Board logo

标题: [转帖]批处理清除威金 [打印本页]
作者: chinanic    时间: 2007-1-28 09:49     标题: [转帖]批处理清除威金

没试过,有机会的兄弟试下。哈哈。。 :16:  :16:

将以下代码分别存为“*.bat”运行即可
  1. @echo off
  2. title 清除威金(logo_1,熊猫烧香)病毒最新变种工具
  3. @echo 清除VIKING病毒最新变种工具
  4. @echo -------------------------------------------------------
  5. @echo www.dnqw.com
  6. @echo VIKLIG病毒,专杀工具,请复制此代码 保存为.bat后缀的批处理文件双击运行即可.
  7. @echo --------------------------------------------------------
  8. pause
  9. if exist %windir%\rundl132.exe echo ---报告,发现有威金病毒
  10. if exist %windir%\logo_1.exe echo ---报告,发现有威金病毒
  11. //杀viking进程
  12. tskill logo_1
  13. tskill rundl132
  14. tskill zt
  15. tskill wow
  16. tskill logo1_
  17. tskill Ravmon
  18. tskill Eghost
  19. tskill Mailmon
  20. tskill KAVPFW
  21. tskill IPARMOR
  22. tskill Ravmond
  23. taskkill /f /im 0sy.exe
  24. taskkill /f /im 1sy.exe
  25. taskkill /f /im 2sy.exe
  26. taskkill /f /im 3sy.exe
  27. taskkill /f /im 4sy.exe
  28. taskkill /f /im 5sy.exe
  29. taskkill /f /im 6sy.exe
  30. taskkill /f /im 7sy.exe
  31. taskkill /f /im 8sy.exe
  32. taskkill /f /im 9sy.exe
  34. //删除木马
  35. del d:\_desktop.ini /f/s/q/a
  36. del c:\Program Files\_desktop.ini
  37. del %Windir%\MickNew\MickNew.dll
  38. del %Windir%\MH_FILE\MH_DLL.dll
  39. del %Windir%\_desktop.ini
  40. del %Windir%\TODAYZTKING\TODAYZTKING.DLL
  41. attrib -h -r -s c:\go.exe
  42. del c:\go.exe
  43. del c:\setup.exe
  44. attrib -h -s -r c:\autorun.inf
  45. del c:\autorun.inf
  46. attrib -h -r -s d:\go.exe
  47. del d:\go.exe
  48. del d:\setup.exe
  49. attrib -h -s -r d:\autorun.inf
  50. del d:\autorun.inf
  51. del e:\setup.exe
  52. attrib -h -r -s e:\go.exe
  53. del e:\go.exe
  54. attrib -h -s -r e:\autorun.inf
  55. del e:\autorun.inf
  56. attrib -h -r -s f:\autorun.inf
  57. del f:\go.exe
  58. del f:\setup.exe
  59. attrib -h -s -r f:\autorun.inf
  60. del f:\autorun.inf
  61. attrib -h -r -s g:\go.exe
  62. del g:\go.exe
  63. del g:\setup.exe
  64. attrib -h -s -r g:\autorun.inf
  65. del g:\autorun.inf
  66. del h:\go.exe
  67. del h:\setup.exe
  68. attrib -h -s -r g:\autorun.inf
  69. del h:\autorun.inf
  70. del i:\go.exe
  71. attrib -h -s -r g:\autorun.inf
  72. del i:\autorun.inf
  73. del i:\setup.exe
  74. del j:\go.exe
  75. attrib -h -s -r g:\autorun.inf
  76. del j:\autorun.inf
  77. del j:\setup.exe
  78. del %windir%\system\Logo1_.exe
  79. del %windir%\rundl132.exe
  80. del %windir%\vDll.dll
  81. del %windir%\Dll.dll
  82. del %windir%\0Sy.exe
  83. del %windir%\1Sy.exe
  84. del %windir%\2Sy.exe
  85. del %windir%\3Sy.exe
  86. del %windir%\5Sy.exe
  87. del %windir%\1.com
  88. @echo ^_^ 报告老大,VIKING已经全都被处死
  90. @echo 真累哈,再给你的系统免疫下,不需要的话请直接退出
  91. pause
  92. //免疫系统
  93. echo > %windir%\Logo1_.exe
  94. echo > %windir%\rundl132.exe
  95. echo > %windir%\0Sy.exe
  96. echo > %windir%\vDll.dll
  97. echo > %windir%\1Sy.exe
  98. echo > %windir%\2Sy.exe
  99. echo > %windir%\rundll32.exe
  100. echo > %windir%\3Sy.exe
  101. echo > %windir%\5Sy.exe
  102. echo > %windir%\1.com
  103. echo > %windir%\exerouter.exe
  104. echo > %windir%\EXP10RER.com
  105. echo > %windir%\finders.com
  106. echo > %windir%\Shell.sys
  107. echo > %windir%\kill.exe
  108. echo > %windir%\sws.dll
  109. echo > %windir%\sws32.dll
  110. echo > %windir%\uninstall\rundl132.exe
  111. echo > %windir%\SVCHOST.exe
  112. echo > %windir%\WINLOGON.exe
  113. echo > %windir%\RUNDLL32.EXE
  114. echo > C:\"Program Files"\svchost.exe
  115. echo > C:\"Program Files"\"Internet Explorer"\svchost.exe
  116. echo > %windir%\Download\svchost.exe
  117. echo > %windir%\system32\wldll.dll
  118. attrib %windir%\Logo1_.exe +s +r +h
  119. attrib %windir%\rundl132.exe +s +r +h
  120. attrib %windir%\0Sy.exe +s +r +h
  121. attrib %windir%\vDll.dll +s +r +h
  122. attrib %windir%\1Sy.exe +s +r +h
  123. attrib %windir%\2Sy.exe +s +r +h
  124. attrib %windir%\rundll32.exe +s +r +h
  125. attrib %windir%\3Sy.exe +s +r +h
  126. attrib %windir%\5Sy.exe +s +r +h
  127. attrib %windir%\1.com +s +r +h
  128. attrib %windir%\exerouter.exe +s +r +h
  129. attrib %windir%\EXP10RER.com +s +r +h
  130. attrib %windir%\finders.com +s +r +h
  131. attrib %windir%\Shell.sys +s +r +h
  132. attrib %windir%\kill.exe +s +r +h
  133. attrib %windir%\sws.dll +s +r +h
  134. attrib %windir%\sws32.dll +s +r +h
  135. attrib %windir%\uninstall\rundl132.exe +s +r +h
  136. attrib %windir%\SVCHOST.exe +s +r +h
  137. attrib %windir%\WINLOGON.exe +s +r +h
  138. attrib %windir%\RUNDLL32.EXE +s +r +h
  139. attrib C:\"Program Files"\svchost.exe +s +r +h
  140. attrib C:\"Program Files"\"Internet Explorer"\svchost.exe +s +r +h
  141. attrib %windir%\Download\svchost.exe +s +r +h
  142. attrib %windir%\system32\wldll.dll +s +r +h
  143. net share c$ /del
  144. net share d$ /del
  145. net share e$ /del
  146. net share f$ /del
  147. net share admin$ /del
  148. net share ipc$ /del
  149. cls
  150. @echo -------------------------------------
  151. @echo viking已经全部被我杀完拉,哈,厉害吧
  152. @echo 系统已经成功免疫!
  153. @echo 谢谢你的使用,请重启您的电脑!
  154. @echo -------------------------------------
  155. pause
  156. 禁止Viking病毒运行补丁.reg
  157. Windows Registry Editor Version 5.00
  158. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
  159. "DisallowRun"=dword:00000001
  160. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\DisallowRun]
  161. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun]
  162. "**delvals."=" "
  163. "1"="0Sy.exe"
  164. "2"="1.com"
  165. "3"="1Sy.exe"
  166. "4"="2Sy.exe"
  167. "5"="3Sy.exe"
  168. "6"="5Sy.exe"
  169. "7"="dll.dll"
  170. "8"="logo1_.exe"
  171. "9"="rundl132.exe"
  172. "10"="vdll.dll
复制代码
作者: 坏的刚刚好    时间: 2007-2-3 22:47     标题: [转帖]批处理清除威金

我中过;
现在有专杀了吧。



欢迎光临 黑色海岸线论坛 (http://bbs.thysea.com/) Powered by Discuz! 7.2