扫一扫
分享文章到微信
扫一扫
关注官方公众号
至顶头条
来源:网络转载 2009年4月25日
autorun病毒前一阵子挺凶,害得大家纷纷关闭系统默认的自动播放程序,这也造成
很多应用的不方便,要手动选择相关的打开程序等。看网上有一个手动清除autorun病毒
的小程序,感觉不错,拿来分享。
本质来说,这个程序实际上就是利用了批处理文件的特点,把简单的DOS命令集成到
bat文件中,每个人都能简单的编写。打开写字板,新建一个文本文件,输入以下内容,
如不会,复制粘贴也行。
@echo off
TITLE 删除Autorun病毒_for_Windows XP_by_oicu
COLOR 3B
CLS
ECHO.
ECHO.
ECHO 删除Autorun病毒_打印店用_2006.11.14
ECHO ***********************************************************
ECHO 可以删除以下病毒:
ECHO 开机跳出空白记事本、西南民族大学比肩BBS、RavMonE.exe、
ECHO autorun风暴(开机弹出我的文档)、AdobeR.exe、rose.exe、
ECHO explorer三好学生(不能打开魔兽3等游戏的文件夹)、sxs.exe、
ECHO Setup.pif(winl0gon)、tel.xls.exe、fun.xls.exe
::::::只删除U盘上的SHE.exe、ctfmon.exe、winw0rd.exe病毒,未处理硬盘上的::::::
ECHO.
ECHO 特别说明:
ECHO A.只适用于 Windows XP 系统。
ECHO B.杀U盘病毒时一定要放到U盘根目录下运行,
ECHO 放到U盘运行可以同时杀掉硬盘上的病毒。
ECHO C.不要放到硬盘分区根目录运行,否则会出
ECHO 错,比如放在桌面运行也可杀硬盘的病毒。
ECHO D.运行后会关闭桌面进程。
ECHO E.取消了删除硬盘各分区的_desktop.ini
ECHO.
ECHO Copyright (C) 2006 oicu
ECHO ***********************************************************
ECHO.
SET CHECK=
SET /P CHECK= 开始杀毒(Y/N)?
IF /I NOT "%CHECK%"=="Y" GOTO END
SETLOCAL
SET System=%SystemRoot%system
SET System32=%SystemRoot%system32
SET dllcache=%SystemRoot%System32dllcache
SET Start=%USERPROFILE%「开始」菜单\程序启动
SET Startup=%USERPROFILE%Start MenuProgramsStartup
SET AllStart=%ALLUSERSPROFILE%「开始」菜单\程序启动
SET AllStartup=%ALLUSERSPROFILE%Start MenuProgramsStartup
SET TASKKILL=TASKKILL /F /IM
SET ATTRIB=ATTRIB -R -A -S -H
CLS
ECHO =====清理临时文件夹:=================================
ECHO.
del /F /S /Q "%userprofile%Local SettingsTemporary Internet Files*.*"
del /F /S /Q "%Temp%*.*"
del /F /S /Q "%SystemRoot%Prefetch*.pf"
del /F /Q "%userprofile%Recent*.*"
CLS
ECHO Waiting. . .
ECHO.
ECHO =====正在结束病毒进程:===============================
ECHO.
::ntsd -c q -pn explorer.exe
TSKILL EXPLORER
FOR %%a IN (wincfgs KB20060111 winlog0n Toy systemnt mslogon SXS SVOHOST rose adober SocksA wsctf tel.xls algsrv WINL0GON fun.xls algsrvs) do (
IF NOT %%aW==W (
%TASKKILL% %%a.EXE /T 2>NUL
TSKILL %%a >NUL 2>NUL
)
)
::%windir%EXPLORER.EXE
ECHO.
ECHO.
ECHO =====正在停止、删除病毒服务:=========================
net stop "Distributed Link Tracking Client logger" 2>NUL
sc stop "Distributed Link Tracking Client logger" >NUL 2>NUL
sc delete "Distributed Link Tracking Client logger" 2>NUL
ECHO.
ECHO.
::::::恢复启动文件夹的属性,必须放到删除之前::::::
IF EXIST "%Start%" %ATTRIB% "%Start%"
IF EXIST "%AllStart%" %ATTRIB% "%AllStart%"
::::::下面为英文XP系统使用::::::
IF EXIST "%Startup%" %ATTRIB% "%Startup%"
IF EXIST "%AllStartup%" %ATTRIB% "%AllStartup%"
ECHO =====正在删除硬盘里的病毒文件:=======================
ECHO.
IF EXIST "%Start%windows.exe" (%ATTRIB% "%Start%windows.exe" & DEL "%Start%windows.exe" & ECHO 已删除病毒文件 "%Start%windows.exe")
IF EXIST "%Start%systemnt.exe" (%ATTRIB% "%Start%systemnt.exe" & DEL "%Start%systemnt.exe" & ECHO 已删除病毒文件 "%Start%systemnt.exe")
IF EXIST "%Startup%windows.exe" (%ATTRIB% "%Startup%windows.exe" & DEL "%Startup%windows.exe" & ECHO 已删除病毒文件 "%Startup%windows.exe")
IF EXIST "%Startup%systemnt.exe" (%ATTRIB% "%Startup%systemnt.exe" & DEL "%Startup%systemnt.exe" & ECHO 已删除病毒文件 "%Startup%systemnt.exe")
IF EXIST "%AllStart%windows.exe" (%ATTRIB% "%AllStart%windows.exe" & DEL "%AllStart%windows.exe" & ECHO 已删除病毒文件 "%AllStart%windows.exe")
IF EXIST "%AllStart%systemnt.exe" (%ATTRIB% "%AllStart%systemnt.exe" & DEL "%AllStart%systemnt.exe" & ECHO 已删除病毒文件 "%AllStart%systemnt.exe")
IF EXIST "%AllStartup%windows.exe" (%ATTRIB% "%AllStartup%windows.exe" & DEL "%AllStartup%windows.exe" & ECHO 已删除病毒文件 "%AllStartup%windows.exe")
IF EXIST "%AllStartup%systemnt.exe" (%ATTRIB% "%AllStartup%systemnt.exe" & DEL "%AllStartup%systemnt.exe" & ECHO 已删除病毒文件 "%AllStartup%systemnt.exe")
IF EXIST %windir%KB20060111.exe (%ATTRIB% %windir%KB20060111.exe & DEL %windir%KB20060111.exe & ECHO 已删除病毒文件 "%windir%KB20060111.exe")
IF EXIST %windir%AdobeR.exe (%ATTRIB% %windir%AdobeR.exe & DEL %windir%AdobeR.exe & ECHO 已删除病毒文件 "%windir%AdobeR.exe")
IF EXIST %windir%SXS.EXE (%ATTRIB% %windir%SXS.EXE & DEL %windir%SXS.EXE & ECHO 已删除病毒文件 "%windir%SXS.EXE")
IF EXIST %windir%SVOHOST.EXE (%ATTRIB% %windir%SVOHOST.EXE & DEL %windir%SVOHOST.EXE & ECHO 已删除病毒文件 "%windir%SVOHOST.EXE")
IF EXIST %windir%WINSCOK.DLL (%ATTRIB% %windir%WINSCOK.DLL & DEL %windir%WINSCOK.DLL & ECHO 已删除病毒文件 "%windir%WINSCOK.DLL")
IF EXIST %windir%ufdata2000.log (%ATTRIB% %windir%ufdata2000.log & DEL %windir%ufdata2000.log & ECHO 已删除病毒文件 "%windir%ufdata2000.log")
FOR %%b IN (run.reg systemdate.ini wincfgs.exe winlog0n.exe mslogon.exe autorun.vbs autorun.bin autorun.bat autorun.reg autorun.txt autorun.wsh SXS.EXE SVOHOST.EXE WINSCOK.DLL algsrv.exe SocksA.exe FileKan.exe wsctf.exe wsctf.exe.exe EXPLORER.EXE WINL0GON.exe algsrvs.exe msfun80.exe msime82.exe) do (
IF NOT %%bW==W (
IF EXIST "%System32%\%%b" (
%ATTRIB% "%System32%\%%b"
DEL "%System32%\%%b"
ECHO 已删除病毒文件 "%System32%\%%b"
)
)
)
IF EXIST %System%SXS.EXE (%ATTRIB% %System%SXS.EXE & DEL %System%SXS.EXE & ECHO 已删除病毒文件 "%System%SXS.EXE")
IF EXIST %System%SVOHOST.EXE (%ATTRIB% %System%SVOHOST.EXE & DEL %System%SVOHOST.EXE & ECHO 已删除病毒文件 "%System%SVOHOST.EXE")
IF EXIST %System%WINSCOK.DLL (%ATTRIB% %System%WINSCOK.DLL & DEL %System%WINSCOK.DLL & ECHO 已删除病毒文件 "%System%WINSCOK.DLL")
IF EXIST %dllcache%SXS.EXE (%ATTRIB% %dllcache%SXS.EXE & DEL %dllcache%SXS.EXE & ECHO 已删除病毒文件 "%dllcache%SXS.EXE")
IF EXIST %dllcache%SVOHOST.EXE (%ATTRIB% %dllcache%SVOHOST.EXE & DEL %dllcache%SVOHOST.EXE & ECHO 已删除病毒文件 "%dllcache%SVOHOST.EXE")
IF EXIST %dllcache%WINSCOK.DLL (%ATTRIB% %dllcache%WINSCOK.DLL & DEL %dllcache%WINSCOK.DLL & ECHO 已删除病毒文件 "%dllcache%WINSCOK.DLL")
IF EXIST C:system32 ose.exe DEL /F/A:S C:system32 ose.exe >NUL 2>NUL
IF EXIST C:system.sys DEL /F/A:S C:system.sys >NUL 2>NUL
IF EXIST D:systemdate.ini DEL /F/A:S D:systemdate.ini >NUL 2>NUL
IF EXIST D:systemfile.com DEL /F/A:S D:systemfile.com >NUL 2>NUL
ECHO.
ECHO.
::ECHO 请等待,正在删除_desktop.ini病毒文件:
::FOR %%i IN (C D E F G H I J K L M N O P Q R S T U V W X Y Z) DO IF EXIST %%i: DEL /F /S /Q /A %%i:\_desktop.ini
::ECHO.
ECHO =====正在删除各盘根目录的病毒文件:===================
FOR %%c IN (C D E F G H I J K L M N O P Q R S T U V W X Y Z) DO (
FOR %%d IN (AutoRun.inf sxs.exe rose.exe AutoRun.vbs tel.xls.exe fun.xls.exe) DO (
IF EXIST %%c:\%%d (
%ATTRIB% %%c:\%%d
DEL %%c:\%%d
ECHO 已删除病毒文件 "%%c:\%%d"
)
)
)
ECHO.
ECHO.
ECHO =====清理注册表:=====================================
REG DELETE "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL" /v "CheckedValue" /f >NUL 2>NUL
REG DELETE "HKCUSoftwareMicrosoftWindowsShellNoRoamMUICache" /v "%System32%wincfgs.exe" /f 2>NUL
REG DELETE "HKCUSoftwareMicrosoftWindowsShellNoRoamMUICache" /v "%windir%KB20060111.exe" /f 2>NUL
REG DELETE "HKCUSoftwareMicrosoftWindows NTCurrentVersionWindows" /v "load" /f 2>NUL
REG DELETE "HKLMSOFTWAREMicrosoftShared ToolsMSConfigstartupregLoad" /f 2>NUL
REG DELETE "HKLMSOFTWAREMicrosoftWindowsCurrentVersionRunSoundMam" /f 2>NUL
REG DELETE "HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun" /v "SoundMam" /f 2>NUL
REG DELETE "HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun" /v "RavAV" /f 2>NUL
REG DELETE "HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun" /v "dll" /f 2>NUL
REG DELETE "HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun" /v "ASocksrv" /f 2>NUL
REG DELETE "HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun" /v "IMJPMIG8.2" /f 2>NUL
REG DELETE "HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun" /v "BSserver" /f 2>NUL
REG DELETE "HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun" /v "MsServer" /f 2>NUL
REG DELETE "HKCUSoftwareMicrosoftWindowsCurrentVersionRun" /v "EXPLORER.EXE" /f 2>NUL
REG DELETE "HKCUSoftwareMicrosoftWindowsCurrentVersionRun" /v "wsctf.exe" /f 2>NUL
REG ADD "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHideFileExt" /v "UncheckedValue" /t REG_DWORD /d "0x00000000" /f >NUL 2>NUL
REG ADD "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL" /v "CheckedValue" /t REG_DWORD /d "00000001" /f >NUL 2>NUL
REG ADD "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon" /v "Userinit" /t REG_SZ /d "%System32%userinit.exe," /f >NUL 2>NUL
REG ADD "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v "NoDriveTypeAutoRun" /t REG_DWORD /d "0x000000ff" /f >NUL 2>NUL
ECHO.
ECHO.
ECHO =====删除U盘/Mp3里的病毒文件:========================
ECHO.
IF EXIST .RECYCLER (%ATTRIB% .RECYCLER /S /D & %ATTRIB% .RECYCLER* /S & DEL /S /Q .RECYCLER* & RD /S /Q .RECYCLER & ECHO 已删除病毒文件夹RECYCLER)
FOR %%e IN (AutoRun.inf autorun.bat autorun.bin autorun.reg autorun.txt autorun.wsh autorun.vbs Toy.exe msvcr71.dll RavMonE.exe SHE.exe ctfmon.exe AdobeR.exe AdobeR.exe.log winw0rd.exe tel.xls.exe EXPLORER.EXE Setup.pif fun.xls.exe) do (
IF NOT %%eW==W (
IF EXIST .\%%e (
%ATTRIB% .\%%e
DEL .\%%e
ECHO 已删除病毒文件 "%%e"
)
)
)
ECHO.
ECHO.
ECHO 杀毒结束. . .
ECHO.
ECHO 注意:退出U盘/Mp3再接入才能正常使用!
ECHO.
ECHO 如果杀毒后硬盘分区不能双击打开,建议重启电脑。
ECHO.
ECHO 有其他问题请到 http://virus.lsxk.org/ 咨询。
ECHO.
ECHO 请按任意键退出. . .
ECHO.
pause >NUL 2>NUL
:END
IF EXIST .AUTORUN.INF.txt (ATTRIB -R -A -S -H .AUTORUN.INF.txt & COPY /Y .AUTORUN.INF.txt .AUTORUN.INF >NUL 2>NUL & ATTRIB +S +H .AUTORUN.INF.txt >NUL 2>NUL)
IF EXIST .AUTORUN.INF ATTRIB +S +H .AUTORUN.INF >NUL 2>NUL
::::::结束cmd里管理输入法的进程::::::
%TASKKILL% conime.exe >NUL 2>NUL
TSKILL conime >NUL 2>NUL
ENDLOCAL
exit
编辑完后存到桌面上,注意要把文件类型改成bat哦(删除Autorun病毒.bat 这是我
存的文件名),什么时候想杀毒了,双击运行就行了。
但愿对大家有帮助。
如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。