 [main]
name=TEGAM International ViGUARD
detect-registry=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViGUARD
fullname=TEGAM International ViGUARD
type=uninstall
;;Tested versions: 8.3, 9.3, 10 ;;
;;Works on Windows XP! ;;
;;Works on Win98 if Viguard isn't in memory ;;
[ak]
ak_use=true
[script]
On Error Resume Next
Dim WshShell, fso, objReg
const HKEY_LOCAL_MACHINE = &H80000002
Set WshShell = CreateObject("WScript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")
Call kleaner.Echo("->Script Begin")
tmp1 = False
tmp1 = kleaner.Kill("service.exe,m6")
Call kleaner.Echo("->tmp1: " & tmp1)
Call kleaner.Sleep(5000)
tmp1 = kleaner.Kill("service.exe,m6")
Call kleaner.Echo("->tmp1: " & tmp1)
Call kleaner.Sleep(5000)
tmp1 = kleaner.Kill("service.exe,m6")
Call kleaner.Echo("->tmp1: " & tmp1)
Call kleaner.Sleep(5000)
tmp2 = False
tmp2 = kleaner.Kill("sdload32.exe,m6")
Call kleaner.Echo("->tmp2: " & tmp2)
Call kleaner.Sleep(5000)
tmp2 = kleaner.Kill("sdload32.exe,m6")
Call kleaner.Echo("->tmp2: " & tmp2)
Call kleaner.Sleep(5000)
tmp2 = kleaner.Kill("sdload32.exe,m6")
Call kleaner.Echo("->tmp2: " & tmp2)
Call kleaner.Sleep(5000)
''''''''''''''''''''''''''''''''''''
If tmp1 = True And tmp2 = True Then
''''''''''''''''''''''''''''''''''''
Call kleaner.Echo("->Execute script")
Call kleaner.Apply("assassinatesrv", "assassinate")
InstallLocation = WshShell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Tegam\ViGUARD\Settings\Directory")
LastCharInstallLocation = Mid(InstallLocation,Len(InstallLocation),1)
If StrComp(LastCharInstallLocation, "\", 1) = 0 Then
InstallLocation = Left(InstallLocation,Len(InstallLocation)-1)
End If
InstallLocation = Replace(InstallLocation, """", "")
CommonProgs = WshShell.RegRead("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders\Common Programs")
ProgramsFolder = WshShell.RegRead("HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Programs")
CommonAppData = WshShell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData")
Bases = CommonAppData & "\ViGUARD"
Locati
Locati
Set f = fso.GetFolder(CommonProgs)
Set allfolders = f.SubFolders
For Each f1 in allfolders
folderName = f1.name
Call kleaner.Echo("->folderName: " & folderName)
tmp = InStr(1, folderName, "viguard", 1)
If tmp > 0 Then
LocationStartMenuFound = folderName
Call kleaner.Echo("->LocationStartMenuFound: " & LocationStartMenuFound)
Call kleaner.DeleteFolder(CommonProgs & "\" & LocationStartMenuFound)
End If
Next
Set f = fso.GetFolder(ProgramsFolder)
Set allfolders = f.SubFolders
For Each f1 in allfolders
folderName = f1.name
Call kleaner.Echo("->folderName: " & folderName)
tmp = InStr(1, folderName, "viguard", 1)
If tmp > 0 Then
LocationStartMenuFound = folderName
Call kleaner.Echo("->LocationStartMenuFound: " & LocationStartMenuFound)
Call kleaner.DeleteFolder(ProgramsFolder & "\" & LocationStartMenuFound)
End If
Next
Call kleaner.DeleteFolder(InstallLocation)
Call kleaner.DeleteFolder(Bases)
Call kleaner.DeleteFolder(CommonProgs & "\" & LocationStartMenu)
Call kleaner.DeleteFolder(ProgramsFolder & "\" & LocationStartMenu)
TempFolder = fso.GetSpecialFolder(2)
Set file=fso.CreateTextFile(TempFolder&"\UnVIG.vbs", True)
file.WriteLine( "On Error Resume Next" )
file.WriteLine( "Dim WshShell, fso, f, allfiles, allfolders" )
file.WriteLine( "Set WshShell = CreateObject(""WScript.Shell"")" )
file.WriteLine( "Set fso = CreateObject(""Scripting.FileSystemObject"")" )
file.WriteLine( "const HKEY_LOCAL_MACHINE = &H80000002" )
file.WriteLine( "fso.DeleteFolder(""" & InstallLocation &""")" )
file.WriteLine( "fso.DeleteFolder(""" & Bases &""")" )
file.WriteLine( "fso.DeleteFolder(""" & CommonProgs & "\" & LocationStartMenu &""")" )
file.WriteLine( "fso.DeleteFolder(""" & ProgramsFolder & "\" & LocationStartMenu &""")" )
file.WriteLine( "fso.DeleteFolder(""" & CommonProgs & "\" & LocationStartMenuFound &""")" )
file.WriteLine( "fso.DeleteFolder(""" & ProgramsFolder & "\" & LocationStartMenuFound &""")" )
file.WriteLine( "WshShell.RegDelete ""HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vighlpr\""" )
file.WriteLine( "fso.DeleteFile(""" & fso.GetSpecialFolder(0)&"\system32\drivers\vighlpr.sys" &""")" )
file.WriteLine( "WshShell.RegDelete ""HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\virblock\""" )
file.WriteLine( "fso.DeleteFile(""" & fso.GetSpecialFolder(0)&"\system32\drivers\virblock.sys" &""")" )
file.WriteLine( "WshShell.RegDelete ""HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vigservice\""" )
file.WriteLine( "fso.DeleteFile(""" & InstallLocation & "\service.exe" & """)" )
file.WriteLine( "WshShell.RegDelete ""HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vigservicehelper\""" )
file.WriteLine( "fso.DeleteFile(""" & InstallLocation & "\hlprsvc.exe" & """)" )
file.WriteLine( "WshShell.RegDelete ""HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ViGUARD""" )
file.WriteLine( "Set hB = GetObject(""Winmgmts:root\SecurityCenter:AntiVirusProduct.instanceGuid=""""{C7A67B72-19EB-4AEF-B850-01A6DF9DF56C}"""""") ")
file.WriteLine( "hB.Delete_() ")
If KLeaner.IsNT=True Then
file.WriteLine( "Call WshShell.Run(""regedit.exe /S """"" & TempFolder & "\UnVIG.reg"""""",,True)" )
End If
file.WriteLine( "WshShell.RegDelete ""HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UnVIG""" )
file.WriteLine( "WshShell.RegDelete ""HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\UnVIG""" )
file.WriteLine( "fso.DeleteFile(""" & TempFolder&"\UnVIG.reg" &""")" )
file.WriteLine( "fso.DeleteFile(""" & TempFolder & "\UnVIG.vbs" &""")" )
file.Close
Set filereg=fso.CreateTextFile(TempFolder&"\UnVIG.reg", True)
filereg.WriteLine( "REGEDIT4" )
filereg.WriteLine( "" )
If KLeaner.IsNT=False Then
filereg.WriteLine( "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]" )
filereg.WriteLine( """UnVIG""=""" & Replace("wscript.exe //b " & TempFolder & "\UnVIG.vbs" , "\" , "\\") & """")
Else
filereg.WriteLine( "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]" )
filereg.WriteLine( """UnVIG""=""" & Replace("wscript.exe //b " & TempFolder & "\UnVIG.vbs" , "\" , "\\") & """")
End If
filereg.WriteLine( "" )
filereg.Close
Call WshShell.Run("regedit.exe /S " & TempFolder & "\UnVIG.reg ",,True)
Set hB = GetObject("Winmgmts:root\SecurityCenter:AntiVirusProduct.instanceGuid=""{C7A67B72-19EB-4AEF-B850-01A6DF9DF56C}""")
hB.Delete_()
Call kleaner.Apply("removeall", "remove")
''''''''''''''''''''''''''''''''''''
End If
''''''''''''''''''''''''''''''''''''
Call kleaner.Echo("->Script End")
[removeall]
driver=vighlpr
service=vigservice
driver=virblock
service=vigservicehelper
registry=HKEY_LOCAL_MACHINE\SOFTWARE\Tegam
registry=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViGUARD
registry-value=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ViGUARD
registry=HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.XVX
registry=HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.XVX1
registry=HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.XVX2
registry=HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.XVX3
registry=HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.XVX4
registry=HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.XVX5
registry=HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.XVX6
registry=HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.XVX7
registry=HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.XVX8
registry=HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.XVX9
registry=HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fichier de Quarantaine ViGUARD
registry=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViGUARD
[assassinatesrv]
service=vigservicehelper |
发表于 2007-5-28 17:26:49
发表于 2007-5-28 17:28:35
