Solved

Deleting Registry Keys

Posted on 2009-06-28
5
661 Views
Last Modified: 2012-05-07
Hi guys hope you are well and can help.
Guys, I have the following requirement and would love to create a vbscript to do this.

1) Delete the following registry keys (if they exist).
HKEY_LOCAL_MACHINE\Software\McAfee\HIP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EnterceptAgent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FireHook
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\firelm01
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FirePM
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FireTDI

2) Delete the following folder
C:\Program Files\McAfee\Host Intrusion Prevention

3) Delete the following files
C:\Windows\System32\FireCL.dll
C:\Windows\System32\FireCNL.dll
C:\Windows\System32\FireCore.dll
C:\Windows\System32\FireEpo.dll
C:\Windows\System32\FireNHC.dll
C:\Windows\System32\FireSCV.dll

The end result would be something like the below as a hta file:

--------------------------------------------- delreg.hta

Please enter a computer name: _______________

<Run>

On running, the outcome of each step would be seen eg.

Running Step 1).......... completed.
Running Step 2).......... completed.
Running Step 3).......... completed.

Script finished.

Any help greatly appreciated.
0
Comment
Question by:Simon336697
  • 3
  • 2
5 Comments
 
LVL 3

Expert Comment

by:astroviper
ID: 24734018

<html>

<head>

<title>DelReg</title>

</head>
 

<script language="VBScript">
 

	Sub TestSub

		On Error Resume Next

		strComputer = BasicTextBox.Value

		Set objFSO = CreateObject("Scripting.FileSystemObject")
 

		DeleteKey strComputer, "Software\McAfee\HIP"

		DeleteKey strComputer, "SYSTEM\CurrentControlSet\Services\EnterceptAgent"

		DeleteKey strComputer, "SYSTEM\CurrentControlSet\Services\FireHook"

		DeleteKey strComputer, "SYSTEM\CurrentControlSet\Services\firelm01"

		DeleteKey strComputer, "SYSTEM\CurrentControlSet\Services\FirePM"

		DeleteKey strComputer, "SYSTEM\CurrentControlSet\Services\FireTDI"
 

		DataArea.InnerHTML = DataArea.InnerHTML & "Deleting C:\Program Files\McAfee\Host Intrusion Prevention" & _

			" on " & strComputer & "<br>"

		objFSO.DeleteFolder "\\" & strComputer & "\c$\Program Files\McAfee\Host Intrusion Prevention", True

		

		DeleteFile strComputer, "Windows\System32\FireCL.dll"

		DeleteFile strComputer, "Windows\System32\FireCNL.dll"

		DeleteFile strComputer, "Windows\System32\FireCore.dll"

		DeleteFile strComputer, "Windows\System32\FireEpo.dll"

		DeleteFile strComputer, "Windows\System32\FireNHC.dll"

		DeleteFile strComputer, "Windows\System32\FireSCV.dll"
 

		DataArea.InnerHTML = DataArea.InnerHTML & "Script Complete.<br>"

	End Sub
 

	Sub DeleteFile(strComputer, strPath)

		DataArea.InnerHTML = DataArea.InnerHTML & "Deleting C:\" & strPath & _

			" on " & strComputer & "<br>"

		objFSO.DeleteFile "\\" & strComputer & "\c$\" & strPath, True

	End Sub
 

	Sub DeleteKey(strComputer, strKeyPath)

		On Error Resume Next 
 

		Const HKEY_CURRENT_USER = &H80000001 

		Const HKEY_LOCAL_MACHINE = &H80000002
 

		Set objRegistry = GetObject("winmgmts:\\" & _

			strComputer & "\root\default:StdRegProv") 
 

		DataArea.InnerHTML = DataArea.InnerHTML & "Deleting " & strKeyPath & _

			" on " & strComputer & "<br>"

		DeleteSubkeys HKEY_LOCAL_MACHINE, strKeypath 

	End Sub
 

	Sub DeleteSubkeys(HKEY_CURRENT_USER, strKeyPath) 

		objRegistry.EnumKey HKEY_CURRENT_USER, strKeyPath, arrSubkeys 
 

		If IsArray(arrSubkeys) Then 

			For Each strSubkey In arrSubkeys 

				DeleteSubkeys HKEY_CURRENT_USER, strKeyPath & "\" & strSubkey 

			Next 

		End If 
 

		objRegistry.DeleteKey HKEY_CURRENT_USER, strKeyPath 

	End Sub
 
 

</script>
 

<body>

<p>

<input type="text" name="BasicTextBox" size="50">

<input type="button" value="RunScript" name="run_button" onClick="TestSub">

</p>

<p><span id=DataArea></span></p>

</body>

</html>

Open in new window

0
 
LVL 1

Author Comment

by:Simon336697
ID: 24740059
HIi astroviper,
Thanks so much for your help.
astro,
Does your script cater for registry keys that do not exist, or if the folder on disk does not exist?
0
 
LVL 3

Expert Comment

by:astroviper
ID: 24741181
The "On Error Resume Next" part at the top means that it will fail silently if the key or the folder/file doesn't exist. It was easier for me at the time... If you need it I could try putting in some feedback as to whether or not the operations were successful.
0
 
LVL 3

Accepted Solution

by:
astroviper earned 500 total points
ID: 24741399
Error checking isn't normally something I both with, other than letting the script host handling it. I just remembered there are some objects that a HTA can't access but a dedicated vbscript file can. I'm not sure if that was causing a problem but to be sure, here's a vbscript that outputs a html file instead. Also has some basic error checking.

On Error Resume Next

strComputer = InputBox("Enter computer:" & VbCrLf & ". for localhost")

strFile = strComputer & "Report.html"

Set objFSO = CreateObject("Scripting.FileSystemObject")
 

strOutput = "<html><head><title>" & strComputer & "'s Results</title></head><body>"
 

DeleteKey strComputer, "Software\McAfee\HIP"

CheckError

DeleteKey strComputer, "SYSTEM\CurrentControlSet\Services\EnterceptAgent"

CheckError

DeleteKey strComputer, "SYSTEM\CurrentControlSet\Services\FireHook"

CheckError

DeleteKey strComputer, "SYSTEM\CurrentControlSet\Services\firelm01"

CheckError

DeleteKey strComputer, "SYSTEM\CurrentControlSet\Services\FirePM"

CheckError

DeleteKey strComputer, "SYSTEM\CurrentControlSet\Services\FireTDI"

CheckError
 

strOutput = strOutput & "Deleting C:\Program Files\McAfee\Host Intrusion Prevention" & _

    " on " & strComputer & "..."

objFSO.DeleteFolder "\\" & strComputer & "\c$\Program Files\McAfee\Host Intrusion Prevention", True

CheckError
 

DeleteFile strComputer, "Windows\System32\FireCL.dll"

CheckError

DeleteFile strComputer, "Windows\System32\FireCNL.dll"

CheckError

DeleteFile strComputer, "Windows\System32\FireCore.dll"

CheckError

DeleteFile strComputer, "Windows\System32\FireEpo.dll"

CheckError

DeleteFile strComputer, "Windows\System32\FireNHC.dll"

CheckError

DeleteFile strComputer, "Windows\System32\FireSCV.dll"

CheckError
 

strOutput = strOutput & "Script Complete.<br>"
 

strOutput = strOutput & "</body></html>"
 

Set objOutput = objFSO.CreateTextFile(strFile)

objOutput.Write strOutput

objOutput.Close
 
 
 

    Sub DeleteFile(strComputer, strPath)

		strOutput = strOutput & "Deleting C:\" & strPath & _

			" on " & strComputer & "..."

		objFSO.DeleteFile "\\" & strComputer & "\c$\" & strPath, True

	End Sub
 

	Sub DeleteKey(strComputer, strKeyPath)

		On Error Resume Next 
 

		Const HKEY_CURRENT_USER = &H80000001 

		Const HKEY_LOCAL_MACHINE = &H80000002
 

		Set objRegistry = GetObject("winmgmts:\\" & _

			strComputer & "\root\default:StdRegProv") 
 

		strOutput = strOutput & "Deleting " & strKeyPath & _

			" on " & strComputer & "..."

		DeleteSubkeys HKEY_LOCAL_MACHINE, strKeypath 
 

	End Sub
 

	Sub DeleteSubkeys(HKEY_CURRENT_USER, strKeyPath) 

			Set objRegistry = GetObject("winmgmts:\\" & _

			strComputer & "\root\default:StdRegProv")

            objRegistry.EnumKey HKEY_CURRENT_USER, strKeyPath, arrSubkeys 
 

		If IsArray(arrSubkeys) Then 

			For Each strSubkey In arrSubkeys 

				DeleteSubkeys HKEY_CURRENT_USER, strKeyPath & "\" & strSubkey 

			Next 

		End If 
 

		objRegistry.DeleteKey HKEY_CURRENT_USER, strKeyPath 

	End Sub
 

	Sub CheckError

		If Err.Number <> 0 Then

			strOutput = strOutput & "<font color=red>Error</font><br>"

			strOutput = strOutput & "    Error number: " & _

				Err.Number & "<br>    Error description: '" & Err.Description & "<br>"

			Err.Clear

		Else

			strOutput = strOutput & "<font color=green>Successful</font><br>"

		End If

	End Sub

Open in new window

0
 
LVL 1

Author Comment

by:Simon336697
ID: 24749485
Thanks so much astro :>)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article we want to have a look at the directory attributes which are used by Microsoft to store the so called Security Identifiers (SID). These SIDs plays an important role in delegating and granting permissions and in authentication of trus…
This script will sweep a range of IP addresses (class c only, 255.255.255.0) and report to a log the version of office installed. What it does: 1.)      Creates log file in the directory the script is run from (if it doesn't already exist) 2.)      Sweep…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

28 Experts available now in Live!

Get 1:1 Help Now