Created
May 13, 2019 06:45
-
-
Save Barneybook/2d4874ead22a584f9026aee29ba4b89e to your computer and use it in GitHub Desktop.
刪除並修復隨身碟捷徑病毒v3.3.bat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@echo off | |
echo =========捷徑病毒修復程式說明========= | |
echo; | |
echo 編輯者:Lun 2017.12.06 版本:v3.3 | |
echo; | |
echo 適用狀況:所有檔案皆變為捷徑檔、隨身碟點開變為捷徑。 | |
echo; | |
echo 修復程式僅會刪除病毒檔案,其餘非病毒相關檔案並不影響。 | |
echo; | |
echo 程式請以→右鍵→"系統管理員身分執行" | |
echo; | |
echo ※本程式不負擔任何資料遺失或異常之責任,重要資料應自行養成備份習慣。 | |
echo; | |
echo; | |
echo =========程式將開始執行========= | |
:P0 | |
echo; | |
echo 功能: | |
echo 1.自動移除並修復(預設) | |
echo 2.移除電腦中病毒 | |
echo 3.修復隨身碟 | |
echo 4.關閉程式 | |
echo; | |
echo ※若要修復檔案,請務必確認此程式已放在隨身碟根目錄下。 | |
echo; | |
echo; | |
echo 輸入欲執行編號或直接按 ENTER 執行預設 | |
set /p pp="工作編號:" | |
if "%pp%" == "" set pp=1 | |
if "%pp%" LEQ "4" goto P%pp% | |
echo 輸入錯誤,重新輸入 | |
goto P0 | |
echo; | |
echo =========執行階段:移除電腦中病毒========= | |
echo; | |
:P1 | |
:P2 | |
echo 結束處理程序... | |
taskkill /f /im wscript.exe | |
timeout /t 2 /nobreak | |
taskkill /f /im wscript.exe | |
echo ※此處顯示錯誤為正常的。 | |
echo; | |
:T0 | |
if EXIST "C:\Users\%Username%\AppData\Local\Temp\system.*" goto T1 | |
echo 沒有偵測到 system 病毒 | |
echo; | |
if EXIST "C:\Users\%Username%\AppData\Roaming\windowsservices" goto T2 | |
echo 沒有偵測到 helper 病毒 | |
if "%pp%" == "1" goto P3 | |
echo; | |
echo 程式將自動關閉 | |
timeout -t 10 | |
exit | |
:T1 | |
echo ////清除 system.wsf 病毒... | |
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "system" /f | |
attrib -a -s -r -h -i "C:\Users\%Username%\AppData\Local\Temp\system.*" | |
del /f "C:\Users\%Username%\AppData\Local\Temp\system.*" | |
attrib -a -s -r -h -i "C:\Users\%Username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.*" | |
del /f "C:\Users\%Username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.*" | |
goto T0 | |
:T2 | |
echo ////清除 helper 病毒... | |
rd /s /q "C:\Users\%Username%\AppData\Roaming\windowsservices" | |
attrib -a -s -r -h -i "C:\Users\%Username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\helper.*" | |
del /f "C:\Users\%Username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\helper.*" | |
goto T0 | |
:P3 | |
echo; | |
echo =========執行階段:檔案還原========= | |
echo; | |
echo ※此階段視電腦速度及檔案數量,可能需要較長時間,請勿關閉程式。 | |
echo; | |
cd /d %cd% | |
attrib -a -s -r -h -i %cd%* /s /d | |
attrib +a +s +h /s /d %cd%"System Volume Information" | |
del %cd%"*.lnk" /s | |
:R0 | |
if EXIST "%cd%system.*" goto R1 | |
echo 無偵測到 system 病毒 | |
echo; | |
if EXIST "%cd%_" goto R2 | |
echo 無偵測到 helper 病毒 | |
echo; | |
echo 檔案還原結束 | |
goto ex0 | |
:R1 | |
echo ////感染 system 檔案還原中... | |
del /f /s %cd%"system.*" | |
del %cd%"*.lnk" /s | |
goto R0 | |
:R2 | |
echo ////感染 helper 檔案還原... | |
rd /s /q %cd%"WindowsServices" | |
del %cd%"*.lnk" /s | |
robocopy %cd%_ %cd% /move /e | |
goto R0 | |
:ex0 | |
echo; | |
echo =========程式全部執行完畢========= | |
echo; | |
echo 病毒移除完成。 | |
echo; | |
echo 程式將自動關閉,或於倒數結束前按任意鍵關閉。 | |
echo; | |
timeout -t 60 | |
:P4 | |
exit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment