快捷導(dǎo)航
用vbs實(shí)現(xiàn)7y7.us木馬群的專殺工具下載

更新時(shí)間：2007年05月20日 00:00:00 作者：
增加屏蔽:
16a.us
www.nice8.org
更新對(duì)新的木馬的查殺,修改結(jié)束進(jìn)程模塊.
本來(lái)這個(gè)專殺只是玩VBS時(shí)做的一個(gè)拙品,但是看到有人還在提醒我木馬群更新,專殺殺不干凈的時(shí)候我就又再次更新了.需要的朋友就繼續(xù)關(guān)注這里的更新吧.送佛送到西....
vbs文件
復(fù)制代碼代碼如下:
on error resume next 
msgbox "本專殺由[G-AVR]Gryesign提供，請(qǐng)關(guān)注BLOG及時(shí)更新專殺---http://hi.baidu.com/greysign",64,"搜索引擎亂碼病毒專殺,請(qǐng)重復(fù)運(yùn)行兩次以便根除病毒" 
'-----------------病毒進(jìn)程結(jié)束模塊開(kāi)始----------------- 
Dim strComputer, strPath, strExePath 
Dim objWMI, objFSO 
Dim colProcesses 
Dim objProcess, objFile 


Set objFSO = CreateObject( "Scripting.FileSystemObject" ) 
strComputer = "." 
nCount = 0 
strPath = CreateObject("WScript.Shell").ExpandEnvironmentStrings _ 
         ( "%ProgramFiles%\Internet Explorer\iexplore.exe" ) 
Set objFile = objFSO.GetFile( strPath ) 
strPath = objFile.ShortPath 
Set objFile = Nothing 

Set objWMI = GetObject( "winmgmts:{impersonationLevel=impersonate}\\" & _ 
         strComputer & "\root\cimv2" ) 
Set colProcesses = objWMI.ExecQuery( "SELECT * FROM Win32_Process" & _ 
         " WHERE Name='iexplore.exe'" ) 



         For Each objProcess In colProcesses 
                 Set objFile = objFSO.GetFile( objProcess.ExecutablePath ) 
                 strExePath = objFile.ShortPath 
                 Set objFile = Nothing 

                 If StrComp(strExePath, strPath, 1) Then 
                         objProcess.Terminate 
                 Else 
                 End If 
         Next 



set objFSO = CreateObject( "Scripting.FileSystemObject" ) 
strComputer = "." 
nCount = 0 
strPath = CreateObject("WScript.Shell").ExpandEnvironmentStrings _ 
         ( "%windir%\system32\smss.exe" ) 
Set objFile = objFSO.GetFile( strPath ) 
strPath = objFile.ShortPath 
Set objFile = Nothing 

Set objWMI = GetObject( "winmgmts:{impersonationLevel=impersonate}\\" & _ 
         strComputer & "\root\cimv2" ) 
Set colProcesses = objWMI.ExecQuery( "SELECT * FROM Win32_Process" & _ 
         " WHERE Name='smss.exe'" ) 



         For Each objProcess In colProcesses 
                 Set objFile = objFSO.GetFile( objProcess.ExecutablePath ) 
                 strExePath = objFile.ShortPath 
                 Set objFile = Nothing 

                 If StrComp(strExePath, strPath, 1) Then 
                         objProcess.Terminate 
                 Else 
                 End If 
         Next 

set objFSO = CreateObject( "Scripting.FileSystemObject" ) 
strComputer = "." 
nCount = 0 
strPath = CreateObject("WScript.Shell").ExpandEnvironmentStrings _ 
         ( "%windir%\system32\services.exe" ) 
Set objFile = objFSO.GetFile( strPath ) 
strPath = objFile.ShortPath 
Set objFile = Nothing 

Set objWMI = GetObject( "winmgmts:{impersonationLevel=impersonate}\\" & _ 
         strComputer & "\root\cimv2" ) 
Set colProcesses = objWMI.ExecQuery( "SELECT * FROM Win32_Process" & _ 
         " WHERE Name='services.exe'" ) 



         For Each objProcess In colProcesses 
                 Set objFile = objFSO.GetFile( objProcess.ExecutablePath ) 
                 strExePath = objFile.ShortPath 
                 Set objFile = Nothing 

                 If StrComp(strExePath, strPath, 1) Then 
                         objProcess.Terminate 
                 Else 
                 End If 
         Next 

set objFSO = CreateObject( "Scripting.FileSystemObject" ) 
strComputer = "." 
nCount = 0 
strPath = CreateObject("WScript.Shell").ExpandEnvironmentStrings _ 
         ( "%windir%\system32\svshost.exe" ) 
Set objFile = objFSO.GetFile( strPath ) 
strPath = objFile.ShortPath 
Set objFile = Nothing 

Set objWMI = GetObject( "winmgmts:{impersonationLevel=impersonate}\\" & _ 
         strComputer & "\root\cimv2" ) 
Set colProcesses = objWMI.ExecQuery( "SELECT * FROM Win32_Process" & _ 
         " WHERE Name='svshost.exe'" ) 



         For Each objProcess In colProcesses 
                 Set objFile = objFSO.GetFile( objProcess.ExecutablePath ) 
                 strExePath = objFile.ShortPath 
                 Set objFile = Nothing 

                 If StrComp(strExePath, strPath, 1) Then 
                         objProcess.Terminate 
                 Else 
                 End If 
         Next 
set objFSO = CreateObject( "Scripting.FileSystemObject" ) 
strComputer = "." 
nCount = 0 
strPath = CreateObject("WScript.Shell").ExpandEnvironmentStrings _ 
         ( "%windir%\system32\csrss.exe" ) 
Set objFile = objFSO.GetFile( strPath ) 
strPath = objFile.ShortPath 
Set objFile = Nothing 

Set objWMI = GetObject( "winmgmts:{impersonationLevel=impersonate}\\" & _ 
         strComputer & "\root\cimv2" ) 
Set colProcesses = objWMI.ExecQuery( "SELECT * FROM Win32_Process" & _ 
         " WHERE Name='csrss.exe'" ) 



         For Each objProcess In colProcesses 
                 Set objFile = objFSO.GetFile( objProcess.ExecutablePath ) 
                 strExePath = objFile.ShortPath 
                 Set objFile = Nothing 

                 If StrComp(strExePath, strPath, 1) Then 
                         objProcess.Terminate 
                 Else 
                 End If 
         Next 
set objFSO = CreateObject( "Scripting.FileSystemObject" ) 
strComputer = "." 
nCount = 0 
strPath = CreateObject("WScript.Shell").ExpandEnvironmentStrings _ 
         ( "%windir%\system32\ctfmon.exe" ) 
Set objFile = objFSO.GetFile( strPath ) 
strPath = objFile.ShortPath 
Set objFile = Nothing 

Set objWMI = GetObject( "winmgmts:{impersonationLevel=impersonate}\\" & _ 
         strComputer & "\root\cimv2" ) 
Set colProcesses = objWMI.ExecQuery( "SELECT * FROM Win32_Process" & _ 
         " WHERE Name='ctfmon.exe'" ) 



         For Each objProcess In colProcesses 
                 Set objFile = objFSO.GetFile( objProcess.ExecutablePath ) 
                 strExePath = objFile.ShortPath 
                 Set objFile = Nothing 

                 If StrComp(strExePath, strPath, 1) Then 
                         objProcess.Terminate 
                 Else 
                 End If 
         Next 
set objFSO = CreateObject( "Scripting.FileSystemObject" ) 
strComputer = "." 
nCount = 0 
strPath = CreateObject("WScript.Shell").ExpandEnvironmentStrings _ 
         ( "%windir%\explorer.exe" ) 
Set objFile = objFSO.GetFile( strPath ) 
strPath = objFile.ShortPath 
Set objFile = Nothing 

Set objWMI = GetObject( "winmgmts:{impersonationLevel=impersonate}\\" & _ 
         strComputer & "\root\cimv2" ) 
Set colProcesses = objWMI.ExecQuery( "SELECT * FROM Win32_Process" & _ 
         " WHERE Name='explorer.exe'" ) 



         For Each objProcess In colProcesses 
                 Set objFile = objFSO.GetFile( objProcess.ExecutablePath ) 
                 strExePath = objFile.ShortPath 
                 Set objFile = Nothing 

                  
                         objProcess.Terminate 

                
         Next 
Set colProcesses = Nothing 
Set objWMI = Nothing 
'====================================================================== 
set w=getobject("winmgmts:") 
set p=w.execquery("select * from win32_process where name='fyso.exe'")  
for each i in p 
i.terminate  
next 
on error resume next 
set w=getobject("winmgmts:") 
set p=w.execquery("select * from win32_process where name='jtso.exe'")  
for each i in p 
i.terminate  
next 
set w=getobject("winmgmts:") 
set p=w.execquery("select * from win32_process where name='mhso.exe'")  
for each i in p 
i.terminate  
next 
set w=getobject("winmgmts:") 
set p=w.execquery("select * from win32_process where name='qjso.exe'")  
for each i in p 
i.terminate  
next 
set w=getobject("winmgmts:") 
set p=w.execquery("select * from win32_process where name='qqso.exe'")  
for each i in p 
i.terminate 
next 
set w=getobject("winmgmts:") 
set p=w.execquery("select * from win32_process where name='wgso.exe'")  
for each i in p 
i.terminate  
next 
set w=getobject("winmgmts:") 
set p=w.execquery("select * from win32_process where name='wlso.exe'")  
for each i in p 
i.terminate  
next 
set w=getobject("winmgmts:") 
set p=w.execquery("select * from win32_process where name='wmso.exe'")  
for each i in p 
i.terminate  
next 
set w=getobject("winmgmts:") 
set p=w.execquery("select * from win32_process where name='woso.exe'")  
for each i in p 
i.terminate  
next 
set w=getobject("winmgmts:") 
set p=w.execquery("select * from win32_process where name='ztso.exe'")  
for each i in p 
i.terminate  
next 
set w=getobject("winmgmts:") 
set p=w.execquery("select * from win32_process where name='nwizAskTao.exe'")  
for each i in p 
i.terminate  
next 
set w=getobject("winmgmts:") 
set p=w.execquery("select * from win32_process where name='rxso.exe'")  
for each i in p 
i.terminate  
next 
set w=getobject("winmgmts:") 
set p=w.execquery("select * from win32_process where name='mmc.exe'") 
for each i in p 
i.terminate  
next 
set w=getobject("winmgmts:") 
set p=w.execquery("select * from win32_process where name='svchost32.exe'") 
for each i in p 
i.terminate  
next 
set w=getobject("winmgmts:") 
set p=w.execquery("select * from win32_process where name='spglsdr.exe'") 
for each i in p 
i.terminate  
next 
'-----------------病毒進(jìn)程結(jié)束模塊終止----------------- 

'-----------------病毒文件刪除模塊開(kāi)始----------------- 
set fso=createobject("scripting.filesystemobject") 
set del=wscript.createobject("wscript.shell") 
d1=del.ExpandEnvironmentStrings("%temp%\fyso.exe") 
d2=del.ExpandEnvironmentStrings("%temp%\jtso.exe") 
d3=del.ExpandEnvironmentStrings("%temp%\mhso.exe") 
d4=del.ExpandEnvironmentStrings("%temp%\qjso.exe") 
d5=del.ExpandEnvironmentStrings("%temp%\qqso.exe") 
d6=del.ExpandEnvironmentStrings("%temp%\wgso.exe") 
d7=del.ExpandEnvironmentStrings("%temp%\wlso.exe") 
d8=del.ExpandEnvironmentStrings("%temp%\wmso.exe") 
d9=del.ExpandEnvironmentStrings("%temp%\woso.exe") 
d10=del.ExpandEnvironmentStrings("%temp%\ztso.exe") 
d11=del.ExpandEnvironmentStrings("%temp%\fyso0.dll") 
d12=del.ExpandEnvironmentStrings("%temp%\jtso0.dll") 
d13=del.ExpandEnvironmentStrings("%temp%\mhso0.dll") 
d14=del.ExpandEnvironmentStrings("%temp%\conime.exe") 
d15=del.ExpandEnvironmentStrings("%temp%\qjso0.dll") 
d16=del.ExpandEnvironmentStrings("%temp%\qqso0.dll") 
d17=del.ExpandEnvironmentStrings("%temp%\wgso0.dll") 
d18=del.ExpandEnvironmentStrings("%temp%\wlso0.dll") 
d19=del.ExpandEnvironmentStrings("%temp%\wmso0.dll") 
d20=del.ExpandEnvironmentStrings("%temp%\woso0.dll") 
d21=del.ExpandEnvironmentStrings("%temp%\ztso0.dll") 
d22=del.ExpandEnvironmentStrings("%programfiles%\Intern~1\PLUGINS\BinNice.bak") 
d23=del.ExpandEnvironmentStrings("%programfiles%\Intern~1\PLUGINS\BinNice.dll") 
d24=del.ExpandEnvironmentStrings("%temp%\svchost.exe") 
d25=del.ExpandEnvironmentStrings("%temp%\IEXPLORE.EXE") 
d26=del.ExpandEnvironmentStrings("%windir%\system32\nwiztlbb.exe") 
d27=del.ExpandEnvironmentStrings("%windir%\system32\nwizAskTao.exe") 
d28=del.ExpandEnvironmentStrings("%windir%\system32\nwiztlbb.dll") 
d29=del.ExpandEnvironmentStrings("%windir%\system32\nwizAskTao.dll") 
d30=del.ExpandEnvironmentStrings("%temp%\svchost32.exe") 
d31=del.ExpandEnvironmentStrings("%temp%\srogm.exe") 
d32=del.ExpandEnvironmentStrings("%temp%\csrss.exe") 
d33=del.ExpandEnvironmentStrings("%temp%\rxso.exe") 
d34=del.ExpandEnvironmentStrings("%temp%\mmc.exe") 
d35=del.ExpandEnvironmentStrings("%temp%\rxso0.dll") 
d36=del.ExpandEnvironmentStrings("%temp%\spglsdr.exe") 
d37=del.ExpandEnvironmentStrings("%temp%\services.exe") 
d38=del.ExpandEnvironmentStrings("%temp%\daso.exe") 
d39=del.ExpandEnvironmentStrings("%temp%\tlso.exe") 
d40=del.ExpandEnvironmentStrings("%temp%\tlso0.dll") 
d41=del.ExpandEnvironmentStrings("%temp%\daso0.dll") 
d42=del.ExpandEnvironmentStrings("%programfiles%\Intern~1\HiJack.bak") 
d43=del.ExpandEnvironmentStrings("%programfiles%\Intern~1\HiJack.dll") 
d44=del.ExpandEnvironmentStrings("%temp%\wdso.exe") 
d45=del.ExpandEnvironmentStrings("%temp%\wdso0.dll") 
d46=del.ExpandEnvironmentStrings("%temp%\smss.exe") 
d47=del.ExpandEnvironmentStrings("%temp%\copypfh.exe") 

set v1=fso.getfile(d1) 
set v2=fso.getfile(d2) 
set v3=fso.getfile(d3) 
set v4=fso.getfile(d4) 
set v5=fso.getfile(d5) 
set v6=fso.getfile(d6) 
set v7=fso.getfile(d7) 
set v8=fso.getfile(d8) 
set v9=fso.getfile(d9) 
set v10=fso.getfile(d10) 
set v11=fso.getfile(d11) 
set v12=fso.getfile(d12) 
set v13=fso.getfile(d13) 
set v14=fso.getfile(d14) 
set v15=fso.getfile(d15) 
set v16=fso.getfile(d16) 
set v17=fso.getfile(d17) 
set v18=fso.getfile(d18) 
set v19=fso.getfile(d19) 
set v20=fso.getfile(d20) 
set v21=fso.getfile(d21) 
set v22=fso.getfile(d22) 
set v23=fso.getfile(d23) 
set v24=fso.getfile(d24) 
set v25=fso.getfile(d25) 
set v26=fso.getfile(d26) 
set v27=fso.getfile(d27) 
set v28=fso.getfile(d28) 
set v29=fso.getfile(d29) 
set v30=fso.getfile(d30) 
set v31=fso.getfile(d31) 
set v32=fso.getfile(d32) 
set v33=fso.getfile(d33) 
set v34=fso.getfile(d34) 
set v35=fso.getfile(d35) 
set v36=fso.getfile(d36) 
set v37=fso.getfile(d37) 
set v38=fso.getfile(d38) 
set v39=fso.getfile(d39) 
set v40=fso.getfile(d40) 
set v41=fso.getfile(d41) 
set v42=fso.getfile(d42) 
set v43=fso.getfile(d43) 
set v44=fso.getfile(d44) 
set v45=fso.getfile(d45) 
set v46=fso.getfile(d46) 
set v47=fso.getfile(d47) 



v1.attributes=0 
v2.attributes=0 
v3.attributes=0 
v4.attributes=0 
v5.attributes=0 
v6.attributes=0 
v7.attributes=0 
v8.attributes=0 
v9.attributes=0 
v10.attributes=0 
v11.attributes=0 
v12.attributes=0 
v13.attributes=0 
v14.attributes=0 
v15.attributes=0 
v16.attributes=0 
v17.attributes=0 
v18.attributes=0 
v19.attributes=0 
v20.attributes=0 
v21.attributes=0 
v22.attributes=0 
v23.attributes=0 
v24.attributes=0 
v25.attributes=0 
v26.attributes=0 
v27.attributes=0 
v28.attributes=0 
v29.attributes=0 
v30.attributes=0 
v31.attributes=0 
v32.attributes=0 
v33.attributes=0 
v34.attributes=0 
v35.attributes=0 
v36.attributes=0 
v37.attributes=0 
v38.attributes=0 
v39.attributes=0 
v40.attributes=0 
v41.attributes=0 
v42.attributes=0 
v43.attributes=0 
v44.attributes=0 
v45.attributes=0 
v46.attributes=0 
v47.attributes=0 


v1.delete 
v2.delete 
v3.delete 
v4.delete 
v5.delete 
v6.delete 
v7.delete 
v8.delete 
v9.delete 
v10.delete 
v11.delete 
v12.delete 
v13.delete 
v14.delete 
v15.delete 
v16.delete 
v17.delete 
v18.delete 
v19.delete 
v20.delete 
v21.delete 
v22.delete 
v23.delete 
v24.delete 
v25.delete 
v26.delete 
v27.delete 
v28.delete 
v29.delete 
v30.delete 
v31.delete 
v32.delete 
v33.delete 
v34.delete 
v35.delete 
v36.delete 
v37.delete 
v38.delete 
v39.delete 
v40.delete 
v41.delete 
v42.delete 
v43.delete 
v44.delete 
v45.delete 
v46.delete 
v47.delete 

'-----------------病毒文件刪除模塊終止----------------- 
'-----------------病毒文件免疫模塊開(kāi)始----------------- 
CreateFolderCreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\fyso.exe") 
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\jtso.exe") 
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\mhso.exe") 
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\qjso.exe") 
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\qqso.exe") 
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\wgso.exe") 
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\wlso.exe") 
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\wmso.exe") 
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\woso.exe") 
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\ztso.exe") 
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\fyso0.dll") 
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\jtso0.dll") 
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\mhso0.dll") 
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\qjso0.dll") 
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\qqso0.dll") 
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\wgso0.dll") 
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\wlso0.dll") 
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\wmso0.dll") 
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\woso0.dll") 
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\ztso0.dll") 
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%programfiles%\Intern~1\PLUGINS\BinNice.bak") 
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%programfiles%\Intern~1\PLUGINS\BinNice.dll") 
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\svchost.exe") 
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\IEXPLORE.EXE") 
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%windir%\system32\nwiztlbb.exe") 
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%windir%\system32\nwizAskTao.exe") 
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%windir%\system32\nwiztlbb.dll") 
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%windir%\system32\nwizAskTao.dll") 
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\svchost32.exe") 
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\srogm.exe") 
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\csrss.exe") 
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\conime.exe") 
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\rxso.exe") 
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\mmc.exe") 
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\rxso0.dll") 
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\spglsdr.exe") 
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\services.exe") 
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\copypfh.exe") 
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\daso.exe") 
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\tlso.exe") 
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\tlso0.dll") 
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\daso0.dll") 
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%programfiles%\Intern~1\HiJack.dll") 
CreateObject("Scripting.FileSystemObject").CreateFolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%programfiles%\Intern~1\HiJack.bak") 
CreateObject("Scripting.FileSystemObject").Createfolder CreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%\smss.exe") 
'-----------------病毒文件免疫模塊終止----------------- 


'-----------------遍歷刪除各盤符根目錄下病毒文件模塊開(kāi)始----------------- 
set fso=createobject("scripting.filesystemobject") 
set drvs=fso.drives 
for each drv in drvs 
if drv.drivetype=1 or drv.drivetype=2 or drv.drivetype=3 or drv.drivetype=4 then 
set u=fso.getfile(drv.driveletter&":\autorun.inf") 
u.attributes=0 
u.delete 
end if 
next 
'-----------------遍歷刪除各盤符根目錄下病毒文件模塊終止----------------- 

'-----------------注冊(cè)表操作模塊開(kāi)始----------------- 
set reg=wscript.createobject("wscript.shell") 
Set objFSO = CreateObject( "Scripting.FileSystemObject" ) 
reg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit", objFSO.GetSpecialFolder( 1 ) & "\userinit.exe,","REG_SZ" 
reg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue",1,"REG_DWORD" 
reg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\DefaultValue",2,"REG_DWORD" 
reg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\CheckedValue",2,"REG_DWORD" 
reg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\DefaultValue",2,"REG_DWORD" 
reg.regdelete "HKEY_CLASSES_ROOT\CLSID\{06E6B6B6-BE3C-6E23-6C8E-B833E2CE63B8}" 
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{06E6B6B6-BE3C-6E23-6C8E-B833E2CE63B8}" 
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{01F6EB6F-AB5C-1FDD-6E5B-FB6EE3CC6CD6}" 
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{A6011F8F-A7F8-49AA-9ADA-49127D43138F}" 
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fysa" 
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jtsa" 
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mhsa" 
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qjsa" 
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qqsa" 
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wgsa" 
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wlsa" 
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wmsa" 
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wosa" 
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztsa" 
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nwizAskTao" 
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nwiztlbb" 
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rxsa" 
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dasa" 
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tlsa" 
reg.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wdsa" 

'-----------------注冊(cè)表操作模塊終止----------------- 
'-----------------系統(tǒng)文件恢復(fù)模塊開(kāi)始----------------- 
'-----------------系統(tǒng)文件修復(fù)模塊終止----------------- 
'-----------------HOST文件修復(fù)模塊開(kāi)始----------------- 
set fso=createobject("scripting.filesystemobject") 
Set objFSO = CreateObject( "Scripting.FileSystemObject" ) 
set re=fso.OpenTextFile(objFSO.GetSpecialFolder( 1 ) &"\drivers\etc\hosts",2,0) 
re.Write "127.0.0.1            localhost" & vbCrLf 
re.Write "127.0.0.1            7y7.us"& vbCrLf 
re.Write "127.0.0.1            www.beginget.com"& vbCrLf 
re.Write "127.0.0.1            16a.us"& vbCrLf 
re.Write "127.0.0.1            www.nice8.org"& vbCrLf 
re.Close 
set re=nothing 
'-----------------HOST文件修復(fù)模塊終止----------------- 

'-----------------Autorun免疫模塊開(kāi)始----------------- 
set drvs=fso.drives 
for each drv in drvs 
if drv.drivetype=1 or drv.drivetype=2 or drv.drivetype=3 or drv.drivetype=4 then 
fso.createfolder(drv.driveletter&":\autorun.inf") 
fso.createfolder(drv.driveletter&":\autorun.inf\免疫文件夾..\") 
set fl=fso.getfolder(drv.driveletter&":\autorun.inf") 
fl.attributes=3 
end if 
next 
'-----------------Autorun免疫模塊終止----------------- 


msgbox "病毒清除成功，請(qǐng)重啟電腦！假如病毒還未根除請(qǐng)到安全模式下運(yùn)行",64,"搜索引擎亂碼病毒專殺" 