cancel
Showing results for 
Search instead for 
Did you mean: 
Gavin_Jones
Active Contributor

Re: One2Many Script Repository

 

This is a quick one-liner that validates that Steady State is running on the target PC.

 

tasklist | find /I "SCTSVC.EXE" > NULL

 

An exit code of 0 is expected if the process SCTSVC.EXE is found in the process list, signifying that Steady State is loaded and active.

 

This can be used with any command-line program, as long as you know what the exit code is for success (usually 0).

 

This type of quick task is particularly useful for gauging the progress of jobs that may spread over large time periods.

For instance testing to see if a large archive has finished transferring by running an archive 'list' process on the archive file and re-directing the ouput to NULL, but checking the exit  code.

 

Workday
Visitor

Re: One2Many Script Repository

I am having a difficult time getting our VB scripts to work with One2Many.  What particular method should I be using for them?

Gavin_Jones
Active Contributor

Re: One2Many Script Repository

Hello Workday,

 

I always use cscript foobar.vbs on the command line.

Although I prefer to write .cmd as I'm not a VB person.

 

 

JasonITS
New Member

Re: One2Many Script Repository

I was just wondering if anyone has used the MSE Update and Scan script and found a virus or any problems. If so, what kind of notification did you get? Does it automatically quarantine and/or delete any malware files? Thanks!

stevekent
New Contributor

Re: One2Many Script Repository

Is it unusual that this script 'fails' every time it is run.  Most stuff is deleted but there are things that either cannot be found or are in use by another process.  I have yet to get a "successful" finish.

stevekent
New Contributor

Re: One2Many Script Repository

This is the script I was talking about. 

 

Here is a small script I use to clear out the junk files (temp, internet etc) off all local profiles.

 

 

 

IF "%OS%"=="" GOTO WIN9X
@REM - FIND "DOCUMENTS AND SETTINGS" FOLDER:
%SYSTEMDRIVE%
CD %USERPROFILE%\..
FOR /D %%F IN (*.*) DO DEL /F/S/Q "%%F\LOCAL SETTINGS\TEMP\*.*"
FOR /D %%F IN (*.*) DO DEL /F/S/Q "%%F\LOCAL SETTINGS\TEMPORARY INTERNET FILES\*.*"
FOR /D %%F IN (*.*) DO DEL /F/S/Q "%%F\COOKIES\*.*"
DEL /F/S/Q %WINDIR%\TEMP\*.*
DEL /F/S/Q %WINDIR%\*.TMP
GOTO END
:WIN9X
REM - WIN9X systems are currently not supported.
:END
Takes a while when first run, but daily it's fantastic.

pdowns
Regular Visitor

Re: One2Many Script Repository

I use a batch file to call the .vbs file.

 

cscript //nologo " file path"

TalktoJimmy
New Contributor

Re: One2Many Script Repository

VBS Check Disk

 

 

Option Explicit
 
Dim WshShell, fso, d, dc, LogFile, Drive
 
Set WshShell = CreateObject("WScript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")
 
Set dc = fso.Drives
For Each d in DC
'Determine drive letter of first fixed disk
'This is the drive that the report will be placed on
If d.DriveType = 2 Then
Drive = d
Exit For
End If
Next
 
LogFile = Drive & "\chkdskreport.txt"
 
WshShell.Run "%comspec% /c echo Starting chkdsk of all hard disks " _
& Now & " >" & LogFile, 0, True
For Each d in dc
If d.DriveType = 2 Then
WshShell.Run "%comspec% /c echo ********* Checking drive " & d _
& " ******** >>" & LogFile, 0, True
WshShell.Run "%comspec% /c chkdsk.exe /f " & d & " >>" & LogFile,1, False
Wscript.Sleep 1000
WshShell.SendKeys "Y"
Wscript.Sleep 10
WshShell.SendKeys "~"
End If
Next
 
WshShell.Run LogFile

TalktoJimmy
New Contributor

Re: One2Many Script Repository

clean temp files and folders vbs

 

On Error Resume Next

'Declare variables
Dim fso
Dim oFolder1
Dim oFolder2
Dim oFolder3
Dim oSubFolder1
Dim oSubFolder2
Dim oSubFolder3
Dim colSubfolders1
Dim colSubfolders2
Dim colSubfolders3
Dim oFile
Dim userProfile
Dim Windir

'Set up environment
Set WSHShell = CreateObject("WScript.Shell")
Set fso = createobject("Scripting.FileSystemObject")
userProfile = WSHShell.ExpandEnvironmentStrings("%userprofile%")
Windir = WSHShell.ExpandEnvironmentStrings("%windir%")

'start deleting files
Set oFolder1 = fso.GetFolder(userProfile & "\Local Settings\Temp\")
 For Each oFile In oFolder1.files
    oFile.Delete True
 Next
'Delete folders and subfolders
Set colSubfolders1 = oFolder1.Subfolders
On Error Resume Next
For Each oSubfolder in colSubfolders1
    fso.DeleteFolder(oSubFolder), True
Next
Set oFolder2 = fso.GetFolder(userProfile & "\Local Settings\Temporary Internet Files\")
 For Each oFile In oFolder2.files
    oFile.Delete True
 Next
Set colSubfolders2 = oFolder2.SubFolders
For Each oSubfolder in colSubfolders2
    fso.DeleteFolder(oSubFolder)
Next
'Set oFolder3 = fso.GetFolder(Windir & "\Temp\")
 'For Each oFile In oFolder3.files
    'oFile.Delete True
 'Next

Set colSubfolders3 = oFolder1.Subfolders
For Each oSubfolder in colSubfolders3
    fso.DeleteFolder(oSubFolder)
Next

'Clear memory
Set fso = Nothing
Set oFolder1 = Nothing
Set oFolder2 = Nothing
Set oFolder3 = Nothing
Set oSubFolder1 = Nothing
Set oSubFolder2 = Nothing
Set oSubFolder3 = Nothing
Set colSubfolders1 = Nothing
Set colSubfolders2 = Nothing
Set colSubfolders3 = Nothing
Set oFile = Nothing
Set userProfile = Nothing
Set Windir = Nothing

WScript.Quit

TalktoJimmy
New Contributor

Re: One2Many Script Repository

REM -===- Remove Sophos Only -===-

@ECHO

OFF
ECHO ====================================================================
ECHO Sophos Anti-Virus Removal Script
ECHO.
ECHO NOTE: Dont blame me if you cant read the directions.
Echo.
ECHO Press any key to continue, or press Ctrl-C to Cancel.
ECHO ====================================================================
ECHO.
Pause.
CLS

ver|find "Windows XP" > NUL
if errorlevel 1 goto 2K
ECHO Windows XP Detected.
TASKKILL /F /IM "Almon.exe" >NUL 2>NUL
REM === Checks to ensure EM Lib, Console or PM are not installed ===
if exist "%PROGRAMFILES%\sophos\enterprise console\cac.pem" GOTO ERR
if exist "%PROGRAMFILES%\sophos\enterprise manager\library\cac.pem" GOTO ERR
if exist "%PROGRAMFILES%\Sophos\PureMessage\bin\puremessage.msc" (GOTO ERR) ELSE (GOTO PASS)

:2K
ver|find "Windows 2000" >NUL
if errorlevel 1 goto 2k3
ECHO Windows 2000 Detected.
REM === Checks to ensure EM Lib, Console or PM are not installed ===
if exist "%PROGRAMFILES%\sophos\enterprise console\cac.pem" GOTO ERR
if exist "%PROGRAMFILES%\sophos\enterprise manager\library\cac.pem" GOTO ERR
if exist "%PROGRAMFILES%\Sophos\PureMessage\bin\puremessage.msc" (GOTO ERR) ELSE (GOTO PASS)

:2K3
ver|find "Version 5.2" >NUL
if errorlevel 1 goto ERR
ECHO Windows 2003 Detected.
TASKKILL /F /IM "Almon.exe" >NUL 2>NUL
REM === Checks to ensure EM Lib, Console or PM are not installed ===
if exist "%PROGRAMFILES%\sophos\enterprise console\cac.pem" GOTO ERR
if exist "%PROGRAMFILES%\sophos\enterprise manager\library\cac.pem" GOTO ERR
if exist "%PROGRAMFILES%\Sophos\PureMessage\bin\puremessage.msc" (GOTO ERR) ELSE (GOTO PASS)

:PASS

ECHO.
ECHO Performing regular MSI based removal...
MSIEXEC /X {15C418EB-7675-42be-B2B3-281952DA014D} /qn /l*v c:\sau2_unist.txt 2> NUL
MSIEXEC /X {C12953C2-4F15-4A6C-91BC-511B96AE2775} /qn /l*v c:\sau_unist.txt 2> NUL
MSIEXEC /X {09C6BF52-6DBA-4A97-9939-B6C24E4738BF} REBOOT=SUPPRESS /qn /l*v c:\sav_unist.txt 2> NUL
MSIEXEC /X {FF11005D-CBC8-45D5-A288-25C7BB304121} /qn /l*v c:\rms_unist.txt 2> NUL
ECHO Completed.

ECHO.
ECHO Performing MSI Cleanup (if available)...
"%PROGRAMFILES%\Windows Installer Clean Up\MSIZAP.EXE" tw {15C418EB-7675-42be-B2B3-281952DA014D} > C:\sop_msiclnup.txt
ECHO -===- END OF SAU2 -===- >> C:\sop_msiclnup.txt

"%PROGRAMFILES%\Windows Installer Clean Up\MSIZAP.EXE" tw {09C6BF52-6DBA-4A97-9939-B6C24E4738BF} >> C:\sop_msiclnup.txt
ECHO -===- END OF SAV -===- >> C:\sop_msiclnup.txt

"%PROGRAMFILES%\Windows Installer Clean Up\MSIZAP.EXE" tw {C12953C2-4F15-4A6C-91BC-511B96AE2775} >> C:\sop_msiclnup.txt
ECHO -===- END OF SAU -===- >> C:\sop_msiclnup.txt

"%PROGRAMFILES%\Windows Installer Clean Up\MSIZAP.EXE" tw {FF11005D-CBC8-45D5-A288-25C7BB304121} >> C:\sop_msiclnup.txt
ECHO -===- END OF RMS -===- >> C:\sop_msiclnup.txt
Echo Completed.

ECHO.
ECHO Constructing Registry Keys for removal...
ECHO Completed.

ECHO REGEDIT4 > %TEMP%\SOTMP.REG
ECHO. >> %TEMP%\SOTMP.REG

REM ====** Registry Keys marked for Removal **=====================================================================

REM === MSI Installer GUIDs ===
ECHO [-HKEY_CLASSES_ROOT\Installer\Products\25FB6C90ABD679A499936B2CE47483FB] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_CLASSES_ROOT\Installer\Products\BE814C515767eb242B3B829125AD10D4] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_CLASSES_ROOT\Installer\Products\2C35921C51F4C6A419CB15B169EA7257] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_CLASSES_ROOT\Installer\Products\D50011FF8CBC5D542A88527CBB031412] >> %TEMP%\SOTMP.REG

ECHO [-HKEY_CLASSES_ROOT\Installer\Features\25FB6C90ABD679A499936B2CE47483FB] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_CLASSES_ROOT\Installer\Features\BE814C515767eb242B3B829125AD10D4] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_CLASSES_ROOT\Installer\Features\2C35921C51F4C6A419CB15B169EA7257] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_CLASSES_ROOT\Installer\Features\D50011FF8CBC5D542A88527CBB031412] >> %TEMP%\SOTMP.REG

ECHO [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\E932B7952303A1943A2218777329E5A8] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\0D6888B32A8929940ACA98A3DEBB94B4] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\A2ECF5789F971654CBB5476964870E94] >> %TEMP%\SOTMP.REG

ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\25FB6C90ABD679A499936B2CE47483FB] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\BE814C515767eb242B3B829125AD10D4] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\2C35921C51F4C6A419CB15B169EA7257] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\D50011FF8CBC5D542A88527CBB031412] >> %TEMP%\SOTMP.REG

ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\25FB6C90ABD679A499936B2CE47483FB] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BE814C515767eb242B3B829125AD10D4] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2C35921C51F4C6A419CB15B169EA7257] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D50011FF8CBC5D542A88527CBB031412] >> %TEMP%\SOTMP.REG

ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\E932B7952303A1943A2218777329E5A8] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\0D6888B32A8929940ACA98A3DEBB94B4] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A2ECF5789F971654CBB5476964870E94] >> %TEMP%\SOTMP.REG

ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\E932B7952303A1943A2218777329E5A8] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\0D6888B32A8929940ACA98A3DEBB94B4] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A2ECF5789F971654CBB5476964870E94] >> %TEMP%\SOTMP.REG

ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\25FB6C90ABD679A499936B2CE47483FB] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BE814C515767eb242B3B829125AD10D4] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2C35921C51F4C6A419CB15B169EA7257] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D50011FF8CBC5D542A88527CBB031412] >> %TEMP%\SOTMP.REG

REM === Sophos Application Settings ===
ECHO [-HKEY_CURRENT_USER\Software\Sophos] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\Software\Sophos] >> %TEMP%\SOTMP.REG

REM === Sophos Uninstall Keys ===
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{09C6BF52-6DBA-4A97-9939-B6C24E4738BF}] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15C418EB-7675-42be-B2B3-281952DA014D}] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C12953C2-4F15-4A6C-91BC-511B96AE2775}] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FF11005D-CBC8-45D5-A288-25C7BB304121}] >> %TEMP%\SOTMP.REG

REM === Sophos Legacy Services Set01 ===
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SAVADMINSERVICE] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SAVONACCESS_CONTROL] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SAVONACCESS_FILTER] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SAVSERVICE] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SOPHOS_AGENT] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SOPHOS_AUTOUPDATE_AGENT] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SOPHOS_AUTOUPDATE_SERVICE] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SOPHOS_MESSAGE_ROUTER] >> %TEMP%\SOTMP.REG

REM === Sophos Event Log Registration Set01 ===
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SophosAntiVirus] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\SAVOnAccess Control] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\SAVOnAccess Filter] >> %TEMP%\SOTMP.REG

REM === Sophos Services Set01 ===
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SAVAdminService] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SAVOnAccess Control] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SAVOnAccess Filter] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SAVService] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sophos Agent] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sophos AutoUpdate Agent] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sophos AutoUpdate Service] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sophos Message Router] >> %TEMP%\SOTMP.REG

REM === Sophos Legacy Services Current===
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SAVADMINSERVICE] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SAVONACCESS_CONTROL] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SAVONACCESS_FILTER] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOPHOS_AGENT] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SAVSERVICE] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOPHOS_AUTOUPDATE_AGENT] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOPHOS_AUTOUPDATE_SERVICE] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOPHOS_MESSAGE_ROUTER] >> %TEMP%\SOTMP.REG

REM === Sophos Event Log Registration Current ===
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SophosAntiVirus] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SAVOnAccess Control] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SAVOnAccess Filter] >> %TEMP%\SOTMP.REG

REM === Sophos Services Current ===
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVAdminService] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVOnAccess Control] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVOnAccess Filter] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVService] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Agent] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos AutoUpdate Agent] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos AutoUpdate Service] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Message Router] >> %TEMP%\SOTMP.REG

REM ==============================================================================================================

ECHO.
ECHO Stopping Sophos Anti-Virus Services...
net stop "Sophos Agent" 2> NUL
net stop "Sophos Anti-Virus" 2> NUL
net stop "Sophos Anti-Virus status reporter" 2> NUL
net stop "Sophos AutoUpdate Service" 2> NUL
net stop "Sophos Message Router" 2> NUL
ECHO Completed.

GOTO SERXP

:RESUME
ECHO.
ECHO Unregistering DLLs...

REM === Sophos Anti-Virus DLLs ===
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\backgroundscanning.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\componentmanager.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\configuration.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\desktopmessaging.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\driveprocessor.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\eeconsumer.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\filterprocessors.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\fsdecomposer.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\icadapter.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\icmanagement.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\icprocessors.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\legacyconsumers.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\localisation.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\logging.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\persistance.dll" 
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SAVI0.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SAVMSCM.DLL"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\savshellext.dll" 
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\scaneditexports.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\scaneditfacade.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\scanmanagement.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\security.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\sophtaineradapter.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\systeminformation.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\threatdetection.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\threatmanagement.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\translators.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\virusdetection.dll"

REM === Sophos AutoUpdate DLLs ===
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\cidsync.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\config.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\inetconn.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\InstlMgr.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\ispsheet.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\logger.dll"
ECHO Completed.

ECHO.
ECHO Removing the Sophos Installation Files...

REM === Emtpies the temporary files folders, folders are recreated if they are empty ===
RD /s  /Q %TEMP% 2> NUL
MD %TEMP% 2> NUL
RD /s  /Q %WINDIR%\TEMP\ 2> NUL
MD %WINDIR%\Temp 2> NUL

REM === Remove Sophos created folders and files ===
RD /S /Q "%PROGRAMFILES%\SOPHOS\AutoUpdate" 2> NUL
RD /S /Q "%PROGRAMFILES%\SOPHOS\Sophos Anti-Virus" 2> NUL
RD /S /Q "%PROGRAMFILES%\SOPHOS\Remote Management System" 2> NUL
RD /S /Q "%PROGRAMFILES%\SOPHOS\" 2> NUL
RD /S /Q "C:\SAVXPSA" 2> NUL
RD /s /Q "%ALLUSERSPROFILE%\Start Menu\Programs\Sophos" 2> NUL
RD /S /Q "%ALLUSERSPROFILE%\Application Data\Sophos" 2> NUL
RD /S /Q "%USERPROFILE%\Application Data\Sophos" 2> NUL
DEL /Q   "%ALLUSERSPROFILE%\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk" 2> NUL
RD /S /Q "%WINDIR%\Installer\{09C6BF52-6DBA-4A97-9939-B6C24E4738BF}" 2> NUL
RD /S /Q "%WINDIR%\Installer\{15C418EB-7675-42be-B2B3-281952DA014D}" 2> NUL
RD /S /Q "%WINDIR%\Installer\{C12953C2-4F15-4A6C-91BC-511B96AE2775}" 2> NUL
RD /S /Q "%WINDIR%\Installer\{FF11005D-CBC8-45D5-A288-25C7BB304121}" 2> NUL
DEL /Q   "%WINDIR%\System32\Drivers\savonaccesscontrol.sys" 2> NUL
DEL /Q   "%WINDIR%\System32\Drivers\savonaccessfilter.sys" 2> NUL
ECHO Completed.

REM === Remove the typical Sophos account/groups for Sophos AutoUpdate ===
ECHO.
ECHO Deleting Sophos Accounts and Sophos Groups...
Net user SophosSAU%COMPUTERNAME%0 /DELETE 2> NUL
Net user SophosSAU%COMPUTERNAME%1 /DELETE 2> NUL
Net user SophosSAU%COMPUTERNAME%2 /DELETE 2> NUL
Net user SophosSAU%COMPUTERNAME%3 /DELETE 2> NUL

Net localgroup SophosAdministrator /DELETE 2> NUL
Net localgroup SophosOnAccess /DELETE 2> NUL
Net localgroup SophosPowerUser /DELETE 2> NUL
Net localgroup SophosUser /DELETE 2> NUL
ECHO Completed.

GOTO END

:SERXP
ver|find "Windows XP" > NUL
if errorlevel 1 goto SER2K3
ECHO.
ECHO (XP) Deleting Sophos Services...
sc delete SAVService > NUL
sc delete SAVAdminService > NUL
sc delete "Sophos Agent" > NUL
sc delete "Sophos AutoUpdate Agent" > NUL
sc delete "Sophos AutoUpdate Service" > NUL
sc delete "Sophos Message Router" > NUL
ECHO Completed.
ECHO.
ECHO Removing the Sophos Registry Keys...
SC create SopReg binpath= "cmd /K START /WAIT REGEDIT /S %TEMP%\SOTMP.REG" type= own type= interact
sc start "SopReg" > NUL
sc delete "SopReg"
ECHO Completed.
GOTO RESUME

:SER2K3
ver|find "Version 5.2" >NUL
if errorlevel 1 goto SER2K
ECHO.
ECHO (2K3) Deleting Sophos Services...
sc delete SAVService > NUL
sc delete SAVAdminService > NUL
sc delete "Sophos Agent" > NUL
sc delete "Sophos AutoUpdate Agent" > NUL
sc delete "Sophos AutoUpdate Service" > NUL
sc delete "Sophos Message Router" > NUL
ECHO Completed.
ECHO.
ECHO Removing the Sophos Registry Keys...
SC create SopReg binpath= "cmd /K START /WAIT REGEDIT /S %TEMP%\SOTMP.REG" type= own type= interact
sc start "SopReg" > NUL
sc delete "SopReg"
ECHO Completed.
GOTO RESUME

:SER2K
ver|find "Windows 2000" >NUL
if errorlevel 1 goto END
ECHO.
ECHO Removing the Sophos Registry Keys...
REGEDIT /S %TEMP%\SOTMP.REG
ECHO Completed.
GOTO RESUME

:END
ECHO.
ECHO ====================================================
ECHO Please reboot the computer and run this script again
ECHO         If you have not already done so.
ECHO ====================================================
Echo.
Pause
EXIT

:ERR
ECHO.
ECHO ==============================================================
ECHO Script has terminated because either your O.S is Windows 9x/NT
ECHO OR Puremessage/Enterprise Console/EM Library was found.
ECHO ==============================================================
Pause
EXIT