toxic: virus mata_virus_amvo

virus mata_virus_amvo_usb.vbs

On Error Resume Next

Dim geekside,nret,nret1,nret2,nret3,nret4,nret5,nret6,nret7,nret8,nret9,nret10,nret11,nret12,nret13,nret14,WSHShell,nret15
Dim nret16,nret17,nret18,nret19,nret20,nret21,nret22,nret23,nret24,nret25,nret26,nret27,nret28,nret29,nret30,nret31,nret32
Dim nret33,nret34,nret35,nret36,nret37,nret38,nret39,nret40,nret41,nret42,nret43,nret44,nret45,nret46,nret47,nret48, nret49, nret50
Dim nret51, nret52,nret53,nret54,nret55,nret56,nret57,nret58, nret59, nret60,nret61,nret62,nret63
Dim nret64,nret65,nret66,nret67,nret68,nret69,nret70,nret71,nret72,nret73,nret74,nret75,nret76,nret77



Set geekside=WScript.CreateObject("WScript.Shell")
Set WSHShell=Wscript.CreateObject("Wscript.Shell")

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set colDrives = objFSO.Drives

Wscript.Echo "Software provisto por MyGeekSide.com para la eliminación del software malicioso amvo, avpo, n1detect"

For Each objDrive in colDrives
   If objDrive.IsReady = True Then
 Wscript.Echo "Limpiar unidad: " & objDrive.DriveLetter


 nret13=geekside.Run("cmd /C taskkill /f /im amvo.exe",0,TRUE)
 nret14=geekside.Run("cmd /C taskkill /f /im avpo.exe",0,TRUE)

 nret55=geekside.Run("cmd /C taskkill /f /im semo2x.exe.tmp",0,TRUE)
 nret58=geekside.Run("cmd /C taskkill /f /im semo2x.exe",0,TRUE)
 
 
 nret=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\autorun.inf",0,TRUE)
 nret1=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\ntdeiect.com",0,TRUE)
 nret2=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\n1detect.com",0,TRUE)
 nret3=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\n1deiect.com",0,TRUE)
 nret4=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\n?deiect.com",0,TRUE)
 nret5=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\nide?ect.com",0,TRUE)
 nret6=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\u?de?ect.com",0,TRUE)
 nret3=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\ntde1ect.com",0,TRUE)


 nret51=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\80*.com",0,TRUE)
 nret52=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\semo*.exe",0,TRUE)


 nret64=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\dos*.com",0,TRUE)
 nret65=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\xfool*.com",0,TRUE)
 nret65=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\d.com",0,TRUE)

 nret65=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\tio*.*",0,TRUE)


 nret7=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\autorun.inf /f /q /a",0,TRUE)
 nret8=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\ntdeiect.com /f /q /a" ,0,TRUE)
 nret9=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\n1detect.com /f /q /a",0,TRUE)
 nret10=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\n?deiect.com /f /q /a",0,TRUE)
 nret11=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\nide?ect.com /f /q /a",0,TRUE)
 nret12=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\u?de?ect.com /f /q /a",0,TRUE)


 nret53=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\80*.com /f /q /a",0,TRUE)
 nret54=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\semo*.exe /f /q /a",0,TRUE)


 nret66=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\dos*.com /f /q /a",0,TRUE)
 nret67=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\xfool*.com /f /q /a",0,TRUE) 
 nret67=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\d.com /f /q /a",0,TRUE)
 nret67=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\ntde1ect.com /f /q /a",0,TRUE)


 nret67=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\tio*.* /f /q /a",0,TRUE)

 
 nret15=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\amvo.exe",0,TRUE)
 nret16=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\avpo.exe",0,TRUE)
 nret17=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\amvo0.dll",0,TRUE)
 nret18=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\amvo1.dll",0,TRUE)
 nret41=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\amvo2.dll",0,TRUE)
 nret19=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\avpo0.dll",0,TRUE)
 nret20=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\avpo1.dll",0,TRUE)
 

 nret56=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\semo*.exe.tmp",0,TRUE)
 nret60=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\semo*.exe",0,TRUE)


       nret23=geekside.Run("cmd /C del /f c:\windows\system32\amvo.exe",0,TRUE)
 nret24=geekside.Run("cmd /C del /f c:\windows\system32\avpo.exe",0,TRUE)
 nret25=geekside.Run("cmd /C del /f c:\windows\system32\amvo0.dll",0,TRUE)
 nret26=geekside.Run("cmd /C del /f c:\windows\system32\amvo1.dll",0,TRUE)
 nret42=geekside.Run("cmd /C del /f c:\windows\system32\amvo2.dll",0,TRUE)
 nret27=geekside.Run("cmd /C del /f c:\windows\system32\avpo0.dll",0,TRUE)
 nret28=geekside.Run("cmd /C del /f c:\windows\system32\avpo1.dll",0,TRUE)
 

 nret57=geekside.Run("cmd /C del /f c:\windows\system32\semo*.exe.tmp",0,TRUE)
 nret59=geekside.Run("cmd /C del /f c:\windows\system32\semo*.exe",0,TRUE)


 nret31=geekside.Run("cmd /C reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ /v amva /f",0,TRUE)
 nret32=geekside.Run("cmd /C reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ /v avpo /f",0,TRUE)

 nret68=geekside.Run("cmd /C reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ /v avpa /f",0,TRUE)


 nret33=geekside.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v Hidden /t REG_DWORD /d 1 /f",0,TRUE)
 nret43=geekside.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v SuperHidden /t REG_DWORD /d 1 /f",0,TRUE)
 nret44=geekside.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v ShowSuperHidden /t REG_DWORD /d 1 /f",0,TRUE)


 nret45=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v Hidden /t REG_DWORD /d 1 /f",0,TRUE)
 nret46=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v SuperHidden /t REG_DWORD /d 1 /f",0,TRUE)
 nret47=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v ShowSuperHidden /t REG_DWORD /d 1 /f",0,TRUE)


 nret34=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\ /v CheckedValue /t REG_DWORD /d 2 /f",0,TRUE)
 nret35=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\ /v DefaultValue /t REG_DWORD /d 2 /f",0,TRUE)


 nret36=geekside.Run("cmd /C reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\ /v CheckedValue /f",0,TRUE)
 nret37=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\ /v CheckedValue /t REG_DWORD /d 1 /f",0,TRUE)
 nret38=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\ /v DefaultValue /t REG_DWORD /d 2 /f",0,TRUE)


 nret39=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\ /v CheckedValue /t REG_DWORD /d 0 /f",0,TRUE)
 nret40=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\ /v DefaultValue /t REG_DWORD /d 0 /f",0,TRUE)

 nret48=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\ /v Type /t REG_SZ /d Group /f",0,TRUE)


 nret49=geekside.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f",0,TRUE)
 nret50=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f",0,TRUE)


   End If
Next

 nret61=geekside.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ /v NoFolderOptions /t REG_DWORD /d 0 /f",0,TRUE)
 nret62=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ /v NoFolderOptions /t REG_DWORD /d 0 /f",0,TRUE)
 nret63=geekside.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\ /v DisableRegistryTools /t REG_DWORD /d 0 /f",0,TRUE)


Wscript.Echo "Debes reiniciar tu PC para asegurarnos de haber eliminado el software malicioso"
TOP
toxic

the orbit exact intelegent connector

toxic smada sinjai

VIRUS UPDATE

download list

About Me

komentar kamu disini !!!!

toxic arship

virus mata_virus_amvo_usb.vbs
