Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Deleting Registry Keys

Posted on 2009-06-28
5
Medium Priority
?
689 Views
Last Modified: 2012-05-07
Hi guys hope you are well and can help.
Guys, I have the following requirement and would love to create a vbscript to do this.

1) Delete the following registry keys (if they exist).
HKEY_LOCAL_MACHINE\Software\McAfee\HIP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EnterceptAgent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FireHook
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\firelm01
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FirePM
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FireTDI

2) Delete the following folder
C:\Program Files\McAfee\Host Intrusion Prevention

3) Delete the following files
C:\Windows\System32\FireCL.dll
C:\Windows\System32\FireCNL.dll
C:\Windows\System32\FireCore.dll
C:\Windows\System32\FireEpo.dll
C:\Windows\System32\FireNHC.dll
C:\Windows\System32\FireSCV.dll

The end result would be something like the below as a hta file:

--------------------------------------------- delreg.hta

Please enter a computer name: _______________

<Run>

On running, the outcome of each step would be seen eg.

Running Step 1).......... completed.
Running Step 2).......... completed.
Running Step 3).......... completed.

Script finished.

Any help greatly appreciated.
0
Comment
Question by:Simon336697
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 3

Expert Comment

by:astroviper
ID: 24734018

<html>
<head>
<title>DelReg</title>
</head>
 
<script language="VBScript">
 
	Sub TestSub
		On Error Resume Next
		strComputer = BasicTextBox.Value
		Set objFSO = CreateObject("Scripting.FileSystemObject")
 
		DeleteKey strComputer, "Software\McAfee\HIP"
		DeleteKey strComputer, "SYSTEM\CurrentControlSet\Services\EnterceptAgent"
		DeleteKey strComputer, "SYSTEM\CurrentControlSet\Services\FireHook"
		DeleteKey strComputer, "SYSTEM\CurrentControlSet\Services\firelm01"
		DeleteKey strComputer, "SYSTEM\CurrentControlSet\Services\FirePM"
		DeleteKey strComputer, "SYSTEM\CurrentControlSet\Services\FireTDI"
 
		DataArea.InnerHTML = DataArea.InnerHTML & "Deleting C:\Program Files\McAfee\Host Intrusion Prevention" & _
			" on " & strComputer & "<br>"
		objFSO.DeleteFolder "\\" & strComputer & "\c$\Program Files\McAfee\Host Intrusion Prevention", True
		
		DeleteFile strComputer, "Windows\System32\FireCL.dll"
		DeleteFile strComputer, "Windows\System32\FireCNL.dll"
		DeleteFile strComputer, "Windows\System32\FireCore.dll"
		DeleteFile strComputer, "Windows\System32\FireEpo.dll"
		DeleteFile strComputer, "Windows\System32\FireNHC.dll"
		DeleteFile strComputer, "Windows\System32\FireSCV.dll"
 
		DataArea.InnerHTML = DataArea.InnerHTML & "Script Complete.<br>"
	End Sub
 
	Sub DeleteFile(strComputer, strPath)
		DataArea.InnerHTML = DataArea.InnerHTML & "Deleting C:\" & strPath & _
			" on " & strComputer & "<br>"
		objFSO.DeleteFile "\\" & strComputer & "\c$\" & strPath, True
	End Sub
 
	Sub DeleteKey(strComputer, strKeyPath)
		On Error Resume Next 
 
		Const HKEY_CURRENT_USER = &H80000001 
		Const HKEY_LOCAL_MACHINE = &H80000002
 
		Set objRegistry = GetObject("winmgmts:\\" & _
			strComputer & "\root\default:StdRegProv") 
 
		DataArea.InnerHTML = DataArea.InnerHTML & "Deleting " & strKeyPath & _
			" on " & strComputer & "<br>"
		DeleteSubkeys HKEY_LOCAL_MACHINE, strKeypath 
	End Sub
 
	Sub DeleteSubkeys(HKEY_CURRENT_USER, strKeyPath) 
		objRegistry.EnumKey HKEY_CURRENT_USER, strKeyPath, arrSubkeys 
 
		If IsArray(arrSubkeys) Then 
			For Each strSubkey In arrSubkeys 
				DeleteSubkeys HKEY_CURRENT_USER, strKeyPath & "\" & strSubkey 
			Next 
		End If 
 
		objRegistry.DeleteKey HKEY_CURRENT_USER, strKeyPath 
	End Sub
 
 
</script>
 
<body>
<p>
<input type="text" name="BasicTextBox" size="50">
<input type="button" value="RunScript" name="run_button" onClick="TestSub">
</p>
<p><span id=DataArea></span></p>
</body>
</html>

Open in new window

0
 
LVL 1

Author Comment

by:Simon336697
ID: 24740059
HIi astroviper,
Thanks so much for your help.
astro,
Does your script cater for registry keys that do not exist, or if the folder on disk does not exist?
0
 
LVL 3

Expert Comment

by:astroviper
ID: 24741181
The "On Error Resume Next" part at the top means that it will fail silently if the key or the folder/file doesn't exist. It was easier for me at the time... If you need it I could try putting in some feedback as to whether or not the operations were successful.
0
 
LVL 3

Accepted Solution

by:
astroviper earned 2000 total points
ID: 24741399
Error checking isn't normally something I both with, other than letting the script host handling it. I just remembered there are some objects that a HTA can't access but a dedicated vbscript file can. I'm not sure if that was causing a problem but to be sure, here's a vbscript that outputs a html file instead. Also has some basic error checking.

On Error Resume Next
strComputer = InputBox("Enter computer:" & VbCrLf & ". for localhost")
strFile = strComputer & "Report.html"
Set objFSO = CreateObject("Scripting.FileSystemObject")
 
strOutput = "<html><head><title>" & strComputer & "'s Results</title></head><body>"
 
DeleteKey strComputer, "Software\McAfee\HIP"
CheckError
DeleteKey strComputer, "SYSTEM\CurrentControlSet\Services\EnterceptAgent"
CheckError
DeleteKey strComputer, "SYSTEM\CurrentControlSet\Services\FireHook"
CheckError
DeleteKey strComputer, "SYSTEM\CurrentControlSet\Services\firelm01"
CheckError
DeleteKey strComputer, "SYSTEM\CurrentControlSet\Services\FirePM"
CheckError
DeleteKey strComputer, "SYSTEM\CurrentControlSet\Services\FireTDI"
CheckError
 
strOutput = strOutput & "Deleting C:\Program Files\McAfee\Host Intrusion Prevention" & _
    " on " & strComputer & "..."
objFSO.DeleteFolder "\\" & strComputer & "\c$\Program Files\McAfee\Host Intrusion Prevention", True
CheckError
 
DeleteFile strComputer, "Windows\System32\FireCL.dll"
CheckError
DeleteFile strComputer, "Windows\System32\FireCNL.dll"
CheckError
DeleteFile strComputer, "Windows\System32\FireCore.dll"
CheckError
DeleteFile strComputer, "Windows\System32\FireEpo.dll"
CheckError
DeleteFile strComputer, "Windows\System32\FireNHC.dll"
CheckError
DeleteFile strComputer, "Windows\System32\FireSCV.dll"
CheckError
 
strOutput = strOutput & "Script Complete.<br>"
 
strOutput = strOutput & "</body></html>"
 
Set objOutput = objFSO.CreateTextFile(strFile)
objOutput.Write strOutput
objOutput.Close
 
 
 
    Sub DeleteFile(strComputer, strPath)
		strOutput = strOutput & "Deleting C:\" & strPath & _
			" on " & strComputer & "..."
		objFSO.DeleteFile "\\" & strComputer & "\c$\" & strPath, True
	End Sub
 
	Sub DeleteKey(strComputer, strKeyPath)
		On Error Resume Next 
 
		Const HKEY_CURRENT_USER = &H80000001 
		Const HKEY_LOCAL_MACHINE = &H80000002
 
		Set objRegistry = GetObject("winmgmts:\\" & _
			strComputer & "\root\default:StdRegProv") 
 
		strOutput = strOutput & "Deleting " & strKeyPath & _
			" on " & strComputer & "..."
		DeleteSubkeys HKEY_LOCAL_MACHINE, strKeypath 
 
	End Sub
 
	Sub DeleteSubkeys(HKEY_CURRENT_USER, strKeyPath) 
			Set objRegistry = GetObject("winmgmts:\\" & _
			strComputer & "\root\default:StdRegProv")
            objRegistry.EnumKey HKEY_CURRENT_USER, strKeyPath, arrSubkeys 
 
		If IsArray(arrSubkeys) Then 
			For Each strSubkey In arrSubkeys 
				DeleteSubkeys HKEY_CURRENT_USER, strKeyPath & "\" & strSubkey 
			Next 
		End If 
 
		objRegistry.DeleteKey HKEY_CURRENT_USER, strKeyPath 
	End Sub
 
	Sub CheckError
		If Err.Number <> 0 Then
			strOutput = strOutput & "<font color=red>Error</font><br>"
			strOutput = strOutput & "    Error number: " & _
				Err.Number & "<br>    Error description: '" & Err.Description & "<br>"
			Err.Clear
		Else
			strOutput = strOutput & "<font color=green>Successful</font><br>"
		End If
	End Sub

Open in new window

0
 
LVL 1

Author Comment

by:Simon336697
ID: 24749485
Thanks so much astro :>)
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is pretty cool.  The purpose of this VB Script is to help you document where JAR (Java ARchive) files and specifically java class files are located so that you can address issues seen with a client or that you can speak intelligently with a dev…
Not long ago I saw a question in the VB Script forum that I thought would not take much time. You can read that question (Question ID  (http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_28455246.html)28455246) Here (http…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question