Batch application: Restore the McAfee renamed suspect virus file name extension _dos/bat

McAfee identifies the suspect virus file, but the virus definition is not available in the library, and the file name extension is named Vir or VXE, which establishes the batch file and uses the restored EXE file

McAfee renaming principle:

Original renamed	Description
not V?? V??	File Extensions that does not start with v are renamed with v as
	The initial letter of the file extension. For example,
	MYFILE. DOC becomes MYFILE. VOC.
V?? VIR Font face= "Jenabn+universltstd-light" >	File extensions that start with v are renamed as . VIR . For
	example, MYFILE. VBs becomes MYFILE. VIR.
VIR , V01 - V99	These files are are recognized as already infected, and are not Renamed again.
VIR	Files with no extensions are given the extension, . VIR .

@echo off

echo on Error Resume Next >%temp%\filesystem.vbs
echo Const wbemflagreturnimmediately = ^&h10 >>%temp%\filesystem.vbs
echo Const wbemflagforwardonly = ^&h20 >>%temp%\filesystem.vbs

echo for each strComputer in Arrcomputers >>%temp%\filesystem.vbs

echo Set objWMIService = GetObject ("winmgmts:\\.\root\cimv2") >>%temp%\filesystem.vbs >>%temp%\ Filesystem.vbs
echo Set colitems = objWMIService.ExecQuery ("SELECT * from Win32_LogicalDisk", "WQL", _ >>%temp%\filesystem.vbs
echo wbemflagreturnimmediately + wbemflagforwardonly) >>%temp%\filesystem.vbs

echo for each objitem in colitems >>%temp%\filesystem.vbs
echo If objitem.drivertype=3 Then wscript.echo objitem.caption ^& "\" End If >>%temp%\filesystem.vbs
Echo Next >>%temp%\filesystem.vbs
Echo Next >>%temp%\filesystem.vbs

for/f%%i in (' cscript//nologo%temp%\filesystem.vbs ') do Call:change%%i

Goto END

: Change
Cd/d%1
for/f "delims=|"%%i in (' dir *.vxe/b/s/a ') does (cacls "%%i"/e/g everyone:f & Ren "%%i" *.exe)

: End
Del%temp%\filesystem.vbs