Foro de Spyware - Ver Mensaje Individual

Tema: amvo como bloquearlo

Ver Mensaje Individual

post #1 (permalink)

24/07/08, 12:27:03

sithanubis sithanubis está offline

Usuario

Registrado: ago 2007

Ubicación: alaju

Mensajes: 7

amvo como bloquearlo

El amvo ve que ningun programa lo detecta ni mawarebytes ni nood al dia ni superspyware

yo para darme cuenta de que lo tengo tengo abilitado todos los archivos ocultos
cuendo no los veo se que tengo el condenado bicho.

ahora

para quitarlo ago esto

On Error Resume Next

Dim geekside,nret,nret1,nret2,nret3,nret4,nret5,nret6, nret7,nret8,nret9,nret10,nret11,nret12,nret13,nret 14,WSHShell,nret15
Dim nret16,nret17,nret18,nret19,nret20,nret21,nret22,n ret23,nret24,nret25,nret26,nret27,nret28,nret29,nr et30,nret31,nret32
Dim nret33,nret34,nret35,nret36,nret37,nret38,nret39,n ret40,nret41,nret42,nret43,nret44,nret45,nret46,nr et47,nret48, nret49, nret50
Dim nret51, nret52,nret53,nret54,nret55,nret56,nret57,nret58, nret59, nret60,nret61,nret62,nret63
Dim nret64,nret65,nret66,nret67,nret68,nret69,nret70,n ret71,nret72,nret73,nret74,nret75,nret76,nret77

Set geekside=WScript.CreateObject("WScript.Shell")
Set WSHShell=Wscript.CreateObject("Wscript.Shell")

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set colDrives = objFSO.Drives

Wscript.Echo "Software provisto por MyGeekSide.com para la eliminación del software malicioso amvo, avpo, n1detect"

For Each objDrive in colDrives
If objDrive.IsReady = True Then
Wscript.Echo "Limpiar unidad: " & objDrive.DriveLetter

nret13=geekside.Run("cmd /C taskkill /f /im amvo.exe",0,TRUE)
nret14=geekside.Run("cmd /C taskkill /f /im avpo.exe",0,TRUE)

nret55=geekside.Run("cmd /C taskkill /f /im semo2x.exe.tmp",0,TRUE)
nret58=geekside.Run("cmd /C taskkill /f /im semo2x.exe",0,TRUE)

nret=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\autorun.inf",0,TRUE)
nret1=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\ntdeiect.com",0,TRUE )
nret2=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\n1detect.com",0,TRUE )
nret3=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\n1deiect.com",0,TRUE )
nret4=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\n?deiect.com",0,TRUE )
nret5=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\nide?ect.com",0,TRUE )
nret6=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\u?de?ect.com",0,TRUE )

nret51=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\80*.com",0,TRUE)
nret52=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\semo*.exe",0,TRUE)

nret64=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\dos*.com",0,TRUE)
nret65=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\xfool*.com",0,TRUE)

nret7=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\autorun.inf /f /q /a",0,TRUE)
nret8=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\ntdeiect.com /f /q /a" ,0,TRUE)
nret9=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\n1detect.com /f /q /a",0,TRUE)
nret10=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\n?deiect.com /f /q /a",0,TRUE)
nret11=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\nide?ect.com /f /q /a",0,TRUE)
nret12=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\u?de?ect.com /f /q /a",0,TRUE)

nret53=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\80*.com /f /q /a",0,TRUE)
nret54=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\semo*.exe /f /q /a",0,TRUE)

nret66=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\dos*.com /f /q /a",0,TRUE)
nret67=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\xfool*.com /f /q /a",0,TRUE)

nret15=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\amvo.exe",0,TRUE)
nret16=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\avpo.exe",0,TRUE)
nret17=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\amvo0.dll",0,TRUE)
nret18=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\amvo1.dll",0,TRUE)
nret41=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\amvo2.dll",0,TRUE)
nret19=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\avpo0.dll",0,TRUE)
nret20=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\avpo1.dll",0,TRUE)

nret56=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\semo*.exe.tmp",0,TRUE)
nret60=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\semo*.exe",0,TRUE)

nret23=geekside.Run("cmd /C del /f c:\windows\system32\amvo.exe",0,TRUE)
nret24=geekside.Run("cmd /C del /f c:\windows\system32\avpo.exe",0,TRUE)
nret25=geekside.Run("cmd /C del /f c:\windows\system32\amvo0.dll",0,TRUE)
nret26=geekside.Run("cmd /C del /f c:\windows\system32\amvo1.dll",0,TRUE)
nret42=geekside.Run("cmd /C del /f c:\windows\system32\amvo2.dll",0,TRUE)
nret27=geekside.Run("cmd /C del /f c:\windows\system32\avpo0.dll",0,TRUE)
nret28=geekside.Run("cmd /C del /f c:\windows\system32\avpo1.dll",0,TRUE)

nret57=geekside.Run("cmd /C del /f c:\windows\system32\semo*.exe.tmp",0,TRUE)
nret59=geekside.Run("cmd /C del /f c:\windows\system32\semo*.exe",0,TRUE)

nret31=geekside.Run("cmd /C reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\ /v amva /f",0,TRUE)
nret32=geekside.Run("cmd /C reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\ /v avpo /f",0,TRUE)

nret68=geekside.Run("cmd /C reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\ /v avpa /f",0,TRUE)

nret33=geekside.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\ /v Hidden /t REG_DWORD /d 1 /f",0,TRUE)
nret43=geekside.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\ /v SuperHidden /t REG_DWORD /d 1 /f",0,TRUE)
nret44=geekside.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\ /v ShowSuperHidden /t REG_DWORD /d 1 /f",0,TRUE)

nret45=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Advanced\ /v Hidden /t REG_DWORD /d 1 /f",0,TRUE)
nret46=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Advanced\ /v SuperHidden /t REG_DWORD /d 1 /f",0,TRUE)
nret47=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Advanced\ /v ShowSuperHidden /t REG_DWORD /d 1 /f",0,TRUE)

nret34=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\NOHIDDE N\ /v CheckedValue /t REG_DWORD /d 2 /f",0,TRUE)
nret35=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\NOHIDDE N\ /v DefaultValue /t REG_DWORD /d 2 /f",0,TRUE)

nret36=geekside.Run("cmd /C reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\SHOWALL \ /v CheckedValue /f",0,TRUE)
nret37=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\SHOWALL \ /v CheckedValue /t REG_DWORD /d 1 /f",0,TRUE)
nret38=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\SHOWALL \ /v DefaultValue /t REG_DWORD /d 2 /f",0,TRUE)

nret39=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\SuperHidden\ /v CheckedValue /t REG_DWORD /d 0 /f",0,TRUE)
nret40=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\SuperHidden\ /v DefaultValue /t REG_DWORD /d 0 /f",0,TRUE)

nret48=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\ /v Type /t REG_SZ /d Group /f",0,TRUE)

nret49=geekside.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\ /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f",0,TRUE)
nret50=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Explorer\ /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f",0,TRUE)

End If
Next

nret61=geekside.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\ /v NoFolderOptions /t REG_DWORD /d 0 /f",0,TRUE)
nret62=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\ /v NoFolderOptions /t REG_DWORD /d 0 /f",0,TRUE)
nret63=geekside.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System\ /v DisableRegistryTools /t REG_DWORD /d 0 /f",0,TRUE)

el asunto no es la deteccion ni la eliminacion sino como evitar que este puñado de textos llamado amvo

no se cuele al sisteama .....

alguna sugerencia