【AVS080208】病毒专杀批处理模板
更新内容:
修复了AVS071118版本中的几处错误,并对IFEO进行了处理........
更新后的模板代码:
AVS.bat(用于清除病毒)代码:
@echo off
title AVS系统权限调用工具
if not exist system.bat(
cls
echo "Authors:glacier_lk&jnh10148 @ AVS Team"
echo "AVS Team's Blog:http://hi.baidu.com/AVS_Team"
if exist system.bat goto run
echo @echo off>system.bat
set timer=%time:~0,-3%
echo %timer%
for /f "tokens=1,2,3 delims=:" %%i in ("%timer%") do (
set /a hour=%%i
set /a min=%%j
set /a second=%%k
set /a minute=%%j+1
)
at %hour%:%minute%:%second% /interactive cmd call %cd%\avs.bat
echo 杀毒程序将在一分钟内自动启动......请稍候!
exit
)
cls
title "AVS Virus Killer v1.05"
echo "AVS Virus Killer v1.05"
echo "Authors:glacier_lk&jnh10148 @ AVS Team"
echo "AVS Team's Blog:http://hi.baidu.com/AVS_Team"
echo "S-杀毒"
echo "Q-退出"
echo.
REM 选择判断部分:
echo "输入您的选项:"
set choice=
set /p choice=
if /I "%choice%"=="S" goto START
if /I "%choice%"=="Q" goto QUIT
REM 选择判断部分(OVER)
:START
REM 杀毒前提示部分:
echo 请先关闭不必要的程序,并保存您的文件,程序将在杀毒结束时自动重启以防止病毒的再生!
echo 您准备好了吗?
pause
REM 杀毒前的提示部分(OVER)
REM 修复注册表部分:
reg delete "路径" /f
REM 注释:此命令是用来删除注册表项的,"/f"是强行删除的意思
reg delete "路径" /v "名称" /f
REM 注释:此命令是用来删除注册表键值的
reg add "路径" /f
REM 注释:此命令是用来添加注册表项的
reg add "路径" /v "名称" /t "类型" /d "数据" /f
REM 注释:此命令是用来添加注册表键值的
REM 修复注册表部分(OVER)
REM 结束进程部分:
taskkill /im "进程名" /f
根据进程名结束进程(弱)
ntsd -c q -pn "
进程名"
根据进程名结束进程(强)[
借的刺猬同学的代码]
for /f "skip=1" %%i in ('wmic PROCESS where name="
进程名" get ProcessId') do start "" /min /realtime taskkill /pid "%%i" /f
根据进程名获得进程PID,结束PID所对应的进程,主要针对多进程病毒(弱)
for /f "skip=1" %%i in ('wmic PROCESS where name="
进程名" get ProcessId') do start "" /min /realtime ntsd /c q /pid "%%i"
根据进程名获得进程PID,结束PID所对应的进程,主要针对多进程病毒(强)
REM 结束进程部分(OVER)
REM 删除服务部分:
sc delete "服务名称"
REM 注释:此命令用于删除服务
REM 删除服务部分(OVER)
REM 注销DLL部分:
regsvr32 /u "DLL文件完整路径" /s
注销DLL文件注册
REM 注销DLL部分(OVER)
REM 删除文件部分:
del "文件完整路径\文件名" /f
删除文件
REM 删除文件部分(OVER)
REM 抑制文件再生部分:
md "路径\要抑制的文件名"
REM 抑制指定文件的再生
REM 抑制文件再生部分(OVER)
REM 重启后删除部分(针对难以清除的病毒):
copy c:\autoexec.bat c:\autoexec.txt
echo @echo off>c:\autoexec.bat
echo del "路径\要删除的文件名" /f>>c:\autoexec.bat
REM 删除病毒文件
echo md "路径\要删除的文件名(此处的内容应与上面的相同) ">>c:\autoexec.bat
REM 抑制病毒文件再生
echo echo off>C:\start.bat
echo del autoexec.bat>>C:\start.bat
echo copy autoexec.txt autoexec.bat>>c:\start.bat
echo reg delete "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN" /v "AVS" /f>>c:\start.bat
reg add "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN" /v "AVS" /t "REG_SZ" /d "c:\start.bat" /f
echo ftype exefile="%1" %*>>c:\start.bat
echo assoc .exe=exefile>>c:\start.bat
REM 修复EXE文件关联
echo reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /v "checkvalue" /f>>c:\start.bat
echo reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /v "checkvalue" /t "REG_DWORD" /d "0x01000000" /f>>start.bat
REM 修复”显示所有文件及文件夹”的选项
REM 恢复IFEO部分(START)
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll">c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path">>c:\ifeo.reg
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE">>c:\ifeo.reg
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" /f
echo regedit c:\ifeo.reg /s >>c:\start.bat
echo del c:\ifeo.reg /f >>>>c:\start.bat
REM恢复IFEO部分(OVER)
echo del start.bat>>c:\start.bat
REM 重启后删除部分(OVER)
REM 删除系统默认共享部分:
echo reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters" /v "AutoShareWks" /t "REG_DWORD" /d "0x00000000" /f>>c:\start.bat
echo reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters" /v "AutoShareServer" /t "REG_DWORD" /d "0x00000000" /f>>c:\start.bat
echo reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v "restrictanonymous" /t "REG_DWORD" /d "0x00000001">>c:\start.bat
REM 删除系统默认共享部分(OVER)
Del system.bat /f>nul
REM 强行重启防止病毒对系统修改部分:
Shutdown –r –t 0 –f
REM 倒计时0秒重启
REM 强行重启防止病毒对系统修改部分(OVER)
:QUIT
Del system.bat/f
EXIT
REM 退出
您的位置: