API tools faq
paste
Advertisement
shubshub

AntiRogue v1.3

shubshub
Jun 3rd, 2012
153
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 12.69 KB | None | 0 0
raw download clone embed print report
  1. patch_list.bat
  2.  
  3.  
  4.  
  5. set spyquake_found=0
  6. set cleanthis="C:\Users\%username%\AppData\Roaming\gog.exe"
  7. set clean_reg="%cd%\Registry Patches\remove_cleanthis.reg"
  8. set ang1="c:\Program Files\Common Files\System\mgnc\angpd.exe"
  9. set ang2="c:\Program Files\Common Files\System\mgnc\mcdk.exe"
  10. set ang3="c:\Program Files\Common Files\System\mgnc\rkgnd.exe"
  11. set ang4="c:\Program Files\Common Files\System\mgnc\wsd.exe"
  12. set ang_reg="%cd%\Registry Patches\remove_ang.reg"
  13. set ang_vbs="VBS_Patches\angadmin.vbs"
  14. set spyquake1="C:\Program Files\SpywareQuake\SpywareQuake.exe"
  15. set spyquake2="C:\Program Files\SpyQuake2.com\Spy-Quake2.exe"
  16. set spyquake3="C:\Program Files\SpywareQuaked\SpywareQuaked.exe"
  17. set spyquake_reg="%cd%\Registry Patches\remove_spyquake.reg"
  18. set spyquake_vbs="VBS_Patches\spyadmin.vbs"
  19. set thinkpoint1="C:\Users\%username%\AppData\Roaming\hotfix.exe"
  20. set thinkpoint2="%UserProfile%\AppData\Roaming\thinkpoint.exe"
  21. set thinkpoint3="C:\bbotxxxxxx.exe"
  22. set thinkpoint_reg="%cd%\Registry Patches\remove_thinkpoint.reg"
  23. set thinkpoint_vbs="VBS_Patches\thinkadmin.vbs"
  24. set mal_defend1="%UserProfile%\Start Menu\Programs\Strong Malware Defender.lnk"
  25. set mal_defend2="%UserProfile%\Application Data\Strong Malware Defender\Instructions.ini"
  26. set mal_defend3="%UserProfile%\Start Menu\Strong Malware Defender.lnk"
  27. set mal_defend4="%UserProfile%\Application Data\Strong Malware Defender\cookies.sqlite"
  28. set mal_defend5="%AppData%\Strong Malware Defender\ScanDisk_.exe"
  29. set mal_defend6="%Temp%\svhostu.exe"
  30. set maldefend_reg="%cd%\Registry Patches\remove_maldefend.reg"
  31. set virusheat1="C:\Program Files\VirusHeat 3.9\VirusHeat 3.9.exe"
  32. set virusheat2="C:\Program Files\VirusHeat 4.3\VirusHeat 4.3.exe"
  33. set vrisuheat3="C:\Program Files\VirusHeat 4.4\VirusHeat 4.4.exe"
  34. set virusheat4="C:\WINDOWS\system32\txdkfh.dll"
  35. set virusheat_reg="%cd%\Registry Patches\remove_vh.reg"
  36. set virusheat_vbs="VBS_Patches\vhadmin.vbs"
  37.  
  38.  
  39.  
  40.  
  41. AntiRogue.bat
  42.  
  43.  
  44.  
  45. @echo off
  46. set spy_removed=0
  47. IF EXIST "threats_removed.bat" CALL "threats_removed.bat"
  48. title AntiRogue v1.3
  49. echo AntiRogue v1.3 Booting Please Wait
  50. ping localhost >nul
  51. echo Loading Rogue Software Location Database
  52. call patch_list.bat
  53. ping localhost >nul
  54. echo Boot Sucsessful
  55. ping localhost >nul
  56. echo AntiRogue is an AntiMalware Program specificly designed to aid in the process
  57. echo Of eliminating Rogue Security Software
  58. echo Current Support
  59. echo.
  60. echo CleanThis
  61. echo ThinkPoint
  62. echo Strong Malware Defender
  63. echo VirusHeat
  64. echo SpywareQuake
  65. :check_startup
  66. set StartupFolder="%AppData%\Microsoft\Windows\Start Menu\Programs\Startup"
  67. If Exist %StartupFolder%\AntiRogue.lnk Goto allowregedit
  68. set StartupFolder="%UserProfile%\Start Menu\Programs\Startup"
  69. If Exist %StartupFolder%\AntiRogue.lnk Goto allowregedit
  70. set /p copystart=Copy AntiRogue To Startup? Y/N:
  71. IF %copystart%==N goto allowregedit
  72. IF %copystart%==Y goto copy_startup
  73. goto check_startup
  74. :copy_startup
  75. CD /D %~dp0
  76. IF NOT EXIST "AntiRogue.lnk" echo You need to Manually Create a Shortcut first
  77. IF NOT EXIST "AntiRogue.lnk" pause
  78. IF NOT EXIST "AntiRogue.lnk" goto allowregedit
  79. set StartupFolder=%AppData%\Microsoft\Windows\Start Menu\Programs\Startup
  80. If Exist "%StartupFolder%\AntiRogue.lnk" Goto allowregedit
  81. Set StartupFolder=%UserProfile%\Start Menu\Programs\Startup
  82. If Exist "%StartupFolder%\AntiRogue.lnk" Goto allowregedit
  83. :FoundStartup
  84. copy "AntiRogue.lnk" "%StartupFolder%"
  85. :allowregedit
  86. set /p allowreg=Allow Registry? Y/N:
  87. if %allowreg%==Y goto startreg_scan
  88. if %allowreg%==N goto search1
  89. goto allowregedit
  90. pause
  91. goto search
  92. :startreg_scan
  93. set /p startscan=Start Registry Scanner? Y/N:
  94. IF %startscan%==Y start reg_scan.bat
  95. IF %startscan%==Y goto search
  96. IF %startscan%==N goto search
  97. goto startreg_scan
  98. :search2
  99. set regallow=1
  100. goto search
  101. :search1
  102. set regallow=0
  103. goto search
  104. :search
  105. cls
  106. color 0A
  107. echo Status: Clean
  108. IF EXIST "threats_removed.bat" CALL "threats_removed.bat"
  109. IF EXIST "reg_cleans.bat" CALL "reg_cleans.bat"
  110. IF EXIST "threats_removed.bat" ECHO Rogues Eliminated: %threat_count%
  111. IF EXIST "reg_cleans.bat" ECHO Registries Fixed: %reg_clean%
  112. goto search3
  113. color 07
  114. :search3
  115. title Status: Clean
  116. IF EXIST "BAT_Patches\spyfound.bat" goto SPY_REGFOUND
  117. IF EXIST "BAT_Patches\angfound.bat" goto ANG_REGFOUND
  118. IF EXIST "BAT_Patches\malfound.bat" goto MAL_REGFOUND
  119. IF EXIST %virusheat1% goto VH_ALERT
  120. IF EXIST %virusheat2% goto VH_ALERT
  121. IF EXIST %virusheat3% goto VH_ALERT
  122. IF EXIST %virusheat4% goto VH_ALERT
  123. IF EXIST %cleanthis% goto CLEAN_ALERT
  124. IF EXIST %ang1% goto ANG_ALERT
  125. IF EXIST %ang2% goto ANG_ALERT
  126. IF EXIST %ang3% goto ANG_ALERT
  127. IF EXIST %ang4% goto ANG_ALERT
  128. IF EXIST %spyquake1% goto SPYQUAKE_ALERT
  129. IF EXIST %spyquake2% goto SPYQUAKE_ALERT
  130. IF EXIST %spyquake3% goto SPYQUAKE_ALERT
  131. IF EXIST %thinkpoint1% goto THINKPOINT_ALERT
  132. IF EXIST %thinkpoint2% goto THINKPOINT_ALERT
  133. IF EXIST %thinkpoint3% goto THINKPOINT_ALERT
  134. IF EXIST %mal_defend1% goto MALDEFEND_ALERT
  135. IF EXIST %mal_defend2% goto MALDEFEND_ALERT
  136. IF EXIST %mal_defend3% goto MALDEFEND_ALERT
  137. IF EXIST %mal_defend4% goto MALDEFEND_ALERT
  138. IF EXIST %mal_defend5% goto MALDEFEND_ALERT
  139. IF EXIST %mal_defend6% goto MALDEFEND_ALERT
  140. goto search3
  141. :CLEAN_ALERT
  142. set virus=CleanThis
  143. set removal_link=clean_remove
  144. set task="gog.exe"
  145. goto ALERT
  146. :ANG_ALERT
  147. set virus=ANG_AntiVirus
  148. set removal_link=ang_remove
  149. set task1="angpd.exe"
  150. set task2="mcdk.exe"
  151. set task3="rkgnd.exe"
  152. set task4="wsd.exe"
  153. goto ALERT
  154. :SPYQUAKE_ALERT
  155. set virus=SpywareQuake
  156. set removal_link=spyquake_remove
  157. set task1="SpywareQuake.exe"
  158. set task2="Spy-Quake2.exe"
  159. set task3="SpywareQuaked.exe"
  160. goto ALERT
  161. :THINKPOINT_ALERT
  162. set virus=ThinkPoint
  163. set removal_link=thinkpoint_remove
  164. set task1="hotfix.exe"
  165. set task2="thinkpoint.exe"
  166. set task3="bbotxxxxxx.exe"
  167. goto ALERT
  168. :MALDEFEND_ALERT
  169. set virus=Malware Defender
  170. set removal_link=maldefend_remove
  171. goto ALERT
  172. :VH_ALERT
  173. set virus=VirusHeat
  174. set removal_link=vh_remove
  175. goto ALERT
  176. :ALERT
  177. cls
  178. color 0C
  179. title ALERT!!! MALWARE FOUND!!!
  180. echo Status: Infected
  181. echo Threatening Malware: %virus%
  182. ping localhost >nul
  183. goto %removal_link%
  184. :clean_remove
  185. title Removing CleanThis Please Wait
  186. TASKKILL /F /IM %task% /FI "STATUS eq RUNNING"
  187. IF EXIST %cleanthis% del %cleanthis%
  188. IF NOT EXIST %cleanthis% echo Threat Removed
  189. IF NOT EXIST %cleanthis% set /a threat_count=%threat_count%+1
  190. echo set threat_count=%threat_count% > threats_removed.bat
  191. ping localhost >nul
  192. IF NOT %regallow%==1 goto search
  193. goto cleanreg
  194. :ang_remove
  195. title Removing ANG AntiVirus Please Wait
  196. TASKKILL /F /IM %task1% /FI "STATUS eq RUNNING"
  197. TASKKILL /F /IM %task2% /FI "STATUS eq RUNNING"
  198. TASKKILL /F /IM %task3% /FI "STATUS eq RUNNING"
  199. TASKKILL /F /IM %task4% /FI "STATUS eq RUNNING"
  200. IF EXIST %ang1% vbs %ang_vbs%
  201. IF EXIST %ang2% vbs %ang_vbs%
  202. IF EXIST %ang3% vbs %ang_vbs%
  203. IF EXIST %ang4% vbs %ang_vbs%
  204. ping localhost >nul
  205. set ang_removed=0
  206. IF NOT EXIST %ang1% set /a ang_removed=%ang_removed%+1
  207. IF NOT EXIST %ang2% set /a ang_removed=%ang_removed%+1
  208. IF NOT EXIST %ang3% set /a ang_removed=%ang_removed%+1
  209. IF NOT EXIST %ang4% set /a ang_removed=%ang_removed%+1
  210. IF %ang_removed%==4 echo Threat Removed
  211. IF %ang_removed%==4 set /a threat_count=%threat_count%+1
  212. echo set threat_count=%threat_count% > threats_removed.bat
  213. ping localhost >nul
  214. IF NOT %regallow%==1 goto search
  215. goto angreg
  216. :spyquake_remove
  217. title Removing SpywareQuake Please Wait
  218. TASKKILL /F /IM %task1% /FI "STATUS eq RUNNING"
  219. TASKKILL /F /IM %task2% /FI "STATUS eq RUNNING"
  220. TASKKILL /F /IM %task3% /FI "STATUS eq RUNNING"
  221. IF EXIST %spyquake1% vbs %spyquake_vbs%
  222. IF EXIST %spyquake2% vbs %spyquake_vbs%
  223. IF EXIST %spyqauke3% vbs %spyquake_vbs%
  224. ping localhost >nul
  225. IF NOT EXIST %spyquake1% set /a spy_removed=%spy_removed%+1
  226. IF NOT EXIST %spyquake2% set /a spy_removed=%spy_removed%+1
  227. IF NOT EXIST %spyquake3% set /a spy_removed=%spy_removed%+1
  228. IF %spy_removed%==3 echo Threat Removed
  229. IF %spy_removed%==3 set /a threat_count=%threat_count%+1
  230. echo set threat_count=%threat_count% > threats_removed.bat
  231. ping localhost >nul
  232. pause
  233. IF NOT %regallow%==1 goto search
  234. goto spyreg
  235. :thinkpoint_remove
  236. title Removing ThinkPoint Please Wait
  237. TASKKILL /F /IM %task1% /FI "STATUS eq RUNNING"
  238. TASKKILL /F /IM %task2% /FI "STATUS eq RUNNING"
  239. TASKKILL /F /IM %task3% /FI "STATUS eq RUNNING"
  240. IF EXIST %thinkpoint1% del %thinkpoint1%
  241. IF EXIST %thinkpoint2% del %thinkpoint2%
  242. IF EXIST %thinkpoint3% vbs %thinkpoint_vbs%
  243. ping localhost >nul
  244. set think_removed=0
  245. IF NOT EXIST %thinkpoint1% SET /a think_removed=%think_removed%+1
  246. IF NOT EXIST %thinkpoint2% SET /a think_removed=%think_removed%+1
  247. IF NOT EXIST %thinkpoint3% SET /a think_removed=%think_removed%+1
  248. IF %think_removed%==3 echo Threat Removed
  249. IF %think_removed%==3 set /a threat_count=%threat_count%+1
  250. echo set threat_count=%threat_count% > threats_removed.bat
  251. ping localhost >nul
  252. IF NOT %regallow%==1 goto search
  253. goto thinkreg
  254. :maldefend_remove
  255. title Removing Malware Defender Please Wait
  256. echo Eliminating Strong Malware Defender
  257. echo We Have Better support for Malware Defender Now
  258. IF EXIST %mal_defend1% DEL %mal_defend1%
  259. IF EXIST %mal_defend2% DEL %mal_defend2%
  260. IF EXIST %mal_defend3% DEL %mal_defend3%
  261. IF EXIST %mal_defend4% DEL %mal_defend4%
  262. IF EXIST %mal_defend5% DEL %mal_defend5%
  263. IF EXIST %mal_defend6% DEL %mal_defend6%
  264. set maldefend_removed=0
  265. IF NOT EXIST %mal_defend1% set /a maldefend_removed=%maldefend_removed%+1
  266. IF NOT EXIST %mal_defend2% set /a maldefend_removed=%maldefend_removed%+1
  267. IF NOT EXIST %mal_defend3% set /a maldefend_removed=%maldefend_removed%+1
  268. IF NOT EXIST %mal_defend4% set /a maldefend_removed=%maldefend_removed%+1
  269. IF NOT EXIST %mal_defend5% set /a maldefend_removed=%maldefend_removed%+1
  270. IF NOT EXIST %mal_defend6% set /a maldefend_removed=%maldefend_removed%+1
  271. IF %maldefend_removed%==6 echo Threat Removed
  272. IF %maldefend_removed%==6 set /a threat_count=%threat_count%+1
  273. echo set threat_count=%threat_count% > threats_removed.bat
  274. ping localhost >nul
  275. IF NOT %regallow%==1 goto search
  276. goto maldefendreg
  277. :vh_remove
  278. title Removing VirusHeat Please Wait
  279. echo Removing VirusHeat
  280. IF EXIST %virusheat1% vbs %virusheat_vbs%
  281. IF EXIST %virusheat2% vbs %virusheat_vbs%
  282. IF EXIST %virusheat3% vbs %virusheat_vbs%
  283. IF EXIST %virusheat4% vbs %virusheat_vbs%
  284. set vh_removed=0
  285. IF NOT EXIST %virusheat1% set /a vh_removed=%vh_removed%+1
  286. IF NOT EXIST %virusheat2% set /a vh_removed=%vh_removed%+1
  287. IF NOT EXIST %virusheat3% set /a vh_removed=%vh_removed%+1
  288. IF NOT EXIST %virusheat4% set /a vh_removed=%vh_removed%+1
  289. IF %vh_removed%==4 echo Threat Removed
  290. IF %vh_removed%==4 set /a threat_count=%threat_count%+1
  291. echo set threat_count-%threat_count% > threats_removed.bat
  292. ping localhost >nul
  293. IF NOT %regallow%==1 goto search
  294. goto vhreg
  295. :cleanreg
  296. title Fixing Registries
  297. echo Fixing Registries with the remove_cleanthis.reg Patch
  298. regedit %clean_reg%
  299. set /a reg_clean=%reg_clean%+1
  300. echo set reg_clean=%reg_clean% > reg_cleans.bat
  301. echo Fixed
  302. ping localhost >nul
  303. goto search
  304. :angreg
  305. title Fixing Registries
  306. echo Fixing Registries with the remove_ang.reg Patch
  307. regedit %ang_reg%
  308. set /a reg_clean=%reg_clean%+1
  309. echo set reg_clean=%reg_clean% > reg_cleans.bat
  310. echo Fixed
  311. ping localhost >nul
  312. goto search
  313. :spyreg
  314. title Fixing Registries
  315. echo Fixing Registries with the remove_spyquake.reg Patch
  316. regedit %spyquake_reg%
  317. set /a reg_clean=%reg_clean%+1
  318. echo set reg_clean=%reg_clean% > reg_cleans.bat
  319. echo Fixed
  320. ping localhost >nul
  321. goto search
  322. :thinkreg
  323. title Fixing Registries
  324. echo Fixing Registries with the remove_thinkpoint.reg Patch
  325. regedit %thinkpoint_reg%
  326. set /a reg_clean=%reg_clean%+1
  327. echo set reg_clean=%reg_clean% > reg_cleans.bat
  328. echo Fixed
  329. ping localhost >nul
  330. goto search
  331. :maldefendreg
  332. title Fixing Registries
  333. echo Fixing Registries with the remove_maldefend.reg Patch
  334. regedit %maldefend_reg%
  335. set /a reg_clean=%reg_clean%+1
  336. echo set reg_clean=%reg_clean% > reg_cleans.bat
  337. echo Fixed
  338. ping localhost >nul
  339. goto search
  340. :vhreg
  341. title Fixing registries
  342. echo Fixing Registries with the remove_vh.reg Patch
  343. regedit %virusheat_reg%
  344. set /a reg_clean=%reg_clean%+1
  345. echo set reg_clean=%reg_clean% > reg_cleans.bat
  346. echo Fixed
  347. ping localhost >nul
  348. goto search
  349. :SPY_REGFOUND
  350. title Found Registry
  351. color 0C
  352. echo We Found a Registry
  353. regedit %spyquake_reg%
  354. echo We Fixed the registry
  355. ping localhost >nul
  356. IF EXIST "BAT_Patches\spyfound.bat" del "BAT_Patches\spyfound.bat"
  357. goto search
  358. :ANG_REGFOUND
  359. title Found Registry
  360. color 0C
  361. echo We Found a Registry
  362. regedit %ang_reg%
  363. echo We Fixed the registry
  364. ping localhost >nul
  365. IF EXIST "BAT_Patches\angfound.bat" del "BAT_Patches\angfound.bat"
  366. goto search
  367. :MAL_REGFOUND
  368. title Found Registry
  369. color 0C
  370. echo We Found a Registry
  371. regedit %maldefend_reg%
  372. echo We Fixed the registry
  373. ping localhost >nul
  374. IF EXIST "BAT_Patches\malfound.bat" del "BAT_Patches\malfound.bat"
  375. goto search
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!