AD

用vbs实现7y7.us木马群的专杀工具 下载

增加屏蔽:
16a.us
**nice8**
更新对新的木马的查杀,修改结束进程模块.
本来这个专杀只是玩VBS时做的一个拙品,但是看到有人还在提醒我木马群更新,专杀杀不干净的时候我就又再次更新了.需要的朋友就继续关注这里的更新吧.送佛送到西....
vbs文件

on error resume next
msgbox "本专杀由[G-AVR]Gryesign提供,请关注BLOG及时更新专杀---**hi.baidu**/greysign",64,"搜索引擎乱码病毒专杀,请重复运行两次以便根除病毒"
'-----------------病毒进程结束模块开始-----------------
Dim strComputer, strPath, strExePath
Dim objWMI, objFSO
Dim colProcesses
Dim objProcess, objFile 

Set objFSO = CreateObject( "Scripting.FileSystemObject" )
strComputer = "."
nCount = 0
strPath = CreateObject("WScript.Shell").ExpandEnvironmentStrings _
         ( "%ProgramFiles%\Internet Explorer\iexplore.exe" )
Set objFile = objFSO.GetFile( strPath )
strPath = objFile.ShortPath
Set objFile = Nothing 

Set objWMI = GetObject( "winmgmts:{impersonationLevel=impersonate}\\" & _
         strComputer & "\root\cimv2" )
Set colProcesses = objWMI.ExecQuery( "SELECT * FROM Win32_Process" & _
         " WHERE Name='iexplore.exe'" ) 

         For Each objProcess In colProcesses
                 Set objFile = objFSO.GetFile( objProcess.ExecutablePath )
                 strExePath = objFile.ShortPath
                 Set objFile = Nothing 

                 If StrComp(strExePath, strPath, 1) Then
                         objProcess.Terminate
                 Else
                 End If
         Next 

set objFSO = CreateObject( "Scripting.FileSystemObject" )
strComputer = "."
nCount = 0
strPath = CreateObject("WScript.Shell").ExpandEnvironmentStrings _
         ( "%windir%\system32\smss.exe" )
Set objFile = objFSO.GetFile( strPath )
strPath = objFile.ShortPath
Set objFile = Nothing 

Set objWMI = GetObject( "winmgmts:{impersonationLevel=impersonate}\\" & _
         strComputer & "\root\cimv2" )
Set colProcesses = objWMI.ExecQuery( "SELECT * FROM Win32_Process" & _
         " WHERE Name='smss.exe'" ) 

         For Each objProcess In colProcesses
                 Set objFile = objFSO.GetFile( objProcess.ExecutablePath )
                 strExePath = objFile.ShortPath
                 Set objFile = Nothing 

                 If StrComp(strExePath, strPath, 1) Then
                         objProcess.Terminate
                 Else
                 End If
         Next 

set objFSO = CreateObject( "Scripting.FileSystemObject" )
strComputer = "."
nCount = 0
strPath = CreateObject("WScript.Shell").ExpandEnvironmentStrings _
         ( "%windir%\system32\services.exe" )
Set objFile = objFSO.GetFile( strPath )
strPath = objFile.ShortPath
Set objFile = Nothing 

Set objWMI = GetObject( "winmgmts:{impersonationLevel=impersonate}\\" & _
         strComputer & "\root\cimv2" )
Set colProcesses = objWMI.ExecQuery( "SELECT * FROM Win32_Process" & _
         " WHERE Name='services.exe'" ) 

         For Each objProcess In colProcesses
                 Set objFile = objFSO.GetFile( objProcess.ExecutablePath )
                 strExePath = objFile.ShortPath
                 Set objFile = Nothing 

                 If StrComp(strExePath, strPath, 1) Then
                         objProcess.Terminate
                 Else
                 End If
         Next 

set objFSO = CreateObject( "Scripting.FileSystemObject" )
strComputer = "."
nCount = 0
strPath = CreateObject("WScript.Shell").ExpandEnvironmentStrings _
         ( "%windir%\system32\svshost.exe" )
Set objFile = objFSO.GetFile( strPath )
strPath = objFile.ShortPath
Set objFile = Nothing 

Set objWMI = GetObject( "winmgmts:{impersonationLevel=impersonate}\\" & _
         strComputer & "\root\cimv2" )
Set colProcesses = objWMI.ExecQuery( "SELECT * FROM Win32_Process" & _
         " WHERE Name='svshost.exe'" ) 

         For Each objProcess In colProcesses
                 Set objFile = objFSO.GetFile( objProcess.ExecutablePath )
                 strExePath = objFile.ShortPath
                 Set objFile = Nothing 

                 If StrComp(strExePath, strPath, 1) Then
                         objProcess.Terminate
                 Else
                 End If
         Next
set objFSO = CreateObject( "Scripting.FileSystemObject" )
strComputer = "."
nCount = 0
strPath = CreateObject("WScript.Shell").ExpandEnvironmentStrings _
         ( "%windir%\system32\csrss.exe" )
Set objFile = objFSO.GetFile( strPath )
strPath = objFile.ShortPath
Set objFile = Nothing 

Set objWMI = GetObject( "winmgmts:{impersonationLevel=impersonate}\\" & _
         strComputer & "\root\cimv2" )
Set colProcesses = objWMI.ExecQuery( "SELECT * FROM Win32_Process" & _
         " WHERE Name='csrss.exe'" ) 

         For Each objProcess In colProcesses
                 Set objFile = objFSO.GetFile( objProcess.ExecutablePath )
                 strExePath = objFile.ShortPath
                 Set objFile = Nothing 

                 If StrComp(strExePath, strPath, 1) Then
                         objProcess.Terminate
                 Else
                 End If
         Next
set objFSO = CreateObject( "Scripting.FileSystemObject" )
strComputer = "."
nCount = 0
strPath = CreateObject("WScript.Shell").ExpandEnvironmentStrings _
         ( "%windir%\system32\ctfmon.exe" )
Set objFile = objFSO.GetFile( strPath )
strPath = objFile.ShortPath
Set objFile = Nothing 

Set objWMI = GetObject( "winmgmts:{impersonationLevel=impersonate}\\" & _
         strComputer & "\root\cimv2" )
Set colProcesses = objWMI.ExecQuery( "SELECT * FROM Win32_Process" & _
         " WHERE Name='ctfmon.exe'" ) 

         For Each objProcess In colProcesses
                 Set objFile = objFSO.GetFile( objProcess.ExecutablePath )
                 strExePath = objFile.ShortPath
                 Set objFile = Nothing 

                 If StrComp(strExePath, strPath, 1) Then
                         objProcess.Terminate
                 Else
                 End If
         Next
set objFSO = CreateObject( "Scripting.FileSystemObject" )
strComputer = "."
nCount = 0
strPath = CreateObject("WScript.Shell").ExpandEnvironmentStrings _
         ( "%windir%\explorer.exe" )
Set objFile = objFSO.GetFile( strPath )
strPath = objFile.ShortPath
Set objFile = Nothing 

Set objWMI = GetObject( "winmgmts:{impersonationLevel=impersonate}\\" & _
         strComputer & "\root\cimv2" )
Set colProcesses = objWMI.ExecQuery( "SELECT * FROM Win32_Process" & _
         " WHERE Name='explorer.exe'" ) 

         For Each objProcess In colProcesses
                 Set objFile = objFSO.GetFile( objProcess.ExecutablePath )
                 strExePath = objFile.ShortPath
                 Set objFile = Nothing 

                         objProcess.Terminate 

         Next
Set colProcesses = Nothing
Set objWMI = Nothing
'======================================================================
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='fyso.exe'")
for each i in p
i.terminate
next
on error resume next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='jtso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='mhso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='qjso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='qqso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='wgso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='wlso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='wmso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='woso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='ztso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='nwizAskTao.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='rxso.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='mmc.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='svchost32.exe'")
for each i in p
i.terminate
next
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='spglsdr.exe'")
for each i in p
i.terminate
next
'-----------------病毒进程结束模块终止----------------- 

'-----------------病毒文件删除模块开始-----------------
set fso=createobject("scripting.filesystemobject")
set del=wscript.createobject("wscript.shell")
d1=del.ExpandEnvironmentStrings("%temp%\fyso.exe")
d2=del.ExpandEnvironmentStrings("%temp%\jtso.exe")
d3=del.ExpandEnvironmentStrings("%temp%\mhso.exe")
d4=del.ExpandEnvironmentStrings("%temp%\qjso.exe")
d5=del.ExpandEnvironmentStrings("%temp%\qqso.exe")
d6=del.ExpandEnvironmentStrings("%temp%\wgso.exe")
d7=del.ExpandEnvironmentStrings("%temp%\wlso.exe")
d8=del.ExpandEnvironmentStrings("%temp%\wmso.exe")
d9=del.ExpandEnvironmentStrings("%temp%\woso.exe")
d10=del.ExpandEnvironmentStrings("%temp%\ztso.exe")
d11=del.ExpandEnvironmentStrings("%temp%\fyso0.dll")
d12=del.ExpandEnvironmentStrings("%temp%\jtso0.dll")
d13=del.ExpandEnvironmentStrings("%temp%\mhso0.dll")
d14=del.ExpandEnvironmentStrings("%temp%\conime.exe")
d15=del.ExpandEnvironmentStrings("%temp%\qjso0.dll")
d16=del.ExpandEnvironmentStrings("%temp%\qqso0.dll")
d17=del.ExpandEnvironmentStrings("%temp%\wgso0.dll")
d18=del.ExpandEnvironmentStrings("%temp%\wlso0.dll")
d19=del.ExpandEnvironmentStrings("%temp%\wmso0.dll")
d20=del.ExpandEnvironmentStrings("%temp%\woso0.dll")
d21=del.ExpandEnvironmentStrings("%temp%\ztso0.dll")
d22=del.ExpandEnvironmentStrings("%programfiles%\Intern~1\PLUGINS\BinNice.bak")
d23=del.ExpandEnvironmentStrings("%programfiles%\Intern~1\PLUGINS\BinNice.dll")
d24=del.ExpandEnvironmentStrings("%temp%\svchost.exe")
d25=del.ExpandEnvironmentStrings("%temp%\IEXPLORE.EXE")
d26=del.ExpandEnvironmentStrings("%windir%\system32\nwiztlbb.exe")
d27=del.ExpandEnvironmentStrings("%windir%\system32\nwizAskTao.exe")
d28=del.ExpandEnvironmentStrings("%windir%\system32\nwiztlbb.dll")
d29=del.ExpandEnvironmentStrings("%windir%\system32\nwizAskTao.dll")
d30=del.ExpandEnvironmentStrings("%temp%\svchost32.exe")
d31=del.ExpandEnvironmentStrings("%temp%\srogm.exe")
d32=del.ExpandEnvironmentStrings("%temp%\csrss.exe")
d33=del.ExpandEnvironmentStrings("%temp%\rxso.exe")
d34=del.ExpandEnvironmentStrings("%temp%\mmc.exe")
d35=del.ExpandEnvironmentStrings("%temp%\rxso0.dll")
d36=del.ExpandEnvironmentStrings("%temp%\spglsdr.exe")
d37=del.ExpandEnvironmentStrings("%temp%\services.exe")
d38=del.ExpandEnvironmentStrings("%temp%\daso.exe")
d39=del.ExpandEnvironmentStrings("%temp%\tlso.exe")
d40=del.ExpandEnvironmentStrings("%temp%\tlso0.dll")
d41=del.ExpandEnvironmentStrings("%temp%\daso0.dll")
d42=del.ExpandEnvironmentStrings("%programfiles%\Intern~1\HiJack.bak")
d43=del.ExpandEnvironmentStrings("%programfiles%\Intern~1\HiJack.dll")
d44=del.ExpandEnvironmentStrings("%temp%\wdso.exe")
d45=del.ExpandEnvironmentStrings("%temp%\wdso0.dll")
d46=del.ExpandEnvironmentStrings("%temp%\smss.exe")
d47=del.ExpandEnvironmentStrings("%temp%\copypfh.exe") 

set v1=fso.getfile(d1)
set v2=fso.getfile(d2)
set v3=fso.getfile(d3)
set v4=fso.getfile(d4)
set v5=fso.getfile(d5)
set v6=fso.getfile(d6)
set v7=fso.getfile(d7)
set v8=fso.getfile(d8)
set v9=fso.getfile(d9)
set v10=fso.getfile(d10)
set v11=fso.getfile(d11)
set v12=fso.getfile(d12)
set v13=fso.getfile(d13)
set v14=fso.getfile(d14)
set v15=fso.getfile(d15)
set v16=fso.getfile(d16)
set v17=fso.getfile(d17)
set v18=fso.getfile(d18)
set v19=fso.getfile(d19)
set v20=fso.getfile(d20)
set v21=fso.getfile(d21)
set v22=fso.getfile(d22)
set v23=fso.getfile(d23)
set v24=fso.getfile(d24)
set v25=fso.getfile(d25)
set v26=fso.getfile(d26)
set v27=fso.getfile(d27)
set v28=fso.getfile(d28)
set v29=fso.getfile(d29)
set v30=fso.getfile(d30)
set v31=fso.getfile(d31)
set v32=fso.getfile(d32)
set v33=fso.getfile(d33)
set v34=fso.getfile(d34)
set v35=fso.getfile(d35)
set v36=fso.getfile(d36)
set v37=fso.getfile(d37)
set v38=fso.getfile(d38)
set v39=fso.getfile(d39)
set v40=fso.getfile(d40)
set v41=fso.getfile(d41)
set v42=fso.getfile(d42)
set v43=fso.getfile(d43)
set v44=fso.getfile(d44)
set v45=fso.getfile(d45)
set v46=fso.getfile(d46)
set v47=fso.getfile(d47) 

v1.attributes=0
v2.attributes=0
v3.attributes=0
v4.attributes=0
v5.attributes=0
v6.attributes=0
v7.attributes=0
v8.attributes=0
v9.attributes=0
v10.attributes=0
v11.attributes=0
v12.attributes=0
v13.attributes=0
v14.attributes=0
v15.attributes=0
v16.attributes=0
v17.attributes=0
v18.attributes=0
v19.attributes=0
v20.attributes=0
v21.attributes=0
v22.attributes=0
v23.attributes=0
v24.attributes=0
v25.attributes=0
v26.attributes=0
v27.attributes=0
v28.attributes=0
v29.attributes=0
v30.attributes=0
v31.attributes=0
v32.attributes=0
v33.attributes=0
v34.attributes=0
v35.attributes=0
v36.attributes=0
v37.attributes=0
v38.attributes=0
v39.attributes=0
v40.attributes=0
v41.attributes=0
v42.attributes=0
v43.attributes=0
v44.attributes=0
v45.attributes=0
v46.attributes=0
v47.attributes=0 

v1.delete
v2.delete
v3.delete
v4.delete
v5.delete
v6.delete
v7.delete
v8.delete
v9.delete
v10.delete
v11.delete
v12.delete
v13.delete
v14.delete
v15.delete
v16.delete
v17.delete
v18.delete
v19.delete
v20.delete
v21.delete
v22.delete
v23.delete
v24.delete
v25.delete
v26.delete
v27.delete
v28.delete
v29.delete
v30.delete
v31.delete
v32.delete
v33.delete
v34.delete
v35.delete
v36.delete
v37.delete
v38.delete
v39.delete
v40.delete
v41.delete
v42.delete
v43.delete
v44.delete
v45.delete
v46.delete
v47.delete 

'-----------------病毒文件删除模块终止-----------------
'-----------------病毒文件免疫模块开始-----------------
CreateFolderCreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\fyso.exe")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\jtso.exe")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\mhso.exe")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\qjso.exe")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\qqso.exe")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\wgso.exe")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\wlso.exe")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\wmso.exe")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\woso.exe")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\ztso.exe")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\fyso0.dll")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\jtso0.dll")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\mhso0.dll")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\qjso0.dll")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\qqso0.dll")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\wgso0.dll")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\wlso0.dll")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\wmso0.dll")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\woso0.dll")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\ztso0.dll")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%programfiles%\Intern~1\PLUGINS\BinNice.bak")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%programfiles%\Intern~1\PLUGINS\BinNice.dll")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\svchost.exe")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\IEXPLORE.EXE")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%windir%\system32\nwiztlbb.exe")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%windir%\system32\nwizAskTao.exe")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%windir%\system32\nwiztlbb.dll")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%windir%\system32\nwizAskTao.dll")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\svchost32.exe")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\srogm.exe")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\csrss.exe")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\conime.exe")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\rxso.exe")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\mmc.exe")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\rxso0.dll")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\spglsdr.exe")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\services.exe")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\copypfh.exe")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\daso.exe")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\tlso.exe")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\tlso0.dll")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\daso0.dll")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%programfiles%\Intern~1\HiJack.dll")
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%programfiles%\Intern~1\HiJack.bak")
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\smss.exe")
'-----------------病毒文件免疫模块终止----------------- 

'-----------------遍历删除各盘符根目录下病毒文件模块开始-----------------
set fso=createobject("scripting.filesystemobject")
set drvs=fso.drives
for each drv in drvs
if drv.drivetype=1 or drv.drivetype=2 or drv.drivetype=3 or drv.drivetype=4 then
set u=fso.getfile(drv.driveletter&":\autorun.inf")
u.attributes=0
u.delete
end if
next
'-----------------遍历删除各盘符根目录下病毒文件模块终止----------------- 

'-----------------注册表操作模块开始-----------------
set reg=wscript.createobject("wscript.shell")
Set objFSO = CreateObject( "Scripting.FileSystemObject" )
reg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit", objFSO.GetSpecialFolder( 1 ) & "\userinit.exe,","REG_SZ"
reg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue",1,"REG_DWORD"
reg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\DefaultValue",2,"REG_DWORD"
reg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\CheckedValue",2,"REG_DWORD"
reg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\DefaultValue",2,"REG_DWORD"
reg.regdelete "HKEY_CLASSES_ROOT\CLSID\{06E6B6B6-BE3C-6E23-6C8E-B833E2CE63B8}"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{06E6B6B6-BE3C-6E23-6C8E-B833E2CE63B8}"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{01F6EB6F-AB5C-1FDD-6E5B-FB6EE3CC6CD6}"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{A6011F8F-A7F8-49AA-9ADA-49127D43138F}"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fysa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jtsa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mhsa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qjsa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qqsa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wgsa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wlsa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wmsa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wosa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztsa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nwizAskTao"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nwiztlbb"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rxsa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dasa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tlsa"
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wdsa" 

'-----------------注册表操作模块终止-----------------
'-----------------系统文件恢复模块开始-----------------
'-----------------系统文件修复模块终止-----------------
'-----------------HOST文件修复模块开始-----------------
set fso=createobject("scripting.filesystemobject")
Set objFSO = CreateObject( "Scripting.FileSystemObject" )
set re=fso.OpenTextFile(objFSO.GetSpecialFolder( 1 ) &"\drivers\etc\hosts",2,0)
re.Write "127.0.0.1            localhost" & vbCrLf
re.Write "127.0.0.1            7y7.us"& vbCrLf
re.Write "127.0.0.1            **beginget**"& vbCrLf
re.Write "127.0.0.1            16a.us"& vbCrLf
re.Write "127.0.0.1            **nice8**"& vbCrLf
re.Close
set re=nothing
'-----------------HOST文件修复模块终止----------------- 

'-----------------Autorun免疫模块开始-----------------
set drvs=fso.drives
for each drv in drvs
if drv.drivetype=1 or drv.drivetype=2 or drv.drivetype=3 or drv.drivetype=4 then
fso.createfolder(drv.driveletter&":\autorun.inf")
fso.createfolder(drv.driveletter&":\autorun.inf\免疫文件夹..\")
set fl=fso.getfolder(drv.driveletter&":\autorun.inf")
fl.attributes=3
end if
next
'-----------------Autorun免疫模块终止----------------- 

msgbox "病毒清除成功,请重启电脑!假如病毒还未根除请到安全模式下运行",64,"搜索引擎乱码病毒专杀" 

7y7.us专杀工具下载地址:
**hzyo**/killvirus.rar

标签: 下载, 用vbs实现7y7.us木马群的专杀工具
分类: 病毒查杀
时间: 2015-04-04

相关文章

  1. woso.exe,wlso.exe,wmso.exe, woso.exe,ztso.exe 等木马盗号病毒专杀工具

    具体问题是这样的.卡巴杀出这些木马程序,但是我发现在"系统配置实用程序"里面的"启动"选项里面,有一些东西((可能最开始是病毒文件)).比如说, C;DOCUME~1\Acer\L ...
  2. 伪AVP恶意木马下载器专杀工具下载

    360紧急派发专杀工具期,360安全中心监测数据显示,一个名为"伪AVP恶意木马"的木马下载器表现十分活跃,已有上万用户的电脑"中招".针对此现象,360安全中心紧急派发专杀工具, ...
  3. 木马下载器前仆后继,AOTU病毒群卷土重来(专杀4月15日升级到1.4版)

    磁碟机病毒在各安全厂商和媒体的一致喊打声中突然销声匿迹,但这仅仅是盗号集团的暂时退却,很快,我们发现又一类利用配置autorun.inf配置自动运行的木马下载者蜂涌而至,同样,这些疯狂的下载者,可一次性下载20-30个盗 ...
  4. tel.xls.vbs xls专杀工具

    1.双击运行tel.xls.vbs即可消灭Trojan.Win32.Patched.v病毒. 2.本专杀使用VBS脚本编写,执行效率高,不过缺乏智能性,我也不愿去添加那些IF判断语句来进行智能判断,这没必要.只要是我分析 ...
  5. DeDeCMS织梦程序的安全设置方法与木马后门专杀工具 不指定

    因织梦(dedecms)安全性太差,导致很多使用该系统的网站被黑客入侵后上传木马病毒,然后黑客利用木马病毒程序对外发送DDOS攻击或被黑客偷偷放置传奇私服等违法内容,给网站带来巨大的危害. 一.DeDe程序安全设置 1. ...
  6. 病毒专杀VBS模板更新

    自从发布了<写了款Worm.Win32.VB.fw病毒专杀>与<病毒rundll.exe专杀发布与源码共享>两篇文章中的病毒专杀后,我的病毒专杀VBS模板也开始考虑完善.这次增加了"HO ...
  7. 用vbs实现的一款Worm.Win32.VB.fw病毒专杀

    在写了<Worm.Win32.VB.fw分析与清除方案>后,也没想到要写什么专杀,不过这些天好多同学都说中了这只病毒,我要是一个一个去解决,非忙死我不可!感染范围挺大的!我之前写了一篇<VBS编程打造自 ...
  8. roirpy.exe,mrnds3oy.dll,qh55i.dll等木马群手工清除解决方案

    roirpy.exe,mrnds3oy.dll,qh55i.dll等木马群手工清除解决方案 用xdelbox删除下面文件(添加下面所有路径或在空白处点右键-从剪贴板导入,在已添加的文件路径上点击右键,选择立刻重启执行删除 ...
  9. 木马分析专家 2007 V8.56 下载地址

    木马分析专家能自动分析.终止可疑进程.窗体类型及木马详细资料(如创建时间,文件大小,分析 Config.sys.Autoexec.bat.Winstart.bat.System.ini.Win.ini.注册表Load键值 ...
  10. 雷客图 站长安全助手 vbs版代码(asp 木马查找)

    雷客图ASP站长安全助手vbs版 使用说明 均在命令行下使用 AntiIframe.vbs #该脚本是批量挂马程序的逆向,用于批量清除被添加到文件中的恶意代码.记事本打开文件可以修改Pattern参数指定要处理的文件名, ...
  11. vbs 注册表实现木马自启动

    自己捣鼓了半天,终于写出了个脚本,实现flux在注册表中的启动,当然是更隐蔽的方法,别人知道了这个地方也就没戏了. 呵呵-不过别人一般没这个闲工夫检查那么多位置的!就连我也做不到-- dim wsh set wsh=Cr ...
  12. fjOs0r.dll.OnlO0r.dll 木马群的清除方法

    应该是有专门的生成器,遇到很多起了 不写分析了.. 解决方法: 1.下载sreng2.zip和IceSword120_cn.zip(以下简称冰刃) 下载后直接放桌面. 2.断开网络,关闭不需要的连接. 3.打开冰刃,设置 ...
  13. IO.pif变种分析清除(兼答avzx*,kvdx*,等随机7位字母的dll木马群的方法

    File: IO.pif Size: 19456 bytes MD5: 90C509FA6A6C2FA798DBE1CFD7F0E4F1 SHA1: DBF721F48369CFBB2B88D0F5D707924A7FE ...
  14. Script.VBS.Agent.ai juan.vbs专杀

    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden 值:Type: REG_DWORD, Length: 4, ...
  15. VBS加密免杀器 下载

    VBS加密免杀器,做vbs的朋友,因各种原因,需要躲避杀毒软件要用到的小工具 本地下载
  16. 集群运维自动化工具ansible之使用playbook安装zabbix客户端

    Zabbix客户端的安装配置:Zabbix是一个基于WEB界面的提供分布式系统监视以及网络监视功能的企业级的开源解决方案.zabbix能监视各种网络参数,保证服务器系统的安全运营;本文讲述的是使用playbook安装za ...
  17. 集群运维自动化工具ansible使用playbook安装mysql

    本文主要介绍了如何使用playbook安装mysql,需要的朋友可以参考下 上次介绍了如何使用ansible playbook安装zabbix客户端(http://www.jb51.net/article/52158.h ...
  18. 集群运维自动化工具ansible的安装与使用(包括模块与playbook使用)第1/2页

    Ansible是一款很好的基于ssh方案的,替代品,他能够大大简化Unix管理员的自动化配置管理与流程控制方式.它利用推送方式对客户系统加以配置,这样所有工作都可在主服务器端完成. 我使用过puppet与salt,但这2 ...
  19. 蠕虫"艾妮"情况分析和解决方案

    国家计算机病毒应急处理中心通过对互联网的监测发现"艾妮"复合型病毒.该病毒通过微软Windows系统ANI(动态光标)文件处理的漏洞.感染正常的可执行文件和本地网页文件.发送电子邮件.和感染优盘及及移 ...