Autorun Virus Cleanup Tool BAT code _dos/bat

Source: Internet
Author: User
Tags goto
Copy Code code as follows:

@Echo off
Color 2f
Title Autorun Virus Removal Tool-by Phexon
Rem Kill Process
taskkill/f/im socksa.exe/im svohost.exe/im adober.exe/im ravmone.exe/im wincfgs.exe/im doc.exe/im rose.exe/im SxS . exe/im autorun.exe/im kb20060111.exe/im Tel.xls.exe>nul 2>nul

: Clearauto
Cls
Echo.
Echo Autorun Virus Cleanup Tool
Echo.
Echo.
Echo.
Echo Production: Phexon
Echo.
Echo automatically clears the Autorun virus below each letter after running the program
Echo the principle of this program is based on reading the Autorun.inf related fields under each letter
Echo.
Echo [1] Deletes only the Autorun virus under all the disk characters
Echo [2] Deletes all Autorun viruses under all the disk characters and establishes an immune directory of the same name (recommended!)
Echo [3] disables the Autorun mechanism of the system to avoid reinfection of the Autorun virus
Echo [4] cancels the Autorun virus immunity of all the disk characters
Echo [5] deletes and Autorun the specified letter of the virus
Echo [6] cancels the immune designation letter
Echo [7] Restores the associated registry key defaults
Echo [0] Exits
Echo.
set/p clearslt= Please enter your choice (1/2/3/4/5/6/7/0):
If "%clearslt%" = "" Goto Clearauto
If "%clearslt%" = = "1" Goto clearauto1
If "%clearslt%" = = "2" Goto Clearauto2
If "%clearslt%" = = "3" Goto Clearauto3
If "%clearslt%" = = "4" Goto clearauto4
If "%clearslt%" = = "5" Goto clearauto5
If "%clearslt%" = = "6" Goto Clearauto6
If "%clearslt%" = = "7" Goto Clearauto7
If "%clearslt%" = "0" Exit

: clearauto1
taskkill/f/im socksa.exe/im svohost.exe/im adober.exe/im ravmone.exe/im wincfgs.exe/im doc.exe/im rose.exe/im SxS . exe/im autorun.exe/im kb20060111.exe/im Tel.xls.exe>nul 2>nul
For%%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
fsutil fsinfo drivetype%%a: |find/i "fixed Drive" && (
for/f "tokens=2 delims=="%%b in (%%a:\autorun.inf) do del/a/f/q "%%a:\%%b" >nul
del/a/f/q%%a:\autorun.inf >nul 2>nul
) >nul 2>nul
fsutil fsinfo drivetype%%a: |find/i "removable drives" && (
for/f "tokens=2 delims=="%%b in (%%a:\autorun.inf) do del/a/f/q "%%a:\%%b" >nul
del/a/f/q%%a:\autorun.inf >nul 2>nul
) >nul 2>nul
)
Cls
Echo Autorun virus clears, any key returns ...
Pause>nul
Goto Clearauto

: Clearauto2
taskkill/f/im socksa.exe/im svohost.exe/im adober.exe/im ravmone.exe/im wincfgs.exe/im doc.exe/im rose.exe/im SxS . exe/im autorun.exe/im kb20060111.exe/im Tel.xls.exe>nul 2>nul
For%%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
fsutil fsinfo drivetype%%a: |find/i "fixed Drive" && (
for/f "tokens=2 delims=="%%b in (%%a:\autorun.inf) do del/a/f/q "%%a:\%%b" & MD "%%a:\%%b\ immunization directory do not delete!... \" & at Trib +s +h +r "%%a:\%%b" & Echo y|cacls "%%a:\%%b"/T/C/P everyone:n >nul-2>nul
DEL/A/f/q%%a:\autorun.inf & MD "%%a:\autorun.inf\ immunization directory do not delete!... \" & attrib +s +h, +r%%a:\autorun.inf & Echo Y|cacls "%%a:\autorun.inf"/T/C/P everyone:n >nul 2>nul
) >nul 2>nul
fsutil fsinfo drivetype%%a: |find/i "removable drives" && (
for/f "tokens=2 delims=="%%b in (%%a:\autorun.inf) do del/a/f/q "%%a:\%%b" & MD "%%a:\%%b\ immunization directory do not delete!... \" & at Trib +s +h +r "%%a:\%%b" & Echo y|cacls "%%a:\%%b"/T/C/P everyone:n >nul-2>nul
DEL/A/f/q%%a:\autorun.inf & MD "%%a:\autorun.inf\ immunization directory do not delete!... \" & attrib +s +h, +r%%a:\autorun.inf & Echo Y|cacls "%%a:\autorun.inf"/T/C/P everyone:n >nul 2>nul
) >nul 2>nul
)
Cls
Echo Autorun virus clear and immune complete, any key return ...
Pause>nul
Goto Clearauto

: Clearauto3
Cls
Echo.
Echo is stopping related services ...
Echo.
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer"/V nodrivetypeautorun/t reg_dword/d 0x000000ff/f >nul 2>nul
REG ADD "Hkcu\software\microsoft\windows\currentversion\policies\explorer"/V nodrivetypeautorun/t reg_dword/d 0x000000ff/f >nul 2>nul
net stop shellhwdetection >nul 2>nul
sc config shellhwdetection start= disabled >nul 2>nul
Rem add policy to prevent executable files from running directly from the Recycle Bin or the directory of The Imitation Recycle Bin
Set regpath=hklm\software\policies\microsoft\windows\safer\codeidentifiers\0\paths
Set sflag=/v saferflags/t reg_dword/d 0x00000000/f
Set idata=/f/v itemdata/d "?: \ Recyc?
REG ADD%regpath%\{00ffa5bf-abe7-4901-aacf-4f58aa31217a}%sflag%>nul
REG ADD%regpath%\{00ffa5bf-abe7-4901-aacf-4f58aa31217a}%idata%\*\*\*\*.* ">nul

REG ADD%REGPATH%\{41FE7EED-C47A-46F6-840A-240796FD03CF}%sflag%>nul
REG ADD%REGPATH%\{41FE7EED-C47A-46F6-840A-240796FD03CF}%idata%\*\*\*.* ">nul

REG ADD%REGPATH%\{4E93C91C-A40E-462E-9B89-3B0832D222D9}%sflag%>nul
REG ADD%regpath%\{4e93c91c-a40e-462e-9b89-3b0832d222d9}%idata%\*.* ">nul

REG ADD%regpath%\{5bfc100b-d3fb-450e-88ec-6819ab56a9ff}%sflag%>nul
REG ADD%regpath%\{5bfc100b-d3fb-450e-88ec-6819ab56a9ff}%idata%\*\*\*\*.* ">nul

REG ADD%regpath%\{5c5e2bcd-7057-43f4-830c-e4361d2afadd}%sflag%>nul
REG ADD%regpath%\{5c5e2bcd-7057-43f4-830c-e4361d2afadd}%idata%\*.* ">nul

REG ADD%regpath%\{5f8ff865-0638-4c6e-98de-923e7bc6b330}%sflag%>nul
REG ADD%regpath%\{5f8ff865-0638-4c6e-98de-923e7bc6b330}%idata%\*\*\*.* ">nul

REG ADD%regpath%\{649c1429-0e79-453c-abe9-b5682e035ae7}%sflag%>nul
REG ADD%regpath%\{649c1429-0e79-453c-abe9-b5682e035ae7}%idata%\*\*.* ">nul

REG ADD%regpath%\{718f54b2-c669-4d7b-aeff-18d69f100034}%sflag%>nul
REG ADD%regpath%\{718f54b2-c669-4d7b-aeff-18d69f100034}%idata%\*\*.* ">nul

REG ADD%regpath%\{8385d9d2-80c9-4ac1-a100-ed3e62863d97}%sflag%>nul
REG ADD%regpath%\{8385d9d2-80c9-4ac1-a100-ed3e62863d97}%idata%\*.* ">nul

REG ADD%regpath%\{af2a4fcf-441c-421e-9663-52cd3502cfd7}%sflag%>nul
REG ADD%regpath%\{af2a4fcf-441c-421e-9663-52cd3502cfd7}%idata%\*\*\*.* ">nul

REG ADD%regpath%\{b997f4b2-c037-4e97-b051-31f5d86df802}%sflag%>nul
REG ADD%regpath%\{b997f4b2-c037-4e97-b051-31f5d86df802}%idata%\*\*.* ">nul

REG ADD%REGPATH%\{D4E7B6FF-D76F-407F-B8BB-EA0835F5BABC}%sflag%>nul
REG ADD%REGPATH%\{D4E7B6FF-D76F-407F-B8BB-EA0835F5BABC}/f/v itemdata/d "Recyc*.*" >nul

Rem cleanup likes to use the Recycle Bin's mobile disk to run the virus automatically
For%%a in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do (
For%%b in (exe PIF com) do (
Echo y|cacls "%%a:\recycler\*.%%b"/c/t/P everyone:f>nul 2>nul&echo y|cacls "%%a:\recycled\*.%%b"/c/t/P Eve Ryone:f>nul 2>nul&echo y|cacls "%%a:\recycled\recycled\*.%%b"/c/t/P Everyone:f>nul 2>nul
del/a/f/s/q "%%a:\recycler\*.%%b" >nul 2>nul&del/a/f/s/q "%%a:\recycled\*.%%b" >nul 2>nul&del/a /F/S/q "%%a:\recycled\recycled\*.%%b" >nul 2>nul
)
) >nul 2>nul
Echo.
Echo related service stopped and disabled, any key returned ...
Pause >nul
Goto Clearauto


: clearauto4
For%%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
fsutil fsinfo drivetype%%a: |find/i "fixed Drive" && (
cacls "%%a:\autorun.inf"/T/C/P everyone:f&del/a/f/q "%%a:\autorun.inf" & rd/s/Q "%%a:\autorun.inf" >nul 2>nul
) >nul 2>nul
fsutil fsinfo drivetype%%a: |find/i "removable drives" && (
cacls "%%a:\autorun.inf"/T/C/P everyone:f&del/a/f/q "%%a:\autorun.inf" & rd/s/Q "%%a:\autorun.inf" >nul 2>nul
) >nul 2>nul
)
Cls
Echo.
Echo has lifted all the letter immunity, any key to return ...
Pause>nul
Goto Clearauto

: Clearauto5
Cls
Echo.
set/p pf= Please enter a letter, such as "F:" (excluding quotes)
Echo will be immune to%pf% disk ... | find/i ":" | | Set Pf=%pf%:&&echo will be immune to%pf% disk ...
taskkill/f/im socksa.exe/im svohost.exe/im adober.exe/im ravmone.exe/im wincfgs.exe/im doc.exe/im rose.exe/im SxS . exe/im autorun.exe/im kb20060111.exe/im Tel.xls.exe>nul 2>nul
fsutil fsinfo drivetype%pf% |find/i "fixed Drive" && (
for/f "tokens=2 delims=="%%a in (%pf%\autorun.inf) do del/a/f/q "%pf%\%%a" & MD "%pf%\%%a\ immunization directory do not delete!... \" & at Trib +s +h +r "%pf%\%%a" & Echo y|cacls "%pf%\%%a"/T/C/P everyone:n >nul-2>nul
DEL/A/f/q%pf%\autorun.inf & MD "%pf%\autorun.inf\ immunization directory do not delete!... \" & attrib +s +h, +r%pf%\autorun.inf & Echo Y|cacls "%pf%\autorun.inf"/T/C/P everyone:n >nul 2>nul
Goto Doneclearauto
) >nul 2>nul
fsutil fsinfo drivetype%pf% |find/i "removable drives" && (
for/f "tokens=2 delims=="%%a in (%pf%\autorun.inf) do del/a/f/q "%pf%\%%a" & MD "%pf%\%%a\ immunization directory do not delete!... \" & at Trib +s +h +r "%pf%\%%a" & Echo y|cacls "%pf%\%%a"/T/C/P everyone:n >nul-2>nul
DEL/A/f/q%pf%\autorun.inf & MD "%pf%\autorun.inf\ immunization directory do not delete!... \" & attrib +s +h, +r%pf%\autorun.inf & Echo Y|cacls "%pf%\autorun.inf"/T/C/P everyone:n >nul 2>nul
Goto Doneclearauto
) >nul 2>nul
Echo.
Echo the letter you entered does not exist or is a read-only device.
Echo, please re-enter
Goto Clearauto5

:D Oneclearauto
Cls
Echo.
The disk%pf% specified by Echo has successfully cleared and immunized the Autorun virus.
Echo.
Echo [1] continue to immunize other disks
Echo [0] returns to the main menu
set/p choice= Please enter your choice (1/0):
If%choice%= "" Goto Doneclearauto
If%choice%= "1" Goto clearauto5
If%choice%= "0" Goto Clearauto

: Clearauto6
Cls
Echo.
set/p pf= Please enter a letter, such as "F:" (excluding quotes)
Echo is about to cancel the immune%pf% disk ... | find/i ":" | | Set Pf=%pf%:&&echo is about to cancel the immune%pf% disk ...
fsutil fsinfo drivetype%pf% |find/i "fixed Drive" && (
cacls "%pf%\autorun.inf"/T/C/P everyone:f&del/a/f/q "%pf%\autorun.inf" & rd/s/Q "%pf%\autorun.inf" >nul 2>nul
Goto Doneunauto
) >nul 2>nul
fsutil fsinfo drivetype%pf% |find/i "removable drives" && (
cacls "%pf%\autorun.inf"/T/C/P everyone:f&del/a/f/q "%pf%\autorun.inf" & rd/s/Q "%pf%\autorun.inf" >nul 2>nul
Goto Doneunauto
) >nul 2>nul
Echo.
Echo the letter you entered does not exist or is a read-only device.
Echo, please re-enter
Goto Clearauto6

:D Oneunauto
Cls
Echo.
The disk%pf% specified by Echo has successfully lifted the Autorun virus immunity
Echo.
Echo [1] continue to release immunity to other disks
Echo [0] returns to the main menu
Set choice=
set/p choice= Please enter your choice (1/0):
If%choice%= "" Goto Doneunauto
If%choice%= "1" Goto Clearauto6
If%choice%= "0" Goto Clearauto

: Clearauto7
Cls
Rem prevents files from being completely hidden in the explorer, preventing files from being blocked, etc.
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL"/V checkedvalue/t REG_DWORD/D 0x00000001/f>nul 2>nul
reg delete "Hkcu\software\microsoft\windows\currentversion\explorer\mountpoints2"/f>nul 2>nul
reg delete "Hkcu\software\microsoft\windows\currentversion\policies\explorer\disallowrun"/f>nul 2>nul
reg delete "Hkcu\software\microsoft\windows\currentversion\policies\explorer"/V Disallowrun/f>nul 2>nul
Rem prevents transfer of startup group location
REG ADD "Hkcu\software\microsoft\windows\currentversion\explorer\shell Folders"/V startup/d "%userprofile%\" start "menu \ Program \ Start "/f>nul 2>nul
REG ADD "Hkcu\software\microsoft\windows\currentversion\explorer\shell Folders"/V "Common Startup"/d "% allusersprofile%\"start" menu \ Program \ Start "/f>nul 2>nul
Echo.
Echo related Registry Recovery complete, any key return ...
Pause>nul
Goto Clearauto

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.