nanog mailing list archives
Re: Virus Update
From: "Mark Borchers" <markb () infi net>
Date: Thu, 4 May 2000 13:10:43 -0500
On 4 May 00, at 11:57, John Gonzalez/netMDC admin wrote: Date sent: Thu, 4 May 2000 11:57:16 -0600 (MDT) From: John Gonzalez/netMDC admin <ekool () ns1 netmdc com> To: Mark Borchers <markb () infi net> Copies to: nanog () merit edu Subject: Re: Virus Update
On Thu, 4 May 2000, Mark Borchers wrote:Tim Cartwright here at Splitrock has written a cleaner (attached).URL? :)
Sorry, it was in an attachment which evidently did not make
it out to the mailing list. Here it is.
'Written 4-04-2000 by : Tim Cartwright
'This is in response to the LOVE-LETTER-FOR-YOU virus. Needs to be
run before computer re-boot.
objWinDir objSystem32DirobjTempDir objDownLoadDir
strDownLoadFolder
objFsoobjFso = CreateObject("Scripting.FileSystemObject")
Main()
Main()
On Error Resume Next
Set objWinDir = objFso.GetSpecialFolder(0)
Set objSystem32Dir = objFso.GetSpecialFolder(1)
Set objTempDir = objFso.GetSpecialFolder(2)
strDownLoadFolder =
RegRead("HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Download Directory")
If (strDownLoadFolder = "") then
strDownLoadFolder = "c:\"
End If
If objFso.FileExists(strDownLoadFolder & "\WIN-BUGSFIX.exe") Then
DeleteAFile strDownLoadFolder & "\WIN-BUGSFIX.exe"
End If
If objFso.FileExists(objSystem32Dir & "\MSKernel32.vbs") Then
DeleteAFile objSystem32Dir & "\MSKernel32.vbs"
End If
If objFso.FileExists(objWinDir & "\Win32DLL.vbs") Then
DeleteAFile objWinDir & "\Win32DLL.vbs"
End If
If objFso.FileExists(objSystem32Dir & "\LOVE-LETTER-FOR-
YOU.TXT.vbs") Then
DeleteAFile objSystem32Dir & "\LOVE-LETTER-FOR-YOU.TXT.vbs"
End If
RegWrite "HKCU\Software\Microsoft\Internet Explorer\Main\Start
Page", "http://www.microsoft.com/";
RegDelete
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServi
ces\Win32DLL"
RegDelete
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKe
rnel32"
RegDelete
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WIN-
BUGSFIX"
MsgBox "Done."Sub
RegDelete(strRegKey)
On Error Resume Next
Dim objRegEdit
Set objRegEdit = CreateObject("WScript.Shell")
objRegEdit.RegDelete strRegKey
If Err.Number <> 0 Then
Select Case Err.Number
Case -2147024894 'key does not exist
'ignore
Case Else
MsgBox Err.Number & " Error deleteing key : " &
strRegKey & " " & Err.Description
End Select
Err.Clear
End IfSub
RegRead(strKey)
Dim objRegEdit
Set objRegEdit = CreateObject("WScript.Shell")
RegRead = objRegEdit.RegRead(strKey)Function
DeleteAFile(filespec)
objFso.DeleteFile(filespec)Sub
RegWrite(strRegKey,strRegValue)
Dim objRegEdit
Set objRegEdit = CreateObject("WScript.Shell")
objRegEdit.RegWrite strRegKey, strRegValueSub
Current thread:
- Virus Update Branden R. Williams (May 04)
- Re: Virus Update Branden R. Williams (May 04)
- Re: Virus Update Rodney Joffe (May 04)
- Re: Virus Update Christian Nielsen (May 04)
- Re: Virus Update Christian Nielsen (May 04)
- Re: Virus Update Larry Snyder (May 04)
- Re: Virus Update Mark Borchers (May 04)
- Re: Virus Update Mark Borchers (May 04)
- Message not available
- Re: Virus Update Mark Borchers (May 04)
- Re: Virus Update Rodney Joffe (May 04)
- Re: Virus Update Branden R. Williams (May 04)
- Re: Virus Update Andrew Brown (May 04)
- Re: Virus Update Rodney Joffe (May 04)
- RE: Virus Update Roeland Meyer (E-mail) (May 04)
- RE: Virus Update Rachel Luxemburg (May 04)
- RE: Virus Update Christian Nielsen (May 04)
- Re: Virus Update Eric A. Hall (May 04)
- Re: Virus Update David Charlap (May 04)
- Re: Virus Update Eric A. Hall (May 04)
- Re: Virus Update Greg A. Woods (May 04)