@ECHO OFF ECHO : ECHO :RMGONERA.BAT -- W32/Goner-A virus removal utility ECHO :Version 2.00 ECHO :Copyright (c) 2001, Sophos Plc, www.sophos.com ECHO : set sys= set worm=1 REM If received as a text file rename to RMGONERA.BAT. REM Run by typing RMGONERA.BAT at a command prompt or double-clicking this file. REM Must have write access to %windir% if "%windir%"=="" goto nojoy REM Must have a copy of REGEDIT.EXE available if not exist %windir%\regedit.exe goto noreg REM Determine OS version ver >%windir%\ver.txt set sys=system find /c "Version 4" %windir%\ver.txt >nul if errorlevel 1 set sys=system32 REM Delete worm file GONE.SCR (NT/2K/XP) if %sys%==system goto 9x ECHO :Attempting to delete worm file, please wait... if exist %windir%\%sys%\gone.scr attrib -r -h -s %windir%\%sys%\gone.scr if exist %windir%\%sys%\gone.scr del %windir%\%sys%\gone.scr ECHO : goto reg REM Build WININIT.INI to delete worm file (95/98/Me) :9x if not exist %windir%\%sys%\gone.scr set worm=0 if %worm%==0 goto reg ECHO :Building WININIT.INI to delete worm file upon reboot, please wait... if exist %windir%\wininit.bak del %windir%\wininit.bak >nul if exist %windir%\wininit.ini move %windir%\wininit.ini %windir%\wininit.bak >nul ECHO [Rename] >%windir%\wininit.ini ECHO nul=%windir%\%sys%\gone.scr >>%windir%\wininit.ini ECHO : goto reg REM Remove registry entry :reg ECHO :Removing registry entry for worm, please wait... start /w regedit /e %windir%\temp.reg HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run echo REGEDIT4 >%windir%\gonera.reg echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] >>%windir%\gonera.reg find /v /i "gone.scr" %windir%\temp.reg >>%windir%\gonera.reg regedit /s %windir%\gonera.reg ECHO : REM Finished ECHO :Batch File Completed. ECHO : if %sys%==system goto repeat :finished ECHO :PLEASE NOTE: W32/Goner-A attempts to disable and remove Sophos Anti-Virus ECHO : and other anti-virus products. ECHO : ECHO : Check that Sophos Anti-Virus is installed and running correctly ECHO : on your computer with all the latest virus identities, then scan ECHO : all hard drives to ensure no infected files remain. ECHO : goto end :repeat if %worm%==0 goto finished ECHO :********************************************* ECHO :* Please restart your computer and run this * ECHO :* batch file again to complete the process. * ECHO :********************************************* ECHO : goto end :nojoy ECHO : ECHO :Error 01 ECHO : ECHO :Your environment variable %windir% is not set, cleaning cannot continue. ECHO :Please reboot your computer to free environment space and try again. ECHO : ECHO :If this fails contact Sophos Technical Support. ECHO : goto end :noreg ECHO : ECHO : ECHO :Error 02 ECHO : ECHO :REGEDIT.EXE is missing from your %windir% directory, cleaning cannot continue. ECHO :Copy REGEDIT.EXE from an uninfected computer with the same operating system ECHO :into the %windir% directory on this computer and try again. ECHO : ECHO :If this fails contact Sophos Technical Support. ECHO : REM Delete temporary files :end del %windir%\gonera.reg del %windir%\temp.reg del %windir%\ver.txt REM Clean up environment variables rem set sys= rem set worm=