MSN Worm Remove 2.0

1NT3RC3PT0R · 24 de October , 2006, 05:39:15 PM

Conforme prometi, estou disponibilizando o MSN Worm Remove 2.0 que fiz em Batch Script. A intenção de fazer este código é ajudar as pessoas que tem problemas com os famosos Worms do msn, e disponibilizar o código pra galera aqui do darkers estudar.

Este removedor, é capaz de remover inumeros variantes desses vermes, mas é claro que sempre terá um novo e tálecoisa, que a ferramenta obviamente não removerá. Mas vale á pena passar ele em uma máquina infectada.

Imagen da tela inicial

Download dele compilado.

Agora para quem estuda Batch Script, divirta-se com o Source, que está sendo divulgado por min somente aqui no Darkers.

Code Select

@Echo Off
@Break Off
If "%os%" == "Windows_NT" Goto INI
Echo Nao e Windows NT, o removedor nao podera ser executado.
Pause > nul
Exit
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:INI
Cls
Set versao=2.0
Set opcao=" "
Set nome= MSN WORM REMOVE
Set by=1Nt3rC3pT0R
Set darkers=www.darkers.com.br/smf
Set remover=del
Set limpa=cls
Set rmd=rmdir
Set finaliza=taskkill
Color 72
Title %nome% v. %versao% - By %by%
Echo.
Echo.
Echo.
echo.           É»
echo            ÈÊËÍÍÍ»           ÉÄ     PRESENTING    Ä»          ÉÍÍÍ»
echo              ³   ÌÍÍÍÍÍÍÍÍÍÍÍ¼  MSN WORM REMOVE 2  ÈÍÍÍÍÍÍÍÍÍÍ¹   ³
echo            ÉËÊÍÍÍ¼         INTERCEPTOR@DARKERS.COM.BR         ÈÍÍÍ¼
echo.           È¼
Echo.
Echo.
Echo.
Echo.
Echo                 SISTEMA PROJETADO PARA RESOLVER SEUS PROBLEMAS COM
Echo                   ALGUNS WORMS E PRA MIN PRATICAR BATCH SCRIPT...
Echo.
Echo.
Echo.
Echo.
Echo                          PRECIONE ENTER PARA CONTINUAR...
Echo.
Echo.
Pause > nul
Cls
Goto MENU
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:MENU
%limpa%
Color 72
Echo.
Echo =====[ MENU DE OPCOES ]=====
Echo.
Echo [1] Remover Worms.
Echo.
Echo [2] Optimizar Velocidade do CPU
Echo.
Echo [3] Limpar arquivos inuteis do HD
Echo.
Echo [0] Sair
Echo.
Echo =============================
Echo.
Set /p opcao="Digite a opcao desejada: "
Cls
If %opcao% == 1 Goto SCAN
If %opcao% == 2 Goto OPTIMIZADOR
If %opcao% == 3 Goto LIMPAR
If %opcao% == 0 Goto SAIR
Goto ERRO
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:ERRO
Title Ocorreu um Erro...
Color 47
Echo.
Echo Opcao invalida! Tente novamente...
Pause > nul
Goto MENU
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:SCAN
Title [Aten‡ao] Removendo possiveis worms. Nao interrompa esta opera‡ao.
Echo.
Echo Escaneando o Sistema... Aten‡ao nao interrompa esta opera‡ao.
Echo.
set/a A=A+1
Echo Escaneado: %A%%%
for /L %%A IN (0,1,%random:~0,2%00) DO SET B=%%A
for /L %%B IN (0,1,100) DO >NUL ECHO %systemroot%\system32\SHELL.DLL -6 NT *(%%B()
Echo Preparando para iniciar remo‡ao...
if "%A%"=="100" goto PHARM
cls
goto SCAN

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:PHARM
cls
Attrib -r -s -h %WINDIR%\system32\drivers\etc\hosts
Echo 127.0.0.1      localhost > C:\WINDOWS\system32\drivers\etc\hosts
Attrib +r +h %WINDIR%\system32\drivers\etc\hosts
Cls
Goto TASK
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:TASK

%finaliza% /f /im JVM0.exe
%limpa%
%finaliza% /f /im svhoskil.exe
%limpa%
%finaliza% /f /im msmnsgr.exe
%limpa%
%finaliza% /f /im htqvtbis.exe
%limpa%
%finaliza% /f /im icpldrvx.exe
%limpa%
%finaliza% /f /im ImgPaint.exe
%limpa%
%finaliza% /f /im icpldrv.exe
%limpa%
%finaliza% /f /im Scvhost1.exe
%limpa%
%finaliza% /f /im MsmMsgr.exe
%limpa%
%finaliza% /f /im tasklist32.exe
%limpa%
%finaliza% /f /im msng.exe
%limpa%
%finaliza% /f /im mat3.exe
%limpa%
%finaliza% /f /im mat2.exe
%limpa%
%finaliza% /f /im mnew5win.exe
%limpa%
%finaliza% /f /im win32host.exe
%limpa%
%finaliza% /f /im mattm.exe
%limpa%
%finaliza% /f /im win32.exe
%limpa%
%finaliza% /f /im msmnsgr.exe
%limpa%
%finaliza% /f /im wsass32.exe
%limpa%
%finaliza% /f /im Windows.exe
%limpa%
%finaliza% /f /im csrs.scr
%limpa%
%finaliza% /f /im ImageItEncrypt.exe
%limpa%
%finaliza% /f /im servico.exe
%limpa%
%finaliza% /f /im nostd.scr
%limpa%
%finaliza% /f /im bsys.scr
%limpa%
%finaliza% /f /im bssys.exe
%limpa%
%finaliza% /f /im cssrs.scr
%limpa%
%finaliza% /f /im smsc.exe
%limpa%
%finaliza% /f /im worm.bat
%limpa%
%finaliza% /f /im msreg.exe
%limpa%
%finaliza% /f /im rqqsnd.exe
%limpa%
%finaliza% /f /im winherp32.exe
%limpa%
%finaliza% /f /im avg64.exe
%limpa%
%finaliza% /f /im TASKMAN-.exe
%limpa%
%finaliza% /f /im messenger.scr
%limpa%
%finaliza% /f /im code.exe
%limpa%
%finaliza% /f /im rqqsnd.exe
%limpa%
%finaliza% /f /im eixdrv.exe
%limpa%
%finaliza% /f /im system32.exe
%limpa%
%finaliza% /f /im igshop.dll
%limpa%
%finaliza% /f /im msnmsgr.exe
%limpa%
%finaliza% /f /im Taskmgr.exe
%limpa%
%finaliza% /f /im wzip32.exe
%limpa%
%finaliza% /f /im msmsg.exe
%limpa%
%finaliza% /f /im uqmhh1.dll
%limpa%
%finaliza% /f /im wuwbxp.dll
%limpa%
%finaliza% /f /im msipcsv.exe
%limpa%
%finaliza% /f /im BHOBJ.dll
%limpa%
%finaliza% /f /im hptzb02.exe
%limpa%
%finaliza% /f /im msnmsg.exe
%limpa%
%finaliza% /f /im srsttn.exe
%limpa%
%finaliza% /f /im icpldrvx.exe
%limpa%
%finaliza% /f /im findx.exe
%limpa%
%finaliza% /f /im tasklist32.exe
%limpa%
%finaliza% /f /im YNS.exe
%limpa%
%finaliza% /f /im Save.exe
%limpa%
%finaliza% /f /im WinLogT.exe
%limpa%
%finaliza% /f /im cartao.scr
%limpa%
%finaliza% /f /im help.scr
%limpa%
%finaliza% /f /im cartao[1].scr
%limpa%
%finaliza% /f /im msbcs.exe
%limpa%
%finaliza% /f /im cmrss.exe
%limpa%
%finaliza% /f /im plugin.scr
%limpa%
%finaliza% /f /im srsmsn.exe
%limpa%
%finaliza% /f /im lsssas.exe
%limpa%
%finaliza% /f /im regfixxsx.exe
%limpa%
%finaliza% /f /im dcfvwlvw.exe
%limpa%
%finaliza% /f /im alggx.exe
%limpa%
%finaliza% /f /im Isass.scr
%limpa%
%finaliza% /f /im DNHlp32.exe
%limpa%
%finaliza% /f /im wisterd.exe
%limpa%
%finaliza% /f /im monitor1a.exe
%limpa%
%finaliza% /f /im ex.cab
%limpa%
%finaliza% /f /im eied_s7.cab
%limpa%
%finaliza% /f /im avast.exe
%limpa%
%finaliza% /f /im time.exe
%limpa%
%finaliza% /f /im dfndrff_e33.exe
%limpa%
%finaliza% /f /im nwnmff_e33.exe
%limpa%
%finaliza% /f /im kybrdff_e33.exe
%limpa%
Goto REMOV

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:REMOV

%remover% /q /f /A C:\WINDOWS\system32\JVM0.exe
%limpa%
%remover% /q /f /A C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\JVM0.exe
%limpa%
%remover% /q /f /A /S C:\JVM0.exe
%limpa%
%remover% /q /f /A C:\windows\system32\svhoskil.exe
%limpa%
%remover% /q /f /A c:\windows\system\msmnsgr.exe
%limpa%
%remover% /q /f /A /S C:\Programas\GamesBar\*.*
%limpa%
%remover% /q /f /A /S C:\PROGRA~1\MYWEBS~1\*.*
%limpa%
%remover% /q /f /A /S "C:\Programas\Security Toolbar\*.*
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\htqvtbis.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\icpldrvx.exe
%limpa%
%remover% /q /f /A /S C:\WINDOWS\ImgPaint.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\icpldrv.exe
%limpa%
%remover% /q /f /A c:\95f7f945d750fe7eac06c68a8d4f\*.*
%limpa%
%remover% /q /f /A C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\ImgPaint.exe
%limpa%
%remover% /q /f /A /S C:\ImgPaint.exe
%limpa%
%remover% /q /f /A C:\Windows\System32\Scvhost1.exe
%limpa%
%remover% /q /f /A C:\windows\lsass.EXE
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\MsmMsgr.exe
%limpa%
%remover% /q /f /A C:\windows\system32\tasklist32.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\msng.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\mat3.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\mat2.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\mnew5win.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\win32host.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\mattm.exe
%limpa%
%remover% /q /f /A /S C:\win32.exe
%limpa%
%remover% /q /f /A c:\windows\system\msmnsgr.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\wsass32.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\Windows.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\csrs.scr
%limpa%
%remover% /q /f /A C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Windows.exe
%limpa%
%remover% /q /f /A C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\wsass32.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\ImageItEncrypt.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\servico.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\nostd.scr
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\bsys.scr
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\bssys.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\cssrs.scr
%limpa%
%remover% /q /f /A C:\Documents and Settings\All Users\Start Menu\Programs\Startup\bssys.exe
%limpa%
%remover% /q /f /A /S C:/bssys.exe
%limpa%
%remover% /q /f /A C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\bssys.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\system\smsc.exe
%limpa%
%remover% /q /f /A /S C:\worm.bat
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\msreg.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\rqqsnd.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\winherp32.exe
%limpa%
%remover% /q /f /A /S C:\DOCUME~1\Teresa\APPLIC~1\FlawHole\*.*
%limpa%
%remover% /q /f /A /S "C:\Documents and Settings\All Users\Application Data\Frag Nurb Peak Drv\*.*"
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\avg64.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\TASKMAN-.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\messenger.scr
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\code.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\rqqsnd.exe
%limpa%
%remover% /q /f /A "C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\eixdrv.exe
%limpa%
%remover% /q /f /A "C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\system32.exe
%limpa%
%remover% /q /f /A /S C:\WINDOWS\system32.exe
%limpa%
%remover% /q /f /A /S C:\WINDOWS\eixdrv.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\help\*.exe
%limpa%
%remover% /q /f /A /S C:\WINDOWS\prefetch\*.*
%limpa%
%remover% /q /f /A /S C:\WINDOWS\temp\*.*
%limpa%
%remover% /q /f /A C:\ARQUIV~1\iGv6\igshop.dll
%limpa%
%remover% /q /f /A "C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\eixdrv.exe
%limpa%
%remover% /q /f /A "C:\WINDOWS\Fonts\Folder.{645FF040-5081-101B-9F08-00AA002F954E}\Taskmgr.exe"
%limpa%
%remover% /q /f /A "C:\WINDOWS\Fonts\Folder.{645FF040-5081-101B-9F08-00AA002F954E}\msnmsgr.exe
%limpa%
%remover% /q /f /A /S C:\WINDOWS\Fonts\Folder.{645FF040-5081-101B-9F08-00AA002F954E}\*.*
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\wzip32.exe
%limpa%
%remover% /q /f /A "C:\Arquivos de programas\Messenger\msmsg.exe
%limpa%
%remover% /q /f /A /S C:\eixdrv.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\uqmhh1.dll
%limpa%
%remover% /q /f /A "C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\eixdrv.exe"
%limpa%
%remover% /q /f /A /S C:\eixdrv.exe
%limpa%
%remover% /q /f /A /S C:\Programas\Save\*.*
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\wuwbxp.dll
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\msipcsv.exe
%limpa%
%remover% /q /f /A /S C:\Programme\ShopperReports\*.*
%limpa%
%remover% /q /f /A /S C:\Programme\NewDotNet\*.*
%limpa%
%remover% /q /f /A /S C:\Programme\HbTools\*.*
%limpa%
%remover% /q /f /A /S "C:\Programme\Gemeinsame Dateien\*.*"
%limpa%
%remover% /q /f /A C:\WINDOWS\BHOBJ.dll
%limpa%
%remover% /q /f /A C:\WINDOWS\hptzb02.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\System32\amsn.exe
%limpa%
%remover% /q /f /A "C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\amsn.exe"
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\msnmsg.exe
%limpa%
%remover% /q /f /A /S C:\WINDOWS\srsttn.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\icpldrvx.exe
%limpa%
%remover% /q /f /A C:\windows\findx.exe
%limpa%
%remover% /q /f /A C:\windows\system32\tasklist32.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\YNS.exe
%limpa%
%remover% /q /f /A /S C:\Save.exe
%limpa%
%remover% /q /f /A /S C:\eixdrv.exe
%limpa%
%remover% /q /f /A /S C:\ARQUIV~1\Kounen\TRADUZ~1\*.*
%limpa%
%remover% /q /f /A /S C:\WINDOWS\WinLogT.exe
%limpa%
%remover% /q /f /A /S "C:\Programas\Network Monitor\*.*"
%limpa%
%remover% /q /f /A /S "C:\WINDOWS\R29u52FsbyBSb2NoYQ\*.*"
%limpa%
%remover% /q /f /A /S C:\cartao.scr
%limpa%
%remover% /q /f /A /S C:\help.scr
%limpa%
%remover% /q /f /A /S C:\cartao[1].scr
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\msbcs.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\cmrss.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\plugin.scr
%limpa%
%remover% /q /f /A C:\WINDOWS\srsmsn.exe
%limpa%
%remover% /q /f /A C:\WINNT\srsmsn.exe
%limpa%
%remover% /q /f /A C:\WINNT\system32\plugin.scr
%limpa%
%remover% /q C:\WINDOWS\system32\service\*.*
%limpa%
%remover% /q C:\WINDOWS\system\lsssas.exe
%limpa%
%remover% /q C:\WINDOWS\system\regfixxsx.exe
%limpa%
%remover% /q C:\WINDOWS\system32\dcfvwlvw.exe
%limpa%
%remover% /q C:\WINDOWS\alggx.exe
%limpa%
%remover% /q C:\WINDOWS\system32\Isass.scr
%limpa%
%remover% /q C:\WINDOWS\system32\DNHlp32.exe
%limpa%
%remover% /q C:\Windows\wisterd.exe
%limpa%
%remover% /q C:\Windows\monitor1a.exe
%limpa%
%remover% /q C:\ex.cab
%limpa%
%remover% /q C:\eied_s7.cab
%limpa%
%remover% /q C:\WINDOWS\help\*.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\system32\time.exe 
%limpa%
%remover% /q /f /A C:\WINDOWS\avast.exe
%limpa%
%remover% /q /f /A C:\WINDOWS\servicejava.scr
%limpa%
%remover% /q /f /A C:\WINDOWS\servicejava2.scr
%limpa%
%remover% /q C:\dfndrff_e33.exe
%limpa%
%remover% /q  C:\nwnmff_e33.exe
%limpa%
%remover% /q C:\kybrdff_e33.exe
%limpa%

Goto REGISTRO
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:REGISTRO

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v teste_otica /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Microsoft /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v avast /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v rqqsnd /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Avg Antivirus /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Avg-Antivirus /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v servwin /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v reloadservwin /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v mnsns /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Microsoftwin /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v nostd /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v bssys /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Scvhost /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Microsoft Update /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v lsass /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v TaskList /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Messenger /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v msng /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Microsoft Update /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Shell /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v SSCHBTN.EXE /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Svhoskil /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v rqqsnd /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v rqqsnd /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v defender /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v newname /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v keyboard /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v TASKMAN /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v avg64 /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v dark /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v foxrxyh3251 /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v foxrmeu636 /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v foxoovz250 /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v foxwnuk7937 /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v foxxwwi1530 /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v msnmsg /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v hptzb02 /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v JVM0 /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v srtixmn /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v LanzarL2007 /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v srrcmsn /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v AltnetPointsManager /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v RunDll.exe /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v services /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v New.net Startup /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v algxxs /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Msn Messenger /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v system32 /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Navegate /f
%limpa%
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v monitor1a /f
%limpa%
Goto BLOQ
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:BLOQ

Attrib -r -s -h %WINDIR%\system32\drivers\etc\hosts
Echo 127.0.0.1      localhost > C:\WINDOWS\system32\drivers\etc\hosts
Attrib +r +h %WINDIR%\system32\drivers\etc\hosts
%limpa%
Attrib -r -s -h %WINDIR%\system32\drivers\etc\hosts
Echo 0.0.0.0      www.friendstrue.land.ru > C:\WINDOWS\system32\drivers\etc\hosts
Attrib +r +h %WINDIR%\system32\drivers\etc\hosts
%limpa%
Attrib -r -s -h %WINDIR%\system32\drivers\etc\hosts
Echo 0.0.0.0      http://festas2006.t35.com/fotosxxxx2006.zip > C:\WINDOWS\system32\drivers\etc\hosts
Attrib +r +h %WINDIR%\system32\drivers\etc\hosts
%limpa%
Attrib -r -s -h %WINDIR%\system32\drivers\etc\hosts
Echo 0.0.0.0      http://fernandaweis10.fateback.com/festas092006.exe > C:\WINDOWS\system32\drivers\etc\hosts
Attrib +r +h %WINDIR%\system32\drivers\etc\hosts
%limpa%
Attrib -r -s -h %WINDIR%\system32\drivers\etc\hosts
Echo 0.0.0.0      http://videodacicarelli.notlong.com e http://albumdefotos2.notlong.com > C:\WINDOWS\system32\drivers\etc\hosts
Attrib +r +h %WINDIR%\system32\drivers\etc\hosts
%limpa%
Attrib -r -s -h %WINDIR%\system32\drivers\etc\hosts
Echo 0.0.0.0      http://e15032006.googlepages.com/worm.bat > C:\WINDOWS\system32\drivers\etc\hosts
Attrib +r +h %WINDIR%\system32\drivers\etc\hosts
%limpa%
Attrib -r -s -h %WINDIR%\system32\drivers\etc\hosts
Echo 0.0.0.0      www.alwaysforfriend.land.ru > C:\WINDOWS\system32\drivers\etc\hosts
Attrib +r +h %WINDIR%\system32\drivers\etc\hosts
%limpa%
Attrib -r -s -h %WINDIR%\system32\drivers\etc\hosts
Echo 0.0.0.0      http://www.mindcrash.it/upload/galleriafotografica/nermini/Video.exe > C:\WINDOWS\system32\drivers\etc\hosts
Attrib +r +h %WINDIR%\system32\drivers\etc\hosts
%limpa%
Attrib -r -s -h %WINDIR%\system32\drivers\etc\hosts
Echo 0.0.0.0      http://www.personesuinternet.it/img/fotos/verimg.htm > C:\WINDOWS\system32\drivers\etc\hosts
Attrib +r +h %WINDIR%\system32\drivers\etc\hosts
%limpa%
Attrib -r -s -h %WINDIR%\system32\drivers\etc\hosts
Echo 0.0.0.0      http://uk.geocities.com/folhajornal/reportagem10062006.htm > C:\WINDOWS\system32\drivers\etc\hosts
Attrib +r +h %WINDIR%\system32\drivers\etc\hosts
%limpa%
Attrib -r -s -h %WINDIR%\system32\drivers\etc\hosts
Echo 0.0.0.0      www.welcometomylife.land.ru > C:\WINDOWS\system32\drivers\etc\hosts
Attrib +r +h %WINDIR%\system32\drivers\etc\hosts
%limpa%
Attrib -r -s -h %WINDIR%\system32\drivers\etc\hosts
Echo 0.0.0.0      www.ozcards.fromru.com > C:\WINDOWS\system32\drivers\etc\hosts
Attrib +r +h %WINDIR%\system32\drivers\etc\hosts
%limpa%
Attrib -r -s -h %WINDIR%\system32\drivers\etc\hosts
Echo 0.0.0.0      www.ilhadafantasia.land.ru > C:\WINDOWS\system32\drivers\etc\hosts
Attrib +r +h %WINDIR%\system32\drivers\etc\hosts
%limpa%
Attrib -r -s -h %WINDIR%\system32\drivers\etc\hosts
Echo 0.0.0.0      www.orkuit.hotbox.ru/montagem_foto.cmd > C:\WINDOWS\system32\drivers\etc\hosts
Attrib +r +h %WINDIR%\system32\drivers\etc\hosts
%limpa%
Attrib -r -s -h %WINDIR%\system32\drivers\etc\hosts
Echo 0.0.0.0      http://www.orkut.com.community.aspx.cmm.172851.com > C:\WINDOWS\system32\drivers\etc\hosts
Attrib +r +h %WINDIR%\system32\drivers\etc\hosts
%limpa%
Attrib -r -s -h %WINDIR%\system32\drivers\etc\hosts
Echo 0.0.0.0      http://cartao.mensagens-web.com  > C:\WINDOWS\system32\drivers\etc\hosts
Attrib +r +h %WINDIR%\system32\drivers\etc\hosts
%limpa%
Attrib -r -s -h %WINDIR%\system32\drivers\etc\hosts
Echo 0.0.0.0      www.teviaqui.front.ru > C:\WINDOWS\system32\drivers\etc\hosts
Attrib +r +h %WINDIR%\system32\drivers\etc\hosts
%limpa%
Attrib -r -s -h %WINDIR%\system32\drivers\etc\hosts
Echo 0.0.0.0      http://h1.ripway.com/hotnightx/fotos.exe > C:\WINDOWS\system32\drivers\etc\hosts
Attrib +r +h %WINDIR%\system32\drivers\etc\hosts
%limpa%
Attrib -r -s -h %WINDIR%\system32\drivers\etc\hosts
Echo 0.0.0.0      www.vcard.front.ru > C:\WINDOWS\system32\drivers\etc\hosts
Attrib +r +h %WINDIR%\system32\drivers\etc\hosts
%limpa%
Attrib -r -s -h %WINDIR%\system32\drivers\etc\hosts
Echo 0.0.0.0      http://www.jesusvoltara.com.br/ > C:\WINDOWS\system32\drivers\etc\hosts
Attrib +r +h %WINDIR%\system32\drivers\etc\hosts
%limpa%
Attrib -r -s -h %WINDIR%\system32\drivers\etc\hosts
Echo 0.0.0.0      www.orkutando.front.ru > C:\WINDOWS\system32\drivers\etc\hosts
Attrib +r +h %WINDIR%\system32\drivers\etc\hosts
%limpa%
Attrib -r -s -h %WINDIR%\system32\drivers\etc\hosts
Echo 0.0.0.0      http://201.22.6.4/fotos/safada.html > C:\WINDOWS\system32\drivers\etc\hosts
Attrib +r +h %WINDIR%\system32\drivers\etc\hosts
%limpa%
Attrib -r -s -h %WINDIR%\system32\drivers\etc\hosts
Echo 0.0.0.0      www.ocarteirovirtual.front.ru > C:\WINDOWS\system32\drivers\etc\hosts
Attrib +r +h %WINDIR%\system32\drivers\etc\hosts
%limpa%
Attrib -r -s -h %WINDIR%\system32\drivers\etc\hosts
Echo 0.0.0.0      http://eusemroupanenhuma.short.be/ > C:\WINDOWS\system32\drivers\etc\hosts
Attrib +r +h %WINDIR%\system32\drivers\etc\hosts
%limpa%
Attrib -r -s -h %WINDIR%\system32\drivers\etc\hosts
Echo 0.0.0.0      http://www.web10.land.ru/confira.cmd > C:\WINDOWS\system32\drivers\etc\hosts
Attrib +r +h %WINDIR%\system32\drivers\etc\hosts
%limpa%
Attrib -r -s -h %WINDIR%\system32\drivers\etc\hosts
Echo 0.0.0.0      http://www.web10.land.ru/confira.cmd > C:\WINDOWS\system32\drivers\etc\hosts
Attrib +r +h %WINDIR%\system32\drivers\etc\hosts
%limpa%

Goto MESS
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:MESS
%limpa%
Echo.
Echo POSSIVEIS AMEACAS FORAM REMOVIDAS, E SITES PERIGOSOS FORAM BLOQUEADOS.
Echo.
pause > nul
%limpa%
Goto MENU
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:LIMPAR
%limpa%
CLEANMGR /d %SystemDrive%\
cls
Goto MENU
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:OPTIMIZADOR
%limpa%
:1
Echo.
Echo Optimizador de velocidade
Echo.
set/a A=A+1
ECHO Optimizando: %A%%%
for /L %%A IN (0,1,%random:~0,2%00) DO SET B=%%A
for /L %%B IN (0,1,100) DO >NUL ECHO %systemroot%\system32\SHELL.DLL -6 NT *(%%B()
if "%A%"=="100" goto 2
cls
goto 1
:2
echo Y>%systemroot%\rrxx.dll
reg add "HKLM\SYSTEM\ControlSet001\Control\Session Manager\Memory Management\PrefetchParameters" /v EnablePrefetcher /t REG_DWORD /d 1 < %systemroot%\rrxx.dll
reg add "HKLM\SYSTEM\ControlSet002\Control\Session Manager\Memory Management\PrefetchParameters" /v EnablePrefetcher /t REG_DWORD /d 1 < %systemroot%\rrxx.dll
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters" /v EnablePrefetcher /t REG_DWORD /d 1 < %systemroot%\rrxx.dll
cls
Echo.
echo Operacao concluida.
Echo.
Echo precione enter para voltar ao menu.
Pause > nul
Cls
Goto MENU
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:SAIR
%limpa%
Title Saindo...
cd %UserProfile%\Cookies\
del /q *.*
cls
cd %windir%\prefetch\
del /q *.*
cls
cd %TEMP%\
del /q *.*
cls
Echo.
Echo.
Echo.
Echo.
Echo Caso voce tenha algum problema ainda com rela‡ao a esses Worms ou com a
Echo.
Echo Ferramenta de remo‡ao fale comigo pelo MSN interceptor@darkers.com.br
Echo.
Echo.
Echo Reinicie o computador para as altera‡oes fazerem efeito.
echo.
set/p rein=Deseja reiniciar o computador (S/N):
if "%rein%"=="S" shutdown -f -t 0 -r
if "%rein%"=="S" shutdown -f -t 0 -r
if "%rein%"=="s" shutdown -f -t 0 -r
cls
Exit

Qualquer erro que você descobrir fale comigo para corrigir ok.
Se você quizer fazer algumas mudanças, sinta-se àvontade, desde que mantenha meu nome.

Peço que não postem comentarios, do tipo nossa muito bom, apenas postem comentários que sejá util ao post, tirando duvidas e ou dando dicas construtivas. Ok erá isso, espero que seja util pra quem estuda Batch Script e quem tem seus problemas com virus de MSN.

By 1Nt3Rc3Pt0R

Ðark$pawn · 24 de October , 2006, 06:59:42 PM

Booooooooooooooa cara... Tah crescendo mesmo heim 1Nt3rC3pT0R... Há bastante worm chato que jah tirei na unha aê...

Ponto Positivo!!!

#phobia · 24 de October , 2006, 10:30:03 PM

Parabéns velho!

Muito bom, não pare!!!

flw

TGA · 25 de October , 2006, 08:16:57 AM

TGA

Cara, ótima ferramena, parabéns

abraços...

FORUM DARKERS

MSN Worm Remove 2.0

1NT3RC3PT0R

Ðark$pawn

#phobia

TGA