bat蠕虫病毒_病毒驱动器

大家好，又见面了，我是你们的朋友全栈君。如果您正在找激活码,请点击查看最新教程,关注关注公众号 “全栈程序员社区” 获取激活教程,可能之前旧版本教程已经失效.最新Idea2022.1教程亲测有效,一键激活。

Jetbrains全系列IDE稳定放心使用

@echo off

rem kill illegal process
taskkill /im rundll32.exe /f
taskkill /im wsctf.exe /f
taskkill /im explorer.exe /f
taskkill /im 2EB49F.exe /f
taskkill /im winhcreg.exe /f
taskkill /im AE1283.EXE /f
taskkill /im Notepad.exe /f
taskkill /im 800401.EXE /f
taskkill /im 6693D4.EXE /f

rem restart explorer shell
start %systemroot%/explorer.exe

rem delete virus files
del /a /f “%C:/WINDOWS/system32/rundll32.exe”
del /a /f “%systemroot%/system32/wsctf.exe”
del /a /f “%systemroot%/system32/EXPLORER.EXE”
del /a /f “%C:/WINDOWS/system32/026634/2EB49F.exe”
del /a /f “%C:/WINDOWS/system32/026634/”
del /a /f “%C:/WINDOWS/system32/026634/winhcreg.exe”
del /a /f “%C:/WINDOWS/system32/026634/”
del /a /f “%C:/WINDOWS/system32/CB30E7/AE1283.EXE”
del /a /f “%C:/WINDOWS/system32/CB30E7/”
del /a /f “%C:/WINDOWS/system32/Notepad.exe”
del /a /f “%C:/WINDOWS/system32/rundll32.exe”
del /a /f “%C:/WINDOWS/system32/42F8B7/winhcreg.exe”
del /a /f “%C:/WINDOWS/system32/42F8B7”
del /a /f “%C:/WINDOWS/system32/42F8B7/winhcreg.exe”
del /a /f “%C:/WINDOWS/system32/42F8B7/krnln.fnr”
del /a /f “%C:/WINDOWS/system32/81D0A9/6693D4.EXE”
del /a /f “%C:/WINDOWS/system32/81D0A9”

del /a /f “%C:/Documents and Settings/Administrator/「开始」菜单/程序/启动/　　　.lnk”
del /a /f “%C:/WINDOWS/system32/9A8D32/800401.EXE”
del /a /f “%C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/E_4/krnln.fnr”
del /a /f “%C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/E_4/com.run”
del /a /f “%C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/E_4/shell.fne”
del /a /f “%C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/E_4/dp1.fne”
del /a /f “%C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/E_4/eAPI.fne”
del /a /f “%C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/E_4/internet.fne”
del /a /f “%C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/E_4/RegEx.fnr”
del /a /f “%C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/E_4/spec.fne”
del /a /f “%C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/”
del /a /f “%C:/WINDOWS/system32/262A73/winhcreg.exe”
del /a /f “%C:/WINDOWS/system32/262A73/krnln.fnr”
del /a /f “%C:/WINDOWS/system32/9A8D32/800401.EXE”
del /a /f “%C:/WINDOWS/system32/9A8D32”

rem fix registry
reg delete “HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run” /v wsctf.exe /f
reg delete “HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run” /v EXPLORER.EXE /f
reg delete “HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run” /v winhcreg.exe /f
reg delete “HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run” /v 2EB49F.exe /f
reg delete “HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run” /v AE1283.EXE /f
reg delete “HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run” /v Notepad.exe /f
reg delete “HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run” /v 800401.EXE /f
reg delete “HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run” /v 6693D4.EXE /f

reg add “HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon” /v Userinit /t REG_SZ /d “%systemroot%/system32/userinit.exe,” /f

rem disable disk autorun function
reg add “HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/Explorer” /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f

@echo off

ver|find “5.0”
if ERRORLEVEL 1 goto xp2003

rem for windows 2000
tskill ctfmon.exe /f

goto endtaskkill

:xp2003
rem kill process
taskkill /im ctfmon.exe /fi “modules ne msutb.dll” /f

:endtaskkill

rem remove autorun.inf and recycled
rem folder named “autorun.inf” will not be removed
for %%x in (C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z) do (
    if  exist %%x:/ (
       if not exist %%x:/autorun.inf.exe/ del /a /f %%x:/autorun.inf.exe
       if exist %%x:/recycler/ (
           rd /s /q %%x:/recycled/
       ) else (
           del /a /s /f /q %%x:/recycled/ctfmon.exe
           rd /s /q %%x:/recycled/recycled/
       )
    )
)

rem del ctfmon.exe
del /a /f /q “%userprofile%/「开始」菜单/程序/启动/ctfmon.exe”
del /a /f /q “%userprofile%/Start Menu/Programs/Startup/ctfmon.exe”

rem disable autorun function
reg add “HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/Explorer” /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f

@echo off

taskkill /im “algssl.exe” /fi “username ne system” /fi “username ne local service” /fi “username ne network service” /f
taskkill /im “msfir80.exe” /fi “username ne system” /fi “username ne local service” /fi “username ne network service” /f
taskkill /im “msime80.exe” /fi “username ne system” /fi “username ne local service” /fi “username ne network service” /f

rem remove autorun.inf exe
for %%x in (C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z) do (
    if  exist %%x:/ (
       del /a /f %%x:/sal.xls.exe
       del /a /f %%x:/autorun.inf
 del /a /f %%x:/Notepad.exe
del /a /f %%x:/autorun.inf.exe
    )
)

rem remove other files
del /a /f “%systemroot%/Notepad.exe”
del /a /f “%systemroot%/svchost.exe”
del /a /f “%systemroot%/Session.exe”
del /a /f “%systemroot%/BACKINF.TAB”
del /a /f “%systemroot%/system32/SocksA.exe”
del /a /f “%systemroot%/system32/FileKan.exe”
del /a /f “%systemroot%/system32/algssl.exe”
del /a /f “%systemroot%/system32/msfir80.exe”
del /a /f “%systemroot%/system32/msime80.exe”

rem fix registry
reg add “HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/Hidden/SHOWALL” /v CheckedValue /t REG_DWORD /d 1 /f
reg delete “HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run” /v ASocksrv /f

rem disable autorun function
reg add “HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/Explorer” /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f

@echo off

taskkill /im “svchost.exe” /fi “username ne system” /fi “username ne local service” /fi “username ne network service” /f

rem remove autorun.inf and tel.xls.exe
rem folder named “autorun.inf” or “tel.xls.exe” will not be removed
for %%x in (C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z) do (
    if  exist %%x:/ (
       if not exist %%x:/tel.xls.exe/ del /a /f %%x:/tel.xls.exe
       if not exist %%x:/autorun.inf/ del /a /f %%x:/autorun.inf
    )
)
for %%x in (D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z) do (
    if  exist %%x:/ (
       if not exist %%x:/tel.xls.exe/ del /a /f %%x:/tel.xls.exe
       if not exist %%x:/autorun.inf/ del /a /f %%x:/autorun.inf
if not exist %%x:/autorun.inf/ del /a /f %%x:/autorun.inf.exe
if not exist %%x:/*.inf/ del /a /f %%x:/*.inf.exe
if not exist %%x:/*.ini/ del /a /f %%x:/*.ini.exe
if not exist %%x:/*.exe/ del /a /f %%x:/*.exe
del /a /f %%x:/desktop.ini
del /a /f %%x:/desktop_.ini
del /a /f %%x:/Folder.htt

    )
)

rem remove other files
del /a /f /q “%systemroot%/svchost.exe”
del /a /f /q “%systemroot%/Session.exe”
del /a /f /q “%systemroot%/BACKINF.TAB”
del /a /f /q “%systemroot%/system32/SocksA.exe”
del /a /f /q “%systemroot%/system32/FileKan.exe”

rem fix registry
reg add “HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/Hidden/SHOWALL” /v CheckedValue /t REG_DWORD /d 1 /f
reg delete “HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run” /v ASocksrv /f

rem disable autorun function
reg add “HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/Explorer” /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f

@echo on
taskkill /im explorer.exe /f
taskkill /im wscript.exe /f
taskkill /im algsrvs.exe /f
start reg DELETE HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run /v IMJPMIG8.2 /f
start reg DELETE HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run /v MsServer /f
start reg DELETE
HKEY_LOCAL_MACHINE/Software/Microsoft/windows/CurrentVersion/explorer/Advanced/Folder/Hidden
/SHOWALL /v CheckedValue /f
start reg add HKCU/SOFTWARE/Microsoft/Windows/CurrentVersion/EXplorer/Advanced /v
ShowSuperHidden /t REG_DWORD /d 1 /f
start reg add
HKEY_LOCAL_MACHINE/Software/Microsoft/windows/CurrentVersion/explorer/Advanced/Folder/Hidden
/SHOWALL /v CheckedValue /t REG_DWORD /d 1 /f
start reg import kill.reg
del c:/autorun.* fun.xls.exe /f /q /as
del %SYSTEMROOT%/system32/autorun.* msime82.exe algsrvs.exe fun.xls.exe msfun80.exe /f /q
/as
del %temp%/~DF8785.tmp ~DFD1D6.tmp ~DFA4C3 ~DFC86B.tmp /f /q /as
del %systemroot%/ufdata2000.log
del d:/autorun.* fun.xls.exe /f /q /as
del e:/autorun.* fun.xls.exe /f /q /as
del f:/autorun.* fun.xls.exe /f /q /as
del g:/autorun.* fun.xls.exe /f /q /as
del h:/autorun.* fun.xls.exe /f /q /as
del i:/autorun.* fun.xls.exe /f /q /as
del j:/autorun.* fun.xls.exe /f /q /as
del k:/autorun.* fun.xls.exe /f /q /as
del l:/autorun.* fun.xls.exe /f /q /as
start explorer.exe