I'm fairly sure the script works as wincy described, but this doesn't take away the problem: several virus scanners will throw alerts when installing the script. It will be hard for users to trust something that is supposed to remove viruses, while the removal tool itself is picked up by several virusscanners.
The virusscanners have problems with
Process.exe and
path.exe. From reading what they do I think they could fairly easy be replaced by something else that won't cause alerts.
Instead of process.exe you could use [url-http://technet.microsoft.com/en-us/library/bb491009.aspx]Taskkill[/url] which is part of Windows, so you don't even need to pack it with the script. I checked and it's available on XP, Vista and Win7.
path.exe exports a batch file like this:
DOS code:
SET "AppData=C:\DOCUME~1\XP_EN-VM\APPLIC~1"
SET "Cookies=C:\DOCUME~1\XP_EN-VM\Cookies"
SET "Desktop=C:\DOCUME~1\XP_EN-VM\Desktop"
SET "Favorites=C:\DOCUME~1\XP_EN-VM\FAVORI~1"
SET "NetHood=C:\DOCUME~1\XP_EN-VM\NetHood"
SET "Personal=C:\DOCUME~1\XP_EN-VM\MYDOCU~1"
SET "PrintHood=C:\DOCUME~1\XP_EN-VM\PRINTH~1"
SET "Recent=C:\DOCUME~1\XP_EN-VM\Recent"
SET "SendTo=C:\DOCUME~1\XP_EN-VM\SendTo"
SET "Start Menu=C:\DOCUME~1\XP_EN-VM\STARTM~1"
SET "Templates=C:\DOCUME~1\XP_EN-VM\TEMPLA~1"
SET "Programs=C:\DOCUME~1\XP_EN-VM\STARTM~1\Programs"
SET "Startup=C:\DOCUME~1\XP_EN-VM\STARTM~1\Programs\Startup"
SET "Local AppData=C:\DOCUME~1\XP_EN-VM\LOCALS~1\APPLIC~1"
SET "Cache=C:\DOCUME~1\XP_EN-VM\LOCALS~1\TEMPOR~1"
SET "History=C:\DOCUME~1\XP_EN-VM\LOCALS~1\History"
SET "My Pictures=C:\DOCUME~1\XP_EN-VM\MYDOCU~1\MYPICT~1"
SET "Fonts=C:\WINDOWS\Fonts"
SET "My Music=C:\DOCUME~1\XP_EN-VM\MYDOCU~1\MYMUSI~1"
SET "CD Burning=C:\DOCUME~1\XP_EN-VM\LOCALS~1\APPLIC~1\MICROS~1\CDBURN~1"
SET "Common AppData=C:\DOCUME~1\ALLUSE~1\APPLIC~1"
SET "Common Programs=C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs"
SET "Common Documents=C:\DOCUME~1\ALLUSE~1\DOCUME~1"
SET "Common Desktop=C:\DOCUME~1\ALLUSE~1\Desktop"
SET "Common Start Menu=C:\DOCUME~1\ALLUSE~1\STARTM~1"
SET "Common Pictures=C:\DOCUME~1\ALLUSE~1\DOCUME~1\MYPICT~1"
SET "Common Music=C:\DOCUME~1\ALLUSE~1\DOCUME~1\MYMUSI~1"
SET "Common Video=C:\DOCUME~1\ALLUSE~1\DOCUME~1\MYVIDE~1"
SET "Common Favorites=C:\DOCUME~1\ALLUSE~1\FAVORI~1"
SET "Common Startup=C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup"
SET "Common Templates=C:\DOCUME~1\ALLUSE~1\TEMPLA~1"
SET "Common Administrative Tools=C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\ADMINI~1"
I see you use some of those variables later in the batch file (not all). I'm not sure why eSafe and TrendMicro would pick this up. Do you have the source, or did you download it somewhere? This could probably be replaced by JScript too (some other scripter help out on this?).
BTW, two other things:
- You assume Plus! is installed in %ProgramFiles%\"Messenger Plus! Live"\. Your script won't work at all when Plus! is installed in a different folder.
- Why do you delete ""Cila Smart Security" in safe.bat?
For people who want to take a look, temporary download location:
http://random.menthix.net/temp/WLM-Safe-4.0.plsc
/ 
