Sep 2

U盘病毒查杀更新版

BAT&VBS

 经过修改可以精确判断U盘是否存在,上次那个是判断最后一个盘符,如果塞入光盘,也会执行脚本,这次可以精确判断了,但是如果有多个U盘,不知道情况会怎么样,没有试过,照理来说应该是只能查其中一个盘吧,代码如下 

echo off
color 0a
title U盘病毒查杀
setlocal enabledelayedexpansion
MODE con: COLS=35 lines=15
cls

set a=0
for %%i in (Z Y X W V U T S R Q P O N M L K J I H G F E D C) do if exist %%i:\nul (
fsutil fsinfo drivetype %%i: | findstr "可移动驱动器" >nul 2>nul && (
set /a a=a+1
set u!a!=%%i:)
)
if !a! equ 0 (echo 未检测到可移动磁盘! && pause>nul
exit)
if !a! equ 1 (call :detectauto !u%a%!) else goto chasha


:chasha
echo.
echo 正在取消光盘、U盘自动运行
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0xff /f >nul 2>nul
reg add "HKEY_USERS\S-1-5-21-1801674531-842925246-1957994488-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0xdf /f >nul 2>nul
reg add "HKEY_USERS\S-1-5-21-1801674531-842925246-1957994488-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0xff /f >nul 2>nul

 

echo.
echo 正在恢复无法显示隐藏文件
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL /v CheckedValue /f >nul 2>nul
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL /v CheckedValue /t REG_DWORD /D 1 /F >nul 2>nul
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v Hidden /t reg_dword /d 1 /f >nul 2>nul
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t reg_dword /d 0 /f >nul 2>nul
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t reg_dword /d 1 /f >nul 2>nul

%last%:
attrib * -h -s -a -r /d /s >nul 2>nul
if exist AUTORUN.INF (
goto haha
) else (
goto safe
)

:haha
type AUTORUN.INF|find "open" /i > %temp%\temp.txt
for /f "tokens=*" %%i in (%temp%\temp.txt) do (
set "str=%%i"
)
set a=%str:~5,255%
echo.
echo 正在删除可疑文件
del %a% /f /q /a >nul 2>nul
del AUTORUN.INF /f /q /a >nul 2>nul
echo.
echo 正在删除临时文件
del %temp%\temp.txt >nul 2>nul
echo.
echo Powered by Djhui
echo.
echo http://www.djhui.net
echo.
pause >nul 2>nul

:safe
echo.
echo 你的U盘暂时没有危险
echo.
echo Powered by Djhui
echo.
echo http://www.djhui.net
pause >nul

百度搜索  Google搜索  YaHoo搜索
tags:U盘  优盘  病毒  查杀  

to "U盘病毒查杀更新版"

  • 相关文章:

  • 映像劫持病毒  (2007-9-24 17:43:47)

    分析网上的一段BAT代码  (2007-1-26 19:11:54)

    Leave a Reply