I am consulting one of our Experts. I will return !!
@echo off
If Exist regperms.txt del regperms.txt
For %%i in ("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62B92B1B-2FF4-C0C0-407F-FD1EF3FDEB7A}", "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6537283D-964A-CBD4-C67B-7091E7AC8979}","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBB4A740-CDEF-2FEA-7B76-BB8815E8A690}") Do regdacl %%i /l >>perms.txt & regdacl %%i /E >>regperms.txt
Notepad regperms.txt
@echo off
if exist regperms.txt del regperms.txt
if exist perms.txt del perms.txt
regdacl "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" /sgs:F(ci) >> regperms.txt
For %%i in ("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62B92B1B-2FF4-C0C0-407F-FD1EF3FDEB7A}", "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6537283D-964A-CBD4-C67B-7091E7AC8979}","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBB4A740-CDEF-2FEA-7B76-BB8815E8A690}") Do regdacl %%i /L /E >> regperms.txt
Notepad regperms.txt
@echo off
if exist regperms.txt del regperms.txt
regdacl "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" /rgu >> regperms.txt
regdacl "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62B92B1B-2FF4-C0C0-407F-FD1EF3FDEB7A}" /rgu >> regperms.txt
regdacl "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6537283D-964A-CBD4-C67B-7091E7AC8979}"/rgu >> regperms.txt
regdacl "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBB4A740-CDEF-2FEA-7B76-BB8815E8A690}" /rgu >> regperms.txt
regdacl "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" /sgs:F(ci) >> regperms.txt
regdacl "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62B92B1B-2FF4-C0C0-407F-FD1EF3FDEB7A}" /sgs:F(ci) >> regperms.txt
regdacl "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6537283D-964A-CBD4-C67B-7091E7AC8979}" /sgs:F(ci) >> regperms.txt
regdacl "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBB4A740-CDEF-2FEA-7B76-BB8815E8A690}" /sgs:F(ci) >> regperms.txt
Notepad regperms.txt
(Echo %DATE% %TIME%
If exist empty.hiv del empty.hiv
If not Exist "original bho key.txt" Echo Backing up original BHO KEY & regedit /a "original bho key.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"
IF exist "original bho key.txt" Echo Backup Created Successfully
Echo.....
Echo Creating HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\empty
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\empty
echo.....
Echo Saving HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\empty
Reg Save HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\empty Empty.hiv
echo.....
Echo Deleting HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\empty
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\empty /f
echo.....
Echo Replacing HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects with empty hive
reg restore "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" empty.hiv
)>logit.txt 2>&1
Start logit.txt
If exist empty.hiv del empty.hiv
'create a file named r.bat
'Put r.bat in the same folder as this script
'run the script to set a task which will
'then run r.bat with System Privileges in a minute
'Written by Mosaic1
'Use at your own risk
Dim Future, NewD ,Short,Location ,batty
set fso = Wscript.CreateObject("Scripting.FilesystemObject")
Set Wshshell = Wscript.CreateObject("Wscript.shell")
NewD = DateAdd("n" , 1, Now)
Future = FormatDateTime(NewD,3)
Set Location = fso.GetFile("r.bat")
Short = Location.ShortPath
Wshshell.run "Cmd.exe /c" & "At" & Chr(32) & Chr(34) & Future & Chr(34) & Chr(32) & "/Interactive" & Chr(32) & Short ,vbhidden 'Set the task
MsgBox " Setup Done!"
Set fso = nothing
Set Wshshell = nothing
Set Location = nothing
@echo off
regdacl "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" /L /E >> newperms.txt
Notepad newperms.txt
Return to Infected? Virus, malware, adware, ransomware, oh my!
Users browsing this forum: No registered users and 256 guests
Contact us:
Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.
Member site: UNITE Against Malware