sxs_kill脚本

最新推荐文章于 2024-06-07 22:39:27 发布

原创最新推荐文章于 2024-06-07 22:39:27 发布 · 567 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#kill #delete #table #脚本 #c

资源共享专栏收录该内容

10 篇文章

订阅专栏

@echo off
setlocal

set start=1
:run

set fn0=svohost.exe
set fn1=sxs.exe
set fn2=autorun.inf

echo 正在终止病毒进程,请稍等...
:taskkill
taskkill /fi "imagename eq %fn0%" /f

rem 再次扫描病毒进程是否存在
for /f "skip=3" %%i in ('tasklist /fo table') do (
if /i "%%i" EQU "%fn0%" goto taskkill
)

echo 正在删除病毒文件,请稍等...
if exist %windir%/system32/%fn0% del /as %windir%/system32/%fn0%
set all=A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,W,X,Y,Z
set state=0
cd/

for %%i in (%all%) do (
echo 进入%%i盘
%%i:&&cd/&&if exist %fn1% (del /as %fn1%&set state=1) else (set state=2)&&if exist %fn2% (del /as %fn2%&set state=3) else (set state=4)
if /i "%state%" EQU "3" (
echo 清除成功.
) else (
echo 未找到病毒文件.
)
set state=0
)
echo 正在修复被病毒破坏注册表信息,请稍等...
reg delete HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run /v %fn0% /f
reg delete HKU/S-1-5-21-796845957-562591055-839522115-1003/Software/Microsoft/Windows/CurrentVersion/Explorer/MountPoints2 /va /f
reg delete HKCU/Software/Microsoft/Windows/CurrentVersion/Explorer/MountPoints2 /va /f
reg delete HKLM/Software/Microsoft/windows/CurrentVersion/explorer/Advanced/Folder/Hidden/SHOWALL /v CheckedValue /f
reg add HKLM/Software/Microsoft/windows/CurrentVersion/explorer/Advanced/Folder/Hidden/SHOWALL /v CheckedValue /t REG_DWORD /d 1 /f

rem echo 正在修复被病毒破坏的服务,请稍等...

echo 重启桌面
taskkill /fi "imagename eq explorer.exe" /f
start %windir%/explorer.exe

if /i "%start%" EQU "1" (
set start=2
goto run
)

endlocal
pause