#!/bin/bash
# ./fix977165
#####################################################################
#                    MadMod Computing 02/17/10                      #
#           Remove Microsoft Windows XP Patch KB977165              #
#          (causes BSOD with infected Windows Computers)            #
#####################################################################
clear
# Commands in Windows DOS format to remove the Windows patch KB977165:
# DEL "c:\windows\$hf_mig$\kb977165\sp3qfe\ntkrnlmp.exe"
# DEL "c:\windows\$hf_mig$\kb977165\sp3qfe\ntkrnlpa.exe"
# DEL "c:\windows\$hf_mig$\kb977165\sp3qfe\ntkrpamp.exe"
# DEL "c:\windows\$hf_mig$\kb977165\sp3qfe\ntoskrnl.exe"
# COPY "C:\WINDOWS\$NtUninistallKB977165$\ntkrnlmp.exe" "c:\windows\driver cache\i386\ntkrnlmp.exe"
# COPY "C:\WINDOWS\$NtUninistallKB977165$\ntkrnlpa.exe" "c:\windows\driver cache\i386\ntkrnlpa.exe"
# COPY "C:\WINDOWS\$NtUninistallKB977165$\ntkrpamp.exe" "c:\windows\driver cache\i386\ntkrpamp.exe"
# COPY "C:\WINDOWS\$NtUninistallKB977165$\ntoskrnl.exe" "c:\windows\driver cache\i386\ntoskrnl.exe"
# COPY "C:\WINDOWS\$NtUninistallKB977165$\ntkrnlpa.exe" "c:\windows\system32\ntkrnlpa.exe"
# COPY "C:\WINDOWS\$NtUninistallKB977165$\ntoskrnl.exe" "c:\windows\system32\ntoskrnl.exe"
# COPY "C:\WINDOWS\$NtUninistallKB977165$\ntkrnlmp.exe" "c:\windows\system32\dllcache\ntkrnlmp.exe"
# COPY "C:\WINDOWS\$NtUninistallKB977165$\ntkrnlpa.exe" "c:\windows\system32\dllcache\ntkrnlpa.exe"
# COPY "C:\WINDOWS\$NtUninistallKB977165$\ntkrpamp.exe" "c:\windows\system32\dllcache\ntkrpamp.exe"
# COPY "C:\WINDOWS\$NtUninistallKB977165$\ntoskrnl.exe" "c:\windows\system32\dllcache\ntoskrnl.exe"
# COPY "C:\WINDOWS\$NtUninistallKB977165$\spuninst\spuninst.txt" "C:\WINDOWS\$NtUninistallKB977165$\spuninst\spuninst.tag"

echo -n "Be sure that first you've mounted the Windows drive and have navigated to the Windows folder."
read dummy

rm $hf_mig$/kb977165/sp3qfe/ntkrnlmp.exe
rm $hf_mig$/kb977165/sp3qfe/ntkrnlpa.exe
rm $hf_mig$/kb977165/sp3qfe/ntkrpamp.exe
rm $hf_mig$/kb977165/sp3qfe/ntoskrnl.exe

cp $NtUninistallKB977165$/ntkrnlmp.exe driver?cache/i386/ntkrnlmp.exe
cp $NtUninistallKB977165$/ntkrnlpa.exe driver?cache/i386/ntkrnlpa.exe
cp $NtUninistallKB977165$/ntkrpamp.exe driver?cache/i386/ntkrpamp.exe
cp $NtUninistallKB977165$/ntoskrnl.exe driver?cache/i386/ntoskrnl.exe

cp $NtUninistallKB977165$/ntkrnlmp.exe system32/dllcache/ntkrnlmp.exe
cp $NtUninistallKB977165$/ntkrnlpa.exe system32/dllcache/ntkrnlpa.exe
cp $NtUninistallKB977165$/ntkrpamp.exe system32/dllcache/ntkrpamp.exe
cp $NtUninistallKB977165$/ntoskrnl.exe system32/dllcache/ntoskrnl.exe

cp $NtUninistallKB977165$/spuninst/spuninst.txt $NtUninistallKB977165$/spuninst/spuninst.tag

echo "Removed the patch files: ntkrnlmp.exe, ntkernlpa.exe, ntkrpamp.exe and ntoskrnl.exe"
echo "Copied 4 backup files to /driver?cache/i386 and the same files to /system32/dllcache"
echo "Copied /spuninst/spuninst.txt to /spuninst/spuninst.tag"

exit 0