原來(lái)的代碼對(duì)“暴風(fēng)一號(hào)”U盤(pán)病毒查殺不完全����,且存在兼容問(wèn)題����。該版本查殺工具修正了以下三個(gè)問(wèn)題:
1��、增加系統(tǒng)分區(qū)的分區(qū)格式判斷�����,比如是NTFS分區(qū)還是FAT32分區(qū)���;
2、增加streams.exe的EULA許可注冊(cè)表文件導(dǎo)入�����,解決腳本不能正常運(yùn)行的問(wèn)題����;
3、修改了顯示所有文件夾函數(shù)的實(shí)現(xiàn)���,改為vbs實(shí)現(xiàn)���;
【注】請(qǐng)參考原文:http://hi.baidu.com/msrighthomepage/blog/item/ec0a053c01ee84e23c6d971c.html
本工具需要用到:boyfine專(zhuān)殺,還有streams.exe�����。下載地址:
快捷方式vbs病毒(“暴風(fēng)一號(hào)”)專(zhuān)殺下載地址:http://www.onlinedown.net/soft/94530.htm
streams.exe下載地址:http://download./Files/Streams.zip
注意事項(xiàng):把streams.exe放在這個(gè)腳本的目錄下,先運(yùn)行病毒專(zhuān)殺����,然后再執(zhí)行殺毒工具��。
注意:把以下代碼復(fù)制到“記事本”后����,在“另存為”操作時(shí),名稱(chēng)為“del.vbs”����,“保存類(lèi)型”為“所有文件”,“編碼”為“ANSI”��。
不然會(huì)提示錯(cuò)誤信息����,型如
行 :1
字符:1
錯(cuò)誤:無(wú)效字符
代碼:800A0408
源 : microsoft vbscript 編譯器錯(cuò)誤
Function GetSystemDrive()
On Error Resume Next
Set Fso=CreateObject("Scripting.FileSystemObject")
GetSystemDrive=Left(Fso.GetSpecialFolder(0),2)
End Function
Function GetFileSystemType(Drive)
On Error Resume Next
Set Fso=CreateObject("Scripting.FileSystemObject")
Set d=FSO.GetDrive(Drive)
GetFileSystemType=d.FileSystem
End Function
Sub ShowF(fpath)
On Error Resume Next
Set Fso=CreateObject("Scripting.FileSystemObject")
Set Folder=Fso.GetFolder(fpath)
Set SubFolders=Folder.Subfolders
For Each SubFolder In SubFolders
SubFolder.Attributes=0
Next
End Sub
Sub WriteReg(strkey, Value, vtype)
On Error Resume Next
Set WsShell=CreateObject("WScript.Shell")
If vtype="" Then
WsShell.RegWrite strkey, Value
Else
WsShell.RegWrite strkey, Value, vtype
End If
Set WsShell=Nothing
End Sub
Sub CreateFile(code, pathf)
On Error Resume Next
Set Fso=CreateObject("Scripting.FileSystemObject")
If Fso.FileExists(pathf) Then
Set FileText=Fso.OpenTextFile(pathf, 2, False)
FileText.Write code
FileText.Close
Else
Set FileText=Fso.OpenTextFile(pathf, 2, True)
FileText.Write code
FileText.Close
End If
End Sub
Sub DelReg(strkey)
On Error Resume Next
Set WsShell=CreateObject("WScript.Shell")
Set Fso=CreateObject("Scripting.FileSystemObject")
strkey="Windows Registry Editor Version 5.00"&vbCrlf&vbCrlf&strkey
CreateFile strkey, "d:\temp.reg"
WsShell.run "%systemroot%\regedit.exe /s d:\temp.reg",0,true
Fso.DeleteFile "d:\temp.reg", True
End Sub
Function GetSerialNumber(Drv)
On Error Resume Next
Set Fso=CreateObject("Scripting.FileSystemObject")
Set d=Fso.GetDrive(Drv)
GetSerialNumber=d.SerialNumber
GetSerialNumber=Replace(GetSerialNumber,"-","")
End Function
On Error Resume Next
If GetFileSystemType(GetSystemDrive())="NTFS" Then
Value=1
Call WriteReg("HKEY_USERS\S-1-5-21-1177238915-1450960922-1801674531-1003\Software\Sysinternals\Streams\EulaAccepted", Value, "REG_DWORD")
End If
ans=msgbox("歡迎使用“暴風(fēng)一號(hào)”查殺工具~如果想繼續(xù)修復(fù)系統(tǒng)請(qǐng)選擇“是”~",VbYesNo+vbInformation,"MsRightHomepage 的“暴風(fēng)一號(hào)”查殺工具 ~")
If ans=vbNo Then
msgbox "腳本將退出并且不做任何處理!",VbYesOnly+vbInformation,"MsRightHomepage 的“暴風(fēng)一號(hào)”查殺工具 ~"
wscript.quit
end if
Value="%SystemRoot%\system32\notepad.exe %1"
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\", Value, "REG_EXPAND_SZ")
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inifile\shell\open\command\", Value, "REG_EXPAND_SZ")
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\open\command\", Value, "REG_EXPAND_SZ")
Value=Chr(34)&"%1"&Chr(34)&" %*"
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\open\command\", Value, "REG_EXPAND_SZ")
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shell\open\command\", Value, "REG_EXPAND_SZ")
Value="%SystemRoot%\winhlp32.exe %1"
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command\", Value, "REG_EXPAND_SZ")
Value="regedit.exe "&Chr(34)&"%1"&Chr(34)
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command\", Value, "REG_EXPAND_SZ")
Value="%SystemRoot%\system32\hh.exe %1"
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\chm.file\shell\open\command\", Value, "REG_EXPAND_SZ")
Set WsShell=CreateObject("WScript.Shell")
WsShell.run "%SystemRoot%\system32\regsvr32.exe /s "&"%SystemRoot%\system32\hhctrl.ocx",0,true
Value="%ProgramFiles%\Internet Explorer\iexplore.exe"
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\shell\open\command\", Value, "REG_EXPAND_SZ")
Value=chr(34)&"%ProgramFiles%\Internet Explorer\IEXPLORE.EXE"&chr(34)
Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command\", Value, "REG_EXPAND_SZ")
Value=""
Call WriteReg("HKEY_CURRENT_USER\SoftWare\Microsoft\Windows NT\CurrentVersion\Windows\Load", Value, "")
Value="%SystemRoot%\explorer.exe"
Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\open\command\", Value, "REG_EXPAND_SZ")
Value="HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun"
Call WriteReg(Value, 255, "REG_DWORD")
Value=2
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\CheckedValue", Value, "REG_DWORD")
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\DefaultValue", Value, "REG_DWORD")
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\DefaultValue", Value, "REG_DWORD")
Value=1
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue", Value, "REG_DWORD")
Value="[-HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\explore]"
Call DelReg(Value)
Value="[-HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find]"
Call DelReg(Value)
Value="我的電腦"
Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\",Value,"REG_SZ")
Value="@%SystemRoot%\system32\SHELL32.dll,-22913"
Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InfoTip",Value,"REG_EXPAND_SZ")
Value="@%SystemRoot%\system32\SHELL32.dll,-31751"
Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\IntroText",Value,"REG_EXPAND_SZ")
Value="@%SystemRoot%\system32\SHELL32.dll,-9216"
Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\LocalizedString",Value,"REG_EXPAND_SZ")
Value="%SystemRoot%\Explorer.exe,0"
Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon\",Value,"REG_EXPAND_SZ")
Value="%SystemRoot%\system32\SHELL32.dll"
Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32\",Value,"REG_EXPAND_SZ")
Value="Apartment"
Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32\ThreadingModel",Value,"REG_SZ")
Value="none"
Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\",Value,"REG_SZ")
Value="@%windir%\system32\mycomput.dll,-400"
Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage\",Value,"REG_EXPAND_SZ")
Value=&h4000003c
Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage\SuppressionPolicy",Value,"REG_DWORD")
Value="%windir%\system32\mmc.exe /s %windir%\system32\compmgmt.msc"
Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage\command\",Value,"REG_EXPAND_SZ")
Value=""
Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\",Value,"REG_SZ")
Call WriteReg("HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser",Value,"REG_SZ")
Value=1
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR",Value,"REG_DWORD")
Call WriteReg("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableConfig",Value,"REG_DWORD")
Set Fso=CreateObject("Scripting.FileSystemObject")
For Each Drive In Fso.Drives
If Drive.IsReady and (Drive.DriveType=1 Or Drive.DriveType=2 Or Drive.DriveType=3) Then
ShowF(Drive.DriveLetter&":\")
DiskVirusName=GetSerialNumber(Drive.DriveLetter)&".vbs"
Fso.DeleteFile Drive.DriveLetter&":\"&DiskVirusName, True
Fso.DeleteFile Drive.DriveLetter&":\"&"autorun.inf", True
Fso.DeleteFile Drive.DriveLetter&":\"&"*.lnk", True
msgbox Drive.DriveLetter&"盤(pán)修復(fù)完畢���!",vbInformation+vbYesOnly,"MsRightHomepage 的“暴風(fēng)一號(hào)”查殺工具 ~"
End If
Next
If GetFileSystemType(GetSystemDrive())="NTFS" Then
Set Fso=CreateObject("Scripting.FileSystemObject")
Set WsShell=CreateObject("WScript.Shell")
workingdir=WScript.ScriptFullName
workingdir=StrReverse(fso.getfile(workingdir).shortpath)
count=InStr(workingdir,"\")
workingdir=StrReverse(Right(workingdir,Len(workingdir)-count))
If Fso.FileExists(workingdir&"\streams.exe")=False Then
msgbox "未發(fā)現(xiàn)streams.exe文件����,流病毒將不能被刪除!"&vbCrlf&vbCrlf&"請(qǐng)下載streams.exe: http://download./Files/Streams.zip"&vbCrlf&vbCrlf&"并且把streams.exe解壓出來(lái)放在該腳本目錄下~",vbCritical+vbYesOnly,"MsRightHomepage 的“暴風(fēng)一號(hào)”查殺工具 ~"
Else
windir0=Fso.getspecialfolder(0)
cmdline=workingdir&"\streams.exe -d "&windir0&"\*"
WsShell.Run cmdline,vbHide,True
windir1=Fso.getspecialfolder(1)
cmdline=workingdir&"\streams.exe -d "&windir1&"\*"
WsShell.Run cmdline,vbHide,True
End If
Else
Set Fso=CreateObject("Scripting.FileSystemObject")
MainVirusName=GetSerialNumber(GetSystemDrive())&".vbs"
GetMainVirus=Fso.GetSpecialFolder(0)&"\"&MainVirusName
Fso.DeleteFile GetMainVirus
GetMainVirus=Fso.GetSpecialFolder(1)&"\"&MainVirusName
Fso.DeleteFile GetMainVirus
End If
Fso.DeleteFile Fso.GetSpecialFolder(0)&"\system\svchost.exe"
'msgbox "U盤(pán)病毒完畢��!歡迎訪(fǎng)問(wèn)我的百度空間:"&vbCrlf&vbCrlf&http://hi.baidu.com/MsRightHomepage,vbInformation+vbYesOnly,"MsRightHomepage 的“暴風(fēng)一號(hào)”專(zhuān)殺工具 ~"
你也可以去www.的殺毒版塊找答案����。
