kill Autorun.inf
ฆ่าไวรัสautorun ฆ่ายากฆ่าเย็นลองตัวนี้คับ
Bat ไฟล์เพื่อฆ่า ไวรัส Autorun.inf หากว่า Antivirus บางตัวไม่สามารถเอาอยู่ copy แล้ว Paste ไว้ที่ Notepad ก็ได้แต่ตอน Save ให้เลือกนามสกุลเป็น .bat แล้วก็ ดับเบิ้ลคลิ้กเพื่อ ใช้งานได้เลยครับในรูปแบบ Bat ไฟล์
@ ECHO OFF
@ ECHO.
@ ECHO. Bat Files Kill Virus Hijack
@ ECHO ------------------------------------------------------------------------------
@ ECHO BY D.J.BOM
@ ECHO www.siamcafe.net
@ ECHO
@ ECHO ------------------------------------------------------------------------------
PAUSE
Move /Y software\LPT$VPN.147 "C:\Program Files\Trend Micro\OfficeScan Client"
Move /Y software\reg.exe %windir%\system32
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi ces\lanmanserver\parameters" /v AutoShareWks /t REG_DWORD /d "0" /f
net share C$ /d
net share D$ /d
net share E$ /d
net share admin$ /d
net share Z$ /d
net share F$ /d
net share G$ /d
net share H$ /d
net share Y$ /d
net share P$ /d
del %windir%\Logo1_.exe
del %windir%\rundl132.exe
del %windir%\rundll32.exe
del %windir%\vDll.dll
del %windir%\Dll.DLL
del %windir%\kill.exe
del %windir%\sws32.dll
del %windir%\0sy.exe
del %windir%\1sy.exe
del %windir%\2sy.exe
del %windir%\3sy.exe
del %windir%\4sy.exe
del %windir%\bootconf.exe
del %windir%\system32\Logo1_.exe
del %windir%\system32\rundl132.exe
del %windir%\system32\bootconf.exe
del %windir%\system32\kill.exe
del %windir%\system32\sws32.dll
del %windir%\system32\ShellExt\svchs0t.exe
del C:\Program Files\Internet Explorer\0SY.exe
del C:\Program Files\Internet Explorer\1SY.exe
del C:\Program Files\Internet Explorer\2sy.exe
del C:\Program Files\Internet Explorer\3sy.exe
del C:\Program Files\Internet Explorer\4sy.exe
del C:\Program Files\Internet Explorer\5sy.exe
del C:\Program Files\Internet Explorer\6SY.exe
del C:\Program Files\Internet Explorer\7sy.exe
del C:\Program Files\Internet Explorer\8sy.exe
del C:\Program Files\Internet Explorer\9sy.exe
reg delete "HKEY_LOCAL_MACHINE\Software\Soft\DownloadWWW" /v "auto" /f
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v load /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run" /v "load" /f
reg delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Window s NT\CurrentVersion\Windows" /v "load" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows " /va /f
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run /va /f
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run /va /f
reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run /v ctfmon.exe /d C:\WINDOWS\system32\ctfmon.exe
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IMJPMIG8.1"
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IMJPMIG8.1" /v command /d ""C:\WINDOWS\IME\imjp8_1
\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32"
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IMJPMIG8.1" /v hkey /d HKLM
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IMJPMIG8.1" /v inimapping /d 0
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IMJPMIG8.1" /v item /d IMJPMIG
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IMJPMIG8.1" /v key /d
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002A"
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002A" /v command /d "C:\WINDOWS\system32
\IME\TINTLGNT\TINTSETP.EXE /IMEName"
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002A" /v hkey /d HKLM
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002A" /v inimapping /d 0
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002A" /v item /d TINTSETP
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002A" /v key /d
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002ASync"
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002ASync" /v command /d ""C:\WINDOWS\IME\imjp8_1
\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32"
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002ASync" /v hkey /d HKLM
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002ASync" /v inimapping /d 0
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002ASync" /v item /d TINTSETP
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002ASync" /v key /d
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
del "C:\Documents and Settings\All Users\กuถ}ฉlกvตๆณๆ\ต{งว\ฑาฐส\*.*" /q /f
del "C:\Documents and Settings\Default User\กuถ}ฉlกvตๆณๆ\ต{งว\ฑาฐส\*.*" /q /f
del "%userprofile%\กuถ}ฉlกvตๆณๆ\ต{งว\ฑาฐส\*.*" /q /f
start C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
del C:\_desktop.ini /f/s/q/a
del D:\_desktop.ini /f/s/q/a
del E:\_desktop.ini /f/s/q/a
del Z:\_desktop.ini /f/s/q/a
del F:\_desktop.ini /f/s/q/a
del G:\_desktop.ini /f/s/q/a
del H:\_desktop.ini /f/s/q/a
del Y:\_desktop.ini /f/s/q/a
del P:\_desktop.ini /f/s/q/a
del /f /s /q %systemdrive%\*.tmp
del /f /s /q %systemdrive%\*._mp
del /f /s /q %systemdrive%\*.log
del /f /s /q %systemdrive%\*.gid
del /f /s /q %systemdrive%\*.chk
del /f /s /q %systemdrive%\*.old
del /f /s /q %systemdrive%\recycled\*.*
del /f /s /q %windir%\*.bak
del /f /s /q %windir%\prefetch\*.*
del /f /q %userprofile%\cookies\*.*
del /f /q %userprofile%\recent\*.*
del /f /s /q "%userprofile%\Local Settings\Temporary Internet Files\*.*"
del /f /s /q "%userprofile%\Local Settings\Temp\*.*"
del /f /s /q "%userprofile%\recent\*.*"
DEL /S /F /Q "%systemroot%\Temp\*.*"
DEL /S /F /Q "%AllUsersProfile%\กuถ}ฉlกvฅ\ฏเชํ\ต{ฆกถฐ\Windo ws Messenger.lnk"
RD /S /Q %windir%\temp & md %windir%\temp
RD /S /Q "%userprofile%\Local Settings\Temp"
MD "%userprofile%\Local Settings\Temp"
RD /S /Q "%systemdrive%\Program Files\Temp"
MD "%systemdrive%\Program Files\Temp"
RD /S /Q "%systemdrive%\d"
del C:\_desktop.ini /f/s/q/a
del D:\_desktop.ini /f/s/q/a
del E:\_desktop.ini /f/s/q/a
del Z:\_desktop.ini /f/s/q/a
del F:\_desktop.ini /f/s/q/a
del G:\_desktop.ini /f/s/q/a
del H:\_desktop.ini /f/s/q/a
del Y:\_desktop.ini /f/s/q/a
del P:\_desktop.ini /f/s/q/a
Move /Y software\pskill.exe %windir%\system32
replace pskill.exe "C:\windows\system32" /a >nul 2>nul
pskill Logo1_.exe
pskill rundll32.exe
pskill rundl132.exe
Move /Y software\shutdown.exe %windir%\system32
echo.
อ้างอิง http://www.rcthai.net/forum/showthread.php?t=304756
1. เปิด my computer ขึ้นมาไปที่ tools>folder options>view>เลือก show hidden files and folders
2. เอาเครื่องหมายถูกออกหน้า Hide extensions for known file types กับ Hide protected operating system file [Recommended]
3. คลิ๊กขวาที่ไดร์ที่ติดไวรัส เลือก Exprole
4. เครื่องจะแสดงไวรัส AUTORUN.INF
5. กด ค้างไว้แล้วเลือก ไวรัส ตัวนั้นเพื่อจะลบ กดปุ้ม
6. ไปที่ถังขยะลบออกจากถังขยะด้วย
7. รีสตาร์ทเครื่องใหม่อีกแล้ว แค่นี้ก็เสร็จแล้ว
หรือ Download here ดาวน์โหลดได้เลยที่นี่
or
http://fd6663fe.linkbucks.com/
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment