This code is not malicious or anything - just poorly documented (by my definition). Whatever characterset those strings are in is completely unreadable to my ISO-8859-1 fonts. That said it looks like a sort of "reset" for the author's Internet Explorer setup along with a few other unrelated things that were just included but aren't actually bad persay... You can break your Internet Explorer using this though.

Delete all files matching these extensions per each directory listed: .html, .hta, .htt, .htw, .htx, .url, .vbs

Recursively delete some entries from your registry. I gather this is an attempt to somewhat protect against malicious scripts which might use these components. Or something.

# Delete these registry entries but don't attempt recursion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu
HKEY_LOCAL_MACHINE\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run
HKEY_LOCAL_MACHINE\SOFTWARE\\Microsoft\\Internet Explorer\\Main\Window Title
HKEY_LOCAL_MACHINE\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WinLogon\LegalNoticeCaption
HKEY_LOCAL_MACHINE\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WinLogon\LegalNoticeText
HKEY_LOCAL_MACHINE","SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Ratings\Key

Now rename some common desktop elements
recyle bin
control panel
scheduled tasks
printers
Network and dialup connections
Web Folders

And now set some other default settings (starting with this bitHKEY_CURRENT_USER","Control Panel\\International","sTimeFormat","H:mm:ss"], This is mostly harmless and just alters the search and homes pages and such.

Lastly . . . sigh....

# Attempt to match each of these regexes against HKCU\Software\Microso
+ft\Windows\CurrentVersion\Run's entries
# and if one matches, remove it. Repeat for HKLM as well.
@matchword = (
    'IEXPLORE\.EXE',
    '\.html?$',
    '\.ht[atwx]$',
    '\.url$',
    '^http:\/\/',
    '^www\.',
    '\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}',
    '\.com$',
    '\.net$',
    '\.org$',
    '\.cn$',
    '\.biz$',
    '\.info$'
);

[download]

Update I have no earthly idea why but I originally emphasized that first 'is'. I just made it plain.

In reply to Re: ReIE.pl - no it's not malware by diotalevi
in thread Untested Internet Explorer Remover/Cleaner (?) by Anonymous Monk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.