标题: [安全相关] 批处理版autorun.inf终结者 [打印本页]
作者: novaa 时间: 2007-12-17 20:12 标题: 批处理版autorun.inf终结者
此批处理更具本人的杀AUTORUN.INF的经验。结合批处理进行操作的。
此autorun.inf终结者 (希望允许我这样叫它)具有如下的功能:
1.暂停病毒进程(本人试过,的确可以利用taskkill终止)
2.清除病毒。
3.删除AUTORUN.INF文件。
4.恢复注册表
5.建立防御AUTORUN.INF病毒的文件夹。
ps:
由于此autorun.inf终结者(嘿嘿)不可能更具特征码判断。此批处理的原理是更具磁盘更目录是否具有autorun.inf文件判断,所以如果你磁盘更目录下又autorun.inf文件或者建立了防御autorun.inf的文件夹请认清楚后删除!确保无误删- @echo off&setlocal enabledelayedexpansion&mode con cols=61 lines=20&title autorun.inf终结者
- color 02
- set "UnSafe=你的电脑可能中了Autorun.inf病毒"
- set "List=1.扫描全盘,2.杀除病毒,3.恢复注册表,4.防御AUTORUN病毒,5.说明,0.推出"
- :Menu
- cls&echo\&echo\
- for %%i in (%List%) do set /p= %%i<nul&echo\&echo\
- echo 请输入你想选择的功能:
- set /p Choice=
- if "%Choice%"=="0" exit
- for /l %%i in (1 1 5) do if "%%i"=="%Choice%" set Ok=1
- if defined Ok (goto :Choice%Choice%) else (echo 错误的输入!&ping /n 3 127.1>nul&goto :Menu)
- :Choice1
- for /f "delims=" %%i in ('fsutil fsinfo drives^|more') do (
- set Disk=%%i
- if "!Disk:~1,1!"==":" (call :CheckDisk !Disk!) else (call :CheckDisk !Disk:~-3!)
- )
- if defined No (
- cls&echo\&echo\&echo\
- echo %UnSafe%&echo\&echo\
- echo 建议你进行杀毒,即将返回主菜单!&ping /n 3 127.1>nul
- goto :Menu
- )
- :CheckDisk
- cls&echo\&echo\&echo\&echo 正在扫描%1
- call rocessBar
- cls&echo\&echo\&echo\
- if exist %1autorun.inf (set No=1&call :EchoAuto %UnSafe%) else (call :EchoAuto 该磁盘不存在病毒!)
- goto :eof
- :EchoAuto
- echo %1&echo\&echo\
- echo 任意键继续扫描
- pause>nul
- goto :eof
- rocessBar
- echo\&echo\
- for /l %%i in (1 1 60) do set /p=^|<nul
- for /l %%i in (1 1 60) do set /p=<nul
- for /l %%i in (1 1 60) do (set /p=^><nul
- for /l %%i in (1 1 100) do ver>nul
- )
- goto :eof
- :Choice2
- cls&echo\&echo\
- if not defined No echo 建议先进行扫描!&ping /n 1 127.1>nul&echo\&echo\
- echo 任意键继续杀毒&echo\&echo\
- echo 返回主菜单请输入:B
- set /p Choice_2=
- if /i "%Choice_2%"=="B" (goto :Menu)
- for /f "delims=" %%i in ('fsutil fsinfo drives^|more') do (
- set Disk=%%i
- if "!Disk:~1,1!"==":" (call :ReadKill !Disk!) else (call :ReadKill !Disk:~-3!)
- )
- if defined Exist (echo 病毒已经清理完毕!即将返回主菜单!&ping /n 3 127.1>nul&goto :Menu) else (
- echo 没有此类病毒!即将返回主菜单!&ping /n 3 127.1>nul&goto :Menu
- )
- :ReadKill
- if exist %1autorun.inf (
- set Exist=1
- for /f "skip=2 tokens=2 delims=^=" %%j in (%1autorun.inf) do (
- set TargetVirus=%%j
- echo !TargetVirus!>>Kill.ini
- call :TaskKill %%j
- del /a /q /s %%j
- )
- attrib -h -s -r %1autorun.inf
- del /a /q %1autorun.inf
- )
- goto :eof
- :TaskKill
- set "Target=%~nx1"
- taskkill /fi "IMAGENAME eq !Target!"
- goto :eof
- :Choice3
- cls&echo\&echo\
- echo 如果没有确认中毒,建议返回主菜单!
- echo\&echo\
- echo 继续请输入:C
- echo\&echo\
- echo 任意键返回!
- set /p Choice_3=
- if /i "%Choice_3%"=="C" (goto :ChoiceNext) else (goto :Menu)
- :ChoiceNext
- for /f "delims=" %%i in (Kill.ini) do (
- for /f "delims=" %%j in ('reg query HKLM\software\microsoft\windows\currentversion\run^|findstr /c:"%%i"') do set "Target_Virus=%%j"
- if "!Target_Virus!"=="" (echo 启动项中不存在此病毒!) else (
- for /f "tokens=1,2*" %%k in ("!Target_Virus!") do set "Target_Virus_Name=%%k"
- echo 确定删除!Target_Virus!选项吗?确定输入:Y
- set /p DeleteYN=
- if /i "!DeleteYN!"=="Y" do (reg delete HKLM\Software\Microsoft\Windows\Currentversion\Run /v !Target_Virus_Name! /f>nul&echo 已经删除!&ping /n 3 127.1>nul)
- )
- pause
- for /f "delims=" %%j in ('reg query HKCU\software\microsoft\windows\currentversion\run^|findstr /c:"%%i"') do set "Target_Virus=%%j"
- if "!Target_Virus!"=="" (echo 启动项中不存在此病毒!) else (
- for /f "tokens=1,2*" %%k in ("!Target_Virus!") do set "Target_Virus_Name=%%k"
- echo 确定删除!Target_Virus!选项吗?确定输入:Y
- set /p DeleteYN=
- if /i "!DeleteYN!"=="Y" do (reg delete HKCU\Software\Microsoft\Windows\Currentversion\Run /v !Target_Virus_Name! /f>nul&echo 已经删除!&ping /n 3 127.1>nul)
- )
- )
- reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\shell /f>nul
- reg add HkCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f>nul
- reg add HkCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f>nul
- echo 注册表恢复成功!将返回主菜单!&ping /n 3 127.1>nul&goto :Menu
- :Choice4
- cls&echo\&echo\
- echo 再所有分区建立文件夹输入:1
- echo\&echo\
- echo 自定义分区建立文件夹输入:2
- echo\&echo\
- echo 任意键返回
- set /p Choice_4=
- if /i "%Choice_4%"=="1" goto :Choice_41
- if /i "%Choice_4%"=="2" (goto :Choice_42) else (goto :Menu)
- :Choice_41
- cls&echo\&echo\
- for %%i in (f) do (
- if exist %%i:\ (
- pushd %%i:\
- md autorun.inf
- attrib +h +r autorun.inf
- pushd autorun.inf
- md 防止autorun.inf病毒..\
- )
- )
- echo 不死文件夹创建成功!将返回主目录!&ping /n 3 127.1>nul&goto :Menu
- :Choice_42
- cls&echo\&echo\
- set /p TargetDisk=请输入你想建立文件夹的磁盘(比如C:\):
- if exist TargrtDisk(
- pushd %%i:\
- md autorun.inf
- attrib +h +r autorun.inf
- pushd autorun.inf
- md 防止autorun.inf病毒..\
- ) else (echo 此磁盘目录不存在!&ping /n 3 127.1>nul)
- cls&echo\&echo\
- echo 继续请输入:0
- echo\&echo\
- echo 返回主菜单请输入:1
- set /p Choice_Again=
- if /i "%Choice_Again%"=="0" goto :Choice_42
- if /i "%Choice_Again%"=="1" goto :Menu
- :Choice5
- cls&echo\&echo 正在加载,请等待......
- echo\&echo\&echo\
- for /l %%i in (1 1 29) do set Table= !table!
- set,=!Table!^
- 由于最近autorun.inf类病毒较多,在本人两朋友相继^
- 中毒后,本人决定写这个专杀.^
- 此专杀具有停止病毒创建的进程,^
- 删除病毒文件,恢复注册表,建立不死文件夹以防治病毒的功能的功能.^
- 欢迎大家测试!^
- By Novaa
- for /l %%i in (1 1 195) do (
- set /p=!,:~0,30!<nul
- for /l %%j in (1 1 700) do set /p=<nul
- for /l %%k in (1,1,61) do (set /p=<nul)
- set ,=!,:~1!
- )
- ping /n 3 127.1>nul&goto :Menu
复制代码
作者: 小飞机 时间: 2007-12-20 23:32
前两天刚刚中过这东西,支持一下。
作者: novaa 时间: 2007-12-30 21:53
原帖由 543089122 于 2007-12-30 21:27 发表
确实有效果 我来顶一下下
哈哈。。
[ 本帖最后由 novaa 于 2007-12-30 21:55 编辑 ]
作者: lbl8029 时间: 2008-5-5 22:08
下下来看看怎么样了
作者: 葱头 时间: 2008-5-6 09:13
自己原创的?~~~~~~~~~~~~如果是的楼主就辛苦了~~~~~~~~~~~~
欢迎光临 批处理之家 (http://bathome.net./) |
Powered by Discuz! 7.2 |