6

I'm writing a cleaner for some known virus key like ( "vbs" ,"vbe" ,"wsf", "a3x") from the registry.

I want to add a BalloonTip in powershell with this script but, there is something wrong !

I don't know how to remove the icon from the taskbar to show the progress scan ?

This is a draft. It is not yet optimized !

@echo off
Title Hackoo Virus Cleaner to delete virus key from registry by Hackoo 2016
Color 1A & Mode con cols=80 lines=8
Set Pattern="\.vbs"^
^ "\.vbe"^
^ "\.wsf"^
^ "\.a3x"^
^ "VBScript.Encode"^
^ "\winlogon\.bat"

Set Key="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"^
^ "HKCU\Software\Microsoft\Windows\CurrentVersion\Run"^
^ "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"^
^ "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options"

For %%P in (%Pattern%) Do (
        For %%K in (%Key%) Do (     
            Cls 
            echo(
            echo(
            Echo         ***************************** Scan *****************************
            echo             %%K
            Echo         ****************************************************************
            Call :PS_Sub 'Warning' 10 '" Please wait... "' "' Scan is in progress.... %%K'" 'Warning'
            Call :Delete_Virus_Key %%K %%P "%TmpLogFile%"
        )
)
exit /b
::*************************************************************************
:Delete_Virus_Key <Key> <Pattern> <LogFile>
Setlocal enabledelayedexpansion
for /f "delims=REG_SZ" %%I in (
    'reg query "%~1" /s^|findstr /ic:"%~2"'
    )   Do  ( 
                If %ErrorLevel% NEQ 1 (
                    Set KeyName="%%~I"
                    (
                        Call:Trim !keyName!
                        Title Deleting Run key: !keyName!
                        echo Deleting Run key: !keyName!
                        echo reg delete "%~1" /v !keyName! /f
                        echo(
                        echo *****************************
                        echo reg delete "%~1" /v "!keyName!" /f
                        echo *****************************
                        echo(
                    )>>"%~3"
                    rem Call :PS_Sub 'Warning' 100 '"!KeyName!"' "'Delete !KeyName!'" 'Warning'
                ) else (
                    Set KeyName="%%~I"
                    Call:Trim !keyName!
                    Title Deleting Run key: !keyName!
                    echo Deleting Run key: !keyName!
                    echo reg delete "%~1" /v !keyName! /f
                    echo(
                    echo *****************************
                    echo reg delete "%~1" /v "!keyName!" /f
                    echo *****************************
                    echo(
                )>>"%~3"
            )       
)
EndLocal
Exit /b
::*************************************************************************
:Trim <String>
(
    echo Wscript.echo Trim("%~1"^)
)>"%tmp%\%~n0.vbs"
for /f "delims=" %%a in ('Cscript /nologo "%tmp%\%~n0.vbs"') do ( 
    set "KeyName=%%a" 
)
exit /b
::**************************************************************************
:PS_Sub $notifyicon $time $title $text $icon
PowerShell  ^
  [reflection.assembly]::loadwithpartialname('System.Windows.Forms') ^| Out-Null; ^
  [reflection.assembly]::loadwithpartialname('System.Drawing') ^| Out-Null; ^
  $notify = new-object system.windows.forms.notifyicon; ^
  $notify.icon = [System.Drawing.SystemIcons]::%1; ^
  $notify.visible = $true; ^
  $notify.showballoontip(%2,%3,%4,%5)
%End PowerShell%
exit /B
::*************************************************************************

So to simplify my issue, we focus just on this function :

What should i add here to get rid the notifyicon from the taskbar ?

::**************************************************************************
:PS_Sub $notifyicon $time $title $text $icon
PowerShell  ^
  [reflection.assembly]::loadwithpartialname('System.Windows.Forms') ^| Out-Null; ^
  [reflection.assembly]::loadwithpartialname('System.Drawing') ^| Out-Null; ^
  $notify = new-object system.windows.forms.notifyicon; ^
  $notify.icon = [System.Drawing.SystemIcons]::%1; ^
  $notify.visible = $true; ^
  $notify.showballoontip(%2,%3,%4,%5)
%End PowerShell%
exit /B
::*************************************************************************
Hackoo
  • 18,337
  • 3
  • 40
  • 70
  • 2
    After sleeping a few seconds, `$notify.Dispose()`? I messed with balloon tips a little [here](http://stackoverflow.com/a/30484358/1683264), but I've slept since then. – rojo Apr 22 '16 at 00:31
  • 2
    @rojo Yes i think it can did the trick ;) Thank you ! – Hackoo Apr 22 '16 at 00:55

1 Answers1

3

I solved the problem thanks to @rojo idea like this :

::**************************************************************************
:PS_Sub $notifyicon $time $title $text $icon $Timeout
PowerShell  ^
  [reflection.assembly]::loadwithpartialname('System.Windows.Forms') ^| Out-Null; ^
  [reflection.assembly]::loadwithpartialname('System.Drawing') ^| Out-Null; ^
  $notify = new-object system.windows.forms.notifyicon; ^
  $notify.icon = [System.Drawing.SystemIcons]::%1; ^
  $notify.visible = $true; ^
  $notify.showballoontip(%2,%3,%4,%5); ^
  Start-Sleep -s %6; ^
  $notify.Dispose()
%End PowerShell%
exit /B
::*************************************************************************

So, if anyone like to test the whole code in beta version , here is the link :

Hackoo Virus Cleaner

enter image description here

Hackoo
  • 18,337
  • 3
  • 40
  • 70
  • 1
    OMFG how do I use this beauty? Save as a script and open by PowerShell? Please, would you mind to show me the steps I need to see this running? Thank you and congratulations for your work! --------- oooh, I am sorry, its a .bat - already runned it! Very very nice. - It speaks! Notifies! Waaaaw... You have to make big money with all of this Hackoo !!!!!!!!! This knowledge is absolutely amazing. – statosdotcom Jul 28 '16 at 22:23
  • 1
    @statosdotcom LOL i'm glad that you love it ;) my best tester ! Thank you for your support and for your feedback ! Did you have tried this code or not ? http://stackoverflow.com/questions/38524510/open-a-file-through-cmd-and-display-the-selected-in-specific-editor/38525929#38525929 – Hackoo Jul 29 '16 at 09:08