başlık/yazar ara
kayıt ol istatistikler video galeri anket iletişim hakkımızda responsive site

amvo exe

entry6 galeri
    5.
  1. baş belası virüs. çözümü de şöyle;
    aşağıdaki scripti alın, bir metin dosyasına yapıştırıp vbs uzantılı olarak kaydedip çalıştırın. işte bu kadar.

    --spoiler--

    on Error Resume Next

    Dim objShell, objFileSystem, objTextStream, objRegex
    Dim colRegexMatches1, colRegexMatches2
    Dim nReturnCode
    Dim strIpFileText
    Dim element, i

    Dim Lista
    Lista=array("n1de?ect.com","nide?ect.com","nlde?ect.com","j*.bat","m*.com","d*.com","copy.exe","host.exe",_
    "a0*.com","ntdeiect.com","ntdelect.com", "u?de*.com","ntde1ect.com", "x*.com", "tio*.*",_
    "80*.com","semo*.exe","autorun*.*","x*.exe","yl*.exe","qd*.cmd")

    Set hardwaremania=WScript.CreateObject("WScript.Shell")
    Set objShell = WScript.CreateObject("WScript.Shell")
    Set objFileSystem = CreateObject("Scripting.FileSystemObject")

    Set objFSO = CreateObject("Scripting.FileSystemObject")
    Set colDrives = objFSO.Drives

    Wscript.Echo "bu script kötü amaçlý amvo, avpo, n1detect ve türevlerini kaldýrmak için hazýrlanmýþtýr"
    Wscript.Echo "arama ve silme iþlemi bikaç saniye alacaktýr. lütfen sabýrlý olun"

    i=0
    For Each objDrive in colDrives
    If objDrive.IsReady = True Then
    nret=hardwaremania.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\autorun.inf",0,TRUE)
    Set objTextStream = objFileSystem.OpenTextFile(objDrive.DriveLetter&":\autorun.inf",1)
    strIpFileText = objTextStream.ReadAll
    objTextStream.Close
    End If
    Next

    Set objRegex = new RegExp

    objRegex.Pattern = "=\w+(.com|.bat|.exe|.pif|.scr|.svd|.dat|.tmp|.cmd)"
    objRegex.Global = True
    objRegex.IgnoreCase = True
    Set colRegexMatches1 = objRegex.Execute(strIpFileText)

    i=0
    For Each element In colRegexMatches1
    element = Replace(element,"=","")
    WScript.Echo "Proceeding to remove file of virus :" & element
    For Each objDrive in colDrives
    If objDrive.IsReady = True Then
    Wscript.Echo "Clean drive: " & objDrive.DriveLetter

    nret=hardwaremania.Run("cmd /C taskkill /f /im amvo.exe",0,TRUE)
    nret=hardwaremania.Run("cmd /C taskkill /f /im avpo.exe",0,TRUE)

    nret=hardwaremania.Run("cmd /C taskkill /f /im semo2x.exe.tmp",0,TRUE)
    nret=hardwaremania.Run("cmd /C taskkill /f /im semo2x.exe",0,TRUE)
    nret=hardwaremania.Run("cmd /C taskkill /f /im help.exe.tmp",0,TRUE)

    nret=hardwaremania.Run("cmd /C attrib -s -h -r " &objDrive.DriveLetter&":\" & element &"",0,TRUE)
    nret=hardwaremania.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\" & element & "/f /q /a",0,TRUE)
    nret=hardwaremania.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\autorun.inf",0,TRUE)

    End If
    Next
    i = i + 1
    Next


    Set objRegex= Nothing
    Set objTextStream = Nothing
    Set objFileSystem = Nothing
    Set objShell = Nothing

    nret15=hardwaremania.Run("cmd /C attrib -s -h -r c:\windows\system32\amvo*.*",0,TRUE)
    nret16=hardwaremania.Run("cmd /C attrib -s -h -r c:\windows\system32\avpo*.*",0,TRUE)
    nret20=hardwaremania.Run("cmd /C attrib -s -h -r c:\windows\system32\help.exe.tmp",0,TRUE)


    nret56=hardwaremania.Run("cmd /C attrib -s -h -r c:\windows\system32\semo*.*",0,TRUE)
    nret60=hardwaremania.Run("cmd /C attrib -s -h -r c:\windows\system32\semo*.*.*",0,TRUE)

    nret23=hardwaremania.Run("cmd /C del /f c:\windows\system32\amvo*.*",0,TRUE)
    nret24=hardwaremania.Run("cmd /C del /f c:\windows\system32\avpo*.*",0,TRUE)


    nret57=hardwaremania.Run("cmd /C del /f c:\windows\system32\semo*.*.*",0,TRUE)
    nret59=hardwaremania.Run("cmd /C del /f c:\windows\system32\semo*.*",0,TRUE)

    WScript.Echo "gizli dosyalarýn görünmesi için kayýt defteri eski haline getiriliyor"

    nret31=hardwaremania.Run("cmd /C reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ /v amva /f",0,TRUE)
    nret32=hardwaremania.Run("cmd /C reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ /v avpo /f",0,TRUE)

    nret68=hardwaremania.Run("cmd /C reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ /v avpa /f",0,TRUE)

    nret33=hardwaremania.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v Hidden /t REG_DWORD /d 1 /f",0,TRUE)
    nret43=hardwaremania.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v SuperHidden /t REG_DWORD /d 1 /f",0,TRUE)
    nret44=hardwaremania.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v ShowSuperHidden /t REG_DWORD /d 1 /f",0,TRUE)

    nret45=hardwaremania.Run("cmd /C reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v Hidden /t REG_DWORD /d 1 /f",0,TRUE)
    nret46=hardwaremania.Run("cmd /C reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v SuperHidden /t REG_DWORD /d 1 /f",0,TRUE)
    nret47=hardwaremania.Run("cmd /C reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v ShowSuperHidden /t REG_DWORD /d 1 /f",0,TRUE)

    nret34=hardwaremania.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\ /v CheckedValue /t REG_DWORD /d 2 /f",0,TRUE)
    nret35=hardwaremania.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\ /v DefaultValue /t REG_DWORD /d 2 /f",0,TRUE)

    nret36=hardwaremania.Run("cmd /C reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\ /v CheckedValue /f",0,TRUE)
    nret37=hardwaremania.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\ /v CheckedValue /t REG_DWORD /d 1 /f",0,TRUE)
    nret38=hardwaremania.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\ /v DefaultValue /t REG_DWORD /d 2 /f",0,TRUE)

    nret39=hardwaremania.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\ /v CheckedValue /t REG_DWORD /d 0 /f",0,TRUE)
    nret40=hardwaremania.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\ /v DefaultValue /t REG_DWORD /d 0 /f",0,TRUE)

    nret48=hardwaremania.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\ /v Type /t REG_SZ /d Group /f",0,TRUE)

    nret61=hardwaremania.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ /v NoFolderOptions /t REG_DWORD /d 0 /f",0,TRUE)
    nret62=hardwaremania.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ /v NoFolderOptions /t REG_DWORD /d 0 /f",0,TRUE)
    nret63=hardwaremania.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\ /v DisableRegistryTools /t REG_DWORD /d 0 /f",0,TRUE)

    nret78=hardwaremania.Run("cmd /C taskkill /f /im explorer.exe",0,TRUE)
    nret79=hardwaremania.Run("cmd /C start explorer.exe",0,TRUE)

    nret15=hardwaremania.Run("cmd /C attrib -s -h -r c:\windows\system32\amvo*.*",0,TRUE)
    nret16=hardwaremania.Run("cmd /C attrib -s -h -r c:\windows\system32\avpo*.*",0,TRUE)
    nret20=hardwaremania.Run("cmd /C attrib -s -h -r c:\windows\system32\help.exe.tmp",0,TRUE)



    nret56=hardwaremania.Run("cmd /C attrib -s -h -r c:\windows\system32\semo*.*.*",0,TRUE)
    nret60=hardwaremania.Run("cmd /C attrib -s -h -r c:\windows\system32\semo*.*",0,TRUE)

    nret23=hardwaremania.Run("cmd /C del /f c:\windows\system32\amvo*.*",0,TRUE)
    nret24=hardwaremania.Run("cmd /C del /f c:\windows\system32\avpo*.*",0,TRUE)


    nret57=hardwaremania.Run("cmd /C del /f c:\windows\system32\semo*.*.*",0,TRUE)
    nret59=hardwaremania.Run("cmd /C del /f c:\windows\system32\semo*.*",0,TRUE)

    For Each objDrive in colDrives
    If objDrive.IsReady = True Then
    For X=0 to UBound(Lista)
    nret=hardwaremania.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\"&Lista(X)&"",0,TRUE)
    nret=hardwaremania.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\" &Lista(X)& "/f /q /a",0,TRUE)
    Next
    End If
    Next

    WScript.Echo "Tebrikler! bilgisayarýnýz amvo virus ve türevlerinden temizlendi"
    WScript.Echo "http://www.hardwaremania.com" ;

    WScript. Quit(0)
    --spoiler--
    zordostumzor 03.02.2009 17:00
    3 ...