AUTORUN清理.docx
《AUTORUN清理.docx》由会员分享,可在线阅读,更多相关《AUTORUN清理.docx(11页珍藏版)》请在冰豆网上搜索。
AUTORUN清理
Autorun病毒清理
运用以下代码可以对U盘的Autorun病毒进行清理,并可对U盘病毒进行免疫
AUTORUN清理
将以下红色内容复制到记事本,另存为所有文件,扩展名改成bat,然后双击该文件就可以了。
@echooff
color2f
titleAutorun病毒清除工具
rem杀进程
taskkill/F/IMSocksA.exe/IMSVOHOST.exe/IMAdobeR.exe/IMravmone.exe/IMwincfgs.exe/IMdoc.exe/IMrose.exe/IMsxs.exe/IMautorun.exe/IMKB20060111.exe/IMtel.xls.exe>nul2>nul
:
clearauto
cls
echo.
echoAutorun病毒清除工具
echo.
echo本程序运行后自动清除每个盘符下面的Autorun病毒
echo本程序原理是基于读取每个盘符下的Autorun.inf相关字段
echo.
echo[1]仅仅删除所有盘符下的Autorun病毒
echo[2]删除所有盘符下的Autorun病毒并且建立同名免疫目录(推荐!
)
echo[3]禁用系统的Autorun机制以避免Autorun病毒的再次感染
echo[4]取消所有盘符的Autorun病毒免疫
echo[5]删除并免疫指定盘符的Autorun病毒
echo[6]取消免疫指定盘符
echo[0]退出
echo.
setchoice=
set/pchoice=请输入您的选择(1/2/3/4/5/6/0):
if"%choice%"==""gotoclearauto
if"%choice%"=="1"gotoclearauto1
if"%choice%"=="2"gotoclearauto2
if"%choice%"=="3"gotoclearauto3
if"%choice%"=="4"gotoclearauto4
if"%choice%"=="5"gotoclearauto5
if"%choice%"=="6"gotoclearauto6
if"%choice%"=="0"exit
:
clearauto1
taskkill/F/IMSocksA.exe/IMSVOHOST.exe/IMAdobeR.exe/IMravmone.exe/IMwincfgs.exe/IMdoc.exe/IMrose.exe/IMsxs.exe/IMautorun.exe/IMKB20060111.exe/IMtel.xls.exe>nul2>nul
for%%ain(CDEFGHIJKLMNOPQRSTUVWXYZ)do(
fsutilfsinfodrivetype%%a:
|find/i"固定驱动器"&&(
for/f"tokens=2delims=="%%bin(%%a:
\autorun.inf)dodel/a/f/q"%%a:
\%%b">nul2>nul
del/a/f/q%%a:
\autorun.inf>nul2>nul
)>nul2>nul
fsutilfsinfodrivetype%%a:
|find/i"可移动驱动器"&&(
for/f"tokens=2delims=="%%bin(%%a:
\autorun.inf)dodel/a/f/q"%%a:
\%%b">nul2>nul
del/a/f/q%%a:
\autorun.inf>nul2>nul
)>nul2>nul
)
callregori
cls
echoAutorun病毒清除完毕,任意键返回……
pause>nul
gotoclearauto
:
clearauto2
taskkill/F/IMSocksA.exe/IMSVOHOST.exe/IMAdobeR.exe/IMravmone.exe/IMwincfgs.exe/IMdoc.exe/IMrose.exe/IMsxs.exe/IMautorun.exe/IMKB20060111.exe/IMtel.xls.exe>nul2>nul
for%%ain(CDEFGHIJKLMNOPQRSTUVWXYZ)do(
fsutilfsinfodrivetype%%a:
|find/i"固定驱动器"&&(
for/f"tokens=2delims=="%%bin(%%a:
\autorun.inf)dodel/a/f/q"%%a:
\%%b"&md"%%a:
\%%b\免疫目录不要删除!
...\"&attrib+s+h+r"%%a:
\%%b"&echoY|cacls"%%a:
\%%b"/C/Peveryone:
N>nul2>nul
del/a/f/q%%a:
\autorun.inf&md"%%a:
\autorun.inf\免疫目录不要删除!
...\"&attrib+s+h+r%%a:
\autorun.inf&echoY|cacls"%%a:
\autorun.inf"/C/Peveryone:
N>nul2>nul
)>nul2>nul
fsutilfsinfodrivetype%%a:
|find/i"可移动驱动器"&&(
for/f"tokens=2delims=="%%bin(%%a:
\autorun.inf)dodel/a/f/q"%%a:
\%%b"&md"%%a:
\%%b\免疫目录不要删除!
...\"&attrib+s+h+r"%%a:
\%%b"&echoY|cacls"%%a:
\%%b"/C/Peveryone:
N>nul2>nul
del/a/f/q%%a:
\autorun.inf&md"%%a:
\autorun.inf\免疫目录不要删除!
...\"&attrib+s+h+r%%a:
\autorun.inf&echoY|cacls"%%a:
\autorun.inf"/C/Peveryone:
N>nul2>nul
)>nul2>nul
)
callregori
cls
echoAutorun病毒清除并免疫完毕,任意键返回……
pause>nul
gotoclearauto
:
clearauto3
cls
echo.
echo正在停止相关服务……
echo.
regadd"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer"/vNoDriveTypeAutoRun/tREG_DWORD/d0x000000ff/f>nul2>nul
regadd"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer"/vNoDriveTypeAutoRun/tREG_DWORD/d0x000000ff/f>nul2>nul
netstopShellHWDetection>nul2>nul
scconfigShellHWDetectionstart=disabled>nul2>nul
rem添加防止从回收站或仿回收站的目录中直接运行可执行文件的策略
setREGPATH=HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths
setSFLAG=/vSaferFlags/tREG_DWORD/d0x00000000/f
setIDATA=/f/vItemData/d"?
:
\Recyc?
regadd%REGPATH%\{00ffa5bf-abe7-4901-aacf-4f58aa31217a}%SFLAG%>nul
regadd%REGPATH%\{00ffa5bf-abe7-4901-aacf-4f58aa31217a}%IDATA%\*\*\*\*.*">nul
regadd%REGPATH%\{41fe7eed-c47a-46f6-840a-240796fd03cf}%SFLAG%>nul
regadd%REGPATH%\{41fe7eed-c47a-46f6-840a-240796fd03cf}%IDATA%\*\*\*.*">nul
regadd%REGPATH%\{4e93c91c-a40e-462e-9b89-3b0832d222d9}%SFLAG%>nul
regadd%REGPATH%\{4e93c91c-a40e-462e-9b89-3b0832d222d9}%IDATA%\*.*">nul
regadd%REGPATH%\{5bfc100b-d3fb-450e-88ec-6819ab56a9ff}%SFLAG%>nul
regadd%REGPATH%\{5bfc100b-d3fb-450e-88ec-6819ab56a9ff}%IDATA%\*\*\*\*.*">nul
regadd%REGPATH%\{5c5e2bcd-7057-43f4-830c-e4361d2afadd}%SFLAG%>nul
regadd%REGPATH%\{5c5e2bcd-7057-43f4-830c-e4361d2afadd}%IDATA%\*.*">nul
regadd%REGPATH%\{5f8ff865-0638-4c6e-98de-923e7bc6b330}%SFLAG%>nul
regadd%REGPATH%\{5f8ff865-0638-4c6e-98de-923e7bc6b330}%IDATA%\*\*\*.*">nul
regadd%REGPATH%\{649c1429-0e79-453c-abe9-b5682e035ae7}%SFLAG%>nul
regadd%REGPATH%\{649c1429-0e79-453c-abe9-b5682e035ae7}%IDATA%\*\*.*">nul
regadd%REGPATH%\{718f54b2-c669-4d7b-aeff-18d69f100034}%SFLAG%>nul
regadd%REGPATH%\{718f54b2-c669-4d7b-aeff-18d69f100034}%IDATA%\*\*.*">nul
regadd%REGPATH%\{8385d9d2-80c9-4ac1-a100-ed3e62863d97}%SFLAG%>nul
regadd%REGPATH%\{8385d9d2-80c9-4ac1-a100-ed3e62863d97}%IDATA%\*.*">nul
regadd%REGPATH%\{af2a4fcf-441c-421e-9663-52cd3502cfd7}%SFLAG%>nul
regadd%REGPATH%\{af2a4fcf-441c-421e-9663-52cd3502cfd7}%IDATA%\*\*\*.*">nul
regadd%REGPATH%\{b997f4b2-c037-4e97-b051-31f5d86df802}%SFLAG%>nul
regadd%REGPATH%\{b997f4b2-c037-4e97-b051-31f5d86df802}%IDATA%\*\*.*">nul
regadd%REGPATH%\{d4e7b6ff-d76f-407f-b8bb-ea0835f5babc}%SFLAG%>nul
regadd%REGPATH%\{d4e7b6ff-d76f-407f-b8bb-ea0835f5babc}/f/vItemData/d"RECYC*.*">nul
rem清除喜欢利用回收站的移动磁盘自动运行病毒
for%%ain(c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z)do(
for%%bin(exepifcom)do(
echoY|cacls"%%a:
\Recycler\*.%%b"/C/T/Peveryone:
F>nul2>nul&echoY|cacls"%%a:
\Recycled\*.%%b"/C/T/Peveryone:
F>nul2>nul&echoY|cacls"%%a:
\Recycled\Recycled\*.%%b"/C/T/Peveryone:
F>nul2>nul
del/A/F/S/Q"%%a:
\Recycler\*.%%b">nul2>nul&del/A/F/S/Q"%%a:
\Recycled\*.%%b">nul2>nul&del/A/F/S/Q"%%a:
\Recycled\Recycled\*.%%b">nul2>nul
)
)>nul2>nul
echo.
echo相关服务已停止并禁用,任意键返回……
pause>nul
gotoclearauto
:
clearauto4
for%%ain(CDEFGHIJKLMNOPQRSTUVWXYZ)do(
fsutilfsinfodrivetype%%a:
|find/i"固定驱动器"&&(
echoY|cacls"%%a:
\autorun.inf"/C/Peveryone:
F&del/a/f/q"%%a:
\autorun.inf"&rd/s/q"%%a:
\autorun.inf">nul2>nul
)>nul2>nul
fsutilfsinfodrivetype%%a:
|find/i"可移动驱动器"&&(
echoY|cacls"%%a:
\autorun.inf"/C/Peveryone:
F&del/a/f/q"%%a:
\autorun.inf"&rd/s/q"%%a:
\autorun.inf">nul2>nul
)>nul2>nul
)
cls
echo.
echo已经解除全部盘符的免疫,任意键返回……
pause>nul
gotoclearauto
:
clearauto5
cls
echo.
set/ppf=请输入盘符,如"F:
"(不包括引号)
echo即将免疫%pf%盘……|find/i":
"||setpf=%pf%:
&&echo即将免疫%pf%盘……
taskkill/F/IMSocksA.exe/IMSVOHOST.exe/IMAdobeR.exe/IMravmone.exe/IMwincfgs.exe/IMdoc.exe/IMrose.exe/IMsxs.exe/IMautorun.exe/IMKB20060111.exe/IMtel.xls.exe>nul2>nul
fsutilfsinfodrivetype%pf%|find/i"固定驱动器"&&(
for/f"tokens=2delims=="%%ain(%pf%\autorun.inf)dodel/a/f/q"%pf%\%%a"&md"%pf%\%%a\免疫目录不要删除!
...\"&attrib+s+h+r"%pf%\%%a"&echoY|cacls"%pf%\%%a"/C/Peveryone:
N>nul2>nul
del/a/f/q%pf%\autorun.inf&md"%pf%\autorun.inf\免疫目录不要删除!
...\"&attrib+s+h+r%pf%\autorun.inf&echoY|cacls"%pf%\autorun.inf"/C/Peveryone:
N>nul2>nul
gotoDoneclearAuto
)>nul2>nul
fsutilfsinfodrivetype%pf%|find/i"可移动驱动器"&&(
for/f"tokens=2delims=="%%ain(%pf%\autorun.inf)dodel/a/f/q"%pf%\%%a"&md"%pf%\%%a\免疫目录不要删除!
...\"&attrib+s+h+r"%pf%\%%a"&echoY|cacls"%pf%\%%a"/C/Peveryone:
N>nul2>nul
del/a/f/q%pf%\autorun.inf&md"%pf%\autorun.inf\免疫目录不要删除!
...\"&attrib+s+h+r%pf%\autorun.inf&echoY|cacls"%pf%\autorun.inf"/C/Peveryone:
N>nul2>nul
gotoDoneclearAuto
)>nul2>nul
callregori
echo.
echo您所输入的盘符不存在或者是只读设备,
echo请重新输入……
pause>nul
gotoclearauto5
:
DoneclearAuto
cls
echo.
echo指定的磁盘%pf%已经成功进行了Autorun病毒的清除及免疫
echo.
echo[1]继续免疫其他磁盘
echo[0]返回主菜单
setchoice=
set/pchoice=请输入您的选择(1/0):
if"%choice%"==""gotoDoneclearAuto
if"%choice%"=="1"gotoclearauto5
if"%choice%"=="0"gotoclearauto
gotoeof
:
clearauto6
cls
echo.
set/ppf=请输入盘符,如"F:
"(不包括引号)
echo即将取消免疫%pf%盘……|find/i":
"||setpf=%pf%:
&&echo即将取消免疫%pf%盘……
fsutilfsinfodrivetype%pf%|find/i"固定驱动器"&&(
echoY|cacls"%pf%\autorun.inf"/C/Peveryone:
F&del/a/f/q"%pf%\autorun.inf"&rd/s/q"%pf%\autorun.inf">nul2>nul
gotoDoneUnauto
)>nul2>nul
fsutilfsinfodrivetype%pf%|find/i"可移动驱动器"&&(
echoY|cacls"%pf%\autorun.inf"/C/Peveryone:
F&del/a/f/q"%pf%\autorun.inf"&rd/s/q"%pf%\autorun.inf">nul2>nul
gotoDoneUnauto
)>nul2>nul
echo.
echo您所输入的盘符不存在或者是只读设备,
echo请重新输入
gotoclearauto6
:
DoneUnauto
cls
echo.
echo指定的磁盘%pf%已经成功解除了Autorun病毒免疫
echo.
echo[1]继续解除免疫其他磁盘
echo[0]返回主菜单
setchoice=
set/pchoice=请输入您的选择(1/0):
if"%choice%"==""gotoDoneUnauto
if"%choice%"=="1"gotoclearauto6
if"%choice%"=="0"gotoclearauto
gotoeof
:
regori
rem防止在资源管理器中彻底隐藏文件、禁止文件等
regdelete"HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2"/f>nul2>nul
regadd"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL"/vCheckedValue/tREG_DWORD/d0x00000001/f>nul2>nul
regdelete"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun"/f>nul2>nul
regdelete"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"/vDisallowRun/f>nul2>nul
rem防止转移启动组位置
regadd"HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellFolders"/vStartup/d"%USERPROFILE%\「开始」菜单\程序\启动"/f>nul2>nul
regadd"HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellFolders"/v"CommonStartup"/d"%ALLUSERSPROFILE%\「开始」菜单\程序\启动"/f>nul2>nul
gotoeof
ThisfileisdecompiledbyanunregisteredversionofChmDecompiler.
升级会员 