几个小工具帮你手工杀病毒

(一)  Autoruns 是一款出色的启动项目管理工具,它的功能十分强大,不仅可以对各启动项目进行管理,还能直接控制注册表,此外软件可以直接利用google和MSN进行网上搜索。它也可以直接管理不同的登陆帐户,随时把操作的记录保存为文件.
软件包有2个文件,autoruns为图形界面软件.autorunsc是命令行软件

AutoRuns 汉化版汉化新世纪下载地址:
下载页

(二)  当你重命名或删除一个文件/文件夹时,Windows 弹出对话框提示你“无法删除 xxx:它正在被其它用户/程序使用!”,怎么办?
使用 Unlocker ,你就可以轻松、方便、有效地解决这个虽小但很烦人的问题!

Unlocker 多国语言版官方下载地址:
下载页

(三)  当你想查看系统中的隐藏文件、删除隐藏的病毒时,有时却无法的打开文件夹选项下面的“显示所有文件和文件夹”,这时,你需要新建一个文本文件,并将下面内容复制进去将其保存后将其改名为“ShowAllFile.REG”,然后执行它就行了。
——————————————————————————

Windows Registry Editor Version 5.00

       [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]
       "RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
       "Text"="@shell32.dll,-30501"
       "Type"="radio"
       "CheckedValue"=dword:00000002
       "ValueName"="Hidden"
       "DefaultValue"=dword:00000002
       "HKeyRoot"=dword:80000001
       "HelpID"="shell.hlp#51104"

       [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
       "RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
       "Text"="@shell32.dll,-30500"
       "Type"="radio"
       "CheckedValue"=dword:00000001
       "ValueName"="Hidden"
       "DefaultValue"=dword:00000002
       "HKeyRoot"=dword:80000001
       "HelpID"="shell.hlp#51105"

       [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden]
       "Type"="checkbox"
       "Text"="@shell32.dll,-30508"
       "WarningIfNotDefault"="@shell32.dll,-28964"
       "HKeyRoot"=dword:80000001
       "RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
       "ValueName"="ShowSuperHidden"
       "CheckedValue"=dword:00000000
       "UncheckedValue"=dword:00000001
       "DefaultValue"=dword:00000000
       "HelpID"="shell.hlp#51103"

       [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy]

       [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
       @=""
——————————————————————————

(四)  现在好多病毒的传播是利用系统的(AUTORUN)自动运行功能进行传播,一旦中招,以后只要你打开任何一个中毒的磁盘,病毒都会自动运行。下面是一个禁用系统自动运行并将文件夹选项设为“显示所有文件和文件夹”的批处理文件,你只需要将下列内容复制到一个空白文本文件中,并将其改名为:DelAutorun-Virus.bat,然后运行它就可以了。

——————————————————————————
@echo off
cls
echo.
echo *********** Delete Autorun batch file ***********
echo.
echo.
echo 本批处理文件除了有删除 Autorun.inf 并关闭 Autorun
echo 功能外,还有删除 MountPoints2 内异常机码的功能
echo.
echo ==============================================
echo.
echo.
echo 此批处理文件执行后会关闭 Autorun 功能
echo.
echo 如果要恢复 Autorun 功能则请将档案放置在 c:\ 后
echo.
echo 按开始 -^> 执行 -^> 输入 c:\delautorun open 后按确定
echo.
echo 依照动作指示跑完后即可回复 Autorun(自动运行功能)
echo.
echo.
echo 如不想执行请按 CTRL+C 后按 Y 退出或直接将窗口关闭。
echo.
pause

cls

if not "%1"=="open" goto st
echo.
echo 恢复 Autorun 功能并删除 Autorun.inf 资料夹

for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
attrib -r -s -h +a /D /S %%a:\autorun.inf >nul 2>nul
rd %%a:\autorun.inf >nul 2>nul&&echo.&&echo 移除%%a:\Autorun.inf资料夹
)
echo.
echo.
reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoDriveAutoRun" /f >nul 2>nul
reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x00000091 /f >nul 2>nul
reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x00000091 /f >nul 2>nul
reg.exe add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x00000091 /f >nul 2>nul
echo 执行完毕后请重新开机
echo.
pause
exit

:st
if not exist c:\delauto goto delauto
if exist c:\delauto\usbmons.dll attrib -r -s -h -a %windir%\system32\usbmons.dll&del %windir%\system32\usbmons.dll >nul 2>nul&del c:\delauto\usbmons.dll >nul 2>nul

echo.
echo 清理前次执行此批处理暂存文件和 autorun.inf 文件夹
echo.

for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
attrib -r -s -h +a /D /S %%a:\autorun.inf >nul 2>nul
rd %%a:\autorun.inf >nul 2>nul
)
del c:\delauto\*.* /s /q >nul 2>nul
rd c:\delauto /s /q

:delauto
md c:\delauto
copy %windir%\regedit.exe c:\delauto\fixreg.exe >nul 2>nul

if not exist %windir%\system32\usbmons.dll goto disable

@echo Windows Registry Editor Version 5.00 >c:\delauto\fix.reg
@echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\USB Monitor] >>c:\delauto\fix.reg
@echo "Driver"="usbmon.dll" >>c:\delauto\fix.reg
@echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\USB Monitor] >>c:\delauto\fix.reg
@echo "Driver"="usbmon.dll" >>c:\delauto\fix.reg
@echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Monitors\USB Monitor] >>c:\delauto\fix.reg
@echo "Driver"="usbmon.dll" >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\usbmon >>c:\delauto\fix.reg
c:\delauto\fixreg.exe /s c:\delauto\fix.reg
attrib -r -s -h -a %windir%\system32\usbmons.dll >nul 2>nul
copy %windir%\system32\usbmons.dll c:\delauto\ >nul 2>nul

echo 请于重新开机后再执行一次本批处理文件
echo.
pause
cls

:disable
echo.
echo 修复磁盘驱动器打不开和关闭 autorun 功能

reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveAutoRun /t REG_BINARY /d ffffff03 /f >nul 2>nul
reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000Ff /f >nul 2>nul
reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000Ff /f >nul 2>nul
reg.exe add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000Ff /f >nul 2>nul
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f >nul 2>nul

for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (

if exist %%a:\autorun.inf echo.&echo 删除%%a:\Autorun.inf
attrib -r -s -h -a %%a:\autorun.inf >nul 2>nul&del %%a:\autorun.inf /f /q >nul 2>nul
md %%a:\autorun.inf >nul 2>nul&&echo.&&echo 创建%%a:\Autorun.inf资料夹&&attrib +r +s +h +a %%a:\autorun.inf >nul 2>nul&&echo. >>c:\delauto\autorun.txt&&fsutil fsinfo drivetype %%a: >>c:\delauto\autorun.txt&&dir/a %%a:\|find /i "autorun.inf"  >> c:\delauto\autorun.txt
)

echo.
echo 删除资源回收站内的可执行文件

for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
for %%b in (EXE COM PIF) do (
attrib -r -s -h -a %%a:\RECYCLER\*.%%b /s >nul 2>nul&attrib -r -s -h -a %%a:\RECYCLED\*.%%b /s >nul 2>nul
del %%a:\recycler\*.%%b /s /q /f >nul 2>nul&del %%a:\recycled\*.%%b /s /q /f >nul 2>nul
))


@echo Windows Registry Editor Version 5.00 >c:\delauto\fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] >>c:\delauto\fix.reg
@echo "CheckedValue"=dword:00000001 >>c:\delauto\fix.reg

@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe]  >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com]  >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]  >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe]  >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe]  >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe]  >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe]  >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe]  >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe]  >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp]  >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp]  >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe]  >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe]  >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.com] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NOD32.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.com] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.EXE] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp] >>c:\delauto\fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe] >>c:\delauto\fix.reg
c:\delauto\fixreg.exe /s c:\delauto\fix.reg

:last
copy %windir%\regedit.exe c:\delauto\fixreg.exe >nul 2>nul
c:\delauto\fixreg.exe /s c:\delauto\fix.reg
attrib -r -s -h -a c:\found.??? /S /D >nul 2>nul
del c:\found.???\*.* /s /q /f >nul 2>nul
rd c:\found.??? >nul 2>nul

echo.
echo 执行完毕&pause
cls
echo.
echo 以下会显示各磁盘内 Autorun.inf 是否为文件夹
echo 如果是此批处理文件建立的文件夹则会显示下列类似文字
echo.
echo C: - 本地硬盘
echo %date% %time%  ^<DIR^>         autorun.inf
echo.
echo 如果没有显示^<DIR^>这个几个文字则表示 Autorun.inf 删除失败,
echo 请检查计算机内其它地方是否含有病毒;
echo 另外,如果是光驱内的文件,则请忽略....
echo.
pause
echo.
type c:\delauto\autorun.txt|more
echo.
echo 执行完毕后请重新开机。
echo.
pause
exit

——————————————————————————






[本日志由 大牛 于 2008-01-31 04:24 PM 编辑]
文章来自: 本站原创
引用通告: 查看所有引用 | 我要引用此文章
Tags: 杀病
相关日志:
评论: 1 | 引用: 0 | 查看次数: -
回复回复UPlusplus[2009-03-30 02:15 PM | del]
很不错~感谢
发表评论
昵 称:
密 码: 游客发言不需要密码.
内 容:
验证码: 验证码
选 项:
虽然发表评论不用注册,但是为了保护您的发言权,建议您注册帐号.