在進程標簽中,單擊“映像名稱”,將進程排序,找到svchost.exe,看到有壹個svchost.exe的用戶名不是SYSTEM或network service或LOCAL SERVICE,記下它的PID值,將“taskkill /f /pid 3636”這壹行中的3636改為該PID值,保存,運行即可。
代碼如下:
@echo off
title Made By Jayven Edward 2008-12-01
:下面這壹行要根據個人電腦上的svchost.exe的PID值而定。
:病毒svchost.exe的用戶名不是SYSTEM或network service或LOCAL SERVICE
:而是用戶當前登錄名,由此而定。
taskkill /f /pid 3636
taskkill /f /im Global.exe /im system.exe
taskkill /f /im Global.exe /im system.exe
pushd %systemroot%
::進入C:\WINDOWS
del /f /a /q system32\regedit.exe
attrib -s -h -r pchealth\Global.exe
attrib -s -h -r system32\drivers\drivers.cab.exe
attrib -s -h -r Fonts\fonts.exe
attrib -s -h -r Media\rndll32.pif
attrib -s -h -r Fonts\tskmgr.exe
attrib -s -h -r system\KEYBOARD.exe
attrib -s -h -r pchealth\helpctr\binaries\HelpHost.com
pushd %systemroot%\system32\dllcache
del /f /a /q Global.exe
del /f /a /q Default.exe
del /f /a /q svchost.exe
del /f /a /q system.exe
del /f /a /q autorun.inf
attrib -s -h -r /S /D *
attrib -s -h -r Recycler.{645ff040-5081-101B-9f08-00aa002f954e}
del /f /a /q Recycler.{645ff040-5081-101B-9f08-00aa002f954e}\Global.exe
del /f /a /q Recycler.{645ff040-5081-101B-9f08-00aa002f954e}\svchost.exe
del /f /a /q Recycler.{645ff040-5081-101B-9f08-00aa002f954e}\system.exe
del /f /a /q Recycler.{645ff040-5081-101B-9f08-00aa002f954e}\*.*
ren Recycler.{645ff040-5081-101B-9f08-00aa002f954e} recy
rd recy
FOR %%a IN ( C: D: E: F: G: H: I: J: K: L: M: N: O: P: Q: R: S: T: U: V: W: X: Y: Z: ) DO (
cls
if exist %%a (
dir %%a >nul 2>nul
if "%errorlevel%"=="0" (
del /f /a /q %%a\MS-DOS.com
del /f /a /q %%a\autorun.inf
)
)
)
popd
popd
::註意,此句不能往前放
::需要下面的reg.reg
regedit /s reg.reg
regedit /s reg.reg
cls
echo.
echo 下面將修改所有盤根目錄下的文件夾屬性為正常顯示...Y?N
echo.
echo 是,按任意鍵繼續; 否,直接關閉!
pause>nul
cd\
FOR %%a IN ( C: D: E: F: G: H: I: J: K: L: M: N: O: P: Q: R: S: T: U: V: W: X: Y: Z: ) DO (
cls
if exist %%a (
dir %%a >nul 2>nul
if "%errorlevel%"=="0" (
pushd %%a
FOR /F "eol=; tokens=1,2* delims=, " %%i in ('dir /a /b') DO (
attrib -s -h -r "%%i %%j %%k" >nul 2>nul
)
popd
)
)
)
cls
exit