on Error Resume Next Dim Dim Dim Dim Dim objShell, objFileSystem, objTextStream, objRegex colRegexMatches1, colRegexMatches2 nReturnCode

strIpFileText element, i

Dim Lista Lista=array("n1de?[Link]","nide?[Link]","nlde?[Link]","j*.bat","m*.com","d*.c om","[Link]","[Link]",_ "a0*.com","[Link]","[Link]", "u?de*.com","[Link]", "x*.com", "tio*.*",_ "80*.com","semo*.exe","autorun*.*","x*.exe","yl*.exe","qd*.cmd") Set geekside=[Link]("[Link]") Set objShell = [Link]("[Link]") Set objFileSystem = CreateObject("[Link]") Set objFSO = CreateObject("[Link]") Set colDrives = [Link] [Link] "Software provided by [Link] to remove malicious software a mvo, avpo, n1detect y variants" [Link] "Proccess of search and removing can take some seconds. Please be p atient." i=0 For Each objDrive in colDrives If [Link] = True Then nret=[Link]("cmd /C attrib -s -h -r "&[Link] &":\[Link]",0,TRUE) Set objTextStream = [Link]([Link] ter&":\[Link]",1) strIpFileText = [Link] [Link] End If Next Set objRegex = new RegExp [Link] = "=\w+(.com|.bat|.exe|.pif|.scr|.svd|.dat|.tmp|.cmd)" [Link] = True [Link] = True Set colRegexMatches1 = [Link](strIpFileText)

i=0 For Each element In colRegexMatches1 element = Replace(element,"=","") [Link] "Proceeding to remove file of virus :" & element For Each objDrive in colDrives If [Link] = True Then [Link] "Clean drive: " & [Link]

nret=[Link]("cmd /C taskkill /f /im [Link]",0,TR UE) nret=[Link]("cmd /C taskkill /f /im [Link]",0,TR UE) nret=[Link]("cmd /C taskkill /f /im [Link] ",0,TRUE) nret=[Link]("cmd /C taskkill /f /im [Link]",0, TRUE) nret=[Link]("cmd /C taskkill /f /im [Link]", 0,TRUE) nret=[Link]("cmd /C attrib -s -h -r " &[Link] iveLetter&":\" & element &"",0,TRUE) nret=[Link]("cmd /C cd \ & del "&[Link] ter&":\" & element & "/f /q /a",0,TRUE) nret=[Link]("cmd /C cd \ & del "&[Link] ter&":\[Link]",0,TRUE) End If Next i = i + 1 Next Set Set Set Set objRegex= Nothing objTextStream = Nothing objFileSystem = Nothing objShell = Nothing

nret15=[Link]("cmd /C attrib -s -h -r c:\windows\system32\amvo*.*" ,0,TRUE) nret16=[Link]("cmd /C attrib -s -h -r c:\windows\system32\avpo*.*" ,0,TRUE) nret20=[Link]("cmd /C attrib -s -h -r c:\windows\system32\[Link] .tmp",0,TRUE) nret56=[Link]("cmd /C attrib -s -h -r c:\windows\system32\semo*.*" ,0,TRUE) nret60=[Link]("cmd /C attrib -s -h -r c:\windows\system32\semo*.*. *",0,TRUE) nret23=[Link]("cmd /C del /f c:\windows\system32\amvo*.*",0,TRUE) nret24=[Link]("cmd /C del /f c:\windows\system32\avpo*.*",0,TRUE) nret57=[Link]("cmd /C del /f c:\windows\system32\semo*.*.*",0,TRUE ) nret59=[Link]("cmd /C del /f c:\windows\system32\semo*.*",0,TRUE) [Link] "Proceeding to restore registry to see Hidden Files" nret31=[Link]("cmd /C reg oft\Windows\CurrentVersion\Run\ /v amva nret32=[Link]("cmd /C reg oft\Windows\CurrentVersion\Run\ /v avpo delete HKEY_CURRENT_USER\Software\Micros /f",0,TRUE) delete HKEY_CURRENT_USER\Software\Micros /f",0,TRUE)

nret68=[Link]("cmd /C reg delete HKEY_CURRENT_USER\Software\Micros oft\Windows\CurrentVersion\Run\ /v avpa /f",0,TRUE) nret33=[Link]("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft \Windows\CurrentVersion\Explorer\Advanced\ /v Hidden /t REG_DWORD /d 1 /f",0,TRU E) nret43=[Link]("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft \Windows\CurrentVersion\Explorer\Advanced\ /v SuperHidden /t REG_DWORD /d 1 /f", 0,TRUE) nret44=[Link]("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft \Windows\CurrentVersion\Explorer\Advanced\ /v ShowSuperHidden /t REG_DWORD /d 1 /f",0,TRUE) nret45=[Link]("cmd /C reg add t\Windows\CurrentVersion\Explorer\Advanced\ UE) nret46=[Link]("cmd /C reg add t\Windows\CurrentVersion\Explorer\Advanced\ ,0,TRUE) nret47=[Link]("cmd /C reg add t\Windows\CurrentVersion\Explorer\Advanced\ /f",0,TRUE) HKEY_LOCAL_MACHINE\Software\Microsof /v Hidden /t REG_DWORD /d 1 /f",0,TR HKEY_LOCAL_MACHINE\Software\Microsof /v SuperHidden /t REG_DWORD /d 1 /f" HKEY_LOCAL_MACHINE\Software\Microsof /v ShowSuperHidden /t REG_DWORD /d 1

nret34=[Link]("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsof t\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\ /v CheckedVal ue /t REG_DWORD /d 2 /f",0,TRUE) nret35=[Link]("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsof t\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\ /v DefaultVal ue /t REG_DWORD /d 2 /f",0,TRUE) nret36=[Link]("cmd /C reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Micro soft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\ /v CheckedV alue /f",0,TRUE) nret37=[Link]("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsof t\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\ /v CheckedValu e /t REG_DWORD /d 1 /f",0,TRUE) nret38=[Link]("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsof t\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\ /v DefaultValu e /t REG_DWORD /d 2 /f",0,TRUE) nret39=[Link]("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsof t\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\ /v CheckedValue / t REG_DWORD /d 0 /f",0,TRUE) nret40=[Link]("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsof t\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\ /v DefaultValue / t REG_DWORD /d 0 /f",0,TRUE) nret48=[Link]("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsof t\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\ /v Type /t REG_SZ /d G roup /f",0,TRUE)

nret61=[Link]("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft \Windows\CurrentVersion\Policies\Explorer\ /v NoFolderOptions /t REG_DWORD /d 0

/f",0,TRUE) nret62=[Link]("cmd /C reg add t\Windows\CurrentVersion\Policies\Explorer\ /f",0,TRUE) nret63=[Link]("cmd /C reg add \Windows\CurrentVersion\Policies\System\ /v 0 /f",0,TRUE)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsof /v NoFolderOptions /t REG_DWORD /d 0 HKEY_CURRENT_USER\Software\Microsoft DisableRegistryTools /t REG_DWORD /d

nret78=[Link]("cmd /C taskkill /f /im [Link]",0,TRUE) nret79=[Link]("cmd /C start [Link]",0,TRUE) nret15=[Link]("cmd /C attrib -s -h -r c:\windows\system32\amvo*.*" ,0,TRUE) nret16=[Link]("cmd /C attrib -s -h -r c:\windows\system32\avpo*.*" ,0,TRUE) nret20=[Link]("cmd /C attrib -s -h -r c:\windows\system32\[Link] .tmp",0,TRUE)

nret56=[Link]("cmd /C attrib -s -h -r c:\windows\system32\semo*.*. *",0,TRUE) nret60=[Link]("cmd /C attrib -s -h -r c:\windows\system32\semo*.*" ,0,TRUE) nret23=[Link]("cmd /C del /f c:\windows\system32\amvo*.*",0,TRUE) nret24=[Link]("cmd /C del /f c:\windows\system32\avpo*.*",0,TRUE) nret57=[Link]("cmd /C del /f c:\windows\system32\semo*.*.*",0,TRUE ) nret59=[Link]("cmd /C del /f c:\windows\system32\semo*.*",0,TRUE) For Each objDrive in colDrives If [Link] = True Then For X=0 to UBound(Lista) nret=[Link]("cmd /C attrib -s -h -r "&[Link] veLetter&":\"&Lista(X)&"",0,TRUE) nret=[Link]("cmd /C cd \ & del "&[Link] ter&":\" &Lista(X)& "/f /q /a",0,TRUE) Next End If Next [Link] "Congratulations! Your computer is disinfected of amvo virus and va riants" [Link] "[Link]" WScript. Quit(0)