ripdad Posted March 15, 2010 Posted March 15, 2010 (edited) Virus Cleaning Tool - Debugger - v2.01This Tool undoes the damage caused by a virus that modifies the registry with "Debugger Values" under:"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options"which cause programs not to run.-EDIT-I've re-written this tool to accommodate for the different ways these viruses are writing to the registry.The count is now over 750 entries.No restrictions with this version, with the exception of #RequireAdmin.expandcollapse popup; Virus Cleaning Tool - Debugger - v2.01 #RequireAdmin Global $title = 'Virus Cleaning Tool - Debugger' Local $number = _Debugger(0); 0 = check if Debugger entries are present If $number = 0 Then MsgBox(8256, $title, 'Nothing Found') Exit EndIf If MsgBox(8228, $title, $number & ' Entries Found' & @CRLF & @CRLF & 'Clean?') = 7 Then Exit _Debugger(1); 1 = Delete Debugger ValueNames _DebuggerEx(); Delete Empty Keys MsgBox(8256, $title, 'Finished - Check DebuggerLog.txt for more info') Exit Func _Debugger($mode) Local $MainKey = 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options' Local $ImageName, $ValueName = 'Debugger', $sCount = 0, $eCount = 0 Local $Logfile = @ScriptDir & '\DebuggerLog.txt' For $i = 1 To 10000 $ImageName = RegEnumKey($MainKey, $i) If @error <> 0 Then ExitLoop If $ImageName = 'Your Image File Name Here without a path' Then ContinueLoop RegRead($MainKey & '\' & $ImageName, $ValueName) If @error <> 0 Then ContinueLoop $sCount += 1 If $mode = 1 Then If RegDelete($MainKey & '\' & $ImageName, $ValueName) Then FileWriteLine($Logfile, 'Debugger Deleted: ' & $MainKey & '\' & $ImageName) ToolTip('Deleted: ' & $ImageName & '\' & $ValueName, 0, 0, $title, 1) Sleep(20) $i -= 1 Else $eCount += 1 FileWriteLine($Logfile, 'Error Deleting Debugger: ' & $MainKey & '\' & $ImageName) ToolTip('Error Deleting: ' & $ImageName & '\' & $ValueName, 0, 0, $title, 1) Sleep(20) EndIf EndIf Next ToolTip('') If $mode = 0 Then Return $sCount If RegRead($MainKey, $ValueName) Then RegDelete($MainKey, $ValueName) FileWriteLine($Logfile, 'Debugger Entries Cleaned: ' & $sCount - $eCount & @CRLF & 'Errors: ' & $eCount) EndFunc Func _DebuggerEx() Local $MainKey = 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options' Local $ImageName, $sCount = 0, $eCount = 0, $Logfile = @ScriptDir & '\DebuggerLog.txt' For $i = 1 To 10000 $ImageName = RegEnumKey($MainKey, $i) If @error <> 0 Then ExitLoop If RegEnumVal($MainKey & '\' & $ImageName, 1) Then ContinueLoop If RegDelete($MainKey & '\' & $ImageName) Then $sCount += 1 ToolTip('Deleted Key: ' & $ImageName, 0, 0, $title, 1) Sleep(20) $i -= 1 Else $eCount += 1 ToolTip('Error Deleting Key: ' & $ImageName, 0, 0, $title, 1) Sleep(20) EndIf Next ToolTip('') FileWriteLine($Logfile, 'Empty Keys Deleted: ' & $sCount & @CRLF & 'Errors: ' & $eCount) EndFunc-Edit2-Below is minicode of above -- it has no prompts, no counting, no logging and no frills.It just does it, no questions asked ... except UAC of course. <grin>#RequireAdmin Local $k = 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options' Local $n, $v = 'Debugger', $p = 'Your Image File Name Here without a path' If RegRead($k, $v) Then RegDelete($k, $v) For $i = 1 To 10000 $n = RegEnumKey($k, $i) If @error <> 0 Then ExitLoop If $n = $p Then ContinueLoop If RegRead($k & '\' & $n, $v) Then RegDelete($k & '\' & $n, $v) $i -= 1 EndIf If Not RegEnumVal($k & '\' & $n, 1) Then RegDelete($k & '\' & $n) Next Edited January 1, 2011 by ripdad "The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward
Fire Posted April 25, 2010 Posted April 25, 2010 (edited) Hi ripdad.Really this is awesome idea.5 starts from me for great idea.BTW i create GUI programm it is based on your idea.Here is: (I`m sorry it is not English language based because my English very awfull and i create this programm for my native.Anyway I want to say THANK YOU MAN for great idea.Binary & src can be found here for GUI:Download Binary (src included)edit: correction on urlReuploaded:(Contains all src again)http://qovluq.biz/uploads/1f30.rar MD5 SUM: http://qovluq.biz/uploads/1f301.md5 Edited December 31, 2010 by Fire [size="5"] [/size]
ripdad Posted April 26, 2010 Author Posted April 26, 2010 Hi Sh3llC043r Thats a lot of code for such a small task. Nice gui and sound effects. And ... you're welcome. "The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward
ripdad Posted December 29, 2010 Author Posted December 29, 2010 Updated v2 - see first post "The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward
mesale0077 Posted December 29, 2010 Posted December 29, 2010 hi Fire link broken Download Binary (src included) give me new link thank you
Fire Posted December 31, 2010 Posted December 31, 2010 mesale0077 Np dude link was updated.P.S Kardes Ulkeye Atesli Selamlar Happy New Year!4:41 31.12.2010 [size="5"] [/size]
mesale0077 Posted December 31, 2010 Posted December 31, 2010 hi fire thank you P.S. Sağol kardeş sizlerede ateşli selamlar.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now