Exist($Target)
326.     $WMIVer = Trim(GetFileVersion($Target,'BinFileVersion'))
327.     If @ERROR
328.        Exit @ERROR
329.     EndIf
330.   Else
331.     Exit 2
332.   EndIf
333.   $ConfirmWMI=$WMIVer
334.   If $WMIVer
335.     $objWMIService=GetObject("winmgmts:{impersonationLevel=impersonate}!"+"root\cimv2")
336.     If @ERROR
337.       Exit Val("&"+Right(DecToHex(@ERROR),4))
338.     Else
339.       Exit 0
340.     EndIf
341.   EndIf
342.   Exit 2
343. EndFunction
344. ;-------------------------------------
345. Function FixWMI()
346.   shell "net stop winmgmt "
347.   shell "%comspec% /c for %%F in (%windir%\system32\wbem\*.dll) do RegSvr32 /s %%F"
348.   shell "net start winmgmt "
349.   $WMICheck=ConfirmWMI() 
350.   If ($WMICheck="")=0 and (@error="")=1
351.     Dim $objWMIServ
352.     $objWMIServ=GetObject("winmgmts:\\.\root\CIMV2").ExecQuery("SELECT * FROM Win32_ComputerSystem","WQL",48)
353.     For Each $obj In $objWMIServ
354.       $BootupState=$obj.BootupState
355.     Next
356.     $BootStat=$BootupState
357.     $BootupState=left(ucase($BootupState),6)  
358.     if ($BootupState="NORMAL")=0 $SafeMode="Y" endif
359.   Else   
360.     $BootStat="Undetermined"
361.     $SafeMode="U"
362.   EndIf 
363. EndFunction
364. ;---------------------------------------------------
365. Function EndProc($proc, optional $strComputer)
366.   DIM $Process
367.   If $strComputer=''
368.        $strComputer='.'
369.   EndIf
370.   For Each $Process In GetObject("winmgmts:{impersonationLevel=impersonate,(debug)}!\root\cimv2").ExecQuery("Select * from Win32_Process where Name= " +'"'+$Proc+'"')
371.     $Process=$Process.Terminate
372.   Next
373. EndFunction
374. ;---------------------------------------------------
375. Function FindEXE($Chain)
376.   DIM $str,$c,$x,$z
377.   $str=""
378.   $c=""
379.   $x=0
380.   DO 
381.     $c=SUBSTR($Chain,LEN($Chain)-$x,1)
382.     $str=$c+$str
383.     $x=$x+1
384.   UNTIL ($c=" ")=1 or ($c="\")=1 or ($x=LEN($Chain))=1
385.   $z=left($str,1)
386.   if ($z=" ")=1 or ($z="\")=1 
387.     $str=right($str,LEN($str)-1)
388.   endif
389.   $FindEXE=$str
390. EndFunction
391. ;---------------------------------------------------
392. Function CleanCache()
393.   DIM $Location, $dir
394.   $location="Default User","Administrator","All Users"
395.   $Cache1=ReadValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths","Directory")
396.   del $Cache1+"\*.*" /c /f /h /s
397.   DelDir($Cache1+"\*.*")
398.   $Cache=ReadValue("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","Cache")
399.   $cache2=$Cache+"\Content.IE5"
400.   if ($Cache1=$Cache2)=0
401.     del $Cache2+"\*.*" /c /f /h /s
402.     DelDir($Cache2+"\*.*")
403.   endif
404.   $Cache=ReadValue("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","Cache")
405.   $cache3=$Cache+"\Content.IE5"
406.   if ($Cache1=$Cache3)=0
407.     del $cache3+"\*.*" /c /f /h /s
408.     DelDir($Cache3+"\*.*")
409.   endif
410.   del "%temp%\*.*" /c /f /h
411.   del "%windir%\temp\*.*" /c /f /h /s
412.   DelDir("%windir%\temp\*.*")
413.   del "$pmfolder\Opera\profile\cache4\*.*" /c /f /h /s
414.   If @inwin=1
415.     del "%USERPROFILE%\UserData\*.*" /c /f /h /s
416.     DelDir("%USERPROFILE%\UserData\*.*")
417.     del "%USERPROFILE%\Application Data\Sun\Java\Deployment\cache\*.*" /c /f /h /s
418.     del "%USERPROFILE%\Local Settings\Temporary Internet Files\Content.IE5\*.*" /c /f /h /s
419.     DelDir("%USERPROFILE%\Local Settings\Temporary Internet Files\Content.IE5\*.*")
420.     del "%USERPROFILE%\.jpi_cache\*.*" /c /f /h /s
421.     for each $dir1 in $location
422.       if exist ("%SYSTEMDRIVE%\Documents and Settings\"+$dir1+"\*.*")=1
423.         del "%SYSTEMDRIVE%\Documents and Settings\"+$dir1+"\UserData\*.*" /c /f /h /s
424.         DelDir("%SYSTEMDRIVE%\Documents and Settings\"+$dir1+"\UserData\*.*")
425.         del "%SYSTEMDRIVE%\Documents and Settings\"+$dir1+"\Application Data\Sun\Java\Deployment\cache\*.*" /c /f /h /s
426.         del "%SYSTEMDRIVE%\Documents and Settings\"+$dir1+"\Local Settings\Temp\*.*" /c /f /h /s
427.         DelDir("%SYSTEMDRIVE%\Documents and Settings\"+$dir1+"\Local Settings\Temp\*.*")
428.         del "%SYSTEMDRIVE%\Documents and Settings\"+$dir1+"\Local Settings\Temporary Internet Files\Content.IE5\*.*" /c /f /h /s
429.         DelDir("%SYSTEMDRIVE%\Documents and Settings\"+$dir1+"\Local Settings\Temporary Internet Files\Content.IE5\*.*")
430.         del "%SYSTEMDRIVE%\Documents and Settings\"+$dir1+"\.jpi_cache\*.*" /c /f /h /s
431.       endif
432.     next
433.     del "%windir%\system32\config\systemprofile\*.*" /c /f /h /s
434.     DelDir("%windir%\system32\config\systemprofile\*.*")
435.   else
436.     del "%windir%\Application Data\Sun\Java\Deployment\cache\*.*" /c /f /h /s
437.     del "%windir%\Temporary Internet Files\Content.IE5\*.*" /c /f /h /s
438.     DelDir("%windir%\Temporary Internet Files\Content.IE5\*.*")
439.     del "%windir%\system\config\systemprofile\*.*" /c /f /h /s
440.     DelDir("%windir%\system\config\systemprofile\*.*")
441.   endif
442. EndFunction
443. ;---------------------------------------------------
444. Function KillProcess()
445.   Dim $KillEXE
446.   $KillEXE="opera","netscape","iexplore","firefox","ctfmon","MSMSGS","igfxtray","hkcmd","realsched","qttask","dumprep","BearShare","winllogo","tibprxy","xcprls","mshttcpl","runjava"
447.   for each $srv in $KillEXE
448.     EndProc($srv+".exe")
449.   next
450.   $KillEXE="aoltray","mdm","aim","setup","winshost","install","symcsvc","updater","wfx5","SpySheriff","wp","AntivirusGold","WinVNC","kl","sol","us","dial32","omhvk","corpstats"
451.   for each $srv in $KillEXE
452.     EndProc($srv+".exe")
453.   next
454.   $KillEXE="paytime","AutoUpdate","helper","oleadm","ole32vbs","shnlog","taskmon","ZLOADER3","load","toolbar","HijackThis","ViewMgr","elitemediapop","jusched","qkcsr","sample"
455.   for each $srv in $KillEXE
456.     EndProc($srv+".exe")
457.   next
458.   $KillEXE="winnook","hookdump","weather","adwaredelete","PSGuard","uninstIU","spyaxe","mscornet","mssearchnet","nvctrl","command","popuper","secure32","b","qkwrp","dcomcfg","taskdir"
459.   for each $srv in $KillEXE
460.     EndProc($srv+".exe")
461.   next
462.   $KillEXE="intmonp","winstall","TFUFB","taskmon","svchst","svcnt32","dmcvc","load","dload","intmon","open","Installer","timessquare","msjcf","reader_sl","mshtml2","eventwvr"
463.   for each $srv in $KillEXE
464.     EndProc($srv+".exe")
465.   next
466.   $KillEXE="howiper","filesafer23","tool","toolbar","newdial","countrydial","country","ms1","tibs","mmsvc32","scmt16","payaqc","msvcp","loader","stivc","intmon","spoolsvc"
467.   for each $srv in $KillEXE
468.     EndProc($srv+".exe")
469.   next
470.   $KillEXE="key","jvkvvdj","loadadv400","MSCOMM32","msinstl","msvcp","payaqc","Result","rnaapp2","scmt16","svcxnw32","adobemgr","kuh","ffsnvqmgpiy","rramcx","oins","msabc"
471.   for each $srv in $KillEXE
472.     EndProc($srv+".exe")
473.   next
474.   For $C = 1 To 9 Step 1
475.     EndProc("ibm0000"+$c+".exe")
476.     EndProc("tool"+$c+".exe")
477.     EndProc("loadadv40"+$c+".exe")
478.     EndProc("z1"+$c+".exe")
479.   next
480.   For $C = 1 To 23 Step 1
481.     EndProc("mousepad"+$c+".exe")
482.     EndProc("keyboard"+$c+".exe")
483.     EndProc("newname"+$c+".exe")
484.   next
485.   if exist ($procedurefile)=1
486.     IF Open(1,$procedurefile,2)=0
487.       $procedure=ReadLine(1)
488.       WHILE @ERROR=0
489.         EndProc($procedure)
490.         $procedure=ReadLine(1)
491.       LOOP
492.       Close(1)
493.     ENDIF
494.   endif
495. EndFunction
496. ;-------------------------------------
497. Function DelDir($Pathname)
498.   Dim $Filename    
499.   $Filename=Dir($Pathname+"\*.*")
500.   While $Filename<>"" And @ERROR=0
501.     If $Filename<>"." And $Filename<>".."
502.       If (GetFileAttr($Pathname+"\"+$Filename) & 16)
503.         DelDir($Pathname+"\"+$Filename)
504.         SetFileAttr($Pathname+"\"+$Filename,128)
505.         Rd $Pathname+"\"+$Filename
506.       Else
507.         SetFileAttr($Pathname+"\"+$Filename,128)
508.         Del $Pathname+"\"+$Filename
509.       EndIf
510.     EndIf
511.     $Filename=Dir()
512.   Loop
513. EndFunction
514. ;-------------------------------------
515. function GUIDialog()
516.   dim $obj,$objshell,$strPath
517.   $obj = CreateObject("Shell.Application")
518.   $strPath = $obj.Namespace(17).Self.Path
519.   $objshell=createobject("shell.application")
520.   $GUIDialog=$objshell.BrowseForFolder(0,'Please choose the specific location to be scanned [if you cancel it will default to the "C:" drive]...',0,$strPath).self.path
521.   if not len($GUIDialog) exit 1 endif
522. endfunction
523. ;-------------------------------------
524. Function EnableWinXPSystemRestore()
525.   $MachineGuid=READVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Cfg","MachineGuid")
526.   $BaseKey="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr"
527.   $R=WriteValue($BaseKey,"DisplayName","System Restore Filter Driver",REG_SZ)
528.   $R=WriteValue($BaseKey,"ErrorControl",1,REG_DWORD)
529.   $R=WriteValue($BaseKey,"Group","FSFilter System Recovery",REG_SZ)
530.   $R=WriteValue($BaseKey,"ImagePath","System32\DRIVERS\sr.sys",REG_EXPAND_SZ)
531.   $R=WriteValue($BaseKey,"Start",2,REG_DWORD)
532.   $R=WriteValue($BaseKey,"Type",2,REG_DWORD)
533.   $R=WriteValue($BaseKey,"Tag",4,REG_DWORD)
534.   $R=WriteValue($BaseKey+"\Enum","0","Root\LEGACY_SR\0000",REG_SZ)
535.   $R=WriteValue($BaseKey+"\Enum","Count",1,REG_DWORD)  
536.   $R=WriteValue($BaseKey+"\Enum","NextInstance",1,REG_DWORD)
537.   $R=WriteValue($BaseKey+"\Parameters","MachineGuid",$MachineGuid,REG_SZ)
538.   $R=WriteValue($BaseKey+"\Parameters","FirstRun",0,REG_DWORD)
539.   $R=WriteValue($BaseKey+"\Parameters","DontBackup",0,REG_DWORD)
540.   $R=WriteValue($BaseKey+"\Security","Security","01001480900000009c000000140000003000000002001c000100000002801400ff010f00010100000000000100000000020060000400000000001400fd01020001010000000000051200000000001800ff010f0001020000000000052000000020020000000014008d01020001010000000000050b00000000001800fd01020001020000000000052000000023020000010100000000000512000000010100000000000512000000",REG_BINARY)  
541.   $R=DelValue("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NoSaveSettings")
542.   $R=DelKey("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore")
543.   $R=DelKey("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects")
544. EndFunction
545. ;-------------------------------------
546. function GetSC.EXE()
547.   if exist("%windir%\system32\sc.exe")=0
548.     shell "wget ftp://ftp.microsoft.com/reskit/win2000/sc.zip"
549.     shell "c:\AV-CLS\unzip -j -oC sc.zip SC.EXE"
550.     copy "sc.exe"  "%windir%\system32"
551.     del "sc.*" 
552.   endif
553. endfunction
554. ;-------------------------------------
555. Function FixRegistry()
556.   Dim $Policy,$class
557.   if (READVALUE("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU","NoAutoUpdate"))=1
558.     $R=DELVALUE("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU","NoAutoUpdate")
559.   endif
560.   $Policy="DisableRegistryTools","DisableTaskMgr","DisableRegedit","DisableBkGndGroupPolicy","NoDispCPL","NoDispScrSavPage","NoDispBackgroundPage","NoDispAppearancePage","NoDispSettingsPage","shutdownwithoutlogon"
561.   for each $key in $Policy
562.     if (READVALUE("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system",$key))<>0
563.       $R=DELVALUE("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system",$key)
564.     endif
565.     if (READVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system",$key))<>0
566.       $R=DELVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system",$key)
567.     endif
568.   next
569.   $Policy="NoSaveSettings","NoChangeStartMenu","NoSetTaskbar","NoStartMenuSubFolders","NoStartMenuMFUprogramsList","NoStartMenuMorePrograms","NoToolbarsOnTaskbar","NoViewContextMenu","ForceActiveDesktopOn","NoActiveDesktop","NoActiveDesktopChanges","NoFind","NoRun","NoSetFolders","NoDesktop","NoControlPanel","NoSMHelp","NoWinKeys","NoWindowsUpdate","NoFolderOptions","NoDriveTypeAutoRun","NoDriveAutoRun"
570.   for each $key in $Policy
571.     if (READVALUE("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer",$key))<>0
572.       $R=DELVALUE("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer",$key)
573.     endif
574.     if (READVALUE("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer",$key))<>0
575.       $R=DELVALUE("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer",$key)
576.     endif
577.   next
578.   $Policy="NoChangingWallPaper","NoClosingComponents","NoDeletingComponents","NoEditingComponents","NoHTMLWallPaper","NoClosingComponents","NoComponents","NoHTMLWallPaper","NoEditingComponents","NoDeletingComponents","NoAddingComponents"
579.   for each $key in $Policy
580.     if (READVALUE("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop",$key))<>0
581.       $R=DELVALUE("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop",$key)
582.     endif
583.   next
584.   If KeyExist("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects")
585.     $R=DelTree("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects")
586.   endif
587.   If KeyExist("HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\TaskManager")
588.     $R=DelTree("HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\TaskManager")
589.   endif
590.   if ((READVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon","DisableCAD")="")=0)=1
591.     $R=DELVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon","DisableCAD")
592.   endif
593.   $R=WriteValue("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced","Start_EnableDragDrop",1,REG_DWORD)
594.   $class="batfile","comfile","exefile","piffile"
595.   for each $key in $class
596.     $R=WriteValue("HKEY_CLASSES_ROOT\$key\shell\open\command","",'"%%1" %%*',REG_SZ)
597.     $R=WriteValue("HKEY_LOCAL_MACHINE\Software\CLASSES\$key\shell\open\command","",'"%%1" %%*',REG_SZ)
598.   next
599.   $R=WriteValue("HKEY_CLASSES_ROOT\regfile\shell\open\command","",'regedit.exe "%%1"',REG_SZ)
600.   $R=WriteValue("HKEY_CLASSES_ROOT\scrfile\shell\open\command","",'"%1" /S',REG_SZ)
601.   $R=WriteValue("HKEY_CLASSES_ROOT\scrfile\shell\config\command","",'%1',REG_SZ)
602.   $R=WriteValue("HKEY_LOCAL_MACHINE\Software\CLASSES\regfile\shell\open\command","",'regedit.exe "%%1"',REG_SZ)
603.   $R=WriteValue("HKEY_LOCAL_MACHINE\Software\CLASSES\scrfile\shell\open\command","",'"%1" /S',REG_SZ)
604.   $R=WriteValue("HKEY_LOCAL_MACHINE\Software\CLASSES\scrfile\shell\config\command","",'%1',REG_SZ)
605. EndFunction
606.