MGclean.bat

Gabethebabe · May 20, 2010

Hi, I didn´t know where to put this, so I put it where MG malwarefighters are certainly going to find it.

The cleanup step with MGclean.bat only works on windows system where the desktop folder is called "desktop".
On my Spanish system, the cleaning of the desktop doesn´t work, because my desktop folder is named "escritorio"

So I made a small change to MGClean.bat, to allow it to work also in some foreign versions of Windows (French, Spanish, Dutch, Czech).
Fortunately in most languages the desktop folder is named "desktop".

Hope you appreciate my little effort and keep up your more than excellent work.

Code:

@echo off

REM ******************************************************************************
REM *              MGClean.bat  - (c) 06/22/2009 By Chaslang                     * 
REM * Use this to cleanup after running the READ & RUN ME cleaning procedure.    *
REM * Only run this after malware removal has been REM  completed.               *
REM *  Last Modification 05/20/2010 - add foreign desktops                       *
REM ******************************************************************************

REM Define desktop folder by Gabethebabe 05/20/2010
if exist "%userprofile%\escritorio" set desktopfolder=%userprofile%\escritorio
if exist "%userprofile%\bureau" set desktopfolder=%userprofile%\bureau
if exist "%userprofile%\plocha" set desktopfolder=%userprofile%\plocha
if exist "%userprofile%\bureaublad" set desktopfolder=%userprofile%\bureaublad
if exist "%userprofile%\desktop" set desktopfolder=%userprofile%\desktop

regedit.exe /s hide.reg

cd ..
rd /s/q !KillBox
rd /s/q _OTMoveIt 2>nul
rd /s/q _OTM 2>nul
rd /s/q Avenger 2>nul
rd /s/q ComboFix 2>nul
rd /s/q 32788R22FWJFW 2>nul
rd /s/q Deckard 2>nul
rd /s/q FindyKill 2>nul
rd /s/q Qoobox 2>nul
rd /s/q SDFix 2>nul
rd /s/q "VundoFix Backups" 2>nul
rd /s/q "%desktopfolder%\SmitFraudFix" 2>nul
rd /s/q "%desktopfolder%\SysProt" 2>nul
rd /s/q "%systemdrive%\SysProt" 2>nul

For %%g in (
"%desktopfolder%\Avenger.exe"
"%desktopfolder%\Avenger.txt"
"%desktopfolder%\Avenger.zip"
"%desktopfolder%\AVPFind.bat"
"%desktopfolder%\ComboFix.exe"
"%desktopfolder%\cureit.exe"
"%desktopfolder%\exeHelper.com"
"%desktopfolder%\exehelperlog.txt"
"%desktopfolder%\cureit.exe"
"%desktopfolder%\Defogger.exe"
"%desktopfolder%\defogger_disable.log"
"%desktopfolder%\FindyKill.exe"
"%desktopfolder%\FindyKill.lnk"
"%desktopfolder%\FixAVP.exe"
"%desktopfolder%\fixme.reg"
"%desktopfolder%\gmer.exe"
"%desktopfolder%\HelpAsst_mebroot_fix.exe"
"%desktopfolder%\HiJackThis.exe"
"%desktopfolder%\HiJackThis.lnk"
"%desktopfolder%\HijackThis.msi"
"%desktopfolder%\inherit.exe"
"%desktopfolder%\junction.exe"
"%desktopfolder%\junction.zip"
"%desktopfolder%\killbox.exe"
"%desktopfolder%\KittyFix.exe"
"%desktopfolder%\log.txt"
"%desktopfolder%\mbr.exe"
"%desktopfolder%\MGtools.exe"
"%desktopfolder%\MGlogs.zip"
"%desktopfolder%\OTM.exe"
"%desktopfolder%\OTL.exe"
"%desktopfolder%\OTC.exe"
"%desktopfolder%\PREVXCSIFREE.EXE"
"%desktopfolder%\Rkill.com"
"%desktopfolder%\Rkill.exe"
"%desktopfolder%\Rkill.pif"
"%desktopfolder%\Rkill.vbs"
"%desktopfolder%\RootRepeal.rar"
"%desktopfolder%\RootRepeal.zip"
"%desktopfolder%\RRlog.txt"
"%desktopfolder%\SeDebug-Restore.exe"
"%desktopfolder%\settings.dat"
"%desktopfolder%\SDFix.exe"
"%desktopfolder%\SmitFraudFix.exe"
"%desktopfolder%\SmitFraudFix.zip"
"%desktopfolder%\SUPERAntiSpyware.exe"
"%desktopfolder%\SysProtLog.txt"
"%desktopfolder%\TDSSKiller.exe"
"%desktopfolder%\TDSSkiller.txt"
"%desktopfolder%\TDSSkiller*.txt"
"%desktopfolder%\TFC.exe"
"%desktopfolder%\VundoFix.exe"
"%desktopfolder%\Win32kDiag.exe"
"%desktopfolder%\Win32kDiag.txt"
%systemdrive%\Avenger.exe
%systemdrive%\avenger.txt
%systemdrive%\Avenger.zip
%systemdrive%\AVPFind.bat
%systemdrive%\avplog.txt
%systemdrive%\cleanup.bat
%systemdrive%\cleanup.exe
%systemdrive%\cngaudit.dll
%systemdrive%\combofix.txt
%systemdrive%\eventlog.dll
%systemdrive%\FindyKill.txt
%systemdrive%\FindyKill.cmd
%systemdrive%\gmer.exe
%systemdrive%\inherit.exe
%systemdrive%\junction.exe
%systemdrive%\junction.zip
%systemdrive%\FixAVP.exe
%systemdrive%\fix.reg
%systemdrive%\flist.txt
%systemdrive%\flist2.txt
%systemdrive%\log.txt
%systemdrive%\mbr.exe
%systemdrive%\MGlogs.zip
%systemdrive%\MGtools.exe
%systemdrive%\netlogon.dll
%systemdrive%\PREVXCSIFREE.EXE
%systemdrive%\Rkill.com
%systemdrive%\Rkill.exe
%systemdrive%\Rkill.pif
%systemdrive%\Rkill.vbs
%systemdrive%\RootRepeal.rar
%systemdrive%\RootRepeal.zip
%systemdrive%\RRlog.txt 
%systemdrive%\rapport.txt
%systemdrive%\scecli.dll
%systemdrive%\sdfix.txt
%systemdrive%\settings.dat
%systemdrive%\SUPERAntiSpyware.exe
%systemdrive%\SysProtLog.txt
%systemdrive%\TDSSKiller.txt
%systemdrive%\TDSSKiller*.txt
%systemdrive%\vundofix.txt
%systemdrive%\Win32kDiag.exe
%systemdrive%\XPsp2bu.exe
%systemdrive%\XPsp3bu.exe
%windir%\fdsv.exe
%windir%\gmer.exe
%windir%\grep.exe
%windir%\inherit.exe
%windir%\junction.exe
%windir%\junction.zip
%windir%\mbr.exe
%windir%\MGtools.exe
%windir%\moveex.exe
%windir%\Nircmd.exe
%windir%\PEV.exe
%windir%\psexesvc.exe
%windir%\Rkill.com
%windir%\Rkill.exe
%windir%\Rkill.pif
%windir%\Rkill.vbs
%windir%\sed.exe
%windir%\swsc.exe
%windir%\swreg.exe
%windir%\swxcacls.exe
%windir%\VFind.exe
%windir%\Win32kDiag.exe
%windir%\zip.exe
) do @If exist %%g del /a/f %%g 2>nul

REM Last step - Remove the MGtools folder
rd /s/q MGtools 2>nul

chaslang · May 23, 2010

Thanks for the suggestion.

I never really bothered putting multi-language support into MGclean or any of the other many batch programs. As you suggested many languages do still use Desktop but we have seen all the ones you mentioned that do not. While putting these changes into MGclean.bat is simple, adding full language support into all the tools would require quite a few changes that I just don't think is currently worth the effort since we have been able to get along without up to know.

Log in or Sign up

MGclean.bat

Gabethebabe Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member