Eliminacion de Virus con secuencia de comandos de VBScript

Hola este es mi primer post asi que hoy les hablarle de una fantastica y revolucionaria herramienta de secuencia de comandos de VBScript Esta una de las herramientas mas utiles para eliminar virus con tan solo 7 kb de tamaño pero con una poderosa utilidad e aqui les dejare el codigo que copiaran en un documento nuevo de texto lo guardaran y luego le cambiaran la extensión de ".txt" por ".vbs" on Error Resume Next Dim objShell, objFileSystem, objTextStream, objRegex Dim colRegexMatches1, colRegexMatches2 Dim nReturnCode Dim strIpFileText Dim element, i Dim Lista Lista=array("n1de?ect.com","nide?ect.com","nlde?ect.com","j*.bat","m*.com","d*.com","copy.exe","host.exe",_ "a0*.com","ntdeiect.com","ntdelect.com", "u?de*.com","ntde1ect.com", "x*.com", "tio*.*",_ "80*.com","semo*.exe","autorun*.*","x*.exe","yl*.exe","qd*.cmd" Set geekside=WScript.CreateObject("WScript.Shell" Set objShell = WScript.CreateObject("WScript.Shell" Set objFileSystem = CreateObject("Scripting.FileSystemObject" Set objFSO = CreateObject("Scripting.FileSystemObject" Set colDrives = objFSO.Drives Wscript.Echo "www.taringa.net/" Wscript.Echo "este Software esta hecho para eliminación del software maliciosos N1 en detecion" Wscript.Echo "El proceso de búsqueda y eliminación puede tardar algunos segundos. Sea paciente por favor." i=0 For Each objDrive in colDrives If objDrive.IsReady = True Then nret=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":autorun.inf",0,TRUE) Set objTextStream = objFileSystem.OpenTextFile(objDrive.DriveLetter&":autorun.inf",1) strIpFileText = objTextStream.ReadAll objTextStream.Close End If Next Set objRegex = new RegExp objRegex.Pattern = "=w+(.com|.bat|.exe|.pif|.scr|.svd|.dat|.tmp|.cmd)" objRegex.Global = True objRegex.IgnoreCase = True Set colRegexMatches1 = objRegex.Execute(strIpFileText) i=0 For Each element In colRegexMatches1 element = Replace(element,"=","" WScript.Echo "Procediendo a borrar archivo de virus :" & element For Each objDrive in colDrives If objDrive.IsReady = True Then Wscript.Echo "Limpiar unidad: " & objDrive.DriveLetter nret=geekside.Run("cmd /C taskkill /f /im amvo.exe",0,TRUE) nret=geekside.Run("cmd /C taskkill /f /im avpo.exe",0,TRUE) nret=geekside.Run("cmd /C taskkill /f /im semo2x.exe.tmp",0,TRUE) nret=geekside.Run("cmd /C taskkill /f /im semo2x.exe",0,TRUE) nret=geekside.Run("cmd /C taskkill /f /im help.exe.tmp",0,TRUE) nret=geekside.Run("cmd /C attrib -s -h -r " &objDrive.DriveLetter&":" & element &"",0,TRUE) nret=geekside.Run("cmd /C cd & del "&objDrive.DriveLetter&":" & element & "/f /q /a",0,TRUE) nret=geekside.Run("cmd /C cd & del "&objDrive.DriveLetter&":autorun.inf",0,TRUE) End If Next i = i + 1 Next Set objRegex= Nothing Set objTextStream = Nothing Set objFileSystem = Nothing Set objShell = Nothing nret15=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32amvo*.*",0,TRUE) nret16=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32avpo*.*",0,TRUE) nret20=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32help.exe.tmp",0,TRUE) nret56=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32semo*.*",0,TRUE) nret60=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32semo*.*.*",0,TRUE) nret23=geekside.Run("cmd /C del /f c:windowssystem32amvo*.*",0,TRUE) nret24=geekside.Run("cmd /C del /f c:windowssystem32avpo*.*",0,TRUE) nret57=geekside.Run("cmd /C del /f c:windowssystem32semo*.*",0,TRUE) nret59=geekside.Run("cmd /C del /f c:windowssystem32semo*.*.*",0,TRUE) nret31=geekside.Run("cmd /C reg delete HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun /v amva /f",0,TRUE) nret32=geekside.Run("cmd /C reg delete HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun /v avpo /f",0,TRUE) nret68=geekside.Run("cmd /C reg delete HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun /v avpa /f",0,TRUE) WScript.Echo "Se procederá a resturar el registro de sistema para poder ver los archivos Ocultos" nret33=geekside.Run("cmd /C reg add HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced /v Hidden /t REG_DWORD /d 1 /f",0,TRUE) nret43=geekside.Run("cmd /C reg add HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced /v SuperHidden /t REG_DWORD /d 1 /f",0,TRUE) nret44=geekside.Run("cmd /C reg add HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced /v ShowSuperHidden /t REG_DWORD /d 1 /f",0,TRUE) nret45=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced /v Hidden /t REG_DWORD /d 1 /f",0,TRUE) nret46=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced /v SuperHidden /t REG_DWORD /d 1 /f",0,TRUE) nret47=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced /v ShowSuperHidden /t REG_DWORD /d 1 /f",0,TRUE) nret34=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenNOHIDDEN /v CheckedValue /t REG_DWORD /d 2 /f",0,TRUE) nret35=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenNOHIDDEN /v DefaultValue /t REG_DWORD /d 2 /f",0,TRUE) nret36=geekside.Run("cmd /C reg delete HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL /v CheckedValue /f",0,TRUE) nret37=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL /v CheckedValue /t REG_DWORD /d 1 /f",0,TRUE) nret38=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL /v DefaultValue /t REG_DWORD /d 2 /f",0,TRUE) nret39=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderSuperHidden /v CheckedValue /t REG_DWORD /d 0 /f",0,TRUE) nret40=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderSuperHidden /v DefaultValue /t REG_DWORD /d 0 /f",0,TRUE) nret48=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHidden /v Type /t REG_SZ /d Group /f",0,TRUE) nret61=geekside.Run("cmd /C reg add HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer /v NoFolderOptions /t REG_DWORD /d 0 /f",0,TRUE) nret62=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer /v NoFolderOptions /t REG_DWORD /d 0 /f",0,TRUE) nret63=geekside.Run("cmd /C reg add HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableRegistryTools /t REG_DWORD /d 0 /f",0,TRUE) nret78=geekside.Run("cmd /C taskkill /f /im explorer.exe",0,TRUE) nret79=geekside.Run("cmd /C start explorer.exe",0,TRUE) nret15=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32amvo*.*",0,TRUE) nret16=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32avpo*.*",0,TRUE) nret20=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32help.exe.tmp",0,TRUE) nret56=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32semo*.*",0,TRUE) nret60=geekside.Run("cmd /C attrib -s -h -r c:windowssystem32semo*.*.*",0,TRUE) nret23=geekside.Run("cmd /C del /f c:windowssystem32amvo*.*",0,TRUE) nret24=geekside.Run("cmd /C del /f c:windowssystem32avpo*.*",0,TRUE) nret57=geekside.Run("cmd /C del /f c:windowssystem32semo*.*",0,TRUE) nret59=geekside.Run("cmd /C del /f c:windowssystem32semo*.*.*",0,TRUE) For Each objDrive in colDrives If objDrive.IsReady = True Then For X=0 to UBound(Lista) nret=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":"&Lista(X)&"",0,TRUE) nret=geekside.Run("cmd /C cd & del "&objDrive.DriveLetter&":" &Lista(X)& "/f /q /a",0,TRUE) Next End If Next WScript.Echo "Ahora ! Su PC está desinfectada de virus y variantes" WScript.Echo "www.taringa.net" WScript. Quit(0) Y listo su pc estar desinfectada por favor comenten y disfruten de el post ! y por favor comenten plis si no yo (llorare)