長偉資訊

由 **super** » 2008年 8月 15日, 21:51

代碼: 選擇全部: REM �]定說明檔位置 SET PROFILE_V="%USERPROFILE%\桌面\病毒警告.txt" For %%a In ( "C:\WINDOWS\rundl132.exe" "C:\WINDOWS\Config\svhost32.exe" "C:\WINDOWS\$hf_mig$\svhost32.exe" "C:\WINDOWS\help\rundll32.exe" "C:\windows\system32\ct1dll.dll" "C:\WINDOWS\system32\viwpt.DLL" "C:\WINDOWS\system32\PDLL.DLL" "C:\WINDOWS\system32\rundl132.exe" "C:\WINDOWS\system32\dlyy.DLL" "C:\Program Files\rundll32.exe" "C:\Program Files\Microsoft\svhost32.exe" "C:\Program Files\Windows Media Player\svhost.exe" "C:\Documents and Settings\User\桌面\複製 -新增文字.bat" ) Do ( if exist "%%~a_" del "%%~a_" if exist "%%~a" ( ren "%%~a" "%%~nxa_" echo 發�{疑識病毒檔案[%%~a]改名為[%%~nxa_] >> %PROFILE_V% set VS_O=YES ) ) SET WinFILE=%windir%\WIN.ini SET WinSYS=%windir%\SYSTEM.ini if [%VS_O%]==[YES] ( reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "load" /f reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "qm" /f reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "fzg" /f reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "nwiz" /f reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Userinit" /f REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Userinit" /t REG_SZ /d "C:\WINDOWS\system32\userinit.exe," /f echo 刪除以下機碼: >> %PROFILE_V% echo "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "load" >> %PROFILE_V% echo "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "qm" >> %PROFILE_V% echo "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "fzg" >> %PROFILE_V% echo "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "nwiz" >> %PROFILE_V% echo 閱讀本檔案後請刪除,下次�}機如再次出�{本文件代表您又中毒了!! >> %PROFILE_V% echo %TATE% %TIME% By EverSuper 長偉資訊 >> %PROFILE_V% echo ; for 16-bit app support > %WinFILE% echo [fonts] >> %WinFILE% echo [extensions] >> %WinFILE% echo [mci extensions] >> %WinFILE% echo [files] >> %WinFILE% echo [Mail] >> %WinFILE% echo MAPI=1 >> %WinFILE% echo CMCDLLNAME32=mapi32.dll >> %WinFILE% echo CMCDLLNAME=mapi.dll >> %WinFILE% echo CMC=1 >> %WinFILE% echo MAPIX=1 >> %WinFILE% echo MAPIXVER=1.0.0.1 >> %WinFILE% echo OLEMessaging=1 >> %WinFILE% echo [MCI Extensions.BAK] >> %WinFILE% echo aif=MPEGVideo >> %WinFILE% echo aifc=MPEGVideo >> %WinFILE% echo aiff=MPEGVideo >> %WinFILE% echo asf=MPEGVideo >> %WinFILE% echo asx=MPEGVideo >> %WinFILE% echo au=MPEGVideo >> %WinFILE% echo m1v=MPEGVideo >> %WinFILE% echo m3u=MPEGVideo >> %WinFILE% echo mp2=MPEGVideo >> %WinFILE% echo mp2v=MPEGVideo >> %WinFILE% echo mp3=MPEGVideo >> %WinFILE% echo mpa=MPEGVideo >> %WinFILE% echo mpe=MPEGVideo >> %WinFILE% echo mpeg=MPEGVideo >> %WinFILE% echo mpg=MPEGVideo >> %WinFILE% echo mpv2=MPEGVideo >> %WinFILE% echo snd=MPEGVideo >> %WinFILE% echo wax=MPEGVideo >> %WinFILE% echo wm=MPEGVideo >> %WinFILE% echo wma=MPEGVideo >> %WinFILE% echo wmv=MPEGVideo >> %WinFILE% echo wmx=MPEGVideo >> %WinFILE% echo wpl=MPEGVideo >> %WinFILE% echo wvx=MPEGVideo >> %WinFILE% echo ; for 16-bit app support > %WinSYS% echo [drivers] >> %WinSYS% echo wave=mmdrv.dll >> %WinSYS% echo timer=timer.drv >> %WinSYS% echo [mci] >> %WinSYS% echo [driver32] >> %WinSYS% echo [386enh] >> %WinSYS% echo woafont=app950.FON >> %WinSYS% echo EGA80WOA.FON=EGA80WOA.FON >> %WinSYS% echo EGA40WOA.FON=EGA40WOA.FON >> %WinSYS% echo CGA80WOA.FON=CGA80WOA.FON >> %WinSYS% echo CGA40WOA.FON=CGA40WOA.FON >> %WinSYS% ) REM �]定記錄主機位置 if NOT [%SERVER%] == [] type %PROFILE_V% >> "%SERVER%\Vtemp\%COMPUTERNAME%.txt"

長偉資訊

除木馬

除木馬