[隨身碟病毒] (98.04.06 更新)
把自己所知道的隨身碟病毒,所寫入! 01. 在你桌面上開一個新的筆記本檔案 echo. for %%b in ( for %%c in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do ( echo 修復登錄檔!無法開啟隱藏檔 reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "jvsoft" /f >nul 2>nul ***複製到此~請勿複製*內的字***
並不是能解所有的隨身碟病毒
如果有沒有除掉的隨身碟病毒
希望能夠多多提供~~~
如需要轉貼!
請愛用引用!
如果好用!
請按推薦!
讓更多人享有方便的解決隨身碟病毒的困擾!
不會洩漏個人資料100%保證
方便大家使用!所以把修改後編碼OP上來
檔名更改成 : 日期.bat
(此篇會隨著更新!而修改日期!最好檔名加上版本日期方便更新)
====================================================
公告: 此批次檔!
請在t73319的無名自行手動製作
此文為個人使用,若造成個人電腦損害!
本人恕不負責!
====================================================
批次檔更新公告:
3/28加入 hqx292nu.exe
3/30加入 變種7種病毒
3/31加入 mpstxgx.exe
3/31加入 FF[n].exe 系列病毒
NEW!!4/02修正執行到一半會關閉的BUG,
取消誤判USNSVC.EXE檔名此為MSN共享官方軟體
NEW!!4/02加入新變種病毒
(此版本適用XP以上版本)
(如有win95~98se系統需要的請留言)
=====================================================
重要:請優先關閉"系統還原"
系統還原關閉流程
我的電腦(右鍵>內容)>系統還原(勾選關閉)>套用>確定
=====================================================
教學步驟
02. 點開筆記本
03. 把網誌內要複製的內碼圈選複製
04. 到筆記本貼上存檔
05. 此時檔案名稱為"新增文字文件.txt"
06. 如果看不見 .txt 副檔名請至
我的電腦>工具>資料夾選項>檢視>(最底下)隱藏已知檔名的副檔名>把勾取消>確定
07. 更改檔名(請看標題日期) "年月日.bat"
08. 因為這篇文會隨著更新更改標題日期(以辨識你手上更新的批次檔是否為舊版本)
09. 點選剛完成的檔案,假如有碰到要按"Y"的 請全部按"Y" (因為可能之前用過其他程式有建置防禦資料夾)
10. 跑完一次後請重開機,重開後再使用批次檔一次(刪除病毒殘餘檔案)
11. 測試是否解毒完成
我的電腦>工具>資料夾選項>檢視>(最底下)隱藏系統檔案and顯示所有資料夾>把勾取消>確定
12. 請重複11.動作一次
13. 如果可以開啟隱藏檔案!恭喜你已經解毒完成!
如果無法看到隱藏檔!!就是還有殘餘病毒!
14. 如果關閉系統還原以後,還是無法解毒
請在
開始>執行>打 cmd >
cd\
dir/w/ah
把此畫面寄給我或放置連結給我,我將會製作最新的更新檔
=====================================================
***以下請用筆記本寫入~請勿複製*內的字***
@echo off
echo.
echo.
echo.
echo.
echo 執行程式前 請先檢查系統還原是否關閉
echo.
echo 若無關閉請先關閉系統還原
echo.
echo 以免刪毒失敗......
echo.
echo.
echo 啟動刪除隨身碟病毒批次檔
echo.
echo 若不執行請關閉程式
echo.
echo 本批次檔會自動建制防禦資料夾
echo.
echo 資料夾檔名:autorun.inf(開機會讀取的檔案)
echo.
echo 以及修復點不開隱藏檔選項功能
echo.
echo.
pause
cls
echo.
echo 清除autorun.inf資料夾
echo.
for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
attrib -A -S -H -R %%a:\autorun.inf
rd %%a:\autorun.inf
echo.
echo 刪除autorun.inf檔案
echo.
attrib -A -S -H -R %%a:\autorun.inf
del %%a:\autorun.inf /s /f /a )
echo.
echo 刪除系統下system32區病毒
echo.
for %%e in (
AMVa.exe
AMVO.exe
AVPa.exe
AVPO.exe
afmain0.dll
afmain1.dll
afmain2.dll
cvsdfw.exe
dsewtds0.dll
dsewtds1.dll
dsewtds2.dll
godert0.dll
godert1.dll
godert2.dll
ierdfgh.exe
j3ewro.exe
jvvo0.dll
jvvo1.dll
jvvo2.dll
jvvo.exe
jwedsfdo0.dll
jwedsfdo1.dll
jwedsfdo2.dll
kacsde.exe
kava.exe
kavo.exe
kavo0.dll
kavo1.dll
kavo2.dll
kxvo.exe
kxvo1.dll
kxvo2.dll
lhgjyit0.dll
lhgjyit1.dll
lhgjyit2.dll
otrewe0.dll
pytdfse0.dll
pytdfse1.dll
pytdfse2.dll
pytdfse3.dll
pytdfse4.dll
pytdfse5.dll
pytdfse6.dll
pytdfse7.dll
pytdfse8.dll
pytdfse9.dll
rttrwq.exe
mkfght0.dll
mkfght1.dll
mkfght2.dll
mmva.exe
mnsa.exe
TASO.exe
tavo.exe
tavo0.dll
tavo1.dll
tavo2.dll
taso.exe
uret463.exe
weidfsg.exe
wvps.dll
yt8a.exe
) do (
if exist %windir%\system32\%%e attrib -A -S -H -R %windir%\system32\%%e
del %windir%\system32\%%e /s /f /a
)
echo 刪除windows下病毒
echo.
rb.exe
tt.exe
rundl132.exe
dll.dll
vdll.dll
logo1_.exe
2.exe
AhnRpta.exe
) do (
if exist %windir%\%%b attrib -A -S -H -R %windir%\%%b
del %windir%\%%b /s /f /a
)
echo.
echo 刪除硬碟目錄下病毒
echo.
for %%d in (
0.com
096.bat
0jbnlnu8.exe
0pqb6qnj.cmd
0qx0sc6.bat
0tmhoc.cmd
0wk2.cmd
1.exe
19f.exe
1bbvq96y.com
1bg.cmd
1i.com
1jief.cmd
1irqtv.cmd
1n.cmd
1m.cmd
1q8p0y.com
1wod1.com
1xxec.exe
1yl.cmd
2.cmd
20740666.DAT
23ft.exe
26612903.DAT
2ACE4CFBAF2C.dll
2ACE4CFBAF2C.exe
2g.com
2px8tdn.bat
2y8la.exe
30ed3.exe
38840801.SVD
3bo9tn.cmd
3iugonx.com
3jkka91.com
3hihyi.exe
3u.cmd
3yr1.cmd
54521049.EXE
6.bat
6.exe
6o0.BAT
6g3.com
6vu680.com
6tkoyhx.cmd
82r9.cmd
8df.exe
8d.cmd
8e.com
8e9gmih.bat
8h3hh3m.exe
8mlo1q.cmd
8nlo1q.cmd
8nli1q.cmd
8ox6116.cmd
8ox61l6.cmd
8oupido.bat
8tss2gwq.bat
8q6h.exe
81365594.EXE
90imhpnc.exe
91m.com
91407786.EXE
92j11sm.com
93vx0c.com
96.com
9b8kmipy.com
9dl.cmd
9es.com
9mf.exe
a.bat
a.exe
aw.bat
abs.exe
aoutfq.exe
autorun.inf
ay8p6v3.cmd
af93gcf.exe
b.bat
b.cmd
bitkv0.dll
bitkv1.dll
bitkv2.dll
bn0.bat
bplel98.cmd
bplrl98.cmd
bxuup9r.bat
c.com
cc.exe
c9.com
cd8idoy1.com
cd8idoyl.com
cfv90h.com
cjrp8.com
copetttt.com
cubp.bat
d.bat
d1y36.com
d22xl.bat
d3bn0j.exe
d3bnoj.exe
d8ur3qs.bat
ddyikr.cmd
dgf.exe
dp.exe
dynrn6e.cmd
e.bat
e00233it.com
e898.com
EB6C4499B05F.dll
EB6C4499B05F.exe
eb9ehyh.exe
ejoq.exe
ek.com
ekf6dbg0.com
erdeIect.com
f.bat
f.exe
ff.exe
f2ir.com
F3C74E3FA248.dll
F3C74E3FA248.exe
feav9a2.cmd
fp.exe
ff.exe
fphj6j31.bat
g2p3s.exe
g8rruyw.exe
gjfl.exe
gmiljxy.com
gmi1jxy.com
gqsk.bat
gsxlexd.cmd
gxlxknou.exe
gxul.com
gymussy.bat
gnwav.exe
hqx292nu.exe
h1ahxi.bat
h3i1k3.exe
h3hi1k3.exe
hovrflst.bat
hpkq.cmd
hupxj.bat
i.bat
i0.cmd
i2.com
i8.com
ig.com
igcmrtjw.cmd
ilpg9ejd.com
iq0ecwcj.cmd
iw.bat
j.cmd
j1.cmd
jj.bat
jbfqv8j.cmd
jg.com
jg6w3yx.com
jq6w3yx.com
j0mpdkja.cmd
jwedsfdo0.dll
jwedsfdo1.dll
jwedsfdo2.dll
k2d8j3wa.bat
kaq86asx.bat
kdy.cmd
kiibu.com
kjbu.com
kjibu.com
kk.bat
k.bat
kqsr.exe
ll.exe
l9dwu8.bat
lgcadwx.bat
lp3c.bat
lvxvo1xg.cmd
m.exe
m2.cmd
m6r8v.com
m6n.com
mcmm.bat
mmtpw22.bat
mmva.exe
mnsa.exe
mrsne.bat
mpstxgx.exe
mt0.cmd
mt.com
n1.com
n6j.com
nl.com
ndmego0f.cmd
nncu6kk.com
np.exe
nq.bat
nqgcd.com
nsv.bat
ntdeIect.com
ntdelect.com
nw0t1l0d.exe
o2yf0w.bat
o93ml8.bat
o9o2u.bat
oka3yrf.bat
okhr.exe
om.cmd
om0.com
p.exe
p9.exe
pamn.exe
pbwkwj.com
PICTURE015.SCR
phgr1j.bat
pnc.exe
prjydpe.cmd
psgq60.bat
q0rppr.exe
q1pady.cmd
q6h6j.com
qjfl.exe
qkarc.exe
qs6m.bat
r9ghv9.com
r9hv9.com
rjiybg.exe
rjx0.exe
rf.cmd
rn.exe
rtnlpipu.com
s38k.exe
s9l.exe
SCVB.EXE
smkjd.cmd
spkr9wou.bat
spq.bat
stwi.com
sxs.exe
t82e2v.cmd
tt.com
tbhje.cmd
tfa8rk6.com
tj8odymw.exe
tlmjw.cmd
tlmjw.com
tmf3w3g0.com
tn0k.exe
u.exe
u18vxqle.bat
u18vxqle.com
ubs.exe
ud.exe
uh31.exe
uorys.cmd
usbmons.dll
uyd9cck.cmd
uyfd9cck.cmd
v0vj.exe
v2h3.exe
v3pif.bat
v9l1l.com
v91qw.com
vctio.com
vmyphd.bat
vnkucvv.com
w.cmd
w.bat
w0owgn.bat
wg0kpd.bat
winpows.exe
x.cmd
XAdeIect.com
xc.exe
xj.bat
xpq63xl.exe
xwpehlv.com
xe9fdii1.cmd
y319s.exe
yi9.exe
yu.bat
yfmqo.cmd
ynfs9ks.cmd
ypjq1.cmd
yt8a.exe
Z.EXE
FF[n].EXE
)do (
if exist %%c:\%%d attrib -A -S -H -R %%c:\%%d
del %%c:\%%d /s /f /a
))
cls
echo.
echo 修復磁碟點不開和關閉autorun功能
echo.
echo.
reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveAutoRun /t REG_BINARY /d ffffff03 /f >nul 2>nul
reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000Ff /f >nul 2>nul
reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000Ff /f >nul 2>nul
reg.exe add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000Ff /f >nul 2>nul
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f >nul 2>nul
echo.
echo 恢復autorun.inf功能
echo.
reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoDriveAutoRun" /f >nul 2>nul
reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x00000091 /f >nul 2>nul
reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x00000091 /f >nul 2>nul
reg.exe add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x00000091 /f >nul 2>nul
echo.
echo 創建autorun.inf資料夾
echo.
for %%b in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (md %%b:\autorun.inf)>nul 2>nul
cls
reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /v "CheckedValue" /f >nul 2>nul
reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /v CheckedValue /t REG_DWORD /d 0x00000001 /f >nul 2>nul
echo.
echo.刪除病毒登錄檔
echo.
reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "tasoft" /f >nul 2>nul
reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "anhtaaa" /f >nul 2>nul
reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "dorfgwe" /f >nul 2>nul
reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "kava" /f >nul 2>nul
reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "nhkletd" /f >nul 2>nul
reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "ertyuop" /f >nul 2>nul
reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "anhtaas" /f >nul 2>nul
reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "kxswsoft" /f >nul 2>nul
reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\soft" /f >nul 2>nul
reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "wsctf.exe" /f >nul 2>nul
cls
echo.
echo 刪除完畢!
echo 若有未刪除病毒殘餘檔
echo 請重開機再執行一次本批次檔
echo
echo.請進入REGEDIT自行刪除執行病毒登錄檔
echo.路徑如下:
echo. (可刪可不刪)
echo HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
echo.
echo 若使用本批次檔兩次後
echo 還是無法打開隱藏檔
echo 請在執行打CMD
echo 指令: cd\
echo dir/w/a或dir/w/ah
echo. 製作者 t73319
echo. http://www.wretch.cc/blog/t73319/11855505
@echo on
pause
你會發現 分享也是一種獲得
推薦一個好論壇 | 加入 Penguin企鵝聯盟 | 好康的 Blog 分享 |
沒有留言:
張貼留言