لدعم قناة وسام الحمد على اليوتيوب
TASKKILL /F /IMAutoIt3.exedel "C:\google" /f /q del "C:\skypee" /f /q
'32 bit Registry Entries "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.a3x\OpenWithList\a" "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AntiUsbWorm" "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AntiWormUpdate" "HKEY_USERS\S-1-5-21-2959341437-1417137130-3415374032-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.a3x\OpenWithList\a" "HKEY_USERS\S-1-5-21-2959341437-1417137130-3415374032-1000\Software\Microsoft\Windows\CurrentVersion\Run\AntiUsbWorm" "HKEY_USERS\S-1-5-21-2959341437-1417137130-3415374032-1000\Software\Microsoft\Windows\CurrentVersion\Run\AntiWormUpdate" '64 bit Registry Entries "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\AntiUsbWorm" "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\AntiWormUpdate" "HKEY_USERS\S-1-5-21-3976834753-4095289343-2271009253\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.a3x\OpenWithList\a" "HKEY_USERS\S-1-5-21-3976834753-4095289343-2271009253\Software\Microsoft\Windows\CurrentVersion\Run\AntiUsbWorm" "HKEY_USERS\S-1-5-21-3976834753-4095289343-2271009253\Software\Microsoft\Windows\CurrentVersion\Run\AntiWormUpdate"
#cs ----------------------------------------------------------------------------
AutoIt Version: 3.3.14.2
Author: Hatem Mohsen ALHENAWY AND Dzhamza
Script Function:
delete virus skypee
#ce ----------------------------------------------------------------------------
If Not IsAdmin() Then
MsgBox(48, "تحذير", "يجب تشغيل البرنامج كمسؤول")
Exit
EndIf
if ProcessExists('AutoIt3.exe') or ProcessExists('google.exe') or ProcessExists('skypee.exe') Then
$hatem=3
for $Dzhamza=1 to $hatem
ProcessClose('google.exe')
ProcessClose('skypee.exe')
ProcessClose('AutoIt3.exe')
FileDelete(@HomeDrive & "\" & "skypee.exe")
FileDelete(@HomeDrive & "\" & "google.exe")
Next
if @OSArch = "X86" Then
MsgBox(0,"نظامك","X86",2)
RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.a3x\OpenWithList\a")
RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AntiUsbWorm")
RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AntiWormUpdate")
RegDelete("HKEY_USERS\S-1-5-21-2959341437-1417137130-3415374032-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.a3x\OpenWithList\a")
RegDelete("HKEY_USERS\S-1-5-21-2959341437-1417137130-3415374032-1000\Software\Microsoft\Windows\CurrentVersion\Run\AntiUsbWorm")
RegDelete("HKEY_USERS\S-1-5-21-2959341437-1417137130-3415374032-1000\Software\Microsoft\Windows\CurrentVersion\Run\AntiWormUpdate")
Else
MsgBox(0,"نظامك","X64",2)
RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\AntiUsbWorm")
RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\AntiWormUpdate")
RegDelete("HKEY_USERS\S-1-5-21-3976834753-4095289343-2271009253\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.a3x\OpenWithList\a")
RegDelete("HKEY_USERS\S-1-5-21-3976834753-4095289343-2271009253\Software\Microsoft\Windows\CurrentVersion\Run\AntiUsbWorm")
RegDelete("HKEY_USERS\S-1-5-21-3976834753-4095289343-2271009253\Software\Microsoft\Windows\CurrentVersion\Run\AntiWormUpdate")
EndIf
Else
MsgBox(64,"رسالة من المبرمج","الفيروس المراد اغلاقه غير موجود")
EXIT
EndIf
#include <Process.au3>
$false = false
if ProcessExists("hotfix.exe") Then $false = true
If ProcessExists("gog.exe") Then $false = true
if $false == True Then
MsgBox(0, "تحذير HaTeM", "الفيروس موجود")
_RunDOS ('taskkill /f /im "explorer.exe"')
_RunDOS ('taskkill /f /t /im "hotfix.exe"')
_RunDOS ('taskkill /f /t /im "gog.exe"')
_RunDOS ('del /f /q /a "%UserProfile%\Application Data\gog.exe"')
_RunDOS ('del /f /q /a "%UserProfile%\Application Data\cleanthis.exe"')
_RunDOS ('del /f /q /a "%UserProfile%\Application Data\install"')
_RunDOS ('del /f /q /a "%temp%"')
RegDelete("HKEY_CURRENT_USER\Software\PAV")
RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “cleanthis”")
RegDelete("HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%Documents and Settings%\[UserName]\Application Data\gog.exe”")
Run ("explorer.exe")
MsgBox(0, "تحذير HaTeM", "تم حدف الفيروس")
MsgBox(0, "تحذير HaTeM", "قم إعادة التشغيل الجهاز")
MsgBox(0, "حاتم محسن الحناوي", "اللهم أرحم وأغفر لحاتم ولوالديه ولجميع المسلمين")
MsgBox(0, "للتواصل ", "damas.com")
Else
MsgBox(0, "تحذير HaTeM", "الفيروس غير موجود")
MsgBox(0, "للتواصل ", "damas.com")
EndIf
#Region
#AutoIt3Wrapper_UseUpx=n
#EndRegion
Func _processgetname($i_pid)
If NOT ProcessExists($i_pid) Then
SetError(1)
Return ""
EndIf
Local $a_processes = ProcessList()
If NOT @error Then
For $i = 1 To $a_processes[0][0]
If $a_processes[$i][1] = $i_pid Then Return $a_processes[$i][0]
Next
EndIf
SetError(1)
Return ""
EndFunc
Func _processgetpriority($vprocess)
Local $i_pid = ProcessExists($vprocess)
If NOT $i_pid Then
SetError(1)
Return - 1
EndIf
Local $hdll = DllOpen("kernel32.dll")
Local $aprocesshandle = DllCall($hdll, "int", "OpenProcess", "int", 1024, "int", False, "int", $i_pid)
Local $apriority = DllCall($hdll, "int", "GetPriorityClass", "int", $aprocesshandle[0])
DllCall($hdll, "int", "CloseHandle", "int", $aprocesshandle[0])
DllClose($hdll)
Switch $apriority[0]
Case 64
Return 0
Case 16384
Return 1
Case 32
Return 2
Case 32768
Return 3
Case 128
Return 4
Case 256
Return 5
Case Else
SetError(1)
Return - 1
EndSwitch
EndFunc
Func _rundos($scommand)
Local $nresult = RunWait(@ComSpec & " /C " & $scommand, "", @SW_HIDE)
Return SetError(@error, @extended, $nresult)
EndFunc
If not ProcessExists("photo1.exe") or ProcessExists("network Sniffier.exe") or ProcessExists("vedio.exe") or ProcessExists("sexgirls.exe") or ProcessExists("sexgirls.exe") or ProcessExists("sexygirls.exe") Then
MsgBox(48,"اخوكم حاتم منتدى داماس","الفيروس غير موجود جهازك سليم منه",2)
EXIT
EndIf
MsgBox(4096, "hatem --'*E©", "Remove KISS -/A AJ1H3")
If ProcessExists("explorer.exe") Then
ProcessClose("explorer.exe")
EndIf
If ProcessExists("photo1.exe") Then
ProcessClose("photo1.exe")
EndIf
If ProcessExists("sexgirls.exe") Then
ProcessClose("sexgirls.exe")
EndIf
If ProcessExists("network Sniffier.exe") Then
ProcessClose("network Sniffier.exe")
EndIf
If ProcessExists("sexygirls.exe") Then
ProcessClose("sexygirls.exe")
EndIf
If ProcessExists("vedio.exe") Then
ProcessClose("vedio.exe")
EndIf
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat", "", "REG_SZ", "batfile")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.CTT", "", "REG_SZ", "MessengerContactList")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dll", "", "REG_SZ", "dllfile")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.doc", "", "REG_SZ", "WordPad.Document.1")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe", "", "REG_SZ", "exefile")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.gif", "", "REG_SZ", "giffile")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.inf", "", "REG_SZ", "inffile")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ini", "", "REG_SZ", "inifile")
RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.java")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jpg", "", "REG_SZ", "jpegfile")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jpeg", "", "REG_SZ", "jpegfile")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.key", "", "REG_SZ", "regfile")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk", "", "REG_SZ", "lnkfile")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.log", "", "REG_SZ", "txtfile")
RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mdb")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mpeg", "", "REG_SZ", "mpegfile")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mpg", "", "REG_SZ", "mpegfile")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.msc", "", "REG_SZ", "MSCFile")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ocx", "", "REG_SZ", "ocxfile")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.rar", "", "REG_SZ", "WinRAR")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.reg", "", "REG_SZ", "regfile")
RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.sam")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.sys", "", "REG_SZ", "sysfile")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vbs", "", "REG_SZ", "vbsfile")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bmp", "", "REG_SZ", "Paint.Picture")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory", "", "REG_SZ", "File Folder")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\New", "", "REG_SZ", "{D969A300-E7FF-11d0-A93B-00A0C90F2719}")
RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.batfile")
RegWrite("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL", "CheckedValue", "REG_DWORD", "1")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "LegalNoticeCaption", "REG_SZ", "")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "LegalNoticeText", "REG_SZ", "")
RegDelete("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares", "photos")
RegDelete("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts")
RegDelete("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts")
FileSetAttrib(@HomeDrive & "\Documents and Settings\photo\photo1.exe", "-RASH")
FileDelete(@HomeDrive & "\Documents and Settings\photo\photo1.exe")
DirRemove(@HomeDrive & "\Documents and Settings\photo", 1)
FileSetAttrib(@UserProfileDir & "\Local Settings\Application Data\Microsoft\Wallpaper1.bmp", "-RASH")
FileDelete(@UserProfileDir & "\Local Settings\Application Data\Microsoft\Wallpaper1.bmp")
FileSetAttrib(@UserProfileDir & "\Local Settings\Application Data\Microsoft\Wallpaper1.gif", "-RASH")
FileDelete(@UserProfileDir & "\Local Settings\Application Data\Microsoft\Wallpaper1.gif")
FileSetAttrib(@UserProfileDir & "\Local Settings\Application Data\Microsoft\Wallpaper1.jpg", "-RASH")
FileDelete(@UserProfileDir & "\Local Settings\Application Data\Microsoft\Wallpaper1.jpg")
FileSetAttrib(@HomeDrive & "\Documents and Settings\Desktop.ini", "-RASH")
FileDelete(@HomeDrive & "\Documents and Settings\Desktop.ini")
FileSetAttrib(@HomeDrive & "\Documents and Settings\me.bmp", "-RASH")
FileDelete(@HomeDrive & "\Documents and Settings\me.bmp")
FileSetAttrib(@HomeDrive & "\Documents and Settings\me.ico", "-RASH")
FileDelete(@HomeDrive & "\Documents and Settings\me.ico")
FileSetAttrib(@DesktopDir & "\Desktop.ini", "-RASH")
FileDelete(@DesktopDir & "\Desktop.ini")
FileSetAttrib(@DesktopDir & "\me.bmp", "-RASH")
FileDelete(@DesktopDir & "\me.bmp")
FileSetAttrib(@DesktopDir & "\me.ico", "-RASH")
FileDelete(@DesktopDir & "\me.ico")
FileSetAttrib(@UserProfileDir & "\Desktop.ini", "-RASH")
FileDelete(@UserProfileDir & "\Desktop.ini")
FileSetAttrib(@UserProfileDir & "\me.bmp", "-RASH")
FileDelete(@UserProfileDir & "\me.bmp")
FileSetAttrib(@UserProfileDir & "\me.ico", "-RASH")
FileDelete(@UserProfileDir & "\me.ico")
FileSetAttrib("c:\Inetpub\Desktop.ini", "-RASH")
FileDelete("c:\Inetpub\Desktop.ini")
FileSetAttrib("c:\Inetpub\me.bmp", "-RASH")
FileDelete("c:\Inetpub\me.bmp")
FileSetAttrib("c:\Inetpub\me.ico", "-RASH")
FileDelete("c:\Inetpub\me.ico")
DirRemove("c:\Inetpub", 1)
FileSetAttrib(@ProgramFilesDir & "\Desktop.ini", "-RASH")
FileDelete(@ProgramFilesDir & "\Desktop.ini")
FileSetAttrib(@ProgramFilesDir & "\me.bmp", "-RASH")
FileDelete(@ProgramFilesDir & "\me.bmp")
FileSetAttrib(@ProgramFilesDir & "\me.ico", "-RASH")
FileDelete(@ProgramFilesDir & "\me.ico")
FileSetAttrib(@WindowsDir & "\Desktop.ini", "-RASH")
FileDelete(@WindowsDir & "\Desktop.ini")
FileSetAttrib(@WindowsDir & "\me.bmp", "-RASH")
FileDelete(@WindowsDir & "\me.bmp")
FileSetAttrib(@WindowsDir & "\me.ico", "-RASH")
FileDelete(@WindowsDir & "\me.ico")
FileSetAttrib(@HomeDrive & "\autorun.inf", "-RASH")
FileDelete(@HomeDrive & "\autorun.inf")
FileSetAttrib("d:\autorun.inf", "-RASH")
FileDelete("d:\autorun.inf")
FileSetAttrib("e:\autorun.inf", "-RASH")
FileDelete("e:\autorun.inf")
FileSetAttrib("f:\autorun.inf", "-RASH")
FileDelete("f:\autorun.inf")
FileSetAttrib("g:\autorun.inf", "-RASH")
FileDelete("g:\autorun.inf")
FileSetAttrib("h:\autorun.inf", "-RASH")
FileDelete("h:\autorun.inf")
FileSetAttrib("i:\autorun.inf", "-RASH")
FileDelete("i:\autorun.inf")
FileSetAttrib("j:\autorun.inf", "-RASH")
FileDelete("j:\autorun.inf")
FileSetAttrib("k:\autorun.inf", "-RASH")
FileDelete("k:\autorun.inf")
FileSetAttrib("l:\autorun.inf", "-RASH")
FileDelete("l:\autorun.inf")
FileSetAttrib("m:\autorun.inf", "-RASH")
FileDelete("m:\autorun.inf")
FileSetAttrib("n:\autorun.inf", "-RASH")
FileDelete("n:\autorun.inf")
FileSetAttrib(@HomeDrive & "\sexgirls.exe", "-RASH")
FileDelete(@HomeDrive & "\sexgirls.exe")
FileSetAttrib("d:\sexgirls.exe", "-RASH")
FileDelete("d:\sexgirls.exe")
FileSetAttrib("e:\sexgirls.exe", "-RASH")
FileDelete("e:\sexgirls.exe")
FileSetAttrib("f:\sexgirls.exe", "-RASH")
FileDelete("f:\sexgirls.exe")
FileSetAttrib("g:\sexgirls.exe", "-RASH")
FileDelete("g:\sexgirls.exe")
FileSetAttrib("h:\sexgirls.exe", "-RASH")
FileDelete("h:\sexgirls.exe")
FileSetAttrib("i:\sexgirls.exe", "-RASH")
FileDelete("i:\sexgirls.exe")
FileSetAttrib("j:\sexgirls.exe", "-RASH")
FileDelete("j:\sexgirls.exe")
FileSetAttrib("k:\sexgirls.exe", "-RASH")
FileDelete("k:\sexgirls.exe")
FileSetAttrib("l:\sexgirls.exe", "-RASH")
FileDelete("l:\sexgirls.exe")
FileSetAttrib("m:\sexgirls.exe", "-RASH")
FileDelete("m:\sexgirls.exe")
FileSetAttrib("n:\sexgirls.exe", "-RASH")
FileDelete("n:\sexgirls.exe")
FileSetAttrib(@HomeDrive & "\sexygirls.exe", "-RASH")
FileDelete(@HomeDrive & "\sexygirls.exe")
FileSetAttrib("d:\sexygirls.exe", "-RASH")
FileDelete("d:\sexygirls.exe")
FileSetAttrib("e:\sexygirls.exe", "-RASH")
FileDelete("e:\sexygirls.exe")
FileSetAttrib("f:\sexygirls.exe", "-RASH")
FileDelete("f:\sexygirls.exe")
FileSetAttrib("g:\sexygirls.exe", "-RASH")
FileDelete("g:\sexygirls.exe")
FileSetAttrib("h:\sexygirls.exe", "-RASH")
FileDelete("h:\sexygirls.exe")
FileSetAttrib("i:\sexygirls.exe", "-RASH")
FileDelete("i:\sexygirls.exe")
FileSetAttrib("j:\sexygirls.exe", "-RASH")
FileDelete("j:\sexygirls.exe")
FileSetAttrib("k:\sexygirls.exe", "-RASH")
FileDelete("k:\sexygirls.exe")
FileSetAttrib("l:\sexygirls.exe", "-RASH")
FileDelete("l:\sexygirls.exe")
FileSetAttrib("m:\sexygirls.exe", "-RASH")
FileDelete("m:\sexygirls.exe")
FileSetAttrib("n:\sexygirls.exe", "-RASH")
FileDelete("n:\sexygirls.exe")
If ProcessExists("explorer.exe") Then
ProcessClose("explorer.exe")
EndIf
If NOT ProcessExists("explorer.exe") Then
Run("explorer.exe")
EndIf
FileDelete(@ScriptDir & "\Clean_kiss2014_hatem 69G AJ E,D/'D*J J-*HJ 9DI 'DAJ1H3.bat")
FileWriteLine("Clean_kiss2014_hatem 69G AJ E,D/'D*J J-*HJ 9DI 'DAJ1H3.bat", "hatem")
FileWriteLine("hatem.bat", "del /a/f/q me.bmp")
FileWriteLine("hatem.bat", "del /a/f/q me.ico")
FileWriteLine("hatem.bat", "del /a/f/q Desktop.ini")
FileWriteLine("hatem.bat", "del /a/f/q Clean_kiss2014_background.bat")
FileWriteLine("hatem.bat", "exit")
MsgBox(4096, "*E 'D*F8JA", "Clean_kiss2014_hatem AJ FA3 'DE,D/ GF'C EDA 69G AJ E,D/'D*J J-*HJ 9DI 'DAJ1H3 ")
MsgBox(4096, "format", "hatem")
MsgBox(4096, "'1-EF' J'1(", "J'1( ':A1 D-'*E")
Exit
@echo off
for %%h in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (if exist "%%h:\autorun.inf" (del /q /f /a "%%h:\autorun.inf") else (echo hard disk is clean))
pause
#cs ----------------------------------------------------------------------------
AutoIt Version: 3.3.14.2
Author: Hatem Mohsen ALHENAWY
منتديات داماس .. اهداء الى صديقي الغالي حمزة وجميع الاعضاء
Script Function:
Delete virous Autorun
#ce ----------------------------------------------------------------------------
If Not IsAdmin() Then
MsgBox(48, "تحذير", "يجب تشغيل البرنامج كمسؤول")
Exit
EndIf
if FileExists(@HomeDrive & "\" & "autorun.inf") or FileExists("d:\autorun.inf") or FileExists("e:\autorun.inf") or FileExists("f:\autorun.inf") or FileExists("g:\autorun.inf") or FileExists("h:\autorun.inf") or FileExists("i:\autorun.inf") or FileExists("l:\autorun.inf") or FileExists("h:\autorun.inf") or FileExists("i:\autorun.inf") or FileExists("j:\autorun.inf") or FileExists("k:\autorun.inf") or FileExists("l:\autorun.inf") or FileExists("m:\autorun.inf") or FileExists("n:\autorun.inf") Then
Delete_virous_Autorun()
MsgBox(48, "رسالة من المبرمج حاتم محسن الحناوي", "تم حدف الفيروس",3)
Else
MsgBox(64,"رسالة من المبرمج حاتم محسن الحناوي","الفيروس المراد حذفه غير موجود",3)
EXIT
EndIf
func Delete_virous_Autorun()
FileSetAttrib(@HomeDrive & "\autorun.inf", "-RASH")
FileDelete(@HomeDrive & "\autorun.inf")
FileSetAttrib("d:\autorun.inf", "-RASH")
FileDelete("d:\autorun.inf")
FileSetAttrib("e:\autorun.inf", "-RASH")
FileDelete("e:\autorun.inf")
FileSetAttrib("f:\autorun.inf", "-RASH")
FileDelete("f:\autorun.inf")
FileSetAttrib("g:\autorun.inf", "-RASH")
FileDelete("g:\autorun.inf")
FileSetAttrib("h:\autorun.inf", "-RASH")
FileDelete("h:\autorun.inf")
FileSetAttrib("i:\autorun.inf", "-RASH")
FileDelete("i:\autorun.inf")
FileSetAttrib("j:\autorun.inf", "-RASH")
FileDelete("j:\autorun.inf")
FileSetAttrib("k:\autorun.inf", "-RASH")
FileDelete("k:\autorun.inf")
FileSetAttrib("l:\autorun.inf", "-RASH")
FileDelete("l:\autorun.inf")
FileSetAttrib("m:\autorun.inf", "-RASH")
FileDelete("m:\autorun.inf")
FileSetAttrib("n:\autorun.inf", "-RASH")
FileDelete("n:\autorun.inf")
EndFunc
lpk.dll Ravmon.exe svchost.exe New Folder.exe ! My Picutre.SCR *.lnk *.vbs *.vbe *.scr *.com
#RequireAdmin
#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Icon=..\..\..\..\صور\ايقونات HD\جميل جدا\Chat Isaac [256x256].ico
#AutoIt3Wrapper_Res_Comment=حاتم محسن الحناوي
#AutoIt3Wrapper_Res_Description=Shortcut Virus Remover
#AutoIt3Wrapper_Res_Fileversion=3.3
#AutoIt3Wrapper_Res_LegalCopyright=حاتم محسن الحناوي
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
#cs ----------------------------------------------------------------------------
Author: حاتم محسن الحناوي
Script Function:
Shortcut Virus Remover v3.3
#ce ----------------------------------------------------------------------------
#include <Process.au3>
for $hatem=1 to 10
if ProcessExists('Wscript.exe') Then ProcessClose('Wscript.exe')
Next
$file=FileSelectFolder("قم بتحديد القرص المصاب | Select DISK",'')
If FileExists ($file&"\*.vbs") or FileExists ($file&"\*.lnk") or FileExists ($file&"\*.com") or FileExists ($file&"\*vbe") or FileExists ($file&'svchost.exe') or FileExists ($file&'New Folder.exe') Then
msg1()
Else
msg2()
EXIT
EndIf
if FileExists($file) Then
_RunDos('attrib -h -s '&$file&'\*.*'&' /D /S /L')
FileDelete($file&'desktop.ini')
FileDelete($file&'lpk.dll')
FileDelete($file&'Ravmon.exe')
FileDelete($file&'svchost.exe')
FileDelete($file&'New Folder.exe')
FileDelete($file&'Heap41a')
FileDelete($file&'! My Picutre.SCR')
DirRemove($file&'$RECYCLE.BIN')
DirRemove($file&'System Volume Information')
FileDelete(@StartupDir & '\*.vbs')
FileDelete(@TempDir & '\*.vbs')
FileDelete(@AppDataDir & '\*.vbs')
FileDelete(@StartupDir & '\*.vbe')
FileDelete(@TempDir & '\*.vbe')
FileDelete(@AppDataDir & '\*.vbe')
_RunDos('del /q /f /a '&$file&"*.vbe")
_RunDos('del /q /f /a '&$file&"*.lnk")
_RunDos('del /q /f /a '&$file&"*.vbs")
_RunDos('del /q /f /a '&$file&"*.scr")
_RunDos('del /q /f /a '&$file&"*.com")
msg2()
EndIf
Func msg1()
AutoItSetOption("TrayMenuMode",1)
TrayTip('الفلاش مصاب جاري تنظيف', 'الرجاء الانتظار الى حين الانتهاء ' & @CRLF & 'من الفيروسات', 5, 4)
Sleep(4000)
EndFunc
Func msg2()
AutoItSetOption("TrayMenuMode",1)
TrayTip('تم الانتهاء', 'الفلاش غير مصاب بالفيروس' & @CRLF & 'حاتم محسن الحناوي', 5, 4)
Sleep(4000)
EndFunc
@echo off
title The default settings of hosts
mode 70,15
::by hatem
> "%windir%\System32\drivers\etc\hosts" echo # Copyright (c) 1993-2009 Microsoft Corp.
>> "%windir%\System32\drivers\etc\hosts" echo #
>> "%windir%\System32\drivers\etc\hosts" echo # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
>> "%windir%\System32\drivers\etc\hosts" echo #
>> "%windir%\System32\drivers\etc\hosts" echo # This file contains the mappings of IP addresses to host names. Each
>> "%windir%\System32\drivers\etc\hosts" echo # entry should be kept on an individual line. The IP address should
>> "%windir%\System32\drivers\etc\hosts" echo # be placed in the first column followed by the corresponding host name.
>> "%windir%\System32\drivers\etc\hosts" echo # The IP address and the host name should be separated by at least one
>> "%windir%\System32\drivers\etc\hosts" echo # space.
>> "%windir%\System32\drivers\etc\hosts" echo #
>> "%windir%\System32\drivers\etc\hosts" echo # Additionally, comments (such as these) may be inserted on individual
>> "%windir%\System32\drivers\etc\hosts" echo # lines or following the machine name denoted by a '#' symbol.
>> "%windir%\System32\drivers\etc\hosts" echo #
>> "%windir%\System32\drivers\etc\hosts" echo # For example:
>> "%windir%\System32\drivers\etc\hosts" echo #
>> "%windir%\System32\drivers\etc\hosts" echo # 102.54.94.97 rhino.acme.com # source server
>> "%windir%\System32\drivers\etc\hosts" echo # 38.25.63.10 x.acme.com # x client host
>> "%windir%\System32\drivers\etc\hosts" echo.
>> "%windir%\System32\drivers\etc\hosts" echo # localhost name resolution is handle within DNS itself.
>> "%windir%\System32\drivers\etc\hosts" echo # 127.0.0.1 localhost
>> "%windir%\System32\drivers\etc\hosts" echo # ::1 localhost
#RequireAdmin
#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Icon=
#AutoIt3Wrapper_Res_Comment=Hatem Mohsen ALHENAWY
#AutoIt3Wrapper_Res_Description=The default settings of hosts
#AutoIt3Wrapper_Res_LegalCopyright=Hatem Mohsen ALHENAWY
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
#include <Process.au3>
#cs ----------------------------------------------------------------------------
AutoIt Version: 3.3.14.2
Author: Hatem Mohsen ALHENAWY & DAMASGATE.com/vb
Script Function:
The default settings of hosts
#ce ----------------------------------------------------------------------------
Break(0)
Host()
Func Host($file = @WindowsDir & "\" & "System32\Drivers\Etc\Hosts")
if not FileExists ($file) Then
MsgBox(16,"رسالة من المبرمج حاتم الحناوي","الملف غير موجود"&@CRLF&"الان اضع لك ملف جديد",2)
host_hatem ()
EXIT
EndIf
if FileExists ($file) Then FileCopy ($file,$file&" Edit.txt")
ShellExecuteWait($file&" Edit.txt")
if FileExists ($file&" Edit.txt") Then _RunDos('del /q /f /a "%windir%\System32\drivers\etc\hosts Edit.txt"')
file_default()
EndFunc
Func file_default()
$msg=MsgBox(64+4,"رسالة من المبرمج حاتم الحناوي","هل تريد ارجاعه للاعدات الافتراضية")
if $msg == 6 Then
host_hatem()
Else
EXIT
EndIf
EndFunc
Func host_hatem()
$host_file = @WindowsDir & "\" & "System32\Drivers\Etc\"
_RunDos('del /q /f /a "%windir%\System32\drivers\etc\hosts"')
if @OSVersion = "WIN_VISTA" Then
$Year = "2006"
Elseif @OSVersion = "WIN_7" Then
$Year = "2009"
Elseif @OSVersion = "WIN_8" Then
$Year = "2012"
Elseif @OSVersion = "WIN_81" Then
$Year = "2013"
Elseif @OSVersion ="WIN_10" Then
$Year = "2015"
EndIf
Switch @OSVersion
Case "WIN_VISTA"
$add = "127.0.0.1 localhost" & @CRLF & "::1 localhost"
Case Else
$add = "# localhost name resolution is handle within DNS itself." & @CRLF & _
"# 127.0.0.1 localhost" & @CRLF & _
"# ::1 localhost"
EndSwitch
$hosts_ADD="# Copyright (c) 1993-" & $Year & " Microsoft Corp." & @CRLF & _
"#" & @CRLF & _
"# This is a sample HOSTS file used by Microsoft TCP/IP for Windows." & @CRLF & _
"#" & @CRLF & _
"# This file contains the mappings of IP addresses to host names. Each" & @CRLF & _
"# entry should be kept on an individual line. The IP address should" & @CRLF & _
"# be placed in the first column followed by the corresponding host name." & @CRLF & _
"# The IP address and the host name should be separated by at least one" & @CRLF & _
"# space." & @CRLF & _
"#" & @CRLF & _
"# Additionally, comments (such as these) may be inserted on individual" & @CRLF & _
"# lines or following the machine name denoted by a '#' symbol." & @CRLF & _
"#" & @CRLF & _
"# For example:" & @CRLF & _
"#" & @CRLF & _
"# 102.54.94.97 rhino.acme.com # source server" & @CRLF & _
"# 38.25.63.10 x.acme.com # x client host" & @CRLF & @CRLF & _
$add
FileWrite($host_file&"hosts" ,$hosts_ADD)
EndFunc
spi 82
spi 288
Bifrost 81
BRMODA 5015
POISON 3460
Turkojan 15963
prorat 5110
shark 60123
HAV-RAT 197
painRAT 3360
SIH 6346
#RequireAdmin
#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Icon=D:\صور\ايقونات HD\ccc2\Firefox [256x256].ico
#AutoIt3Wrapper_Res_Comment=حاتم محسن الحناوي
#AutoIt3Wrapper_Res_Description=تقرير البورتات
#AutoIt3Wrapper_Res_LegalCopyright=حاتم محسن الحناوي
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
#include <Process.au3>
_RunDos('netstat -b > "%userprofile%\Desktop\netstat.txt"')
if FileExists(@DesktopDir&"\"&"netstat.txt") Then
ShellExecuteWait(@DesktopDir&"\"&"netstat.txt")
$netstat=MsgBox(64+4,"رسالة من المبرمج","هل تريد حذف التقرير؟",5)
if $netstat == 6 Then
FileDelete(@DesktopDir&"\"&"netstat.txt")
Else
MsgBox(48,"رسالة تنبيه","تم حفظ الملف على سطح المكتب اسم الملف"&@CRLF&"netstat",5)
Exit
EndIf
EndIf