中国DOS联盟

I've been in the forum for several days and only finished writing after getting help from many people.
Thank you all for your instructions.

Version 1.0

Virus characteristics:
Right - click on the drive letter, there appear bold auto, browse, autoplay; double - click the hard drive, there appears the open - with way

Currently, the viruses that can be completely cleaned:
SXS, LSASS.EXE, COMMAND.COM, AUTORUN.VBS

When encountering an unknown virus, delete the virus main body according to the program called in AUTORUN.INF.
For example
autorun.inf

open=test.exe
The program will automatically delete test.exe

There is still a lack in dealing with unknown viruses, only dealing with it according to autorun.inf, and unable to detect virus derivatives.

If the system is not installed on drive C, when dealing with the LSASS.EXE virus, it is easy to modify the registry badly, leading to being unable to log in normally.

I go to work during the day and can only update at night, so the update speed may be relatively slow.

http://zhenlove.com.cn/cndos/fileup/files/autorunkillone.rar

The link has expired (note from administrator)

for %%i in (c d e f g h i j k l m n o p q r s t u v w s y z) do (

    set Driver=%%i

  if exist %%i:\autorun.inf call :Check

)

echo 恭喜，没有发现病毒或者病毒被清理，程序3秒后自动退出。

ping -n 4 127.1 >nul

exit



:Check

set "vir=sxs.exe RavMonE.exe autorun.bat command.com c:\sxs.exe c:\RavMonE.exe c:\autorun.bat c:\command.com"

for %%n in (%vir%) do (

  for /f "tokens=1* delims==" %%i in (%Driver%:\autorun.inf) do if "%%j"=="%%n" call :%%~nn

)

goto :eof



:sxs

......

goto :eof

Too many judgment statements
Simplify it (example):

for %%i in (c d e f g h i j k l m n o p q r s t u v w s y z) do (

    set Driver=%%i

  if exist %%i:\autorun.inf call :Check

)

echo Congratulations, no virus found or the virus has been cleaned up, the program will exit automatically after 3 seconds.

ping -n 4 127.1 >nul

exit



:Check

set "vir=sxs.exe RavMonE.exe autorun.bat command.com c:\sxs.exe c:\RavMonE.exe c:\autorun.bat c:\command.com"

for %%n in (%vir%) do (

  for /f "tokens=1* delims==" %%i in (%Driver%:\autorun.inf) do if "%%j"=="%%n" call :%%~nn

)

goto :eof



:sxs

......

goto :eof

The virus file library uses
set "vir=sxs.exe RavMonE.exe autorun.bat command.com c:\sxs.exe c:\RavMonE.exe c:\autorun.bat c:\command.com"
Add (space separated, paths with spaces are not possible for the time being)

I used to write a 900-line batch script with judgment statements, and after learning to use "for", I simplified it to 60 lines ^_^

Last edited by zh159 on 2006-12-19 at 12:49 AM ]

Originally posted by zh159 at 2006-12-19 12:47 AM:
Too many judgment statements
Simplify (example):

for %%i in (c d e f g h i j k l m n o p q r s t u v w s y z) do (

    set Driver=%%i

  if exist %%i:\autorun.inf call :Check

)

echo Congratulations, er.. 



Thank you very much for the guidance, continue to modify.

Why not just close autorun? Set the Group Policy to disable AutoRun to enabled

Originally posted by kcdsw at 2006-12-19 12:38 PM:
Why not just close autorun

Group Policy: Disable AutoRun changed to Enabled

If so, many people will ask why the CD cannot be played automatically.

They are all powerful people!!!

I still don't quite understand the parameters like for 的 tokens=1* delims==" right now!!!

autorun很多时候有用阿，这个东东不错

Good stuff, learned it.

Actually, you can combine FSUTIL to be more convenient. There's no need to specify the drive letter.

Save it for later to read slowly.