Update PUP detection

Cette révision appartient à :
WindowsAddict 2024-11-08 22:16:51 +05:30
Parent d1dca45710
révision 9bbd02cc91
5 fichiers modifiés avec 55 ajouts et 25 suppressions

Voir le fichier

@ -1310,11 +1310,10 @@ exit /b
set w= set w=
set results= set results=
if exist "%ProgramFiles%\KM%w%Spico" set pupfound1= KM%w%Spico if exist "%ProgramFiles%\KM%w%Spico" set pupfound= KM%w%Spico
if exist "%SysPath%\Tasks\R@1n-KMS" set pupfound2= R@inKMS if not defined pupfound (
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s | find /i "AutoPico" %nul% && set pupfound1= KM%w%Spico reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s | find /i "AutoPico" %nul% && set pupfound= KM%w%Spico
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s | find /i "R@1n" %nul% && set pupfound2= R@inKMS )
set pupfound=%pupfound1%%pupfound2%
set hcount=0 set hcount=0
for %%# in (avira.com kaspersky.com virustotal.com mcafee.com) do ( for %%# in (avira.com kaspersky.com virustotal.com mcafee.com) do (
@ -1336,6 +1335,13 @@ set fixes=%fixes% %mas%remove_mal%w%ware
call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%remove_mal%w%ware" call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%remove_mal%w%ware"
echo: echo:
) )
:: Remove the scheduled task of R@1n-KMS (old version) that runs the activation command every minute, as it leads to high CPU usage.
if exist %SysPath%\Tasks\R@1n-KMS (
for /f %%A in ('dir /b /a:-d %SysPath%\Tasks\R@1n-KMS %nul6%') do (schtasks /delete /tn \R@1n-KMS\%%A /f %nul%)
)
exit /b exit /b
::======================================================================================================================================== ::========================================================================================================================================

Voir le fichier

@ -1073,11 +1073,10 @@ exit /b
set w= set w=
set results= set results=
if exist "%ProgramFiles%\KM%w%Spico" set pupfound1= KM%w%Spico if exist "%ProgramFiles%\KM%w%Spico" set pupfound= KM%w%Spico
if exist "%SysPath%\Tasks\R@1n-KMS" set pupfound2= R@inKMS if not defined pupfound (
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s | find /i "AutoPico" %nul% && set pupfound1= KM%w%Spico reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s | find /i "AutoPico" %nul% && set pupfound= KM%w%Spico
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s | find /i "R@1n" %nul% && set pupfound2= R@inKMS )
set pupfound=%pupfound1%%pupfound2%
set hcount=0 set hcount=0
for %%# in (avira.com kaspersky.com virustotal.com mcafee.com) do ( for %%# in (avira.com kaspersky.com virustotal.com mcafee.com) do (
@ -1099,6 +1098,13 @@ set fixes=%fixes% %mas%remove_mal%w%ware
call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%remove_mal%w%ware" call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%remove_mal%w%ware"
echo: echo:
) )
:: Remove the scheduled task of R@1n-KMS (old version) that runs the activation command every minute, as it leads to high CPU usage.
if exist %SysPath%\Tasks\R@1n-KMS (
for /f %%A in ('dir /b /a:-d %SysPath%\Tasks\R@1n-KMS %nul6%') do (schtasks /delete /tn \R@1n-KMS\%%A /f %nul%)
)
exit /b exit /b
::======================================================================================================================================== ::========================================================================================================================================

Voir le fichier

@ -1238,11 +1238,10 @@ exit /b
set w= set w=
set results= set results=
if exist "%ProgramFiles%\KM%w%Spico" set pupfound1= KM%w%Spico if exist "%ProgramFiles%\KM%w%Spico" set pupfound= KM%w%Spico
if exist "%SysPath%\Tasks\R@1n-KMS" set pupfound2= R@inKMS if not defined pupfound (
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s | find /i "AutoPico" %nul% && set pupfound1= KM%w%Spico reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s | find /i "AutoPico" %nul% && set pupfound= KM%w%Spico
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s | find /i "R@1n" %nul% && set pupfound2= R@inKMS )
set pupfound=%pupfound1%%pupfound2%
set hcount=0 set hcount=0
for %%# in (avira.com kaspersky.com virustotal.com mcafee.com) do ( for %%# in (avira.com kaspersky.com virustotal.com mcafee.com) do (
@ -1264,6 +1263,13 @@ set fixes=%fixes% %mas%remove_mal%w%ware
call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%remove_mal%w%ware" call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%remove_mal%w%ware"
echo: echo:
) )
:: Remove the scheduled task of R@1n-KMS (old version) that runs the activation command every minute, as it leads to high CPU usage.
if exist %SysPath%\Tasks\R@1n-KMS (
for /f %%A in ('dir /b /a:-d %SysPath%\Tasks\R@1n-KMS %nul6%') do (schtasks /delete /tn \R@1n-KMS\%%A /f %nul%)
)
exit /b exit /b
::======================================================================================================================================== ::========================================================================================================================================

Voir le fichier

@ -1553,11 +1553,10 @@ exit /b
set w= set w=
set results= set results=
if exist "%ProgramFiles%\KM%w%Spico" set pupfound1= KM%w%Spico if exist "%ProgramFiles%\KM%w%Spico" set pupfound= KM%w%Spico
if exist "%SysPath%\Tasks\R@1n-KMS" set pupfound2= R@inKMS if not defined pupfound (
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s | find /i "AutoPico" %nul% && set pupfound1= KM%w%Spico reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s | find /i "AutoPico" %nul% && set pupfound= KM%w%Spico
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s | find /i "R@1n" %nul% && set pupfound2= R@inKMS )
set pupfound=%pupfound1%%pupfound2%
set hcount=0 set hcount=0
for %%# in (avira.com kaspersky.com virustotal.com mcafee.com) do ( for %%# in (avira.com kaspersky.com virustotal.com mcafee.com) do (
@ -1579,6 +1578,13 @@ set fixes=%fixes% %mas%remove_mal%w%ware
call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%remove_mal%w%ware" call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%remove_mal%w%ware"
echo: echo:
) )
:: Remove the scheduled task of R@1n-KMS (old version) that runs the activation command every minute, as it leads to high CPU usage.
if exist %SysPath%\Tasks\R@1n-KMS (
for /f %%A in ('dir /b /a:-d %SysPath%\Tasks\R@1n-KMS %nul6%') do (schtasks /delete /tn \R@1n-KMS\%%A /f %nul%)
)
exit /b exit /b
::======================================================================================================================================== ::========================================================================================================================================

Voir le fichier

@ -2654,11 +2654,10 @@ exit /b
set w= set w=
set results= set results=
if exist "%ProgramFiles%\KM%w%Spico" set pupfound1= KM%w%Spico if exist "%ProgramFiles%\KM%w%Spico" set pupfound= KM%w%Spico
if exist "%SysPath%\Tasks\R@1n-KMS" set pupfound2= R@inKMS if not defined pupfound (
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s | find /i "AutoPico" %nul% && set pupfound1= KM%w%Spico reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s | find /i "AutoPico" %nul% && set pupfound= KM%w%Spico
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s | find /i "R@1n" %nul% && set pupfound2= R@inKMS )
set pupfound=%pupfound1%%pupfound2%
set hcount=0 set hcount=0
for %%# in (avira.com kaspersky.com virustotal.com mcafee.com) do ( for %%# in (avira.com kaspersky.com virustotal.com mcafee.com) do (
@ -2680,6 +2679,13 @@ set fixes=%fixes% %mas%remove_mal%w%ware
call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%remove_mal%w%ware" call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%remove_mal%w%ware"
echo: echo:
) )
:: Remove the scheduled task of R@1n-KMS (old version) that runs the activation command every minute, as it leads to high CPU usage.
if exist %SysPath%\Tasks\R@1n-KMS (
for /f %%A in ('dir /b /a:-d %SysPath%\Tasks\R@1n-KMS %nul6%') do (schtasks /delete /tn \R@1n-KMS\%%A /f %nul%)
)
exit /b exit /b
::======================================================================================================================================== ::========================================================================================================================================