Advanced PowerShell toolkit for Windows system scanning, malware removal, repair, and security hardening—bringing threats into oblivion.
This PowerShell script provides a robust solution for scanning your Windows system for malware, repairing file integrity, cleaning up unnecessary files, and applying essential security hardening. It combines features such as rootkit scanning, Windows Defender antivirus checks, and system cleanup with enhanced security measures, including Windows Firewall and exploit protection.
Features
Requirements
Setup
Usage
Detailed Functionality
Notes and Considerations
Malware Scanning: Initiates Windows Defender scans on key directories and uses Sysinternals RootkitRevealer to detect hidden malware.
File Integrity Repair: Runs SFC (System File Checker) and DISM (Deployment Image Servicing and Management) to repair corrupted system files.
System Cleanup: Removes unnecessary files, temporary files, and Windows Update cache with error handling.
System Security Hardening:
Enables Windows Firewall for all network profiles.
Checks for Secure Boot and recommends enabling it if disabled.
Enables exploit protection features (DEP, SEHOP, ASLR).
Windows 10/11 with PowerShell 5.1 or higher.
Windows Defender enabled and up-to-date.
Sysinternals RootkitRevealer tool downloaded and available on your system.
Note: The script must be run with administrative privileges for full functionality.
Download the Script: Save the Obliviscan.ps1 file to a directory on your Windows machine.
Download RootkitRevealer:
Visit the Sysinternals website to download RootkitRevealer.
Place RootkitRevealer.exe in a folder, e.g., C:ToolsRootkitRevealer.
Edit the Script: Update the path to RootkitRevealer in the script:
$rootkitRevealerPath = "C:ToolsRootkitRevealerRootkitRevealer.exe"
Run PowerShell as Administrator:
Open PowerShell and navigate to the directory containing Obliviscan.ps1.
Set the execution policy to allow the script to run (if not set):
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
Execute the Script:
.Obliviscan.ps1
Quick Windows Defender Scan
Scans specified system folders (C:Windows, C:Users, C:Programs Files) to check for common malware locations.
Uses Windows Defender's Quick Scan for faster completion
Rootkit Detection
Leverages Sysinternals RootkitRevealer to detect rootkits that may be hiding in the system.
Output is logged in rootkit_scan_results.log.
System File Integrity Repair
System File Checker (SFC): Scans for and attempts to repair any corrupted system files.
DISM: Ensures the system image's integrity and applies any necessary repairs.
System Cleanup
C:WindowsTemp
C:Users
C:WindowsSoftwareDistribution
Deletes temporary files and Windows Update cache files, including error handling for files in use.
Reduces clutter and frees up disk space by targetting:
System Security Hardening
Windows Firewall: Enables the firewall for Domain, Public, and Private network profiles.
Secure Boot Check: Detects if Secure Boot is enabled and provides guidance if it’s off.
Exploit Protection: Enables Data Execution Prevention (DEP), Structured Exception Handler Overwrite Protection (SEHOP), and Address Space Layout Randomization (ASLR) for increased system resilience.
Administrative Privileges: The script requires administrative privileges to perform repairs and make system-level changes.
Tamper Protection: If Windows Defender Tamper Protection is enabled, certain actions (e.g., stopping Defender service) may be restricted.
Resource Usage: The script performs several intensive tasks and may take some time to complete. It’s recommended to run it during off-hours to avoid interruptions.
