Directory Opus

Post Reply
tong
Site Admin
Posts: 2387
Joined: Fri 01 May 2009 8:55 pm

Directory Opus

Post by tong »

Code: Select all

1. Ban hosts in %windir%\system32\drivers\etc\hosts.

takeown /f "%windir%\system32\drivers\etc\hosts"
icacls "%windir%\system32\drivers\etc\hosts" /grant administrators:F
attrib -s -h -r %windir%\system32\drivers\etc\hosts

echo. >> %windir%\system32\drivers\etc\hosts
echo 127.0.0.1 gpsoft.com.au >> %windir%\system32\drivers\etc\hosts
echo 127.0.0.1 www.gpsoft.com.au >> %windir%\system32\drivers\etc\hosts
echo 127.0.0.1 dopus.com >> %windir%\system32\drivers\etc\hosts
echo 127.0.0.1 www.dopus.com >> %windir%\system32\drivers\etc\hosts
echo 127.0.0.1 gpsoft1.com >> %windir%\system32\drivers\etc\hosts
echo 127.0.0.1 gpsoft2.com >> %windir%\system32\drivers\etc\hosts
echo. >> %windir%\system32\drivers\etc\hosts

notepad.exe %windir%\System32\drivers\etc\hosts

---------------------------------------------------------------------------------

2. Block outbound traffic in both Windows Firewall and your AntiVirus software.

netsh.exe advfirewall firewall add rule name="Directory Opus 1"   dir=out action=block  program="C:\Program Files\GPSoftware\Directory Opus\dopus.exe"
netsh.exe advfirewall firewall add rule name="Directory Opus 2"   dir=out action=block  program="C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe"
netsh.exe advfirewall firewall add rule name="Directory Opus 3"   dir=out action=block  program="C:\Program Files\GPSoftware\Directory Opus\d8viewer.exe"
netsh.exe advfirewall firewall add rule name="Directory Opus 4"   dir=out action=block  program="C:\Program Files\GPSoftware\Directory Opus\dowshlp.exe"
netsh.exe advfirewall firewall add rule name="Directory Opus 5"   dir=out action=block  program="C:\Program Files\GPSoftware\Directory Opus\x86\dopus.exe"
netsh.exe advfirewall firewall add rule name="Directory Opus 6"   dir=out action=block  program="C:\Program Files\GPSoftware\Directory Opus\x86\dopusrt.exe"
netsh.exe advfirewall firewall add rule name="Directory Opus 7"   dir=out action=block  program="C:\Program Files\GPSoftware\Directory Opus\x86\d8viewer.exe"
netsh.exe advfirewall firewall add rule name="Directory Opus 8"   dir=out action=block  program="C:\Program Files\GPSoftware\Directory Opus\x86\dowshlp.exe"
netsh.exe advfirewall firewall add rule name="Directory Opus 9"   dir=out action=block  program="C:\Program Files\GPSoftware\Directory Opus\Viewers\docsvw32.exe"
netsh.exe advfirewall firewall add rule name="Directory Opus 10"  dir=out action=block  program="C:\Program Files\GPSoftware\Directory Opus\Viewers\docsvw64.exe"
netsh.exe advfirewall firewall add rule name="Directory Opus 11"  dir=out action=block  program="C:\Program Files\GPSoftware\Directory Opus\dopusx64.exe"

---------------------------------------------------------------------------------

3. If you install Kaspersky without firewall, it still re-route all traffics to 
   KAV/KIS. That mean your Windows Firewall is useless.

---------------------------------------------------------------------------------

4. If you got blacklist already, uninstall, reboot and do the following commands below. 
   Try to change some paths that match with your system.

del /a /f /q %WINDIR%\xpcc37.log
del /a /f /q %WINDIR%\system32\argtmp39.dll
del /a /f /q %WINDIR%\system32\inf32\*
del /a /f /q "%PROGRAMDATA%\sdpsenv.dat"

rmdir /s /q "%PROGRAMFILES%\Directory Opus"
rmdir /s /q "%PROGRAMFILES%\GPSoftware"
rmdir /s /q "%PROGRAMDATA%\GPSoftware"
rmdir /s /q "%USERPROFILE%\AppData\Local\GPSoftware"
rmdir /s /q "%USERPROFILE%\AppData\LocalLow\GPSoftware"
rmdir /s /q "%USERPROFILE%\AppData\Roaming\GPSoftware"

SUBINACL /subkeyreg "HKEY_CURRENT_USER\Control Panel\International\Time" /setowner=Administrators /grant=Administrators=F
SUBINACL /subkeyreg "HKEY_CURRENT_USER\Software\Microsoft\Clock" /setowner=Administrators /grant=Administrators=F
SUBINACL /subkeyreg "HKEY_CURRENT_USER\Software\Microsoft\Metro" /setowner=Administrators /grant=Administrators=F
SUBINACL /subkeyreg "HKEY_CURRENT_USER\Software\Microsoft\File Manager\Settings" /setowner=Administrators /grant=Administrators=F
SUBINACL /subkeyreg "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\TrashInfo" /setowner=Administrators /grant=Administrators=F
SUBINACL /subkeyreg "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\DlgInfo" /setowner=Administrators /grant=Administrators=F
SUBINACL /subkeyreg "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Handlers" /setowner=Administrators /grant=Administrators=F
SUBINACL /subkeyreg "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing" /setowner=Administrators /grant=Administrators=F
SUBINACL /subkeyreg "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Disallowed" /setowner=Administrators /grant=Administrators=F
SUBINACL /subkeyreg "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cache" /setowner=Administrators /grant=Administrators=F
SUBINACL /subkeyreg "HKEY_LOCAL_MACHINE\SOFTWARE\GPSoftware" /setowner=Administrators /grant=Administrators=F
SUBINACL /subkeyreg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG" /setowner=Administrators /grant=Administrators=F
SUBINACL /subkeyreg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates" /setowner=Administrators /grant=Administrators=F
SUBINACL /subkeyreg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\AppDataBucket" /setowner=Administrators /grant=Administrators=F
SUBINACL /subkeyreg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DesktopInterfaceMethod" /setowner=Administrators /grant=Administrators=F

REG DELETE "HKEY_CURRENT_USER\Control Panel\International\Time" /F 
REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Clock" /F 
REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Metro" /F
REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\File Manager\Settings" /F 
REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\TrashInfo" /F 
REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\DlgInfo" /F 
REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Handlers" /F
REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing" /F
REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Disallowed" /F
REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cache" /F
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\GPSoftware" /F
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG" /F
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates" /F
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\AppDataBucket" /F 
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DesktopInterfaceMethod" /F 

REG ADD "HKEY_CURRENT_USER\Control Panel\International\Time"
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Clock"
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\File Manager\Settings"
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\TrashInfo"
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\DlgInfo"
REG ADD "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\AppDataBucket"
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DesktopInterfaceMethod"

---------------------------------------------------------------------------------
Top
Post Reply

Return to “IT Technic”