administrator.vbs病毒的清除方法
上一篇 / 下一篇 2007-12-21 15:31:44 / 个人分类:木马病毒清除
查看( 211 ) / 评论( 0 ) / 评分( 0 / 0 )
1、administrator.vbs病毒症状
(1)在每个盘符下生成AUTORUN.inf和administrator.VBS文件
(2)无法显示隐藏文件
(3)CMD无法运行,能打开,但是过2秒就自动关闭
2、administrator.vbs病毒的清除方法
(1)方法转自www.oldjun/
(2)复制以下代码,保存为“清除病毒.bat”
(3)双击运行
@ECHO OFF cls echo. echo *************************************** echo * administrator.vbs专杀工具——oldjun * echo *Http://www.oldjun* echo *************************************** echo. echo 正在关闭Script进程... taskkill / /f taskkill / /f echo 关闭成功... echo %username% echo 正在删除相关文件... @if exist %windir%\%username%.vbs del %windir%\%username%.vbs /f/q/a @if exist %windir%\system32\%username%.vbs del %windir%\system32\%username%.vbs /f/q/a @if exist %windir%\system32\%username%.ini del %windir%\system32\%username%.ini /f/q/a @if exist c:\autorun.inf del c:\autorun.inf /f/q/a @if exist d:\autorun.inf del d:\autorun.inf /f/q/a @if exist e:\autorun.inf del e:\autorun.inf /f/q/a @if exist f:\autorun.inf del f:\autorun.inf /f/q/a @if exist g:\autorun.inf del g:\autorun.inf /f/q/a @if exist h:\autorun.inf del h:\autorun.inf /f/q/a @if exist c:\%username%.vbs del c:\%username%.vbs /f/q/a @if exist d:\%username%.vbs del d:\%username%.vbs /f/q/a @if exist e:\%username%.vbs del e:\%username%.vbs /f/q/a @if exist f:\%username%.vbs del f:\%username%.vbs /f/q/a @if exist g:\%username%.vbs del g:\%username%.vbs /f/q/a @if exist h:\%username%.vbs del h:\%username%.vbs /f/q/avbs病毒生成器 echo 删除成功... echo 正在修改注册表... echo 显示隐藏文件 reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /v CheckedValue /t reg_dword /d 1 /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t reg_dword /d 1 /f echo 关闭自动播放 reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t reg_dword /d 1 /f echo 删除启动项 reg delete "HKCU\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /f echo 恢复文件关联 reg add "HKLM\SOFTWARE\Classes\txtfile\shell\open\command" /ve /t REG_EXPAND_SZ /d "%%SystemRoot%%\system32\NOTEPAD.EXE %%1" /f reg add "HKLM\SOFTWARE\Classes\regfile\shell\open\command" /ve /t REG_EXPAND_SZ /d " "%%1"" /f reg add "HKLM\SOFTWARE\Classes\chm.file\shell\open\command" /ve /t REG_EXPAND_SZ /d ""hh.exe" %%1" /f reg add "HKLM\SOFTWARE\Classes\hlpfile\shell\open\command" /ve /t REG_EXPAND_SZ /d " %%1" /f reg add "HKLM\SOFTWARE\Classes\exefile\shell\open\command" /ve /t REG_SZ /d ""%%1" %%*" /f echo 修改成功... cls echo. echo **************** echo * 清 除 完 毕 ! * echo **************** echo. echo. & pause |
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论