Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @echo off
- set threat_count=0
- set reg_clean=0
- IF EXIST "threats_removed.bat" CALL "threats_removed.bat"
- set cleanthis="C:\Users\%username%\AppData\Roaming\gog.exe"
- set clean_reg="%cd%\Registry Patches\remove_cleanthis.reg"
- set ang1="c:\Program Files\Common Files\System\mgnc\angpd.exe"
- set ang2="c:\Program Files\Common Files\System\mgnc\mcdk.exe"
- set ang3="c:\Program Files\Common Files\System\mgnc\rkgnd.exe"
- set ang4="c:\Program Files\Common Files\System\mgnc\wsd.exe"
- set ang_reg="%cd%\Registry Patches\remove_ang.reg"
- set spyquake1="C:\Program Files\SpywareQuake\SpywareQuake.exe"
- set spyquake2="C:\Program Files\SpyQuake2.com\Spy-Quake2.exe"
- set spyquake3="C:\Program Files\SpywareQuaked\SpywareQuaked.exe"
- set spyquake_reg="%cd%\Registry Patches\remove_spyquake.reg"
- set thinkpoint1="C:\Users\%username%\AppData\Roaming\hotfix.exe"
- set thinkpoint2="%UserProfile%\AppData\Roaming\thinkpoint.exe"
- set thinkpoint3="C:\bbotxxxxxx.exe"
- set thinkpoint_reg="%cd%\Registry Patches\remove_thinkpoint.reg"
- set mal_defend1="%UserProfile%\Start Menu\Programs\Strong Malware Defender.lnk"
- set mal_defend2="%UserProfile%\Application Data\Strong Malware Defender\Instructions.ini"
- set mal_defend3="%UserProfile%\Start Menu\Strong Malware Defender.lnk"
- set mal_defend4="%UserProfile%\Application Data\Strong Malware Defender\cookies.sqlite"
- set maldefend_reg="%cd%\Registry Patches\remove_maldefend.reg"
- title AntiRogue v1.2
- echo AntiRogue is a Security Software that will help keep your computer clean from
- echo Rogue security software Before it begins scanning we Need your consent to be able to use regedit in order
- echo to remove nasty Registries that those Rogue softwares add to the registry
- :check_startup
- Set StartupFolder="%AppData%\Microsoft\Windows\Start Menu\Programs\Startup"
- If Exist %StartupFolder%\AntiRogue.lnk Goto allowregedit
- Set StartupFolder="%UserProfile%\Start Menu\Programs\Startup"
- If Exist %StartupFolder%\AntiRogue.lnk Goto allowregedit
- set /p copystart=Copy AntiRogue To Startup? Y/N:
- IF %copystart%==N goto allowregedit
- IF %copystart%==Y goto copy_startup
- goto check_startup
- :copy_startup
- CD /D %~dp0
- Set StartupFolder=%AppData%\Microsoft\Windows\Start Menu\Programs\Startup
- If Exist "%StartupFolder%\AntiRogue.lnk" Goto allowregedit
- Set StartupFolder=%UserProfile%\Start Menu\Programs\Startup
- If Exist "%StartupFolder%\AntiRogue.lnk" Goto allowregedit
- :FoundStartup
- copy "AntiRogue.lnk" "%StartupFolder%"
- :allowregedit
- set /p allowreg=Allow Registry? Y/N:
- if %allowreg%==Y goto search2
- if %allowreg%==N goto search1
- goto allowregedit
- pause
- goto search
- :search2
- set regallow=1
- goto search
- :search1
- set regallow=0
- goto search
- :search
- cls
- color 0A
- echo Status: Clean
- IF EXIST "threats_removed.bat" CALL "threats_removed.bat"
- IF EXIST "reg_cleans.bat" CALL "reg_cleans.bat"
- IF EXIST "threats_removed.bat" ECHO Rogues Eliminated: %threat_count%
- IF EXIST "reg_cleans.bat" ECHO Registries Fixed: %reg_clean%
- goto search3
- color 07
- :search3
- title Status: Clean
- IF EXIST %cleanthis% goto CLEAN_ALERT
- IF EXIST %ang1% goto ANG_ALERT
- IF EXIST %ang2% goto ANG_ALERT
- IF EXIST %ang3% goto ANG_ALERT
- IF EXIST %ang4% goto ANG_ALERT
- IF EXIST %spyquake1% goto SPYQUAKE_ALERT
- IF EXIST %spyquake2% goto SPYQUAKE_ALERT
- IF EXIST %spyquake3% goto SPYQUAKE_ALERT
- IF EXIST %thinkpoint1% goto THINKPOINT_ALERT
- IF EXIST %thinkpoint2% goto THINKPOINT_ALERT
- IF EXIST %thinkpoint3% goto THINKPOINT_ALERT
- IF EXIST %mal_defend1% goto MALDEFEND_ALERT
- IF EXIST %mal_defend2% goto MALDEFEND_ALERT
- IF EXIST %mal_defend3% goto MALDEFEND_ALERT
- IF EXIST %mal_defend4% goto MALDEFEND_ALERT
- goto search3
- :CLEAN_ALERT
- set virus=CleanThis
- set removal_link=clean_remove
- set task="gog.exe"
- goto ALERT
- :ANG_ALERT
- set virus=ANG_AntiVirus
- set removal_link=ang_remove
- set task1="angpd.exe"
- set task2="mcdk.exe"
- set task3="rkgnd.exe"
- set task4="wsd.exe"
- goto ALERT
- :SPYQUAKE_ALERT
- set virus=SpywareQuake
- set removal_link=spyquake_remove
- set task1="SpywareQuake.exe"
- set task2="Spy-Quake2.exe"
- set task3="SpywareQuaked.exe"
- set task4="SpywareQuake.exe"
- goto ALERT
- :THINKPOINT_ALERT
- set virus=ThinkPoint
- set removal_link=thinkpoint_remove
- set task1="hotfix.exe"
- set task2="thinkpoint.exe"
- set task3="bbotxxxxxx.exe"
- goto ALERT
- :MALDEFEND_ALERT
- set virus=Malware Defender
- set removal_link=maldefend_remove
- goto ALERT
- :ALERT
- cls
- color 0C
- title ALERT!!! MALWARE FOUND!!!
- echo Status: Infected
- echo Threatening Malware: %virus%
- ping localhost >nul
- goto %removal_link%
- :clean_remove
- title Removing CleanThis Please Wait
- TASKKILL /F /IM %task%
- IF EXIST %cleanthis% del %cleanthis%
- IF NOT EXIST %cleanthis% echo Threat Removed
- IF NOT EXIST %cleanthis% set /a threat_count=%threat_count%+1
- echo set threat_count=%threat_count% > threats_removed.bat
- ping localhost >nul
- IF NOT %regallow%==1 goto search
- goto cleanreg
- :ang_remove
- title Removing ANG AntiVirus Please Wait
- TASKKILL /F /IM %task1% /FI "STATUS eq RUNNING"
- TASKKILL /F /IM %task2% /FI "STATUS eq RUNNING"
- TASKKILL /F /IM %task3% /FI "STATUS eq RUNNING"
- TASKKILL /F /IM %task4% /FI "STATUS eq RUNNING"
- IF EXIST %ang1% del %ang1%
- IF EXIST %ang2% del %ang2%
- IF EXIST %ang3% del %ang3%
- IF EXIST %ang4% del %ang4%
- set ang_removed=0
- IF NOT EXIST %ang1% set /a ang_removed=%ang_removed%+1
- IF NOT EXIST %ang2% set /a ang_removed=%ang_removed%+1
- IF NOT EXIST %ang3% set /a ang_removed=%ang_removed%+1
- IF NOT EXIST %ang4% set /a ang_removed=%ang_removed%+1
- IF %ang_removed%==4 echo Threat Removed
- IF %ang_removed%==4 set /a threat_count=%threat_count%+1
- echo set threat_count=%threat_count% > threats_removed.bat
- ping localhost >nul
- IF NOT %regallow%==1 goto search
- goto angreg
- :spyquake_remove
- title Removing SpywareQuake Please Wait
- TASKKILL /F /IM %task1% /FI "STATUS eq RUNNING"
- TASKKILL /F /IM %task2% /FI "STATUS eq RUNNING"
- TASKKILL /F /IM %task3% /FI "STATUS eq RUNNING"
- IF EXIST %spyquake1% vbs "VBS_Patches\admin.vbs"
- IF EXIST %spyquake2% vbs "VBS_Patches\admin.vbs"
- IF EXIST %spyqauke3% vbs "VBS_Patches\admin.vbs"
- set spy_removed=0
- IF NOT EXIST %spyquake1% set /a spy_removed=%spy_removed%+1
- IF NOT EXIST %spyquake2% set /a spy_removed=%spy_removed%+1
- IF NOT EXIST %spyqauke3% set /a spy_removed=%spy_removed%+1
- IF %spy_removed%==3 echo Threat Removed
- set /a threat_count=%threat_count%+1
- echo set threat_count=%threat_count% > threats_removed.bat
- ping localhost >nul
- pause
- IF NOT %regallow%==1 goto search
- goto spyreg
- :thinkpoint_remove
- title Removing ThinkPoint Please Wait
- TASKKILL /F /IM %task1% /FI "STATUS eq RUNNING"
- TASKKILL /F /IM %task2% /FI "STATUS eq RUNNING"
- TASKKILL /F /IM %task3% /FI "STATUS eq RUNNING"
- IF EXIST %thinkpoint1% del %thinkpoint1%
- IF EXIST %thinkpoint2% del %thinkpoint2%
- IF EXIST %thinkpoint3% del %thinkpoint3%
- set think_removed=0
- IF NOT EXIST %thinkpoint1% SET /a think_removed=%think_removed%+1
- IF NOT EXIST %thinkpoint2% SET /a think_removed=%think_removed%+1
- IF NOT EXIST %thinkpoint3% SET /a think_removed=%think_removed%+1
- IF %think_removed%==3 echo Threat Removed
- IF %think_removed%==3 set /a threat_count=%threat_count%+1
- echo set threat_count=%threat_count% > threats_removed.bat
- ping localhost >nul
- IF NOT %regallow%==1 goto search
- goto thinkreg
- :maldefend_remove
- title Removing Malware Defender Please Wait
- echo Malware Defender is a tricky one it's exe's are saved as random characters
- echo Meaning we can not detect them but we detected the shortcuts and can remove the registry
- echo entry from the registry which means this Registry Action is taken if you allowed registry editing
- echo We are also removing the shortcuts
- IF EXIST %mal_defend1% DEL %mal_defend1%
- IF EXIST %mal_defend2% DEL %mal_defend2%
- IF EXIST %mal_defend3% DEL %mal_defend3%
- IF EXIST %mal_defend4% DEL %mal_defend4%
- set maldefend_removed=0
- IF NOT EXIST %mal_defend1% set /a maldefend_removed=%maldefend_removed%+1
- IF NOT EXIST %mal_defend2% set /a maldefend_removed=%maldefend_removed%+1
- IF NOT EXIST %mal_defend3% set /a maldefend_removed=%maldefend_removed%+1
- IF NOT EXIST %mal_defend4% set /a maldefend_removed=%maldefend_removed%+1
- IF %maldefend_removed%==4 echo Threat Removed
- IF %maldefend_removed%==4 set /a threat_count=%threat_count%+1
- echo set threat_count=%threat_count% > threats_removed.bat
- ping localhost >nul
- IF NOT %regallow%==1 goto search
- goto maldefendreg
- :cleanreg
- title Fixing Registries
- echo Fixing Registries with the remove_cleanthis.reg Patch
- regedit %clean_reg%
- set /a reg_clean=%reg_clean%+1
- echo set reg_clean=%reg_clean% > reg_cleans.bat
- echo Fixed
- ping localhost >nul
- goto search
- :angreg
- title Fixing Registries
- echo Fixing Registries with the remove_ang.reg Patch
- regedit %ang_reg%
- set /a reg_clean=%reg_clean%+1
- echo set reg_clean=%reg_clean% > reg_cleans.bat
- echo Fixed
- ping localhost >nul
- goto search
- :spyreg
- title Fixing Registries
- echo Fixing Registries with the remove_spyquake.reg Patch
- regedit %spyquake_reg%
- set /a reg_clean=%reg_clean%+1
- echo set reg_clean=%reg_clean% > reg_cleans.bat
- echo Fixed
- ping localhost >nul
- goto search
- :thinkreg
- title Fixing Registries
- echo Fixing Registries with the remove_thinkpoint.reg Patch
- regedit %thinkpoint_reg%
- set /a reg_clean=%reg_clean%+1
- echo set reg_clean=%reg_clean% > reg_cleans.bat
- echo Fixed
- ping localhost >nul
- goto search
- :maldefendreg
- title Fixing Registries
- echo Fixing Registries with the remove_maldefend.reg Patch
- regedit %maldefend_reg%
- set /a reg_clean=%reg_clean%+1
- echo set reg_clean=%reg_clean% > reg_cleans.bat
- echo Fixed
- ping localhost >nul
- goto search
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement