中国DOS联盟

-- 联合DOS 推动DOS 发展DOS --

联盟域名：www.cn-dos.net 论坛域名：www.cn-dos.net/forum
DOS，代表着自由开放与发展，我们努力起来，学习FreeDOS和Linux的自由开放与GNU精神，共同创造和发展美好的自由与GNU GPL世界吧！

游客: 注册 | 登录 | 命令行 | 会员 | 搜索 | 上传 | 帮助 »

中国DOS联盟论坛 » DOS批处理 & 脚本技术（批处理室） » 怎么样可以让DOS运行所有的EXE文件后再自动关掉

zhouxiaohuanv
初级用户

积分 87
发帖 29
注册 2007-3-31
状态离线

『楼主』: 怎么样可以让DOS运行所有的EXE文件后再自动关掉

我的电脑中了毒~~~~~~怎么样可以让DOS运行所有的EXE文件后再自动关掉
D：所有的EXE文件
E：所有的EXE文件
高手们请教给我点希望啊~~~~~~~~~~~~~~~~~~~~~我的文件啊 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2007-4-11 08:11

zqz0012005
中级用户

积分 297
发帖 135
注册 2006-10-21
状态离线

『第 2 楼』:

::run.bat
D:
for /f "delims=" %%a in ('dir /a/s/b *.exe') do (cd /d %%a\..
for /f "delims=" %%i in ('dir *.exe /b') do (start %%i &ping -n 1 127.1>nul &taskkill /f /im %%i)
)
E:
for /f "delims=" %%a in ('dir /a/s/b *.exe') do (cd /d %%a\..
for /f "delims=" %%i in ('dir *.exe /b') do (start %%i &ping -n 1 127.1>nul &taskkill /f /im %%i)
)

2007-4-11 09:07

(411976538)

lxmxn
版主

积分 11386
发帖 4938
注册 2006-7-23
状态离线

『第 3 楼』:

ps..中的什么病毒需要运行全部的exe文件？

2007-4-11 11:02

zhouxiaohuanv
初级用户

积分 87
发帖 29
注册 2007-3-31
状态离线

『第 4 楼』: lxmxn你好！！！！！！！！！

我中的是Logo1_.exe
现在所以的EXE文件变成模糊的颜色~~~
谢谢~~~~~~~~~~~~~~~~~~~~~

2007-4-11 11:44

zhouxiaohuanv
初级用户

积分 87
发帖 29
注册 2007-3-31
状态离线

『第 5 楼』:

听说是威金但是怎么杀都杀不到~~~~~~~~
现在的毒真的太厉害了~搞的我所以EXE都有毒~
Logo1免疫补丁
@echo off

if exist %windir%\rundl132.exe echo 发现威金!

pause

taskkill /f /im rundl132.exe
taskkill /f /im logo_1.exe
taskkill /f /im logo1_.exe
taskkill /f /im Ravmon.exe
taskkill /f /im Eghost.exe
taskkill /f /im Mailmon.exe
taskkill /f /im KAVPFW.EXE
taskkill /f /im IPARMOR.EXE
taskkill /f /im Ravmond.exe
taskkill /f /im 0sy.exe
taskkill /f /im 1sy.exe
taskkill /f /im 2sy.exe
taskkill /f /im 3sy.exe
taskkill /f /im 4sy.exe
taskkill /f /im 5sy.exe
taskkill /f /im 6sy.exe
taskkill /f /im 7sy.exe
taskkill /f /im 8sy.exe
taskkill /f /im 9sy.exe
taskkill /f /im 10sy.exe
taskkill /f /im 11sy.exe
taskkill /f /im 12sy.exe
taskkill /f /im 13sy.exe
taskkill /f /im 15sy.exe
taskkill /f /im 25sy.exe

::以上为结束病毒进程.

attrib %windir%\Logo1_.exe -s -r -h
attrib %windir%\rundl132.exe -s -r -h
attrib %windir%\0Sy.exe -s -r -h
attrib %windir%\vDll.dll -s -r -h
attrib %windir%\1Sy.exe -s -r -h
attrib %windir%\2Sy.exe -s -r -h
attrib %windir%\rundll32.exe -s -r -h
attrib %windir%\3Sy.exe -s -r -h
attrib %windir%\5Sy.exe -s -r -h
attrib %windir%\1.com -s -r -h
attrib %windir%\exerouter.exe -s -r -h
attrib %windir%\EXP10RER.com -s -r -h
attrib %windir%\finders.com -s -r -h
attrib %windir%\Shell.sys -s -r -h
attrib %windir%\kill.exe -s -r -h
attrib %windir%\sws.dll -s -r -h
attrib %windir%\sws32.dll -s -r -h
attrib %windir%\uninstall\rundl132.exe -s -r -h
attrib c:\windows\SVCHOST.exe -s -r -h
attrib c:\windows\WINLOGON.exe -s -r -h
attrib c:\windows\RUNDLL32.EXE -s -r -h
attrib C:\"Program Files"\svchost.exe -s -r -h
attrib C:\"Program Files"\"Internet Explorer"\svchost.exe -s -r -h
attrib %windir%\Download\svchost.exe -s -r -h
attrib %windir%\system32\wldll.dll -s -r -h
attrib c:\windows\system32\Microsoft\svchost.exe -s -r -h

del /f /s /q /a %systemdrive%\rundl132.exe
del /f /s /q /a %systemdrive%\rundll32.exe
del /f /s /q /a %systemdrive%\Dll.dll
del /f /s /q /a %systemdrive%\vdll.dll
del /f /s /q /a %systemdrive%\logo_1.exe
del /f /s /q /a %systemdrive%\Logo1_.exe
del /f /s /q /a %systemdrive%\Logo1.exe
del /f /s /q /a %systemdrive%\?sy.exe
del /f /s /q /a %windir%\Logo1_.exe
del /f /s /q /a %windir%\rundl132.exe
del /f /s /q /a %windir%\0Sy.exe
del /f /s /q /a %windir%\vDll.dll
del /f /s /q /a %windir%\1Sy.exe
del /f /s /q /a %windir%\2Sy.exe
del /f /s /q /a %windir%\rundll32.exe
del /f /s /q /a %windir%\3Sy.exe
del /f /s /q /a %windir%\5Sy.exe
del /f /s /q /a %windir%\1.com
del /f /s /q /a %windir%\exerouter.exe
del /f /s /q /a %windir%\EXP10RER.com
del /f /s /q /a %windir%\finders.com
del /f /s /q /a %windir%\Shell.sys
del /f /s /q /a %windir%\kill.exe
del /f /s /q /a %windir%\sws.dll
del /f /s /q /a %windir%\sws32.dll
del /f /s /q /a %windir%\uninstall\rundl132.exe
del /f /s /q /a c:\windows\SVCHOST.exe
del /f /s /q /a c:\windows\WINLOGON.exe
del /f /s /q /a c:\windows\RUNDLL32.EXE
del /f /s /q /a C:\"Program Files"\svchost.exe
del /f /s /q /a C:\"Program Files"\"Internet Explorer"\svchost.exe
del /f /s /q /a c:\windows\Download\svchost.exe
del /f /s /q /a c:\windows\system32\Microsoft\svchost.exe
del /f /s /q /a c:\windows\system32\wldll.dll
del /f /s /q /a c:\_desktop.ini
del /f /s /q /a d:\_desktop.ini
del /f /s /q /a e:\_desktop.ini
del /f /s /q /a f:\_desktop.ini

::以上为删除病毒相关文件.

net share c$ /del
net share d$ /del
net share e$ /del
net share f$ /del
net share admin$ /del
net share ipc$ /del

pause

taskkill /f /im conime.exe
exit

echo > %windir%\Logo1_.exe
echo > %windir%\rundl132.exe
echo > %windir%\0Sy.exe
echo > %windir%\vDll.dll
echo > %windir%\1Sy.exe
echo > %windir%\2Sy.exe
echo > %windir%\rundll32.exe
echo > %windir%\3Sy.exe
echo > %windir%\5Sy.exe
echo > %windir%\1.com
echo > %windir%\exerouter.exe
echo > %windir%\EXP10RER.com
echo > %windir%\finders.com
echo > %windir%\Shell.sys
echo > %windir%\kill.exe
echo > %windir%\sws.dll
echo > %windir%\sws32.dll
echo > %windir%\uninstall\rundl132.exe
echo > %windir%\SVCHOST.exe
echo > %windir%\WINLOGON.exe
echo > %windir%\RUNDLL32.EXE
echo > C:\"Program Files"\svchost.exe
echo > C:\"Program Files"\"Internet Explorer"\svchost.exe
echo > %windir%\Download\svchost.exe
echo > %windir%\system32\wldll.dll

attrib %windir%\Logo1_.exe +s +r +h
attrib %windir%\rundl132.exe +s +r +h
attrib %windir%\0Sy.exe +s +r +h
attrib %windir%\vDll.dll +s +r +h
attrib %windir%\1Sy.exe +s +r +h
attrib %windir%\2Sy.exe +s +r +h
attrib %windir%\rundll32.exe +s +r +h
attrib %windir%\3Sy.exe +s +r +h
attrib %windir%\5Sy.exe +s +r +h
attrib %windir%\1.com +s +r +h
attrib %windir%\exerouter.exe +s +r +h
attrib %windir%\EXP10RER.com +s +r +h
attrib %windir%\finders.com +s +r +h
attrib %windir%\Shell.sys +s +r +h
attrib %windir%\kill.exe +s +r +h
attrib %windir%\sws.dll +s +r +h
attrib %windir%\sws32.dll +s +r +h
attrib %windir%\uninstall\rundl132.exe +s +r +h
attrib %windir%\SVCHOST.exe +s +r +h
attrib %windir%\WINLOGON.exe +s +r +h
attrib %windir%\RUNDLL32.EXE +s +r +h
attrib C:\"Program Files"\svchost.exe +s +r +h
attrib C:\"Program Files"\"Internet Explorer"\svchost.exe +s +r +h
attrib %windir%\Download\svchost.exe +s +r +h
attrib %windir%\system32\wldll.dll +s +r +h

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff
"DisallowRun"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun]
"1"="logo1_.exe"
"2"="1.com"
"3"="1Sy.exe"
"4"="2Sy.exe"
"5"="3Sy.exe"
"6"="5Sy.exe"
"7"="exerouter.exe"
"8"="EXP10RER.com"
"9"="finders.com"
"10"="finders.com"
"11"="kill.exe"
"12"="Logo1_.exe"
"13"="rundl132.exe"
"14"="1.exe"
"15"="0sy.exe"
"16"="sms*.**e"
"17"="sms*.**e"
"18"="sws.dll"
"19"="sws32.dll"
"20"="tool.exe"
"21"="tool2005.exe"
"22"="tool2006.exe"
"23"="tool*.**e"
"24"="vDll.dll"

2007-4-11 11:49

lxmxn
版主

积分 11386
发帖 4938
注册 2006-7-23
状态离线

『第 6 楼』:

Quote:

Originally posted by zhouxiaohuanv at 2007-4-10 22:44:
我中的是Logo1_.exe
现在所以的EXE文件变成模糊的颜色~~~
谢谢~~~~~~~~~~~~~~~~~~~~~

exe文件变成了模糊的颜色，再运行exe文件就可以恢复吗？

搞不明白。

2007-4-12 01:14

kcdsw
中级用户

积分 404
发帖 179
注册 2006-3-30
状态离线

『第 7 楼』:

晕看到楼主的说明才知道前两天我同事的机器中了威金了
不过貌似不难杀啊
没一会就被我手动清除光了

我用了autoruns 和rising

2007-4-12 02:33

dikex
高级用户

潜水修练批处理

积分 788
发帖 366
注册 2006-12-31
状态离线

『第 8 楼』:

Quote:

Originally posted by lxmxn at 2007-4-11 12:14 PM:

exe文件变成了模糊的颜色，再运行exe文件就可以恢复吗？

搞不明白。

利用一种叫映象劫持的办法可以在运行被感染的exe文件后得到原始文件，而且不回激活病毒（对某些变种无效）

2007-4-12 03:20

请注意：您目前尚未注册或登录，请您注册或登录以使用论坛的各项功能，例如发表和回复帖子等。

可打印版本 | 推荐给朋友 | 订阅主题 | 收藏主题

论坛跳转: