-
Notifications
You must be signed in to change notification settings - Fork 15
/
Kill-Malware.ps1
180 lines (156 loc) · 6.89 KB
/
Kill-Malware.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
<#
.SYNOPSIS
all malware go to hell!
.DESCRIPTION
run this script will lead your PC to unable to smoothly install the some malwares
if you mind , don't run it .
.EXAMPLE
.\Kill-Malware.ps1 (runas admin)
.NOTES
author:Vizo
date: 2017/2/28
.LINK
source project:https://liwei2.com/2015/11/27/378.html
latest project:https://github.com/vizogood/Kill-Malware
#>
# check for permissions
$currentWi = [Security.Principal.WindowsIdentity]::GetCurrent()
$currentWp = [Security.Principal.WindowsPrincipal]$currentWi
if( -not $currentWp.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)){
$boundPara = ($MyInvocation.BoundParameters.Keys | foreach{
'-{0} {1}' -f $_ ,$MyInvocation.BoundParameters[$_]} ) -join ' '
$currentFile = (Resolve-Path $MyInvocation.InvocationName).Path
$fullPara = $boundPara + ' ' + $args -join ' '
Start-Process "$psHome\powershell.exe" -ArgumentList "$currentFile $fullPara" -verb runas
return
}
Write-Host "按下任意键开始." -ForegroundColor Red -BackgroundColor White
[Console]::Readkey() | Out-Null ;
write-Host "
-------流氓软件终结者-------
-----------------------------------------------------------
│ 百度杀毒 │ 百度卫士 │ 百度浏览器 │
-----------------------------------------------------------
│ 百度手机助手 │ 360安全卫士 │ 360杀毒 │
-----------------------------------------------------------
│ QQ电脑管家 │ 瑞星杀毒 │ 瑞星出品垃圾软件 │
-----------------------------------------------------------
│ 金山毒霸 │ 金山手机助手 │ 金山出品垃圾软件 │
-----------------------------------------------------------
│ 猎豹浏览器 │ 金山卫士 │ 迅雷 │
-----------------------------------------------------------
│ 迅雷网游加速器 │ 迅雷游戏盒子 │ 迅雷影音 │
-----------------------------------------------------------
输入C查看 CNNIC简介
-----------------------------------------------------------
Powered by Vizo
I have a dream: all malware go to hell !
-----------------------------------------------------------
" -ForegroundColor Green
$isUserWantToSeeCNNIC = Read-Host "输入C查看CNNIC介绍,回车或输入其它继续:"
if ($isUserWantToSeeCNNIC -eq "C"){
Write-Host "
CNNIC是中国互联网络信息中心
2015年,因CNNIC发行的一个中级CA被发现发行了Google域名的假证书
而且曾有人利用自签名的CNNIC证书对GitHub进行中间人攻击
并被指攻击来源很可能与防火长城有关
许多用户选择不信任CNNIC颁发的数字证书
并引起对CNNIC滥用证书颁发权力的担忧
2015年4月2日,Google宣布不再承认CNNIC所颁发的电子证书
4月4日,继Google之后,Mozilla也宣布不再承认CNNIC所颁发的电子证书
2016年8月,CNNIC官方网站已放弃自行发行的根证书,改用由DigiCert颁发的证书
来自Wikipedia " -ForegroundColor Yellow
}
Write-Host "`n"
Write-Host "按下任意键开始." -ForegroundColor "Red"
[Console]::Readkey() | Out-Null ;
$PSScriptRoot
$program = "C:\Program Files"
$programx86 = "C:\Program Files (x86)"
$appdata = Get-Childitem env:APPDATA | %{ $_.Value }
<# firstly I write so stupid
$fileList = Get-ChildItem "$PSScriptRoot\CA\" *.cer | %{$_.Name} | Out-File "$PSScriptRoot\CAlisttmp.txt"
$lineNum = (Get-Content "$PSScriptRoot\CAlisttmp.txt").Length
for($i=0;$i -lt $lineNum;$i++){
$currentLineName=(Get-Content "$PSScriptRoot\CAlisttmp.txt" -TotalCount $lineNum)[-($lineNum)+$i]
certutil -f -addstore -user “Disallowed” "$PSScriptRoot\CA\$currentLineName"
}
Remove-Item "$PSScriptRoot\CAlisttmp.txt" -Force
#>
# block digital certificate
ForEach($file in Dir "$PSScriptRoot\Cer"){
certutil -f -addstore -user “Disallowed” "$PSScriptRoot\Cer\$file"
}
Write-Host "`n"
Write-Host "已屏蔽Cer目录下的所有证书..." -ForegroundColor Green
# set directory permissions
Write-Host "`n"
Write-Host "正在屏蔽malware系列软件的目录权限..." -ForegroundColor Green
# Baidu
New-Item "$program\Baidu\BaiduAn" -ItemType Directory
New-Item "$program\Baidu\BaiduSd" -ItemType Directory
New-Item "$appdata\Baidu" -ItemType Directory
New-Item "$programx86\Baidu\BaiduAn" -ItemType Directory
New-Item "$programx86\Baidu\BaiduSd" -ItemType Directory
for($i = 1;$i -le 9;$i++ ){
for($j = 0;$j -le 9; $j++ ){
New-Item "$program\BaiduSd$i.$j" -ItemType Directory
attrib +s +h "$program\BaiduSd$i.$j"
cacls "$program\BaiduSd$i.$j" /e /d Everyone
}
}
for($i = 1;$i -le 9;$i++ ){
for($j = 0;$j -le 9; $j++ ){
New-Item "$programx86\BaiduSd$i.$j" -ItemType Directory
attrib +s +h "$programx86\BaiduSd$i.$j"
cacls "$programx86\BaiduSd$i.$j" /e /d Everyone
}
}
cacls "$program\Baidu\BaiduAn" /e /d Everyone
cacls "$program\Baidu\BaiduSd" /e /d Everyone
cacls "$appdata\Baidu" /e /d Everyone
cacls "$programx86\Baidu\BaiduAn" /e /d Everyone
cacls "$programx86\Baidu\BaiduSd" /e /d Everyone
# QiHoo 360d
New-Item "$program\360\360safe" -ItemType Directory
New-Item "$program\360\360sd" -ItemType Directory
New-Item "$programx86\360\360safe" -ItemType Directory
New-Item "$programx86\360\360sd" -ItemType Directory
cacls "$program\360\360safe" /e /d Everyone
cacls "$program\360\360sd" /e /d Everyone
cacls "%ProgramFiles(x86)%\360\360safe" /e /d Everyone
cacls "%ProgramFiles(x86)%\360\360sd" /e /d Everyone
# Kingsoft
New-Item "$program\ksafe" -ItemType Directory
New-Item "$program\kingsoft\kingsoft antivirus" -ItemType Directory
New-Item "$programx86\ksafe" -ItemType Directory
New-Item "$programx86\kingsoft\kingsoft antivirus" -ItemType Directory
cacls "$program\ksafe" /e /d Everyone
cacls "$program\kingsoft\kingsoft antivirus" /e /d Everyone
cacls "$programx86\ksafe" /e /d Everyone
cacls "$programx86\kingsoft\kingsoft antivirus" /e /d Everyone
# Tencent
New-Item "$program\Tencent\QQPCMgr" -ItemType Directory
New-Item "$appdata\Tencent\QQPCMgr" -ItemType Directory
New-Item "$programx86\Tencent\QQPCMgr" -ItemType Directory
cacls "$program\Tencent\QQPCMgr" /e /d Everyone
cacls "$appdata\Tencent\QQPCMgr" /e /d Everyone
cacls "$programx86\Tencent\QQPCMgr" /e /d Everyone
# Rising
New-Item "$program\Rising" -ItemType Directory
New-Item "$program\Rising\Rav" -ItemType Directory
New-Item "$programx86\Rising" -ItemType Directory
New-Item "$programx86\Rising\Rav" -ItemType Directory
cacls "$program\Rising\Rav" /e /d Everyone
cacls "$program\Rising" /e /d Everyone
cacls "$programx86\Rising\Rav" /e /d Everyone
cacls "$programx86\Rising" /e /d Everyone
Write-Host "`n"
Write-Host "已设置权限" -ForegroundColor Green
# block IP and URLs
Get-content "$PSScriptRoot\latestBlockhosts.txt" | Add-content "C:\Windows\System32\drivers\etc\hosts" -Force
Write-Host "`n"
Write-Host "已拉黑下载地址" -ForegroundColor Green
Write-Host "`n"
Write-Host "全部完成,按下任意键退出" -ForegroundColor Yellow
[Console]::Readkey() | Out-Null ;