『楼 主』:
安全打开U盘
今天看黑客防线的资料,意外找到这个批处理,贴出来共大家参考。
@mode con cols=50 lines=12
@echo off
color f2
title 安全打开U盘 by 风宁
echo 初始化...
setlocal enabledelayedexpansion
set tishi=发现病毒,点击确定开始清除!
:ks
echo 正在检查中......
if exist "%temp%\ysl_xf_bj.ysl" (
set ysl_xf_bj=1
) else (
echo text>"%temp%\ysl_xf_bj.ysl"
)
for %%i in (Z Y X W V U T S R Q P O N M L K J I H G F E D C) do (
if exist %%i:\nul (
for /f "tokens=3" %%j in ('dir /-c %%i:\') do if not "%%j"=="" set size=%%j
set last=%%i
if not "!size!"=="0" goto lastdrive
)
)
goto :eof
:lastdrive
if exist %SystemRoot%\text del %SystemRoot%\text /f /q>nul 2>nul
if not exist %SystemRoot%\text (
echo text>%SystemRoot%\text
if not exist %SystemRoot%\text (
goto textgoon
) else (
del %SystemRoot%\text /f /q>nul
fsutil fsinfo drivetype %last%:|find "可移动"&&goto textgoon
goto erroryidong
)
)
:erroryidong
cls
echo 正在详细检测您的可移动磁盘...
:dengdaicharu
set last=0
set /a yidongjishu=0
for %%i in (Z Y X W V U T S R Q P O N M L K J I H G F E D C) do (
fsutil fsinfo drivetype %%i:|find "可移动"&&cls&&set last=%%i&&set /a yidongjishu=%yidongjishu%+1
)
if not "%last%"=="0" (
goto textgoon
) else (
cls
echo 正在等待插入可移动磁盘....
if exist %SystemRoot%\text del %SystemRoot%\text /f /q>nul
ping -n 3 127.1>nul
goto dengdaicharu
)
:textgoon
if not exist %last%:\nul (
cls
echo 正在等待可移动磁盘插入读卡设备....
goto dengdaicharu
)
cls
echo 风宁为您检查中......
if exist %last%:\autorun.inf\*.* goto ysl_xf_bj
if exist %last%:\autorun.inf goto you
:ysl_xf_bj
if "%ysl_xf_bj%"=="1" (
cls
echo 正在检查同名文件夹病毒....
if exist "%temp%\ysl_xf_bj.ysl" del "%temp%\ysl_xf_bj.ysl" /f /q>nul 2>nul
attrib -a -s -h %last%:\*.* /s /d>nul 2>nul
for /f "tokens=5" %%i in ('dir %last%:\^|find "<DIR>"') do (
for /f "tokens=5" %%z in ('dir %last%:\^|find /v "<DIR>"') do (
if "%%z"=="%%i.exe" (
del "!last!:\%%z" /f /q>nul 2>nul
if not exist "!last!:\%%z" echo 成功清除%%z病毒!
)
)
)
)
color f2
for /f "tokens=5" %%i in ('dir %last%:\^|find "<DIR>"') do (
for /f "tokens=5" %%z in ('dir %last%:\^|find /v "<DIR>"') do (
if "%%z"=="%%i.exe" (
cls
echo 发现您的移动磁盘有可疑文件...
ping -n 3 127.1>nul
set ysl_xf_bj=1
goto ysl_xf_bj
)
)
)
set refilee=0
if exist "%temp%\refile.ysl" del "%temp%\refile.ysl" /f /q>nul 2>nul
if not exist "%temp%\refile.ysl" (
dir %last%:\ /a:h|find "<DIR>">>"%temp%\refile.ysl" 2>nul
dir %last%:\ /a:s|find "<DIR>">>"%temp%\refile.ysl" 2>nul
for /f "tokens=3" %%i in ('find "<DIR>" "%temp%\refile.ysl" /c') do set refilee=%%i
)
if %refilee% geq 2 (
cls
echo 发现您的移动磁盘有隐藏文件...
ping -n 3 127.1>nul
set ysl_xf_bj=1
goto ysl_xf_bj
)
if exist %SystemRoot%\text del %SystemRoot%\text /f /q>nul 2>nul
cls
echo 没有在%last%盘发现病毒,请放心使用!
if exist "%temp%\ysl_xf_bj.ysl" del "%temp%\ysl_xf_bj.ysl" /f /q>nul 2>nul
explorer %last%:
ping -n 3 127.1>nul
if exist %SystemRoot%\text del %SystemRoot%\text /f /q>nul 2>nul
if not exist %SystemRoot%\text (
echo text>%SystemRoot%\text
cls
if exist %SystemRoot%\text (
for /f "tokens=1,2" %%j in ('chkntfs %last%:') do if %%k==有问题。你可用 (
cls
echo 正在修复%last%盘坏道和扇区....
chkdsk %last%: /f /r /x>nul
cls
echo %last%盘坏道和扇区修复完成!
ping -n 3 127.1>nul
)
) else (
del %SystemRoot%\text /f /q>nul 2>nul
)
)
exit
:you
if exist "%temp%\ysl.vbs" del "%temp%\ysl.vbs" /f /q>nul 2>nul
echo msgbox "%tishi%">"%temp%\ysl.vbs"
if exist "%temp%\ysl.vbs" (
"%temp%\ysl.vbs">nul 2>nul
del "%temp%\ysl.vbs" /q>nul 2>nul
)
cls
echo 正在为您清除%last%盘病毒...
if exist %last%:\autorun.inf attrib -a -s -h %last%:\autorun.inf>nul 2>nul
set a=0
set b=0
for /f "tokens=1" %%z in ('type %last%:\autorun.inf') do (
set a=%%z
if "!a:~0,6!"=="shell=" set b=!a:~6,20!
)
type %last%:\autorun.inf|find "shell\open\Command=">.\temp.ysl
for /f "tokens=3" %%z in ('dir ".\temp.ysl"^|find "文件"') do if "%%z"=="0" (
type %last%:\autorun.inf|find "shell\!b!\Command=">.\temp.ysl
)
for /f %%i in (.\temp.ysl) do set vir=%%i
set truevir=!vir:~19,20!
set fz1=!truevir!
if "!truevir!"=="un.xls.exe" set truevir=fun.xls.exe
for /f "tokens=1" %%z in ('echo !truevir!') do set truevir=%%z
if not "!truevir!"=="" if not "!truevir!"=="~19,20" if exist !last!:\!truevir! (
attrib -a -s -h !last!:\!truevir!>nul 2>nul
del !last!:\!truevir! /f /q>nul 2>nul
del %last%:\autorun.inf /f /q>nul 2>nul
) else (
cls
echo 病毒文件本身不存在,仅有配置文件!
del %last%:\autorun.inf /f /q>nul 2>nul
if not exist !last!:\autorun.inf (
echo 配置文件已被清理!
ping -n 2 127.1>nul
)
)
del .\temp.ysl /f /q>nul 2>nul
if exist %last%:\autorun.inf (
del %last%:\autorun.inf /f /q>nul 2>nul
)
if exist %last%:\autorun.inf goto error
if not "%truevir%"=="" if exist %last%:\%truevir% goto error
if "%truevir%"=="~19,20" goto ks
if "%truevir%"=="" goto ks
set bd_ql_js=0
set bd_sb_js=0
if exist %last%:\nul (
for /f "tokens=3" %%z in ('dir /-c %last%:\') do set freesize=%%z
if not "!freesize!"=="0" (
pushd %last%:\
for /r %%k in (.) do (
cls
echo 正在扫描可移动磁盘分区%last%:
set a=%%k
echo !a:~0,-1!
if not "!a:~0,-1!!truevir!"=="" if not "!a:~0,-1!!truevir!"=="auto.exe" if not "!a:~0,-1!!truevir!"=="!a:~0,-1!" if exist "!a:~0,-1!!truevir!" (
echo 清除病毒"!a:~0,-1!!truevir!"
attrib -a -s -h "!a:~0,-1!!truevir!">nul 2>nul
del "!a:~0,-1!!truevir!" /f /q>nul 2>nul
if not exist "!a:~0,-1!!truevir!" ( set /a bd_ql_js=!bd_ql_js!+1 ) else ( set /a bd_sb_js=!bd_sb_js!+1 )
)
)
)
)
popd
if "%bd_sb_js%"=="0" (
if not "%bd_ql_js%"=="0" (
cls
ech 成功清除全部病毒体%bd_ql_js%个!
) else (
cls
echo 没有发现病毒体!
)
) else (
cls
echo 成功清除%bd_ql_js%个病毒体!有%bd_sb_js%个清除失败!
)
ping -n 3 127.1>nul
goto ks
:error
echo text>%last%:\text.ysl
if not exist %last%:\text.ysl goto erroryy
echo 病毒清除失败!
ping -n 3 127.1>nul
exit
:erroryy
cls
echo 病毒清除失败!原因是所在%last%盘不可写!
echo 请确定您的U盘是否打开了写保护!
pause>nul
exit
|
