|
|
这种病毒我最初是在学校的机房点上的见到的,有句笑话说的好,学校的机房就是最大的病毒库。。。这种病毒的表现,就是在电脑的桌面上有一个横条上面一句话“this computer is being attacked”,这个横条在桌面上来回的游走。。。过几秒种出来一次,出来一次。是一种非常厉害的优盘病毒,完全是破坏病毒,严重鄙视开发者。还有一种优盘病毒这种病毒也很厉害。 由于此病毒破坏性很强,并在所有硬盘中都存有病毒备份文件,所以若此方法无用,请将所有硬盘格式化并重装系统。我找到一个程序,把里面的内容提取出来了,下面的全部都是。
@ echo off
title 驱动级顽固 Global.exe删除代码
color 0a
taskkill /im Global.exe /t /f
taskkill /im tskmgr.exe /t /f
attrib -s -h -r c:\autorun.inf
attrib -s -h -r C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com
attrib -s -h -r C:\WINDOWS\pchealth\Global.exe
attrib -s -h -r C:\WINDOWS\system32\dllcache\Default.exe
attrib -s -h -r C:\WINDOWS\pchealth\Global.exe
attrib -s -h -r C:\WINDOWS\system\KEYBOARD.exe
attrib -s -h -r C:\WINDOWS\Fonts\Fonts.exe
attrib -r -s -h C:\MS-DOS.com
attrib -r -s -h C:\WINDOWS\Cursors\Boom.vbs
attrib -r -s -h C:\windows\fonts\tskmgr.exe
attrib -r -s -h C:\windows\system32\dllcache\recycler.{645ff040-5081-101b-9f08-00aa002f954e}\global.exe
attrib -r -s -h C:\windows\system32\dllcache\rndll32.exe
attrib -r -s -h C:\windows\system32\drivers\drivers.cab.exe
del c:\autorun.inf
del C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com
del C:\WINDOWS\pchealth\Global.exe
del C:\WINDOWS\system32\dllcache\Default.exe
del C:\WINDOWS\pchealth\Global.exe
del C:\windows\fonts\tskmgr.exe
del C:\WINDOWS\system\KEYBOARD.exe
del C:\WINDOWS\Fonts\Fonts.exe
del C:\MS-DOS.com
del C:\WINDOWS\Cursors\Boom.vbs
del C:\windows\system32\dllcache\recycler.{645ff040-5081-101b-9f08-00aa002f954e}\global.exe
del C:\windows\system32\dllcache\rndll32.exe
del C:\windows\system32\drivers\drivers.cab.exe
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\autorun.inf attrib -s -h -r %%d:\autorun.inf
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\autorun.inf del %%d:\autorun.inf /q
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com attrib -s -h -r %%d:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\pchealth\Global.exe attrib -s -h -r %%d:\WINDOWS\pchealth\Global.exe
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\system32\dllcache\Default.exe attrib -s -h -r %%d:\WINDOWS\system32\dllcache\Default.exe
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\system\KEYBOARD.exe attrib -s -h -r %%d:\WINDOWS\system\KEYBOARD.exe
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\Fonts\Fonts.exe attrib -s -h -r %%d:\WINDOWS\Fonts\Fonts.exe
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\MS-DOS.com attrib -s -h -r %%d:\MS-DOS.com
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com del %%d:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com /q
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\pchealth\Global.exe del %%d:\WINDOWS\pchealth\Global.exe /q
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\system32\dllcache\Default.exe del %%d:\WINDOWS\system32\dllcache\Default.exe /q
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\system\KEYBOARD.exe del %%d:\WINDOWS\system\KEYBOARD.exe /q
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\WINDOWS\Fonts\Fonts.exe del %%d:\WINDOWS\Fonts\Fonts.exe /q
for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:\MS-DOS.com del %%d:\MS-DOS.com /q
'cls
set rg = createobject("wscript.shell")
on error resume next
rg.regwrite "HKCR\.vbs\", "VBSFile"
rg.regwrite "HKCU\Control Panel\Desktop\SCRNSAVE.EXE", ""
rg.regwrite "HKCU\Control Panel\Desktop\ScreenSaveTimeOut", "30"
rg.regwrite "HKCR\MSCFile\Shell\Open\Command\", ""
rg.regwrite "HKCR\regfile\Shell\Open\Command\", ""
rg.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\", ""
rg.regwrite "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\", ""
rg.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\", ""
rg.regwrite "HKEY_CLASSES_ROOT\MSCFile\Shell\Open\Command\", ""
rg.regwrite "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\DisplayName","Local Group Policy"
rg.regwrite "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\FileSysPath",""
rg.regwrite "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\GPO-ID","LocalGPO"
rg.regwrite "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\GPOName","Local Group Policy"
rg.regwrite "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\SOM-ID","Local"
rg.regwrite "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0\Parameters",""
rg.regwrite "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0\Script",""
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\DisplayName", "Local Group Policy"
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\FileSysPath", ""
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\GPO-ID", "LocalGPO"
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\GPOName", "Local Group Policy"
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\SOM-ID", "Local"
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0\Parameters", ""
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0\Script", ""
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\0\DisplayName", "Local Group Policy"
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\0\FileSysPath", ""
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\0\GPO-ID", "LocalGPO"
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\0\GPOName", "Local Group Policy"
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\0\SOM-ID", "Local"
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\0\0\Parameters", ""
rg.regwrite "HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\0\0\Script", ""
cls
set /p tmp=C盘该病毒清除完毕,请按回车开始删除其他分区病毒。
cls
@echo off
title 金来全 Global.bat删除代码
color 0a
echo ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
echo.
echo 例如:D盘无法打开则输入 d,你也可以输入d,e,f这样来同时
echo 对这三个分区操作。
echo.
echo ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
set /p input=[请输入无法打开的分区的盘符]
attrib -s -h -r %input%:\autorun.inf
attrib -s -h -r %input%:\MS-DOS.com
cls
del %input%:\autorun.inf /q
del %input%:\MS-DOS.com /q
echo 查杀成功!!
把前面的内容全部复制到剪贴板上,保存时把保存类型选为“所有文件”,将后缀名改成.bat,双击运行就可以了。
|
|
窥视卡
雷达卡
发表于 2014-7-23 00:44:25
提升卡
置顶卡
沉默卡
变色卡
千斤顶