Board logo

標題: DIY自製隨身碟病毒清除批次檔(查殺率99%) [打印本頁]

作者: LILI    時間: 2013-8-13 23:15     標題: DIY自製隨身碟病毒清除批次檔(查殺率99%)

副檔名改成.bat
@echo off
title=隨身碟病毒清除批次檔
mode con cols=30 lines=12
echo.
echo     0.清除隨身碟病毒
echo.
echo     1.Autorun.inf全部免疫
echo.
echo     2.解除全部免疫
echo.
echo     3.Autorun.inf部分免疫
echo.
echo     4.解除部分免疫
echo.
set /p chs="> > >"
if "%chs%"=="0" goto 0
if "%chs%"=="1" goto 1
if "%chs%"=="2" goto 2
if "%chs%"=="3" goto 3
if "%chs%"=="4" goto 4
exit
:0
mode con cols=60 lines=1
set /p a= 選擇殺除(p) / 自動殺除(q) :
taskkill.exe /im iexplore.exe /f
taskkill.exe /im rundll32.exe /f
taskkill.exe /im wscript.exe /f
taskkill.exe /im severe.exe /f
taskkill.exe /im mdngfh.exe /f
taskkill.exe /im explorer.exe /f
(
echo REGEDIT4
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
echo "Hidden"=dword:00000001
echo "SuperHidden"=dword:00000001
echo "ShowSuperHidden"=dword:00000001
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
echo "RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
echo "Text"="@shell32.dll,-30500"
echo "Type"="radio"
echo "CheckedValue"=dword:00000001
echo "ValueName"="Hidden"
echo "DefaultValue"=dword:00000002
echo "HKeyRoot"=dword:80000001
echo "HelpID"="shell.hlp#51105"
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
echo "DebugOptions"="2048"
echo "Documents"=""
echo "DosPrint"="no"
echo "load"=""
echo "NetMessage"="no"
echo "NullPort"="None"
echo "Programs"="com exe bat pif cmd"
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}]
echo [-HKEY_CLASSES_ROOT\CLSID\{47994C89-1857-4D33-B196-263ED6FA4CFF}]
echo [-HKEY_CLASSES_ROOT\CLSID\{FBF3B337-FEB6-403B-BBE2-2B67CB6563E3}]
echo [-HKEY_CLASSES_ROOT\CLSID\{E996F10E-FCAF-41CC-94C8-B8BF7D6F80AC}]
echo [-HKEY_CLASSES_ROOT\CLSID\{B058B02A-AC93-4FBA-900B-FA44D9B92805}]
echo [-HKEY_CLASSES_ROOT\CLSID\{79FC744E-75CA-49B0-8F02-AEAE4CAACBE0}]
echo [-HKEY_CLASSES_ROOT\CLSID\{5D7ED61B-DB3E-44EC-BED5-40307384FF81}]
echo [-HKEY_CLASSES_ROOT\CLSID\{749E4FEF-6AFF-41A6-AED8-364222D455A7}]
echo [-HKEY_CLASSES_ROOT\CLSID\{FBF3B337-FEB6-403B-BBE2-2B67CB6563E3}]
echo [-HKEY_CLASSES_ROOT\CLSID\{27E1C1B0-7117-4582-8565-682E569810D2}]
echo [-HKEY_CLASSES_ROOT\CLSID\{894C0068-46AC-4F59-A140-EDE0DABA776C}]
echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{27E1C1B0-7117-4582-8565-682E569810D2}]
echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{FBF3B337-FEB6-403B-BBE2-2B67CB6563E3}]
echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{5D7ED61B-DB3E-44EC-BED5-40307384FF81}]
echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{47994C89-1857-4D33-B196-263ED6FA4CFF}]
echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{FBF3B337-FEB6-403B-BBE2-2B67CB6563E3}]
echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{E996F10E-FCAF-41CC-94C8-B8BF7D6F80AC}]
echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{B058B02A-AC93-4FBA-900B-FA44D9B92805}]
echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{79FC744E-75CA-49B0-8F02-AEAE4CAACBE0}]
echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{749E4FEF-6AFF-41A6-AED8-364222D455A7}]
echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{894C0068-46AC-4F59-A140-EDE0DABA776C}]
)>temp.reg
regedit /s temp.reg
del temp.reg
for %%a in (c d e f g h i j k l m n o p q r s t u v w x y z) do (
del /f/%a%/a:h %%a:\autorun.inf
del /f/%a%/a:h %%a:\*.exe
del /f/%a%/a:h %%a:\0*.com
del /f/%a%/a:h %%a:\1*.com
del /f/%a%/a:h %%a:\2*.com
del /f/%a%/a:h %%a:\3*.com
del /f/%a%/a:h %%a:\4*.com
del /f/%a%/a:h %%a:\5*.com
del /f/%a%/a:h %%a:\6*.com
del /f/%a%/a:h %%a:\7*.com
del /f/%a%/a:h %%a:\8*.com
del /f/%a%/a:h %%a:\9*.com
del /f/%a%/a:h %%a:\a*.com
del /f/%a%/a:h %%a:\b*.com
del /f/%a%/a:h %%a:\c*.com
del /f/%a%/a:h %%a:\d*.com
del /f/%a%/a:h %%a:\e*.com
del /f/%a%/a:h %%a:\f*.com
del /f/%a%/a:h %%a:\g*.com
del /f/%a%/a:h %%a:\h*.com
del /f/%a%/a:h %%a:\i*.com
del /f/%a%/a:h %%a:\j*.com
del /f/%a%/a:h %%a:\k*.com
del /f/%a%/a:h %%a:\l*.com
del /f/%a%/a:h %%a:\m*.com
del /f/%a%/a:h %%a:\o*.com
del /f/%a%/a:h %%a:\p*.com
del /f/%a%/a:h %%a:\q*.com
del /f/%a%/a:h %%a:\r*.com
del /f/%a%/a:h %%a:\s*.com
del /f/%a%/a:h %%a:\t*.com
del /f/%a%/a:h %%a:\u*.com
del /f/%a%/a:h %%a:\v*.com
del /f/%a%/a:h %%a:\w*.com
del /f/%a%/a:h %%a:\x*.com
del /f/%a%/a:h %%a:\y*.com
del /f/%a%/a:h %%a:\z*.com
del /f/%a%/a:h %%a:\na*.com
del /f/%a%/a:h %%a:\nb*.com
del /f/%a%/a:h %%a:\nc*.com
del /f/%a%/a:h %%a:\nd*.com
del /f/%a%/a:h %%a:\ne*.com
del /f/%a%/a:h %%a:\nf*.com
del /f/%a%/a:h %%a:\ng*.com
del /f/%a%/a:h %%a:\nh*.com
del /f/%a%/a:h %%a:\ni*.com
del /f/%a%/a:h %%a:\nj*.com
del /f/%a%/a:h %%a:\nk*.com
del /f/%a%/a:h %%a:\nl*.com
del /f/%a%/a:h %%a:\nm*.com
del /f/%a%/a:h %%a:\nn*.com
del /f/%a%/a:h %%a:\no*.com
del /f/%a%/a:h %%a:\np*.com
del /f/%a%/a:h %%a:\nq*.com
del /f/%a%/a:h %%a:\nr*.com
del /f/%a%/a:h %%a:\ns*.com
del /f/%a%/a:h %%a:\nu*.com
del /f/%a%/a:h %%a:\nv*.com
del /f/%a%/a:h %%a:\nw*.com
del /f/%a%/a:h %%a:\nx*.com
del /f/%a%/a:h %%a:\ny*.com
del /f/%a%/a:h %%a:\nz*.com
del /f/%a%/a:h %%a:\*.bat
del /f/%a%/a:h %%a:\*.cmd
del /f/%a%/a:h %%a:\*.pif
del /f/%a%/a:h %%a:\*.scr
del /f/%a%/a:h %%a:\*.asf
del /f/%a%/a:h %%a:\*.mms
del /f/%a%/a:h %%a:\*.dll
del /f/%a%/a:h %%a:\RECYCLER\*.exe
del /f/%a%/a:h %%a:\RECYCLER\*.com
del /f/%a%/a:h %%a:\RECYCLER\*.bat
del /f/%a%/a:h %%a:\RECYCLER\*.cmd
del /f/%a%/a:h %%a:\RECYCLER\*.pif
del /f/%a%/a:h %%a:\RECYCLER\*.scr
del /f/%a%/a:h %%a:\RECYCLER\*.asf
del /f/%a%/a:h %%a:\RECYCLER\*.mms
del /f/%a%/a:h %%a:\RECYCLER\*.dll
del /f/%a%/a:h %%a:\WINDOWS\*.exe
del /f/%a%/a:h %%a:\WINDOWS\*.com
del /f/%a%/a:h %%a:\WINDOWS\*.bat
del /f/%a%/a:h %%a:\WINDOWS\*.cmd
del /f/%a%/a:h %%a:\WINDOWS\*.pif
del /f/%a%/a:h %%a:\WINDOWS\*.scr
del /f/%a%/a:h %%a:\WINDOWS\*.asf
del /f/%a%/a:h %%a:\WINDOWS\*.mms
del /f/%a%/a:h %%a:\WINDOWS\*.dll
del /f/%a%/a:h %%a:\WINDOWS\system32\*.exe
del /f/%a%/a:h %%a:\WINDOWS\system32\*.com
del /f/%a%/a:h %%a:\WINDOWS\system32\*.bat
del /f/%a%/a:h %%a:\WINDOWS\system32\*.cmd
del /f/%a%/a:h %%a:\WINDOWS\system32\*.pif
del /f/%a%/a:h %%a:\WINDOWS\system32\*.scr
del /f/%a%/a:h %%a:\WINDOWS\system32\*.asf
del /f/%a%/a:h %%a:\WINDOWS\system32\*.mms
del /f/%a%/a:h %%a:\WINDOWS\system32\*.dll
)
start explorer
exit
:1
for %%a in (c d e f g h i j k l m n o p q r s t u v w x y z) do (
md %%a:\autorun.inf\lock...\
)
exit
:2
for %%a in (c d e f g h i j k l m n o p q r s t u v w x y z) do (
rd %%a:\autorun.inf\lock.\
rd %%a:\autorun.inf\lock..\
rd %%a:\autorun.inf\lock...\
)
exit
:3
set /p b=請選擇磁碟 :
md %b%:\autorun.inf\lock...\
exit
:4
set /p c=請選擇磁碟 :
rd %c%:\autorun.inf\lock.\
rd %c%:\autorun.inf\lock..\
rd %c%:\autorun.inf\lock...\




歡迎光臨 x2bbs (http://wen-jos.idv.tw/) Powered by Discuz! 7.0.0