How VBS forcefully shuts down Symantec Endpoint Protection 01/18 Update SLTechnology News&Howtos

How VBS forcefully shuts down Symantec Endpoint Protection

2025-01-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Shulou(Shulou.com)06/03 Report--

Editor to share with you how VBS forcibly shut down Symantec Endpoint Protection, I believe most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

With this script, you can rest it at any time. Of course, you can keep it working.

The premise is that you must be the local administrator.

This script uses a very outdated method of terminating the program: ntsd.exe-c Q-p ProcessID. So there was a bat version before, and VBS was used because it was more efficient and didn't have too many black windows.

The main idea is: loop termination program + stop service

The code is as follows:

'On Error Resume Next

'check the operating system version

Call CheckOS ()

Call MeEncoder ()

'initialize the program and get the parameters

If WScript.Arguments.Count = 0 Then

Call main ()

WScript.Quit

Else

Dim strArg, arrTmp

For Each strArg In WScript.Arguments

ArrTmp = Split (strArg, "=")

If UBound (arrTmp) = 1 Then

Select Case LCase (arrTmp (0))

Case "sep"

Call sep (arrTmp (1))

Case "process_stop"

Call process_stop (arrTmp (1))

Case "process_start"

Call process_start (arrTmp (1))

Case "server_stop"

Call server_stop (arrTmp (1))

Case "server_start"

Call server_start (arrTmp (1))

Case "show_tip"

Call show_tip (arrTmp (1))

Case Else

WScript.Quit

End Select

End If

WScript.Quit

End If

'main program

Sub main ()

If (IsRun ("Rtvscan.exe", ") = 1) Or (IsRun (" ccSvcHst.exe ",") = 1) Or (IsRun ("SMC.exe", ") = 1) Then

Call SEP_STOP ()

Else

Call SEP_START ()

End If

End Sub

'run with parameters

Sub sep (strMode)

Select Case LCase (strMode)

Case "stop"

Call SEP_STOP ()

Case "start"

Call SEP_START ()

End Select

End Sub

'stop SEP

Sub SEP_STOP ()

Set wso = CreateObject ("WScript.Shell")

'kill other app

Call process_clear ()

'kill sep

Wso.Run "& WScript.ScriptFullName &" server_stop= "" SENS "", 0, True

'Get Me PID

Set pid = Getobject ("winmgmts:\\.") .InstancesOf ("Win32_Process")

For Each id In pid

If LCase (id.name) = LCase ("Wscript.exe") Then

Mepid=id.ProcessID

End If

'tips

Wso.Run "& WScript.ScriptFullName &"show_tip=stop", 0, False

'stop service

Wso.Run "& WScript.ScriptFullName &" server_stop= "" SENS "", 0, True

Wso.Run "& WScript.ScriptFullName &" server_stop= "" Symantec AntiVirus "", 0, True

Wso.Run "& WScript.ScriptFullName &" server_stop= "" ccEvtMgr "", 0, True

Wso.Run "& WScript.ScriptFullName &" server_stop= "" SmcService "", 0, True

Wso.Run "& WScript.ScriptFullName &" server_stop= "" SNAC "", 0, True

Wso.Run "& WScript.ScriptFullName &" server_stop= "" ccSetMgr "", 0, True

'kill apps

Wso.Run "& WScript.ScriptFullName &"process_stop=ccApp.exe", 0, False

Wso.Run "& WScript.ScriptFullName &"process_stop=ccSvcHst.exe", 0, False

Wso.Run "& WScript.ScriptFullName &"process_stop=SNAC.exe", 0, False

Wso.Run "& WScript.ScriptFullName &"process_stop=Rtvscan.exe", 0, False

Wso.Run "& WScript.ScriptFullName &"process_stop=SescLU.exe", 0, False

Wso.Run "& WScript.ScriptFullName &"process_stop=Smc.exe", 0, False

Wso.Run "& WScript.ScriptFullName &"process_stop=SmcGui.exe", 0, False

'wait

WScript.Sleep 15000

'kill other script

Set pid = Getobject ("winmgmts:\\.") .InstancesOf ("Win32_Process")

For Each ps In pid

If (LCase (ps.name) = "wscript.exe") Or (LCase (ps.name) = "cscript.exe") Then ps.terminate

'kill other app

Call process_clear ()

'start?

'Call SEP_START ()

End Sub

'restore SEP

Sub SEP_START ()

Set wso = CreateObject ("WScript.Shell")

'tips

Wso.Run "& WScript.ScriptFullName &"show_tip=start", 0, False

'start server

Wso.Run "& WScript.ScriptFullName &" server_stop= "" SENS "", 0, True

Wso.Run "& WScript.ScriptFullName &" server_start= "" Symantec AntiVirus "", 0, True

Wso.Run "& WScript.ScriptFullName &" server_start= "" ccEvtMgr "", 0, True

Wso.Run "& WScript.ScriptFullName &" server_start= "" SmcService "", 0, True

Wso.Run "& WScript.ScriptFullName &" server_start= "" SNAC "", 0, True

Wso.Run "& WScript.ScriptFullName &" server_start= "" ccSetMgr "", 0, True

Set wso = Nothing

End Sub

'close the process

Function process_stop (strAppName)

Dim i

For I = 1 To 100

Set pid = Getobject ("winmgmts:\\.") .InstancesOf ("Win32_Process")

For Each id In pid

If LCase (id.name) = LCase (strAppName) Then

Dim wso

Set wso = CreateObject ("WScript.Shell")

Wso.run "ntsd.exe-c Q-p" & id.ProcessID, 0, True

End If

WScript.Sleep 500

End Function

'stop the service

Sub server_stop (byVal strServerName)

Set wso = CreateObject ("WScript.Shell")

Wso.run "sc config"& strServerName &" start= disabled ", 0, True

Wso.run "cmd / c echo Y | net stop" & strServerName & ", 0, True

Set wso = Nothing

End Sub

'start the service

Sub server_start (byVal strServerName)

Set wso = CreateObject ("WScript.Shell")

Wso.run "sc config"& strServerName &" start= auto ", 0, True

Wso.run "cmd / c echo Y | net start" & strServerName & ", 0, True

Set wso = Nothing

End Sub

'display prompt messages

Sub show_tip (strType)

Set wso = CreateObject ("WScript.Shell")

Select Case LCase (strType)

Case "stop"

Wso.popup chr (13) + "stopping SEP, wait a minute." + chr (13), 20, "StopSEP is running", 0064

Case "start"

Wso.popup chr (13) + "starting SEP, wait a minute." + chr (13), 20, "StopSEP has stopped", 0064

End Select

Set wso = Nothing

End Sub

'Clear process

Sub process_clear ()

'kill other app

Set pid = Getobject ("winmgmts:\\.") .InstancesOf ("Win32_Process")

For Each ps In pid

Select Case LCase (ps.name)

Case "net.exe"

Ps.terminate

Case "net1.exe"

Ps.terminate

Case "sc.exe"

Ps.terminate

Case "ntsd.exe"

Ps.terminate

End Select

End Sub

'* Common function

'* usage: add all the code of this paragraph to the end of the program, and add the following code (1 line) to the first line of the program:

'* Dim WhoAmI, TmpDir, WinDir, AppDataDir, StartupDir, MeDir, UNCHost: Call GetGloVar ()' global variable

'* get support: email to yu2n@qq.com

'* Updated: 2012-12-10 11:37

'functional index

'Command line support:

'Test the environment: whether IsCmdMode is running under CMD

'simulation command: whether files or folders exist in Exist, create directory in MD, copy files or folders in Copy, delete files or folders in Del,

'Attrib changes file or folder properties, Ping detects network connectivity,

'Dialog box:

'prompt message: WarningInfo warning message, TipInfo prompt message, ErrorInfo error message

'enter password: GetPassword prompts for password,

'File system:

'copy, delete, change properties: refer to Command Line support.

'INI file processing: read and write INI file (Unicode) ReadIniUnicode / WriteIniUnicode

'registry processing: RegRead reads the registry, RegWrite writes the registry

'Log processing: WriteLog writes text logs

'string processing:

'extract: RegExpTest

'Program:

'Test: whether IsRun is running, MeIsAlreadyRun whether this program is executed,

'execute: Run foreground waits for execution, RunHide hides waiting for execution, RunNotWait foreground does not wait for execution, RunHideNotWite background does not wait for execution,

'encrypted operation: MeEncoder

'system:

'version

'delay: Sleep

'send button: SendKeys

'Network:

'Test: Ping, refer to Command Line support.

'Connect: file sharing,

'time: Format_Time format time, NowDateTime current time

'initialize global variables

'Dim WhoAmI, TmpDir, WinDir, AppDataDir, StartupDir, MeDir, UNCHost

Sub GetGloVar ()

WhoAmI = CreateObject ("WScript.Network"). ComputerName & "\" & CreateObject ("WScript.Network"). UserName 'user information

TmpDir = CreateObject ("Scripting.FileSystemObject") .getspecialfolder (2) & "\" temporary folder path

WinDir = CreateObject ("wscript.Shell") .ExpandenVironmentStrings ("% windir%") & "\" Native% Windir% folder path

AppDataDir = CreateObject ("WScript.Shell") .SpecialFolders ("AppData") & "\" 'Native% AppData% folder path

StartupDir = CreateObject ("WScript.Shell") .SpecialFolders ("Startup") & "\" path to the native startup folder

MeDir = Left (WScript.ScriptFullName, InStrRev (WScript.ScriptFullName, "\")) 'folder path where the script is located

'when the script is in a shared directory, get the shared computer name (UNCHost) and do location verification (If UNCHost "SerNTF02" Then WScript.Quit)'to prevent it from being copied to run locally.

UNCHost = LCase (Mid (WScript.ScriptFullName,InStr (WScript.ScriptFullName, "\\") + 2MagneInStr (3MagneWcript.ScriptFullName, "\", 1)-3)

End Sub

'small function

Sub Sleep (sTime) 'delay sTime milliseconds

WScript.Sleep sTime

End Sub

Sub SendKeys (strKey) 'send button

CreateObject ("WScript.Shell"). SendKeys strKey

End Sub

'KeyCode-Button Code:

'Shift + * Ctrl ^ * Alt% * BACKSPACE {BACKSPACE}, {BS}, or {BKSP} * BREAK {BREAK}

'CAPSLOCK {CAPSLOCK} * DEL or DELETE {DELETE} or {DEL} * DOWN ARROW {DOWN} * END {END}

'ENTER {ENTER} or ~ * ESC {ESC} * HELP {HELP} * HOME {HOME} * INS or INSERT {INSERT} or {INS}

'LEFT ARROW {LEFT} * NUMLOCK {NUMLOCK} * PAGE DOWN {PGDN} * PAGE UP {PGUP} * PRINT SCREEN {PRTSC}

'RIGHT ARROW {RIGHT} * SCROLLLOCK {SCROLLLOCK} * TAB {TAB} * UP ARROW {UP} * F1 {F1} * F16 {F16}

Example: switch input method (simulate simultaneously press: Shift, Ctrl key) "+ (^)"; restart computer (simulation press: Ctrl + Esc, u, r key): "^ {ESC} ur".

Press the key at the same time: press the SHIFT key while pressing e and c: "+ (ec)"; press only c (not SHIFT) when pressing e: "+ ec".

Press the key repeatedly: press "x": "{x 10}" 10 times. There is a space between the button and the number.

'special characters: send "+", "^" special control keys: "{+}", "{^}"

'Note: you can only send buttons that press one key repeatedly. For example, you can send "x" 10 times, but not "Ctrl+x" 10 times.

'Note: the PRINT SCREEN key {PRTSC} cannot be sent to the application.

Function AppActivate (strWindowTitle) 'activation title contains a specified character window, such as judging whether disk D is opened or not If AppActivate ("(D:)") Then

AppActivate = CreateObject ("WScript.Shell") .AppActivate (strWindowTitle)

End Function

'The ShowMsg message pop-up window

Sub WarningInfo (strTitle, strMsg, sTime)

CreateObject ("wscript.Shell"). Popup strMsg, sTime, strTitle, 4804096 'prompt

End Sub

Sub TipInfo (strTitle, strMsg, sTime)

CreateObject ("wscript.Shell"). Popup strMsg, sTime, strTitle, 644096 'prompt

End Sub

Sub ErrorInfo (strTitle, strMsg, sTime)

CreateObject ("wscript.Shell"). Popup strMsg, sTime, strTitle, 1604096 'prompt

End Sub

'The RunApp executor

Sub Run (strCmd)

CreateObject ("WScript.Shell") .Run strCmd, 1, True 'run normally + wait for the program to finish running

End Sub

Sub RunNotWait (strCmd)

CreateObject ("WScript.Shell") .Run strCmd, 1, False 'run normally + do not wait for the program to finish running

End Sub

Sub RunHide (strCmd)

CreateObject ("WScript.Shell") .Run strCmd, 0, True 'hide the background to run + wait for the program to finish

End Sub

Sub RunHideNotWait (strCmd)

CreateObject ("WScript.Shell") .Run strCmd, 0, False 'hide background running + do not wait for the program to finish running

End Sub

'The CMD command set

'get CMD output

Function CmdOut (str)

Set ws = CreateObject ("WScript.Shell")

Host = WScript.FullName

Demon Note: it doesn't have to be so complicated here, just LCase (Right (host, 11))

If LCase (right (host, len (host)-InStrRev (host, "\")) = "wscript.exe" Then

Ws.run "cscript"& WScript.ScriptFullName & chr (34), 0

WScript.Quit

End If

Set oexec = ws.Exec (str)

CmdOut = oExec.StdOut.ReadAll

End Function

'detect whether it is running in CMD mode

Function IsCmdMode ()

IsCmdMode = False

If (LCase (Right (WScript.FullName,11)) = LCase ("CScript.exe")) Then IsCmdMode = True

End Function

'Exist detects whether a file or folder exists

Function Exist (strPath)

Exist = False

Set fso = CreateObject ("Scripting.FileSystemObject")

If ((fso.FolderExists (strPath)) Or (fso.FileExists (strPath) Then Exist = True

Set fso = Nothing

End Function

'MD create folder path

Sub MD (ByVal strPath)

Dim arrPath, strTemp, valStart

ArrPath = Split (strPath, "\")

If Left (strPath, 2) = "\\" Then 'UNC Path

ValStart = 3

StrTemp = arrPath (0) & "\" & arrPath (1) & "\" & arrPath (2)

Else 'Local Path

ValStart = 1

StrTemp = arrPath (0)

End If

Set fso = CreateObject ("Scripting.FileSystemObject")

For I = valStart To UBound (arrPath)

StrTemp = strTemp & "\" & arrPath (I)

If Not fso.FolderExists (strTemp) Then fso.CreateFolder (strTemp)

Set fso = Nothing

End Sub

'copy copy a file or folder

Sub Copy (ByVal strSource, ByVal strDestination)

On Error Resume Next 'Required is required

Set fso = CreateObject ("Scripting.FileSystemObject")

If (fso.FileExists (strSource)) Then'if the source is a file

If (fso.FolderExists (strDestination)) Then'if the destination is a folder, add the path suffix backslash "\"

Fso.CopyFile fso.GetFile (strSource). Path, fso.GetFolder (strDestination). Path & "\", True

Else if the destination is a file, copy it directly

Fso.CopyFile fso.GetFile (strSource). Path, strDestination, True

End If

End If'if the source is a folder, copy the folder

If (fso.FolderExists (strSource)) Then fso.CopyFolder fso.GetFolder (strSource). Path, fso.GetFolder (strDestination). Path, True

Set fso = Nothing

End Sub

'del delete a file or folder

Sub Del (strPath)

On Error Resume Next 'Required is required

Set fso = CreateObject ("Scripting.FileSystemObject")

If (fso.FileExists (strPath)) Then

Fso.GetFile (strPath) .attributes = 0

Fso.GetFile (strPath). Delete

End If

If (fso.FolderExists (strPath)) Then

Fso.GetFolder (strPath) .attributes = 0

Fso.GetFolder (strPath). Delete

End If

Set fso = Nothing

End Sub

'attrib changes file properties

Sub Attrib (strPath, strArgs) 'strArgs = [+ R |-R] [+ A |-A] [+ S |-S] [+ H |-H]

Dim fso, valAttrib, arrAttrib ()

Set fso = CreateObject ("Scripting.FileSystemObject")

If (fso.FileExists (strPath)) Then valAttrib = fso.getFile (strPath) .attributes

If (fso.FolderExists (strPath)) Then valAttrib = fso.getFolder (strPath) .attributes

If valAttrib = "" Or strArgs = "" Then Exit Sub

BinAttrib = DecToBin (valAttrib) 'decimal to binary

For I = 0 To 16 'binary to 16 bit binary

ReDim Preserve arrAttrib (I): arrAttrib (I) = 0

If I > 16-Len (binAttrib) Then arrAttrib (I) = Mid (binAttrib, I-(16-Len (binAttrib)), 1)

If Instr (1, LCase (strArgs), "+ r", 1) Then arrAttrib (16-0) = 1 'ReadOnly 1 read only file.

If Instr (1, LCase (strArgs), "- r", 1) Then arrAttrib (16-0) = 0

If Instr (1, LCase (strArgs), "+ h", 1) Then arrAttrib (16-1) = 1 'Hidden 2 hide the file.

If Instr (1, LCase (strArgs), "- h", 1) Then arrAttrib (16-1) = 0

If Instr (1, LCase (strArgs), "+ s", 1) Then arrAttrib (16-2) = 1 'System 4 system files.

If Instr (1, LCase (strArgs), "- s", 1) Then arrAttrib (16-2) = 0

If Instr (1, LCase (strArgs), "+ a", 1) Then arrAttrib (16-5) = 1 'Archive 32 files that have changed since the last backup.

If Instr (1, LCase (strArgs), "- a", 1) Then arrAttrib (16-5) = 0

ValAttrib = BinToDec (Join (arrAttrib, "")) 'binary to decimal

If (fso.FileExists (strPath)) Then fso.getFile (strPath). Attributes = valAttrib

If (fso.FolderExists (strPath)) Then fso.getFolder (strPath). Attributes = valAttrib

Set fso = Nothing

End Sub

Function DecToBin (ByVal number) 'decimal to binary

Dim remainder

Remainder = number

Do While remainder > 0

DecToBin = CStr (remainder Mod 2) & DecToBin

Remainder = remainder\ 2

Loop

End Function

Function BinToDec (ByVal binStr) 'binary to decimal

Dim i

For I = 1 To Len (binStr)

BinToDec = BinToDec + (CInt (Mid (binStr, I, 1)) * (2 ^ (Len (binStr)-I))

End Function

'Ping determines whether the network is connected or not

Function Ping (host)

On Error Resume Next

Ping = False: If host = "" Then Exit Function

Set objPing = GetObject ("winmgmts: {impersonationLevel=impersonate}") .ExecQuery ("select * from Win32_PingStatus where address ='" & host & "'")

For Each objStatus in objPing

If objStatus.ResponseTime > = 0 Then Ping = True: Exit For

Set objPing = nothing

End Function

'get the current date and time and format it

Function NowDateTime ()

'MyWeek = "week" & Right (WeekdayName (Weekday (Date (), 1) & "

MyWeek = ""

NowDateTime = MyWeek & Format_Time (Now (), 2) & "& Format_Time (Now (), 3)

End Function

Function Format_Time (s_Time, n_Flag)

Dim y, m, d, h, mi, s

Format_Time = ""

If IsDate (s_Time) = False Then Exit Function

Y = cstr (year (s_Time))

M = cstr (month (s_Time))

If len (m) = 1 Then m = "0" & m

D = cstr (day (s_Time))

If len (d) = 1 Then d = "0" & d

H = cstr (hour (s_Time))

If len (h) = 1 Then h = "0" & h

Mi = cstr (minute (s_Time))

If len (mi) = 1 Then mi = "0" & mi

S = cstr (second (s_Time))

If len (s) = 1 Then s = "0" & s

Select Case n_Flag

Case 1

Format_Time = y & m & d & h & mi & s' yyyy-mm-dd hh:mm:ss

Case 2

Format_Time = y & "-" & m & "-" & d 'yyyy-mm-dd

Case 3

Format_Time = h & ":" & mi & ": & s' hh:mm:ss

Case 4

Format_Time = y & "year" & m & "month" & d & "day" 'yyyy' mm month ddday

Case 5

Format_Time = y & m & d 'yyyymmdd

End Select

End Function

'check whether the string matches the regular expression

'Msgbox Join (RegExpTest ("[Amurz] +-[Amurz] +", "amurv dmurf bmurc", "Value"), VbCrLf)

'Msgbox RegExpTest ("[Amurz] +-[Amurz] +", "amelv dmurf BMEC", "Count")

'Msgbox RegExpTest ("[Amurz] +-[Amurz] +", "Amurv dmurf BMEC", "")

Function RegExpTest (patrn, strng, mode)

Dim regEx, Match, Matches' create variables.

Set regEx = New RegExp 'establishes the regular expression.

RegEx.Pattern = patrn 'sets the mode.

RegEx.IgnoreCase = True 'sets whether characters are case-sensitive.

RegEx.Global = True 'sets global availability.

Dim RetStr, arrMatchs (), I: I =-1

Set Matches = regEx.Execute (strng) 'performs the search.

For Each Match in Matches' traverses the matching set.

I = I + 1

ReDim Preserve arrMatchs (I) 'dynamic array: the array varies with the loop

ArrMatchs (I) = Match.Value

RetStr = RetStr & "Match found at position" & Match.FirstIndex & ".Match Value is'" & Match.Value & ". & vbCRLF

If LCase (mode) = LCase ("Value") Then RegExpTest = arrMatchs' returns all data that matches the expression as an array

If LCase (mode) = LCase ("Count") Then RegExpTest = Matches.Count 'returns the total number of all data that matches the expression as an integer

If IsEmpty (RegExpTest) Then RegExpTest = RetStr 'returns all matching results

End Function

'read and write the registry

Function RegRead (strKey)

On Error Resume Next

Set wso = CreateObject ("WScript.Shell")

RegRead = wso.RegRead (strKey) 'strKey = "HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Run\ DocTip"

If IsArray (RegRead) Then RegRead = Join (RegRead, VbCrLf)

Set wso = Nothing

End Function

'write the registry

Function RegWrite (strKey, strKeyVal, strKeyType)

On Error Resume Next

Dim fso, strTmp

RegWrite = Flase

Set wso = CreateObject ("WScript.Shell")

Wso.RegWrite strKey, strKeyVal, strKeyType

StrTmp = wso.RegRead (strKey)

If strTmp "" Then RegWrite = True

Set wso = Nothing

End Function

'read and write INI file (Unicode) ReadIniUnicode / WriteIniUnicode

'This subroutine writes a value to an INI file

'Arguments:

'myFilePath [string] the (path and) file name of the INI file

'mySection [string] the section in the INI file to be searched

'myKey [string] the key whose value is to be written

'myValue [string] the value to be written (myKey will be

'deleted if myValue is)

'Returns:

'Nbig A

'CAVEAT: WriteIni function needs ReadIniUnicode function to run

'Written by Keith Lacelle

'Modified by Denis St-Pierre, Johan Pol and Rob van der Woude

Sub WriteIniUnicode (myFilePath, mySection, myKey, myValue)

On Error Resume Next

Const ForReading = 1

Const ForWriting = 2

Const ForAppending = 8

Const TristateTrue =-1

Dim blnInSection, blnKeyExists, blnSectionExists, blnWritten

Dim intEqualPos

Dim objFSO, objNewIni, objOrgIni, wshShell

Dim strFilePath, strFolderPath, strKey, strLeftString

Dim strLine, strSection, strTempDir, strTempFile, strValue

StrFilePath = Trim (myFilePath)

StrSection = Trim (mySection)

StrKey = Trim (myKey)

StrValue = Trim (myValue)

Set objFSO = CreateObject ("Scripting.FileSystemObject")

Set wshShell = CreateObject ("WScript.Shell")

StrTempDir = wshShell.ExpandEnvironmentStrings ("% TEMP%")

StrTempFile = objFSO.BuildPath (strTempDir, objFSO.GetTempName)

Set objOrgIni = objFSO.OpenTextFile (strFilePath, ForReading, True, TristateTrue)

Set objNewIni = objFSO.OpenTextFile (strTempFile, ForWriting, True, TristateTrue)

'Set objNewIni = objFSO.CreateTextFile (strTempFile, False, False)

BlnInSection = False

BlnSectionExists = False

'Check if the specified key already exists

BlnKeyExists = (ReadIniUnicode (strFilePath, strSection, strKey) "")

BlnWritten = False

'Check if path to INI file exists, quit if not

StrFolderPath = Mid (strFilePath, 1, InStrRev (strFilePath, "\"))

If Not objFSO.FolderExists (strFolderPath) Then

REM WScript.Echo "Error: WriteIni failed, folder path (" _

REM & strFolderPath & ") to ini file" _

REM & strFilePath & "not found!"

Set objOrgIni = Nothing

Set objNewIni = Nothing

Set objFSO = Nothing

REM WScript.Quit 1

Exit Sub

End If

While objOrgIni.AtEndOfStream = False

StrLine = Trim (objOrgIni.ReadLine)

If blnWritten = False Then

If LCase (strLine) = "[" & LCase (strSection) & "]" Then

BlnSectionExists = True

BlnInSection = True

ElseIf InStr (strLine, "[") = 1 Then

BlnInSection = False

End If

If blnInSection Then

If blnKeyExists Then

IntEqualPos = InStr (1, strLine, "=", vbTextCompare)

If intEqualPos > 0 Then

StrLeftString = Trim (Left (strLine, intEqualPos-1))

If LCase (strLeftString) = LCase (strKey) Then

'Only write the key if the value isn't empty

'Modification by Johan Pol

If strValue "" Then

ObjNewIni.WriteLine strKey & "=" & strValue

End If

BlnWritten = True

BlnInSection = False

End If

If Not blnWritten Then

ObjNewIni.WriteLine strLine

End If

Else

ObjNewIni.WriteLine strLine

'Only write the key if the value isn't empty

'Modification by Johan Pol

If strValue "" Then

ObjNewIni.WriteLine strKey & "=" & strValue

End If

BlnWritten = True

BlnInSection = False

End If

Else

ObjNewIni.WriteLine strLine

End If

Wend

If blnSectionExists = False Then 'section doesn't exist

ObjNewIni.WriteLine

ObjNewIni.WriteLine "[" & strSection & "]"

'Only write the key if the value isn't empty

'Modification by Johan Pol

If strValue "" Then

ObjNewIni.WriteLine strKey & "=" & strValue

End If

ObjOrgIni.Close

ObjNewIni.Close

'Delete old INI file

ObjFSO.DeleteFile strFilePath, True

'Rename new INI file

ObjFSO.MoveFile strTempFile, strFilePath

Set objOrgIni = Nothing

Set objNewIni = Nothing

Set objFSO = Nothing

Set wshShell = Nothing

End Sub

Function ReadIniUnicode (myFilePath, mySection, myKey)

On Error Resume Next

Const ForReading = 1

Const ForWriting = 2

Const ForAppending = 8

Const TristateTrue =-1

Dim intEqualPos

Dim objFSO, objIniFile

Dim strFilePath, strKey, strLeftString, strLine, strSection

Set objFSO = CreateObject ("Scripting.FileSystemObject")

ReadIniUnicode = ""

StrFilePath = Trim (myFilePath)

StrSection = Trim (mySection)

StrKey = Trim (myKey)

If objFSO.FileExists (strFilePath) Then

Set objIniFile = objFSO.OpenTextFile (strFilePath, ForReading, False, TristateTrue)

Do While objIniFile.AtEndOfStream = False

StrLine = Trim (objIniFile.ReadLine)

'Check if section is found in the current line

If LCase (strLine) = "[" & LCase (strSection) & "]" Then

StrLine = Trim (objIniFile.ReadLine)

'Parse lines until the next section is reached

Do While Left (strLine, 1) "["

'Find position of equal sign in the line

IntEqualPos = InStr (1, strLine, "=", 1)

If intEqualPos > 0 Then

StrLeftString = Trim (Left (strLine, intEqualPos-1))

'Check if item is found in the current line

If LCase (strLeftString) = LCase (strKey) Then

ReadIniUnicode = Trim (Mid (strLine, intEqualPos + 1))

'In case the item exists but value is blank

If ReadIniUnicode = "" Then

ReadIniUnicode = ""

End If

'Abort loop when item is found

Exit Do

End If

'Abort if the end of the INI file is reached

If objIniFile.AtEndOfStream Then Exit Do

'Continue with next line

StrLine = Trim (objIniFile.ReadLine)

Loop

Exit Do

End If

Loop

ObjIniFile.Close

Else

REM WScript.Echo strFilePath & "doesn't exists. Exiting..."

REM Wscript.Quit 1

REM Msgbox strFilePath & "doesn't exists. Exiting..."

Exit Function

End If

End Function

'write a text log

Sub WriteLog (str, file)

If (file = ") Or (str =") Then Exit Sub

Str = NowDateTime & "& str & VbCrLf

Dim fso, wtxt

Const ForAppending = 8 'ForReading = 1 (read only, not write), ForWriting = 2 (write only, not read), ForAppending = 8 (write at the end of the file)

Const Create = True 'Boolean value, whether to create a new file if filename does not exist. Allow creation to be True, otherwise it is False. The default is False.

Const TristateTrue =-1 'TristateUseDefault =-2 (SystemDefault), TristateTrue =-1 (Unicode), TristateFalse = 0 (ASCII)

On Error Resume Next

Set fso = CreateObject ("Scripting.filesystemobject")

Set wtxt = fso.OpenTextFile (file, ForAppending, Create, TristateTrue)

Wtxt.Write str

Wtxt.Close ()

Set fso = Nothing

Set wtxt = Nothing

End Sub

'Program control

'detect whether it is running

Function IsRun (byVal AppName, byVal AppPath)'Eg: Call IsRun ("mshta.exe", "c:\ test.hta")

IsRun = 0: I = 0

For Each ps in GetObject ("winmgmts:\\.\ root\ cimv2:win32_process") .instances_

IF LCase (ps.name) = LCase (AppName) Then

If AppPath = "" Then IsRun = 1: Exit Function

IF Instr (LCase (ps.CommandLine), LCase (AppPath)) Then I = I + 1

End IF

IsRun = I

End Function

'detect whether it is running repeatedly

Function MeIsAlreadyRun ()

MeIsAlreadyRun = False

If ((IsRun ("WScript.exe", WScript.ScriptFullName) > 1) Or (IsRun ("CScript.exe", WScript.ScriptFullName) > 1)) Then MeIsAlreadyRun = True

End Function

'close the process

Sub Close_Process (ProcessName)

'On Error Resume Next

For each ps in getobject ("winmgmts:\\.\ root\ cimv2:win32_process") .instances_ 'loop process

If Ucase (ps.name) = Ucase (ProcessName) Then

Ps.terminate

End if

End Sub

'system

'check the operating system version

Sub CheckOS ()

If LCase (OSVer ()) "xp" Then

Msgbox "does not support this operating system!", 4804096, "warning"

WScript.Quit 'exit the program

End If

End Sub

'get the operating system version

Function OSVer ()

Dim objWMI, objItem, colItems

Dim strComputer, VerOS, VerBig, Ver9x, Version9x, OS, OSystem

StrComputer = "."

Set objWMI = GetObject ("winmgmts:\\" & strComputer & "\ root\ cimv2")

Set colItems = objWMI.ExecQuery ("Select * from Win32_OperatingSystem", 48)

For Each objItem in colItems

VerBig = Left (objItem.Version,3)

Select Case VerBig

Case "6.1" OSystem =" Win7 "

Case "6.0" OSystem =" Vista "

Case "5.2" OSystem = "Windows 2003"

Case "5.1" OSystem = "XP"

Case "5.0" OSystem =" W2K "

Case "4.0" OSystem =" NT4.0 "

Case Else OSystem = "Unknown"

If CInt (Join (Split (VerBig, "."), ") < 40 Then OSystem =" Win9x "

End Select

OSVer = OSystem

End Function

'get the operating system language

Function language ()

Dim strComputer, objWMIService, colItems, strLanguageCode, strLanguage

StrComputer = "."

Set objWMIService = GetObject ("winmgmts://" & strComputer & "/ root/CIMV2")

Set colItems = objWMIService.ExecQuery ("SELECT * FROM Win32_OperatingSystem")

For Each objItem In colItems

StrLanguageCode = objItem.OSLanguage

Select Case strLanguageCode

Case "1033" strLanguage = "en"

Case "2052" strLanguage = "chs"

Case Else strLanguage = "en"

End Select

Language = strLanguage

End Function

'encrypt itself

Sub MeEncoder ()

Dim MeAppPath, MeAppName, MeAppFx, MeAppEncodeFile, data

MeAppPath = left (WScript.ScriptFullName, InStrRev (WScript.ScriptFullName, "\"))

MeAppName = Left (WScript.ScriptName, InStrRev (WScript.ScriptName, ".")-1)

MeAppFx = Right (WScript.ScriptName, Len (WScript.ScriptName)-InStrRev (WScript.ScriptName, ".") + 1)

MeAppEncodeFile = MeAppPath & MeAppName & ".s.vbe"

If Not (LCase (MeAppFx) = LCase (".vbs")) Then Exit Sub

Set fso = CreateObject ("Scripting.FileSystemObject")

Data = fso.OpenTextFile (WScript.ScriptFullName, 1, False,-1) .ReadAll

Data = CreateObject ("Scripting.Encoder") .EncodeScriptFile (".vbs", data, 0, "VBScript")

Fso.OpenTextFile (MeAppEncodeFile, 2, True,-1). Write data

When the coding of "MsgBox" is completed, the file is generated to: "& vbCrLf & vbCrLf & MeAppEncodeFile, 644096, WScript.ScriptName

Set fso = Nothing

WScript.Quit

End Sub

The above is all the content of the article "how VBS forcibly shuts down Symantec Endpoint Protection". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.