forked from jrossi/osq-ext-bin
-
Notifications
You must be signed in to change notification settings - Fork 0
/
_cleanup.bat
51 lines (42 loc) · 1.56 KB
/
_cleanup.bat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
@echo off
NET SESSION >nul 2>&1
IF %ERRORLEVEL% EQU 0 (
ECHO Administrator PRIVILEGES Detected!
) ELSE (
echo ######## ######## ######## ####### ########
echo ## ## ## ## ## ## ## ## ##
echo ## ## ## ## ## ## ## ## ##
echo ###### ######## ######## ## ## ########
echo ## ## ## ## ## ## ## ## ##
echo ## ## ## ## ## ## ## ## ##
echo ######## ## ## ## ## ####### ## ##
echo.
echo.
echo ####### ERROR: ADMINISTRATOR PRIVILEGES REQUIRED #########
echo This script must be run as administrator to work properly!
echo ##########################################################
echo.
PAUSE
EXIT /B 1
)
echo "Terminating the extension process, if present"
taskkill /F /IM plgx_win_extension.ext.exe
timeout /t 5 /nobreak
echo "Cleaning the db files.."
REM Clean up the extension db
rmdir /S /Q c:\ProgramData\plgx_win_extension >nul 2>&1
REM Clean up the drivers
sc stop vast >nul 2>&1
sc delete vast >nul 2>&1
del /F /Q /S %systemroot%\System32\drivers\vast.sys >nul 2>&1
sc stop vastnw >nul 2>&1
sc delete vastnw >nul 2>&1
del /F /Q /S %systemroot%\System32\drivers\vastnw.sys >nul 2>&1
REM clean up the extension binary
IF EXIST "%ProgramFiles%\osquery\plgx_win_extension.ext.exe" (
del /F /Q /S "%ProgramFiles%\osquery\plgx_win_extension.ext.exe" >nul 2>&1
)
IF EXIST "%ProgramData%\osquery\plgx_win_extension.ext.exe" (
del /F /Q /S "%ProgramData%\osquery\plgx_win_extension.ext.exe" >nul 2>&1
)
echo "Clean up done."