revisi buat script-nya nih..
ada tambahan utk ngapus bbrp file VBS malware & shortcutnya.
Code:
on error resume next
Dim fso, WshShell, DesPath1, DesPath2, sispath, tempath, FlashDisk, Drives
Dim Tunggul1, Tunggul2, Tunggul3, Tunggul4, Tunggul5, Tunggul6
Dim autoruninf, dekstopini
Set fso = CreateObject("Scripting.FileSystemObject")
Set WshShell = Wscript.CreateObject("Wscript.Shell")
Set winpath = fso.GetSpecialFolder(0)
Set sispath = fso.GetSpecialFolder(1)
Set tempath = fso.GetSpecialFolder(2)
Set Drives=fso.drives
namafile = "Tunggul.vbs"
Smwc = "\Software\Microsoft\Windows\CurrentVersion\"
Hsmwci = "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\"
WshShell.RegDelete "HKLM"&Smwc&"Run\WinSistem"
WshShell.RegDelete Hsmwci&"cmd.exe\"
WshShell.RegDelete Hsmwci&"msconfig.exe\"
WshShell.RegDelete Hsmwci&"regedit.exe\"
WshShell.RegDelete Hsmwci&"PCMAV.exe\"
WshShell.RegDelete Hsmwci&"PCMAV-CLN.exe\"
WshShell.RegDelete Hsmwci&"PCMAV-RTP.exe\"
WshShell.RegDelete Hsmwci&"PCMAV-SE.exe\"
WshShell.RegDelete Hsmwci&"VB6.exe\"
WshShell.RegDelete Hsmwci&"autorun.exe\"
WshShell.RegDelete Hsmwci&"ansav.exe\"
WshShell.RegDelete Hsmwci&"ansavgd.exe\"
WshShell.RegDelete Hsmwci&"avscan.exe\"
WshShell.RegDelete Hsmwci&"avgnt.exe\"
WshShell.RegDelete Hsmwci&"iexplore.exe\"
WshShell.RegDelete Hsmwci&"firefox.exe\"
WshShell.RegDelete "HKCU"&Smwc&"Policies\Explorer\NoFind"
WshShell.RegDelete "HKCU"&Smwc&"Policies\Explorer\NoFolderOptions"
WshShell.RegDelete "HKCU"&Smwc&"Policies\Explorer\NoRun"
WshShell.RegDelete "HKCU"&Smwc&"Policies\System\DisableRegistryTools"
WshShell.RegDelete "HKCU"&Smwc&"Policies\System\DisableTaskMgr"
WshShell.RegWrite "HKCR\vbsfile\DefaultIcon", "%SystemRoot%\System32\WScript.exe,2"
WshShell.RegWrite "HKCR\vbsfile\", "VBScript Script File"
DesPath1 = WshShell.SpecialFolders("Desktop")
DesPath2 = WshShell.SpecialFolders("StartUp")
set Tunggul1 = fso.GetFile(DesPath1& "\Harry Potter.lnk")
Tunggul1.Delete true
set Tunggul2 = fso.GetFile(DesPath2& "\Bogor Kota Hujan.lnk")
Tunggul2.Delete true
set Tunggul3 = fso.GetFile(sispath& "\iexplore.vbs")
Tunggul3.Delete true
set Tunggul4 = fso.GetFile(tempath& "\Bogor.vbs")
Tunggul4.Delete true
set Tunggul5 = fso.GetFile(winpath & "\" & namafile)
Tunggul5.Delete true
For Each FlashDisk In fso.drives
If (FlashDisk.drivetype = 1 Or FlashDisk.drivetype = 2) And FlashDisk.Path <> "A:" Then
set Tunggul6 = fso.GetFile(FlashDisk.Path & "\" & namafile)
Tunggul6.Delete true
set autoruninf = fso.GetFile(FlashDisk.Path & "\autorun.inf")
autoruninf.Delete true
set dekstopini = fso.GetFile(FlashDisk.Path & "\dekstop.ini")
dekstopini.Delete true
End If
Next
0 komentar:
Posting Komentar