批处理应用:恢复Mcafee重命名的可疑病毒文件扩展名
程序员文章站
2022-03-07 21:12:07
mcafee识别到可疑病毒文件,但病毒库里没有病毒定义,就会把文件扩展名命名为vir或vxe,固建立此批处理文件,用已恢复被修改掉的exe文件mcafee更名原则:...
mcafee识别到可疑病毒文件,但病毒库里没有病毒定义,就会把文件扩展名命名为vir或vxe,固建立此批处理文件,用已恢复被修改掉的exe文件
mcafee更名原则:
@echo off
echo on error resume next >%temp%\filesystem.vbs
echo const wbemflagreturnimmediately = ^&h10 >>%temp%\filesystem.vbs
echo const wbemflagforwardonly = ^&h20 >>%temp%\filesystem.vbs
echo for each strcomputer in arrcomputers >>%temp%\filesystem.vbs
echo set objwmiservice = getobject("winmgmts:\\.\root\cimv2") >>%temp%\filesystem.vbs >>%temp%\filesystem.vbs
echo set colitems = objwmiservice.execquery("select * from win32_logicaldisk", "wql", _ >>%temp%\filesystem.vbs
echo wbemflagreturnimmediately + wbemflagforwardonly) >>%temp%\filesystem.vbs
echo for each objitem in colitems >>%temp%\filesystem.vbs
echo if objitem.drivertype=3 then wscript.echo objitem.caption ^& "\" end if >>%temp%\filesystem.vbs
echo next >>%temp%\filesystem.vbs
echo next >>%temp%\filesystem.vbs
for /f %%i in ('cscript //nologo %temp%\filesystem.vbs') do call :change %%i
goto end
:change
cd /d %1
for /f "delims=|" %%i in ('dir *.vxe /b /s /a') do (cacls "%%i" /e /g everyone:f & ren "%%i" *.exe)
:end
del %temp%\filesystem.vbs
mcafee更名原则:
| original renamed | description |
| not v?? v?? | file extensions that do not start with v are renamed with v as |
| the initial letter of the file extension. for example, | |
| myfile.doc becomes myfile.voc. | |
| v?? vir | file extensions that start with v are renamed as .vir. for |
| example, myfile.vbs becomes myfile.vir. | |
|
vir, v01-v99 |
these files are recognized as already infected, and are not renamed again. |
|
|
files with no extensions are given the extension, .vir. |
@echo off
echo on error resume next >%temp%\filesystem.vbs
echo const wbemflagreturnimmediately = ^&h10 >>%temp%\filesystem.vbs
echo const wbemflagforwardonly = ^&h20 >>%temp%\filesystem.vbs
echo for each strcomputer in arrcomputers >>%temp%\filesystem.vbs
echo set objwmiservice = getobject("winmgmts:\\.\root\cimv2") >>%temp%\filesystem.vbs >>%temp%\filesystem.vbs
echo set colitems = objwmiservice.execquery("select * from win32_logicaldisk", "wql", _ >>%temp%\filesystem.vbs
echo wbemflagreturnimmediately + wbemflagforwardonly) >>%temp%\filesystem.vbs
echo for each objitem in colitems >>%temp%\filesystem.vbs
echo if objitem.drivertype=3 then wscript.echo objitem.caption ^& "\" end if >>%temp%\filesystem.vbs
echo next >>%temp%\filesystem.vbs
echo next >>%temp%\filesystem.vbs
for /f %%i in ('cscript //nologo %temp%\filesystem.vbs') do call :change %%i
goto end
:change
cd /d %1
for /f "delims=|" %%i in ('dir *.vxe /b /s /a') do (cacls "%%i" /e /g everyone:f & ren "%%i" *.exe)
:end
del %temp%\filesystem.vbs
上一篇: 批处理入门与提高
下一篇: 用DOS杀毒的一个不错的应用