Autorun 病毒清除工具bat代码
程序员文章站
2022-04-10 18:49:59
复制代码 代码如下:@echo off color 2f title autorun 病毒清除工具-by phexon rem 杀进程 taskkill /f /im so...
复制代码 代码如下:
@echo off
color 2f
title autorun 病毒清除工具-by phexon
rem 杀进程
taskkill /f /im socksa.exe /im svohost.exe /im adober.exe /im ravmone.exe /im wincfgs.exe /im doc.exe /im rose.exe /im sxs.exe /im autorun.exe /im kb20060111.exe /im tel.xls.exe>nul 2>nul
:clearauto
cls
echo.
echo autorun 病毒清除工具
echo.
echo.
echo.
echo 制作:phexon
echo.
echo 本程序运行后自动清除每个盘符下面的autorun病毒
echo 本程序原理是基于读取每个盘符下的autorun.inf相关字段
echo.
echo [1] 仅仅删除所有盘符下的 autorun 病毒
echo [2] 删除所有盘符下的 autorun 病毒并且建立同名免疫目录(推荐!)
echo [3] 禁用系统的 autorun 机制以避免 autorun 病毒的再次感染
echo [4] 取消所有盘符的 autorun 病毒免疫
echo [5] 删除并免疫指定盘符的 autorun 病毒
echo [6] 取消免疫指定盘符
echo [7] 恢复相关注册表项默认值
echo [0] 退出
echo.
set /p clearslt= 请输入您的选择(1/2/3/4/5/6/7/0):
if "%clearslt%"=="" goto clearauto
if "%clearslt%"=="1" goto clearauto1
if "%clearslt%"=="2" goto clearauto2
if "%clearslt%"=="3" goto clearauto3
if "%clearslt%"=="4" goto clearauto4
if "%clearslt%"=="5" goto clearauto5
if "%clearslt%"=="6" goto clearauto6
if "%clearslt%"=="7" goto clearauto7
if "%clearslt%"=="0" exit
:clearauto1
taskkill /f /im socksa.exe /im svohost.exe /im adober.exe /im ravmone.exe /im wincfgs.exe /im doc.exe /im rose.exe /im sxs.exe /im autorun.exe /im kb20060111.exe /im tel.xls.exe>nul 2>nul
for %%a in (c d e f g h i j k l m n o p q r s t u v w x y z) do (
fsutil fsinfo drivetype %%a: |find /i "固定驱动器" && (
for /f "tokens=2 delims==" %%b in (%%a:\autorun.inf) do del /a /f /q "%%a:\%%b" >nul 2>nul
del /a /f /q %%a:\autorun.inf >nul 2>nul
) >nul 2>nul
fsutil fsinfo drivetype %%a: |find /i "可移动驱动器" && (
for /f "tokens=2 delims==" %%b in (%%a:\autorun.inf) do del /a /f /q "%%a:\%%b" >nul 2>nul
del /a /f /q %%a:\autorun.inf >nul 2>nul
) >nul 2>nul
)
cls
echo autorun 病毒清除完毕,任意键返回……
pause>nul
goto clearauto
:clearauto2
taskkill /f /im socksa.exe /im svohost.exe /im adober.exe /im ravmone.exe /im wincfgs.exe /im doc.exe /im rose.exe /im sxs.exe /im autorun.exe /im kb20060111.exe /im tel.xls.exe>nul 2>nul
for %%a in (c d e f g h i j k l m n o p q r s t u v w x y z) do (
fsutil fsinfo drivetype %%a: |find /i "固定驱动器" && (
for /f "tokens=2 delims==" %%b in (%%a:\autorun.inf) do del /a /f /q "%%a:\%%b" & md "%%a:\%%b\免疫目录不要删除!...\" & attrib +s +h +r "%%a:\%%b" & echo y|cacls "%%a:\%%b" /t /c /p everyone:n >nul 2>nul
del /a /f /q %%a:\autorun.inf & md "%%a:\autorun.inf\免疫目录不要删除!...\" & attrib +s +h +r %%a:\autorun.inf & echo y|cacls "%%a:\autorun.inf" /t /c /p everyone:n >nul 2>nul
) >nul 2>nul
fsutil fsinfo drivetype %%a: |find /i "可移动驱动器" && (
for /f "tokens=2 delims==" %%b in (%%a:\autorun.inf) do del /a /f /q "%%a:\%%b" & md "%%a:\%%b\免疫目录不要删除!...\" & attrib +s +h +r "%%a:\%%b" & echo y|cacls "%%a:\%%b" /t /c /p everyone:n >nul 2>nul
del /a /f /q %%a:\autorun.inf & md "%%a:\autorun.inf\免疫目录不要删除!...\" & attrib +s +h +r %%a:\autorun.inf & echo y|cacls "%%a:\autorun.inf" /t /c /p everyone:n >nul 2>nul
) >nul 2>nul
)
cls
echo autorun 病毒清除并免疫完毕,任意键返回……
pause>nul
goto clearauto
:clearauto3
cls
echo.
echo 正在停止相关服务……
echo.
reg add "hklm\software\microsoft\windows\currentversion\policies\explorer" /v nodrivetypeautorun /t reg_dword /d 0x000000ff /f >nul 2>nul
reg add "hkcu\software\microsoft\windows\currentversion\policies\explorer" /v nodrivetypeautorun /t reg_dword /d 0x000000ff /f >nul 2>nul
net stop shellhwdetection >nul 2>nul
sc config shellhwdetection start= disabled >nul 2>nul
rem 添加防止从回收站或仿回收站的目录中直接运行可执行文件的策略
set regpath=hklm\software\policies\microsoft\windows\safer\codeidentifiers\0\paths
set sflag=/v saferflags /t reg_dword /d 0x00000000 /f
set idata=/f /v itemdata /d "?:\recyc?
reg add %regpath%\{00ffa5bf-abe7-4901-aacf-4f58aa31217a} %sflag%>nul
reg add %regpath%\{00ffa5bf-abe7-4901-aacf-4f58aa31217a} %idata%\*\*\*\*.*">nul
reg add %regpath%\{41fe7eed-c47a-46f6-840a-240796fd03cf} %sflag%>nul
reg add %regpath%\{41fe7eed-c47a-46f6-840a-240796fd03cf} %idata%\*\*\*.*">nul
reg add %regpath%\{4e93c91c-a40e-462e-9b89-3b0832d222d9} %sflag%>nul
reg add %regpath%\{4e93c91c-a40e-462e-9b89-3b0832d222d9} %idata%\*.*">nul
reg add %regpath%\{5bfc100b-d3fb-450e-88ec-6819ab56a9ff} %sflag%>nul
reg add %regpath%\{5bfc100b-d3fb-450e-88ec-6819ab56a9ff} %idata%\*\*\*\*.*">nul
reg add %regpath%\{5c5e2bcd-7057-43f4-830c-e4361d2afadd} %sflag%>nul
reg add %regpath%\{5c5e2bcd-7057-43f4-830c-e4361d2afadd} %idata%\*.*">nul
reg add %regpath%\{5f8ff865-0638-4c6e-98de-923e7bc6b330} %sflag%>nul
reg add %regpath%\{5f8ff865-0638-4c6e-98de-923e7bc6b330} %idata%\*\*\*.*">nul
reg add %regpath%\{649c1429-0e79-453c-abe9-b5682e035ae7} %sflag%>nul
reg add %regpath%\{649c1429-0e79-453c-abe9-b5682e035ae7} %idata%\*\*.*">nul
reg add %regpath%\{718f54b2-c669-4d7b-aeff-18d69f100034} %sflag%>nul
reg add %regpath%\{718f54b2-c669-4d7b-aeff-18d69f100034} %idata%\*\*.*">nul
reg add %regpath%\{8385d9d2-80c9-4ac1-a100-ed3e62863d97} %sflag%>nul
reg add %regpath%\{8385d9d2-80c9-4ac1-a100-ed3e62863d97} %idata%\*.*">nul
reg add %regpath%\{af2a4fcf-441c-421e-9663-52cd3502cfd7} %sflag%>nul
reg add %regpath%\{af2a4fcf-441c-421e-9663-52cd3502cfd7} %idata%\*\*\*.*">nul
reg add %regpath%\{b997f4b2-c037-4e97-b051-31f5d86df802} %sflag%>nul
reg add %regpath%\{b997f4b2-c037-4e97-b051-31f5d86df802} %idata%\*\*.*">nul
reg add %regpath%\{d4e7b6ff-d76f-407f-b8bb-ea0835f5babc} %sflag%>nul
reg add %regpath%\{d4e7b6ff-d76f-407f-b8bb-ea0835f5babc} /f /v itemdata /d "recyc*.*">nul
rem 清除喜欢利用回收站的移动磁盘自动运行病毒
for %%a in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do (
for %%b in (exe pif com) do (
echo y|cacls "%%a:\recycler\*.%%b" /c /t /p everyone:f>nul 2>nul&echo y|cacls "%%a:\recycled\*.%%b" /c /t /p everyone:f>nul 2>nul&echo y|cacls "%%a:\recycled\recycled\*.%%b" /c /t /p everyone:f>nul 2>nul
del /a /f /s /q "%%a:\recycler\*.%%b">nul 2>nul&del /a /f /s /q "%%a:\recycled\*.%%b">nul 2>nul&del /a /f /s /q "%%a:\recycled\recycled\*.%%b">nul 2>nul
)
)>nul 2>nul
echo.
echo 相关服务已停止并禁用,任意键返回……
pause >nul
goto clearauto
:clearauto4
for %%a in (c d e f g h i j k l m n o p q r s t u v w x y z) do (
fsutil fsinfo drivetype %%a: |find /i "固定驱动器" && (
cacls "%%a:\autorun.inf" /t /c /p everyone:f&del /a /f /q "%%a:\autorun.inf" & rd /s /q "%%a:\autorun.inf">nul 2>nul
)>nul 2>nul
fsutil fsinfo drivetype %%a: |find /i "可移动驱动器" && (
cacls "%%a:\autorun.inf" /t /c /p everyone:f&del /a /f /q "%%a:\autorun.inf" & rd /s /q "%%a:\autorun.inf">nul 2>nul
)>nul 2>nul
)
cls
echo.
echo 已经解除全部盘符的免疫,任意键返回……
pause>nul
goto clearauto
:clearauto5
cls
echo.
set /p pf= 请输入盘符,如"f:"(不包括引号)
echo 即将免疫%pf%盘……|find /i ":"||set pf=%pf%:&&echo 即将免疫%pf%盘……
taskkill /f /im socksa.exe /im svohost.exe /im adober.exe /im ravmone.exe /im wincfgs.exe /im doc.exe /im rose.exe /im sxs.exe /im autorun.exe /im kb20060111.exe /im tel.xls.exe>nul 2>nul
fsutil fsinfo drivetype %pf% |find /i "固定驱动器" && (
for /f "tokens=2 delims==" %%a in (%pf%\autorun.inf) do del /a /f /q "%pf%\%%a" & md "%pf%\%%a\免疫目录不要删除!...\" & attrib +s +h +r "%pf%\%%a" & echo y|cacls "%pf%\%%a" /t /c /p everyone:n >nul 2>nul
del /a /f /q %pf%\autorun.inf & md "%pf%\autorun.inf\免疫目录不要删除!...\" & attrib +s +h +r %pf%\autorun.inf & echo y|cacls "%pf%\autorun.inf" /t /c /p everyone:n >nul 2>nul
goto doneclearauto
) >nul 2>nul
fsutil fsinfo drivetype %pf% |find /i "可移动驱动器" && (
for /f "tokens=2 delims==" %%a in (%pf%\autorun.inf) do del /a /f /q "%pf%\%%a" & md "%pf%\%%a\免疫目录不要删除!...\" & attrib +s +h +r "%pf%\%%a" & echo y|cacls "%pf%\%%a" /t /c /p everyone:n >nul 2>nul
del /a /f /q %pf%\autorun.inf & md "%pf%\autorun.inf\免疫目录不要删除!...\" & attrib +s +h +r %pf%\autorun.inf & echo y|cacls "%pf%\autorun.inf" /t /c /p everyone:n >nul 2>nul
goto doneclearauto
) >nul 2>nul
echo.
echo 您所输入的盘符不存在或者是只读设备,
echo 请重新输入
goto clearauto5
:doneclearauto
cls
echo.
echo 指定的磁盘 %pf% 已经成功进行了 autorun 病毒的清除及免疫
echo.
echo [1] 继续免疫其他磁盘
echo [0] 返回主菜单
set /p choice= 请输入您的选择(1/0):
if %choice%="" goto doneclearauto
if %choice%="1" goto clearauto5
if %choice%="0" goto clearauto
:clearauto6
cls
echo.
set /p pf= 请输入盘符,如"f:"(不包括引号)
echo 即将取消免疫%pf%盘……|find /i ":"||set pf=%pf%:&&echo 即将取消免疫%pf%盘……
fsutil fsinfo drivetype %pf% |find /i "固定驱动器" && (
cacls "%pf%\autorun.inf" /t /c /p everyone:f&del /a /f /q "%pf%\autorun.inf" & rd /s /q "%pf%\autorun.inf">nul 2>nul
goto doneunauto
)>nul 2>nul
fsutil fsinfo drivetype %pf% |find /i "可移动驱动器" && (
cacls "%pf%\autorun.inf" /t /c /p everyone:f&del /a /f /q "%pf%\autorun.inf" & rd /s /q "%pf%\autorun.inf">nul 2>nul
goto doneunauto
)>nul 2>nul
echo.
echo 您所输入的盘符不存在或者是只读设备,
echo 请重新输入
goto clearauto6
:doneunauto
cls
echo.
echo 指定的磁盘 %pf% 已经成功解除了 autorun 病毒免疫
echo.
echo [1] 继续解除免疫其他磁盘
echo [0] 返回主菜单
set choice=
set /p choice= 请输入您的选择(1/0):
if %choice%="" goto doneunauto
if %choice%="1" goto clearauto6
if %choice%="0" goto clearauto
:clearauto7
cls
rem 防止在资源管理器中彻底隐藏文件、禁止文件等
reg add "hklm\software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\showall" /v checkedvalue /t reg_dword /d 0x00000001 /f>nul 2>nul
reg delete "hkcu\software\microsoft\windows\currentversion\explorer\mountpoints2" /f>nul 2>nul
reg delete "hkcu\software\microsoft\windows\currentversion\policies\explorer\disallowrun" /f>nul 2>nul
reg delete "hkcu\software\microsoft\windows\currentversion\policies\explorer" /v disallowrun /f>nul 2>nul
rem 防止转移启动组位置
reg add "hkcu\software\microsoft\windows\currentversion\explorer\shell folders" /v startup /d "%userprofile%\「开始」菜单\程序\启动" /f>nul 2>nul
reg add "hkcu\software\microsoft\windows\currentversion\explorer\shell folders" /v "common startup" /d "%allusersprofile%\「开始」菜单\程序\启动" /f>nul 2>nul
echo.
echo 相关注册表恢复完毕,任意键返回……
pause>nul
goto clearauto
上一篇: DOS下网络浏览器的使用方法
下一篇: 批处理的图形界面实现方法小结