@echo off
setlocal
set start=1
:run
set fn0=svohost.exe
set fn1=sxs.exe
set fn2=autorun.inf
echo 正在终止病毒进程,请稍等...
:taskkill
taskkill /fi "imagename eq %fn0%" /f
rem 再次扫描病毒进程是否存在
for /f "skip=3" %%i in ('tasklist /fo table') do (
if /i "%%i" EQU "%fn0%" goto taskkill
)
echo 正在删除病毒文件,请稍等...
if exist %windir%/system32/%fn0% del /as %windir%/system32/%fn0%
set all=A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,W,X,Y,Z
set state=0
cd/
for %%i in (%all%) do (
echo 进入%%i盘
%%i:&&cd/&&if exist %fn1% (del /as %fn1%&set state=1) else (set state=2)&&if exist %fn2% (del /as %fn2%&set state=3) else (set state=4)
if /i "%state%" EQU "3" (
echo 清除成功.
) else (
echo 未找到病毒文件.
)
set state=0
)
echo 正在修复被病毒破坏注册表信息,请稍等...
reg delete HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run /v %fn0% /f
reg delete HKU/S-1-5-21-796845957-562591055-839522115-1003/Software/Microsoft/Windows/CurrentVersion/Explorer/MountPoints2 /va /f
reg delete HKCU/Software/Microsoft/Windows/CurrentVersion/Explorer/MountPoints2 /va /f
reg delete HKLM/Software/Microsoft/windows/CurrentVersion/explorer/Advanced/Folder/Hidden/SHOWALL /v CheckedValue /f
reg add HKLM/Software/Microsoft/windows/CurrentVersion/explorer/Advanced/Folder/Hidden/SHOWALL /v CheckedValue /t REG_DWORD /d 1 /f
rem echo 正在修复被病毒破坏的服务,请稍等...
echo 重启桌面
taskkill /fi "imagename eq explorer.exe" /f
start %windir%/explorer.exe
if /i "%start%" EQU "1" (
set start=2
goto run
)
endlocal
pause
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
