Scripts to Remove the Zoom Client

lookwhatyoudid

Given the increased amount of Zoom vulnerabilities, one of my clients wanted to remove any and all Zoom installations from their domain workstations. So, naturally, PowerShell to the rescue!

<#
    .SYNOPSIS
        Downloads the CleanZoom.exe removal tool, if it doesn't already exist. Then runs the uninstaller


#>

try
{

    $filecheck = Get-ChildItem C:\Windows\Temp\CleanZoom.exe -ErrorAction Stop
    Write-Output "File Exists"
    C:\Windows\Temp\CleanZoom.exe

}

catch [System.Management.Automation.ItemNotFoundException]
{

    Write-Output "Downloading File"
    Invoke-WebRequest "https://support.zoom.us/hc/en-us/article_attachments/360033082431/CleanZoom.exe" -OutFile "C:\Windows\Temp\CleanZoom.exe"
    C:\Windows\Temp\CleanZoom.exe

}
catch
{

    Write-Output $error[0]

}

What this will do is go out and download the official Zoom client uninstaller, CleanZoom.exe, to the Windows temp folder, then execute said uninstaller.

Another option is via a batch script, if PowerShell aint your thing:

IF EXIST C:\Windows\Temp\CleanZoom.exe (
C:\Windows\Temp\CleanZoom.exe
) ELSE (
bitsadmin.exe /transfer "gbyeZoom" https://support.zoom.us/hc/en-us/article_attachments/360033082431/CleanZoom.exe C:\Windows\Temp\CleanZoom.exe
C:\Windows\Temp\CleanZoom.exe
)

You can run either silently by pushing out a login Scheduled task, via Group Policy, set to run as the SYSTEM user. Another option, if you’re feeling fancy and just want a one time sweep, is to use something like psexec.

 
11
Kudos
 
11
Kudos

Now read this

BECS - An Office 365 Incident Response Tool

Gosh golly, another blog post?! # I seem to have found myself doing a lot of incident response (IR) engagements here lately. I mean, I’m not complaining; it’s bittersweet in that I have a lot of fun during these engagements, but also sad... Continue →