From 3e4a5a8494a7fe0e963b34cb734e6831f1a0b5e8 Mon Sep 17 00:00:00 2001
From: Gabe <gabe@gabesville.com>
Date: Sat, 9 Aug 2025 17:19:21 +0000
Subject: [PATCH] Upload files to "Vulnerability Scripts/Compromised Host
 Files"

---
 ...Compromised Windows Host File – McAfee.ps1 | 47 +++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 Vulnerability Scripts/Compromised Host Files/VULN - Compromised Windows Host File – McAfee.ps1

diff --git a/Vulnerability Scripts/Compromised Host Files/VULN - Compromised Windows Host File – McAfee.ps1 b/Vulnerability Scripts/Compromised Host Files/VULN - Compromised Windows Host File – McAfee.ps1
new file mode 100644
index 0000000..824697b
--- /dev/null
+++ b/Vulnerability Scripts/Compromised Host Files/VULN - Compromised Windows Host File – McAfee.ps1	
@@ -0,0 +1,47 @@
+<#
+Author: Gabe Kerntke
+Date: 04-15-2024
+
+.Synopsis
+
+.Modified
+2024-04-15 (GabeK) - Original script created
+
+#>
+
+#Region Variables
+$URL = "scinstallcheck.mcafee.com"
+$HostFileTest = Get-Content "C:\Windows\System32\drivers\etc\hosts" | Where-Object { $_ -like "*$URL*" } 
+$HostFilePath = "C:\Windows\System32\drivers\etc\hosts"
+$HostFile = Get-Content "C:\Windows\System32\drivers\etc\hosts"
+
+#Region Script Start
+
+#If the $URL exists in the host file it continues with the fix
+If ($null -ne $HostFileTest) {
+    #Makes copy of Host file before making changes
+    Copy-Item $HostFilePath -Destination "C:\Windows\System32\drivers\etc\hosts - backup" -Force
+    #Makes the change to the Host file
+    $NewFile = $HostFile -replace "0.0.0.1", "#" -replace "scinstallcheck.mcafee.com", "#"
+
+    Try {
+        #Sees if the changes to the Host file can saved
+        Set-Content -Value $NewFile -Path $HostFilePath -Force -ErrorAction Stop
+    }
+
+    catch {
+        #If error occurs with saving new Host file, revert to backup Host file
+        Copy-Item "C:\Windows\System32\drivers\etc\hosts - backup" -Destination $HostFilePath -Force
+        Write-Host "Failed to modify host file, exiting script"
+        Break
+    }
+
+    Write-Host "Host file has been modified"
+    #Removes backup Host file
+    Remove-Item "C:\Windows\System32\drivers\etc\hosts - backup"
+}
+
+Else {
+    Write-Host "$URL does not exist in host file, exiting script."
+}
+#Region Script End
\ No newline at end of file