位置: 编程技术 - 正文
批处理 Autorun 病毒清除工具(批处理rd)
编辑:rootadmin@Echo Off color 2f title Autorun 病毒清除工具-By Phexon Rem 杀进程 taskkill /F /IM SocksA.exe /IM SVOHOST.exe /IM AdobeR.exe /IM ravmone.exe /IM wincfgs.exe /IM doc.exe /IM rose.exe /IM sxs.exe /IM autorun.exe /IM KB.exe /IM tel.xls.exe>nul 2>nul :clearauto cls Echo. Echo Autorun 病毒清除工具 Echo. Echo. Echo. Echo 制作:Phexon Echo. Echo 本程序运行后自动清除每个盘符下面的Autorun病毒 Echo 本程序原理是基于读取每个盘符下的Autorun.inf相关字段 Echo. Echo [1] 仅仅删除所有盘符下的 Autorun 病毒 Echo [2] 删除所有盘符下的 Autorun 病毒并且建立同名免疫目录(推荐!) Echo [3] 禁用系统的 Autorun 机制以避免 Autorun 病毒的再次感染 Echo [4] 取消所有盘符的 Autorun 病毒免疫 Echo [5] 删除并免疫指定盘符的 Autorun 病毒 Echo [6] 取消免疫指定盘符 Echo [7] 恢复相关注册表项默认值 Echo [0] 退出 Echo. Set /p clearslt= 请输入您的选择(1/2/3/4/5/6/7/0): If "%clearslt%"=="" Goto clearauto If "%clearslt%"=="1" Goto clearauto1 If "%clearslt%"=="2" Goto clearauto2 If "%clearslt%"=="3" Goto clearauto3 If "%clearslt%"=="4" Goto clearauto4 If "%clearslt%"=="5" Goto clearauto5 If "%clearslt%"=="6" Goto clearauto6 If "%clearslt%"=="7" Goto clearauto7 If "%clearslt%"=="0" Exit :clearauto1 taskkill /F /IM SocksA.exe /IM SVOHOST.exe /IM AdobeR.exe /IM ravmone.exe /IM wincfgs.exe /IM doc.exe /IM rose.exe /IM sxs.exe /IM autorun.exe /IM KB.exe /IM tel.xls.exe>nul 2>nul For %%a In (C D E F G H I J K L M N O P Q R S T U V W X Y Z) Do ( fsutil fsinfo drivetype %%a: |find /i "固定驱动器" && ( For /f "tokens=2 delims==" %%b In (%%a:autorun.inf) Do Del /a /f /q "%%a:%%b" >nul 2>nul Del /a /f /q %%a:autorun.inf >nul 2>nul ) >nul 2>nul fsutil fsinfo drivetype %%a: |find /i "可移动驱动器" && ( For /f "tokens=2 delims==" %%b In (%%a:autorun.inf) Do Del /a /f /q "%%a:%%b" >nul 2>nul Del /a /f /q %%a:autorun.inf >nul 2>nul ) >nul 2>nul ) cls Echo Autorun 病毒清除完毕,任意键返回…… pause>nul Goto clearauto :clearauto2 taskkill /F /IM SocksA.exe /IM SVOHOST.exe /IM AdobeR.exe /IM ravmone.exe /IM wincfgs.exe /IM doc.exe /IM rose.exe /IM sxs.exe /IM autorun.exe /IM KB.exe /IM tel.xls.exe>nul 2>nul For %%a In (C D E F G H I J K L M N O P Q R S T U V W X Y Z) Do ( fsutil fsinfo drivetype %%a: |find /i "固定驱动器" && ( For /f "tokens=2 delims==" %%b In (%%a:autorun.inf) Do Del /a /f /q "%%a:%%b" & md "%%a:%%b免疫目录不要删除!..." & attrib +s +h +r "%%a:%%b" & Echo Y|cacls "%%a:%%b" /T /C /P everyone:N >nul 2>nul Del /a /f /q %%a:autorun.inf & md "%%a:autorun.inf免疫目录不要删除!..." & attrib +s +h +r %%a:autorun.inf & Echo Y|cacls "%%a:autorun.inf" /T /C /P everyone:N >nul 2>nul ) >nul 2>nul fsutil fsinfo drivetype %%a: |find /i "可移动驱动器" && ( For /f "tokens=2 delims==" %%b In (%%a:autorun.inf) Do Del /a /f /q "%%a:%%b" & md "%%a:%%b免疫目录不要删除!..." & attrib +s +h +r "%%a:%%b" & Echo Y|cacls "%%a:%%b" /T /C /P everyone:N >nul 2>nul Del /a /f /q %%a:autorun.inf & md "%%a:autorun.inf免疫目录不要删除!..." & attrib +s +h +r %%a:autorun.inf & Echo Y|cacls "%%a:autorun.inf" /T /C /P everyone:N >nul 2>nul ) >nul 2>nul ) cls Echo Autorun 病毒清除并免疫完毕,任意键返回…… pause>nul Goto clearauto :clearauto3 cls Echo. Echo 正在停止相关服务…… Echo. reg add "HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0xff /f >nul 2>nul reg add "HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0xff /f >nul 2>nul net stop ShellHWDetection >nul 2>nul sc config ShellHWDetection start= disabled >nul 2>nul Rem 添加防止从回收站或仿回收站的目录中直接运行可执行文件的策略 Set REGPATH=HKLMSOFTWAREPoliciesMicrosoftWindowsSaferCodeIdentifiersPaths Set SFLAG=/v SaferFlags /t REG_DWORD /d 0x /f Set IDATA=/f /v ItemData /d "?:Recyc? reg add %REGPATH%{ffa5bf-abe7--aacf-4faaa} %SFLAG%>nul reg add %REGPATH%{ffa5bf-abe7--aacf-4faaa} %IDATA%****.*">nul reg add %REGPATH%{fe7eed-ca-f6-a-fdcf} %SFLAG%>nul reg add %REGPATH%{fe7eed-ca-f6-a-fdcf} %IDATA%***.*">nul reg add %REGPATH%{4ecc-ae-e-9b-3bdd9} %SFLAG%>nul reg add %REGPATH%{4ecc-ae-e-9b-3bdd9} %IDATA%*.*">nul reg add %REGPATH%{5bfcb-d3fb-e-ec-aba9ff} %SFLAG%>nul reg add %REGPATH%{5bfcb-d3fb-e-ec-aba9ff} %IDATA%****.*">nul reg add %REGPATH%{5c5e2bcd--f4-c-ed2afadd} %SFLAG%>nul reg add %REGPATH%{5c5e2bcd--f4-c-ed2afadd} %IDATA%*.*">nul reg add %REGPATH%{5f8ff--4c6e-de-e7bc6b} %SFLAG%>nul reg add %REGPATH%{5f8ff--4c6e-de-e7bc6b} %IDATA%***.*">nul reg add %REGPATH%{c-0e-c-abe9-beae7} %SFLAG%>nul reg add %REGPATH%{c-0e-c-abe9-beae7} %IDATA%**.*">nul reg add %REGPATH%{fb2-c-4d7b-aeff-df} %SFLAG%>nul reg add %REGPATH%{fb2-c-4d7b-aeff-df} %IDATA%**.*">nul reg add %REGPATH%{d9d2-c9-4ac1-a-ed3ed} %SFLAG%>nul reg add %REGPATH%{d9d2-c9-4ac1-a-ed3ed} %IDATA%*.*">nul reg add %REGPATH%{af2a4fcf-c-e--cdcfd7} %SFLAG%>nul reg add %REGPATH%{af2a4fcf-c-e--cdcfd7} %IDATA%***.*">nul reg add %REGPATH%{bf4b2-c-4e-b-f5ddf} %SFLAG%>nul reg add %REGPATH%{bf4b2-c-4e-b-f5ddf} %IDATA%**.*">nul reg add %REGPATH%{d4e7b6ff-df-f-b8bb-eaf5babc} %SFLAG%>nul reg add %REGPATH%{d4e7b6ff-df-f-b8bb-eaf5babc} /f /v ItemData /d "RECYC*.*">nul Rem 清除喜欢利用回收站的移动磁盘自动运行病毒 For %%a In (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) Do ( For %%b In (exe pif com) Do ( Echo Y|cacls "%%a:Recycler*.%%b" /C /T /P everyone:F>nul 2>nul&Echo Y|cacls "%%a:Recycled*.%%b" /C /T /P everyone:F>nul 2>nul&Echo Y|cacls "%%a:RecycledRecycled*.%%b" /C /T /P everyone:F>nul 2>nul Del /A /F /S /Q "%%a:Recycler*.%%b">nul 2>nul&Del /A /F /S /Q "%%a:Recycled*.%%b">nul 2>nul&Del /A /F /S /Q "%%a:RecycledRecycled*.%%b">nul 2>nul ) )>nul 2>nul Echo. Echo 相关服务已停止并禁用,任意键返回…… pause >nul Goto clearauto :clearauto4 For %%a In (C D E F G H I J K L M N O P Q R S T U V W X Y Z) Do ( fsutil fsinfo drivetype %%a: |find /i "固定驱动器" && ( cacls "%%a:autorun.inf" /T /C /P everyone:F&Del /a /f /q "%%a:autorun.inf" & rd /s /q "%%a:autorun.inf">nul 2>nul )>nul 2>nul fsutil fsinfo drivetype %%a: |find /i "可移动驱动器" && ( cacls "%%a:autorun.inf" /T /C /P everyone:F&Del /a /f /q "%%a:autorun.inf" & rd /s /q "%%a:autorun.inf">nul 2>nul )>nul 2>nul ) cls Echo. Echo 已经解除全部盘符的免疫,任意键返回…… pause>nul Goto clearauto :clearauto5 cls Echo. Set /p pf= 请输入盘符,如"F:"(不包括引号) Echo 即将免疫%pf%盘……|find /i ":"||Set pf=%pf%:&&Echo 即将免疫%pf%盘…… taskkill /F /IM SocksA.exe /IM SVOHOST.exe /IM AdobeR.exe /IM ravmone.exe /IM wincfgs.exe /IM doc.exe /IM rose.exe /IM sxs.exe /IM autorun.exe /IM KB.exe /IM tel.xls.exe>nul 2>nul fsutil fsinfo drivetype %pf% |find /i "固定驱动器" && ( For /f "tokens=2 delims==" %%a In (%pf%autorun.inf) Do Del /a /f /q "%pf%%%a" & md "%pf%%%a免疫目录不要删除!..." & attrib +s +h +r "%pf%%%a" & Echo Y|cacls "%pf%%%a" /T /C /P everyone:N >nul 2>nul Del /a /f /q %pf%autorun.inf & md "%pf%autorun.inf免疫目录不要删除!..." & attrib +s +h +r %pf%autorun.inf & Echo Y|cacls "%pf%autorun.inf" /T /C /P everyone:N >nul 2>nul Goto DoneclearAuto ) >nul 2>nul fsutil fsinfo drivetype %pf% |find /i "可移动驱动器" && ( For /f "tokens=2 delims==" %%a In (%pf%autorun.inf) Do Del /a /f /q "%pf%%%a" & md "%pf%%%a免疫目录不要删除!..." & attrib +s +h +r "%pf%%%a" & Echo Y|cacls "%pf%%%a" /T /C /P everyone:N >nul 2>nul Del /a /f /q %pf%autorun.inf & md "%pf%autorun.inf免疫目录不要删除!..." & attrib +s +h +r %pf%autorun.inf & Echo Y|cacls "%pf%autorun.inf" /T /C /P everyone:N >nul 2>nul Goto DoneclearAuto ) >nul 2>nul Echo. Echo 您所输入的盘符不存在或者是只读设备, Echo 请重新输入 Goto clearauto5 :DoneclearAuto cls Echo. Echo 指定的磁盘 %pf% 已经成功进行了 Autorun 病毒的清除及免疫 Echo. Echo [1] 继续免疫其他磁盘 Echo [0] 返回主菜单 Set /p choice= 请输入您的选择(1/0): If %choice%="" Goto DoneclearAuto If %choice%="1" Goto clearauto5 If %choice%="0" Goto clearauto :clearauto6 cls Echo. Set /p pf= 请输入盘符,如"F:"(不包括引号) Echo 即将取消免疫%pf%盘……|find /i ":"||Set pf=%pf%:&&Echo 即将取消免疫%pf%盘…… fsutil fsinfo drivetype %pf% |find /i "固定驱动器" && ( cacls "%pf%autorun.inf" /T /C /P everyone:F&Del /a /f /q "%pf%autorun.inf" & rd /s /q "%pf%autorun.inf">nul 2>nul Goto DoneUnauto )>nul 2>nul fsutil fsinfo drivetype %pf% |find /i "可移动驱动器" && ( cacls "%pf%autorun.inf" /T /C /P everyone:F&Del /a /f /q "%pf%autorun.inf" & rd /s /q "%pf%autorun.inf">nul 2>nul Goto DoneUnauto )>nul 2>nul Echo. Echo 您所输入的盘符不存在或者是只读设备, Echo 请重新输入 Goto clearauto6 :DoneUnauto cls Echo. Echo 指定的磁盘 %pf% 已经成功解除了 Autorun 病毒免疫 Echo. Echo [1] 继续解除免疫其他磁盘 Echo [0] 返回主菜单 Set choice= Set /p choice= 请输入您的选择(1/0): If %choice%="" Goto DoneUnauto If %choice%="1" Goto clearauto6 If %choice%="0" Goto clearauto :clearauto7 cls Rem 防止在资源管理器中彻底隐藏文件、禁止文件等 reg add "HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL" /v CheckedValue /t REG_DWORD /d 0x /f>nul 2>nul reg delete "HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerMountPoints2" /f>nul 2>nul reg delete "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun" /f>nul 2>nul reg delete "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer" /v DisallowRun /f>nul 2>nul Rem 防止转移启动组位置 reg add "HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders" /v Startup /d "%USERPROFILE%「开始」菜单程序启动" /f>nul 2>nul reg add "HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders" /v "Common Startup" /d "%ALLUSERSPROFILE%「开始」菜单程序启动" /f>nul 2>nul Echo. Echo 相关注册表恢复完毕,任意键返回…… pause>nul Goto clearauto 
推荐整理分享批处理 Autorun 病毒清除工具(批处理rd),希望有所帮助,仅作参考,欢迎阅读内容。
文章相关热门搜索词:批处理 /y,批处理loop,批处理/d,批处理 /a,批处理 leq,批处理rd,批处理 leq,批处理 /a,内容如对您有帮助,希望把文章链接给更多的朋友!
批处理FINDSTR正则表达式用法实例分析 1.findstr.2.txt或Findstr"."2.txt从文件2.txt中查找任意字符,不包括空字符或空行2.findstr.*2.txt或findstr".*"2.txt从文件2.txt中查找任意字符包括空行和空字符3.findst
for命令的一些bug分析 1、关于冒号:当某行内容以:打头时,用for/f"tokens=1*delims=:"%%iin('findstr/n.*test.txt')doecho.%%j会把:过滤掉;2、关于分号:findstr.*test.txt可以把以分号打头的行
for语句中的几种分隔符形式小结 其实for/l%iin(1,1,)do@echo%i括号中间的分隔号有多种形式如下:for/l%iin(1,1,)do@echo%ifor/l%iin()do@echo%ifor/l%iin(1;1;)do@echo%ifor/l%iin(1=1=)do@echo%ifor/l%iin(1tab1tab
标签: 批处理rd
本文链接地址:https://www.jiuchutong.com/biancheng/378405.html 转载请保留说明!下一篇:批处理FINDSTR正则表达式用法实例分析(find 批处理)
