@echo off :: Exploit.JS.ADODB.Stream.e Virus Removal :: :: Distributed by Reza Hashemi :: :: Contact Address Admin@PersianSolutions.Com :: :: Downloaded from: www.p30download.com :: :: ******************************************* :: :: Detecting Virus... :: :: ******************************************* :: IF NOT "%OS%"=="Windows_NT" GOTO NONT echo. echo Removing Yahoo Messenger's Virus (Exploit.JS.ADODB.Stream.e) echo. if EXIST %WINDIR%\system32\svchost32.exe GOTO INFECTED if EXIST %WINDIR%\svchost32.exe GOTO INFECTED GOTO NOTFOUND :INFECTED :: *********************** :: :: Removing Virus Files... :: :: *********************** :: echo Searching for Virus (Exploit.JS.ADODB.Stream.e) ... cmd /c taskkill /f /im svchost32.exe /t cmd /c del /F /S /Q %SystemRoot%\system32\svchost32.exe cmd /c del /F /S /Q %SystemRoot%\svchost32.exe REG DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\Policies /f REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f REG ADD "HKLM\Software\Microsoft\Internet Explorer\Main" /v "Local Page" /t REG_EXPAND_SZ /d "%%SystemRoot%%\system32\blank.htm" /f REG ADD "HKLM\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /t REG_SZ /d "about:blank" /f :: ************************* :: :: Removing Cookies... :: :: ************************* :: echo Removing Cookies... del /f /s /q %userprofile%\cookies\*.* :: ************************** :: :: Removing Prefetched files :: :: ************************** :: echo Removing Prefetched files... del /f /s /q %windir%\Prefetch\*.* echo Deleting Windows Temporary Files... del /f /s /q %windir%\Temp\*.* :: **************************************** :: :: Removing Temporary Files Folder :: :: **************************************** :: echo Removing %username%'s Temporary Files... del /f /s /q %temp% :: ****************************************** :: :: Removing Temporary Internet Files :: :: ****************************************** :: echo Removing %username%'s Temporary Internet Files... cd %userprofile%\Local Settings\Temporary Internet Files del /f /s /q "Content.IE5" rmdir "Content.IE5" :: ********************************** :: :: Removing virus directries... :: :: ********************************** :: setlocal ENABLEDELAYEDEXPANSION set folder="%userprofile%\Local Settings\Temporary Internet Files" set delSW=N if exist "%TEMP%\DelMT.TM1" del /q "%TEMP%\DelMT.TM1" if exist "%TEMP%\DelMT.TM2" del /q "%TEMP%\DelMT.TM2" set /a cnt=10000000 for /f "Tokens=*" %%f in ('dir %folder% /AD /S /b') do ( call :IsMT1 "%%f" ) if not exist "%TEMP%\DelMT.TM1" endlocal&goto :EOF sort /R "%TEMP%\DelMT.TM1" /O "%TEMP%\DelMT.TM2" del /q "%TEMP%\DelMT.TM1" for /f "Tokens=1*" %%f in ('type "%TEMP%\DelMT.TM2"') do ( call :IsMT2 %%g ) del /q "%TEMP%\DelMT.TM2" endlocal goto :EOF :IsMT1 set /a cnt=%cnt% + 1 @echo %cnt% %1>>"%TEMP%\DelMT.TM1" goto :EOF :IsMT2 pushd %1 set /a numb=0 for /f "Tokens=*" %%a in ('dir /a^|findstr /L /c:" 0 File" /c:" 2 Dir"') do ( set /a numb=!numb! + 1 ) popd if %numb% NEQ 2 goto :EOF rd /q %1 @echo Deleted %1 :: ****************************************************** :: :: Recreating subdirectories for Temporary Internet Files :: :: ****************************************************** :: cd %userprofile%\Local Settings\Temporary Internet Files mkdir "Content.IE5" mkdir "Content.MSO" GOTO END :NOTFOUND echo Your PC is NOT infected with virus , Khushal Bashid! GOTO BYEBYE :NONT echo Your running Operating System is NOT Windows 2000/XP/2003 GOTO BYEBYE :END echo. ECHO All done successfuly. Please restart your PC! :BYEBYE echo. ECHO With Best Regards , Reza Hashemi , Admin@PersianSolutions.com pause exit