Code: Select all
1. Ban hosts in %windir%\system32\drivers\etc\hosts.
takeown /f "%windir%\system32\drivers\etc\hosts"
icacls "%windir%\system32\drivers\etc\hosts" /grant administrators:F
attrib -s -h -r %windir%\system32\drivers\etc\hosts
echo. >> %windir%\system32\drivers\etc\hosts
echo 127.0.0.1 gpsoft.com.au >> %windir%\system32\drivers\etc\hosts
echo 127.0.0.1 www.gpsoft.com.au >> %windir%\system32\drivers\etc\hosts
echo 127.0.0.1 dopus.com >> %windir%\system32\drivers\etc\hosts
echo 127.0.0.1 www.dopus.com >> %windir%\system32\drivers\etc\hosts
echo 127.0.0.1 gpsoft1.com >> %windir%\system32\drivers\etc\hosts
echo 127.0.0.1 gpsoft2.com >> %windir%\system32\drivers\etc\hosts
echo. >> %windir%\system32\drivers\etc\hosts
notepad.exe %windir%\System32\drivers\etc\hosts
---------------------------------------------------------------------------------
2. Block outbound traffic in both Windows Firewall and your AntiVirus software.
netsh.exe advfirewall firewall add rule name="Directory Opus 1" dir=out action=block program="C:\Program Files\GPSoftware\Directory Opus\dopus.exe"
netsh.exe advfirewall firewall add rule name="Directory Opus 2" dir=out action=block program="C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe"
netsh.exe advfirewall firewall add rule name="Directory Opus 3" dir=out action=block program="C:\Program Files\GPSoftware\Directory Opus\d8viewer.exe"
netsh.exe advfirewall firewall add rule name="Directory Opus 4" dir=out action=block program="C:\Program Files\GPSoftware\Directory Opus\dowshlp.exe"
netsh.exe advfirewall firewall add rule name="Directory Opus 5" dir=out action=block program="C:\Program Files\GPSoftware\Directory Opus\x86\dopus.exe"
netsh.exe advfirewall firewall add rule name="Directory Opus 6" dir=out action=block program="C:\Program Files\GPSoftware\Directory Opus\x86\dopusrt.exe"
netsh.exe advfirewall firewall add rule name="Directory Opus 7" dir=out action=block program="C:\Program Files\GPSoftware\Directory Opus\x86\d8viewer.exe"
netsh.exe advfirewall firewall add rule name="Directory Opus 8" dir=out action=block program="C:\Program Files\GPSoftware\Directory Opus\x86\dowshlp.exe"
netsh.exe advfirewall firewall add rule name="Directory Opus 9" dir=out action=block program="C:\Program Files\GPSoftware\Directory Opus\Viewers\docsvw32.exe"
netsh.exe advfirewall firewall add rule name="Directory Opus 10" dir=out action=block program="C:\Program Files\GPSoftware\Directory Opus\Viewers\docsvw64.exe"
netsh.exe advfirewall firewall add rule name="Directory Opus 11" dir=out action=block program="C:\Program Files\GPSoftware\Directory Opus\dopusx64.exe"
---------------------------------------------------------------------------------
3. If you install Kaspersky without firewall, it still re-route all traffics to
KAV/KIS. That mean your Windows Firewall is useless.
---------------------------------------------------------------------------------
4. If you got blacklist already, uninstall, reboot and do the following commands below.
Try to change some paths that match with your system.
del /a /f /q %WINDIR%\xpcc37.log
del /a /f /q %WINDIR%\system32\argtmp39.dll
del /a /f /q %WINDIR%\system32\inf32\*
del /a /f /q "%PROGRAMDATA%\sdpsenv.dat"
rmdir /s /q "%PROGRAMFILES%\Directory Opus"
rmdir /s /q "%PROGRAMFILES%\GPSoftware"
rmdir /s /q "%PROGRAMDATA%\GPSoftware"
rmdir /s /q "%USERPROFILE%\AppData\Local\GPSoftware"
rmdir /s /q "%USERPROFILE%\AppData\LocalLow\GPSoftware"
rmdir /s /q "%USERPROFILE%\AppData\Roaming\GPSoftware"
SUBINACL /subkeyreg "HKEY_CURRENT_USER\Control Panel\International\Time" /setowner=Administrators /grant=Administrators=F
SUBINACL /subkeyreg "HKEY_CURRENT_USER\Software\Microsoft\Clock" /setowner=Administrators /grant=Administrators=F
SUBINACL /subkeyreg "HKEY_CURRENT_USER\Software\Microsoft\Metro" /setowner=Administrators /grant=Administrators=F
SUBINACL /subkeyreg "HKEY_CURRENT_USER\Software\Microsoft\File Manager\Settings" /setowner=Administrators /grant=Administrators=F
SUBINACL /subkeyreg "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\TrashInfo" /setowner=Administrators /grant=Administrators=F
SUBINACL /subkeyreg "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\DlgInfo" /setowner=Administrators /grant=Administrators=F
SUBINACL /subkeyreg "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Handlers" /setowner=Administrators /grant=Administrators=F
SUBINACL /subkeyreg "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing" /setowner=Administrators /grant=Administrators=F
SUBINACL /subkeyreg "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Disallowed" /setowner=Administrators /grant=Administrators=F
SUBINACL /subkeyreg "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cache" /setowner=Administrators /grant=Administrators=F
SUBINACL /subkeyreg "HKEY_LOCAL_MACHINE\SOFTWARE\GPSoftware" /setowner=Administrators /grant=Administrators=F
SUBINACL /subkeyreg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG" /setowner=Administrators /grant=Administrators=F
SUBINACL /subkeyreg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates" /setowner=Administrators /grant=Administrators=F
SUBINACL /subkeyreg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\AppDataBucket" /setowner=Administrators /grant=Administrators=F
SUBINACL /subkeyreg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DesktopInterfaceMethod" /setowner=Administrators /grant=Administrators=F
REG DELETE "HKEY_CURRENT_USER\Control Panel\International\Time" /F
REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Clock" /F
REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Metro" /F
REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\File Manager\Settings" /F
REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\TrashInfo" /F
REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\DlgInfo" /F
REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Handlers" /F
REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing" /F
REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Disallowed" /F
REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cache" /F
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\GPSoftware" /F
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG" /F
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates" /F
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\AppDataBucket" /F
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DesktopInterfaceMethod" /F
REG ADD "HKEY_CURRENT_USER\Control Panel\International\Time"
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Clock"
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\File Manager\Settings"
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\TrashInfo"
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\DlgInfo"
REG ADD "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\AppDataBucket"
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DesktopInterfaceMethod"
---------------------------------------------------------------------------------