标题: 怎么样可以让DOS运行所有的EXE文件后再自动关掉 [打印本页]
作者: zhouxiaohuanv 时间: 2007-4-11 08:11 标题: 怎么样可以让DOS运行所有的EXE文件后再自动关掉
我的电脑中了毒~~~~~~怎么样可以让DOS运行所有的EXE文件后再自动关掉
D:所有的EXE文件
E:所有的EXE文件
高手们请教给我点希望啊~~~~~~~~~~~~~~~~~~~~~我的文件啊 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
作者: zqz0012005 时间: 2007-4-11 09:07
::run.bat
D:
for /f "delims=" %%a in ('dir /a/s/b *.exe') do (cd /d %%a\..
for /f "delims=" %%i in ('dir *.exe /b') do (start %%i &ping -n 1 127.1>nul &taskkill /f /im %%i)
)
E:
for /f "delims=" %%a in ('dir /a/s/b *.exe') do (cd /d %%a\..
for /f "delims=" %%i in ('dir *.exe /b') do (start %%i &ping -n 1 127.1>nul &taskkill /f /im %%i)
)
作者: lxmxn 时间: 2007-4-11 11:02
ps..中的什么病毒需要运行全部的exe文件?
作者: zhouxiaohuanv 时间: 2007-4-11 11:44 标题: lxmxn你好!!!!!!!!!
我中的是Logo1_.exe
现在所以的EXE文件变成模糊的颜色~~~
谢谢~~~~~~~~~~~~~~~~~~~~~
作者: zhouxiaohuanv 时间: 2007-4-11 11:49
听说是威金但是怎么杀都杀不到~~~~~~~~
现在的毒真的太厉害了~搞的我所以EXE都有毒~
Logo1免疫补丁
@echo off
if exist %windir%\rundl132.exe echo 发现威金!
pause
taskkill /f /im rundl132.exe
taskkill /f /im logo_1.exe
taskkill /f /im logo1_.exe
taskkill /f /im Ravmon.exe
taskkill /f /im Eghost.exe
taskkill /f /im Mailmon.exe
taskkill /f /im KAVPFW.EXE
taskkill /f /im IPARMOR.EXE
taskkill /f /im Ravmond.exe
taskkill /f /im 0sy.exe
taskkill /f /im 1sy.exe
taskkill /f /im 2sy.exe
taskkill /f /im 3sy.exe
taskkill /f /im 4sy.exe
taskkill /f /im 5sy.exe
taskkill /f /im 6sy.exe
taskkill /f /im 7sy.exe
taskkill /f /im 8sy.exe
taskkill /f /im 9sy.exe
taskkill /f /im 10sy.exe
taskkill /f /im 11sy.exe
taskkill /f /im 12sy.exe
taskkill /f /im 13sy.exe
taskkill /f /im 15sy.exe
taskkill /f /im 25sy.exe
::以上为结束病毒进程.
attrib %windir%\Logo1_.exe -s -r -h
attrib %windir%\rundl132.exe -s -r -h
attrib %windir%\0Sy.exe -s -r -h
attrib %windir%\vDll.dll -s -r -h
attrib %windir%\1Sy.exe -s -r -h
attrib %windir%\2Sy.exe -s -r -h
attrib %windir%\rundll32.exe -s -r -h
attrib %windir%\3Sy.exe -s -r -h
attrib %windir%\5Sy.exe -s -r -h
attrib %windir%\1.com -s -r -h
attrib %windir%\exerouter.exe -s -r -h
attrib %windir%\EXP10RER.com -s -r -h
attrib %windir%\finders.com -s -r -h
attrib %windir%\Shell.sys -s -r -h
attrib %windir%\kill.exe -s -r -h
attrib %windir%\sws.dll -s -r -h
attrib %windir%\sws32.dll -s -r -h
attrib %windir%\uninstall\rundl132.exe -s -r -h
attrib c:\windows\SVCHOST.exe -s -r -h
attrib c:\windows\WINLOGON.exe -s -r -h
attrib c:\windows\RUNDLL32.EXE -s -r -h
attrib C:\"Program Files"\svchost.exe -s -r -h
attrib C:\"Program Files"\"Internet Explorer"\svchost.exe -s -r -h
attrib %windir%\Download\svchost.exe -s -r -h
attrib %windir%\system32\wldll.dll -s -r -h
attrib c:\windows\system32\Microsoft\svchost.exe -s -r -h
del /f /s /q /a %systemdrive%\rundl132.exe
del /f /s /q /a %systemdrive%\rundll32.exe
del /f /s /q /a %systemdrive%\Dll.dll
del /f /s /q /a %systemdrive%\vdll.dll
del /f /s /q /a %systemdrive%\logo_1.exe
del /f /s /q /a %systemdrive%\Logo1_.exe
del /f /s /q /a %systemdrive%\Logo1.exe
del /f /s /q /a %systemdrive%\?sy.exe
del /f /s /q /a %windir%\Logo1_.exe
del /f /s /q /a %windir%\rundl132.exe
del /f /s /q /a %windir%\0Sy.exe
del /f /s /q /a %windir%\vDll.dll
del /f /s /q /a %windir%\1Sy.exe
del /f /s /q /a %windir%\2Sy.exe
del /f /s /q /a %windir%\rundll32.exe
del /f /s /q /a %windir%\3Sy.exe
del /f /s /q /a %windir%\5Sy.exe
del /f /s /q /a %windir%\1.com
del /f /s /q /a %windir%\exerouter.exe
del /f /s /q /a %windir%\EXP10RER.com
del /f /s /q /a %windir%\finders.com
del /f /s /q /a %windir%\Shell.sys
del /f /s /q /a %windir%\kill.exe
del /f /s /q /a %windir%\sws.dll
del /f /s /q /a %windir%\sws32.dll
del /f /s /q /a %windir%\uninstall\rundl132.exe
del /f /s /q /a c:\windows\SVCHOST.exe
del /f /s /q /a c:\windows\WINLOGON.exe
del /f /s /q /a c:\windows\RUNDLL32.EXE
del /f /s /q /a C:\"Program Files"\svchost.exe
del /f /s /q /a C:\"Program Files"\"Internet Explorer"\svchost.exe
del /f /s /q /a c:\windows\Download\svchost.exe
del /f /s /q /a c:\windows\system32\Microsoft\svchost.exe
del /f /s /q /a c:\windows\system32\wldll.dll
del /f /s /q /a c:\_desktop.ini
del /f /s /q /a d:\_desktop.ini
del /f /s /q /a e:\_desktop.ini
del /f /s /q /a f:\_desktop.ini
::以上为删除病毒相关文件.
net share c$ /del
net share d$ /del
net share e$ /del
net share f$ /del
net share admin$ /del
net share ipc$ /del
pause
taskkill /f /im conime.exe
exit
echo > %windir%\Logo1_.exe
echo > %windir%\rundl132.exe
echo > %windir%\0Sy.exe
echo > %windir%\vDll.dll
echo > %windir%\1Sy.exe
echo > %windir%\2Sy.exe
echo > %windir%\rundll32.exe
echo > %windir%\3Sy.exe
echo > %windir%\5Sy.exe
echo > %windir%\1.com
echo > %windir%\exerouter.exe
echo > %windir%\EXP10RER.com
echo > %windir%\finders.com
echo > %windir%\Shell.sys
echo > %windir%\kill.exe
echo > %windir%\sws.dll
echo > %windir%\sws32.dll
echo > %windir%\uninstall\rundl132.exe
echo > %windir%\SVCHOST.exe
echo > %windir%\WINLOGON.exe
echo > %windir%\RUNDLL32.EXE
echo > C:\"Program Files"\svchost.exe
echo > C:\"Program Files"\"Internet Explorer"\svchost.exe
echo > %windir%\Download\svchost.exe
echo > %windir%\system32\wldll.dll
attrib %windir%\Logo1_.exe +s +r +h
attrib %windir%\rundl132.exe +s +r +h
attrib %windir%\0Sy.exe +s +r +h
attrib %windir%\vDll.dll +s +r +h
attrib %windir%\1Sy.exe +s +r +h
attrib %windir%\2Sy.exe +s +r +h
attrib %windir%\rundll32.exe +s +r +h
attrib %windir%\3Sy.exe +s +r +h
attrib %windir%\5Sy.exe +s +r +h
attrib %windir%\1.com +s +r +h
attrib %windir%\exerouter.exe +s +r +h
attrib %windir%\EXP10RER.com +s +r +h
attrib %windir%\finders.com +s +r +h
attrib %windir%\Shell.sys +s +r +h
attrib %windir%\kill.exe +s +r +h
attrib %windir%\sws.dll +s +r +h
attrib %windir%\sws32.dll +s +r +h
attrib %windir%\uninstall\rundl132.exe +s +r +h
attrib %windir%\SVCHOST.exe +s +r +h
attrib %windir%\WINLOGON.exe +s +r +h
attrib %windir%\RUNDLL32.EXE +s +r +h
attrib C:\"Program Files"\svchost.exe +s +r +h
attrib C:\"Program Files"\"Internet Explorer"\svchost.exe +s +r +h
attrib %windir%\Download\svchost.exe +s +r +h
attrib %windir%\system32\wldll.dll +s +r +h
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff
"DisallowRun"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun]
"1"="logo1_.exe"
"2"="1.com"
"3"="1Sy.exe"
"4"="2Sy.exe"
"5"="3Sy.exe"
"6"="5Sy.exe"
"7"="exerouter.exe"
"8"="EXP10RER.com"
"9"="finders.com"
"10"="finders.com"
"11"="kill.exe"
"12"="Logo1_.exe"
"13"="rundl132.exe"
"14"="1.exe"
"15"="0sy.exe"
"16"="sms*.**e"
"17"="sms*.**e"
"18"="sws.dll"
"19"="sws32.dll"
"20"="tool.exe"
"21"="tool2005.exe"
"22"="tool2006.exe"
"23"="tool*.**e"
"24"="vDll.dll"
作者: lxmxn 时间: 2007-4-12 01:14
| Quote: | |
|
exe文件变成了模糊的颜色,再运行exe文件就可以恢复吗?
搞不明白。
作者: kcdsw 时间: 2007-4-12 02:33
晕 看到楼主的说明才知道前两天我同事的机器中了威金了
不过貌似不难杀啊
没一会就被我手动清除光了
我用了autoruns 和rising
作者: dikex 时间: 2007-4-12 03:20
| Quote: | |
|
利用一种叫映象劫持的办法可以在运行被感染的exe文件后得到原始文件,而且不回激活病毒(对某些变种无效)