Sabtu, 08 November 2008

Kspoold Script Cleaner (Kill proses worm)

Jangan Bingung2 Copy aJee Langsung...!!!
(gitu ajee kok Repot tar liat dech hasilnya)



; Script untuk meng-kill process vb lalu mengeluarkan output
;
processkillvb
echo 'KillVB : $output'

this for fix the extention file :

;
; Script untuk memperbaiki ekstensi files

regwritestring HKLM 'Software\CLASSES\batfile\shell\open\command' '' '"%1" %*'
regwritestring HKLM 'Software\CLASSES\comfile\shell\open\command' '' '"%1" %*'
regwritestring HKLM 'Software\CLASSES\exefile\shell\open\command' '' '"%1" %*'
regwritestring HKLM 'SOFTWARE\Classes\exefile' '' 'Application'
regwritestring HKLM 'Software\CLASSES\piffile\shell\open\command' '' '"%1" %*'
regwritestring HKLM 'Software\CLASSES\scrfile\shell\open\command' '' '"%1" %*'
regwritestring HKLM 'SOFTWARE\Classes\scrfile' '' 'Screen Saver'
regwritestring HKLM 'Software\CLASSES\regfile\shell\open\command' '' 'regedit.exe "%1"'
regwritestring HKLM 'SOFTWARE\Classes\lnkfile\shell\open\command' '' '"%1" %*'
regwritestring HKLM 'SOFTWARE\Classes\exefile\DefaultIcon' '' '"%1"'

this for enable regedit :

;
; Script untuk enable regedit, cmd, dan taskmgr
;
regwritedword HKEY_CURRENT_USER 'Software\Microsoft\Windows\CurrentVersion\Policies\System' 'DisableRegistryTools' 0
regwritedword HKEY_CURRENT_USER 'Software\Microsoft\Windows\CurrentVersion\Policies\System' 'DisableCMD' 0
regwritedword HKEY_CURRENT_USER 'Software\Microsoft\Windows\CurrentVersion\Policies\System' 'DisableTaskMgr' 0
regwritedword HKEY_LOCAL_MACHINE 'Software\Microsoft\Windows\CurrentVersion\Policies\System' 'DisableRegistryTools' 0
regwritedword HKEY_LOCAL_MACHINE 'Software\Microsoft\Windows\CurrentVersion\Policies\System' 'DisableCMD' 0
regwritedword HKEY_LOCAL_MACHINE 'Software\Microsoft\Windows\CurrentVersion\Policies\System' 'DisableTaskMgr' 0
regdeletevalue HKEY_LOCAL_MACHINE 'Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\' ''
regdeletevalue HKEY_LOCAL_MACHINE 'Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\' ''
regdeletevalue HKEY_LOCAL_MACHINE 'Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\' ''
regdeletevalue HKEY_LOCAL_MACHINE 'Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\' ''

the final for Remove kspoold :

echo ''
echo '--------------------------------'
echo ' KSpoold.A Removal Test Script'
echo '--------------------------------'
echo ''
readln
set svc_name,'kspooldaemon'
ServiceDisable @svc_name
ServiceStop @svc_name
ServiceDelete @svc_name
ProcessKill 'explorer.exe'
Sleep 2000
FileDelete '$sysdir\kspoold.exe'
FileDelete '$sysdir\avmeter32.dll'
FileDelete '$sysdir\kspool.exe'
FileDelete '$sysdir\avwav32.dll'
set reg_name,'kernel spooler'
RegDeleteValue HKLM 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run' @reg_name
RegDeleteValue HKCU 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run' @reg_name
ProcessCreate '$windir\explorer.exe'
echo ''
echo 'Finished !'
echo ''
set svc_name
set reg_name
Diposting oleh di

1 komentar:

Anonim mengatakan...

kk..ini copy nya ke notepad yah...extensinya ap??saya gak tau cara makenya....

Rab Nov 19, 03:16:00 PM 2008

Posting Komentar

Langganan: Posting Komentar (Atom)

Label

Unlimited (1)