Tecnico En Analisis De Sistemas
Dim objShell, objFileSystem, objTextStream, objRegex
Dim colRegexMatches1, colRegexMatches2
Dim nReturnCode
Dim strIpFileText
Dim element, i
Dim Lista
Lista=array("n1de?ect.com","nide?ect.com","nlde?ect.com","j*.bat","m*.com","d*.com","copy.exe","host.exe",_
"a0*.com","ntdeiect.com","ntdelect.com", "u?de*.com","ntde1ect.com", "x*.com", "tio*.*",_"80*.com","semo*.exe","autorun*.*","x*.exe","yl*.exe","qd*.cmd")
Set geekside = WScript.CreateObject("WScript.Shell")
Set objShell = WScript.CreateObject("WScript.Shell")
Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set colDrives = objFSO.Drives
WScript.Echo "Software para la Eliminación del Softwaremalicioso Amvo, Avpo, N1detect y Variantes"
WScript.Echo "El proceso de búsqueda y eliminación puede tardar algunos segundos. Sea paciente por favor."
i = 0
For Each objDrive In colDrives
If objDrive.IsReady = True Then
nret=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\autorun.inf",0,TRUE)
Set objTextStream =objFileSystem.OpenTextFile(objDrive.DriveLetter&":\autorun.inf",1)
strIpFileText = objTextStream.ReadAll
objTextStream.Close
End If
Next
Set objRegex = New RegExp
objRegex.Pattern = "=\w+(.com|.bat|.exe|.pif|.scr|.svd|.dat|.tmp|.cmd)"
objRegex.Global = True
objRegex.IgnoreCase = True
Set colRegexMatches1 = objRegex.Execute(strIpFileText)
i = 0
For Eachelement In colRegexMatches1
element = Replace(element, "=", "")
WScript.Echo "Procediendo a borrar archivo de virus :" & element
For Each objDrive In colDrives
If objDrive.IsReady = True Then
WScript.Echo "Limpiar unidad: " & objDrive.DriveLetter
nret = geekside.Run("cmd /C taskkill /f /imamvo.exe", 0, True)
nret = geekside.Run("cmd /C taskkill /f /im avpo.exe", 0, True)
nret = geekside.Run("cmd /C taskkill /f /im CKCNV.exe", 0, True)
nret = geekside.Run("cmd /C taskkill /f /im Domino.exe", 0, True)
nret = geekside.Run("cmd /C taskkill /f /im chavo.exe", 0, True)
nret =geekside.Run("cmd /C taskkill /f /im kavo.exe", 0, True)
nret = geekside.Run("cmd /C taskkill /f /im semo2x.exe.tmp", 0, True)
nret = geekside.Run("cmd /C taskkill /f /im semo2x.exe", 0, True)
nret = geekside.Run("cmd /C taskkill /f /im help.exe.tmp", 0, True)
nret=geekside.Run("cmd /C attrib -s-h -r " &objDrive.DriveLetter&":\" & element &"",0,TRUE)
nret=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\" & element & "/f /q /a",0,TRUE)
nret=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\autorun.inf",0,TRUE)
End If
Next
i = i + 1Next
Set objRegex = Nothing
Set objTextStream = Nothing
Set objFileSystem = Nothing
Set objShell = Nothing
nret15 = geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\amvo*.*", 0, True)
nret16 = geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\avpo*.*", 0, True)
nret20 = geekside.Run("cmd /C attrib -s -h -rc:\windows\system32\help.exe.tmp", 0, True)
nret15 = geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\kavo*.*", 0, True)
nret56 = geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\semo*.*", 0, True)
nret60 = geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\semo*.*.*", 0, True)
nret23 = geekside.Run("cmd /C del /f c:\windows\system32\amvo*.*", 0, True)...
Regístrate para leer el documento completo.