Write-Output "wavebrowser installers found at $($wavebrowserDownload.FullName).removing" If ($wavebrowserDownload = Get-Item "C:\Users\*\Downloads\Wave Browser_*" -ErrorAction Silentl圜ontinue) Write-Output "No wavebrowser files found in 'C:\Users\*\Wavesor Software*'" Remove-Item "C:\Users\*\Wavesor Software*" -Force -Recurse -ErrorAction Silentl圜ontinue Write-Output "wavebrowser found at $($wavebrowserFolder2.FullName).removing" If ($wavebrowserFolder2 = Get-Item "C:\Users\*\Wavesor Software*" -ErrorAction Silentl圜ontinue) Write-Output "No wavebrowser files found in 'C:\Users\*\AppData\Local\wavebrowser*'" Remove-Item "C:\Users\*\AppData\Local\wavebrowser*" -Force -Recurse -ErrorAction Silentl圜ontinue Write-Output "wavebrowser found at $($wavebrowserFolder1.FullName).removing" If ($wavebrowserFolder1 = Get-Item "C:\Users\*\AppData\Local\wavebrowser*" -ErrorAction Silentl圜ontinue) Write-Output "No wavebrowser Processs found" Stop-Process -Name wavebrowser -Force -ErrorAction Silentl圜ontinue Write-Output "wavebrowser Processes found.terminating" If (Get-Process -Name wavebrowser -ErrorAction Silentl圜ontinue) It kills the process, removes the files and directories and deletes the scheduled tasks.Įdit: can't get Reddit to format the code block properly so used inline code. This is something I put together based off a similar script I was using for Web Navigator. Interesting, I had the same for mine except the ping wasn't encrypted- only base64 encoded. ![]() HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WaveBrowserĬ:\WINDOWS\SYSTEM32\TASKS\Wavesor Software_*\WaveBrowser-StartAtLogin HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\wavebrowser.exe HKU\*\SOFTWARE\CLIENTS\STARTMENUINTERNET\WaveBrowser.* HKU\*\WavesorSWUpdater.Update3WebUser.1.0 HKU\*\WavesorSWUpdater.Update3COMClassUser.1.0 HKU\*\WavesorSWUpdater.Update3COMClassUser HKU\*\WavesorSWUpdater.PolicyStatusUser.1.0 HKU\*\WavesorSWUpdater.OnDemandCOMClassUser.1.0 HKU\*\WavesorSWUpdater.OnDemandCOMClassUser HKU\*\WavesorSWUpdater.CredentialDialogUser.1.0 HKU\*\WavesorSWUpdater.CredentialDialogUser HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Wavesor Software_*\WaveBrowser-StartAtLogin Apologies for the jacked up regex:Īlso seeing /swupdater.*\.updatestar\.com/ It also creates scheduled tasks, autostart reg entries, new CLSID's under the user's SID, lnk files, and different permutations of wavebrowser.exe. Test before adding anything across your env.ĭefinitely blocking domains/killing processes. Live chat available 6-6PT M-F via the Support Portalĭon't trust my regex.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |