样本来源: 爱毒霸社区
另附上一个不负责任的清除脚本..昨晚脑抽风写的..
On Error Resume Next
Notice="**********Created by Blast。Safelab.spaces.live.com***********"
set ws=createobject("wscript.shell")
set fso=createobject("scripting.filesystemobject")
set fso2=createobject("scripting.filesystemobject")
set fso3=createobject("scripting.filesystemobject")
set folder=fso.getfolder(ws.currentdirectory)
set files=folder.files
dim count,prop,detail
dim windir
windir=fso.getspecialfolder(0)
prop=msgbox("是否需要本脚本间隔一段时间报告一次处理状况?",36)
'36=vbYesno+vbQuestion
ws.run "TASKKILL /im SysKernel.exe",0
ws.run "TASKKILL /im SysService.exe",0
'Terminate viruses' process by using taskkill.exe
for each file in files
fn=file.path
'if instr(1,lcase(file.name),".exe")>0 then
if lcase(fso.getextensionname(fn))="exe" then
set file2=fso2.getfile(fn)
if file2.attributes=39 then '39=VBHidden+VBSystem+VBArchive+VBReadOnly
file2.attributes=32 'VbArchive=32
if prop=6 then detail=detail + "文件发现:" + file2.path
if file2.size=57344 then
if prop=6 then detail=detail + " 删除:" + file2.path
fso3.deletefile fn,true 'Declaring virus size to 57'344. if matched, then delete it.
end if
if fso2.folderexists(left(fn,len(fn)-4)) then
set file2=fso2.getfolder(left(fn,len(fn)-4))
file2.attributes=0 '0=vbNormal
if prop=6 then detail=detail + " 文件夹属性重设:" + file2.path + chr(13) + chr(10)
end if
end if
end if
if prop=6 then count=count+1
if count=100 then msgbox detail:detail="":count=0
next
'Reset folder attributes and delete viruses.
Set Reg = CreateObject("WScript.Shell")
Reg.RegDelete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SysService"
'Delete reg entry.
ws.run "cmd /c del %windir%\system32\Syskernel.exe /f /q",0
ws.run "cmd /c del %windir%\system32\Sysservice.exe /f /q",0
'Delete dropped files.
Msgbox "清理完成。请重新启动您的计算机!"
Notice="**********Created by Blast。Safelab.spaces.live.com***********" |
发表于 2009-4-13 19:43:37
.
.