better check for malware if sppsvc.exe is not found

This commit is contained in:
WindowsAddict 2024-08-16 03:03:12 +05:30
parent b0d898973f
commit 117ba004f0
4 changed files with 20 additions and 4 deletions

View file

@ -1084,7 +1084,11 @@ reg query HKLM\SYSTEM\CurrentControlSet\Services\%%# /v %%G %nul% || (set _corru
if %wucount% GEQ 1 set "results=%results%[WU registry is corrupt]" if %wucount% GEQ 1 set "results=%results%[WU registry is corrupt]"
sc start sppsvc %nul% sc start sppsvc %nul%
echo "%errorlevel%" | findstr "577 225" %nul% && set "results=%results%[Likely File Infector]" echo "%errorlevel%" | findstr "577 225" %nul% && (
set "results=%results%[Likely File Infector]"
) || (
if not exist %SysPath%\sppsvc.exe if not exist %SysPath%\alg.exe (set "results=%results%[Likely File Infector]")
)
if not "%results%%pupfound%"=="" ( if not "%results%%pupfound%"=="" (
if defined pupfound call :dk_color %Gray% "Checking PUP Activators [Found%pupfound%]" if defined pupfound call :dk_color %Gray% "Checking PUP Activators [Found%pupfound%]"

View file

@ -1227,7 +1227,11 @@ reg query HKLM\SYSTEM\CurrentControlSet\Services\%%# /v %%G %nul% || (set _corru
if %wucount% GEQ 1 set "results=%results%[WU registry is corrupt]" if %wucount% GEQ 1 set "results=%results%[WU registry is corrupt]"
sc start sppsvc %nul% sc start sppsvc %nul%
echo "%errorlevel%" | findstr "577 225" %nul% && set "results=%results%[Likely File Infector]" echo "%errorlevel%" | findstr "577 225" %nul% && (
set "results=%results%[Likely File Infector]"
) || (
if not exist %SysPath%\sppsvc.exe if not exist %SysPath%\alg.exe (set "results=%results%[Likely File Infector]")
)
if not "%results%%pupfound%"=="" ( if not "%results%%pupfound%"=="" (
if defined pupfound call :dk_color %Gray% "Checking PUP Activators [Found%pupfound%]" if defined pupfound call :dk_color %Gray% "Checking PUP Activators [Found%pupfound%]"

View file

@ -1534,7 +1534,11 @@ reg query HKLM\SYSTEM\CurrentControlSet\Services\%%# /v %%G %nul% || (set _corru
if %wucount% GEQ 1 set "results=%results%[WU registry is corrupt]" if %wucount% GEQ 1 set "results=%results%[WU registry is corrupt]"
sc start sppsvc %nul% sc start sppsvc %nul%
echo "%errorlevel%" | findstr "577 225" %nul% && set "results=%results%[Likely File Infector]" echo "%errorlevel%" | findstr "577 225" %nul% && (
set "results=%results%[Likely File Infector]"
) || (
if not exist %SysPath%\sppsvc.exe if not exist %SysPath%\alg.exe (set "results=%results%[Likely File Infector]")
)
if not "%results%%pupfound%"=="" ( if not "%results%%pupfound%"=="" (
if defined pupfound call :dk_color %Gray% "Checking PUP Activators [Found%pupfound%]" if defined pupfound call :dk_color %Gray% "Checking PUP Activators [Found%pupfound%]"

View file

@ -2557,7 +2557,11 @@ reg query HKLM\SYSTEM\CurrentControlSet\Services\%%# /v %%G %nul% || (set _corru
if %wucount% GEQ 1 set "results=%results%[WU registry is corrupt]" if %wucount% GEQ 1 set "results=%results%[WU registry is corrupt]"
sc start sppsvc %nul% sc start sppsvc %nul%
echo "%errorlevel%" | findstr "577 225" %nul% && set "results=%results%[Likely File Infector]" echo "%errorlevel%" | findstr "577 225" %nul% && (
set "results=%results%[Likely File Infector]"
) || (
if not exist %SysPath%\sppsvc.exe if not exist %SysPath%\alg.exe (set "results=%results%[Likely File Infector]")
)
if not "%results%%pupfound%"=="" ( if not "%results%%pupfound%"=="" (
if defined pupfound call :dk_color %Gray% "Checking PUP Activators [Found%pupfound%]" if defined pupfound call :dk_color %Gray% "Checking PUP Activators [Found%pupfound%]"