On Error Resume Next Dim geekside,nret,nret1,nret2,nret3,nret4,nret5,nret6,nret7,nret8,nret9,nret10,nret11,nret12,nret13,nret14,WSHShell,nret15 Dim nret16,nret17,nret18,nret19,nret20,nret21,nret22,nret23,nret24,nret25,nret26,nret27,nret28,nret29,nret30,nret31,nret32 Dim nret33,nret34,nret35,nret36,nret37,nret38,nret39,nret40,nret41,nret42 Set geekside=WScript.CreateObject("WScript.Shell") Set WSHShell=Wscript.CreateObject("Wscript.Shell") Set objFSO = CreateObject("Scripting.FileSystemObject") Set colDrives = objFSO.Drives Wscript.Echo "Software provisto por MyGeekSide.com para la eliminación del software malicioso amvo, avpo, n1detect" For Each objDrive in colDrives If objDrive.IsReady = True Then Wscript.Echo "Limpiar unidad: " & objDrive.DriveLetter nret13=geekside.Run("cmd /C taskkill /f /im amvo.exe",0,TRUE) nret14=geekside.Run("cmd /C taskkill /f /im avpo.exe",0,TRUE) nret=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\autorun.inf",0,TRUE) nret1=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\ntdeiect.com",0,TRUE) nret2=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\n1detect.com",0,TRUE) nret3=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\n1deiect.com",0,TRUE) nret4=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\n?deiect.com",0,TRUE) nret5=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\nide?ect.com",0,TRUE) nret6=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\u?de?ect.com",0,TRUE) nret7=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\autorun.inf /f /q /a",0,TRUE) nret8=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\ntdeiect.com /f /q /a" ,0,TRUE) nret9=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\n1detect.com /f /q /a",0,TRUE) nret10=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\n?deiect.com /f /q /a",0,TRUE) nret11=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\nide?ect.com /f /q /a",0,TRUE) nret12=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\u?de?ect.com /f /q /a",0,TRUE) nret15=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\amvo.exe",0,TRUE) nret16=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\avpo.exe",0,TRUE) nret17=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\amvo0.dll",0,TRUE) nret18=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\amvo1.dll",0,TRUE) nret41=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\amvo2.dll",0,TRUE) nret19=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\avpo0.dll",0,TRUE) nret20=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\avpo1.dll",0,TRUE) nret23=geekside.Run("cmd /C del /f c:\windows\system32\amvo.exe",0,TRUE) nret24=geekside.Run("cmd /C del /f c:\windows\system32\avpo.exe",0,TRUE) nret25=geekside.Run("cmd /C del /f c:\windows\system32\amvo0.dll",0,TRUE) nret26=geekside.Run("cmd /C del /f c:\windows\system32\amvo1.dll",0,TRUE) nret42=geekside.Run("cmd /C del /f c:\windows\system32\amvo2.dll",0,TRUE) nret27=geekside.Run("cmd /C del /f c:\windows\system32\avpo0.dll",0,TRUE) nret28=geekside.Run("cmd /C del /f c:\windows\system32\avpo1.dll",0,TRUE) nret31=geekside.Run("cmd /C reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ /v amva /f",0,TRUE) nret32=geekside.Run("cmd /C reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ /v avpo /f",0,TRUE) nret33=geekside.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v Hidden /t REG_DWORD /d 1 /f",0,TRUE) nret34=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\ /v CheckedValue /t REG_DWORD /d 2 /f",0,TRUE) nret35=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\ /v DefaultValue /t REG_DWORD /d 2 /f",0,TRUE) nret36=geekside.Run("cmd /C reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\ /v CheckedValue /f",0,TRUE) nret37=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\ /v CheckedValue /t REG_DWORD /d 1 /f",0,TRUE) nret38=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\ /v DefaultValue /t REG_DWORD /d 2 /f",0,TRUE) nret39=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\ /v CheckedValue /t REG_DWORD /d 0 /f",0,TRUE) nret40=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\ /v DefaultValue /t REG_DWORD /d 0 /f",0,TRUE) End If Next Wscript.Echo "Debes reiniciar tu PC para asegurarnos de haber eliminado el software malicioso"