1.下載下列程式:
http://www.hatea.com.tw/tech/files/DelAutorun-Virus.bat
下載完按2下執行,此程式會移除所有磁碟區的autorun.inf,並建立一個autorun.inf來擋住病毒,如有隨身碟請一併接上,依執行內的說明操作,完成後請重新開機。
2.下載 USB Cleaner 程式
下載位置:
http://sx.cg2es.tnc.edu.tw/schools/antivirus/soft/USB_Cleaner.zip
下載完成請解壓縮檔案,點選[USBCleaner]程式二下執行程式,出現 USB Cleaner 主畫面,請點選[全面檢驗]進行病毒查殺.
如果有中毒過,它可以解除無法看隱藏檔的設定,請點選[工具及插件]->[修復顯示隱藏檔案及系統檔案]即可.
若是要對USB隨身碟進行病毒免疫,請點選[工具及插件]->[U盤病毒免疫]即可.
3.請移除原有防毒程式,建議安裝AntiVir防毒軟體
Avira AntiVir PersonalEdition Classic 防毒軟體下載位置:
http://www.free-av.com/down/windows/antivir_workstation_win7u_en_h.exe
或
ftp://ftp3.tnc.edu.tw/antivir/antivir_workstation_win7u_en_h.exe
PS:請任選一個下載位置即可.
AntiVir病毒碼(2007/09/05)下載位置:
http://sx.cg2es.tnc.edu.tw/schools/antivirus/soft/ivdf_fusebundle_nt_en.zip
AntiVir主程式安裝完成後,打開主程式,請選"Update"-->"Manual Update.." 選擇剛剛下載的"ivdf_fusebundle_nt_en.zip"檔案,即可進手動更新病毒碼.
病毒碼更新完成後,請點選主程式畫面的[Scanner]->[Local Drives]->[左上方的掃瞄放大鏡]進行全系統掃瞄,查殺所有感染病毒的檔案,出現發現病毒視窗請點選[Delete]即可.
-----------DelAutorun-Virus.bat 內碼---------------
@echo off
cls
echo.
echo *********** Delete Autorun batch file ***********
echo.
echo.
echo 此檔案除了有刪除Autorun.inf並關閉Autorun功能外
echo 另外有刪除MountPoints2內異常機碼的功能
echo.
echo ==============================================
echo.
echo.
echo 此批次檔執行後會關閉Autorun功能
echo.
echo 如果要回覆Autorun功能則請將檔案放置在c:\後
echo.
echo 按開始 -^> 執行 -^> 輸入c:\delautorun open後按確定
echo.
echo 依照動作指示跑完後即可回覆Autorun功能
echo.
echo.
echo 如不想執行請按CTRL+C後按Y跳出或直接將視窗關閉。
echo.
pause
cls
if not "%1"=="open" goto st
echo.
echo 回覆Autorun功能並刪除Autorun.inf資料夾
for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
attrib -r -s -h +a /D /S %%a:\autorun.inf >nul 2>nul
rd %%a:\autorun.inf >nul 2>nul&&echo.&&echo 移除%%a:\Autorun.inf資料夾
)
echo.
echo.
reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoDriveAutoRun" /f >nul 2>nul
reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x00000091 /f >nul 2>nul
reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x00000091 /f >nul 2>nul
reg.exe add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x00000091 /f >nul 2>nul
echo 處理完畢請重新開機
echo.
pause
exit
:st
if not exist c:\delauto goto delauto
if exist c:\delauto\usbmons.dll attrib -r -s -h -a %windir%\system32\usbmons.dll&del %windir%\system32\usbmons.dll >nul 2>nul&del c:\delauto\usbmons.dll >nul 2>nul
echo.
echo 清理前次執行此批次檔暫存檔和autorun.inf資料夾
echo.
for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
attrib -r -s -h +a /D /S %%a:\autorun.inf >nul 2>nul
rd %%a:\autorun.inf >nul 2>nul
)
del c:\delauto\*.* /s /q >nul 2>nul
rd c:\delauto /s /q
:delauto
md c:\delauto
copy %windir%\regedit.exe c:\delauto\fixreg.exe >nul 2>nul
if not exist %windir%\system32\usbmons.dll goto disable
@echo Windows Registry Editor Version 5.00 >c:\delauto\fix.reg
@echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\USB Monitor] >>c:\delauto\fix.reg
@echo "Driver"="usbmon.dll" >>c:\delauto\fix.reg
@echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\USB Monitor] >>c:\delauto\fix.reg
@echo "Driver"="usbmon.dll" >>c:\delauto\fix.reg
@echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Monitors\USB Monitor] >>c:\delauto\fix.reg
@echo "Driver"="usbmon.dll" >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\usbmon >>c:\delauto\fix.reg
c:\delauto\fixreg.exe /s c:\delauto\fix.reg
attrib -r -s -h -a %windir%\system32\usbmons.dll >nul 2>nul
copy %windir%\system32\usbmons.dll c:\delauto\ >nul 2>nul
echo 請於重新開機後再執行一次此程式
echo.
pause
cls
:disable
echo.
echo 修復磁碟點不開和關閉autorun功能
reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveAutoRun /t REG_BINARY /d ffffff03 /f >nul 2>nul
reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000Ff /f >nul 2>nul
reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000Ff /f >nul 2>nul
reg.exe add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000Ff /f >nul 2>nul
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f >nul 2>nul
for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
if exist %%a:\autorun.inf echo.&echo 刪除%%a:\Autorun.inf
attrib -r -s -h -a %%a:\autorun.inf >nul 2>nul&del %%a:\autorun.inf /f /q >nul 2>nul
md %%a:\autorun.inf >nul 2>nul&&echo.&&echo 創建%%a:\Autorun.inf資料夾&&attrib +r +s +h +a %%a:\autorun.inf >nul 2>nul&&echo. >>c:\delauto\autorun.txt&&fsutil fsinfo drivetype %%a: >>c:\delauto\autorun.txt&&dir/a %%a:\|find /i "autorun.inf" >> c:\delauto\autorun.txt
)
echo.
echo 刪除資源回收桶內執行檔
for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
for %%b in (EXE COM PIF) do (
attrib -r -s -h -a %%a:\RECYCLER\*.%%b /s >nul 2>nul&attrib -r -s -h -a %%a:\RECYCLED\*.%%b /s >nul 2>nul
del %%a:\recycler\*.%%b /s /q /f >nul 2>nul&del %%a:\recycled\*.%%b /s /q /f >nul 2>nul
))
@echo Windows Registry Editor Version 5.00 >c:\delauto\fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] >>c:\delauto\fix.reg
@echo "CheckedValue"=dword:00000001 >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.com] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NOD32.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.com] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.EXE] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe] >>c:\delauto\fix.reg
c:\delauto\fixreg.exe /s c:\delauto\fix.reg
:last
copy %windir%\regedit.exe c:\delauto\fixreg.exe >nul 2>nul
c:\delauto\fixreg.exe /s c:\delauto\fix.reg
attrib -r -s -h -a c:\found.??? /S /D >nul 2>nul
del c:\found.???\*.* /s /q /f >nul 2>nul
rd c:\found.??? >nul 2>nul
echo.
echo 處理完畢&pause
cls
echo.
echo 以下會顯示各磁碟內Autorun.inf是否為資料夾
echo 如果是此批次檔建立之資料夾則會顯示類似像下列文字
echo.
echo C: - 固定式磁碟
echo %date% %time% ^<DIR^> autorun.inf
echo.
echo 如果沒有顯示^<DIR^>這個幾個文字則表示Autorun.inf刪除失敗請檢查電腦內其他地方是否含有病毒
echo 另外如果是光碟機內的檔案則請忽略....
echo.
pause
echo.
type c:\delauto\autorun.txt|more
echo.
echo 執行完畢請重新開機。
echo.
pause
exit
-----------------------------------------------------------------------------------------
http://www.hatea.com.tw/tech/files/DelAutorun-Virus.bat
下載完按2下執行,此程式會移除所有磁碟區的autorun.inf,並建立一個autorun.inf來擋住病毒,如有隨身碟請一併接上,依執行內的說明操作,完成後請重新開機。
2.下載 USB Cleaner 程式
下載位置:
http://sx.cg2es.tnc.edu.tw/schools/antivirus/soft/USB_Cleaner.zip
下載完成請解壓縮檔案,點選[USBCleaner]程式二下執行程式,出現 USB Cleaner 主畫面,請點選[全面檢驗]進行病毒查殺.
如果有中毒過,它可以解除無法看隱藏檔的設定,請點選[工具及插件]->[修復顯示隱藏檔案及系統檔案]即可.
若是要對USB隨身碟進行病毒免疫,請點選[工具及插件]->[U盤病毒免疫]即可.
3.請移除原有防毒程式,建議安裝AntiVir防毒軟體
Avira AntiVir PersonalEdition Classic 防毒軟體下載位置:
http://www.free-av.com/down/windows/antivir_workstation_win7u_en_h.exe
或
ftp://ftp3.tnc.edu.tw/antivir/antivir_workstation_win7u_en_h.exe
PS:請任選一個下載位置即可.
AntiVir病毒碼(2007/09/05)下載位置:
http://sx.cg2es.tnc.edu.tw/schools/antivirus/soft/ivdf_fusebundle_nt_en.zip
AntiVir主程式安裝完成後,打開主程式,請選"Update"-->"Manual Update.." 選擇剛剛下載的"ivdf_fusebundle_nt_en.zip"檔案,即可進手動更新病毒碼.
病毒碼更新完成後,請點選主程式畫面的[Scanner]->[Local Drives]->[左上方的掃瞄放大鏡]進行全系統掃瞄,查殺所有感染病毒的檔案,出現發現病毒視窗請點選[Delete]即可.
-----------DelAutorun-Virus.bat 內碼---------------
@echo off
cls
echo.
echo *********** Delete Autorun batch file ***********
echo.
echo.
echo 此檔案除了有刪除Autorun.inf並關閉Autorun功能外
echo 另外有刪除MountPoints2內異常機碼的功能
echo.
echo ==============================================
echo.
echo.
echo 此批次檔執行後會關閉Autorun功能
echo.
echo 如果要回覆Autorun功能則請將檔案放置在c:\後
echo.
echo 按開始 -^> 執行 -^> 輸入c:\delautorun open後按確定
echo.
echo 依照動作指示跑完後即可回覆Autorun功能
echo.
echo.
echo 如不想執行請按CTRL+C後按Y跳出或直接將視窗關閉。
echo.
pause
cls
if not "%1"=="open" goto st
echo.
echo 回覆Autorun功能並刪除Autorun.inf資料夾
for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
attrib -r -s -h +a /D /S %%a:\autorun.inf >nul 2>nul
rd %%a:\autorun.inf >nul 2>nul&&echo.&&echo 移除%%a:\Autorun.inf資料夾
)
echo.
echo.
reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoDriveAutoRun" /f >nul 2>nul
reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x00000091 /f >nul 2>nul
reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x00000091 /f >nul 2>nul
reg.exe add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x00000091 /f >nul 2>nul
echo 處理完畢請重新開機
echo.
pause
exit
:st
if not exist c:\delauto goto delauto
if exist c:\delauto\usbmons.dll attrib -r -s -h -a %windir%\system32\usbmons.dll&del %windir%\system32\usbmons.dll >nul 2>nul&del c:\delauto\usbmons.dll >nul 2>nul
echo.
echo 清理前次執行此批次檔暫存檔和autorun.inf資料夾
echo.
for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
attrib -r -s -h +a /D /S %%a:\autorun.inf >nul 2>nul
rd %%a:\autorun.inf >nul 2>nul
)
del c:\delauto\*.* /s /q >nul 2>nul
rd c:\delauto /s /q
:delauto
md c:\delauto
copy %windir%\regedit.exe c:\delauto\fixreg.exe >nul 2>nul
if not exist %windir%\system32\usbmons.dll goto disable
@echo Windows Registry Editor Version 5.00 >c:\delauto\fix.reg
@echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\USB Monitor] >>c:\delauto\fix.reg
@echo "Driver"="usbmon.dll" >>c:\delauto\fix.reg
@echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\USB Monitor] >>c:\delauto\fix.reg
@echo "Driver"="usbmon.dll" >>c:\delauto\fix.reg
@echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Monitors\USB Monitor] >>c:\delauto\fix.reg
@echo "Driver"="usbmon.dll" >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\usbmon >>c:\delauto\fix.reg
c:\delauto\fixreg.exe /s c:\delauto\fix.reg
attrib -r -s -h -a %windir%\system32\usbmons.dll >nul 2>nul
copy %windir%\system32\usbmons.dll c:\delauto\ >nul 2>nul
echo 請於重新開機後再執行一次此程式
echo.
pause
cls
:disable
echo.
echo 修復磁碟點不開和關閉autorun功能
reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveAutoRun /t REG_BINARY /d ffffff03 /f >nul 2>nul
reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000Ff /f >nul 2>nul
reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000Ff /f >nul 2>nul
reg.exe add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000Ff /f >nul 2>nul
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f >nul 2>nul
for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
if exist %%a:\autorun.inf echo.&echo 刪除%%a:\Autorun.inf
attrib -r -s -h -a %%a:\autorun.inf >nul 2>nul&del %%a:\autorun.inf /f /q >nul 2>nul
md %%a:\autorun.inf >nul 2>nul&&echo.&&echo 創建%%a:\Autorun.inf資料夾&&attrib +r +s +h +a %%a:\autorun.inf >nul 2>nul&&echo. >>c:\delauto\autorun.txt&&fsutil fsinfo drivetype %%a: >>c:\delauto\autorun.txt&&dir/a %%a:\|find /i "autorun.inf" >> c:\delauto\autorun.txt
)
echo.
echo 刪除資源回收桶內執行檔
for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
for %%b in (EXE COM PIF) do (
attrib -r -s -h -a %%a:\RECYCLER\*.%%b /s >nul 2>nul&attrib -r -s -h -a %%a:\RECYCLED\*.%%b /s >nul 2>nul
del %%a:\recycler\*.%%b /s /q /f >nul 2>nul&del %%a:\recycled\*.%%b /s /q /f >nul 2>nul
))
@echo Windows Registry Editor Version 5.00 >c:\delauto\fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] >>c:\delauto\fix.reg
@echo "CheckedValue"=dword:00000001 >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.com] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NOD32.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.com] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.EXE] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe] >>c:\delauto\fix.reg
c:\delauto\fixreg.exe /s c:\delauto\fix.reg
:last
copy %windir%\regedit.exe c:\delauto\fixreg.exe >nul 2>nul
c:\delauto\fixreg.exe /s c:\delauto\fix.reg
attrib -r -s -h -a c:\found.??? /S /D >nul 2>nul
del c:\found.???\*.* /s /q /f >nul 2>nul
rd c:\found.??? >nul 2>nul
echo.
echo 處理完畢&pause
cls
echo.
echo 以下會顯示各磁碟內Autorun.inf是否為資料夾
echo 如果是此批次檔建立之資料夾則會顯示類似像下列文字
echo.
echo C: - 固定式磁碟
echo %date% %time% ^<DIR^> autorun.inf
echo.
echo 如果沒有顯示^<DIR^>這個幾個文字則表示Autorun.inf刪除失敗請檢查電腦內其他地方是否含有病毒
echo 另外如果是光碟機內的檔案則請忽略....
echo.
pause
echo.
type c:\delauto\autorun.txt|more
echo.
echo 執行完畢請重新開機。
echo.
pause
exit
-----------------------------------------------------------------------------------------
全站熱搜
留言列表
私人 (9)