收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 过卡巴[086cc6]
12
返回列表 发新帖
楼主: DJ
 收起左侧

[病毒样本] 过卡巴[086cc6]

[复制链接]
DJ
 楼主| 发表于 2007-7-5 21:09:19 | 显示全部楼层
源码:

QUOTE:
@Echo Off
title 流行病毒文件搜索删除工具
color cf
MODE con: COLS=70 lines=22
:start1
cls
Echo       == == == == == == == == == == == == == == == == == == == ==
Echo           欢迎使用流行病毒专杀工具     程序制作:长江龙                        
Echo       == == == == == == == == == == == == == == == == == == == ==              
Echo                          %DATE%
Echo                 ===========================================
Echo                     请选择要进行的操作,然后按回车
Echo                 ===========================================
Echo.
Echo      1.映像劫持注册表恢复
Echo.
Echo      2.查找与删除启动文件autorun.inf
Echo.
Echo      3.teoyfgx.exe debug.exe等(类似AV终结者关闭杀软病毒)的专杀工具
Echo.
Echo      4.退 出
Echo.


:cho
Set choice=
Set /p choice=     请选择:
If Not "%Choice%"=="" Set Choice=%Choice:~0,1%
If /i "%choice%"=="1" Goto start
If /i "%choice%"=="2" Goto :ks
If /i "%choice%"=="3" Goto :tyg
If /i "%choice%"=="4" Goto eod
Echo 选择无效,请重新输入
Echo.
Goto cho

:start
cls
@Echo Off
title 恢复注册映象       安全验证修改版    %DATE%
color 3f
Echo.
Echo.
Echo                     本脚本安全测试通过
Echo.
Echo.
pause
Echo.

Echo 正在删除以前的映象...&Echo.
regedit /s "delete.reg"
Echo 正在重建映象...&Echo.
regedit /s "add.reg"
regedit /s "Ifeo.reg"

Echo 映象重建完成

Goto start1



:ks
cls
@Echo Off
title 删除启动文件               %DATE%
:: +-------------------------------------------------------------------------------+
:: +                      删  除  启  动  文  件                                   +
:: +                                                                               +
:: +                                                                               +
:: +                                                                               +   
:: +---------------------------^^^------^^^----------------------------------------+
::                             | @       @ |
::                               |   @@   |
::                                 ------

Echo --------------------查找与删除启动文件autorun.inf等------------------------
Echo.
::decide the ways /path
setlocal enabledelayedexpansion
:ifc
If Exist c: Goto sc
:ifd
If Exist d: Goto sd
:ife
If Exist e: Goto se
:iff
If Exist f: Goto sf
:ifg
If Exist g: Goto sg
:ifh
If Exist h: Goto sh
:ifi
If Exist i: Goto si
:ifk
If Exist j: Goto sj
:ifk
If Exist k: Goto sk
Goto End

::find the files
:sc
Cd\
c:
attrib -s -h -r autorun.inf
Echo y|rmdir autorun...\\
If Exist autorun.inf For /f "usebackq skip=2 tokens=1,2 delims==" %%i In (autorun.inf) Do ( Set openexe=%%j
attrib -h -s -r  !openexe!
Del !openexe! /f /q /s)
Del autorun.inf /f /q /s
Goto ifd

:sd
Cd\
d:
attrib -s -h -r autorun.inf
Echo y|rmdir autorun...\\
If Exist autorun.inf For /f "usebackq skip=2 tokens=1,2 delims==" %%i In (autorun.inf) Do ( Set openexe=%%j
attrib -h -s -r  !openexe!
Del !openexe! /f /q /s)
Del autorun.inf /f /q /s
Goto ife

:se
Cd\
e:
attrib -s -h -r autorun.inf
Echo y|rmdir autorun...\\
If Exist autorun.inf For /f "usebackq skip=2 tokens=1,2 delims==" %%i In (autorun.inf) Do ( Set openexe=%%j
attrib -h -s -r  !openexe!
Del !openexe! /f /q /s)
Del autorun.inf /f /q /s
Goto iff

:sf
Cd\
f:
attrib -s -h -r autorun.inf
Echo y|rmdir autorun...\\
If Exist autorun.inf For /f "usebackq skip=2 tokens=1,2 delims==" %%i In (autorun.inf) Do ( Set openexe=%%j
attrib -h -s -r  !openexe!
Del !openexe! /f /q /s)
Del autorun.inf /f /q /s
Goto ifg

:sg
Cd\
g:
attrib -s -h -r autorun.inf
Echo y|rmdir autorun...\\
If Exist autorun.inf For /f "usebackq skip=2 tokens=1,2 delims==" %%i In (autorun.inf) Do ( Set openexe=%%j
attrib -h -s -r  !openexe!
Del !openexe! /f /q /s)
Del autorun.inf /f /q /s
Goto ifh

:sh
Cd\
h:
attrib -s -h -r autorun.inf
Echo y|rmdir autorun...\\
If Exist autorun.inf For /f "usebackq skip=2 tokens=1,2 delims==" %%i In (autorun.inf) Do ( Set openexe=%%j
attrib -h -s -r  !openexe!
Del !openexe! /f /q /s)
Del autorun.inf /f /q /s
Goto ifi

:si
Cd\
i:
attrib -s -h -r autorun.inf
Echo y|rmdir autorun...\\
If Exist autorun.inf For /f "usebackq skip=2 tokens=1,2 delims==" %%i In (autorun.inf) Do ( Set openexe=%%j
attrib -h -s -r  !openexe!
Del !openexe! /f /q /s)
Del autorun.inf /f /q /s
Goto ifj

:sj
Cd\
j:
attrib -s -h -r autorun.inf
Echo y|rmdir autorun...\\
If Exist autorun.inf For /f "usebackq skip=2 tokens=1,2 delims==" %%i In (autorun.inf) Do ( Set openexe=%%j
attrib -h -s -r  !openexe!
Del !openexe! /f /q /s)
Del autorun.inf /f /q /s
Goto ifk

:sk
Cd\
k:
attrib -s -h -r autorun.inf
Echo y|rmdir autorun...\\
If Exist autorun.inf For /f "usebackq skip=2 tokens=1,2 delims==" %%i In (autorun.inf) Do ( Set openexe=%%j
attrib -h -s -r  !openexe!
Del !openexe! /f /q /s)
Del autorun.inf /f /q /s
Goto End

:End
::Del And add the reg files
REG DELETEHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\/v CheckedValue /f
REG ADDHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\/v CheckedValue /t REG_DWORD /d 0x00000001 /f

Echo.
Echo ----------------------------操 作 完 成!------------------------------
Echo.
Echo.
Goto start1


:tyg
cls
title teoyfgx.exe debug.exe等专杀工具  %date%
taskkill /f /t /im  iflvsnh.exe
taskkill /f /t /im  pkyykil.exe
taskkill /f /t /im  debug.exe
For /l %%i In (1,1,5) Do Echo.
Echo       teoyfgx.exe debug.exe等(类似AV终结者关闭杀软病毒)的专杀工具
Echo.                           
Echo                      请耐心等待直至出现 清除完毕!
ping /n 3 127.1>nul
::清除注册表启动
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v lknjkaw /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v teoyfgx /f
reg delete "HKEY_USERS\S-1-5-21-823518204-152049171-839522115-500\Software\Microsoft\Search Assistant\ACMru\5603 " /f
reg delete "HKEY_USERS\S-1-5-21-823518204-152049171-839522115-500\Software\Microsoft\Windows\ShellNoRoam\MUICache" /f
::清除注册表禁止启动应用程序
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe"  /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe"  /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FYFireWall.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe" /f   
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.com" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp" /f

reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe" /f

reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe" /f

reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe" /f

reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe" /f

reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe" /f

reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe" /f

reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe" /f

reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe" /f

reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe" /f

reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe" /f

reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe" /f

reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe" /f

reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPFMntor.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe" /f
回复

举报

DJ
 楼主| 发表于 2007-7-5 21:09:57 | 显示全部楼层
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upiea.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USBCleaner.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe" /f
reg delete  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AST.exe" /f
reg delete  "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe" /f

Del "C:\Program Files\Common Files\System\pkyykil.exe" /f /f /s /q /a
Del "C:\Program Files\Common Files\Microsoft Shared\iflvsnh.exe" /f /f /s /q /a
Del "C:\WINDOWS\1.exe" /f /f /s /q /a
Del "C:\WINDOWS\2.bat" /f /f /s /q /a
Del "C:\WINDOWS\2.exe" /f /f /s /q /a
Del "C:\WINDOWS\2.vbs" /f /f /s /q /a
Del "C:\WINDOWS\3.exe" /f /f /s /q /a
Del "C:\WINDOWS\IEXPLORE.EXE" /f /f /s /q /a
Del "C:\WINDOWS\tmp$$$.vbs" /f /f /s /q /a
Del "C:\Program Files\Common Files\System\pkyykil.exe" /f /f /s /q /a
Del C:\teoyfgx.exe /f /s /q /a
Del "C:\WINDOWS\W1NL0GON.EXE" /f /f /s /q /a
Del "C:\WINDOWS\system32\comspn.dll" /f /f /s /q /a
Del "C:\WINDOWS\system32\inetcfg.h" /f /f /s /q /a
Del "C:\WINDOWS\system32\mst.tlb" /f /f /s /q /a
Del "C:\WINDOWS\system32\SCardSer.exe" /f /f /s /q /a
Del "C:\WINDOWS\system32\spnup.dll" /f /f /s /q /a
Del "C:\WINDOWS\Debug\debug.exe" /f /f /s /q /a
Del "C:\WINDOWS\Web\css.css" /f /f /s /q /a
Del "C:\MSDOS.log" /f /f /s /q /a
Del "C:\WINDOWS\Temp\~tmp83.tmp" /f /f /s /q /a
Del "d:\gbk.com" /f /f /s /q /a
Del "e:\gbk.com" /f /f /s /q /a
Del d:\teoyfgx.exe /f /s /q /a
Del e:\teoyfgx.exe /f /s /q /a
Del f:\teoyfgx.exe /f /s /q /a
Del g:\teoyfgx.exe /f /s /q /a
Del h:\teoyfgx.exe /f /s /q /a
Del i:\teoyfgx.exe /f /s /q /a
Del c:\autorun.inf /f /s /q /a
Del d:\autorun.inf /f /s /q /a
Del e:\autorun.inf /f /s /q /a
Del f:\autorun.inf /f /s /q /a
Del g:\autorun.inf /f /s /q /a
Del h:\autorun.inf /f /s /q /a
Del i:\autorun.inf /f /s /q /a
Del j:\autorun.inf /f /s /q /a
Del k:\autorun.inf /f /s /q /a
For /l %%i In (1,1,5) Do Echo.
Echo                                      清除完毕!谢谢使用!
Echo                                
Echo                                 
For /l %%i In (1,1,5) Do Echo
Goto start1
回复

举报

DJ
 楼主| 发表于 2007-7-5 21:19:08 | 显示全部楼层
"一个批处理的壳--------UPX
由此可以说明你用的杀软水平了......看你以后还用不用....
这么说一个垃圾壳就挑战了这么多杀软的水平,以后就别再说什么杀软好什么杀软垃圾了,
需要的话,我把原文件发上来,或者干脆你就在你的临时文件夹里找原文件,看看里面究竟是什么?
能看懂的就应该知道了,只要有详细的进程信息、注册信息、启动项信息、病毒名和路径,这样的垃专杀比大碗杀软还大碗,保留最后那部分,只要有新的病毒信息,添加了就是最新的专杀....."

以上是引用长江龙大大的原话,杀软,可怜的技术.只有微点还比较像样.
回复

举报

tracydk
发表于 2007-7-5 21:29:33 | 显示全部楼层

误报

Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: INC00057589.




We received the following archive files:


File ID  Filename  Size (Byte) Result
1096448  AVSSS.rar 53.72 KB OK

A listing of files contained inside archives alongside their results can be found below:

File ID  Filename  Size (Byte) Result
1096449  AVSSS.com  146.78 KB  CLEAN


Please find a detailed report concerning each individual sample below:

Filename Result  AVSSS.com  CLEAN

The file 'AVSSS.com' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.
回复

举报

风野胤
发表于 2007-7-5 21:34:01 | 显示全部楼层
这不是av终结者的专杀么

[ 本帖最后由 风野胤 于 2007-7-5 21:35 编辑 ]
回复

举报

hj5abc
发表于 2007-7-5 21:40:40 | 显示全部楼层
强人. 留着用..

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

liaoying112
发表于 2007-7-6 14:05:43 | 显示全部楼层
AVG不报!
回复

举报

liaoying112
发表于 2007-7-6 14:06:27 | 显示全部楼层
金山怎么不报阿?气我阿!
回复

举报

一派胡言
发表于 2007-7-6 14:16:51 | 显示全部楼层
江民没报。
回复

举报

lzlzh
发表于 2007-7-6 14:35:09 | 显示全部楼层
原帖由 ccw8642 于 2007-7-5 15:26 发表
AVAST!HOME 确实不错!表现好而且免费!


的确不错,它禁止我下载这个样本.
回复

举报

12
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-5-10 20:23 , Processed in 0.082830 second(s), 15 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表