@echo off
title Killer of VirusName
echo Killer of VirusName
set PN=ProcessName1,ProcessName2,ProcessName3,,,
set IP=ImPath1,ImPath2,ImPath3,,,
set FN=FilePath1,FilePath2,FilePath3,,,
set AI=c:\windows\system32\ddtshtk.exe
:ENDPROC
cls
echo Ending Process ...
for /l %%a in (1,1,10) do call :DOENDPOC %%a
goto :EOF
:DOENDPOC
for /f "tokens=%1 delims=," %%i in ("%PN%") do (
start "" /min /realtime ntsd /c q /pn "%%i"
call :IEFO "%%i"
)
goto :EOF
:ENDPID
cls
echo Ending Process ...
set IP=%IP:\=\\%
for /l %%a in (1,1,10) do call :DOENDPID %%a
goto :EOF
:DOENDPID
for /f "tokens=%1 delims=," %%a in ("%IP%") do (
for /f "skip=1" %%i in ('wmic PROCESS where ExecutablePath^="%%a" get ProcessId') do start "" /min /realtime ntsd /c q /pid "%%i"
)
)
goto :EOF
:DELFILE
cls
echo Deleting Files ...
for /l %%a in (1,1,10) do call :DODELF %%a
goto :EOF
:DODELF
for /f "tokens=%1 delims=," %%i in ("%FN%") do start "" /min /realtime cmd /c del /f /q /a "%%i"
for /f "tokens=%1 delims=," %%i in ("%FN%") do if exist "%%i" goto :DODELF
goto :EOF
:ANTIIEFO
cls
echo Restoring IEFO ...
for /f "skip=5 delims=" %%i in ('reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options"') do call :DOANTIIEFO "%%i"
goto :EOF
:DOANTIIEFO
echo %1
for /f "skip=4 tokens=3 delims=制表符" %%i in ('reg query %1 /v debugger 2^>nul') do if /i "%%i"=="%AI%" reg delete %1 /f
goto :EOF
:EXTMOD
goto :EOF
:DELTMP
goto :EOF
使用时修改下面的几个命令:
set PN=ProcessName1,ProcessName2,ProcessName3,,,
set IP=ImPath1,ImPath2,ImPath3,,,
set FN=FilePath1,FilePath2,FilePath3,,,
set AI=c:\windows\system32\ddtshtk.exe