Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

WMI Registry query failed with HKEY_USERS

Status
Not open for further replies.
cluM09

cluM09

Technical User
May 15, 2004
127
US
Hi,

I have written a VBScript to clean the virus registry entries from the workstations using WMI query, but when I run the script where it hits the HKEY_USERS section, the script failed with the following message:

RegVirusDelete.vbs(173, 1) SWbemObjectEx: Invalid parameter

I would appreciate it if anyone who can point me to the right codes that will fix this problem.

The code from my Script is as follows:

Dim strComputer, oReg, strKeyPath0, strKeyPath1, strValueName0, strValueName1, strValueName2
Dim strValueName3, strValueName4, strValueName5, strValue0, strValue1, strValue2, strValue3
Dim strValue4, strValue5, strFromHK0, strFromHK1, strFromHK2

'set constant for the registry root
Const HKEY_CLASSES_ROOT = &H80000000
Const HKEY_CURRENT_USER = &H80000001
Const HKEY_LOCAL_MACHINE = &H80000002
Const HKEY_USERS = &H80000003

strComputer = "."

Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")

strKeyPath0 = "SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
strKayPath1 = ".DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run"
strValueName0 = "internat" 'internat.exe for HKLM
strValueName1 = "SDKz0r" 'SDKc55rezzz2.exe
strValueName2 = "Jumper Defualt" 'jumsvc32.exe
strValueName3 = "Microsoft Synchronization Manager" 'win.exe
strValueName4 = "Configuration" 'wget.exe
strValueName5 = "Microsoft Windows Update" 'msnmsgr.exe
strValueName6 = "internat.exe" 'internat.exe for HKCU and HKUS

'Deleting virus entries from HKLM
'Query for internat.exe
strFromHK0 = "HKEY_LOCAL_MACHINE"
oReg.GetExpandedStringValue HKEY_LOCAL_MACHINE,strKeyPath0,_
strValueName0,strValue0
If LCase(strValue0) = LCase("internat.exe") Then
Wscript.Echo ""
Wscript.Echo Space(3) & "Deleting: " & strValue0 & " from " & strFromHK0
Wscript.Echo ""
oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath0,_
strValueName0,strValue0
End if

'Query for SDKc55rezzz2.exe
oReg.GetExpandedStringValue HKEY_LOCAL_MACHINE,strKeyPath0,_
strValueName1,strValue1
If LCase(strValue1) = LCase("SDKc55rezzz2.exe") Then
Wscript.Echo ""
Wscript.Echo Space(3) & "Deleting: " & strValue1 & " from " & strFromHK0
Wscript.Echo ""
oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath0,_
strValueName1,strValue1
End if

'Query for jumsvc32.exe
oReg.GetExpandedStringValue HKEY_LOCAL_MACHINE,strKeyPath0,_
strValueName2,strValue2
If LCase(strValue2) = LCase("jumsvc32.exe") Then
Wscript.Echo ""
Wscript.Echo Space(3) & "Deleting: " & strValue2 & " from " & strFromHK0
Wscript.Echo ""
oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath0,_
strValueName2,strValue2
End if

'Query for win.exe
oReg.GetExpandedStringValue HKEY_LOCAL_MACHINE,strKeyPath0,_
strValueName3,strValue3
If LCase(strValue3) = LCase("win.exe") Then
Wscript.Echo ""
Wscript.Echo Space(3) & "Deleting: " & strValue3 & " from " & strFromHK0
Wscript.Echo ""
oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath0,_
strValueName3,strValue3
End if

'Query for wget.exe
oReg.GetExpandedStringValue HKEY_LOCAL_MACHINE,strKeyPath0,_
strValueName4,strValue4
If LCase(strValue4) = LCase("wget.exe") Then
Wscript.Echo ""
Wscript.Echo Space(3) & "Deleting: " & strValue4 & " from " & strFromHK0
Wscript.Echo ""
oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath0,_
strValueName4,strValue4
End if

'Query for msnmsgr.exe
oReg.GetExpandedStringValue HKEY_LOCAL_MACHINE,strKeyPath0,_
strValueName5,strValue5
If LCase(strValue5) = LCase("msnmsgr.exe") Then
Wscript.Echo ""
Wscript.Echo Space(3) & "Deleting: " & strValue5 & " from " & strFromHK0
Wscript.Echo ""
oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath0,_
strValueName5,strValue5
End if

'Deleting virus entries from HKCU
'Query for internat.exe
strValueName0 = strValueName6
strFromHK1 = "HKEY_CURRENT_USER"
oReg.GetExpandedStringValue HKEY_CURRENT_USER,strKeyPath0,_
strValueName0,strValue0
If LCase(strValue0) = LCase("internat.exe") Then
Wscript.Echo ""
Wscript.Echo Space(3) & "Deleting: " & strValue0 & " from " & strFromHK1
Wscript.Echo ""
oReg.DeleteValue HKEY_CURRENT_USER,strKeyPath0,_
strValueName0,strValue0
End if

'Query for SDKc55rezzz2.exe
oReg.GetExpandedStringValue HKEY_CURRENT_USER,strKeyPath0,_
strValueName1,strValue1
If LCase(strValue1) = LCase("SDKc55rezzz2.exe") Then
Wscript.Echo ""
Wscript.Echo Space(3) & "Deleting: " & strValue1 & " from " & strFromHK1
Wscript.Echo ""
oReg.DeleteValue HKEY_CURRENT_USER,strKeyPath0,_
strValueName1,strValue1
End if

'Query for jumsvc32.exe
oReg.GetExpandedStringValue HKEY_CURRENT_USER,strKeyPath0,_
strValueName2,strValue2
If LCase(strValue2) = LCase("jumsvc32.exe") Then
Wscript.Echo ""
Wscript.Echo Space(3) & "Deleting: " & strValue2 & " from " & strFromHK1
Wscript.Echo ""
oReg.DeleteValue HKEY_CURRENT_USER,strKeyPath0,_
strValueName2,strValue2
End if

'Query for win.exe
oReg.GetExpandedStringValue HKEY_CURRENT_USER,strKeyPath0,_
strValueName3,strValue3
If LCase(strValue3) = LCase("win.exe") Then
Wscript.Echo ""
Wscript.Echo Space(3) & "Deleting: " & strValue3 & " from " & strFromHK1
Wscript.Echo ""
oReg.DeleteValue HKEY_CURRENT_USER,strKeyPath0,_
strValueName3,strValue3
End if

'Query for wget.exe
oReg.GetExpandedStringValue HKEY_CURRENT_USER,strKeyPath0,_
strValueName4,strValue4
If LCase(strValue4) = LCase("wget.exe") Then
Wscript.Echo ""
Wscript.Echo Space(3) & "Deleting: " & strValue4 & " from " & strFromHK1
Wscript.Echo ""
oReg.DeleteValue HKEY_CURRENT_USER,strKeyPath0,_
strValueName4,strValue4
End if

'Query for msnmsgr.exe
oReg.GetExpandedStringValue HKEY_CURRENT_USER,strKeyPath0,_
strValueName5,strValue5
If LCase(strValue5) = LCase("msnmsgr.exe") Then
Wscript.Echo ""
Wscript.Echo Space(3) & "Deleting: " & strValue5 & " from " & strFromHK1
Wscript.Echo ""
oReg.DeleteValue HKEY_CURRENT_USER,strKeyPath0,_
strValueName5,strValue5
End if

'Deleting virus entries from HKUS
'Query for internat.exe
strFromHK2 = "HKEY_USERS"
strValueName0 = strValueName6
oReg.GetExpandedStringValue HKEY_USERS,strKeyPath1,_
strValueName0,strValue0
If LCase(strValue0) = LCase("internat.exe") Then
Wscript.Echo ""
Wscript.Echo Space(3) & "Deleting: " & strValue0 & " from " & strFromHK2
Wscript.Echo ""
oReg.DeleteValue HKEY_USERS,strKeyPath1,_
strValueName0,strValue0
End if

'Query for SDKc55rezzz2.exe
oReg.GetExpandedStringValue HKEY_USERS,strKeyPath1,_
strValueName1,strValue1
If LCase(strValue1) = LCase("SDKc55rezzz2.exe") Then
Wscript.Echo ""
Wscript.Echo Space(3) & "Deleting: " & strValue1 & " from " & strFromHK2
Wscript.Echo ""
oReg.DeleteValue HKEY_USERS,strKeyPath1,_
strValueName1,strValue1
End if

'Query for jumsvc32.exe
oReg.GetExpandedStringValue HKEY_USERS,strKeyPath1,_
strValueName2,strValue2
If LCase(strValue2) = LCase("jumsvc32.exe") Then
Wscript.Echo ""
Wscript.Echo Space(3) & "Deleting: " & strValue2 & " from " & strFromHK2
Wscript.Echo ""
oReg.DeleteValue HKEY_USERS,strKeyPath1,_
strValueName2,strValue2
End if

'Query for win.exe
oReg.GetExpandedStringValue HKEY_USERS,strKeyPath1,_
strValueName3,strValue3
If LCase(strValue3) = LCase("win.exe") Then
Wscript.Echo ""
Wscript.Echo Space(3) & "Deleting: " & strValue3 & " from " & strFromHK2
Wscript.Echo ""
oReg.DeleteValue HKEY_USERS,strKeyPath1,_
strValueName3,strValue3
End if

'Query for wget.exe
oReg.GetExpandedStringValue HKEY_USERS,strKeyPath1,_
strValueName4,strValue4
If LCase(strValue4) = LCase("wget.exe") Then
Wscript.Echo ""
Wscript.Echo Space(3) & "Deleting: " & strValue4 & " from " & strFromHK2
Wscript.Echo ""
oReg.DeleteValue HKEY_USERS,strKeyPath1,_
strValueName4,strValue4
End if

'Query for msnmsgr.exe
oReg.GetExpandedStringValue HKEY_USERS,strKeyPath1,_
strValueName5,strValue5
If LCase(strValue5) = LCase("msnmsgr.exe") Then
Wscript.Echo ""
Wscript.Echo Space(3) & "Deleting: " & strValue5 & " from " & strFromHK2
Wscript.Echo ""
oReg.DeleteValue HKEY_USERS,strKeyPath1,_
strValueName5,strValue5
End if

Thanks!

CluM09
 
Sort by date Sort by votes
Well, I finally figured why the script failed at the HKEY_USERS section. I miss-spelled one variable at the beginning of the script. The variable name should be strKeyPath1 instead of strKayPath1 for the HKEY_USERS section as shown in the code above. Therefore the script failed the execution at the HKEY_USERS section.

Thanks any way for those who glanced at the codes.

This script is used for deleting the virus entries created by the viruses in my company.

CluM09.
 
Upvote 0 Downvote
cluM09 wrote
>I miss-spelled one variable at the beginning of the script...Therefore the script failed the execution...

That happens. No worry.

One thing though. The .deletevalue method takes 3 arguments. The 4th is out of spec. The engine seems just ignore it and it does not provoke a runtime error. This is one fundamental thing I can see good to know and to correct.

- tsuji
 
Upvote 0 Downvote
And feel free to ALWAYS use the Option Explicit instruction ...

Hope This Helps, PH.
Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884 or FAQ222-2244
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jtm2020hyo
  • Locked
  • Question
What is wrong with this code?
Replies
3
Views
476
strongm
strongm
Palito1916
  • Locked
  • Question
Disable multiple computer accounts using TXT file with computer names
Replies
2
Views
482
Palito1916
Palito1916
bdwilcox
  • Locked
  • Question
HTA fails with Syntax Error when working VBScript inserted
Replies
2
Views
663
bdwilcox
bdwilcox
Christoph6
  • Locked
  • Question
Registry via remote
Replies
0
Views
193
Christoph6
Christoph6
GessWurker1
  • Locked
  • Question
problem with AD query, empty values and form field population
Replies
0
Views
211
GessWurker1
GessWurker1

Part and Inventory Search

Sponsor

Back
Top