on error resume next
msgbox "This special kill is provided by [G-AVR] Gryesign, please follow BLOG to update special kills in time ---/greysign", 64, "Search engine garbled virus special kills, please run it twice to eradicate the virus"
'-----------------------------------------------------------------------------------------------------------------------------
Dim strComputer, strPath, strExePath
Dim objWMI, objFSO
Dim colProcesses
Dim objProcess, objFile
Set objFSO = CreateObject( "" )
strComputer = "."
nCount = 0
strPath = CreateObject("").ExpandEnvironmentStrings _
( "%ProgramFiles%\Internet Explorer\" )
Set objFile = ( strPath )
strPath =
Set objFile = Nothing
Set objWMI = GetObject( "winmgmts:{impersonationLevel=impersonate}\\" & _
strComputer & "\root\cimv2" )
Set colProcesses = ( "SELECT * FROM Win32_Process" & _
" WHERE Name=''" )
For Each objProcess In colProcesses
Set objFile = ( )
strExePath =
Set objFile = Nothing
If StrComp(strExePath, strPath, 1) Then
Else
End If
Next
set objFSO = CreateObject( "" )
strComputer = "."
nCount = 0
strPath = CreateObject("").ExpandEnvironmentStrings _
( "%windir%\system32\" )
Set objFile = ( strPath )
strPath =
Set objFile = Nothing
Set objWMI = GetObject( "winmgmts:{impersonationLevel=impersonate}\\" & _
strComputer & "\root\cimv2" )
Set colProcesses = ( "SELECT * FROM Win32_Process" & _
" WHERE Name=''" )
For Each objProcess In colProcesses
Set objFile = ( )
strExePath =
Set objFile = Nothing
If StrComp(strExePath, strPath, 1) Then
Else
End If
Next
set objFSO = CreateObject( "" )
strComputer = "."
nCount = 0
strPath = CreateObject("").ExpandEnvironmentStrings _
( "%windir%\system32\" )
Set objFile = ( strPath )
strPath =
Set objFile = Nothing
Set objWMI = GetObject( "winmgmts:{impersonationLevel=impersonate}\\" & _
strComputer & "\root\cimv2" )
Set colProcesses = ( "SELECT * FROM Win32_Process" & _
" WHERE Name=''" )
For Each objProcess In colProcesses
Set objFile = ( )
strExePath =
Set objFile = Nothing
If StrComp(strExePath, strPath, 1) Then
Else
End If
Next
set objFSO = CreateObject( "" )
strComputer = "."
nCount = 0
strPath = CreateObject("").ExpandEnvironmentStrings _
( "%windir%\system32\" )
Set objFile = ( strPath )
strPath =
Set objFile = Nothing
Set objWMI = GetObject( "winmgmts:{impersonationLevel=impersonate}\\" & _
strComputer & "\root\cimv2" )
Set colProcesses = ( "SELECT * FROM Win32_Process" & _
" WHERE Name=''" )
For Each objProcess In colProcesses
Set objFile = ( )
strExePath =
Set objFile = Nothing
If StrComp(strExePath, strPath, 1) Then
Else
End If
Next
set objFSO = CreateObject( "" )
strComputer = "."
nCount = 0
strPath = CreateObject("").ExpandEnvironmentStrings _
( "%windir%\system32\" )
Set objFile = ( strPath )
strPath =
Set objFile = Nothing
Set objWMI = GetObject( "winmgmts:{impersonationLevel=impersonate}\\" & _
strComputer & "\root\cimv2" )
Set colProcesses = ( "SELECT * FROM Win32_Process" & _
" WHERE Name=''" )
For Each objProcess In colProcesses
Set objFile = ( )
strExePath =
Set objFile = Nothing
If StrComp(strExePath, strPath, 1) Then
Else
End If
Next
set objFSO = CreateObject( "" )
strComputer = "."
nCount = 0
strPath = CreateObject("").ExpandEnvironmentStrings _
( "%windir%\system32\" )
Set objFile = ( strPath )
strPath =
Set objFile = Nothing
Set objWMI = GetObject( "winmgmts:{impersonationLevel=impersonate}\\" & _
strComputer & "\root\cimv2" )
Set colProcesses = ( "SELECT * FROM Win32_Process" & _
" WHERE Name=''" )
For Each objProcess In colProcesses
Set objFile = ( )
strExePath =
Set objFile = Nothing
If StrComp(strExePath, strPath, 1) Then
Else
End If
Next
set objFSO = CreateObject( "" )
strComputer = "."
nCount = 0
strPath = CreateObject("").ExpandEnvironmentStrings _
( "%windir%\" )
Set objFile = ( strPath )
strPath =
Set objFile = Nothing
Set objWMI = GetObject( "winmgmts:{impersonationLevel=impersonate}\\" & _
strComputer & "\root\cimv2" )
Set colProcesses = ( "SELECT * FROM Win32_Process" & _
" WHERE Name=''" )
For Each objProcess In colProcesses
Set objFile = ( )
strExePath =
Set objFile = Nothing
Next
Set colProcesses = Nothing
Set objWMI = Nothing
'======================================================================
set w=getobject("winmgmts:")
set p=("select * from win32_process where name=''")
for each i in p
next
on error resume next
set w=getobject("winmgmts:")
set p=("select * from win32_process where name=''")
for each i in p
next
set w=getobject("winmgmts:")
set p=("select * from win32_process where name=''")
for each i in p
next
set w=getobject("winmgmts:")
set p=("select * from win32_process where name=''")
for each i in p
next
set w=getobject("winmgmts:")
set p=("select * from win32_process where name=''")
for each i in p
next
set w=getobject("winmgmts:")
set p=("select * from win32_process where name=''")
for each i in p
next
set w=getobject("winmgmts:")
set p=("select * from win32_process where name=''")
for each i in p
next
set w=getobject("winmgmts:")
set p=("select * from win32_process where name=''")
for each i in p
next
set w=getobject("winmgmts:")
set p=("select * from win32_process where name=''")
for each i in p
next
set w=getobject("winmgmts:")
set p=("select * from win32_process where name=''")
for each i in p
next
set w=getobject("winmgmts:")
set p=("select * from win32_process where name=''")
for each i in p
next
set w=getobject("winmgmts:")
set p=("select * from win32_process where name=''")
for each i in p
next
set w=getobject("winmgmts:")
set p=("select * from win32_process where name=''")
for each i in p
next
set w=getobject("winmgmts:")
set p=("select * from win32_process where name=''")
for each i in p
next
set w=getobject("winmgmts:")
set p=("select * from win32_process where name=''")
for each i in p
next
'-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
'-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
set fso=createobject("")
set del=("")
d1=("%temp%\")
d2=("%temp%\")
d3=("%temp%\")
d4=("%temp%\")
d5=("%temp%\")
d6=("%temp%\")
d7=("%temp%\")
d8=("%temp%\")
d9=("%temp%\")
d10=("%temp%\")
d11=("%temp%\")
d12=("%temp%\")
d13=("%temp%\")
d14=("%temp%\")
d15=("%temp%\")
d16=("%temp%\")
d17=("%temp%\")
d18=("%temp%\")
d19=("%temp%\")
d20=("%temp%\")
d21=("%temp%\")
d22=("%programfiles%\Intern~1\PLUGINS\")
d23=("%programfiles%\Intern~1\PLUGINS\")
d24=("%temp%\")
d25=("%temp%\")
d26=("%windir%\system32\")
d27=("%windir%\system32\")
d28=("%windir%\system32\")
d29=("%windir%\system32\")
d30=("%temp%\")
d31=("%temp%\")
d32=("%temp%\")
d33=("%temp%\")
d34=("%temp%\")
d35=("%temp%\")
d36=("%temp%\")
d37=("%temp%\")
d38=("%temp%\")
d39=("%temp%\")
d40=("%temp%\")
d41=("%temp%\")
d42=("%programfiles%\Intern~1\")
d43=("%programfiles%\Intern~1\")
d44=("%temp%\")
d45=("%temp%\")
d46=("%temp%\")
d47=("%temp%\")
set v1=(d1)
set v2=(d2)
set v3=(d3)
set v4=(d4)
set v5=(d5)
set v6=(d6)
set v7=(d7)
set v8=(d8)
set v9=(d9)
set v10=(d10)
set v11=(d11)
set v12=(d12)
set v13=(d13)
set v14=(d14)
set v15=(d15)
set v16=(d16)
set v17=(d17)
set v18=(d18)
set v19=(d19)
set v20=(d20)
set v21=(d21)
set v22=(d22)
set v23=(d23)
set v24=(d24)
set v25=(d25)
set v26=(d26)
set v27=(d27)
set v28=(d28)
set v29=(d29)
set v30=(d30)
set v31=(d31)
set v32=(d32)
set v33=(d33)
set v34=(d34)
set v35=(d35)
set v36=(d36)
set v37=(d37)
set v38=(d38)
set v39=(d39)
set v40=(d40)
set v41=(d41)
set v42=(d42)
set v43=(d43)
set v44=(d44)
set v45=(d45)
set v46=(d46)
set v47=(d47)
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
=0
'-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
'-----------------------------------------------------------------------------------------------------------------------------
CreateFolderCreateObject("").CreateFolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").CreateFolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").CreateFolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").CreateFolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").CreateFolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").CreateFolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").CreateFolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").CreateFolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").CreateFolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").CreateFolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").CreateFolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").CreateFolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").CreateFolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").CreateFolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").CreateFolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").CreateFolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").CreateFolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").CreateFolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").CreateFolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").CreateFolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").CreateFolder CreateObject("").ExpandEnvironmentStrings("%programfiles%\Intern~1\PLUGINS\")
CreateObject("").CreateFolder CreateObject("").ExpandEnvironmentStrings("%programfiles%\Intern~1\PLUGINS\")
CreateObject("").CreateFolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").CreateFolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").Createfolder CreateObject("").ExpandEnvironmentStrings("%windir%\system32\")
CreateObject("").Createfolder CreateObject("").ExpandEnvironmentStrings("%windir%\system32\")
CreateObject("").Createfolder CreateObject("").ExpandEnvironmentStrings("%windir%\system32\")
CreateObject("").Createfolder CreateObject("").ExpandEnvironmentStrings("%windir%\system32\")
CreateObject("").Createfolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").Createfolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").Createfolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").Createfolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").Createfolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").Createfolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").Createfolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").Createfolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").Createfolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").Createfolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").Createfolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").Createfolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").Createfolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").Createfolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
CreateObject("").CreateFolder CreateObject("").ExpandEnvironmentStrings("%programfiles%\Intern~1\")
CreateObject("").CreateFolder CreateObject("").ExpandEnvironmentStrings("%programfiles%\Intern~1\")
CreateObject("").Createfolder CreateObject("").ExpandEnvironmentStrings("%temp%\")
'-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
'-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
set fso=createobject("")
set drvs=
for each drv in drvs
if =1 or =2 or =3 or =4 then
set u=(&":\")
=0
end if
next
'-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
'-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
set reg=("")
Set objFSO = CreateObject( "" )
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit", ( 1 ) & "\,","REG_SZ"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue",1,"REG_DWORD"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\DefaultValue",2,"REG_DWORD"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\CheckedValue",2,"REG_DWORD"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\DefaultValue",2,"REG_DWORD"
"HKEY_CLASSES_ROOT\CLSID\{06E6B6B6-BE3C-6E23-6C8E-B833E2CE63B8}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{06E6B6B6-BE3C-6E23-6C8E-B833E2CE63B8}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{01F6EB6F-AB5C-1FDD-6E5B-FB6EE3CC6CD6}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{A6011F8F-A7F8-49AA-9ADA-49127D43138F}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fysa"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jtsa"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mhsa"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qjsa"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qqsa"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wgsa"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wlsa"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wmsa"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wosa"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztsa"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nwizAskTao"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nwiztlbb"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rxsa"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dasa"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tlsa"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wdsa"
'-----------------------------------------------------------------------------------------------------------------------------
'-----------------------------------------------------------------------------------------------------------------------------
'-----------------------------------------------------------------------------------------------------------------------------
'-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
set fso=createobject("")
Set objFSO = CreateObject( "" )
set re=(( 1 ) &"\drivers\etc\hosts",2,0)
"127.0.0.1 localhost" & vbCrLf
"127.0.0.1 "& vbCrLf
"127.0.0.1 "& vbCrLf
"127.0.0.1 "& vbCrLf
"127.0.0.1 "& vbCrLf
set re=nothing
'-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
'-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
set drvs=
for each drv in drvs
if =1 or =2 or =3 or =4 then
(&":\")
(&":\\Immune folder..\")
set fl=(&":\")
=3
end if
next
'-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
msgbox "Virus removal is successful, please restart the computer! If the virus has not been eradicated, please run it in safe mode", 64, "Search engine garbled virus killing"