Mcafee識別到可疑病毒文件，但病毒庫里沒有病毒定義，就會(huì)把文件擴(kuò)展名命名為vir或vxe，固建立此批處理文件，用已恢復(fù)被修改掉的exe文件

MCAFEE更名原則：

Original Renamed	Description
Not V?? V??	File extensions that do not start with v are renamed with v as
	the initial letter of the file extension. For example,
	MYFILE.DOC becomes MYFILE.VOC.
V?? VIR	File extensions that start with v are renamed as .VIR. For
	example, MYFILE.VBs becomes MYFILE.VIR.
VIR, V01-V99	These files are recognized as already infected, and are not renamed again.
VIR	Files with no extensions are given the extension, .VIR.

@echo off

echo On Error Resume Next >%temp%\filesystem.vbs
echo Const wbemFlagReturnImmediately = ^&h10 >>%temp%\filesystem.vbs
echo Const wbemFlagForwardOnly = ^&h20 >>%temp%\filesystem.vbs

echo For Each strComputer In arrComputers >>%temp%\filesystem.vbs

echo Set objWMIService = GetObject("winmgmts:\\.\root\CIMV2") >>%temp%\filesystem.vbs >>%temp%\filesystem.vbs
echo Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_LogicalDisk", "WQL", _ >>%temp%\filesystem.vbs
echo wbemFlagReturnImmediately + wbemFlagForwardOnly) >>%temp%\filesystem.vbs

echo For Each objItem In colItems >>%temp%\filesystem.vbs
echo if objItem.DriverType=3 Then WScript.Echo objItem.Caption ^& "\" End if >>%temp%\filesystem.vbs
echo Next >>%temp%\filesystem.vbs
echo Next >>%temp%\filesystem.vbs

for /f %%i in ('cscript //nologo %temp%\filesystem.vbs') do call :change %%i

goto end

:change
cd /d %1
for /f "delims=|" %%i in ('dir *.vxe /b /s /a') do (cacls "%%i" /e /g everyone:f & ren "%%i" *.exe)

:end
del %temp%\filesystem.vbs

最新評論