Vbs script to restore the [so8. SC .cn] shortcut

A vbs script code is used to implement the recovery function, which is not long enough. The younger brother was first released in the 360 help center, but many friends asked Q how to use it, now I want to write a description on the csdn blog!

 

 

 

 

 

The most ideal solution:

First, download the file ①: so8killer_ex.zip

Decompress the file to a directory containing shortcuts.

Generally, the path of the storage shortcut cannot run the user folder ②

 

Find the vbs file in the resource manager and run it.

 

 

 

 

 

 

 

Let's talk about my FAQs:

(1) Q: Why is the vbs file not running?

A: the root cause is that the topic program (wscript.exe) is damaged. You can copy related components from other machines or download the installation package.

(2) Q: What should I do if a script running error occurs?

A: The script is not complete because all environments are not taken into account during script design. Currently,

When you modify the read-only office shortcut, an error will be reported. temporary solution: Delete the folder and the Office shortcut in the subfolders. After all the shortcuts are restored, create them manually.

(3) Q: Why does "so8. SC .cn" appear after the shortcut is restored "?

A: At the beginning of the script design, it was designed to restore shortcuts, replace manual work, and did not clear viruses and rogue software. In view of the fact that most users reported that antivirus software did not detect any exceptions, I recommend that you use 360 security guard to disable all suspicious startup items and suspicious services ③

(4) Q: Why can't I fix the shortcut?

A: After the Administrator account is used, the reasons are as follows,

Repeat running --- Select shortcut to view attributes. If "so8. SC .cn" is not found, congratulations, it has been restored successfully.

Virus mutation (Listen awkward, the general idea is like this) --- I accept feedback found that some shortcuts suffix was changed to "http://so8. SC .cn", leading to the failure of the script to identify the damaged shortcuts; --- solution: use NotePad to open the vbs script. Refer to the deep red code in note ① and change it:Oldcmd = "http://so8. SC .cn"Run it again!

 

FAQ (updated in succession) (4...

 

 

 

 

 

Note ①: if the file fails to be downloaded, save the following manually:ItalicsCode named "so8killer_ex.vbs"

 

'Option explicit

Dim oldcmd, newcmd, wsh, folder, ji_1, ji_2
Ji_1 = 0
Ji_2 = 0
Oldcmd = "so8. SC .cn"
Newcmd = ""
Set wsh = wscript. Createobject ("wscript. Shell ")
Folder = wsh. currentdirectory
Msgbox "will correct [" & folder & "] And all shortcuts containing [" & oldcmd & "] in its subfolders", "If you are not sure, please stop the process manually! "
Action (folder)
Listfolder (folder)

Function listfolder (Spath)
Set ofso = Createobject ("scripting. FileSystemObject ")
Set ofolder = ofso. getfolder (Spath)
Set osubfolders = ofolder. subfolders
For each osubfolder in osubfolders
'Wscript. Echo osubfolder. Path
Call action (osubfolder. Path)
Listfolder (osubfolder. Path)
Next
Set ofolder = nothing
Set osubfolders = nothing
Set ofso = nothing
End Function

Sub action (subfolder)
Dim FSO
Set FSO = Createobject ("scripting. FileSystemObject ")
Dim folder
Dim F, FC, F1, ext
Set F = FSO. getfolder (subfolder)
Set fc = f. Files
For each F1 in FC
EXT = lcase (FSO. getextensionname (F1 ))
If ext = "lnk" then
Ji_1 = ji_1 + 1
Call doit (F1)
End if
Next
Set wsh = nothing
End sub

Sub doit (strlnk)
Dim oshlnk, wsh
Set wsh = wscript. Createobject ("wscript. Shell ")
Set oshlnk = wsh. createshortcut (strlnk)
If oshlnk. Arguments = oldcmd then
Oshlnk. Arguments = newcmd
Oshlnk. Save
Ji_2 = ji_2 + 1
End if
Set oshlnk = nothing
End sub

Msgbox "found" & ji_1 & "shortcut" & vbcrlf & "corrected" & ji_2 & "shortcut", 64, "thank you for choosing --- creativejq"

'For friends who are troubled by so8. SC .cn, copy to a folder with a modified shortcut and run it ~
'Creativejq (QQ: 496218484) was edited for the first time on, and again on
The final draft of '30' is named [so8killer_ex.vbs] and tested locally.
'By the way, BS the author of The so8 virus and so8 websites with extremely low traffic ~!!

 

 

 

 

 

Note ②: the user folder is usually in the "C:/Documents and Settings/" (WindowsXP) and "C:/users" (windowsvista, windows7) paths)

 

 

 

 

Note ③: Use 360 security guard to identify suspicious items as prompted. Items marked as secure can be retained. If you are not sure about other items, we recommend that you disable them all!

 

 

 

 

 

Note ④: this blog is a shunt blog and will be maintained occasionally;

If you urgently need advice, please contact Creative.Zhang@Gmail.com or QQ: 496218484 {
Function onclick ()
{
Function onclick ()
{
Function onclick ()
{
Function onclick ()
{
Function onclick ()
{
Function onclick ()
{
Function onclick ()
{
Function onclick ()
{
Function onclick ()
{
VaR tempsrc = 'HTTP: // sighttp.qq.com/wpa.js? Rantime = '+ math. random () + '& sigkey = comment'; var oldscript = document. getelementbyid ('testjs'); var newscript = document. createelement ('script'); newscript. setattribute ('type', 'text/JavaScript '); newscript. setattribute ('id', 'testjs'); newscript. setattribute ('src', tempsrc); If (oldscript = NULL) {document. body. appendchild (newscript);} else {oldscript. parentnode. replaceChild (newscript, oldscript);} return false;
}
}
}
}
}
}
}
}
}
} "Href =" http://sighttp.qq.com/cgi-bin/check? Sigkey = blank "target =" _ blank; ">

 

 

 

The code and FAQ in this article are original creativejq. Do not disagree but do not encourage reprinting. You must keep the original information and links for reprinting!