To delete files using Avenger follow these steps:
- Please, download the Avenger program
- Extract it from the archive to its own folder, e.g. C: \Avn
- Please run the Avenger.exe file and choose "Input script manually"
- Now click on the “Magnifying Glass” icon which will open a new window titled "View/edit script".
- Copy the quoted text (which is a script for Avenger) into your clipboard by highlighting it and pressing CTRL+C
Paste the text copied to the clipboard into this window by pressing Ctrl+V.Код:It is an example! Replace this text with the code that we provided!
Notes on the script commands
- Click “Done”
- Now click on the “Green Light” icon to begin execution of the script
- Answer "Yes" twice when prompted.
- Reboot your machine.
- A logfile with the results of Avenger’s actions will be created right after the reboot, please save it.
- Please attach the file to your next message.
- Comment: does nothing. Comment lines are so that script-writers can put comments into their scripts.
- Files to delete: deletes and backs up files listed (NOTE: this works only on files, not folders)
- Files to replace with dummy: replaces files listed with empty “dummy” files, and backs up originals.
- Files to move: moves files from a source location to a destination, backing up any existing destination files. This command will only work within drives/volumes (for example, do not try to move a file from D:\ to C:\ ; it will not work.)
- Folders to delete: deletes and backs up folders listed (NOTE: this works only on folders, not files.)
- Registry keys to delete: deletes and backs up registry keys listed. HKEY_LOCAL_MACHINE and HKEY_USERS are the only recognized registry hives, and either these long names or the abbreviations HKLM and HKU are acceptable.
- Registry keys to replace with dummy: replaces all values under the selected registry key (recursively) with dummy values – that means null strings for string values, and 0 for numeric values.
- Registry values to delete: deletes and backs up specific registry values under registry keys as above.
- Registry values to replace with dummy: replaces a single value under a registry key with a dummy as above.
- Programs to launch on reboot: queues a program to run once at next reboot, to be able to extend Avenger to simple user-mode code and incorporate “cleanup” steps or larger malware fixes.
- Drivers to unload: this is an experimental command, and should please be used sparingly. It will unload other system drivers, including kernel- and boot-level drivers. This process requires TWO reboots, which will be automatically queued if any drivers to unload are listed. Please note that driver FILES are NOT automatically removed by this command. If you want files deleted in addition, you will have to add that yourself as separate files to delete: command.
