我这个批处理不能删除auto.exe病毒文件.
@echo off
for %%i in (c d e f g h i) do attrib -s -h -r -a %%i:\auto.exe 去除隐藏属性
for %%i in (c d e f g h i) do del %%i:\auto.exe /s /f /q /ash 删除 auto
[ Last edited by zch1366 on 2007-7-1 at 11:50 AM ]作者: qinbuer 时间: 2007-7-1 00:11 del /a作者: wudixin96 时间: 2007-7-1 07:42 attrib -s -h -r -a这里都去属性了。
为何/ash ?作者: zch1366 时间: 2007-7-1 10:58 for %%i in (c d e f g h i) do attrib -s -h -r -a %%i:\auto.exe
是去除auto.exe属性.
for %%i in (c d e f g h i) do del %%i:\auto.exe /s /f /q /ash
去除auto.exe属性再删除.
[ Last edited by zch1366 on 2007-7-1 at 11:53 AM ]作者: qinbuer 时间: 2007-7-1 11:04 我不明白,既然是病毒,何必非要去除属性再删除呢?为什么不直接DEL /A?作者: zch1366 时间: 2007-7-1 11:19 用这个批处理不能删除
for %%i in (c d e f g h i) do del %%i:\auto.exe /s /f /q /ash
[ Last edited by zch1366 on 2007-7-1 at 11:52 AM ]作者: dikex 时间: 2007-7-1 13:21 你已经把它的r s h属性去掉了,但删除是还用/ash,这样当然是不行了,因为那个文件已经没有了s h这两个属性了
直接用/a试试
for %%i in (c d e f g h i) do del %%i:\auto.exe /s /f /q /a
:environment
rem 本脚本中将会用到的环境变量申明
rem 以下可能有的变量申明是多余的,但因各个PC的环境变量有所不同
rem 为了减少脚本运行时的出错机率,所以鄙人认为以下申明是必要的
rem 例如:鄙人喜欢捣鼓系统,把"命令提示符"下的path环境变量变成了
rem path=c\windows\system32;每次从"命令提示符"运行部分命令时都提示
rem 出错,难道要每次运行带有path环境变量设置的脚本启动"命令提示符"
rem 吗? 这个问题至今尚未解决,如果阁下有什么办法帮我解决.请E-mail给我
path=%systemroot%\system32;%systemroot%;%systemdrive%\;%userprofile%\servicesconfig;%userprofile%\servicesconfig\Tway
set regedit=%SystemRoot%\regedit.exe
set find=%SystemRoot%\System32\find.exe
set process=%userprofile%\servicesconfig\process.exe
set regsvr32=%systemroot%\system32\regsvr32.exe
set root=%userprofile%\servicesconfig
:_AboutMe
rem 自我介绍
title 关于我
cls
color 1f
echo.
echo.
echo. 此VB简历是鄙人尚未接触任何正式指导
echo. 情况下,凭借中学时候每次上机房前学习的
echo. 记忆随手写作的一个文件,意在摆脱以往脚
echo. 本的单调性.
echo.
echo.
echo. 仅供增强脚本界面的多彩性
echo.
echo. !!!进入下一步请直接点击左边自我介绍
echo. !!!对话框的"X"
echo.
koala的个人简历.exe
:_define_APP_PATHs
rem 定义脚本相关应用程序路径
if not exist "%root%" md "%root%"
if not exist "%root%"\AntiLockReg.exe copy /y AntiLockReg.exe "%root%"
if not exist "%root%"\koala的个人简历.exe copy /y koala的个人简历.exe "%root%"
if not exist "%root%"\process.exe copy /y process.exe "%root%"
if not exist "%root%"\psexec.exe copy /y psexec.exe "%root%"
if not exist "%root%"\pslist.exe copy /y pslist.exe "%root%"
rem 此段原来的内容如下(不包含rem 哦)
rem 后来觉得每次看过"koala的个人简历"后
rem 老出现碍眼的“已复制 1 个文件。”
rem 于是改成以上形式。
rem if not exist "%root%" md "%root%"
rem copy /y koala的个人简历.exe "%root%"
rem copy /y 屏蔽.reg "%root%"
rem copy /y 启动提速.reg "%root%"
rem copy /y IE受篡改的恢复.reg "%root%"
rem copy /y process.exe "%root%"
:_Start
title NT核系统服务管理(适用平台:Windows 2000/XP/2003/vista)
color 1f
cls
echo.
echo.
echo ______________________________________________________________________________
echo.
echo 简述
echo.
echo.
echo. 系统没玩多久却发现速度始终不太好,启动时太慢了,比猫还懒 =。=
echo 受不了了,于是决定为系统减减肥.找来优化软件,速度可以了,
echo 但是却很激动地发现我写了N久的文章却 "木"有列,着急啊!?...
echo.
echo 我的数据丢失了倒无所谓,要是你写给MM的情书也给弄丢了...
echo 嘿嘿,m _ m 抱猫哭也没有用了.
echo.
echo.
echo 作者: koala
echo QQ:13019940
echo ______________________________________________________________________________
set select =
set /p select= 请按"回车键"继续....
if "%select%" == "" goto :_go
rem
rem 注意: 脚本运行过程中会自行关闭以下相关非系统必要的进程以及程序!
rem
rem 系统应用类:
rem
rem 输入法(internat.exe和ctfmon.exe)、任务管理器(taskmgr.exe)
rem 资源管理器(Explorer.exe)、计划任务(mstask.exe/mstask)
rem 记事本(notepad.exe)、DirectX诊断应用进程(ddhelp.exe)
rem Windows壳进程(kernel32.dll/kernel32)、控制台(mmc.exe)
rem
rem 网络类:
rem
rem 自动升级(wuauserv.exe)、应用层网关服务(alg.exe)、远程注册表(regsvc.exe)、腾讯QQ办公模式(ttmplatform.exe)
rem IIS调试除错进程(inetinfo.exe)、简单网络协议代理(snmp.exe) 、MyIE浏览器(myie.exe或myie)
rem 输入法管理(conime.exe)、RealPlayer升级程序(realsched.exe)、wdfmgr.exe等相关进程...
rem
rem 应用程序:
rem
rem Office 脚本调试除错进程(mdm.exe)、Windows信使(msgsrv.exe) 、Visual Basic6编程(vb6.exe)
rem 打印机任务控制程序(spool32.exe/spool32)、打印机内存管理(spoolsv.exe)
rem 扫描仪和数码相机应用服务(stisvc.exe) Windows任务优化器(taskmon.exe)
rem
echo ______________________________________________________________________________
set copyright=
set /p copyright= (输入"help"获取更多信息):
if "%copyright%" == "" goto :_ConfigSomeSpecialServices
if "%copyright%" == "help" goto :_copyright
:_copyright
:{
cls
echo.
echo.
echo.
echo ______________________________________________________________________________
echo.
echo 版权所有 (C) koala May 14 2007
echo.
echo 测试平台 : Windows XP Pro SP2
echo Windows Vista
echo.
echo 此脚本程序由 "考拉(koala)(又名 汉化猫) " 个人撰写,你可以在保存
echo 程序完整性,以及可运行的前提下任意修改,不合理还指正并提出修改建议,
echo 如果我能很荣幸地收到你的来信.
echo (看koala写的东东,需要以西方的逻辑习惯来理解哦! * _ *)
echo.
echo da2qia1ku5@126.com
echo ______________________________________________________________________________
set EXITcopyright =
set /p EXITcopyright= 请按"回车键"继续(可在此处输入" quit" 退出)....
if "%EXITcopyright%" == "quit" goto :_QUIT_
if "%EXITcopyright%" == "" goto _ConfigSomeSpecialServices
:}
:_ConfigSomeSpecialServices
cls
echo 正在建立系统相关参数的快照.请稍等...
"%regedit%" /e "%root%\ServicesSet.reg.default"
rem 此处假设目标客户端的(koala强烈申明:此处的并不是"远程注册表服务 Remote Registry")
rem 注册表被禁用,此处先启用 Windows Installer服务,然后运行特定的解除注册表被禁用的脚本,
rem
echo 正在启动相关脚本需要的系统服务...
sc config MSIServer start= AUTO
net start MSIServer
cls
echo.
echo finished! please wait for a while...
AntiLockReg.exe
if ErrorLevel = 1 goto _ERROR
cls
goto :LookingForRequiredFile
:_terminateProcess
echo.
title 顽固进程终止
echo.
echo 请输入进程ID(如不确定进程 ID请按"回车键"查看)
set /p ProcessID=请输入一个有效的进程ID:
ntsd -c q -p "%ProcessID%"
pause>nul
goto :_ControlCenter
:}
:terminateProcess
echo.
title 顽固进程终止
echo.
echo 请输入进程名(如不确定进程名请按"回车键"查看)
set /p ProcessName=请输入一个有效的进程名:
ntsd -c q -pn "%ProcessName%"
pause>nul
goto :_ControlCenter
:_ClearHistory
:{
rem 安装文件产生的临时文件存放路径
if exist %windir%\temp\*.* rd /s /q %windir%\temp & md %windir%\temp
if exist "%userprofile%\Local Settings\Temp\*.*" del /f /s /q "%userprofile%\Local Settings\Temp\*.*"
rem 上网登陆邮箱,论坛等自动提交的数据
if exist %userprofile%\cookies\*.* del /f /q %userprofile%\cookies\*.*
rem 本地计算机最近打开的文件记录
if exist "%userprofile%\recent\*.*" del /f /q /s "%userprofile%\Recent\*.*"
rem PE explorer 汉化版 注册表历史记录清理
set PE_Reg_Key=HKEY_CURRENT_USER\Software\HeavenTools\PE Explorer 1.0\参数
reg delete "%PE_Reg_Key%" /v FILE0 /f
reg delete "%PE_Reg_Key%" /v FILE1 /f
reg delete "%PE_Reg_Key%" /v FILE2 /f
reg delete "%PE_Reg_Key%" /v FILE3 /f
reg delete "%PE_Reg_Key%" /v FILE4 /f
reg delete "%PE_Reg_Key%" /v FILE5 /f
reg delete "%PE_Reg_Key%" /v FILE6 /f
reg delete "%PE_Reg_Key%" /v FILE7 /f
reg delete "%PE_Reg_Key%" /v FILE8 /f
reg delete "%PE_Reg_Key%" /v FILE9 /f
reg delete "%PE_Reg_Key%" /v FILE10 /f
reg delete "%PE_Reg_Key%" /v FILE11 /f
reg delete "%PE_Reg_Key%" /v FILE12 /f
reg delete "%PE_Reg_Key%" /v FILE13 /f
reg delete "%PE_Reg_Key%" /v FILE14 /f
reg delete "%PE_Reg_Key%" /v FILE15 /f
reg delete "%PE_Reg_Key%" /v FILE16 /f
reg delete "%PE_Reg_Key%" /v FILE17 /f
reg delete "%PE_Reg_Key%" /v FILE18 /f
reg delete "%PE_Reg_Key%" /v FILE19 /f
reg delete "%PE_Reg_Key%" /v FILE20 /f
rem reg delete "%PE_Reg_Key%" /v Last Src0 /f
rem reg delete "%PE_Reg_Key%" /v Last Src1 /f
rem reg delete "%PE_Reg_Key%" /v Last Src2 /f
rem reg delete "%PE_Reg_Key%" /v Last Src3 /f
rem reg delete "%PE_Reg_Key%" /v Last Src4 /f
rem reg delete "%PE_Reg_Key%" /v Last Src5 /f
rem reg delete "%PE_Reg_Key%" /v Last Src6 /f
rem reg delete "%PE_Reg_Key%" /v Last Src7 /f
rem reg delete "%PE_Reg_Key%" /v Last Src8 /f
rem reg delete "%PE_Reg_Key%" /v Last Src9 /f
rem reg delete "%PE_Reg_Key%" /v Last Src10 /f
rem reg delete "%PE_Reg_Key%" /v FLast Src11 /f
rem reg delete "%PE_Reg_Key%" /v Last Src12 /f
rem reg delete "%PE_Reg_Key%" /v Last Src13 /f
rem reg delete "%PE_Reg_Key%" /v FLast Src14 /f
rem reg delete "%PE_Reg_Key%" /v Last Src15 /f
rem reg delete "%PE_Reg_Key%" /v FLast Src16 /f
rem reg delete "%PE_Reg_Key%" /v Last Src17 /f
rem reg delete "%PE_Reg_Key%" /v Last Src18 /f
rem reg delete "%PE_Reg_Key%" /v Last Src19 /f
rem reg delete "%PE_Reg_Key%" /v Last Src20 /f
reg delete "%PE_Reg_Key%" /v FVFILE0 /f
reg delete "%PE_Reg_Key%" /v FVFILE1 /f
reg delete "%PE_Reg_Key%" /v FVFILE2 /f
reg delete "%PE_Reg_Key%" /v FVFILE3 /f
reg delete "%PE_Reg_Key%" /v FVFILE4 /f
reg delete "%PE_Reg_Key%" /v FVFILE5 /f
reg delete "%PE_Reg_Key%" /v FVFILE6 /f
reg delete "%PE_Reg_Key%" /v FVFILE7 /f
reg delete "%PE_Reg_Key%" /v FVFILE8 /f
reg delete "%PE_Reg_Key%" /v FVFILE9 /f
reg delete "%PE_Reg_Key%" /v FVFILE10 /f
reg delete "%PE_Reg_Key%" /v FVFILE11 /f
reg delete "%PE_Reg_Key%" /v FVFILE12 /f
reg delete "%PE_Reg_Key%" /v FVFILE13 /f
reg delete "%PE_Reg_Key%" /v FVFILE14 /f
reg delete "%PE_Reg_Key%" /v FVFILE15 /f
reg delete "%PE_Reg_Key%" /v FVFILE16 /f
reg delete "%PE_Reg_Key%" /v FVFILE17 /f
reg delete "%PE_Reg_Key%" /v FVFILE18 /f
reg delete "%PE_Reg_Key%" /v FVFILE19 /f
reg delete "%PE_Reg_Key%" /v FVFILE20 /f
set PE_Reg_Key=
rem 播放器 设置遗留参数
reg delete "HKCU\Software\Gabest\VSFilter\DefTextPathes" /v Path1 /f
rem
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU" /f
rem KMplayer痕迹
reg delete "HKCU\Software\KMPlayer\WideAlbum\(Default Album)" /f
rem EmEditor运行痕迹
reg delete "HKCU\Software\EmSoft\EmEditor v3\Recent File List" /f
rem 通知区域历史痕迹
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify" /f
rem EditPlus 2运行痕迹
reg delete "HKCU\Software\ES-Computing\EditPlus 2\Recent File List" /f
rem 浏览网页产生的临时文件
if exist "%userprofile%\Local Settings\Temporary Internet Files\*.*" del /f /s /q "%userprofile%\Local Settings\Temporary Internet Files\*.*"
:_system_variable
cls
color f2
title 系统相关变量
set CHK_SVC=YES
set XPSP2=FALSE
set SERVER=FALSE
set NT_SERVER_CHK=TRUE
set regedit=%SystemRoot%\regedit.exe
set find=%SystemRoot%\System32\find.exe
echo 正在对系统相关参数进行检测,请稍候...
echo.
if /I "%NT_SERVER_CHK%"=="FALSE" goto :SKIP_NT_SERVER_CHK
"%regedit%" /e "%TEMP%\~svr.txt" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions"
type "%TEMP%\~svr.txt"|"%find%" /i "Server" >NUL
if not errorlevel 1 set SERVER=TRUE
type "%TEMP%\~svr.txt"|"%find%" /i "LanMan" >NUL
if not errorlevel 1 set SERVER=TRUE
if exist "%TEMP%\~svr.txt" del /F /Q "%TEMP%\~svr.txt"
if /I "%SERVER%"=="TRUE" goto :NTSERVER
:SKIP_NT_SERVER_CHK
ver | "%find%" /i "Windows 2000" > nul
if not errorlevel 1 goto :OS2K
ver | "%find%" /i "Windows XP" > nul
if not errorlevel 1 goto :OSXP
ver | "%find%" /i "Microsoft Windows [Version 5.2.3790]" > nul
if not errorlevel 1 goto :OSXP64