I am writing a cleaner for a known key, for example ( "vbs" ,"vbe" ,"wsf", "a3x") from the registry.
I want to add BalloonTip to powershell with this script, but something is wrong!
I donβt know how to remove the icon from the taskbar to show the execution check?
This is a draft. It is not yet optimized!
@echo off Title Hackoo Virus Cleaner to delete virus key from registry by Hackoo 2016 Color 1A & Mode con cols=80 lines=8 Set Pattern="\.vbs"^ ^ "\.vbe"^ ^ "\.wsf"^ ^ "\.a3x"^ ^ "VBScript.Encode"^ ^ "\winlogon\.bat" Set Key="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"^ ^ "HKCU\Software\Microsoft\Windows\CurrentVersion\Run"^ ^ "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"^ ^ "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" For %%P in (%Pattern%) Do ( For %%K in (%Key%) Do ( Cls echo( echo( Echo ***************************** Scan ***************************** echo %%K Echo **************************************************************** Call :PS_Sub 'Warning' 10 '" Please wait... "' "' Scan is in progress.... %%K'" 'Warning' Call :Delete_Virus_Key %%K %%P "%TmpLogFile%" ) ) exit /b ::************************************************************************* :Delete_Virus_Key <Key> <Pattern> <LogFile> Setlocal enabledelayedexpansion for /f "delims=REG_SZ" %%I in ( 'reg query "%~1" /s^|findstr /ic:"%~2"' ) Do ( If %ErrorLevel% NEQ 1 ( Set KeyName="%%~I" ( Call:Trim !keyName! Title Deleting Run key: !keyName! echo Deleting Run key: !keyName! echo reg delete "%~1" /v !keyName! /f echo( echo ***************************** echo reg delete "%~1" /v "!keyName!" /f echo ***************************** echo( )>>"%~3" rem Call :PS_Sub 'Warning' 100 '"!KeyName!"' "'Delete !KeyName!'" 'Warning' ) else ( Set KeyName="%%~I" Call:Trim !keyName! Title Deleting Run key: !keyName! echo Deleting Run key: !keyName! echo reg delete "%~1" /v !keyName! /f echo( echo ***************************** echo reg delete "%~1" /v "!keyName!" /f echo ***************************** echo( )>>"%~3" ) ) EndLocal Exit /b ::************************************************************************* :Trim <String> ( echo Wscript.echo Trim("%~1"^) )>"%tmp%\%~n0.vbs" for /f "delims=" %%a in ('Cscript /nologo "%tmp%\%~n0.vbs"') do ( set "KeyName=%%a" ) exit /b ::************************************************************************** :PS_Sub $notifyicon $time $title $text $icon PowerShell ^ [reflection.assembly]::loadwithpartialname('System.Windows.Forms') ^| Out-Null; ^ [reflection.assembly]::loadwithpartialname('System.Drawing') ^| Out-Null; ^ $notify = new-object system.windows.forms.notifyicon; ^ $notify.icon = [System.Drawing.SystemIcons]::%1; ^ $notify.visible = $true; ^ $notify.showballoontip(%2,%3,%4,%5) %End PowerShell% exit /B ::*************************************************************************
So, to simplify my problem, we will focus only on this function:
What should I add here to get rid of notifyicon from the taskbar?
::************************************************************************** :PS_Sub $notifyicon $time $title $text $icon PowerShell ^ [reflection.assembly]::loadwithpartialname('System.Windows.Forms') ^| Out-Null; ^ [reflection.assembly]::loadwithpartialname('System.Drawing') ^| Out-Null; ^ $notify = new-object system.windows.forms.notifyicon; ^ $notify.icon = [System.Drawing.SystemIcons]::%1; ^ $notify.visible = $true; ^ $notify.showballoontip(%2,%3,%4,%5) %End PowerShell% exit /B ::*************************************************************************
source share