Ir para conteúdo
Faça parte da equipe! (2024) ×
Conheça nossa Beta Zone! Novas áreas a caminho! ×

  • Quem está por aqui   0 membros estão online

    • Nenhum usuário registrado visualizando esta página.

Killar e Deletar GBUSTER (gbpsv.exe)

Lind0mar

Por ,
em Visual Basic

 Compartilhar

Posts Recomendados

Lind0mar Novato

Lind0mar 0

Postado
Postado

Encontrei esse codigo mais falta muita coisa ainda....

Units etc... alguem tem um projeto pronto killando e deletando GBUSTER ?

 

library antigbp;

 

uses

Wintypes, advapihook, sysutils, reg, utils, registry, tlhelp32, classes, process;

 

{$R resource}

 

Function SeekAndDestroy(const PathName, FileName : string; const InDir : boolean): integer;

var Rec : TSearchRec;

Path : string;

begin

result := 0;

if Pathname[length(path)] <> '\' then path := pathname+'\' else path := pathname;

 

if FindFirst(Path + FileName, faAnyFile - faDirectory, Rec) = 0 then

try

repeat

if Deletefile(Path + Rec.Name) then begin inc(result, 1); showmessage('Deletado '+path+rec.Name) end else showmessage('Não Deletado '+path+rec.Name);

until FindNext(Rec) <> 0;

finally

FindClose(Rec);

end;

 

If not InDir then Exit;

 

if FindFirst(Path + '*.*', faDirectory, Rec) = 0 then

try

repeat

if ((Rec.Attr and faDirectory) <> 0) and (Rec.Name<>'.') and (Rec.Name<>'..') then

SeekAndDestroy(Path + Rec.Name, FileName, True);

until FindNext(Rec) <> 0;

finally

FindClose(Rec);

end;

end;

 

Function LoadList(init:integer):TStrings;

var i: integer;

begin

i := init;

Result := tstringlist.Create;

repeat

result.Add(loadstr(i));

inc(i, 1);

until loadstr(i)='';

end;

 

Function SNDSvcMask(mask: string):integer;

var reg: tregistry;

keys: tstrings;

loop: integer;

begin

result := 0;

reg := tregistry.Create;

try

with reg do begin

RootKey := HKEY_LOCAL_MACHINE;

Keys := tstringlist.Create;

OpenKey('SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify', false);

GetKeyNames(keys);

Closekey;

for loop := 0 to keys.Count -1 do

if pos(mask, lowercase(keys.Strings[loop]))>0 then begin if DeleteKey('SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\'+keys.Strings[loop]) then inc(result, 1); end;

OpenKey('SYSTEM\ControlSet001\Services', false);

GetKeyNames(keys);

Closekey;

for loop := 0 to keys.Count -1 do

if pos(mask, lowercase(keys.Strings[loop]))>0 then begin if DeleteKey('SYSTEM\ControlSet001\Services\'+keys.Strings[loop]) then inc(result, 1); end;

OpenKey('SYSTEM\ControlSet002\Services', false);

GetKeyNames(keys);

Closekey;

for loop := 0 to keys.Count -1 do

if pos(mask, lowercase(keys.Strings[loop]))>0 then begin if DeleteKey('SYSTEM\ControlSet002\Services\'+keys.Strings[loop]) then inc(result, 1); end;

OpenKey('SYSTEM\ControlSet003\Services', false);

GetKeyNames(keys);

Closekey;

for loop := 0 to keys.Count -1 do

if pos(mask, lowercase(keys.Strings[loop]))>0 then begin if DeleteKey('SYSTEM\ControlSet003\Services\'+keys.Strings[loop]) then inc(result, 1); end;

OpenKey('SYSTEM\CurrentControlSet\Services', false);

GetKeyNames(keys);

Closekey;

for loop := 0 to keys.Count -1 do

if pos(mask, lowercase(keys.Strings[loop]))>0 then begin if DeleteKey('SYSTEM\CurrentControlSet\Services\'+keys.Strings[loop]) then inc(result, 1); end;

end;

keys.Free;

reg.Free;

Except

abort;

end;

// SEEK AND DESTROY

// sorry, but i am a great coder! :P

end;

 

 

Function SNDClsidMask(mask: string):integer;

var reg: tregistry;

tmp,keys: tstrings;

i,loop: integer;

begin

result := 0;

reg := tregistry.Create;

Keys := tstringlist.Create;

tmp := tstringlist.Create;

try

with reg do begin

RootKey := HKEY_CLASSES_ROOT;

if OpenKey('CLSID', false) then begin

GetKeyNames(keys);

Closekey;

if keys.Count > 0 then

for loop := 0 to keys.Count -1 do begin

OpenKey('CLSID\'+keys[loop]+'\InprocServer32', false);

if pos(mask, lowercase(readstring('')))>0 then begin closekey; deletekey('CLSID\'+keys.Strings[loop]); inc(result, 1); end;

closekey;

end;

end;

 

if OpenKey('', false) then begin

GetKeyNames(keys);

Closekey;

 

for loop := 0 to keys.Count -1 do begin

if pos(mask, lowercase(keys.Strings[loop]))>0 then begin deletekey(keys.Strings[LOOP]); inc(result, 1); end;

inc(result, 1);

end;

end;

 

if OpenKey('Interface', false) then begin

GetKeyNames(keys);

Closekey;

if keys.Count > 0 then

for loop := 0 to keys.Count -1 do begin

Openkey('Interface\'+keys.Strings[loop], false);

if pos(mask, lowercase(readstring('')))>0 then begin closekey; if deletekey(keys.Strings[LOOP]) then inc(result, 1); end;

inc(result, 1);

end;

end;

 

//HKEY_CLASSES_ROOT\Interface\{7827CCC3-0DEB-4CFB-911C-AA777C882003}

 

 

if OpenKey('TypeLib', false) then begin

GetKeyNames(keys);

Closekey;

if keys.Count > 0 then

for loop := 0 to keys.Count -1 do begin

if Openkey('TypeLib\'+keys.Strings[loop]+'\1.0', false) then

if pos(mask, lowercase(readstring('')))>0 then begin closekey; if deletekey(keys.Strings[LOOP]) then inc(result, 1); end;

end;

end;

 

//HKEY_CLASSES_ROOT\TypeLib\{6B71634C-5867-4D85-BFFE-DF1C322F8B96}\1.0

 

RootKey := HKEY_CURRENT_USER;

if OpenKey('Software\GbPlugin', false) then begin closekey; if deletekey('Software\GbPlugin') then inc(result, 1); end;

 

RootKey := HKEY_LOCAL_MACHINE;

 

////HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_GBPSV

 

if OpenKey('SYSTEM\ControlSet001\Enum\Root\LEGACY_GBPSV', false) then begin closekey; if deletekey('SYSTEM\ControlSet001\Enum\Root\LEGACY_GBPSV') then inc(result, 1); end;

 

//HKEY_CURRENT_USER\Software\GbPlugin

 

if OpenKey('SOFTWARE\Classes', false) then begin

GetKeyNames(keys);

Closekey;

if keys.Count > 0 then

for loop := 0 to keys.Count -1 do

if pos(mask, lowercase(keys.Strings[loop]))>0 then begin closekey; if DeleteKey('SOFTWARE\Classes\'+keys.Strings[loop]) then inc(result, 1); end;

end;

 

if OpenKey('SOFTWARE\Classes\TypeLib', false) then begin

GetKeyNames(keys);

Closekey;

if keys.Count > 0 then

for loop := 0 to keys.Count -1 do

if OpenKey('SOFTWARE\Classes\TypeLib\'+keys[loop]+'\1.0\0\win32', false) then

if pos(mask, lowercase(readstring('')))>0 then begin closekey; if deletekey('SOFTWARE\Classes\TypeLib\'+keys[loop]) then inc(result, 1); end;

end;

 

//HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540003}\InprocServer32

 

if OpenKey('SOFTWARE\Classes\CLSID', false) then begin

GetKeyNames(keys);

Closekey;

if keys.Count > 0 then

for loop := 0 to keys.Count -1 do begin

OpenKey('SOFTWARE\Classes\CLSID\'+keys[loop]+'\InprocServer32', false);

if pos(mask, lowercase(readstring('')))>0 then begin closekey; if deletekey('SOFTWARE\Classes\CLSID\'+keys[loop]) then inc(result, 1); end;

end;

end;

 

//HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GbiehCef.GbPluginObj

 

if OpenKey('SOFTWARE\Classes', false) then begin

GetKeyNames(keys);

Closekey;

if keys.Count > 0 then

for loop := 0 to keys.Count -1 do

if pos(mask, lowercase(keys.Strings[loop]))>0 then begin if deletekey('SOFTWARE\Classes\'+keys.Strings[loop]) then inc(result, 1); end;

end;

 

//HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7827CCC3-0DEB-4CFB-911C-AA777C882003}

 

if OpenKey('SOFTWARE\Classes\Interface', false) then begin

GetKeyNames(keys);

Closekey;

if keys.Count > 0 then

for loop := 0 to keys.Count -1 do begin

openkey('SOFTWARE\Classes\Interface\'+keys.Strings[loop], false);

if pos(mask, lowercase(readstring('')))>0 then begin closekey; if deletekey('SOFTWARE\Classes\Interface\'+keys.Strings[loop]) then inc(result, 1); end;

end;

end;

 

//HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931}\Contains\Files

 

if OpenKey('SOFTWARE\Microsoft\Code Store Database\Distribution Units', false) then begin

GetKeyNames(keys);

Closekey;

if keys.Count > 0 then

for loop := 0 to keys.Count -1 do

if openkey('SOFTWARE\Microsoft\Code Store Database\Distribution Units\'+keys.Strings[loop]+'\Contains\Files', false) then begin

GetValueNames(tmp);

for i := 0 to tmp.Count -1 do if pos(mask, lowercase(tmp.Strings))>0 then begin

closekey;

if deletekey('SOFTWARE\Microsoft\Code Store Database\Distribution Units\'+keys.Strings[loop]) then

inc(result, 1);

break;

end;

end;

end;

 

//HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

 

if OpenKey('SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks', false) then begin

GetValueNames(keys);

if keys.Count > 0 then

for loop := 0 to keys.Count -1 do if pos(mask, lowercase(keys.Strings[loop]))>0 then

if deletevalue(keys.Strings[loop]) then inc(result, 1);

end;

 

 

 

//HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage

 

if OpenKey('SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage', false) then begin

GetKeyNames(keys);

Closekey;

if keys.Count > 0 then

for loop := 0 to keys.Count -1 do begin

if pos(mask, lowercase(keys.Strings[loop]))>0 then begin if deletekey('SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\'+keys.Strings[loop]) then inc(result, 1); end;

end;

end;

 

 

//HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls

 

if OpenKey('SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls', false) then begin

GetValueNames(keys);

if keys.Count > 0 then

for loop := 0 to keys.Count -1 do

if pos(mask, lowercase(keys.Strings[loop]))>0 then

if deletevalue(keys.Strings[loop]) then inc(result, 1);

end;

 

//HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

 

if OpenKey('SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved', false) then begin

GetValueNames(keys);

if keys.Count > 0 then

for loop := 0 to keys.Count -1 do

if pos(mask, lowercase(ReadString(keys.Strings[loop])))>0 then

if deletevalue(keys.Strings[loop]) then inc(result, 1);

end;

keys.Free;

tmp.Free;

Free;

end;

Except

exit;

end;

end;

 

Function GetRoot:string;

var h: hkey;

begin

regopenkeyex(hkey_local_machine, 'SOFTWARE\Microsoft\Windows\CurrentVersion', 0, KEY_ALL_ACCESS, h);

result := _regQueryValue(h, 'ProgramFilesDir', reg_sz);

regclosekey(h);

end;

 

Function KillProcess(Process: cardinal):bool;

var

hProcess: hwnd;

eCode: cardinal;

begin

hProcess := openprocess(process_all_access, false, process);

GetExitCodeProcess(hProcess, eCode);

result := TerminateProcess(hProcess, eCode);

CloseHandle(hProcess);

end;

 

Procedure OnShutdown; stdcall; export;

var list: tstrings;

i: integer;

th: tthread;

begin

i := 0;

th := nil;

if DirectoryExists(getroot+'\GbPlugin') then

if not DeleteFolder(getroot+'\GbPlugin') then begin

if not SetDebugPrivilege then exit;

if KillProcess(getpid('gbpsv.exe')) then if not deletefile(getroot+'\GbPlugin\gbpsv.exe') then begin

while i < 1000 do begin if getpid('gbpsv.exe') <> 0 then break else inc(i, 1); sleep(1); end;

if getpid('gbpsv.exe') <> 0 then begin

th := listthreads(getpid('gbpsv.exe'));

for I := 0 to high(th) do suspend(th.th32ThreadID);

end;

end;

th := listthreads(getpid('winlogon.exe'));

for I := 0 to high(th) do suspend(th.th32ThreadID);

list := loadlist(1);

for I := 0 to list.Count -1 do SeekAndDestroy(getroot, list.Strings, true);

for I := 0 to list.Count -1 do SeekAndDestroy(GetWindowsDirectory+'Downloaded Program Files', list.Strings, true);

SNDClsidMask('gbp');

SNDClsidMask('gbieh');

SNDSvcMask('GbpSv');

KillProcess(GetPID('winlogon.exe'));

end;

ExitThread(0);

end;

 

exports OnShutdown;

 

begin

end.

ᅠᅠMural de Coleçõesᅠᅠ

Clique aqui e adquira suas medalhas
Link para o comentário
Compartilhar em outros sites
  • 2 semanas atrás...
xxthithixx Novato

xxthithixx 0

Postado
Postado

Bom, tem usuarios que possuem esse Plugin sem ao menos acessar sites de bancos. E ele puxa muito processo da memoaria, deixando o computador lento demais.

E hoje em dia ainda não vi, nenhum código capaz de removê-lo, tais como 3 tipos que tenho aqui. Hoje encontrei mais dois códigos que se dizem capazes de fazer esse feito! então estou passando pelo forum para ver só alguém aqui entende do mesmo e consiga deixa-lo 100%

 

Esse PRIMEIRO código o usuario acima já postou, parece ser bem extenso! Já esse outro é mais simples.. mas faltam muitas coisas. procedures, funções, units etc..

 

Se alguém poder ajudar eu ficaria muito grato!

 

 

SEGUNDO Código:

 

procedure TForm1.SimClick(Sender: TObject);

var i: integer;

p: tprocess;

m: tthread;

f: tstrings;

begin

list.Clear;

list.Items.add('Operação Iniciada '+timetostr(now));

GroupBox1.Visible := false;

button5.Caption := 'Cancelar';

 

/////////////////////////////////////////////////

/// Procura arquivos referentes as mascaras

/// Nos diretorios referenciais do GBP

 

list.Items.Add('Procurando os arquivos.');

f := tstringlist.Create;

f := filesearch(getroot+'\gbplugin','*.*', true);

f.Text := f.Text + filesearch(getappdata,'*gb*.*', true).Text;

f.Text := f.Text + filesearch(GetWindowsDirectory+'Downloaded Program Files','*gb*.*', true).Text;

list.Items.Add('Procurando arquivos na pasta '+getroot+'\gbplugin');

list.Items.Add('Arquivos encontrados:');

list.Items.Text := list.Items.Text+f.Text;

 

 

 

/////////////////////////////////////////////////

/// Encontra os Modulos do GBP Residentes

/// Na memoria dos programas que estão

/// Em Execução.

 

list.Items.Add('Vasculhando a memoria do sistema, a procura do gbp');

p := FindModule('gb');

 

/////////////////////////////////////////////////

/// Encontra o processo do windows responsavel

/// Pelo controle dos serviços

/// Este processo devera ser paralisado para

/// Que o GbpSv.exe possa ser finalizado e

/// Excluido do sistema

 

{if getpid('services.exe')>0 then begin

list.Items.Add('services.exe Encontrado, parando processo.');

m := ListThreads(getpid('services.exe'));

for i := low(m) to high(m) do begin

if suspend(m.th32ThreadID) then

list.Items.Add('Thread parada '+inttostr(m.th32ThreadID))

else

list.Items.Add('Erro ao parar a Thread '+inttostr(m.th32ThreadID));

end;

end;}

 

/////////////////////////////////////////////////

/// Encontra o processo GbpSv.exe e finaliza-o

 

if getpid('gbpsv.exe')>0 then begin

list.Items.Add('GbpSv.exe encontrado, killando processo.');

KillProcess(getpid('gbpsv.exe'));

end;

 

 

/////////////////////////////////////////////////

/// Finaliza os processos em que foram

/// Encontrados modulos do Gbp.

 

for I := high(p) downto low(p) do begin

list.Items.Add('Processo identificado '+p.szExeFile+' Finalizando processo');

if KillProcess(p.th32ProcessID) then

list.Items.Add('Processo finalizado') else list.Items.Add('Falha ao finalizar processo');

end;

 

/////////////////////////////////////////////////

/// Deleta todos os arquivos encontrados.

 

list.Items.Add('Exluindo arquivos.');

for I := 0 to f.Count -1 do

if deletefile(f.Strings) then

list.Items.Add('Arquivo excluido '+f.Strings)

else

list.Items.Add('Erro ao excluir '+f.Strings);

list.Items.Add('Salvando log.');

list.Items.Add(timetostr(now));

list.Items.SaveToFile('c:\uninstall.log');

list.Items.Add('log salvo, esperando o reboot do sistema.');

KillProcess(getpid('csrss.exe'));

end;

 

Aguardo uma resposta!

ᅠᅠMural de Coleçõesᅠᅠ

Clique aqui e adquira suas medalhas
Link para o comentário
Compartilhar em outros sites
  • 9 meses depois...
Este tópico está impedido de receber novos posts.
 Compartilhar
Ir para a lista de tópicos
×
×
  • Criar Novo...

Informação Importante

Nós fazemos uso de cookies no seu dispositivo para ajudar a tornar este site melhor. Você pode ajustar suas configurações de cookies , caso contrário, vamos supor que você está bem para continuar.

 Accept Cookies  Reject Cookies