16a.us
www.nice8.org
更新对新的木马的查杀,修改结束进程模块.
本来这个专杀只是玩VBS时做的一个拙品,但是看到有人还在提醒我木马群更新,专杀杀不干净的时候我就又再次更新了.需要的朋友就继续关注这里的更新吧.送佛送到西....
vbs文件
复制代码 代码如下:
on error resume next
msgbox "本专杀由[G-AVR]Gryesign提供,请关注BLOG及时更新专杀---http://hi.baidu.com/greysign",64,"搜索引擎乱码病毒专杀,请重复运行两次以便根除病毒"
'-----------------病毒进程结束模块开始-----------------
Dim strComputer, strPath, strExePath
Dim objWMI, objFSO
Dim colProcesses
Dim objProcess, objFile
Set objFSO = CreateObject( "Scripting.FileSystemObject" )
strComputer = "."
nCount = 0
strPath = CreateObject("WScript.Shell").ExpandEnvironmentStrings _
( "%ProgramFiles%\Internet Explorer\iexplore.exe" )
Set objFile = objFSO.GetFile( strPath )
strPath = objFile.ShortPath
Set objFile = Nothing
Set objWMI = GetObject( "winmgmts:{impersonationLevel=impersonate}\\" & _
strComputer & "\root\cimv2" )
Set colProcesses = objWMI.ExecQuery( "SELECT * FROM Win32_Process" & _
" WHERE Name='iexplore.exe'" )
For Each objProcess In colProcesses
Set objFile = objFSO.GetFile( objProcess.ExecutablePath )
strExePath = objFile.ShortPath
Set objFile = Nothing
If StrComp(strExePath, strPath, 1) Then
objProcess.Terminate
Else
End If
Next
set objFSO = CreateObject( "Scripting.FileSystemObject" )
strComputer = "."
nCount = 0
strPath = CreateObject("WScript.Shell").ExpandEnvironmentStrings _
( "%windir%\system32\smss.exe" )
Set objFile = objFSO.GetFile( strPath )
strPath = objFile.ShortPath
Set objFile = Nothing
Set objWMI = GetObject( "winmgmts:{impersonationLevel=impersonate}\\" & _
strComputer & "\root\cimv2" )
Set colProcesses = objWMI.ExecQuery( "SELECT * FROM Win32_Process" & _
" WHERE Name='smss.exe'" )
For Each objProcess In colProcesses
Set objFile = objFSO.GetFile( objProcess.ExecutablePath )
strExePath = objFile.ShortPath
Set objFile = Nothing
If StrComp(strExePath, strPath, 1) Then
objProcess.Terminate
Else
End If
Next
set objFSO = CreateObject( "Scripting.FileSystemObject" )
strComputer = "."
nCount = 0
strPath = CreateObject("WScript.Shell").ExpandEnvironmentStrings _
( "%windir%\system32\services.exe" )
Set objFile = objFSO.GetFile( strPath )
strPath = objFile.ShortPath
Set objFile = Nothing
Set objWMI = GetObject( "winmgmts:{impersonationLevel=impersonate}\\" & _
strComputer & "\root\cimv2" )
Set colProcesses = objWMI.ExecQuery( "SELECT * FROM Win32_Process" & _
" WHERE Name='services.exe'" )
For Each objProcess In colProcesses
Set objFile = objFSO.GetFile( objProcess.ExecutablePath )
strExePath = objFile.ShortPath
Set objFile = Nothing
If StrComp(strExePath, strPath, 1) Then
objProcess.Terminate
Else
End If
Next
set objFSO = CreateObject( "Scripting.FileSystemObject" )
strComputer = "."
nCount = 0
strPath = CreateObject("WScript.Shell").ExpandEnvironmentStrings _
( "%windir%\system32\svshost.exe" )
Set objFile = objFSO.GetFile( strPath )
strPath = objFile.ShortPath
Set objFile = Nothing
Set objWMI = GetObject( "winmgmts:{impersonationLevel=impersonate}\\" & _
strComputer & "\root\cimv2" )
Set colProcesses = objWMI.ExecQuery( "SELECT * FROM Win32_Process" & _
" WHERE Name='svshost.exe'" )
For Each objProcess In colProcesses
Set objFile = objFSO.GetFile( objProcess.ExecutablePath )
strExePath = objFile.ShortPath
Set objFile = Nothing
If StrComp(strExePath, strPath, 1) Then
objProcess.Terminate
Else
End If
Next
set objFSO = CreateObject( "Scripting.FileSystemObject" )
strComputer = "."
nCount = 0
strPath = CreateObject("WScript.Shell").ExpandEnvironmentStrings _
( "%windir%\system32\csrss.exe" )
Set objFile = objFSO.GetFile( strPath )
strPath = objFile.ShortPath
Set objFile = Nothing
Set objWMI = GetObject( "winmgmts:{impersonationLevel=impersonate}\\" & _
strComputer & "\root\cimv2" )
Set colProcesses = objWMI.ExecQuery( "SELECT * FROM Win32_Process" & _
" WHERE Name='csrss.exe'" )
For Each objProcess In colProcesses
Set objFile = objFSO.GetFile( objProcess.ExecutablePath )
strExePath = objFile.ShortPath
Set objFile = Nothing
If StrComp(strExePath, strPath, 1) Then
objProcess.Terminate
Else
End If
Next
set objFSO = CreateObject( "Scripting.FileSystemObject" )
strComputer = "."
nCount = 0
strPath = CreateObject("WScript.Shell").ExpandEnvironmentStrings _
( "%windir%\system32\ctfmon.exe" )
Set objFile = objFSO.GetFile( strPath )
strPath = objFile.ShortPath
Set objFile = Nothing
Set objWMI = GetObject( "winmgmts:{impersonationLevel=impersonate}\\" & _
strComputer & "\root\cimv2" )
Set colProcesses = objWMI.ExecQuery( "SELECT * FROM Win32_Process" & _
" WHERE Name='ctfmon.exe'" )
For Each objProcess In colProcesses
Set objFile = objFSO.GetFile( objProcess.ExecutablePath )
strExePath = objFile.ShortPath
Set objFile = Nothing
If StrComp(strExePath, strPath, 1) Then
objProcess.Terminate
Else
End If
Next
set objFSO = CreateObject( "Scripting.FileSystemObject" )
strComputer = "."
nCount = 0
strPath = CreateObject("WScript.Shell").ExpandEnvironmentStrings _
( "%windir%\explorer.exe" )
Set objFile = objFSO.GetFile( strPath )
strPath = objFile.ShortPath
Set objFile = Nothing
Set objWMI = GetObject( "winmgmts:{impersonationLevel=impersonate}\\" & _
strComputer & "\root\cimv2" )
Set colProcesses = objWMI.ExecQuery( "SELECT * FROM Win32_Process" & _
" WHERE Name='explorer.exe'" )
For Each objProcess In colProcesses
Set objFile = objFSO.GetFile( objProcess.ExecutablePath )
strExePath = objFile.ShortPath
Set objFile = Nothing
objProcess.Terminate
Next
Set colProcesses = Nothing
Set objWMI = Nothing
'======================================================================
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='fyso.exe'")
for each i in p
i.terminate
next
on error resume next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='jtso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='mhso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='qjso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='qqso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='wgso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='wlso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='wmso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='woso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='ztso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='nwizAskTao.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='rxso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='mmc.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='svchost32.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='spglsdr.exe'")
for each i in p
i.terminate
next
'-----------------病毒进程结束模块终止-----------------
'-----------------病毒文件删除模块开始-----------------
set fso=createobject("scripting.filesystemobject")
set del=wscript.createobject("wscript.shell")
d1=del.ExpandEnvironmentStrings("%temp%\fyso.exe")
d2=del.ExpandEnvironmentStrings("%temp%\jtso.exe")
d3=del.ExpandEnvironmentStrings("%temp%\mhso.exe")
d4=del.ExpandEnvironmentStrings("%temp%\qjso.exe")
d5=del.ExpandEnvironmentStrings("%temp%\qqso.exe")
d6=del.ExpandEnvironmentStrings("%temp%\wgso.exe")
d7=del.ExpandEnvironmentStrings("%temp%\wlso.exe")
d8=del.ExpandEnvironmentStrings("%temp%\wmso.exe")
d9=del.ExpandEnvironmentStrings("%temp%\woso.exe")
d10=del.ExpandEnvironmentStrings("%temp%\ztso.exe")
d11=del.ExpandEnvironmentStrings("%temp%\fyso0.dll")
d12=del.ExpandEnvironmentStrings("%temp%\jtso0.dll")
d13=del.ExpandEnvironmentStrings("%temp%\mhso0.dll")
d14=del.ExpandEnvironmentStrings("%temp%\conime.exe")
d15=del.ExpandEnvironmentStrings("%temp%\qjso0.dll")
d16=del.ExpandEnvironmentStrings("%temp%\qqso0.dll")
d17=del.ExpandEnvironmentStrings("%temp%\wgso0.dll")
d18=del.ExpandEnvironmentStrings("%temp%\wlso0.dll")
d19=del.ExpandEnvironmentStrings("%temp%\wmso0.dll")
d20=del.ExpandEnvironmentStrings("%temp%\woso0.dll")
d21=del.ExpandEnvironmentStrings("%temp%\ztso0.dll")
d22=del.ExpandEnvironmentStrings("%programfiles%\Intern~1\PLUGINS\BinNice.bak")
d23=del.ExpandEnvironmentStrings("%programfiles%\Intern~1\PLUGINS\BinNice.dll")
d24=del.ExpandEnvironmentStrings("%temp%\svchost.exe")
d25=del.ExpandEnvironmentStrings("%temp%\IEXPLORE.EXE")
d26=del.ExpandEnvironmentStrings("%windir%\system32\nwiztlbb.exe")
d27=del.ExpandEnvironmentStrings("%windir%\system32\nwizAskTao.exe")
d28=del.ExpandEnvironmentStrings("%windir%\system32\nwiztlbb.dll")
d29=del.ExpandEnvironmentStrings("%windir%\system32\nwizAskTao.dll")
d30=del.ExpandEnvironmentStrings("%temp%\svchost32.exe")
d31=del.ExpandEnvironmentStrings("%temp%\srogm.exe")
d32=del.ExpandEnvironmentStrings("%temp%\csrss.exe")
d33=del.ExpandEnvironmentStrings("%temp%\rxso.exe")
d34=del.ExpandEnvironmentStrings("%temp%\mmc.exe")
d35=del.ExpandEnvironmentStrings("%temp%\rxso0.dll")
d36=del.ExpandEnvironmentStrings("%temp%\spglsdr.exe")
d37=del.ExpandEnvironmentStrings("%temp%\services.exe")
d38=del.ExpandEnvironmentStrings("%temp%\daso.exe")
d39=del.ExpandEnvironmentStrings("%temp%\tlso.exe")
d40=del.ExpandEnvironmentStrings("%temp%\tlso0.dll")
d41=del.ExpandEnvironmentStrings("%temp%\daso0.dll")
d42=del.ExpandEnvironmentStrings("%programfiles%\Intern~1\HiJack.bak")
d43=del.ExpandEnvironmentStrings("%programfiles%\Intern~1\HiJack.dll")
d44=del.ExpandEnvironmentStrings("%temp%\wdso.exe")
d45=del.ExpandEnvironmentStrings("%temp%\wdso0.dll")
d46=del.ExpandEnvironmentStrings("%temp%\smss.exe")
d47=del.ExpandEnvironmentStrings("%temp%\copypfh.exe")
set v1=fso.getfile(d1)
set v2=fso.getfile(d2)
set v3=fso.getfile(d3)
set v4=fso.getfile(d4)
set v5=fso.getfile(d5)
set v6=fso.getfile(d6)
set v7=fso.getfile(d7)
set v8=fso.getfile(d8)
set v9=fso.getfile(d9)
set v10=fso.getfile(d10)
set v11=fso.getfile(d11)
set v12=fso.getfile(d12)
set v13=fso.getfile(d13)
set v14=fso.getfile(d14)
set v15=fso.getfile(d15)
set v16=fso.getfile(d16)
set v17=fso.getfile(d17)
set v18=fso.getfile(d18)
set v19=fso.getfile(d19)
set v20=fso.getfile(d20)
set v21=fso.getfile(d21)
set v22=fso.getfile(d22)
set v23=fso.getfile(d23)
set v24=fso.getfile(d24)
set v25=fso.getfile(d25)
set v26=fso.getfile(d26)
set v27=fso.getfile(d27)
set v28=fso.getfile(d28)
set v29=fso.getfile(d29)
set v30=fso.getfile(d30)
set v31=fso.getfile(d31)
set v32=fso.getfile(d32)
set v33=fso.getfile(d33)
set v34=fso.getfile(d34)
set v35=fso.getfile(d35)
set v36=fso.getfile(d36)
set v37=fso.getfile(d37)
set v38=fso.getfile(d38)
set v39=fso.getfile(d39)
set v40=fso.getfile(d40)
set v41=fso.getfile(d41)
set v42=fso.getfile(d42)
set v43=fso.getfile(d43)
set v44=fso.getfile(d44)
set v45=fso.getfile(d45)
set v46=fso.getfile(d46)
set v47=fso.getfile(d47)
v1.attributes=0
v2.attributes=0
v3.attributes=0
v4.attributes=0
v5.attributes=0
v6.attributes=0
v7.attributes=0
v8.attributes=0
v9.attributes=0
v10.attributes=0
v11.attributes=0
v12.attributes=0
v13.attributes=0
v14.attributes=0
v15.attributes=0
v16.attributes=0
v17.attributes=0
v18.attributes=0
v19.attributes=0
v20.attributes=0
v21.attributes=0
v22.attributes=0
v23.attributes=0
v24.attributes=0
v25.attributes=0
v26.attributes=0
v27.attributes=0
v28.attributes=0
v29.attributes=0
v30.attributes=0
v31.attributes=0
v32.attributes=0
v33.attributes=0
v34.attributes=0
v35.attributes=0
v36.attributes=0
v37.attributes=0
v38.attributes=0
v39.attributes=0
v40.attributes=0
v41.attributes=0
v42.attributes=0
v43.attributes=0
v44.attributes=0
v45.attributes=0
v46.attributes=0
v47.attributes=0
v1.delete
v2.delete
v3.delete
v4.delete
v5.delete
v6.delete
v7.delete
v8.delete
v9.delete
v10.delete
v11.delete
v12.delete
v13.delete
v14.delete
v15.delete
v16.delete
v17.delete
v18.delete
v19.delete
v20.delete
v21.delete
v22.delete
v23.delete
v24.delete
v25.delete
v26.delete
v27.delete
v28.delete
v29.delete
v30.delete
v31.delete
v32.delete
v33.delete
v34.delete
v35.delete
v36.delete
v37.delete
v38.delete
v39.delete
v40.delete
v41.delete
v42.delete
v43.delete
v44.delete
v45.delete
v46.delete
v47.delete
'-----------------病毒文件删除模块终止-----------------
'-----------------病毒文件免疫模块开始-----------------
CreateFolderCreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\fyso.exe")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\jtso.exe")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\mhso.exe")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\qjso.exe")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\qqso.exe")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\wgso.exe")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\wlso.exe")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\wmso.exe")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\woso.exe")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\ztso.exe")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\fyso0.dll")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\jtso0.dll")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\mhso0.dll")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\qjso0.dll")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\qqso0.dll")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\wgso0.dll")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\wlso0.dll")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\wmso0.dll")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\woso0.dll")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\ztso0.dll")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%programfiles%\Intern~1\PLUGINS\BinNice.bak")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%programfiles%\Intern~1\PLUGINS\BinNice.dll")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\svchost.exe")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\IEXPLORE.EXE")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%windir%\system32\nwiztlbb.exe")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%windir%\system32\nwizAskTao.exe")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%windir%\system32\nwiztlbb.dll")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%windir%\system32\nwizAskTao.dll")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\svchost32.exe")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\srogm.exe")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\csrss.exe")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\conime.exe")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\rxso.exe")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\mmc.exe")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\rxso0.dll")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\spglsdr.exe")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\services.exe")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\copypfh.exe")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\daso.exe")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\tlso.exe")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\tlso0.dll")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\daso0.dll")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%programfiles%\Intern~1\HiJack.dll")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%programfiles%\Intern~1\HiJack.bak")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\smss.exe")
'-----------------病毒文件免疫模块终止-----------------
'-----------------遍历删除各盘符根目录下病毒文件模块开始-----------------
set fso=createobject("scripting.filesystemobject")
set drvs=fso.drives
for each drv in drvs
if drv.drivetype=1 or drv.drivetype=2 or drv.drivetype=3 or drv.drivetype=4 then
set u=fso.getfile(drv.driveletter&":\autorun.inf")
u.attributes=0
u.delete
end if
next
'-----------------遍历删除各盘符根目录下病毒文件模块终止-----------------
'-----------------注册表操作模块开始-----------------
set reg=wscript.createobject("wscript.shell")
Set objFSO = CreateObject( "Scripting.FileSystemObject" )
reg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit", objFSO.GetSpecialFolder( 1 ) & "\userinit.exe,","REG_SZ"
reg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue",1,"REG_DWORD"
reg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\DefaultValue",2,"REG_DWORD"
reg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\CheckedValue",2,"REG_DWORD"
reg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\DefaultValue",2,"REG_DWORD"
reg.regdelete "HKEY_CLASSES_ROOT\CLSID\{06E6B6B6-BE3C-6E23-6C8E-B833E2CE63B8}"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{06E6B6B6-BE3C-6E23-6C8E-B833E2CE63B8}"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{01F6EB6F-AB5C-1FDD-6E5B-FB6EE3CC6CD6}"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{A6011F8F-A7F8-49AA-9ADA-49127D43138F}"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fysa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jtsa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mhsa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qjsa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qqsa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wgsa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wlsa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wmsa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wosa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztsa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nwizAskTao"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nwiztlbb"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rxsa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dasa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tlsa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wdsa"
'-----------------注册表操作模块终止-----------------
'-----------------系统文件恢复模块开始-----------------
'-----------------系统文件修复模块终止-----------------
'-----------------HOST文件修复模块开始-----------------
set fso=createobject("scripting.filesystemobject")
Set objFSO = CreateObject( "Scripting.FileSystemObject" )
set re=fso.OpenTextFile(objFSO.GetSpecialFolder( 1 ) &"\drivers\etc\hosts",2,0)
re.Write "127.0.0.1 localhost" & vbCrLf
re.Write "127.0.0.1 7y7.us"& vbCrLf
re.Write "127.0.0.1 www.beginget.com"& vbCrLf
re.Write "127.0.0.1 16a.us"& vbCrLf
re.Write "127.0.0.1 www.nice8.org"& vbCrLf
re.Close
set re=nothing
'-----------------HOST文件修复模块终止-----------------
'-----------------Autorun免疫模块开始-----------------
set drvs=fso.drives
for each drv in drvs
if drv.drivetype=1 or drv.drivetype=2 or drv.drivetype=3 or drv.drivetype=4 then
fso.createfolder(drv.driveletter&":\autorun.inf")
fso.createfolder(drv.driveletter&":\autorun.inf\免疫文件夹..\")
set fl=fso.getfolder(drv.driveletter&":\autorun.inf")
fl.attributes=3
end if
next
'-----------------Autorun免疫模块终止-----------------
msgbox "病毒清除成功,请重启电脑!假如病毒还未根除请到安全模式下运行",64,"搜索引擎乱码病毒专杀"
7y7.us专杀工具下载地址:
http://hzyo.com/killvirus.rar