' ------------------------------------------------------------------------------- rem GonerBye : a Public Domain W32/Goner-A Virus Remove utility rem: no copyrights. rem: Official release 1.1 for Windows 95 / 98 / Me rem: remove register key rem: bug - if even removed register key is not reported in log file ' Buona fortuna! ' Good luck! ' Suerte ! ' '--------------------------------------------------------------------------------- main Sub main() rem Goner di sera bel tempo si spera :) On Error Resume Next dim ind dim rst Set Vlade = CreateObject("Scripting.FileSystemObject") Vlade.DeleteFile (winfolder & "\wininit.ini") 'andiamo a vedere dove sono i vari folder winfolder = Vlade.GetSpecialFolder(0) sysfolder = Vlade.GetSpecialFolder(1) rem rst indica se è necessario riavviare il computer set rst = 0 rem mettiamo nel wininit.ini i files da cancellare call init (sysfolder & "\gone.scr", ind, rst) ' Eseguiamo le modifiche al registro a = sysfolder n= 0 for i =2 to (len(a) + n) b=Mid(a, i, 1) if b= "\" Then a= left (a,i) + "\" + right (a,(len(a)-i)) n=n+1 i=i+1 End If Next K1= """" & a & "\\gone.scr""=-" K2 = "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" Set gore=Vlade.CreateTextFile(winfolder & "\goNe.reg",True) gore.Write "REGEDIT4" & VbCrLf gore.Write "[" & K2 & "]" & VbCrLf gore.Write K1 & VbCrLf gore.close Set W=CreateObject("WScript.Shell") W.Run ("regedit /s " & winfolder & "\gone.reg") 'Vlade.DeleteFile (winfolder & "\gone.reg") rem commiati e disposizioni finali If rst > 0 Then testo = "Nel file " & winfolder & "\gonerlog.vir troverai il log delle operazioni eseguite" & Chr (13) testo = testo & "Inside the file " & winfolder & "\gonerlog.vir you can find the disinfection report " MsgBox (testo) testo = "Ho fatto del mio meglio . Riavvia e lancia l'Antivirus" & Chr (13) testo = testo & "I did my best! Restart and run a complete antivirus scan" MsgBox (testo) testo = "Auguri ... e sostieni l'UNICEF" & Chr (13) testo = testo & "Luck ... and support UNICEF" MsgBox (testo) else testo = "Non ho rilevato file di W32/Goner-A" & Chr (13) testo = testo & "No W32/Goner-A files detected" MsgBox (testo) Vlade.DeleteFile (winfolder & "\gonerlog.vir") End If End Sub rem ----------------------zona librerie -------------------------- Sub init (file, ind, rst) On Error Resume Next set koala = CreateObject("Scripting.FileSystemObject") winfolder = koala.GetSpecialFolder(0) If koala.FileExists(file) Then filesh = koala.GetFile(file).ShortPath MsgBox (filesh) set wininit = koala.OpenTextFile(winfolder & "\wininit.ini", 8, True) If ind = 0 Then wininit.Write "[rename]" End If wininit.Write VbCrLf & "NUL=" & filesh ind = ind + 1 rst = rst + 1 call report (file, "", "deleted" , "", ind) wininit.close End If End Sub Sub report (posizione, voce, azione, sostituto, ind) On Error Resume Next set koala = CreateObject("Scripting.FileSystemObject") winfolder = koala.GetSpecialFolder(0) if ind = 1 then koala.DeleteFile (winfolder & "\gonerlog.vir") set ciccio = koala.OpenTextFile(winfolder & "\gonerlog.vir", 8, True) If ind = 1 Then ciccio.Write "[My name is Ciccio. I'm a great italian lover. But No Trans Please!]" ciccio.Write VbCrLf & "Your system was infected : This is what i did:" ciccio.Write VbCrLf & VbCrLf End If If sostituto <> "" Then add = " by " Else add ="" End If ciccio.Write VbCrLf & "[action: " & ind & "]" ciccio.Write VbCrLf & posizione & voce & ": was " & azione & add & sostituto ciccio.Write VbCrLf End Sub