脚本:用Ban 3721 助手杀掉3721
优质
小牛编辑
133浏览
2023-12-01
一直以来 3721 在我眼里都是病毒的象征,这次 AVP 把 3721 列为病毒终于使 3721 病毒合法化。既然合法化了,那么就应该全民杀毒了吧。
在这里我提供一个 NSIS 安装程序杀掉 3721 的脚本,你可以不用修改太多的地方就可以直接使用。使用方法为把下面的脚本命名为 Ban3721.nsi 放到你的 NSIS 安装程序脚本目录里,然后编辑你的脚本文件在某一个地方(一般在 !include MUI.nsh 这一句的下面添加 !include Ban3721.nsi,然后在 Function .onInit 里(如果没有就建一个)增加一句 Call Chk3721 即可)。这样你的安装程序即可以杀掉 3721 病毒。
过程:当你的安装程序启动时会检测你的机器里有没有 3721,如果有的话则有提示框“是否安装 Ban 3721 助手………………”,如果选“是”则会清除机器里的 3721 病毒,如果选“否”则退出安装,如果选“取消”则打开一个文本,里面列出机器里的 3721 分布情况。
这个脚本我自己命名为“Ban 3721 助手”意在以其人之道治其人之身。用 NSIS 做安装程序的人很多,如果有一半的人加入这个代码,那么这个世界就会清静很多…………
这个“Ban 3721 助手”没有什么实体文件,它仅仅是删除了一些本来不该有的东西,并进行免疫。所以你不用担心这个“助手”会引起什么冲突,如果说引起了什么冲突的话,我想就是因为缺少了 3721 而引起的。
在这里我提供一个 NSIS 安装程序杀掉 3721 的脚本,你可以不用修改太多的地方就可以直接使用。使用方法为把下面的脚本命名为 Ban3721.nsi 放到你的 NSIS 安装程序脚本目录里,然后编辑你的脚本文件在某一个地方(一般在 !include MUI.nsh 这一句的下面添加 !include Ban3721.nsi,然后在 Function .onInit 里(如果没有就建一个)增加一句 Call Chk3721 即可)。这样你的安装程序即可以杀掉 3721 病毒。
过程:当你的安装程序启动时会检测你的机器里有没有 3721,如果有的话则有提示框“是否安装 Ban 3721 助手………………”,如果选“是”则会清除机器里的 3721 病毒,如果选“否”则退出安装,如果选“取消”则打开一个文本,里面列出机器里的 3721 分布情况。
这个脚本我自己命名为“Ban 3721 助手”意在以其人之道治其人之身。用 NSIS 做安装程序的人很多,如果有一半的人加入这个代码,那么这个世界就会清静很多…………
这个“Ban 3721 助手”没有什么实体文件,它仅仅是删除了一些本来不该有的东西,并进行免疫。所以你不用担心这个“助手”会引起什么冲突,如果说引起了什么冲突的话,我想就是因为缺少了 3721 而引起的。
引用Ban3721.nsi的内容:
Function Chk3721
Call SkipBan3721
Pop $0
StrCmp $0 1 no_3721
InitPluginsDir
Push $0
;File
IfFileExists $PROGRAMFILES\3721\assist 0 +3
Push "目录: $PROGRAMFILES\3721\assist"
Call Ban3721WriteFile
IfFileExists $PROGRAMFILES\3721\autolive.dll 0 +3
Push "文件: $PROGRAMFILES\3721\autolive.dll"
Call Ban3721WriteFile
IfFileExists $PROGRAMFILES\3721\cns01.dat 0 +3
Push "文件: $PROGRAMFILES\3721\cns01.dat"
Call Ban3721WriteFile
IfFileExists $PROGRAMFILES\3721\assist\adfilter.dll 0 +3
Push "文件: $PROGRAMFILES\3721\assist\adfilter.dll"
Call Ban3721WriteFile
IfFileExists $PROGRAMFILES\3721\assist\adwreg.dll 0 +3
Push "文件: $PROGRAMFILES\3721\assist\adwreg.dll"
Call Ban3721WriteFile
IfFileExists $PROGRAMFILES\3721\assist\assisres.dll 0 +3
Push "文件: $PROGRAMFILES\3721\assist\assisres.dll"
Call Ban3721WriteFile
IfFileExists $PROGRAMFILES\3721\assist\assist.dll 0 +3
Push "文件: $PROGRAMFILES\3721\assist\assist.dll"
Call Ban3721WriteFile
IfFileExists $PROGRAMFILES\3721\assist\eheflash.dll 0 +3
Push "文件: $PROGRAMFILES\3721\assist\eheflash.dll"
Call Ban3721WriteFile
IfFileExists $PROGRAMFILES\3721\assist\optimum.dll 0 +3
Push "文件: $PROGRAMFILES\3721\assist\optimum.dll"
Call Ban3721WriteFile
IfFileExists $PROGRAMFILES\3721\assist\repair.dll 0 +3
Push "文件: $PROGRAMFILES\3721\assist\repair.dll"
Call Ban3721WriteFile
IfFileExists $PROGRAMFILES\3721\assist\xpstyle.dll 0 +3
Push "文件: $PROGRAMFILES\3721\assist\xpstyle.dll"
Call Ban3721WriteFile
IfFileExists $PROGRAMFILES\3721\ces\abmain.dll 0 +3
Push "文件: $PROGRAMFILES\3721\ces\abmain.dll"
Call Ban3721WriteFile
IfFileExists $PROGRAMFILES\3721\ces\cescache.dll 0 +3
Push "文件: $PROGRAMFILES\3721\ces\cescache.dll"
Call Ban3721WriteFile
IfFileExists $PROGRAMFILES\3721\ces\cesfox.dll 0 +3
Push "文件: $PROGRAMFILES\3721\ces\cesfox.dll"
Call Ban3721WriteFile
IfFileExists $PROGRAMFILES\3721\ces\cesmain.dll 0 +3
Push "文件: $PROGRAMFILES\3721\ces\cesmain.dll"
Call Ban3721WriteFile
IfFileExists $PROGRAMFILES\3721\ces\cesout.dll 0 +3
Push "文件: $PROGRAMFILES\3721\ces\cesout.dll"
Call Ban3721WriteFile
IfFileExists $PROGRAMFILES\3721\ces\cesout10.dll 0 +3
Push "文件: $PROGRAMFILES\3721\ces\cesout10.dll"
Call Ban3721WriteFile
IfFileExists $PROGRAMFILES\3721\ces\cespack.dll 0 +3
Push "文件: $PROGRAMFILES\3721\ces\cespack.dll"
Call Ban3721WriteFile
IfFileExists $PROGRAMFILES\3721\ces\cesweb.dll 0 +3
Push "文件: $PROGRAMFILES\3721\ces\cesweb.dll"
Call Ban3721WriteFile
IfFileExists $PROGRAMFILES\3721\ces\cmail.dll 0 +3
Push "文件: $PROGRAMFILES\3721\ces\cmail.dll"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\3721\abmain.dll" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\3721\abmain.dll"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\3721\autolive.dll" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\3721\autolive.dll"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\3721\cescache.dll" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\3721\cescache.dll"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\3721\cesfox.dll" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\3721\cesfox.dll"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\3721\cesmain.dll" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\3721\cesmain.dll"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\3721\cesout.dll" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\3721\cesout.dll"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\3721\cesout10.dll" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\3721\cesout10.dll"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\3721\cesweb.dll" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\3721\cesweb.dll"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\3721\cmail.dll" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\3721\cmail.dll"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\3721\cnsio.dll" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\3721\cnsio.dll"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\3721\cnsminkp.vxd" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\3721\cnsminkp.vxd"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\3721\cnsminkp2k.sys" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\3721\cnsminkp2k.sys"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\3721\cnsminkpxp.sys" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\3721\cnsminkpxp.sys"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\axfilter.dll" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\axfilter.dll"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\cns02.dat" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\cns02.dat"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\cnshook.dll" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\cnshook.dll"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\cnsio.dll" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\cnsio.dll"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\cnsmin.dll" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\cnsmin.dll"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\cnsmin.inf" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\cnsmin.inf"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\cnsmin.ini" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\cnsmin.ini"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\cnsminaf.cab" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\cnsminaf.cab"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\cnsmincg.ini" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\cnsmincg.ini"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\cnsminck.cab" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\cnsminck.cab"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\cnsminck.dll" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\cnsminck.dll"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\cnsmindt.cab" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\cnsmindt.cab"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\cnsmindt.dll" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\cnsmindt.dll"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\cnsminex.cab" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\cnsminex.cab"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\cnsminex.dll" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\cnsminex.dll"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\cnsminex.ini" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\cnsminex.ini"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\cnsminio.cab" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\cnsminio.cab"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\cnsminio.dll" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\cnsminio.dll"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\cnsminsv.cab" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\cnsminsv.cab"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\cnsminsv.dll" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\cnsminsv.dll"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\cnsup.ini" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\cnsup.ini"
Call Ban3721WriteFile
IfFileExists "$WINDIR\Downloaded Program Files\keepmainm.cab" 0 +3
Push "文件: $WINDIR\Downloaded Program Files\keepmainm.cab"
Call Ban3721WriteFile
IfFileExists "$SYSDIR\assist.dll" 0 +3
Push "文件: $SYSDIR\assist.dll"
Call Ban3721WriteFile
IfFileExists "$SYSDIR\bdhelper.dll" 0 +3
Push "文件: $SYSDIR\bdhelper.dll"
Call Ban3721WriteFile
IfFileExists "$SYSDIR\cesweb.dll" 0 +3
Push "文件: $SYSDIR\cesweb.dll"
Call Ban3721WriteFile
IfFileExists "$SYSDIR\cnshook.dll" 0 +3
Push "文件: $SYSDIR\cnshook.dll"
Call Ban3721WriteFile
IfFileExists "$SYSDIR\ehelper.dll" 0 +3
Push "文件: $SYSDIR\ehelper.dll"
Call Ban3721WriteFile
;RegKey
EnumRegKey $0 HKCU Software\3721 0
StrCmp $0 "" +3
Push "注册表键: HKCU Software\3721"
Call Ban3721WriteFile
EnumRegKey $0 HKLM SOFTWARE\3721 0
StrCmp $0 "" +3
Push "注册表键: HKLM SOFTWARE\3721"
Call Ban3721WriteFile
EnumRegKey $0 HKCR CnsHelper.CH 0
StrCmp $0 "" +3
Push "注册表键: HKCR CnsHelper.CH"
Call Ban3721WriteFile
EnumRegKey $0 HKCR CnsHelper.CH.1 0
StrCmp $0 "" +3
Push "注册表键: HKCR CnsHelper.CH.1"
Call Ban3721WriteFile
EnumRegValue $0 HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CnsMin" 0
StrCmp $0 "" +3
Push "注册表键: HKLM SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CnsMin"
Call Ban3721WriteFile
EnumRegValue $0 HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B0E7716-898E-48cc-9690-4E338E8DE1D3}" 0
StrCmp $0 "" +3
Push "注册表键: HKLM SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B0E7716-898E-48cc-9690-4E338E8DE1D3}"
Call Ban3721WriteFile
EnumRegValue $0 HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\cnsmin" 0
StrCmp $0 "" +3
Push "注册表键: HKLM SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\cnsmin"
Call Ban3721WriteFile
EnumRegValue $0 HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1b0e7716-898e-48cc-9690-4e338e8de1d3}" 0
StrCmp $0 "" +3
Push "注册表键: HKLM SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1b0e7716-898e-48cc-9690-4e338e8de1d3}"
Call Ban3721WriteFile
;RegValue
ReadRegStr $0 HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1B0E7716-898E-48cc-9690-4E338E8DE1D3}" ""
StrCmp $0 "" +3
Push "注册表键: HKLM SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1B0E7716-898E-48cc-9690-4E338E8DE1D3}"
Call Ban3721WriteFile
ReadRegStr $0 HKCR Assist.EasyAssist.1 ""
StrCmp $0 "" +3
Push "注册表键: HKCR Assist.EasyAssist.1"
Call Ban3721WriteFile
ReadRegStr $0 HKCR Assist.EasyAssist ""
StrCmp $0 "" +3
Push "注册表键: HKCR Assist.EasyAssist"
Call Ban3721WriteFile
ReadRegStr $0 HKCR cnsminhk.cnshook.1 ""
StrCmp $0 "" +3
Push "注册表键: HKCR cnsminhk.cnshook.1"
Call Ban3721WriteFile
ReadRegStr $0 HKCR cnsminhk.cnshook ""
StrCmp $0 "" +3
Push "注册表键: HKCR cnsminhk.cnshook"
Call Ban3721WriteFile
ReadRegStr $0 HKLM "SOFTWARE\Microsoft\Internet Explorer\Toolbar" {1B0E7716-898E-48cc-9690-4E338E8DE1D3}
StrCmp $0 "" +3
Push "注册表键值: HKLM SOFTWARE\Microsoft\Internet Explorer\Toolbar {1B0E7716-898E-48cc-9690-4E338E8DE1D3}"
Call Ban3721WriteFile
;CLSID
ReadRegStr $0 HKCR CLSID\{1B0E7716-898E-48CC-9690-4E338E8DE1D3} ""
StrCmp $0 "" +3
Push "注册表键: HKCR CLSID\{1B0E7716-898E-48CC-9690-4E338E8DE1D3}"
Call Ban3721WriteFile
ReadRegStr $0 HKCR CLSID\{6231d512-e4a4-4df2-be62-5b8f0ee348ef} ""
StrCmp $0 "" +3
Push "注册表键: HKCR CLSID\{6231d512-e4a4-4df2-be62-5b8f0ee348ef}"
Call Ban3721WriteFile
ReadRegStr $0 HKCR CLSID\{6d8f256b-6ab8-4398-8f86-1e56207db77a} ""
StrCmp $0 "" +3
Push "注册表键: HKCR CLSID\{6d8f256b-6ab8-4398-8f86-1e56207db77a}"
Call Ban3721WriteFile
ReadRegStr $0 HKCR CLSID\{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} ""
StrCmp $0 "" +3
Push "注册表键: HKCR CLSID\{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2}"
Call Ban3721WriteFile
ReadRegStr $0 HKCR CLSID\{B83FC273-3522-4CC6-92EC-75CC86678DA4} ""
StrCmp $0 "" +3
Push "注册表键: HKCR CLSID\{B83FC273-3522-4CC6-92EC-75CC86678DA4}"
Call Ban3721WriteFile
ReadRegStr $0 HKCR CLSID\{ca92b524-bc8a-4610-bd2c-6bd3e28155d0} ""
StrCmp $0 "" +3
Push "注册表键: HKCR CLSID\{D157330A-9EF3-49F8-9A67-4141AC41ADD4}"
Call Ban3721WriteFile
ReadRegStr $0 HKCR CLSID\{D157330A-9EF3-49F8-9A67-4141AC41ADD4} ""
StrCmp $0 "" +3
Push "注册表键: HKCR CLSID\{D157330A-9EF3-49F8-9A67-4141AC41ADD4}"
Call Ban3721WriteFile
ReadRegStr $0 HKCR CLSID\{e5e4e352-6947-44ee-a420-db84efd3fe93} ""
StrCmp $0 "" +3
Push "注册表键: HKCR CLSID\{e5e4e352-6947-44ee-a420-db84efd3fe93}"
Call Ban3721WriteFile
;Interface
ReadRegStr $0 HKCR Interface\{1bb0abbe-2d95-4847-b9d8-6f90de3714c1} ""
StrCmp $0 "" +3
Push "注册表键: HKCR Interface\{1bb0abbe-2d95-4847-b9d8-6f90de3714c1}"
Call Ban3721WriteFile
ReadRegStr $0 HKCR Interface\{DF692509-D9EF-48A0-9CD0-3AA5B81F6F68} ""
StrCmp $0 "" +3
Push "注册表键: HKCR Interface\{DF692509-D9EF-48A0-9CD0-3AA5B81F6F68}"
Call Ban3721WriteFile
ReadRegStr $0 HKCR Interface\{924F5B3A-7A27-484A-B873-E855C9708667} ""
StrCmp $0 "" +3
Push "注册表键: HKCR Interface\{924F5B3A-7A27-484A-B873-E855C9708667}"
Call Ban3721WriteFile
ReadRegStr $0 HKCR Interface\{BE08F6BC-C3E6-4149-BEB1-CB449E1B372E} ""
StrCmp $0 "" +3
Push "注册表键: HKCR Interface\{BE08F6BC-C3E6-4149-BEB1-CB449E1B372E}"
Call Ban3721WriteFile
;TypeLib
ReadRegStr $0 HKCR TypeLib\{19069804-2CF0-4357-B696-BA6E9AAD99EF} ""
StrCmp $0 "" +3
Push "注册表键: HKCR TypeLib\{19069804-2CF0-4357-B696-BA6E9AAD99EF}"
Call Ban3721WriteFile
ReadRegStr $0 HKCR TypeLib\{4158DB95-DE71-41FF-BEA1-2C3D1C679DF1} ""
StrCmp $0 "" +3
Push "注册表键: HKCR TypeLib\{4158DB95-DE71-41FF-BEA1-2C3D1C679DF1}"
Call Ban3721WriteFile
ReadRegStr $0 HKCR TypeLib\{a5adeae7-a8b4-4f94-9128-bf8d8db5e927} ""
StrCmp $0 "" +3
Push "注册表键: HKCR TypeLib\{a5adeae7-a8b4-4f94-9128-bf8d8db5e927}"
Call Ban3721WriteFile
ReadRegStr $0 HKCR TypeLib\{AAB6BCE3-1DF6-4930-9B14-9CA79DC8C267} ""
StrCmp $0 "" +3
Push "注册表键: HKCR TypeLib\{AAB6BCE3-1DF6-4930-9B14-9CA79DC8C267}"
Call Ban3721WriteFile
;IE
ReadRegStr $0 HKCU "Software\Microsoft\Internet Explorer\Main" CNSHint
StrCmp $0 "" +3
Push "注册表键值: HKCU Software\Microsoft\Internet Explorer\Main\CNSHint"
Call Ban3721WriteFile
ReadRegStr $0 HKCU "Software\Microsoft\Internet Explorer\Main" CNSMenu
StrCmp $0 "" +3
Push "注册表键值: HKCU Software\Microsoft\Internet Explorer\Main\CNSMenu"
Call Ban3721WriteFile
ReadRegStr $0 HKCU "Software\Microsoft\Internet Explorer\Main" CNSReset
StrCmp $0 "" +3
Push "注册表键值: HKCU Software\Microsoft\Internet Explorer\Main\CNSReset"
Call Ban3721WriteFile
ReadRegStr $0 HKCU "Software\Microsoft\Internet Explorer\Main" CNSEnable
StrCmp $0 "" +3
Push "注册表键值: HKCU Software\Microsoft\Internet Explorer\Main\CNSEnable"
Call Ban3721WriteFile
ReadRegStr $0 HKCU "Software\Microsoft\Internet Explorer\Main" CNSList
StrCmp $0 "" +3
Push "注册表键值: HKCU Software\Microsoft\Internet Explorer\Main\CNSList"
Call Ban3721WriteFile
ReadRegStr $0 HKCU "Software\Microsoft\Internet Explorer\Main" CNSAutoUpdate
StrCmp $0 "" +3
Push "注册表键值: HKCU Software\Microsoft\Internet Explorer\Main\CNSAutoUpdatet"
Call Ban3721WriteFile
EnumRegValue $0 HKLM "SOFTWARE\Microsoft\Internet Explorer\Extensions\{00000000-0000-0001-0001-596BAEDD1289}" 0
StrCmp $0 "" +3
Push "注册表键: HKLM SOFTWARE\Microsoft\Internet Explorer\Extensions\{00000000-0000-0001-0001-596BAEDD1289}"
Call Ban3721WriteFile
EnumRegValue $0 HKLM "SOFTWARE\Microsoft\Internet Explorer\Extensions\{5D73EE86-05F1-49ed-B850-E423120EC338}" 0
StrCmp $0 "" +3
Push "注册表键: HKLM SOFTWARE\Microsoft\Internet Explorer\Extensions\{5D73EE86-05F1-49ed-B850-E423120EC338}"
Call Ban3721WriteFile
EnumRegValue $0 HKLM "SOFTWARE\Microsoft\Internet Explorer\Extensions\{0F7DE07D-BD74-4991-9D5F-ECBB8391875D}" 0
StrCmp $0 "" +3
Push "注册表键: HKLM SOFTWARE\Microsoft\Internet Explorer\Extensions\{0F7DE07D-BD74-4991-9D5F-ECBB8391875D}"
Call Ban3721WriteFile
EnumRegValue $0 HKLM "SOFTWARE\Microsoft\Internet Explorer\Extensions\{FD00D911-7529-4084-9946-A29F1BDF4FE5}" 0
StrCmp $0 "" +3
Push "注册表键: HKLM SOFTWARE\Microsoft\Internet Explorer\Extensions\{FD00D911-7529-4084-9946-A29F1BDF4FE5}"
Call Ban3721WriteFile
EnumRegValue $0 HKLM "SOFTWARE\Microsoft\Internet Explorer\Extensions\{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71}" 0
StrCmp $0 "" +3
Push "注册表键: HKLM SOFTWARE\Microsoft\Internet Explorer\Extensions\{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71}"
Call Ban3721WriteFile
ReadRegStr $0 HKLM "SOFTWARE\Microsoft\Internet Explorer\Toolbar" {1B0E7716-898E-48cc-9690-4E338E8DE1D3}
StrCmp $0 "" +3
Push "注册表键值: HKLM SOFTWARE\Microsoft\Internet Explorer\Toolbar\{1B0E7716-898E-48cc-9690-4E338E8DE1D3}"
Call Ban3721WriteFile
ReadRegStr $0 HKCU "Software\Microsoft\Internet Explorer\URLSearchHooks" {1B0E7716-898E-48cc-9690-4E338E8DE1D3}
StrCmp $0 "" +3
Push "注册表键值: HKCU Software\Microsoft\Internet Explorer\URLSearchHooks\{1B0E7716-898E-48cc-9690-4E338E8DE1D3}"
Call Ban3721WriteFile
;Run
ReadRegStr $0 HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Run" CnsMin
StrCmp $0 "" +3
Push "注册表键值: HKLM SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CnsMin"
Call Ban3721WriteFile
ReadRegStr $0 HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Run" helper.dll
StrCmp $0 "" +3
Push "注册表键值: HKLM SOFTWARE\Microsoft\Windows\CurrentVersion\Run\helper.dll"
Call Ban3721WriteFile
ReadRegStr $0 HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Run" cesmain.dll
StrCmp $0 "" +3
Push "注册表键值: HKLM SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cesmain.dll"
Call Ban3721WriteFile
FileOpen $0 $PLUGINSDIR\3721.txt r
FileRead $0 $1
FileClose $0
StrCmp $1 "" no_3721
MessageBox MB_YESNOCANCEL|MB_ICONINFORMATION "在安装这个软件同时,您是否要安装 Ban 3721 助手?\
Ban 3721 助手可以安全修复受 3721 感染的浏览器,保护上网隐私,还提供了强大的清除 3721 地址栏搜索、清除 3721 网络加速等功能。" IDYES +4 IDNO +3
ExecShell open $PLUGINSDIR\3721.txt "" SW_SHOWMAXIMIZED
Sleep 5000
Quit
Call Ban3721
no_3721:
Pop $0
FunctionEnd
; --------------------------------------
!macro UnRegDLL DLL
IfFileExists "${DLL}" 0 +2
ExecWait 'Regsvr32 /s /u "${DLL}"'
!macroend
Function Ban3721
;ExecWait 'Regsvr32 /s /u
!insertmacro UnRegDLL "$PROGRAMFILES\3721\assist\adfilter.dll"
!insertmacro UnRegDLL "$PROGRAMFILES\3721\assist\adwreg.dll"
!insertmacro UnRegDLL "$PROGRAMFILES\3721\assist\assisres.dll"
!insertmacro UnRegDLL "$PROGRAMFILES\3721\assist\assist.dll"
!insertmacro UnRegDLL "$PROGRAMFILES\3721\assist\eheflash.dll"
!insertmacro UnRegDLL "$PROGRAMFILES\3721\assist\optimum.dll"
!insertmacro UnRegDLL "$PROGRAMFILES\3721\assist\repair.dll"
!insertmacro UnRegDLL "$PROGRAMFILES\3721\assist\xpstyle.dll"
!insertmacro UnRegDLL "$PROGRAMFILES\3721\ces\abmain.dll"
!insertmacro UnRegDLL "$PROGRAMFILES\3721\ces\cescache.dll"
!insertmacro UnRegDLL "$PROGRAMFILES\3721\ces\cesfox.dll"
!insertmacro UnRegDLL "$PROGRAMFILES\3721\ces\cesmain.dll"
!insertmacro UnRegDLL "$PROGRAMFILES\3721\ces\cesout.dll"
!insertmacro UnRegDLL "$PROGRAMFILES\3721\ces\cesout10.dll"
!insertmacro UnRegDLL "$PROGRAMFILES\3721\ces\cespack.dll"
!insertmacro UnRegDLL "$PROGRAMFILES\3721\ces\cesweb.dll"
!insertmacro UnRegDLL "$PROGRAMFILES\3721\ces\cmail.dll"
!insertmacro UnRegDLL "$PROGRAMFILES\3721\helper.dll"
!insertmacro UnRegDLL "$WINDIR\Downloaded Program Files\3721\abmain.dll"
!insertmacro UnRegDLL "$WINDIR\Downloaded Program Files\3721\autolive.dll"
!insertmacro UnRegDLL "$WINDIR\Downloaded Program Files\3721\cescache.dll"
!insertmacro UnRegDLL "$WINDIR\Downloaded Program Files\3721\cesfox.dll"
!insertmacro UnRegDLL "$WINDIR\Downloaded Program Files\3721\cesmain.dll"
!insertmacro UnRegDLL "$WINDIR\Downloaded Program Files\3721\cesout.dll"
!insertmacro UnRegDLL "$WINDIR\Downloaded Program Files\3721\cesout10.dll"
!insertmacro UnRegDLL "$WINDIR\Downloaded Program Files\3721\cesweb.dll"
!insertmacro UnRegDLL "$WINDIR\Downloaded Program Files\3721\cmail.dll"
!insertmacro UnRegDLL "$WINDIR\Downloaded Program Files\3721\cnsio.dll"
!insertmacro UnRegDLL "$WINDIR\Downloaded Program Files\axfilter.dll"
!insertmacro UnRegDLL "$WINDIR\Downloaded Program Files\cnshook.dll"
!insertmacro UnRegDLL "$WINDIR\Downloaded Program Files\cnsio.dll"
!insertmacro UnRegDLL "$WINDIR\Downloaded Program Files\cnsmin.dll"
!insertmacro UnRegDLL "$WINDIR\Downloaded Program Files\cnsminck.dll"
!insertmacro UnRegDLL "$WINDIR\Downloaded Program Files\cnsmindt.dll"
!insertmacro UnRegDLL "$WINDIR\Downloaded Program Files\cnsminex.dll"
!insertmacro UnRegDLL "$WINDIR\Downloaded Program Files\cnsminio.dll"
!insertmacro UnRegDLL "$WINDIR\Downloaded Program Files\cnsminsv.dll"
!insertmacro UnRegDLL "$SYSDIR\assist.dll"
!insertmacro UnRegDLL "$SYSDIR\bdhelper.dll"
!insertmacro UnRegDLL "$SYSDIR\cesweb.dll"
!insertmacro UnRegDLL "$SYSDIR\cnshook.dll"
!insertmacro UnRegDLL "$SYSDIR\ehelper.dll"
;DelRegKey
DeleteRegKey HKCU Software\3721
DeleteRegKey HKLM SOFTWARE\3721
DeleteRegKey HKCR CnsHelper.CH
DeleteRegKey HKCR CnsHelper.CH.1
DeleteRegKey HKCR cnsminhk.cnshook
DeleteRegKey HKCR cnsminhk.cnshook.1
DeleteRegKey HKCR Assist.EasyAssist
DeleteRegKey HKCR Assist.EasyAssist.1
DeleteRegKey HKCR CLSID\{1B0E7716-898E-48CC-9690-4E338E8DE1D3}
DeleteRegKey HKCR CLSID\{6231d512-e4a4-4df2-be62-5b8f0ee348ef}
DeleteRegKey HKCR CLSID\{6d8f256b-6ab8-4398-8f86-1e56207db77a}
DeleteRegKey HKCR CLSID\{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2}
DeleteRegKey HKCR CLSID\{B83FC273-3522-4CC6-92EC-75CC86678DA4}
DeleteRegKey HKCR CLSID\{ca92b524-bc8a-4610-bd2c-6bd3e28155d0}
DeleteRegKey HKCR CLSID\{D157330A-9EF3-49F8-9A67-4141AC41ADD4}
DeleteRegKey HKCR CLSID\{e5e4e352-6947-44ee-a420-db84efd3fe93}
DeleteRegKey HKCR Interface\{1bb0abbe-2d95-4847-b9d8-6f90de3714c1}
DeleteRegKey HKCR Interface\{DF692509-D9EF-48A0-9CD0-3AA5B81F6F68}
DeleteRegKey HKCR Interface\{924F5B3A-7A27-484A-B873-E855C9708667}
DeleteRegKey HKCR Interface\{BE08F6BC-C3E6-4149-BEB1-CB449E1B372E}
DeleteRegKey HKCR TypeLib\{19069804-2CF0-4357-B696-BA6E9AAD99EF}
DeleteRegKey HKCR TypeLib\{4158DB95-DE71-41FF-BEA1-2C3D1C679DF1}
DeleteRegKey HKCR TypeLib\{a5adeae7-a8b4-4f94-9128-bf8d8db5e927}
DeleteRegKey HKCR TypeLib\{AAB6BCE3-1DF6-4930-9B14-9CA79DC8C267}
DeleteRegKey HKLM SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CnsMin
DeleteRegKey HKLM SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B0E7716-898E-48cc-9690-4E338E8DE1D3}
DeleteRegKey HKLM "SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS"
DeleteRegKey HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1B0E7716-898E-48cc-9690-4E338E8DE1D3}"
DeleteRegKey HKLM "SOFTWARE\Microsoft\Internet Explorer\Extensions\{00000000-0000-0001-0001-596BAEDD1289}"
DeleteRegKey HKLM "SOFTWARE\Microsoft\Internet Explorer\Extensions\{5D73EE86-05F1-49ed-B850-E423120EC338}"
DeleteRegKey HKLM "SOFTWARE\Microsoft\Internet Explorer\Extensions\{0F7DE07D-BD74-4991-9D5F-ECBB8391875D}"
DeleteRegKey HKLM "SOFTWARE\Microsoft\Internet Explorer\Extensions\{FD00D911-7529-4084-9946-A29F1BDF4FE5}"
DeleteRegKey HKLM "SOFTWARE\Microsoft\Internet Explorer\Extensions\{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71}"
DeleteRegKey HKLM "SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B83FC273-3522-4CC6-92EC-75CC86678DA4}"
;DelRegValue
DeleteRegValue HKCU "Software\Microsoft\Internet Explorer\Main" CNSHint
DeleteRegValue HKCU "Software\Microsoft\Internet Explorer\Main" CNSMenu
DeleteRegValue HKCU "Software\Microsoft\Internet Explorer\Main" CNSReset
DeleteRegValue HKCU "Software\Microsoft\Internet Explorer\Main" CNSEnable
DeleteRegValue HKCU "Software\Microsoft\Internet Explorer\Main" CNSList
DeleteRegValue HKCU "Software\Microsoft\Internet Explorer\Main" CNSAutoUpdate
DeleteRegValue HKLM SOFTWARE\Microsoft\Windows\CurrentVersion\Run CnsMin
DeleteRegValue HKLM SOFTWARE\Microsoft\Windows\CurrentVersion\Run helper.dll
DeleteRegValue HKCU "Software\Microsoft\Internet Explorer\URLSearchHooks" {1B0E7716-898E-48cc-9690-4E338E8DE1D3}
DeleteRegValue HKLM "SOFTWARE\Microsoft\Internet Explorer\Toolbar" {1B0E7716-898E-48cc-9690-4E338E8DE1D3}
Push $0
Push $1
Push $2
StrCpy $1 0
loop:
EnumRegValue $0 HKLM SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs $1
StrCmp $0 "" loop_quit
StrCpy $2 $0 "" -9
StrCmp $2 cns02.dat 0 +2
DeleteRegValue HKLM SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs $0
StrCpy $2 $0 "" -10
StrCmp $2 CnsMin.dll 0 +2
DeleteRegValue HKLM SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs $0
IntOp $1 $1 + 1
Goto loop
loop_quit:
StrCpy $1 0
loop2:
EnumRegKey $0 HKLM SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage $1
StrCmp $0 "" loop2_quit
StrCpy $2 $0 "" -9
StrCmp $2 cns02.dat 0 +2
DeleteRegKey HKLM SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\$0
StrCpy $2 $0 "" -10
StrCmp $2 CnsMin.dll 0 +2
DeleteRegKey HKLM SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\$0
IntOp $1 $1 + 1
Goto loop2
loop2_quit:
;免疫
WriteRegDWORD HKLM "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B83FC273-3522-4CC6-92EC-75CC86678DA4}" "Compatibility Flags" 1024
WriteRegDWORD HKLM "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4522DBFE-14CD-4A59-AC2A-54BADFDD6D53}" "Compatibility Flags" 1024
WriteRegDWORD HKLM "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1B0E7716-898E-48CC-9690-4E338E8DE1D3}" "Compatibility Flags" 1024
WriteRegDWORD HKLM "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2}" "Compatibility Flags" 1024
WriteRegDWORD HKLM "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4EDBBAEA-F509-49F6-94D1-ECEC4BE5B686}" "Compatibility Flags" 1024
WriteRegDWORD HKLM "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8D898B17-976D-44c1-84E6-AF38842AC9EC}" "Compatibility Flags" 1024
Delete /REBOOTOK $PROGRAMFILES\cnscfgf.dat
Delete /REBOOTOK $PROGRAMFILES\cnscfgr.dat
Delete /REBOOTOK $PROGRAMFILES\cnsmin.dat
Delete /REBOOTOK $PROGRAMFILES\3721\*.*
RMDir /r $PROGRAMFILES\3721
RMDir /REBOOTOK $PROGRAMFILES\3721
RMDir /r "$SMPROGRAMS\网络实名"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\3721\abmain.dll"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\3721\autolive.dll"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\3721\cescache.dll"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\3721\cesfox.dll"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\3721\cesmain.dll"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\3721\cesout.dll"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\3721\cesout10.dll"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\3721\cesweb.dll"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\3721\cmail.dll"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\3721\cnsio.dll"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\3721\cnsminkp.vxd"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\3721\cnsminkp2k.sys"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\3721\cnsminkpxp.sys"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\axfilter.dll"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\cns02.dat"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\cnshook.dll"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\cnsio.dll"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\cnsmin.dll"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\cnsmin.inf"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\cnsmin.ini"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\cnsminaf.cab"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\cnsmincg.ini"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\cnsminck.cab"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\cnsminck.dll"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\cnsmindt.cab"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\cnsmindt.dll"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\cnsminex.cab"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\cnsminex.dll"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\cnsminex.ini"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\cnsminio.cab"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\cnsminio.dll"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\cnsminsv.cab"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\cnsminsv.dll"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\cnsup.ini"
Delete /REBOOTOK "$WINDIR\Downloaded Program Files\keepmainm.cab"
Delete /REBOOTOK "$SYSDIR\assist.dll"
Delete /REBOOTOK "$SYSDIR\bdhelper.dll"
Delete /REBOOTOK "$SYSDIR\cesweb.dll"
Delete /REBOOTOK "$SYSDIR\cnshook.dll"
Delete /REBOOTOK "$SYSDIR\ehelper.dll"
Pop $2
Pop $1
Pop $0
FunctionEnd
Function Ban3721WriteFile
Exch $R0
Push $R1
FileOpen $R1 $PLUGINSDIR\3721.txt a
FileSeek $R1 0 END
FileWrite $R1 $R0$\r$\n
FileClose $R1
Pop $R1
Pop $R0
FunctionEnd
Function SkipBan3721
Push $R0
Push $R1
Push $R2
Push $R3
StrCpy $R1 1
StrCpy $R0 0
StrLen $R3 $CMDLINE
loop:
StrCpy $R2 $CMDLINE 14 $R1
StrCmp $R2 "/skip ban 3721" loop_quit
IntCmp $R1 $R3 end 0 end
IntOp $R1 $R1 + 1
Goto loop
loop_quit:
StrCpy $R0 1
end:
Pop $R3
Pop $R2
Pop $R1
Exch $R0
FunctionEnd