API tools faq
paste
Advertisement
shubshub

AntiRogue code

shubshub
Jun 2nd, 2012
132
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Batch 9.42 KB | None | 0 0
raw download clone embed print report
  1. @echo off
  2. set threat_count=0
  3. set reg_clean=0
  4. IF EXIST "threats_removed.bat" CALL "threats_removed.bat"
  5. set cleanthis="C:\Users\%username%\AppData\Roaming\gog.exe"
  6. set clean_reg="%cd%\Registry Patches\remove_cleanthis.reg"
  7. set ang1="c:\Program Files\Common Files\System\mgnc\angpd.exe"
  8. set ang2="c:\Program Files\Common Files\System\mgnc\mcdk.exe"
  9. set ang3="c:\Program Files\Common Files\System\mgnc\rkgnd.exe"
  10. set ang4="c:\Program Files\Common Files\System\mgnc\wsd.exe"
  11. set ang_reg="%cd%\Registry Patches\remove_ang.reg"
  12. set spyquake1="C:\Program Files\SpywareQuake\SpywareQuake.exe"
  13. set spyquake2="C:\Program Files\SpyQuake2.com\Spy-Quake2.exe"
  14. set spyquake3="C:\Program Files\SpywareQuaked\SpywareQuaked.exe"
  15. set spyquake_reg="%cd%\Registry Patches\remove_spyquake.reg"
  16. set thinkpoint1="C:\Users\%username%\AppData\Roaming\hotfix.exe"
  17. set thinkpoint2="%UserProfile%\AppData\Roaming\thinkpoint.exe"
  18. set thinkpoint3="C:\bbotxxxxxx.exe"
  19. set thinkpoint_reg="%cd%\Registry Patches\remove_thinkpoint.reg"
  20. set mal_defend1="%UserProfile%\Start Menu\Programs\Strong Malware Defender.lnk"
  21. set mal_defend2="%UserProfile%\Application Data\Strong Malware Defender\Instructions.ini"
  22. set mal_defend3="%UserProfile%\Start Menu\Strong Malware Defender.lnk"
  23. set mal_defend4="%UserProfile%\Application Data\Strong Malware Defender\cookies.sqlite"
  24. set maldefend_reg="%cd%\Registry Patches\remove_maldefend.reg"
  25. title AntiRogue v1.2
  26. echo AntiRogue is a Security Software that will help keep your computer clean from
  27. echo Rogue security software Before it begins scanning we Need your consent to be able to use regedit in order
  28. echo to remove nasty Registries that those Rogue softwares add to the registry
  29. :check_startup
  30. Set StartupFolder="%AppData%\Microsoft\Windows\Start Menu\Programs\Startup"
  31. If Exist %StartupFolder%\AntiRogue.lnk Goto allowregedit
  32. Set StartupFolder="%UserProfile%\Start Menu\Programs\Startup"
  33. If Exist %StartupFolder%\AntiRogue.lnk Goto allowregedit
  34. set /p copystart=Copy AntiRogue To Startup? Y/N:
  35. IF %copystart%==N goto allowregedit
  36. IF %copystart%==Y goto copy_startup
  37. goto check_startup
  38. :copy_startup
  39. CD /D %~dp0
  40. Set StartupFolder=%AppData%\Microsoft\Windows\Start Menu\Programs\Startup
  41. If Exist "%StartupFolder%\AntiRogue.lnk" Goto allowregedit
  42. Set StartupFolder=%UserProfile%\Start Menu\Programs\Startup
  43. If Exist "%StartupFolder%\AntiRogue.lnk" Goto allowregedit
  44. :FoundStartup
  45. copy "AntiRogue.lnk" "%StartupFolder%"
  46. :allowregedit
  47. set /p allowreg=Allow Registry? Y/N:
  48. if %allowreg%==Y goto search2
  49. if %allowreg%==N goto search1
  50. goto allowregedit
  51. pause
  52. goto search
  53. :search2
  54. set regallow=1
  55. goto search
  56. :search1
  57. set regallow=0
  58. goto search
  59. :search
  60. cls
  61. color 0A
  62. echo Status: Clean
  63. IF EXIST "threats_removed.bat" CALL "threats_removed.bat"
  64. IF EXIST "reg_cleans.bat" CALL "reg_cleans.bat"
  65. IF EXIST "threats_removed.bat" ECHO Rogues Eliminated: %threat_count%
  66. IF EXIST "reg_cleans.bat" ECHO Registries Fixed: %reg_clean%
  67. goto search3
  68. color 07
  69. :search3
  70. title Status: Clean
  71. IF EXIST %cleanthis% goto CLEAN_ALERT
  72. IF EXIST %ang1% goto ANG_ALERT
  73. IF EXIST %ang2% goto ANG_ALERT
  74. IF EXIST %ang3% goto ANG_ALERT
  75. IF EXIST %ang4% goto ANG_ALERT
  76. IF EXIST %spyquake1% goto SPYQUAKE_ALERT
  77. IF EXIST %spyquake2% goto SPYQUAKE_ALERT
  78. IF EXIST %spyquake3% goto SPYQUAKE_ALERT
  79. IF EXIST %thinkpoint1% goto THINKPOINT_ALERT
  80. IF EXIST %thinkpoint2% goto THINKPOINT_ALERT
  81. IF EXIST %thinkpoint3% goto THINKPOINT_ALERT
  82. IF EXIST %mal_defend1% goto MALDEFEND_ALERT
  83. IF EXIST %mal_defend2% goto MALDEFEND_ALERT
  84. IF EXIST %mal_defend3% goto MALDEFEND_ALERT
  85. IF EXIST %mal_defend4% goto MALDEFEND_ALERT
  86. goto search3
  87. :CLEAN_ALERT
  88. set virus=CleanThis
  89. set removal_link=clean_remove
  90. set task="gog.exe"
  91. goto ALERT
  92. :ANG_ALERT
  93. set virus=ANG_AntiVirus
  94. set removal_link=ang_remove
  95. set task1="angpd.exe"
  96. set task2="mcdk.exe"
  97. set task3="rkgnd.exe"
  98. set task4="wsd.exe"
  99. goto ALERT
  100. :SPYQUAKE_ALERT
  101. set virus=SpywareQuake
  102. set removal_link=spyquake_remove
  103. set task1="SpywareQuake.exe"
  104. set task2="Spy-Quake2.exe"
  105. set task3="SpywareQuaked.exe"
  106. set task4="SpywareQuake.exe"
  107. goto ALERT
  108. :THINKPOINT_ALERT
  109. set virus=ThinkPoint
  110. set removal_link=thinkpoint_remove
  111. set task1="hotfix.exe"
  112. set task2="thinkpoint.exe"
  113. set task3="bbotxxxxxx.exe"
  114. goto ALERT
  115. :MALDEFEND_ALERT
  116. set virus=Malware Defender
  117. set removal_link=maldefend_remove
  118. goto ALERT
  119. :ALERT
  120. cls
  121. color 0C
  122. title ALERT!!! MALWARE FOUND!!!
  123. echo Status: Infected
  124. echo Threatening Malware: %virus%
  125. ping localhost >nul
  126. goto %removal_link%
  127. :clean_remove
  128. title Removing CleanThis Please Wait
  129. TASKKILL /F /IM %task%
  130. IF EXIST %cleanthis% del %cleanthis%
  131. IF NOT EXIST %cleanthis% echo Threat Removed
  132. IF NOT EXIST %cleanthis% set /a threat_count=%threat_count%+1
  133. echo set threat_count=%threat_count% > threats_removed.bat
  134. ping localhost >nul
  135. IF NOT %regallow%==1 goto search
  136. goto cleanreg
  137. :ang_remove
  138. title Removing ANG AntiVirus Please Wait
  139. TASKKILL /F /IM %task1% /FI "STATUS eq RUNNING"
  140. TASKKILL /F /IM %task2% /FI "STATUS eq RUNNING"
  141. TASKKILL /F /IM %task3% /FI "STATUS eq RUNNING"
  142. TASKKILL /F /IM %task4% /FI "STATUS eq RUNNING"
  143. IF EXIST %ang1% del %ang1%
  144. IF EXIST %ang2% del %ang2%
  145. IF EXIST %ang3% del %ang3%
  146. IF EXIST %ang4% del %ang4%
  147. set ang_removed=0
  148. IF NOT EXIST %ang1% set /a ang_removed=%ang_removed%+1
  149. IF NOT EXIST %ang2% set /a ang_removed=%ang_removed%+1
  150. IF NOT EXIST %ang3% set /a ang_removed=%ang_removed%+1
  151. IF NOT EXIST %ang4% set /a ang_removed=%ang_removed%+1
  152. IF %ang_removed%==4 echo Threat Removed
  153. IF %ang_removed%==4 set /a threat_count=%threat_count%+1
  154. echo set threat_count=%threat_count% > threats_removed.bat
  155. ping localhost >nul
  156. IF NOT %regallow%==1 goto search
  157. goto angreg
  158. :spyquake_remove
  159. title Removing SpywareQuake Please Wait
  160. TASKKILL /F /IM %task1% /FI "STATUS eq RUNNING"
  161. TASKKILL /F /IM %task2% /FI "STATUS eq RUNNING"
  162. TASKKILL /F /IM %task3% /FI "STATUS eq RUNNING"
  163. IF EXIST %spyquake1% vbs "VBS_Patches\admin.vbs"
  164. IF EXIST %spyquake2% vbs "VBS_Patches\admin.vbs"
  165. IF EXIST %spyqauke3% vbs "VBS_Patches\admin.vbs"
  166. set spy_removed=0
  167. IF NOT EXIST %spyquake1% set /a spy_removed=%spy_removed%+1
  168. IF NOT EXIST %spyquake2% set /a spy_removed=%spy_removed%+1
  169. IF NOT EXIST %spyqauke3% set /a spy_removed=%spy_removed%+1
  170. IF %spy_removed%==3 echo Threat Removed
  171. set /a threat_count=%threat_count%+1
  172. echo set threat_count=%threat_count% > threats_removed.bat
  173. ping localhost >nul
  174. pause
  175. IF NOT %regallow%==1 goto search
  176. goto spyreg
  177. :thinkpoint_remove
  178. title Removing ThinkPoint Please Wait
  179. TASKKILL /F /IM %task1% /FI "STATUS eq RUNNING"
  180. TASKKILL /F /IM %task2% /FI "STATUS eq RUNNING"
  181. TASKKILL /F /IM %task3% /FI "STATUS eq RUNNING"
  182. IF EXIST %thinkpoint1% del %thinkpoint1%
  183. IF EXIST %thinkpoint2% del %thinkpoint2%
  184. IF EXIST %thinkpoint3% del %thinkpoint3%
  185. set think_removed=0
  186. IF NOT EXIST %thinkpoint1% SET /a think_removed=%think_removed%+1
  187. IF NOT EXIST %thinkpoint2% SET /a think_removed=%think_removed%+1
  188. IF NOT EXIST %thinkpoint3% SET /a think_removed=%think_removed%+1
  189. IF %think_removed%==3 echo Threat Removed
  190. IF %think_removed%==3 set /a threat_count=%threat_count%+1
  191. echo set threat_count=%threat_count% > threats_removed.bat
  192. ping localhost >nul
  193. IF NOT %regallow%==1 goto search
  194. goto thinkreg
  195. :maldefend_remove
  196. title Removing Malware Defender Please Wait
  197. echo Malware Defender is a tricky one it's exe's are saved as random characters
  198. echo Meaning we can not detect them but we detected the shortcuts and can remove the registry
  199. echo entry from the registry which means this Registry Action is taken if you allowed registry editing
  200. echo We are also removing the shortcuts
  201. IF EXIST %mal_defend1% DEL %mal_defend1%
  202. IF EXIST %mal_defend2% DEL %mal_defend2%
  203. IF EXIST %mal_defend3% DEL %mal_defend3%
  204. IF EXIST %mal_defend4% DEL %mal_defend4%
  205. set maldefend_removed=0
  206. IF NOT EXIST %mal_defend1% set /a maldefend_removed=%maldefend_removed%+1
  207. IF NOT EXIST %mal_defend2% set /a maldefend_removed=%maldefend_removed%+1
  208. IF NOT EXIST %mal_defend3% set /a maldefend_removed=%maldefend_removed%+1
  209. IF NOT EXIST %mal_defend4% set /a maldefend_removed=%maldefend_removed%+1
  210. IF %maldefend_removed%==4 echo Threat Removed
  211. IF %maldefend_removed%==4 set /a threat_count=%threat_count%+1
  212. echo set threat_count=%threat_count% > threats_removed.bat
  213. ping localhost >nul
  214. IF NOT %regallow%==1 goto search
  215. goto maldefendreg
  216. :cleanreg
  217. title Fixing Registries
  218. echo Fixing Registries with the remove_cleanthis.reg Patch
  219. regedit %clean_reg%
  220. set /a reg_clean=%reg_clean%+1
  221. echo set reg_clean=%reg_clean% > reg_cleans.bat
  222. echo Fixed
  223. ping localhost >nul
  224. goto search
  225. :angreg
  226. title Fixing Registries
  227. echo Fixing Registries with the remove_ang.reg Patch
  228. regedit %ang_reg%
  229. set /a reg_clean=%reg_clean%+1
  230. echo set reg_clean=%reg_clean% > reg_cleans.bat
  231. echo Fixed
  232. ping localhost >nul
  233. goto search
  234. :spyreg
  235. title Fixing Registries
  236. echo Fixing Registries with the remove_spyquake.reg Patch
  237. regedit %spyquake_reg%
  238. set /a reg_clean=%reg_clean%+1
  239. echo set reg_clean=%reg_clean% > reg_cleans.bat
  240. echo Fixed
  241. ping localhost >nul
  242. goto search
  243. :thinkreg
  244. title Fixing Registries
  245. echo Fixing Registries with the remove_thinkpoint.reg Patch
  246. regedit %thinkpoint_reg%
  247. set /a reg_clean=%reg_clean%+1
  248. echo set reg_clean=%reg_clean% > reg_cleans.bat
  249. echo Fixed
  250. ping localhost >nul
  251. goto search
  252. :maldefendreg
  253. title Fixing Registries
  254. echo Fixing Registries with the remove_maldefend.reg Patch
  255. regedit %maldefend_reg%
  256. set /a reg_clean=%reg_clean%+1
  257. echo set reg_clean=%reg_clean% > reg_cleans.bat
  258. echo Fixed
  259. ping localhost >nul
  260. goto search
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!