@echo off

REM Name: searchterror-files.bat
REM Version: 1.0

REM Written By: Jim Cameron (http://support.moonpoint.com)
REM Written On: December 3, 2006
REM Last Modified: December 3, 2006

REM Search for files associated with "Exploit searchterror.com",
REM which are listed at http://www.kephyr.com/spywarescanner/library/exploit-searchterror.com
REM as being associated with the malware. 

REM Set value for sysem directory. This assumes the system this batch file is executed on is a Windows NT or
REM later system as, by default, this value should be %WinDir%\system on Windows 95, 98, ME.

set SystemDir=%WinDir%\system32

REM The file svchost.exe is part of the list, but is also a file normally
REM found on Windows systems. On Windows NT and later systems, though, it is found in %WinDir%\system32, rather
REM than in %WinDir%. The Kephyr webpage indicates its presence in the %WinDir% directory indicates the presence
REM of this malware.

echo.
echo *** Searching for Exploit searchterror files. ***
echo.

for %%F in (%SystemDir%\abc.exe %SystemDir%\cssrs.exe %WinDir%\desktop.html %WinDir%\drexinit.dll %WinDir%\dvpd.dll %SystemDir%\init32m.exe %WinDir%\installer_SIAC.exe %WinDir%\kernels32.exe %SystemDir%\system32\latest.exe c:\loader.exe c:\mailz.txt %SystemDir%\maxd.exe %WinDir%\ms1.exe %WinDir%\ms2.exe %WinDir%\ms3.exe %WinDir%\ms4.exe %WinDir%\msmsgr2.exe %SystemDir%\newdial.exe %SystemDir%\newdial1.exe %SystemDir%\paytime.exe %SystemDir%\realupd32.exe %SystemDir%\realupd_32.exe %WinDir%\sasent.dll %WinDir%\sasetup.dll %WinDir%\svchost.exe c:\sys.exe %SystemDir%\thn.dll %SystemDir%\thn32.dll %SystemDir%\tibs.exe c:\tmp.txt c:\trig.dtl %WinDir%\tool1.exe %WinDir%\tool2.exe %WinDir%\tool3.exe %SystemDir%\~update.exe %WinDir%\vr_sys.dll %SystemDir%\vx.tll %SystemDir%\vxgame1.exe %SystemDir%\vxgame2.exe %SystemDir%\vxgame3.exe %SystemDir%\vxgame4.exe %WinDir%\weirdontheweb_topc.exe %SystemDir%\win32.exe c:\winstall.exe %SystemDir%\zolk.dll %WinDir%\zsettings.dll %SystemDir%\ztoolbar.bmp %SystemDir%\ztoolber.dll %SystemDir%\ztoolbar.xml) do if exist %%F echo %%F

echo.
echo *** Searching for Exploit searchterror directories. ***
echo.

REM Double quotes are needed for directories with spaces in their names, e.g. "Program Files".

for %%D in (%WinDir%\cdmweb "%ProgramFiles%\WeirdOnTheWeb\") do if exist %%D dir %%D