Scripts to Remove the Zoom Client

lookwhatyoudid

Given the increased amount of Zoom vulnerabilities, one of my clients wanted to remove any and all Zoom installations from their domain workstations. So, naturally, PowerShell to the rescue!

<#
    .SYNOPSIS
        Downloads the CleanZoom.exe removal tool, if it doesn't already exist. Then runs the uninstaller


#>

try
{

    $filecheck = Get-ChildItem C:\Windows\Temp\CleanZoom.exe -ErrorAction Stop
    Write-Output "File Exists"
    C:\Windows\Temp\CleanZoom.exe

}

catch [System.Management.Automation.ItemNotFoundException]
{

    Write-Output "Downloading File"
    Invoke-WebRequest "https://support.zoom.us/hc/en-us/article_attachments/360033082431/CleanZoom.exe" -OutFile "C:\Windows\Temp\CleanZoom.exe"
    C:\Windows\Temp\CleanZoom.exe

}
catch
{

    Write-Output $error[0]

}

What this will do is go out and download the official Zoom client uninstaller, CleanZoom.exe, to the Windows temp folder, then execute said uninstaller.

Another option is via a batch script, if PowerShell aint your thing:

IF EXIST C:\Windows\Temp\CleanZoom.exe (
C:\Windows\Temp\CleanZoom.exe
) ELSE (
bitsadmin.exe /transfer "gbyeZoom" https://support.zoom.us/hc/en-us/article_attachments/360033082431/CleanZoom.exe C:\Windows\Temp\CleanZoom.exe
C:\Windows\Temp\CleanZoom.exe
)

You can run either silently by pushing out a login Scheduled task, via Group Policy, set to run as the SYSTEM user. Another option, if you’re feeling fancy and just want a one time sweep, is to use something like psexec.

 
8
Kudos
 
8
Kudos

Now read this

Blue Teaming - Defending Against Responder.py

Oh no, we at it again! # Isn’t it just nice that when you plug in your PC to the network, it can start discovering your local printers, shares and even other workstations? Yea, your red team thinks so, too. During a pentest engagement,... Continue →