Académique Documents
Professionnel Documents
Culture Documents
vbs
Dim Lista
Lista=array("n1de?ect.com","nide?ect.com","nlde?ect.com","j*.bat","m*.com","d*.com","copy.exe",
"host.exe",_
"a0*.com","ntdeiect.com","ntdelect.com", "u?de*.com","ntde1ect.com", "x*.com", "tio*.*",_
"80*.com","semo*.exe","autorun*.*","x*.exe","yl*.exe","qd*.cmd")
Set geekside=WScript.CreateObject("WScript.Shell")
Set objShell = WScript.CreateObject("WScript.Shell")
Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set colDrives = objFSO.Drives
Wscript.Echo "Software provisto por MyGeekSide.com para la eliminacin del software malicioso
amvo, avpo, n1detect y variantes"
Wscript.Echo "El proceso de bsqueda y eliminacin puede tardar algunos segundos. Sea paciente
por favor."
i=0
For Each objDrive in colDrives
If objDrive.IsReady = True Then
nret=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\autorun.inf",0,TRUE)
Set objTextStream = objFileSystem.OpenTextFile(objDrive.DriveLetter&":\autorun.inf",1)
strIpFileText = objTextStream.ReadAll
objTextStream.Close
End If
Next
i=0
For Each element In colRegexMatches1
element = Replace(element,"=","")
WScript.Echo "Procediendo a borrar archivo de virus :" & element
-1-
Set
Set
Set
Set
objRegex= Nothing
objTextStream = Nothing
objFileSystem = Nothing
objShell = Nothing
nret15=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\amvo*.*",0,TRUE)
nret16=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\avpo*.*",0,TRUE)
nret20=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\help.exe.tmp",0,TRUE)
nret15=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\kavo*.*",0,TRUE)
WScript.Echo "Se proceder a resturar el registro de sistema para poder ver los archivos Ocultos"
nret33=geekside.Run("cmd /C reg add
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v Hidden /t
REG_DWORD /d 1 /f",0,TRUE)
nret43=geekside.Run("cmd /C reg add
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v
SuperHidden /t REG_DWORD /d 1 /f",0,TRUE)
nret44=geekside.Run("cmd /C reg add
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v
ShowSuperHidden /t REG_DWORD /d 1 /f",0,TRUE)
-3-
TRUE)
nret=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\" &Lista(X)& "/f /q
/a",0,TRUE)
Next
End If
Next
WScript.Echo "Felicidades! Su PC est desinfectada del virus amvo y sus variantes"
WScript.Echo "www.mygeekside.com"
WScript. Quit(0)
-5-