Bat code of the Autorun virus cleanup Tool

Copy codeThe Code is as follows: @ Echo Off
Color 2f
Title Autorun virus cleanup tool-By Phexon
Rem kill Process
Taskkill/F/IM SocksA.exe/IM SVOHOST.exe/IM AdobeR.exe/IM ravmone.exe/IM wincfgs.exe/IM doc.exe/IM rose.exe/IM sxs.exe/IM autorun.exe/IM logs/IM tel.xls.exe> nul 2> nul

: Clearauto
Cls
Echo.
Echo Autorun virus cleanup Tool
Echo.
Echo.
Echo.
Echo: Phexon
Echo.
Echo automatically clears the Autorun virus under each drive letter after the program runs.
Echo this program is based on reading Autorun. inf fields under each drive letter
Echo.
Echo [1] only remove Autorun viruses under all drive letters
Echo [2] deleting Autorun viruses under all drive letters and creating an immune directory with the same name (recommended !)
Echo [3] disabling the Autorun mechanism of the system to avoid the re-infection of the Autorun Virus
Echo [4] cancelling Autorun virus immunity for all drive letters
Echo [5] removing and immune to the Autorun virus of the specified drive letter
Echo [6] cancelling the specified drive letter
Echo [7] restore related registry key Default Value
Echo [0] Quit
Echo.
Set/p clearslt = enter your selection (1/2/3/4/5/6/7/0 ):
If "% clearslt %" = "" Goto clearauto
If "% clearslt %" = "1" Goto clearauto1
If "% clearslt %" = "2" Goto clearauto2
If "% clearslt %" = "3" Goto clearauto3
If "% clearslt %" = "4" Goto clearauto4
If "% clearslt %" = "5" Goto clearauto5
If "% clearslt %" = "6" Goto clearauto6
If "% clearslt %" = "7" Goto clearauto7
If "% clearslt %" = "0" Exit

: Clearauto1
Taskkill/F/IM SocksA.exe/IM SVOHOST.exe/IM AdobeR.exe/IM ravmone.exe/IM wincfgs.exe/IM doc.exe/IM rose.exe/IM sxs.exe/IM autorun.exe/IM logs/IM tel.xls.exe> nul 2> nul
For % a In (c d e f g h I J K L M N O P Q R S T U V W X Y Z) Do (
Fsutil fsinfo drivetype % a: | find/I "fixed drive "&&(
For/f "tokens = 2 delims =" % B In (% a: \ autorun. inf) Do Del/a/f/q "% a: \ % B"> nul 2> nul
Del/a/f/q % a: \ autorun. inf> nul 2> nul
)> Nul 2> nul
Fsutil fsinfo drivetype % a: | find/I "Removable Drive "&&(
For/f "tokens = 2 delims =" % B In (% a: \ autorun. inf) Do Del/a/f/q "% a: \ % B"> nul 2> nul
Del/a/f/q % a: \ autorun. inf> nul 2> nul
)> Nul 2> nul
)
Cls
Echo Autorun virus cleared. If any key is returned ......
Pause> nul
Goto clearauto

: Clearauto2
Taskkill/F/IM SocksA.exe/IM SVOHOST.exe/IM AdobeR.exe/IM ravmone.exe/IM wincfgs.exe/IM doc.exe/IM rose.exe/IM sxs.exe/IM autorun.exe/IM logs/IM tel.xls.exe> nul 2> nul
For % a In (c d e f g h I J K L M N O P Q R S T U V W X Y Z) Do (
Fsutil fsinfo drivetype % a: | find/I "fixed drive "&&(
For/f "tokens = 2 delims =" % B In (% a: \ autorun. inf) Do Del/a/f/q "% a: \ % B" & md "% a: \ % B \ Do not delete the immune directory !... \ "& Attrib + s + h + r" % a: \ % B "& Echo Y | cacls" %: \ % B "/T/C/P everyone: N> nul 2> nul
Del/a/f/q % a: \ autorun. inf & md "% a: \ autorun. inf \ do not delete the immune directory !... \ "& Attrib + s + h + r % a: \ autorun. inf & Echo Y | cacls "% a: \ autorun. inf "/T/C/P everyone: N> nul 2> nul
)> Nul 2> nul
Fsutil fsinfo drivetype % a: | find/I "Removable Drive "&&(
For/f "tokens = 2 delims =" % B In (% a: \ autorun. inf) Do Del/a/f/q "% a: \ % B" & md "% a: \ % B \ Do not delete the immune directory !... \ "& Attrib + s + h + r" % a: \ % B "& Echo Y | cacls" %: \ % B "/T/C/P everyone: N> nul 2> nul
Del/a/f/q % a: \ autorun. inf & md "% a: \ autorun. inf \ do not delete the immune directory !... \ "& Attrib + s + h + r % a: \ autorun. inf & Echo Y | cacls "% a: \ autorun. inf "/T/C/P everyone: N> nul 2> nul
)> Nul 2> nul
)
Cls
Echo Autorun virus cleared and completely immune, any key is returned ......
Pause> nul
Goto clearauto

: Clearauto3
Cls
Echo.
Echo is stopping related services ......
Echo.
Reg add "HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ policies \ Explorer"/v NoDriveTypeAutoRun/t REG_DWORD/d 0x000000ff/f> nul 2> nul
Reg add "HKCU \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ policies \ Explorer"/v NoDriveTypeAutoRun/t REG_DWORD/d 0x000000ff/f> nul 2> nul
Net stop ShellHWDetection> nul 2> nul
SC config ShellHWDetection start = disabled> nul 2> nul
Rem add policies to prevent execution of executable files from the recycle bin or directory of the imitation Recycle Bin
Set REGPATH = HKLM \ SOFTWARE \ Policies \ Microsoft \ Windows \ Safer \ CodeIdentifiers \ 0 \ Paths
Set SFLAG =/v SaferFlags/t REG_DWORD/d 0x00000000/f
Set IDATA =/f/v ItemData/d "? : \ Recyc?
Reg add % REGPATH % \ {00ffa5bf-abe7-4901-aacf-4f58aa31217a} % SFLAG %> nul
Reg add % REGPATH % \ {00ffa5bf-abe7-4901-aacf-4f58aa31217a} % IDATA % \ *. * "> nul

Reg add % REGPATH % \ {41fe7eed-c47a-46f6-840a-240796fd03cf} % SFLAG %> nul
Reg add % REGPATH % \ {41fe7eed-c47a-46f6-840a-240796fd03cf} % IDATA % \ *. * "> nul

Reg add % REGPATH % \ {4e93c91c-a40e-462e-9b89-3b0832d222d9} % SFLAG %> nul
Reg add % REGPATH % \ {4e93c91c-a40e-462e-9b89-3b0832d222d9} % IDATA % \ *. * "> nul

Reg add % REGPATH % \ {5bfc100b-d3fb-440e-88ec-6819ab56a9ff} % SFLAG %> nul
Reg add % REGPATH % \ {5bfc100b-d3fb-440e-88ec-6819ab56a9ff} % IDATA % \ *. * "> nul

Reg add % REGPATH % \ {5c5e2bcd-7057-43f4-830c-e4361d2afadd} % SFLAG %> nul
Reg add % REGPATH % \ {5c5e2bcd-7057-43f4-830c-e4361d2afadd} % IDATA % \ *. * "> nul

Reg add % REGPATH % \ {5f8ff865-0638-4c6e-98de-923e7bc6b330} % SFLAG %> nul
Reg add % REGPATH % \ {5f8ff865-0638-4c6e-98de-923e7bc6b330} % IDATA % \ *. * "> nul

Reg add % REGPATH % \ {649c1429-0e79-417c-abe9-b5682e035ae7} % SFLAG %> nul
Reg add % REGPATH % \ {649c1429-0e79-417c-abe9-b5682e035ae7} % IDATA % \ *. * "> nul

Reg add % REGPATH % \ {718f54b2-c669-4d7b-aeff-18d69f100034} % SFLAG %> nul
Reg add % REGPATH % \ {718f54b2-c669-4d7b-aeff-18d69f100034} % IDATA % \ *. * "> nul

Reg add % REGPATH % \ {8347d9d2-80c9-4ac1-a100-ed3e62863d97} % SFLAG %> nul
Reg add % REGPATH % \ {8347d9d2-80c9-4ac1-a100-ed3e62863d97} % IDATA % \ *. * "> nul

Reg add % REGPATH % {af2a4fcf-441c-421e-9663-52cd3502cfd7} % SFLAG %> nul
Reg add % REGPATH % \ {af2a4fcf-441c-421e-9663-52cd3502cfd7} % IDATA % \ *. * "> nul

Reg add % REGPATH % {b997f4b2-c037-4e97-b051-31f5d86df802} % SFLAG %> nul
Reg add % REGPATH % {b997f4b2-c037-4e97-b051-31f5d86df802} % IDATA % \ *. * "> nul

Reg add % REGPATH % {d4e7b6ff-d76f-407f-b8bb-ea0835f5babc} % SFLAG %> nul
Reg add % REGPATH % \ {d4e7b6ff-d76f-407f-b8bb-ea0835f5babc}/f/v ItemData/d "RECYC *. *"> nul

Rem clears viruses automatically running on mobile disks that prefer to use the recycle bin
For % a In (c, d, e, f, g, h, I, j, k, l, m, n, o, p, q, r, s, t, u, v, w, x, y, z) Do (
For % B In (exe pif com) Do (
Echo Y | cacls "% a: \ Recycler \*. % B "/C/T/P everyone: F> nul 2> nul & Echo Y | cacls" % a: \ Recycled \*. % B "/C/T/P everyone: F> nul 2> nul & Echo Y | cacls" % a: \ Recycled \*. % B "/C/T/P everyone: F> nul 2> nul
Del/A/F/S/Q "% a: \ Recycler \*. % B "> nul 2> nul & Del/A/F/S/Q" % a: \ Recycled \*. % B "> nul 2> nul & Del/A/F/S/Q" % a: \ Recycled \*. % B "> nul 2> nul
)
)> Nul 2> nul
Echo.
The Echo service has been stopped and disabled. Any key is returned ......
Pause> nul
Goto clearauto

: Clearauto4
For % a In (c d e f g h I J K L M N O P Q R S T U V W X Y Z) Do (
Fsutil fsinfo drivetype % a: | find/I "fixed drive "&&(
Cacls "% a: \ autorun. inf "/T/C/P everyone: F & Del/a/f/q" % a: \ autorun. inf "& rd/s/q" % a: \ autorun. inf "> nul 2> nul
)> Nul 2> nul
Fsutil fsinfo drivetype % a: | find/I "Removable Drive "&&(
Cacls "% a: \ autorun. inf "/T/C/P everyone: F & Del/a/f/q" % a: \ autorun. inf "& rd/s/q" % a: \ autorun. inf "> nul 2> nul
)> Nul 2> nul
)
Cls
Echo.
Echo has been immune from all drive letters, and any key returns ......
Pause> nul
Goto clearauto

: Clearauto5
Cls
Echo.
Set/p pf = enter a drive letter, such as "F:" (excluding quotation marks)
Echo is about to immune % pf % disk ...... | Find/I ":" | Set pf = % pf %: & Echo: % pf % disk ......
Taskkill/F/IM SocksA.exe/IM SVOHOST.exe/IM AdobeR.exe/IM ravmone.exe/IM wincfgs.exe/IM doc.exe/IM rose.exe/IM sxs.exe/IM autorun.exe/IM logs/IM tel.xls.exe> nul 2> nul
Fsutil fsinfo drivetype % pf % | find/I "fixed drive "&&(
For/f "tokens = 2 delims =" % a In (% pf % \ autorun. inf) Do Del/a/f/q "% pf % \ % a" & md "% pf % \ % a \ immune directory Do not delete !... \ "& Attrib + s + h + r" % pf % \ % a "& Echo Y | cacls" % pf % \ % a "/T/C/P everyone: n> nul 2> nul
Del/a/f/q % pf % \ autorun. inf & md "% pf % \ autorun. inf \ do not delete the immune directory !... \ "& Attrib + s + h + r % pf % \ autorun. inf & Echo Y | cacls "% pf % \ autorun. inf "/T/C/P everyone: N> nul 2> nul
Goto DoneclearAuto
)> Nul 2> nul
Fsutil fsinfo drivetype % pf % | find/I "Removable Drive "&&(
For/f "tokens = 2 delims =" % a In (% pf % \ autorun. inf) Do Del/a/f/q "% pf % \ % a" & md "% pf % \ % a \ immune directory Do not delete !... \ "& Attrib + s + h + r" % pf % \ % a "& Echo Y | cacls" % pf % \ % a "/T/C/P everyone: n> nul 2> nul
Del/a/f/q % pf % \ autorun. inf & md "% pf % \ autorun. inf \ do not delete the immune directory !... \ "& Attrib + s + h + r % pf % \ autorun. inf & Echo Y | cacls "% pf % \ autorun. inf "/T/C/P everyone: N> nul 2> nul
Goto DoneclearAuto
)> Nul 2> nul
Echo.
Echo the drive letter you entered does not exist or is read-only,
Echo please input again
Goto clearauto5

: DoneclearAuto
Cls
Echo.
The disk % pf % specified by Echo has been successfully cleared and immune to the Autorun virus.
Echo.
Echo [1] continue to immune other disks
Echo [0] Back to Main Menu
Set/p choice = enter your choice (1/0 ):
If % choice % = "" Goto DoneclearAuto
If % choice % = "1" Goto clearauto5
If % choice % = "0" Goto clearauto

: Clearauto6
Cls
Echo.
Set/p pf = enter a drive letter, such as "F:" (excluding quotation marks)
Echo is about to cancel immune % pf % disk ...... | Find/I ":" | Set pf = % pf %: & Echo: the disk is about to be immune % pf % ......
Fsutil fsinfo drivetype % pf % | find/I "fixed drive "&&(
Cacls "% pf % \ autorun. inf "/T/C/P everyone: F & Del/a/f/q" % pf % \ autorun. inf "& rd/s/q" % pf % \ autorun. inf "> nul 2> nul
Goto DoneUnauto
)> Nul 2> nul
Fsutil fsinfo drivetype % pf % | find/I "Removable Drive "&&(
Cacls "% pf % \ autorun. inf "/T/C/P everyone: F & Del/a/f/q" % pf % \ autorun. inf "& rd/s/q" % pf % \ autorun. inf "> nul 2> nul
Goto DoneUnauto
)> Nul 2> nul
Echo.
Echo the drive letter you entered does not exist or is read-only,
Echo please input again
Goto clearauto6

: DoneUnauto
Cls
Echo.
The disk % pf % specified by Echo has successfully lifted Autorun virus immunity.
Echo.
Echo [1] Continue immune from other disks
Echo [0] Back to Main Menu
Set choice =
Set/p choice = enter your choice (1/0 ):
If % choice % = "" Goto DoneUnauto
If % choice % = "1" Goto clearauto6
If % choice % = "0" Goto clearauto

: Clearauto7
Cls
Rem prevents file hiding and file disabling in the resource manager.
Reg add "HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Hidden \ SHOWALL"/v CheckedValue/t REG_DWORD/d 0x00000001/f> nul 2> nul
Reg delete "HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ MountPoints2"/f> nul 2> nul
Reg delete "HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ DisallowRun"/f> nul 2> nul
Reg delete "HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer"/v DisallowRun/f> nul 2> nul
Rem prevents transfer of START Group locations
Reg add "HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Shell Folders"/v Startup/d "% USERPROFILE % \" start "Menu \ Program \ Start"/f> nul 2> nul
Reg add "HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Shell Folders"/v "Common Startup"/d "% ALLUSERSPROFILE % \" start "Menu \ Program \ Start" /f> nul 2> nul
Echo.
After the Echo-related registry is restored, any key will be returned ......
Pause> nul
Goto clearauto