利用组策略清除“威金”病毒僵尸及免疫

Group Policy Setup <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

 

3.Virus Immunity

 

Objects:

 

OU: FFDMS.Flextronics.com

Group Name: VirusImmunity

 

Step 1.

 

Create new group policy set name is "VirusImmunity".

 

 

Step 2.

 

Contain user login scripts.

 

Add .bat file to Scripts list.

 

 

 

Step 3.

 

Finish and Exit.

 

Remark:

 

Type VirusImmunity.bat

 

echo off

taskkill /F /IM Rundl132.exe /T

taskkill /F /IM Logo1_.exe /T

 

<?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" /> del /s/q/f %systemroot%\rundl132.exe

del /s/q/f %systemroot%\Logo1_.exe

del /s/q/f %systemroot%\Temp\*.*

del /s/q/f "%systemdrive%\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\"

del /s/q/f "%systemdrive%\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\"

 

echo off >%systemroot%\rundl132.exe

echo off >%systemroot%\Logo1_.exe

 

Attrib +R +S +H %systemroot%\rundl132.exe

Attrib +R +S +H %systemroot%\Logo1_.exe

 

cacls %systemroot%\rundl132.exe /e /p everyone:n

cacls %systemroot%\Logo1_.exe /e /p everyone:n

 

@echo Windows Registry Editor Version 5.00>> "%systemdrive%\Immunity.reg"

@echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]>> "%systemdrive%\Immunity.reg"

@echo "C:\\WINDOWS\\rundl132.exe"=->> "%systemdrive%\Immunity.reg"

@echo [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Windows]>> "%systemdrive%\Immunity.reg"

@echo "load"="">> "%systemdrive%\Immunity.reg"

regedit /s %systemdrive%\Immunity.reg

del %systemdrive%\Immunity.reg

 

@echo Virus Immunity already success,Good Luck!------by Lex >"%systemdrive%\VirusImmunity.txt"

echo on

 

 

 

转载于:https://blog.51cto.com/lexli32/90123