A travers un script, le fix permet de supprimer n'importe quel fichier, clef du registre ou driver.
Site Officiel : http://swandog46.geekstogo.com/
Syntaxe des scripts : http://swandog46.geekstogo.com/avenger2/tutorial.html
Exemple d'utilisation : http://swandog46.geekstogo.com/avenger2/example.html
Voici la fenêtre de The Avenger (assez simpliste) où l'on copie/colle le script.
Notez que The Avenger est capable de reconnaître quelque rootkit courant et de les désactiver (option Automatically disable any rootkits found)
Cette vidéo montre comment The Avenger est capable de supprimer le rogue Malware Defense et surtout le Trojan.Alureon / Trojan.Tdss :
Le script utilisé :
Drivers to delete:
H8SRTd.sys
Files to Delete:
C:\Documents and Settings\Malekal_morte\Local Settings\Temp\H8SRTb239.tmp
C:\Documents and Settings\Malekal_morte\Local Settings\Temp\H8SRTcb1f.tmp
C:\Documents and Settings\Malekal_morte\Local Settings\Temp\h8srtmainqt.dll
C:\WINDOWS\system32\drivers\H8SRTbphqhxnlwx.sys
C:\WINDOWS\system32\H8SRTdmrrfqjsqm.dat
C:\WINDOWS\system32\H8SRTgriyddcbfp.dll
C:\WINDOWS\system32\H8SRTnmfdewbsmp.dll
C:\WINDOWS\system32\H8SRTqphaxvkyle.dll
c:\WINDOWS\system32\krl32mainweq.dll
c:\Documents and Settings\Malekal_morte\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk
c:\Documents and Settings\Malekal_morte\Desktop\99fe.exe
c:\Documents and Settings\Malekal_morte\Desktop\Malware Defense Support.lnk
c:\Documents and Settings\Malekal_morte\Desktop\Malware Defense.lnk
c:\Documents and Settings\Malekal_morte\Desktop\wscsvc32.exe.txt
c:\Documents and Settings\Malekal_morte\Local Settings\Temp\1.ico
c:\Documents and Settings\Malekal_morte\Local Settings\Temp\2.ico
c:\Documents and Settings\Malekal_morte\Local Settings\Temp\3.ico
c:\Documents and Settings\Malekal_morte\Local Settings\Temp\Installer.exe
c:\Documents and Settings\Malekal_morte\Local Settings\Temp\settdebugx.exe
c:\Documents and Settings\Malekal_morte\Local Settings\Temp\SSM_uninstall.log
c:\Documents and Settings\Malekal_morte\Local Settings\Temp\test.reg
c:\Documents and Settings\Malekal_morte\Local Settings\Temp\uac491f.tmp
c:\Documents and Settings\Malekal_morte\Local Settings\Temp\uac8577.tmp
c:\Documents and Settings\Malekal_morte\Local Settings\Temp\uac8894.tmp
c:\Documents and Settings\Malekal_morte\Local Settings\Temp\uac8e13.tmp
c:\Documents and Settings\Malekal_morte\Local Settings\Temp\wscsvc32.exe
c:\Documents and Settings\Malekal_morte\Recent\wscsvc32.exe.txt.lnk
c:\Documents and Settings\Malekal_morte\Start Menu\Programs\Malware Defense\Malware Defense Support.lnk
c:\Documents and Settings\Malekal_morte\Start Menu\Programs\Malware Defense\Malware Defense.lnk
c:\Documents and Settings\Malekal_morte\Start Menu\Programs\Malware Defense\Uninstall Malware Defense.lnk
Folders to delete:
c:\Program Files\Malware Defense
Le log au redémarrage :
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
Hidden driver "H8SRTd.sys" found!
ImagePath: \systemroot\system32\drivers\H8SRTbphqhxnlwx.sys
Driver disabled successfully.
Rootkit scan completed.
Driver "H8SRTd.sys" deleted successfully.
File "C:\Documents and Settings\Malekal_morte\Local Settings\Temp\H8SRTb239.tmp" deleted successfully.
File "C:\Documents and Settings\Malekal_morte\Local Settings\Temp\H8SRTcb1f.tmp" deleted successfully.
File "C:\Documents and Settings\Malekal_morte\Local Settings\Temp\h8srtmainqt.dll" deleted successfully.
File "C:\WINDOWS\system32\drivers\H8SRTbphqhxnlwx.sys" deleted successfully.
File "C:\WINDOWS\system32\H8SRTdmrrfqjsqm.dat" deleted successfully.
File "C:\WINDOWS\system32\H8SRTgriyddcbfp.dll" deleted successfully.
File "C:\WINDOWS\system32\H8SRTnmfdewbsmp.dll" deleted successfully.
File "C:\WINDOWS\system32\H8SRTqphaxvkyle.dll" deleted successfully.
File "c:\WINDOWS\system32\krl32mainweq.dll" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Desktop\99fe.exe" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Desktop\Malware Defense Support.lnk" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Desktop\Malware Defense.lnk" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Desktop\wscsvc32.exe.txt" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Desktop\x2e3v29c.exe" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Local Settings\Temp\1.ico" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Local Settings\Temp\2.ico" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Local Settings\Temp\3.ico" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Local Settings\Temp\Installer.exe" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Local Settings\Temp\settdebugx.exe" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Local Settings\Temp\SSM_uninstall.log" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Local Settings\Temp\test.reg" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Local Settings\Temp\uac491f.tmp" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Local Settings\Temp\uac8577.tmp" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Local Settings\Temp\uac8894.tmp" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Local Settings\Temp\uac8e13.tmp" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Local Settings\Temp\wscsvc32.exe" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Recent\wscsvc32.exe.txt.lnk" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Start Menu\Programs\Malware Defense\Malware Defense Support.lnk" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Start Menu\Programs\Malware Defense\Malware Defense.lnk" deleted successfully.
File "c:\Documents and Settings\Malekal_morte\Start Menu\Programs\Malware Defense\Uninstall Malware Defense.lnk" deleted successfully.
Folder "c:\Program Files\Malware Defense" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
