Link to home
Start Free TrialLog in
Avatar of Simon336697
Simon336697Flag for Australia

asked on

Deleting Registry Keys

Hi guys hope you are well and can help.
Guys, I have the following requirement and would love to create a vbscript to do this.

1) Delete the following registry keys (if they exist).
HKEY_LOCAL_MACHINE\Software\McAfee\HIP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EnterceptAgent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FireHook
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\firelm01
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FirePM
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FireTDI

2) Delete the following folder
C:\Program Files\McAfee\Host Intrusion Prevention

3) Delete the following files
C:\Windows\System32\FireCL.dll
C:\Windows\System32\FireCNL.dll
C:\Windows\System32\FireCore.dll
C:\Windows\System32\FireEpo.dll
C:\Windows\System32\FireNHC.dll
C:\Windows\System32\FireSCV.dll

The end result would be something like the below as a hta file:

--------------------------------------------- delreg.hta

Please enter a computer name: _______________

<Run>

On running, the outcome of each step would be seen eg.

Running Step 1).......... completed.
Running Step 2).......... completed.
Running Step 3).......... completed.

Script finished.

Any help greatly appreciated.
Avatar of astroviper
astroviper

<html>
<head>
<title>DelReg</title>
</head>
 
<script language="VBScript">
 
	Sub TestSub
		On Error Resume Next
		strComputer = BasicTextBox.Value
		Set objFSO = CreateObject("Scripting.FileSystemObject")
 
		DeleteKey strComputer, "Software\McAfee\HIP"
		DeleteKey strComputer, "SYSTEM\CurrentControlSet\Services\EnterceptAgent"
		DeleteKey strComputer, "SYSTEM\CurrentControlSet\Services\FireHook"
		DeleteKey strComputer, "SYSTEM\CurrentControlSet\Services\firelm01"
		DeleteKey strComputer, "SYSTEM\CurrentControlSet\Services\FirePM"
		DeleteKey strComputer, "SYSTEM\CurrentControlSet\Services\FireTDI"
 
		DataArea.InnerHTML = DataArea.InnerHTML & "Deleting C:\Program Files\McAfee\Host Intrusion Prevention" & _
			" on " & strComputer & "<br>"
		objFSO.DeleteFolder "\\" & strComputer & "\c$\Program Files\McAfee\Host Intrusion Prevention", True
		
		DeleteFile strComputer, "Windows\System32\FireCL.dll"
		DeleteFile strComputer, "Windows\System32\FireCNL.dll"
		DeleteFile strComputer, "Windows\System32\FireCore.dll"
		DeleteFile strComputer, "Windows\System32\FireEpo.dll"
		DeleteFile strComputer, "Windows\System32\FireNHC.dll"
		DeleteFile strComputer, "Windows\System32\FireSCV.dll"
 
		DataArea.InnerHTML = DataArea.InnerHTML & "Script Complete.<br>"
	End Sub
 
	Sub DeleteFile(strComputer, strPath)
		DataArea.InnerHTML = DataArea.InnerHTML & "Deleting C:\" & strPath & _
			" on " & strComputer & "<br>"
		objFSO.DeleteFile "\\" & strComputer & "\c$\" & strPath, True
	End Sub
 
	Sub DeleteKey(strComputer, strKeyPath)
		On Error Resume Next 
 
		Const HKEY_CURRENT_USER = &H80000001 
		Const HKEY_LOCAL_MACHINE = &H80000002
 
		Set objRegistry = GetObject("winmgmts:\\" & _
			strComputer & "\root\default:StdRegProv") 
 
		DataArea.InnerHTML = DataArea.InnerHTML & "Deleting " & strKeyPath & _
			" on " & strComputer & "<br>"
		DeleteSubkeys HKEY_LOCAL_MACHINE, strKeypath 
	End Sub
 
	Sub DeleteSubkeys(HKEY_CURRENT_USER, strKeyPath) 
		objRegistry.EnumKey HKEY_CURRENT_USER, strKeyPath, arrSubkeys 
 
		If IsArray(arrSubkeys) Then 
			For Each strSubkey In arrSubkeys 
				DeleteSubkeys HKEY_CURRENT_USER, strKeyPath & "\" & strSubkey 
			Next 
		End If 
 
		objRegistry.DeleteKey HKEY_CURRENT_USER, strKeyPath 
	End Sub
 
 
</script>
 
<body>
<p>
<input type="text" name="BasicTextBox" size="50">
<input type="button" value="RunScript" name="run_button" onClick="TestSub">
</p>
<p><span id=DataArea></span></p>
</body>
</html>

Open in new window

Avatar of Simon336697
Simon336697
Flag of Australia image

ASKER

HIi astroviper,
Thanks so much for your help.
astro,
Does your script cater for registry keys that do not exist, or if the folder on disk does not exist?
Avatar of astroviper
astroviper
The "On Error Resume Next" part at the top means that it will fail silently if the key or the folder/file doesn't exist. It was easier for me at the time... If you need it I could try putting in some feedback as to whether or not the operations were successful.
ASKER CERTIFIED SOLUTION
Avatar of astroviper
astroviper
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Simon336697
Simon336697
Flag of Australia image

ASKER

Thanks so much astro :>)