Results 1 to 3 of 3

Thread: How to Get Rid of Malware?

  1. #1

    Thread Starter
    Banned
    Join Date
    Feb 2014
    Posts
    1

    How to Get Rid of Malware?

    Malware, short for malicious software, is software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software,How to Get Rid of Malware?

  2. #2
    Lively Member
    Join Date
    Dec 2010
    Location
    http://bbat.forumeiro.com/
    Posts
    86

    Lightbulb Re: How to Get Rid of Malware?

    Hi
    Did you mean that you think that your are infected ? and you wonder how to get rid of this malware ?
    If this what do you think, so follow me setp by step

    Get on the desktop Malwarebyte 's Anti -Malware
    • = > Double- click on mbam -setup to start the installation
    • = > Install simply without change
    • => Get updates ( Click on "Update " and then "Search for updates ").
    • = > If the update has failed, do after execution software = > tab " Update"
    • => When the program started ==> Check Perform full scan
    • => Click Search
    • => Optionally uncheck hard not to analyze
    • => Click Start review
    • => At the end of scan ( about 1 hour ) if infection found
    • => Click Show results
    • = > Close your running applications
    • => If MalwareByte 's is not detected , click OK A report will appear close it.
    • => If MalwareByte 's detected infections, then click Show results Check if everything is checked, and click Remove Selected.
    • => Note: If MalwareByte 's need to reboot to complete the removal , accept by clicking " OK" .
      report opens copy and paste the answer


    and complete the work with : AdwCleaner
    AdwCleaner is a tool to remove :

    • The adware ( advertising programs )
    • The PUP / LPIS ( PUPs )
    • The toolbar ( toolbars grafted browser )
    • The hijacker (hijacking of the homepage )


    so download AdwCleaner ( Of Xplode ) on your desktop.


    You can also test with YAC


  3. #3
    Lively Member
    Join Date
    Dec 2010
    Location
    http://bbat.forumeiro.com/
    Posts
    86

    Thumbs up Re: How to Get Rid of Malware?

    Hi
    I just make a new Vbscript , so it is a tool to facilitate research for VBS files in order to help people who feel infected by some viruses of this type.
    This script generates a report file that contains all the running processes and the elements to autostart.
    It creates a password protected RAR archive intended for later analysis.
    So you can try it, and i wish you a good luck for you
    Code:
    '*********************************************************** Description du Script **************************************************************
    'C'est un outil pour faciliter la recherche des fichiers de type VBS afin d'aider les gens qui se sentent infectés par certains virus de ce type.
    'Ce script génère un fichier rapport qui contient tous les processus en cours d'exécution et les éléments à démarrage automatique.
    'Il crée une archive protégé par un mot de passe de type RAR destiné pour l'analyse ultérieurement.
    '************************************************************************************************************************************************
    Option Explicit
    Dim fso,ws,MyDoc,d,bf,dc,racine,ExtensionType,ExtensionType2,Password,Protected_Destination
    Dim arrResult,sDrv,sFName,sFile,Source,Destination,NomFichierLog,OutPut
    Set fso = CreateObject("Scripting.FileSystemObject")
    Set ws = CreateObject("Wscript.Shell")
    MyDoc=ws.SpecialFolders("MyDocuments")'Dossier Mes Documents
    Set bf = fso.GetFolder(MyDoc)
    ExtensionType  = "VBS"
    ExtensionType2  = "VBE" 
    Source = MyDoc & "\" & ExtensionType
    Call CreateFolder(ExtensionType)
    NomFichierLog="Liste_Processus.txt"
    Set OutPut = fso.CreateTextFile(Source & "\" & NomFichierLog,2)
    Destination = MyDoc & "\" & ExtensionType & ".rar" 'Nom de l'archive normale sans protection par mot de passe
    Protected_Destination = MyDoc & "\" & ExtensionType & "_Protected_" &  Day(Now) & "_" & Month(Now) & "_" & Year(Now) & "-"  & Hour(Now) & "-" & Minute(Now) & ".rar" 'Nom de l'archive protégé par mot de passe
    Password = "123456"
    '**************************************************************************************************
    'Appel des procédures ListProcessCmdLine() + FindScript() + Scan()
    Call ListProcessCmdLine()
    Call FindScript()
    Call Scan() 
    '**************************************************************************************************
    Sub Scan()
    	Dim Titre
    	Titre = "Recherche des fichiers de type VBS © Hackoo © 2014"
    	Call CreateFolder(ExtensionType)
    	ws.Popup Titre + Vbcrlf + "Veuillez SVP Patienter un peu . . .","5",Titre,64
    	Set dc  = fso.Drives
    	For Each d in dc 
    		If d.IsReady Then
    			racine = d.Driveletter & ":"
    			GetResults racine,ExtensionType
    			GetResults racine,ExtensionType2
    		End If
    	Next
    	Call Compression(Source,Protected_Destination,Password)'L'archive est protégé par un mot de passe
    	MsgBox "Le Scan est Terminé !" & vbcrlf & "Envoyer le fichier " & DblQuote(Protected_Destination) &_
    	" vers le site "+ DblQuote("http://www.cjoint.com/"),64,"Le Scan est Terminé ! " + Titre
    	ws.run "Explorer /n,/select," & Protected_Destination
    	wscript.Sleep 5000
    	ws.run "http://www.cjoint.com/"
    End Sub
    '**********************************************************************************************
    'Fonction pour ajouter les doubles quotes dans une variable
    Function DblQuote(Str)
    	DblQuote = Chr(34) & Str & Chr(34)
    End Function
    '**********************************************************************************************
    Sub GetResults(drv,fname)
    	On Error Resume Next
    	Dim sWQL,oFile,Results
    	sWQL     = "select * from cim_datafile where Drive='" & _
    	drv & "' AND Extension = '" & fname & "'"
    	For Each oFile In GetObject("winmgmts:").execquery(sWQL)
    		sFile   = oFile.Name
    		CopyFile sFile,ExtensionType
    	Next
    End Sub
    '**********************************************************************************
    Sub CreateFolder(name)
    	Set fso  = CreateObject("Scripting.FileSystemObject")
    	If Not FSO.FolderExists(bf & "\" & name) Then
    		bf.subFolders.Add(name)
    		Else : Exit Sub
    	End If
    End Sub
    '**********************************************************************************
    Function CopyFile(sFile,name)
    	Dim  fso,ws,MyDoc,bf
    	Set FSO = CreateObject("Scripting.FileSystemObject")
    	Set ws = CreateObject("Wscript.Shell")
    	MyDoc = ws.SpecialFolders("MyDocuments")'Dossier Mes Documents
    	Set bf = fso.GetFolder(MyDoc)
    	If FSO.FolderExists(bf & "\" & name) Then
    		FSO.GetFile(sFile).Copy bf & "\" & name & "\" & FSO.GetFileName(sFile),True
    	Else
    		MsgBox "erreur du chemin",16,"erreur du chemin"
    	End If
    End Function
    '**********************************************************************************
    Function Compression(Source,Destination,Password)
    	Dim oFSO,oShell,aScriptFilename,sScriptFilename
    	Dim sWorkingDirectory,ProgramFiles,sWinZipLocation
    	Set oFSO = WScript.CreateObject("Scripting.FileSystemObject")
    	Set oShell = WScript.CreateObject("Wscript.Shell")
    '--------Trouver le répertoire de travail--------
    	aScriptFilename = Split(Wscript.ScriptFullName, "\")
    	sScriptFilename = aScriptFileName(Ubound(aScriptFilename))
    	sWorkingDirectory = Replace(Wscript.ScriptFullName, sScriptFilename, "")
    '--------------------------------------
    	ProgramFiles = oShell.ExpandEnvironmentStrings("%ProgramFiles%")
    '-------S'assurer que nous pouvons trouver WinRAR.exe------
    	If oFSO.FileExists(sWorkingDirectory & " " & "Winrar.EXE") Then
    		sWinZipLocation = ""
    	ElseIf oFSO.FileExists(ProgramFiles &"\Winrar\Winrar.EXE") Then
    		sWinZipLocation = ProgramFiles &"\Winrar\"
    	Else
    		Compression = "Erreur : Impossible de trouver Winrar.exe"
    		MsgBox Compression,16,Compression
    		ws.run "http://www.win-rar.com"
    		Wscript.Quit
    	End If
    '--------------------------------------
    'La Commande A : Signifie ==> ajouter à une archive
    'La Commande M : Sert à déplacer les fichiers et les dossiers vers une archive
    'Le Commutateur -IBCK ==> Signifie : Lancer WinRAR en arrière-plan
    	If Password = "" Then
    		oShell.Run """" & sWinZipLocation & "winrar.exe"" M -IBCK """ & _
    		Destination & """ """ & Source & """",0,True 
    	Else
    'Le Commutateur -P<mot_de_passe> : Pour utiliser un mot de passe
    'Le Commutateur -HP[mot_de_passe] : chiffrer les données et les en-têtes du fichier
    		oShell.Run """" & sWinZipLocation & "winrar.exe"" M -IBCK -hp"&Password&" """ & _
    		Destination & """ """ & Source & """",0,True 
    	End If
    	If oFSO.FileExists(Destination) Then
    		Compression = 1
    	Else
    		Compression = "Erreur : Création d'archives a échoué !"
    		MsgBox Compression,16,Compression
    	End If
    End Function
    '************************************************************************************************
    'Les éléments à démarrage automatique + ListProcessCmdLine.vbs
    '************************************************************************************************
    Sub ListProcessCmdLine()
    	Dim fso,ws,ProcessEnv,NomMachine,NomUtilisateur,strComputer,objWMIService
    	Dim colProcesses,objProcess,ProcessName,ProcessID,CommandLine,count,Texte
    	Set fso = CreateObject("Scripting.FileSystemObject")
    	Set Ws = CreateObject("WScript.Shell")
    	Set ProcessEnv = Ws.Environment("Process")
    	NomMachine = ProcessEnv("COMPUTERNAME") 
    	NomUtilisateur = ProcessEnv("USERNAME") 
    	strComputer = "."
    	Set objWMIService = GetObject("winmgmts:" _
    	& "{impersonationLevel=impersonate}!\\" _ 
    	& strComputer & "\root\cimv2") 
    	Set colProcesses = objWMIService.ExecQuery ("Select * from Win32_Process")
    	count=0 
    	Call Infosys()
    	OutPut.WriteLine String(14,"*")& "Liste des Processus en cours d'exécution le " & date & " à " & time & " sur Le PC "& NomMachine &" connecté en tant que " & NomUtilisateur & String(14,"*")& vbNewline & String(80,"*")
    	For Each objProcess in colProcesses
    		ProcessName = objProcess.Name
    		ProcessID = objProcess.ProcessID
    		CommandLine = objProcess.CommandLine
    		count=count+1
    		Texte = "Numéro PID = "& objProcess.ProcessID & VbNewLine & "Nom du Processus = " & objProcess.Name & VbNewLine &"Ligne de Commande = "& objProcess.CommandLine &_
    		VbNewLine & String(100,"*")
    		OutPut.WriteLine Texte
    	Next
    	OutPut.WriteLine  "Il y a "& Count &" Processus en cours d'exécution le " & date & " à " & time & " sur Le PC "& NomMachine &" connecté en tant que " & NomUtilisateur & vbNewline
    	Call StartupCommand
    End Sub
    '**********************************************************************************
    Function StartupCommand()
    	Dim strComputer,resultat,strMessage,objWMIService,objStartupCommand,colStartupCommands
    	strComputer = "."
    	resultat=""
    	Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
    	Set colStartupCommands = objWMIService.ExecQuery ("Select * from Win32_StartupCommand")
    	For Each objStartupCommand in colStartupCommands
    		resultat=resultat & "Nom: " & objStartupCommand.Name & vbNewline
    		resultat=resultat & "Description: " & objStartupCommand.Description & vbNewline
    		resultat=resultat & "Emplacement: " & objStartupCommand.Location & vbNewline
    		resultat=resultat & "Commande: " & objStartupCommand.Command & vbNewline
    		resultat=resultat & "Utilisateur: " & objStartupCommand.User & vbNewline
    		resultat=resultat & String(100,"*") & vbNewline 
    	Next
    	OutPut.WriteLine String(50,"*") &" Les éléments à démarrage automatique "& String(40,"*")
    	OutPut.WriteLine resultat
    end Function
    '********************************************************************************** 
    Function InfoSys()
    	Dim strComputer,strMessage,objWMIService
    	Dim objComputer,colSettings,colSettings2,colSettings3,objBIOS,objOperatingSystem
    	strComputer = "."
    	strMessage=""
    	Set objWMIService = GetObject("winmgmts:"  & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
    	Set colSettings = objWMIService.ExecQuery  ("Select * from Win32_ComputerSystem")
    	Set colSettings2 = objWMIService.ExecQuery ("Select * from Win32_BIOS")
    	Set colSettings3 = objWMIService.ExecQuery ("Select * from Win32_OperatingSystem")
    	For Each objBIOS in colSettings2 
    		strMessage=strMessage & "BIOS " & objBIOS.Version & vbNewline & vbNewline
    	Next
    	For Each objComputer in colSettings 
    		strMessage=strMessage & "Nom de l'ordinateur : " & objComputer.Name & vbNewline & "Fabriquant: " & objComputer.Manufacturer & vbNewline & "Modèle : " & objComputer.Model & vbNewline & vbNewline
    	Next
    	For Each objOperatingSystem in colSettings3
    		strMessage=strMessage &  objOperatingSystem.Name & vbNewline
    		strMessage=strMessage &  "Version " & objOperatingSystem.Version & vbNewline
    		strMessage=strMessage &  "Service Pack " & objOperatingSystem.ServicePackMajorVersion & "." & objOperatingSystem.ServicePackMinorVersion &vbNewline
    		strMessage=strMessage &  "Dossier de Windows: " & objOperatingSystem.WindowsDirectory &vbNewline
    	Next
    	OutPut.WriteLine strMessage
    end Function
    '***************************************************************************************************
    Sub FindScript()
    	Dim Titre,colItems,objItem,count,Processus,Question
    	Titre = " Processus "& DblQuote("wscript.exe")' Le Titre
    	OutPut.WriteLine Titre & VbCrLF & String(50,"*") 
    'Trouver toutes les instances du processus "wscript.exe" sauf le mien
    	Set colItems = GetObject("winmgmts:").ExecQuery("Select * from Win32_Process " _
    	& "Where Name like '%wscript.exe%' AND NOT commandline like '%" & wsh.scriptname & "%'",,48)
    	For Each objItem in colItems
    		count= count + 1 ' incrémenter le compteur
    		Processus = Mid(objItem.CommandLine,InStr(objItem.CommandLine,""" """) + 2) 'Extraction du chemin du script en ligne de commande
    'et l'afficher dans un MsgBox
    		Question = MsgBox ("Voulez-vous stopper ce script : "& Processus &" ?" ,VBYesNO+VbQuestion,Titre)
    		If Question = VbYes then
    			OutPut.WriteLine Processus 'Ecrire le même résultat dans le fichier Log
    			objItem.Terminate(0)'Tuer ce processus
    		else
    			count= count - 1 'décrementer le compteur de -1
    		End if
    	Next
    	OutPut.WriteLine String(50,"*") 'écrire une étoile "*" 50 fois
    	OutPut.WriteLine count & Titre & " ont été arrêtés !"'Ecrire le compteur du script dans le fichier Log
    	OutPut.WriteLine String(50,"*") 'écrire une étoile "*" 50 fois
    	OutPut.Close
    End Sub
    '***************************************************************************************************
    Last edited by Hackoo; Feb 20th, 2014 at 04:51 AM. Reason: Update Script : "Adding Function FindScript()"


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width