清除sysinfo2病毒(病毒源文件包括sysinfo.dll,sysinfo2.dll,autorun.inf)
来源:互联网 发布:linux五笔输入法下载 编辑:程序博客网 时间:2024/06/05 10:45
把下面的红色代码复制下来,另存为.bat为后缀的文件也就是批处理文件,然后双击运行保存的批处理就可以了,不过这个病毒有点特殊,要把保存的批处理放在桌面上运行。
@echo off
title 忆林子
color 0a
echo ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
echo.
echo 该病毒资料
echo.
echo 该病毒建立的包括的源文件如下:
echo.
echo 病毒文件全路径 大小(字节)
echo C:/Program Files/system32/SysInfo.dll 197,632
echo 其它所有分区:/autorun.inf 169
echo 其它所有分区:/SysInfo.dll 197,632
echo.
echo autorun.inf文件里的内容
echo.
echo [AutoRun]
echo open=RunDll32.exe ./SysInfo2.Dll,MyFun
echo shell/1=打开(^&O)
echo shell/1/Command=RunDll32.exe ^.^/SysInfo2.Dll,MyFun
echo shellexecute=RunDll32.exe ^.^/SysInfo2.Dll,MyFun
echo.
echo 注意:因为该病毒与系统进程绑定在一起,所以在杀毒时你的计算机将会被强制重启
echo 重启之后,请再运行一次本程序,该病毒方可清除完毕。
echo 请把该程序放在桌面上执行,并且在重启之后马上再次运行该程序。
echo.
echo ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
echo.
set /p tmp=以上是该病毒的信息,如果要清除该病毒,请回车键开始杀毒...
if not exist %systemroot%/system32/sysinfo.dll echo 你的计算机中不存在该病毒,请按任意键退出该程序。 & pause & exit
reg query "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run" /v isFirstRun>>tmp.忆林子
for /f "tokens=1,2,3 skip=4 delims= " %%j in ('more tmp.忆林子') do set isFirstRun=%%l
del tmp.忆林子
if /i "%isFirstRun%"=="1" goto :secondStep
taskkill /fi "modules eq SysInfo.dll" /f
rem 删除被病毒新建的注册表项
reg delete "HKLM/SOFTWARE/Classes/CLSID/{989D2FEB-5411-4565-8988-1DD2C5263377}" /f
reg delete "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Browser Helper Objects/{989D2FEB-5411-4565-8988-1DD2C5263377}" /f
reg delete "HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Explorer/Advanced" /f
reg delete "HKLM/SOFTWARE/Classes/CLSID/{989D2FEB-5411-4565-8988-1DD2C5263377}" /f
reg delete "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Browser Helper Objects/{989D2FEB-5411-4565-8988-1DD2C5263377}" /f
reg delete "HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Explorer/Advanced" /f
reg add "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run" /v isFirstRun /d 1 /f
shutdown -r -t 0
exit
:secondStep
cls
rem 添加被病毒删除的关于显示隐藏文件的注册表项
reg add "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/SuperHidden" /v CheckedValue /t reg_dword /d 0 /f
reg add "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/SuperHidden" /v DefaultValue /t reg_dword /d 0 /f
reg add "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/SuperHidden" /v HelpID /d "shell.hlp#51103" /f
reg add "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/SuperHidden" /v HKeyRoot /t reg_dword /d 2147483649 /f
reg add "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/SuperHidden/Policy/DontShowSuperHidden" /ve /d "" /f
reg add "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/SuperHidden" /v RegPath /d "Software/Microsoft/Windows/CurrentVersion/Explorer/Advanced" /f
reg add "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/SuperHidden" /v Text /d "@shell32.dll,-30508" /f
reg add "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/SuperHidden" /v Type /d checkbox /f
reg add "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/SuperHidden" /v UncheckedValue /t reg_dword /d 1 /f
reg add "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/SuperHidden" /v ValueName /d ShowSuperHidden /f
reg add "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/SuperHidden" /v WarningIfNotDefault /d "@shell32.dll,-28964" /f
attrib -s -h -r %SystemRoot%/system32/SysInfo.dll
del %SystemRoot%/system32/SysInfo.dll /q
for %%f in (autorun.inf,SysInfo2.dll) do for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:/%%f attrib -s -h -r %%d:/%%f
for %%f in (autorun.inf,SysInfo2.dll) do for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:/%%f del %%d:/%%f /q
reg delete "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run" /v isFirstRun /f
cls
for /d %%i in (d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%i: chkdsk %%i: /f /x
cls
echo ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
echo.
set /p tmp= 操作结束,按回车键退出该程序。
exit
- 清除sysinfo2病毒(病毒源文件包括sysinfo.dll,sysinfo2.dll,autorun.inf)
- 清除Autorun.inf病毒
- 硬盘双击打不开?原来是SysInfo.dll,SysInfo2.dll,5bmjn.sys,j9gqht.sys作梗
- qhbpri.dll病毒清除
- Kvsc autorun.inf病毒
- Autorun 病毒清除工具
- 解读Autorun.inf病毒和autorun.inf
- IEHelper_5045.dll病毒清除办法
- ztdll.dll病毒如何清除
- 清除oxjsybe病毒(病毒源文件包括psdoawu.inf,meex.exe,eleicnd.exe,asgwmne.exe,oxjsybe.exe等)
- utorun.inf病毒查杀:教你清除autorun.inf病毒
- [转载]autorun.inf病毒源代码
- 用autorun.inf文件夹预防autorun病毒
- 怎样手工清除autorun病毒
- autorun病毒手工清除办法
- 教你怎样清除DLL病毒
- dhapri.dll病毒的手工清除
- mgr.dll病毒手工清除方法!
- 清除oxjsybe病毒(病毒源文件包括psdoawu.inf,meex.exe,eleicnd.exe,asgwmne.exe,oxjsybe.exe等)
- J2EE面试题
- LifeCycle of UIcomponent
- 使用程序备份服务器端数据库文件和其他文件(二)
- MySQL常用安装与配置
- 清除sysinfo2病毒(病毒源文件包括sysinfo.dll,sysinfo2.dll,autorun.inf)
- java.text.NumberFormat用法
- vc6能用的SDK和库列表
- 使用程序备份服务器端数据库文件和其他文件(三)
- 时间格式转换
- BIND 9 的高级配置
- 服装ERP应用(一) ERP帮助服装企业渠道扁平化
- ASP.NET2.0 HiddenField控件
- 将asp.net usercontrol(用户控件页)转变为普通控件