【原创】AVZbeta0.2公开测试

显示全部楼层 · 发表于 2008-11-7 13:56:57

版主要加技术值的话也给libradohko加一个，他为这个付出很多

转帖请注明卡饭病毒测试组syfwxmh和卡饭会员libradohko!谢谢！

此帖为中文版本，英文版本将在brother soft web上发布！

小白请不要测试，有可能对系统造成不必要的损害！

测试仅在XP下通过
代码检测如下

更新列表：
执行后功能如下：
1、关闭服务
包括Terminal Service,Net Meeting Remote Desktop Sharing,Remote Desktop Help Session Manager,Windows Time,RemoteRegistry,SSDPSRV,ShellHWDetection
2、关闭危险动作
CDROM autorun、关闭管理共享权限、关闭匿名用户访问、关闭发送远程协助请求
3、安全提升
开启AVZGUARD防御（存在兼容性问题，内测版删除）
删除文件后执行清除
开启引导删除
清除HOSTS（恢复默认状态）
以下为重点更新：
1、清除随机文件名的弹窗程序。[不是按照文件名查杀]
2、修复安全模式
3、恢复文件夹选项
4、恢复注册表编辑器、任务管理器
5、清除恶意广告程序
6、Windows性能优化
7、恢复一些经常被恶意程序修改的注册表键值

非卡巴用户导入教程
工具下载地址http://z-oleg.com/avz4.zip

卡巴09用户导入教程
http://bbs.kafan.cn/thread-355482-1-1.html

经过检测一下代码没有问题，该代码仅在XP下测试！
由于存在不可知的错误，请在虚拟机下进行！

该代码由syfwxmh和libradohko共同编写测试

begin

RegKeyIntParamWrite('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Policies\System', 'DisableRegistryTools', 0);
RegKeyIntParamWrite('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Policies\System', 'DisableTaskmgr', 0);

end.
begin

// 文件夹选项恢复默认
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden', 'Text', '@shell32.dll,-30499');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden', 'Type', 'group');
RegKeyParamWrite('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden', 'Bitmap', 'REG_EXPAND_SZ', '%SystemRoot%\system32\SHELL32.dll,4');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden', 'HelpID', 'shell.hlp#51131');

RegKeyStrParamWrite('HKEY_LOCAL_MACHINE',
'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN',
'RegPath',
'Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced'
);
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE',
'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN',
'Text',
'@shell32.dll,-30501'
);
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE',
'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN',
'Type',
'radio'
);
RegKeyIntParamWrite('HKEY_LOCAL_MACHINE',
'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN',
'Checked',
2
);
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE',
'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN',
'Name',
'Hidden'
);
RegKeyIntParamWrite('HKEY_LOCAL_MACHINE',
'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN',
'Default',
2
);
RegKeyIntParamWrite('HKEY_LOCAL_MACHINE',
'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN',
'HKeyRoot',
80000001
);
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE',
'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN',
'HelpID',
'shell.hlp#51104'
);

RegKeyStrParamWrite('HKEY_LOCAL_MACHINE',
'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL',
'RegPath',
'Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced'
);
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE',
'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL',
'Text',
'@shell32.dll,-30500'
);
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE',
'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL',
'Type',
'radio'
);
RegKeyIntParamWrite('HKEY_LOCAL_MACHINE',
'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL',
'Checked',
1
);
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE',
'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL',
'Name',
'Hidden'
);
RegKeyIntParamWrite('HKEY_LOCAL_MACHINE',
'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL',
'Default',
2
);
RegKeyIntParamWrite('HKEY_LOCAL_MACHINE',
'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL',
'HKeyRoot',
80000001
);
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE',
'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL',
'HelpID',
'shell.hlp#51105'
);
// 恢复默认隐藏受保护的系统文件
RegKeyIntParamWrite('HKEY_LOCAL_MACHINE',
'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden',
'Checkedvalue',
1
);
RegKeyIntParamWrite('HKEY_LOCAL_MACHINE',
'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden',
'DefaultValue',
1
);

end.
begin
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot', 'AlternateShell', 'cmd.exe');
RegKeyCreate('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys', '', 'Driver');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys', '', 'Driver');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys', '', 'Driver');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys', '', 'Driver');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys', '', 'FSFilter System Recovery');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys', '', 'Driver');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys', '', 'Driver');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}', '', 'Universal Serial Bus controllers');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}', '', 'CD-ROM Drive');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}', '', 'DiskDrive');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}', '', 'Standard floppy disk controller');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}', '', 'Hdc');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}', '', 'Keyboard');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}', '', 'Mouse');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}', '', 'PCMCIA Adapters');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}', '', 'SCSIAdapter');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}', '', 'System');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}', '', 'Floppy disk drive');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}', '', 'Volume');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}', '', 'Human Interface Devices');
RegKeyCreate('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt', '', '');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys', '', 'Driver');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys', '', 'Driver');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys', '', 'Driver');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys', '', 'Driver');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys', '', 'Driver');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts', '', '');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys', '', 'Driver');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys', '', 'Driver');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys', '', 'Driver');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys', '', 'Driver');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys', '', 'FSFilter System Recovery');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI', '', 'Driver Group');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys', '', 'Driver');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys', '', 'Driver');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys', '', 'Driver');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys', '', 'Driver');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC', '', 'Service');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}', '', 'Universal Serial Bus controllers');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}', '', 'CD-ROM Drive');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}', '', 'DiskDrive');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}', '', 'Standard floppy disk controller');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}', '', 'Hdc');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}', '', 'Keyboard');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}', '', 'Mouse');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}', '', 'Net');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}', '', 'NetClient');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}', '', 'NetService');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}', '', 'NetTrans');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}', '', 'PCMCIA Adapters');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}', '', 'SCSIAdapter');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}', '', 'System');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}', '', 'Floppy disk drive');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}', '', 'Volume');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}', '', 'Human Interface Devices');
end.
begin
ExecuteSysClean;
BC_Activate;
RegKeyIntParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\Terminal Server','fAllowToGetHelp', 0);
RegKeyIntParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\LSA','RestrictAnonymous', 2);
RegKeyIntParamWrite('HKEY_LOCAL_MACHINE', 'System\CurrentControlSet\Services\LanmanServer\Parameters','AutoShareWks', 0);
RegKeyIntParamWrite('HKEY_LOCAL_MACHINE', 'System\CurrentControlSet\Services\CDROM','AutoRun', 0);
RegKeyIntParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\ShellHWDetection','Start', 4);
RegKeyIntParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\SSDPSRV','Start', 4);
RegKeyIntParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\W32Time','Start', 4);
RegKeyIntParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\RemoteRegistry','Start', 4);
SetServiceStart('RDSessMgr', 4);
SetServiceStart('mnmsrvc', 4);
SetServiceStart('TermService', 4);
SetServiceStart('W32Time', 4);
SetServiceStart('SSDPSRV', 4);
SetServiceStart('ShellHWDetection', 4);
end.
// 添加日志
Procedure AddAlarm(AFileName, AMsg : string);
begin
AddtoLog('>>>>> '+AFileName+' 被以下病毒感染 '+AMsg);
end;

// 扫描文件
Procedure ScanFile(AFileName : string);
begin
SetStatusBarText(AFileName);
// 将文件载入缓冲区
LoadFileToBuffer(AFileName);
// 看文件偏移21080处的代码是不是符合特征码
if SearchSign('81 7D 08 8C 00 00 00 59 75 16 6A 50 FF 15 6C 70 40 00 57 57 56 FF 75 0C 57 57 FF 15 B0 73 40 00', 21080, 33) >= 0 then
begin
// 如果SearchSign函数的返回值大于0，说明特征匹配成功
AddAlarm(AFileName, '弹窗广告程序');
DeleteFile(AFileName);
end;
if SearchSign('85 F6 59 59 74 1D 56 68 FF 7F 00 00 6A 01 68 E8 41 40 00 FF 15 74 32 40 00 56 FF 15 6C 32 40 00', 7051, 33) >= 0 then
begin
AddAlarm(AFileName, '弹窗广告程序');
DeleteFile(AFileName);
end;
FreeBuffer;
end;

// 扫描目录 (递归扫描子目录)
Procedure ScanDir(ADirName : string; AScanSubDir : boolean);
var
FS : TFileSearch;
begin
ADirName := NormalDir(ADirName);
FS := TFileSearch.Create(nil);
FS.FindFirst(ADirName + '*.*');
while FS.Found do begin
if FS.IsDir then begin
if AScanSubDir and (FS.FileName <> '.') and (FS.FileName <> '..') then
ScanDir(ADirName + FS.FileName, AScanSubDir)
end else
ScanFile(ADirName + FS.FileName);
FS.FindNext;
end;
FS.Free;
end;

begin
//Automatically correct SPI errors
AutoFixSPI;
//Clear Hosts file
ClearHostsFile;
end.

begin

// 扫描Windows文件夹
ScanDir('%WinDir%', true);

// 导入删除文件列表，这样所有用DeleteFile删除的文件都会用BootCleaner再删除一遍。
BC_ImportDeletedList;

// 删除所有引用病毒文件的启动项
ExecuteSysClean;

// 激活BootCleaner
BC_Activate;

// 重新启动
RebootWindows(true);

end.

[ 本帖最后由 syfwxmh 于 2008-11-7 15:00 编辑 ]

显示全部楼层 · 发表于 2008-11-7 14:08:03

请测试用户将反馈信息，发上来以便改进！

显示全部楼层 · 发表于 2008-11-7 14:12:21

忘了虚拟机上还有avz这个工具呢
不过卡巴也安装的差不多了
这脑子...

显示全部楼层 · 发表于 2008-11-7 14:13:27

董斯基是个人才

显示全部楼层 · 发表于 2008-11-7 14:14:53

是的

显示全部楼层 · 发表于 2008-11-7 14:15:00

对主管的工作表示感谢。我也会努力为大家提供更多的好的脚本的。

显示全部楼层 · 发表于 2008-11-7 14:17:41

应该是一起提供呵呵~~

显示全部楼层 · 发表于 2008-11-7 14:24:29

原帖由 change_018 于 2008-11-7 14:13 发表
董斯基是个人才

同时评分呵呵

期待楼主和董斯基更好的作品

显示全部楼层 · 发表于 2008-11-7 14:49:58

用工具和卡巴执行都没有自动重启？

显示全部楼层 · 发表于 2008-11-7 14:50:25

VISTA SP1 U版
使用卡巴导入或者工具导入后都没有任何反映兼容性看来有问题..
工具导入提示修改注册表2处之后没了反应

2008/11/7 14:37:02 c:\users\administrator\desktop\avz4\avz.exe 写注册表值 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools 允许 [注册表组]系统设置 -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\*
2008/11/7 14:37:02 c:\users\administrator\desktop\avz4\avz.exe 写注册表值 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskmgr 允许 [注册表组]系统设置 -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\*

【原创】AVZbeta0.2公开测试

评分

回复 4楼 change_018 的帖子

评分

回复 6楼 libradohko 的帖子