Swandog46's Public Anti-Malware Tools

• Overview
• What's New
• Documentation
• Script Tutorial
  • Script Overview
  • Command Reference
  • An In-Depth Example
• Download

The Avenger

Command Reference

How do I use it?

The registry value name should be separated from the parent key name by a pipe | symbol.

Just as with "Registry keys to delete:", The Avenger can only delete values under the HKEY_LOCAL_MACHINE hive, because the other hives are not constructed at the point in the boot process when The Avenger executes. To access other hives, use "Programs to launch on reboot:" as a workaround.

When do I use it?

When there are malicious registry values under a subkey of HKEY_LOCAL_MACHINE that you want to delete.

Anything else I should know?

Please see the caveats for "Registry keys to delete:".

Any special notes on syntax?

• Valid registry key paths must begin with either HKEY_LOCAL_MACHINE\ or HKLM\ for short. Either prefix is accepted. No other hives are recognized by The Avenger.
  Note that this is a change from Version 1.0!

Example Usage

Command Reference

1. Comment:
2. Files to delete:
3. Files to replace with dummy:
4. Files to move:
5. Folders to delete:
6. Registry keys to delete:
7. Registry keys to replace with dummy:
8. Registry values to delete:
9. Registry values to replace with dummy:
10. Programs to launch on reboot:
11. Drivers to delete:
12. Drivers to disable: