How to completely remove the VBS virus in a WIN7 environment

Win7 in the context of the VBS script virus kill tutorial.

What can a VBS virus do?

In the case of displaying hidden files and extensions, the USB disk and my computer have multiple file Autorun.inf and *. VBS (8-digit VBS file) All folders under the root folder become two, one is hidden, and the other is shortcuts. Sometimes the system's display of hidden files will be invalidated, unable to fully display the virus file (but can be seen through the WinRAR file browsing), if not completely killing, then left behind after the anti-virus, that is, my computer can not open, the disk can not open, can only use Task Manager. Some users say "My Computer" is not open, that's why.

How to deal with the VBS virus?

1. First click the Start menu, then click "Run"; without running instructions, press the Start button on the keyboard + E directly;

2, and then enter:

REG ADD hkcrbatfileshellopencommand/ve/d ""%1 "%*"/F

3, afraid of the mistake of direct copy and paste past the same;

4, then create a new text document on the desktop, and then copy and paste the following:

@echo off

Mode con cols=53 lines=30

Echo.

echo u disk virus *. VBS SPECIAL KILL

Echo.

Echo is antivirus, please wait ...

Echo.

Start/min Taskkill/im explorer.exe/f

Start/min Taskkill/im wscript.exe/f

If exist%systemroot%*.vbs del/a/q/f%systemroot%*.vbs & Echo found VBS virus!

If exist%systemroot%system32*.vbs del/a/q/f%systemroot%system32*.vbs

echo Execution Cleanup ...

Echo.

Echo finds the virus files under each letter and deletes them and repairs the folder display

For%%i in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist%%i:* cd/d%%i: && dir/a:d/b >list. TXT & if exist *.inf del/a/q/f *.inf & if exist *.vbs del/a/q/f *.vbs & for/f "tokens=*"%%j in (list.t XT) do Attrib-s-H "%%j" & if exist%%j.lnk del/f/q%%j.lnk

For%%k in (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) do if exist%%k:list.txt del%%k:list.txt

Echo.

echo virus clean up, perform repair work ...

Echo.

echo Remove virus startup key

Start/min reg delete Hklmsoftwaremicrosoftwindows ntcurrentversionwindows/v load/f

echo Fixes IE open mode

Start/min reg ADD hkcrapplicationsiexplore.exeshellopencommand/ve/d "C:Program filesinternet ExplorerIEXPLORE.EXE"% 1 "/F

Start/min reg ADD hkcrclsid{871c5380-42a0-1069-a2ea-08002b30309d}shellopenhomepagecommand/ve/d "" C:Program Filesinternet Exploreriexplore.exe ""/F

Start/min reg ADD Hklmsoftwareclassesclsid{871c5380-42a0-1069-a2ea-08002b30309d}shellopenhomepagecommand/ve/d "" C: Program Filesinternet Exploreriexplore.exe ""/F

echo Fix File Open mode

Start/min reg ADD hkcrbatfileshellopencommand/ve/d ""%1 "%*"/F

Start/min reg ADD hkcrcmdfileshellopencommand/ve/d ""%1 "%*"/F

Start/min reg ADD hkcrhlpfileshellopencommand/ve/d "WinHlp32.exe%1"/F

Start/min reg ADD hkcrinffileshellopencommand/ve/d "NOTEPAD. EXE%1 "/F

Start/min reg ADD hkcrinifileshellopencommand/ve/d "NOTEPAD. EXE%1 "/F

Start/min reg ADD hkcrregfileshellopencommand/ve/d "regedit.exe%1"/F

Start/min reg ADD hkcrtxtfileshellopencommand/ve/d "NOTEPAD. EXE%1 "/F

Start/min reg ADD hklmsoftwareclassescmdfileshellopencommand/ve/d ""%1 "%*"/F

Start/min reg ADD hklmsoftwareclasseshlpfileshellopencommand/ve/d "WinHlp32.exe%1"/F

Start/min reg ADD hklmsoftwareclassesinffileshellopencommand/ve/d "NOTEPAD. EXE%1 "/F

Start/min reg ADD hklmsoftwareclassesinifileshellopencommand/ve/d "NOTEPAD. EXE%1 "/F

Start/min reg ADD hklmsoftwareclassesregfileshellopencommand/ve/d "regedit.exe%1"/F

Start/min reg ADD hklmsoftwareclassestxtfileshellopencommand/ve/d "NOTEPAD. EXE%1 "/F

:: Repair "My Computer" to open the way (no way, the class ID seems to be not uniform, had to bother looking for)

Echo Abolishes system auto Run

Start/min reg ADD hkcusoftwaremicrosoftwindowscurrentversionpoliciesexplorer/v nodrivetypeautorun/t reg_dword/d 0x9D /F

Echo shows hidden file and file name extension

Start/min reg ADD hkcusoftwaremicrosoftwindowscurrentversionexploreradvanced/v hidden/t reg_dword/d 0x1/f

Start/min reg ADD hkcusoftwaremicrosoftwindowscurrentversionexploreradvanced/v superhidden/t reg_dword/d 0x0/f

Start/min reg ADD hkcusoftwaremicrosoftwindowscurrentversionexploreradvanced/v showsuperhidden/t reg_dword/d 0x1/f

Start/min reg ADD hkcusoftwaremicrosoftwindowscurrentversionexploreradvanced/v hidefileext/t reg_dword/d 0x0/f

Start/min reg ADD hklmsoftwaremicrosoftwindowscurrentversionexploreradvancedfolderhiddenshowall/v checkedvalue/t REG_DWORD/D 0x1/f

Start/min reg ADD hklmsoftwaremicrosoftwindowscurrentversionexploreradvancedfolderhiddennohidden/v checkedvalue/t REG_DWORD/D 0x2/f

ECHO fixes My computer's open mode

start/min/wait reg Export Hkcrclsid C:classid.reg

Type C:classid.reg > C:classid.txt

del/q C:classid.reg

for/f "eol=@ tokens=3,4* delims="%%i in (c:classid.txt) do if/i%%k==explorecommand] start/min reg Export HKCRclsid%%i Shellopencommand Backup1.reg & start/min reg add hkcrclsid%%ishellopencommand/ve/d "%systemroot%explorer.exe/idli St,%i,%l "/F & start/min reg export Hkcrclsid%%ishellexplorecommand Backup2.reg & start/min reg ADD hkcrclsid%%i SHELLEXPLORECOMMAND/VE/D "%systemroot%explorer.exe/e,/idlist,%i,%l"/F & start/min reg export Hklmsoftwareclasses Clsid%%ishellopencommand Backup3.reg & start/min reg add hklmsoftwareclassesclsid%%ishellopencommand/ve/d "% Systemroot%explorer.exe/idlist,%i,%l "/F & start/min reg export Hklmsoftwareclassesclsid%%ishellexplorecommand Backup4.reg & start/min reg add hklmsoftwareclassesclsid%%ishellexplorecommand/ve/d "%systemroot%explorer.exe/e, /idlist,%i,%l "/F

del/q C:classid.txt

Echo.

echo Repair complete, restart Explorer.exe

Start Explorer.exe

Echo.

Echo's finished.

Echo.

@pause

5, after the save, the txt file suffix name to. bat, after the operation to wait for the killing completed, and then restart the computer.