本文主要是介绍清除sysinfo2病毒(病毒源文件包括sysinfo.dll,sysinfo2.dll,autorun.inf),希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
把下面的红色代码复制下来,另存为.bat为后缀的文件也就是批处理文件,然后双击运行保存的批处理就可以了,不过这个病毒有点特殊,要把保存的批处理放在桌面上运行。
@echo off
title 忆林子
color 0a
echo ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
echo.
echo 该病毒资料
echo.
echo 该病毒建立的包括的源文件如下:
echo.
echo 病毒文件全路径 大小(字节)
echo C:/Program Files/system32/SysInfo.dll 197,632
echo 其它所有分区:/autorun.inf 169
echo 其它所有分区:/SysInfo.dll 197,632
echo.
echo autorun.inf文件里的内容
echo.
echo [AutoRun]
echo open=RunDll32.exe ./SysInfo2.Dll,MyFun
echo shell/1=打开(^&O)
echo shell/1/Command=RunDll32.exe ^.^/SysInfo2.Dll,MyFun
echo shellexecute=RunDll32.exe ^.^/SysInfo2.Dll,MyFun
echo.
echo 注意:因为该病毒与系统进程绑定在一起,所以在杀毒时你的计算机将会被强制重启
echo 重启之后,请再运行一次本程序,该病毒方可清除完毕。
echo 请把该程序放在桌面上执行,并且在重启之后马上再次运行该程序。
echo.
echo ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
echo.
set /p tmp=以上是该病毒的信息,如果要清除该病毒,请回车键开始杀毒...
if not exist %systemroot%/system32/sysinfo.dll echo 你的计算机中不存在该病毒,请按任意键退出该程序。 & pause & exit
reg query "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run" /v isFirstRun>>tmp.忆林子
for /f "tokens=1,2,3 skip=4 delims= " %%j in ('more tmp.忆林子') do set isFirstRun=%%l
del tmp.忆林子
if /i "%isFirstRun%"=="1" goto :secondStep
taskkill /fi "modules eq SysInfo.dll" /f
rem 删除被病毒新建的注册表项
reg delete "HKLM/SOFTWARE/Classes/CLSID/{989D2FEB-5411-4565-8988-1DD2C5263377}" /f
reg delete "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Browser Helper Objects/{989D2FEB-5411-4565-8988-1DD2C5263377}" /f
reg delete "HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Explorer/Advanced" /f
reg delete "HKLM/SOFTWARE/Classes/CLSID/{989D2FEB-5411-4565-8988-1DD2C5263377}" /f
reg delete "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Browser Helper Objects/{989D2FEB-5411-4565-8988-1DD2C5263377}" /f
reg delete "HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Explorer/Advanced" /f
reg add "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run" /v isFirstRun /d 1 /f
shutdown -r -t 0
exit
:secondStep
cls
rem 添加被病毒删除的关于显示隐藏文件的注册表项
reg add "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/SuperHidden" /v CheckedValue /t reg_dword /d 0 /f
reg add "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/SuperHidden" /v DefaultValue /t reg_dword /d 0 /f
reg add "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/SuperHidden" /v HelpID /d "shell.hlp#51103" /f
reg add "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/SuperHidden" /v HKeyRoot /t reg_dword /d 2147483649 /f
reg add "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/SuperHidden/Policy/DontShowSuperHidden" /ve /d "" /f
reg add "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/SuperHidden" /v RegPath /d "Software/Microsoft/Windows/CurrentVersion/Explorer/Advanced" /f
reg add "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/SuperHidden" /v Text /d "@shell32.dll,-30508" /f
reg add "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/SuperHidden" /v Type /d checkbox /f
reg add "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/SuperHidden" /v UncheckedValue /t reg_dword /d 1 /f
reg add "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/SuperHidden" /v ValueName /d ShowSuperHidden /f
reg add "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/SuperHidden" /v WarningIfNotDefault /d "@shell32.dll,-28964" /f
attrib -s -h -r %SystemRoot%/system32/SysInfo.dll
del %SystemRoot%/system32/SysInfo.dll /q
for %%f in (autorun.inf,SysInfo2.dll) do for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:/%%f attrib -s -h -r %%d:/%%f
for %%f in (autorun.inf,SysInfo2.dll) do for /D %%d in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%d:/%%f del %%d:/%%f /q
reg delete "HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run" /v isFirstRun /f
cls
for /d %%i in (d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist %%i: chkdsk %%i: /f /x
cls
echo ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
echo.
set /p tmp= 操作结束,按回车键退出该程序。
exit
这篇关于清除sysinfo2病毒(病毒源文件包括sysinfo.dll,sysinfo2.dll,autorun.inf)的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
