PDA

: Using The Avenger



NickGolovko
26.04.2007, 12:03
To delete files using Avenger follow these steps:

Please, download the Avenger (http://swandog46.geekstogo.com/avenger.zip) program
Extract it from the archive to its own folder, e.g. C: \Avn
Please run the Avenger.exe file and choose "Input script manually"
Now click on the Magnifying Glass icon which will open a new window titled "View/edit script".
Copy the quoted text (which is a script for Avenger) into your clipboard by highlighting it and pressing CTRL+C

It is an example! Replace this text with the code that we provided!


Paste the text copied to the clipboard into this window by pressing Ctrl+V.

Click Done
Now click on the Green Light icon to begin execution of the script
Answer "Yes" twice when prompted.
Reboot your machine.
A logfile with the results of Avengers actions will be created right after the reboot, please save it.
Please attach the file to your next message.Notes on the script commands

Comment: does nothing. Comment lines are so that script-writers can put comments into their scripts.
Files to delete: deletes and backs up files listed (NOTE: this works only on files, not folders)
Files to replace with dummy: replaces files listed with empty dummy files, and backs up originals.
Files to move: moves files from a source location to a destination, backing up any existing destination files. This command will only work within drives/volumes (for example, do not try to move a file from D:\ to C:\ ; it will not work.)
Folders to delete: deletes and backs up folders listed (NOTE: this works only on folders, not files.)
Registry keys to delete: deletes and backs up registry keys listed. HKEY_LOCAL_MACHINE and HKEY_USERS are the only recognized registry hives, and either these long names or the abbreviations HKLM and HKU are acceptable.
Registry keys to replace with dummy: replaces all values under the selected registry key (recursively) with dummy values that means null strings for string values, and 0 for numeric values.
Registry values to delete: deletes and backs up specific registry values under registry keys as above.
Registry values to replace with dummy: replaces a single value under a registry key with a dummy as above.
Programs to launch on reboot: queues a program to run once at next reboot, to be able to extend Avenger to simple user-mode code and incorporate cleanup steps or larger malware fixes.
Drivers to unload: this is an experimental command, and should please be used sparingly. It will unload other system drivers, including kernel- and boot-level drivers. This process requires TWO reboots, which will be automatically queued if any drivers to unload are listed. Please note that driver FILES are NOT automatically removed by this command. If you want files deleted in addition, you will have to add that yourself as separate files to delete: command.

RiC
26.04.2007, 19:40
FAQ from Swandog -

1. Please download The Avenger (http://swandog46.geekstogo.com/avenger.zip) by Swandog46 to your Desktop. Click on Avenger.zip to open the file Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


Insert the relevant script

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
Under "Script file to execute" choose "Input Script Manually".
Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Click Done
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avengers actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply