API tools faq
paste
SmartGenius

Remove FakeUSB Malware from USB

SmartGenius
Sep 12th, 2013
455
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.07 KB | None | 0 0
raw download clone embed print report
  1. @Echo Off&Title S.M.A.R.T
  2.  
  3. :: S.M.A.R.T - Simplified Malware Analisis and Removal Tool
  4. :: This Script Removes FakeUSB Malware
  5. :: TR/Crypt.Xpack.5314 - Worm.Gamarue.B - W32/Wauchos.LB!tr - Backdoor.Win32.Androm
  6. :: https://www.virustotal.com/es/file/b832b82aa3656c9e2b62d693d9ee7c8b64bd1bd058b50506194eb9fa8ee9182a/analysis/1376005565/
  7. :: Version: 1.0 (08-08-2013) Coded by SmartGenius
  8.  
  9.  
  10. :Vars
  11. Set "RunKey=HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run"
  12. Set "Process=wupdmgr.exe"
  13.  
  14.  
  15. :Main
  16. Cls&Echo.
  17. Echo. This Script Removes FakeUSB Malware - Coded by SmartGenius
  18. Echo. Please Wait...
  19. For %%A in (Kill, CleanTemp, RegKey, Removable) do (Call :%%A)
  20. Echo.
  21. Echo. Job Finished
  22. Start "" Explorer
  23. Echo.&Pause&Exit
  24.  
  25.  
  26. :Kill
  27. Echo. Checking if process is currently running...
  28. Tasklist|find "%Process%" >nul 2>&1
  29. If %Errorlevel% EQU 0 (
  30. Echo. Process "%Process%" ... is Running^!
  31. Taskkill /F /Im %Process% >nul 2>&1
  32. Echo. Process "%Process%" ... Terminated^!
  33. ) else (Echo. Echo. Process:%Process% ... is not Running.)
  34. Taskkill /F /Im explorer.exe >nul 2>&1
  35. Goto :Eof
  36.  
  37. :Regkey
  38. Echo. Analyzing Run Registry keys
  39. For /f "tokens=1,2,3" %%F in ('REG QUERY %RunKey%^|find ".com"') do (
  40. Echo.&Echo. Entry: %%F&Echo. File : %%H
  41. Set "VFile=%%H"
  42. Set "RKey=%%F"
  43. )
  44. Echo. Deleting Key : "%RKey%"
  45. REG DELETE %Runkey% /v %RKey% /f >nul 2>&1
  46. Echo. Deleting File: "%VFile%"
  47. Del /F /Q "%VFile%" >nul 2>&1
  48. Goto :Eof
  49.  
  50. :CleanTemp
  51. Echo. Deleting Temporaly Files and Folders
  52. Pushd %temp%
  53. For /f "tokens=1" %%D in ('DIR /B /A:D') do (RD /S /Q %%D >nul 2>&1)
  54. Del /f /q *.* 2>nul
  55. Popd
  56. Goto :Eof
  57.  
  58. :Removable
  59. Echo. Analyzing removable drives
  60. For %%U in (E,F,G,H,I,J,K,L,M,N,O) do (
  61. If Exist "%%U:\Thumbs.db" (
  62. Echo. Deleting malware from %%U:
  63. Ping -n 1 127.0.0.1 >nul
  64. Pushd %%U:
  65. Attrib -r -s -h -a *.* >nul
  66. For %%X in (lnk, xxc, ini, inf, db) do (Del /f /q *.%%X >nul 2>&1)
  67. Pause
  68. Echo. Restoring Files...
  69. Cd "ÿ"
  70. Move /Y * %%U:\ >nul
  71. For /f "tokens=*" %%D in ('dir /b /a:d') do (Move /Y "%%D" %%U:\)
  72. Cd\&Rd "ÿ" /S /Q >nul 2>&1
  73. Popd
  74. ))
  75. Goto :Eof
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!