Posts in current category

Autorun virus removal tool


May 22, 2021 23:00 DOS Command learning manual



@Echo Off

color 2f

Title Autorun Virus Removal Tool - By Phexon

Rem kill process

taskkill /F /IM SocksA.exe /IM SVOHOST.exe /IM AdobeR.exe /IM ravmone.exe /IM wincfgs.exe /IM doc.exe /IM rose.exe /IM sxs.exe /IM autorun.exe /IM KB20060111.exe /IM tel.xls.exe>nul 2>nul



:clearauto

Cls

Echo.

Echo Autorun virus removal tool

Echo.

Echo.

Echo.

Echo Production: Phexon

Echo.

Echo This program automatically clears the Autoun virus below each disc character when it runs

Echo This program principle is based on reading Autoun.inf-related fields under each disc character

Echo.

Echo only removes the Autorun virus under all disc characters

Echo removes the Autorun virus from all disk characters and establishes an immune directory of the same name (recommended!)

Echo disables the system's Autorun mechanism to avoid re-infection of the Autorun virus

Echo is unmmune to the Autorun virus for all disc characters

Echo removes and immunized the Autorun virus from the specified disk character

Echo .6) Unimmune specified disc character

Echo s 7. Restores the default value of the relevant registry key

Echo .0) exits

Echo.

Set /p clearslt - Please enter your selection (1/2/3/4/5/6/7/0):

If "%clearslt%"=="" Goto clearauto

If "%clearslt%"=="1" Goto clearauto1

If "%clearslt%"=="2" Goto clearauto2

If "%clearslt%"=="3" Goto clearauto3

If "%clearslt%"=="4" Goto clearauto4

If "%clearslt%"=="5" Goto clearauto5

If "%clearslt%"=="6" Goto clearauto6

If "%clearslt%"=="7" Goto clearauto7

If "%clearslt%"=="0" Exit



:clearauto1

taskkill /F /IM SocksA.exe /IM SVOHOST.exe /IM AdobeR.exe /IM ravmone.exe /IM wincfgs.exe /IM doc.exe /IM rose.exe /IM sxs.exe /IM autorun.exe /IM KB20060111.exe /IM tel.xls.exe>nul 2>nul

For %%a In (C D E F G H I J K L M N O P Q R S T U V W X Y Z) Do (

fsutil fsinfo drivetype %%a: |find /i "fixed drive"

For /f "tokens=2 delims==" %%b In (%%a:\autorun.inf) Do Del /a /f /q "%%a:\%%b" >nul 2>nul

Del /a /f /q %%a:\autorun.inf >nul 2>nul

) >nul 2>nul

FSUTIL FSINFO DriveType %% A: | Find / i "Removable Driver" &&

For /f "tokens=2 delims==" %%b In (%%a:\autorun.inf) Do Del /a /f /q "%%a:\%%b" >nul 2>nul

Del /a /f /q %%a:\autorun.inf >nul 2>nul

) >nul 2>nul

)

cls

Echo Autorun virus is cleared, any key is returned ...

pause>nul

Goto clearauto



:clearauto2

taskkill /F /IM SocksA.exe /IM SVOHOST.exe /IM AdobeR.exe /IM ravmone.exe /IM wincfgs.exe /IM doc.exe /IM rose.exe /IM sxs.exe /IM autorun.exe /IM KB20060111.exe /IM tel.xls.exe>nul 2>nul

For %%a In (C D E F G H I J K L M N O P Q R S T U V W X Y Z) Do (

FSUTIL FSINFO DriveType %% A: | Find / I "Fixed Drive" &&

FOR / F "tokens = 2 delims ==" %% b in (%% A: \ Autorun.inf) Do del / a / f / q "%% A: \ %% B" & md "%% A:\ %% B \ Immunoctory catalog Do not delete! ... \ "& attrib + s + h + r" %% A: \ %% B "& echo y | CACLS" %% A: \ %% B "/ T/ C / p everyone: n> NUL 2> NUL

DEL / A / F / Q %% A: \ Autorun.inf & MD "%% A: \ Autorun.inf \ Immunoostatism Do not delete! ... \" & attrib + s + h + r %% A: \Autorun.inf & echo y | CaCLS "%% A: \ Autorun.inf" / T / C / P Everyone: n> NUL 2> NUL

) >nul 2>nul

FSUTIL FSINFO DriveType %% A: | Find / i "Removable Driver" &&

FOR / F "tokens = 2 delims ==" %% b in (%% A: \ Autorun.inf) Do del / a / f / q "%% A: \ %% B" & md "%% A:\ %% B \ Immunoctory catalog Do not delete! ... \ "& attrib + s + h + r" %% A: \ %% B "& echo y | CACLS" %% A: \ %% B "/ T/ C / p everyone: n> NUL 2> NUL

Del /a /f /q %%a: s autorun.inf md "%%:?autorun.inf?immune directory do not delete !...""|"

) >nul 2>nul

)

cls

Echo Autorun virus cleared and immunized, any key back...

pause>nul

Goto clearauto



:clearauto3

cls

Echo.

Echo is stopping the service...

Echo.

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000ff /f >nul 2>nul

reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000ff /f >nul 2>nul

net stop ShellHWDetection >nul 2>nul

sc config ShellHWDetection start= disabled >nul 2>nul

REM adds strategies that prevent direct executables directly from the directory of the recycle bin or imitation recycle bin

Set REGPATH=HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths

Set SFLAG=/v SaferFlags /t REG_DWORD /d 0x00000000 /f

Set IDATA=/f /v ItemData /d "?:\ Recyc?

reg add %REGPATH%\{00ffa5bf-abe7-4901-aacf-4f58aa31217a} %SFLAG%>nul

reg add %REGPATH%\{00ffa5bf-abe7-4901-aacf-4f58aa31217a} %IDATA%\*\*\*\*.*">nul


reg add %REGPATH%\{41fe7eed-c47a-46f6-840a-240796fd03cf} %SFLAG%>nul

reg add %REGPATH%\{41fe7eed-c47a-46f6-840a-240796fd03cf} %IDATA%\*\*\*.*">nul


reg add %REGPATH%\{4e93c91c-a40e-462e-9b89-3b0832d222d9} %SFLAG%>nul

reg add %REGPATH%\{4e93c91c-a40e-462e-9b89-3b0832d222d9} %IDATA%\*.*">nul


reg add %REGPATH%\{5bfc100b-d3fb-450e-88ec-6819ab56a9ff} %SFLAG%>nul

reg add %REGPATH%\{5bfc100b-d3fb-450e-88ec-6819ab56a9ff} %IDATA%\*\*\*\*.*">nul


reg add %REGPATH%\{5c5e2bcd-7057-43f4-830c-e4361d2afadd} %SFLAG%>nul

reg add %REGPATH%\{5c5e2bcd-7057-43f4-830c-e4361d2afadd} %IDATA%\*.*">nul


reg add %REGPATH%\{5f8ff865-0638-4c6e-98de-923e7bc6b330} %SFLAG%>nul

reg add %REGPATH%\{5f8ff865-0638-4c6e-98de-923e7bc6b330} %IDATA%\*\*\*.*">nul


reg add %REGPATH%\{649c1429-0e79-453c-abe9-b5682e035ae7} %SFLAG%>nul

reg add %REGPATH%\{649c1429-0e79-453c-abe9-b5682e035ae7} %IDATA%\*\*.*">nul


reg add %REGPATH%\{718f54b2-c669-4d7b-aeff-18d69f100034} %SFLAG%>nul

reg add %REGPATH%\{718f54b2-c669-4d7b-aeff-18d69f100034} %IDATA%\*\*.*">nul


reg add %REGPATH%\{8385d9d2-80c9-4ac1-a100-ed3e62863d97} %SFLAG%>nul

reg add %REGPATH%\{8385d9d2-80c9-4ac1-a100-ed3e62863d97} %IDATA%\*.*">nul


reg add %REGPATH%\{af2a4fcf-441c-421e-9663-52cd3502cfd7} %SFLAG%>nul

reg add %REGPATH%\{af2a4fcf-441c-421e-9663-52cd3502cfd7} %IDATA%\*\*\*.*">nul


reg add %REGPATH%\{b997f4b2-c037-4e97-b051-31f5d86df802} %SFLAG%>nul

reg add %REGPATH%\{b997f4b2-c037-4e97-b051-31f5d86df802} %IDATA%\*\*.*">nul


reg add %REGPATH%\{d4e7b6ff-d76f-407f-b8bb-ea0835f5babc} %SFLAG%>nul

reg add %REGPATH%\{d4e7b6ff-d76f-407f-b8bb-ea0835f5babc} /f /v ItemData /d "RECYC*.*">nul


REM clears the automatic operation of the virus using the mobile disk using the recycle bin

For %%a In (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) Do (

For %%b In (exe pif com) Do (

Echo Y|cacls "%%a:\Recycler\*.%%b" /C /T /P everyone:F>nul 2>nul&Echo Y|cacls "%%a:\Recycled\*.%%b" /C /T /P everyone:F>nul 2>nul&Echo Y|cacls "%%a:\Recycled\Recycled\*.%%b" /C /T /P everyone:F>nul 2>nul

Del /A /F /S /Q "%%a:\Recycler\*.%%b">nul 2>nul&Del /A /F /S /Q "%%a:\Recycled\*.%%b">nul 2>nul&Del /A /F /S /Q "%%a:\Recycled\Recycled\*.%%b">nul 2>nul

)

)>nul 2>nul

Echo.

Echo Related services have been stopped and disabled, and any key is returned ...

pause >nul

Goto clearauto



:clearauto4

For %%a In (C D E F G H I J K L M N O P Q R S T U V W X Y Z) Do (

FSUTIL FSINFO DriveType %% A: | Find / I "Fixed Drive" &&

cacls "%%a:\autorun.inf" /T /C /P everyone:F&Del /a /f /q "%%a:\autorun.inf" & rd /s /q "%%a:\autorun.inf">nul 2>nul

)>nul 2>nul

FSUTIL FSINFO DriveType %% A: | Find / i "Removable Driver" &&

cacls "%%a:\autorun.inf" /T /C /P everyone:F&Del /a /f /q "%%a:\autorun.inf" & rd /s /q "%%a:\autorun.inf">nul 2>nul

)>nul 2>nul

)

cls

Echo.

Echo Immunization of all drives has been released, and any key is returned ...

pause>nul

Goto clearauto




:clearauto5

cls

Echo.

Set /p pf= Please enter your drive, such as "F:" (excluding quotation marks)

Echo Immunization% PF% disk ... | find /i ":"|| Set pf=%pf%:&&Echo Immunization% PF% disk ...

taskkill /F /IM SocksA.exe /IM SVOHOST.exe /IM AdobeR.exe /IM ravmone.exe /IM wincfgs.exe /IM doc.exe /IM rose.exe /IM sxs.exe /IM autorun.exe /IM KB20060111.exe /IM tel.xls.exe>nul 2>nul

FSUTIL FSINFO DriveType% PF% | Find / I "Fixed Drive" &&

FOR / F "tokens = 2 Delims ==" %% a in (% pf% \ autorun.inf) Do del / a / f / q "% PF% \ %% a" & md "% PF% \ %%A \ immunohist catalog Do not delete! ... \ "& attrib + s + h + r"% PF% \ %% a "& echo y | CACLS"% PF% \ %% a "/ t / c / p Everyone: N> NUL 2> NUL

DEL / A / F / Q% PF% \ autorun.inf & md "% PF% \ autorun.inf \ immunohist catalog Do not delete! ... \" & attrib + s + h + r% pf% \ autorun.inf& Echo y | CACLS "% PF% \ autorun.inf" / t / c / p Everyone: n> NUL 2> NUL

Goto DoneclearAuto

) >nul 2>nul

Fsutil Fsinfo DriveType% PF% | Find / i "Removable Drive" &&

FOR / F "tokens = 2 Delims ==" %% a in (% pf% \ autorun.inf) Do del / a / f / q "% PF% \ %% a" & md "% PF% \ %%A \ immunohist catalog Do not delete! ... \ "& attrib + s + h + r"% PF% \ %% a "& echo y | CACLS"% PF% \ %% a "/ t / c / p Everyone: N> NUL 2> NUL

DEL / A / F / Q% PF% \ autorun.inf & md "% PF% \ autorun.inf \ immunohist catalog Do not delete! ... \" & attrib + s + h + r% pf% \ autorun.inf& Echo y | CACLS "% PF% \ autorun.inf" / t / c / p Everyone: n> NUL 2> NUL

Goto DoneclearAuto

) >nul 2>nul

Echo.

Echo The drive letter you entered does not exist or only the device.

Echo please enter again

Goto clearauto5


:DoneclearAuto

cls

Echo.

Echo specified disk %pf% has been successfully removed and immunized against autorun viruses

Echo.

Echo continues to immune to other disks

Echo is returned to the main menu

Set /p choice - Please enter your selection (1/0):

If %choice%="" Goto DoneclearAuto

If %choice%="1" Goto clearauto5

If %choice%="0" Goto clearauto




:clearauto6

cls

Echo.

Set /p pf - Enter a disc character such as "F:" (excluding quotation marks)

Echo is about to unimmune %pf% plate... | f ind /i ":"|| Set pf-%pf%: and Echo is about to unimmune %pf%...

fsutil fsinfo drivetype %pf% |find /i "fixed drive"

cacls "%pf%\autorun.inf" /T /C /P everyone:F&Del /a /f /q "%pf%\autorun.inf" & rd /s /q "%pf%\autorun.inf">nul 2>nul

Goto DoneUnauto

)>nul 2>nul

fsutil fsinfo drivetype %pf% |find /i "removable drive"

cacls "%pf%\autorun.inf" /T /C /P everyone:F&Del /a /f /q "%pf%\autorun.inf" & rd /s /q "%pf%\autorun.inf">nul 2>nul

Goto DoneUnauto

)>nul 2>nul

Echo.

Echo The disc character you entered does not exist or is read-only.

Echo please enter again

Goto clearauto6


:DoneUnauto

cls

Echo.

Echo specified disk %pf% has successfully disimunized autorun viruses

Echo.

Echo continues to unimmune other disks

Echo is returned to the main menu

Set choice=

Set /p choice - Please enter your selection (1/0):

If %choice%="" Goto DoneUnauto

If %choice%="1" Goto clearauto6

If %choice%="0" Goto clearauto




:clearauto7

cls

Rem prevents files from being completely hidden, prohibited, and so on in Explorer

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /v CheckedValue /t REG_DWORD /d 0x00000001 /f>nul 2>nul

reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f>nul 2>nul

reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /f>nul 2>nul

reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v DisallowRun /f>nul 2>nul

Rem prevents the transfer of the startup group location

reg add "HKCU-Software-Microsoft-Windows?CurrentVersion?Explorer?Shell Folders"/v Startup/d"%USERPROFILE%""Start" menu"-program-start-up"/f>nul 2>nul

REG ADD "HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ shell folders" / v "Common Startup" / D "% allusersprofile% \" Start "menu \ Program \ launch" / f> NUL 2> NUL

Echo.

Echo-related registry recovery is complete, any key returns...

pause>nul

Goto clearauto