May 22, 2021 DOS Command learning manual
@Echo Off
color 2f
Title Autorun Virus Removal Tool - By Phexon
Rem kill process
taskkill /F /IM SocksA.exe /IM SVOHOST.exe /IM AdobeR.exe /IM ravmone.exe /IM wincfgs.exe /IM doc.exe /IM rose.exe /IM sxs.exe /IM autorun.exe /IM KB20060111.exe /IM tel.xls.exe>nul 2>nul
:clearauto
Cls
Echo.
Echo Autorun virus removal tool
Echo.
Echo.
Echo.
Echo Production: Phexon
Echo.
Echo This program automatically clears the Autoun virus below each disc character when it runs
Echo This program principle is based on reading Autoun.inf-related fields under each disc character
Echo.
Echo only removes the Autorun virus under all disc characters
Echo removes the Autorun virus from all disk characters and establishes an immune directory of the same name (recommended!)
Echo disables the system's Autorun mechanism to avoid re-infection of the Autorun virus
Echo is unmmune to the Autorun virus for all disc characters
Echo removes and immunized the Autorun virus from the specified disk character
Echo .6) Unimmune specified disc character
Echo s 7. Restores the default value of the relevant registry key
Echo .0) exits
Echo.
Set /p clearslt - Please enter your selection (1/2/3/4/5/6/7/0):
If "%clearslt%"=="" Goto clearauto
If "%clearslt%"=="1" Goto clearauto1
If "%clearslt%"=="2" Goto clearauto2
If "%clearslt%"=="3" Goto clearauto3
If "%clearslt%"=="4" Goto clearauto4
If "%clearslt%"=="5" Goto clearauto5
If "%clearslt%"=="6" Goto clearauto6
If "%clearslt%"=="7" Goto clearauto7
If "%clearslt%"=="0" Exit
:clearauto1
taskkill /F /IM SocksA.exe /IM SVOHOST.exe /IM AdobeR.exe /IM ravmone.exe /IM wincfgs.exe /IM doc.exe /IM rose.exe /IM sxs.exe /IM autorun.exe /IM KB20060111.exe /IM tel.xls.exe>nul 2>nul
For %%a In (C D E F G H I J K L M N O P Q R S T U V W X Y Z) Do (
fsutil fsinfo drivetype %%a: |find /i "fixed drive"
For /f "tokens=2 delims==" %%b In (%%a:\autorun.inf) Do Del /a /f /q "%%a:\%%b" >nul 2>nul
Del /a /f /q %%a:\autorun.inf >nul 2>nul
) >nul 2>nul
FSUTIL FSINFO DriveType %% A: | Find / i "Removable Driver" &&
For /f "tokens=2 delims==" %%b In (%%a:\autorun.inf) Do Del /a /f /q "%%a:\%%b" >nul 2>nul
Del /a /f /q %%a:\autorun.inf >nul 2>nul
) >nul 2>nul
)
cls
Echo Autorun virus is cleared, any key is returned ...
pause>nul
Goto clearauto
:clearauto2
taskkill /F /IM SocksA.exe /IM SVOHOST.exe /IM AdobeR.exe /IM ravmone.exe /IM wincfgs.exe /IM doc.exe /IM rose.exe /IM sxs.exe /IM autorun.exe /IM KB20060111.exe /IM tel.xls.exe>nul 2>nul
For %%a In (C D E F G H I J K L M N O P Q R S T U V W X Y Z) Do (
FSUTIL FSINFO DriveType %% A: | Find / I "Fixed Drive" &&
FOR / F "tokens = 2 delims ==" %% b in (%% A: \ Autorun.inf) Do del / a / f / q "%% A: \ %% B" & md "%% A:\ %% B \ Immunoctory catalog Do not delete! ... \ "& attrib + s + h + r" %% A: \ %% B "& echo y | CACLS" %% A: \ %% B "/ T/ C / p everyone: n> NUL 2> NUL
DEL / A / F / Q %% A: \ Autorun.inf & MD "%% A: \ Autorun.inf \ Immunoostatism Do not delete! ... \" & attrib + s + h + r %% A: \Autorun.inf & echo y | CaCLS "%% A: \ Autorun.inf" / T / C / P Everyone: n> NUL 2> NUL
) >nul 2>nul
FSUTIL FSINFO DriveType %% A: | Find / i "Removable Driver" &&
FOR / F "tokens = 2 delims ==" %% b in (%% A: \ Autorun.inf) Do del / a / f / q "%% A: \ %% B" & md "%% A:\ %% B \ Immunoctory catalog Do not delete! ... \ "& attrib + s + h + r" %% A: \ %% B "& echo y | CACLS" %% A: \ %% B "/ T/ C / p everyone: n> NUL 2> NUL
Del /a /f /q %%a: s autorun.inf md "%%:?autorun.inf?immune directory do not delete !...""|"
) >nul 2>nul
)
cls
Echo Autorun virus cleared and immunized, any key back...
pause>nul
Goto clearauto
:clearauto3
cls
Echo.
Echo is stopping the service...
Echo.
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000ff /f >nul 2>nul
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000ff /f >nul 2>nul
net stop ShellHWDetection >nul 2>nul
sc config ShellHWDetection start= disabled >nul 2>nul
REM adds strategies that prevent direct executables directly from the directory of the recycle bin or imitation recycle bin
Set REGPATH=HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths
Set SFLAG=/v SaferFlags /t REG_DWORD /d 0x00000000 /f
Set IDATA=/f /v ItemData /d "?:\ Recyc?
reg add %REGPATH%\{00ffa5bf-abe7-4901-aacf-4f58aa31217a} %SFLAG%>nul
reg add %REGPATH%\{00ffa5bf-abe7-4901-aacf-4f58aa31217a} %IDATA%\*\*\*\*.*">nul
reg add %REGPATH%\{41fe7eed-c47a-46f6-840a-240796fd03cf} %SFLAG%>nul
reg add %REGPATH%\{41fe7eed-c47a-46f6-840a-240796fd03cf} %IDATA%\*\*\*.*">nul
reg add %REGPATH%\{4e93c91c-a40e-462e-9b89-3b0832d222d9} %SFLAG%>nul
reg add %REGPATH%\{4e93c91c-a40e-462e-9b89-3b0832d222d9} %IDATA%\*.*">nul
reg add %REGPATH%\{5bfc100b-d3fb-450e-88ec-6819ab56a9ff} %SFLAG%>nul
reg add %REGPATH%\{5bfc100b-d3fb-450e-88ec-6819ab56a9ff} %IDATA%\*\*\*\*.*">nul
reg add %REGPATH%\{5c5e2bcd-7057-43f4-830c-e4361d2afadd} %SFLAG%>nul
reg add %REGPATH%\{5c5e2bcd-7057-43f4-830c-e4361d2afadd} %IDATA%\*.*">nul
reg add %REGPATH%\{5f8ff865-0638-4c6e-98de-923e7bc6b330} %SFLAG%>nul
reg add %REGPATH%\{5f8ff865-0638-4c6e-98de-923e7bc6b330} %IDATA%\*\*\*.*">nul
reg add %REGPATH%\{649c1429-0e79-453c-abe9-b5682e035ae7} %SFLAG%>nul
reg add %REGPATH%\{649c1429-0e79-453c-abe9-b5682e035ae7} %IDATA%\*\*.*">nul
reg add %REGPATH%\{718f54b2-c669-4d7b-aeff-18d69f100034} %SFLAG%>nul
reg add %REGPATH%\{718f54b2-c669-4d7b-aeff-18d69f100034} %IDATA%\*\*.*">nul
reg add %REGPATH%\{8385d9d2-80c9-4ac1-a100-ed3e62863d97} %SFLAG%>nul
reg add %REGPATH%\{8385d9d2-80c9-4ac1-a100-ed3e62863d97} %IDATA%\*.*">nul
reg add %REGPATH%\{af2a4fcf-441c-421e-9663-52cd3502cfd7} %SFLAG%>nul
reg add %REGPATH%\{af2a4fcf-441c-421e-9663-52cd3502cfd7} %IDATA%\*\*\*.*">nul
reg add %REGPATH%\{b997f4b2-c037-4e97-b051-31f5d86df802} %SFLAG%>nul
reg add %REGPATH%\{b997f4b2-c037-4e97-b051-31f5d86df802} %IDATA%\*\*.*">nul
reg add %REGPATH%\{d4e7b6ff-d76f-407f-b8bb-ea0835f5babc} %SFLAG%>nul
reg add %REGPATH%\{d4e7b6ff-d76f-407f-b8bb-ea0835f5babc} /f /v ItemData /d "RECYC*.*">nul
REM clears the automatic operation of the virus using the mobile disk using the recycle bin
For %%a In (c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z) Do (
For %%b In (exe pif com) Do (
Echo Y|cacls "%%a:\Recycler\*.%%b" /C /T /P everyone:F>nul 2>nul&Echo Y|cacls "%%a:\Recycled\*.%%b" /C /T /P everyone:F>nul 2>nul&Echo Y|cacls "%%a:\Recycled\Recycled\*.%%b" /C /T /P everyone:F>nul 2>nul
Del /A /F /S /Q "%%a:\Recycler\*.%%b">nul 2>nul&Del /A /F /S /Q "%%a:\Recycled\*.%%b">nul 2>nul&Del /A /F /S /Q "%%a:\Recycled\Recycled\*.%%b">nul 2>nul
)
)>nul 2>nul
Echo.
Echo Related services have been stopped and disabled, and any key is returned ...
pause >nul
Goto clearauto
:clearauto4
For %%a In (C D E F G H I J K L M N O P Q R S T U V W X Y Z) Do (
FSUTIL FSINFO DriveType %% A: | Find / I "Fixed Drive" &&
cacls "%%a:\autorun.inf" /T /C /P everyone:F&Del /a /f /q "%%a:\autorun.inf" & rd /s /q "%%a:\autorun.inf">nul 2>nul
)>nul 2>nul
FSUTIL FSINFO DriveType %% A: | Find / i "Removable Driver" &&
cacls "%%a:\autorun.inf" /T /C /P everyone:F&Del /a /f /q "%%a:\autorun.inf" & rd /s /q "%%a:\autorun.inf">nul 2>nul
)>nul 2>nul
)
cls
Echo.
Echo Immunization of all drives has been released, and any key is returned ...
pause>nul
Goto clearauto
:clearauto5
cls
Echo.
Set /p pf= Please enter your drive, such as "F:" (excluding quotation marks)
Echo Immunization% PF% disk ... | find /i ":"|| Set pf=%pf%:&&Echo Immunization% PF% disk ...
taskkill /F /IM SocksA.exe /IM SVOHOST.exe /IM AdobeR.exe /IM ravmone.exe /IM wincfgs.exe /IM doc.exe /IM rose.exe /IM sxs.exe /IM autorun.exe /IM KB20060111.exe /IM tel.xls.exe>nul 2>nul
FSUTIL FSINFO DriveType% PF% | Find / I "Fixed Drive" &&
FOR / F "tokens = 2 Delims ==" %% a in (% pf% \ autorun.inf) Do del / a / f / q "% PF% \ %% a" & md "% PF% \ %%A \ immunohist catalog Do not delete! ... \ "& attrib + s + h + r"% PF% \ %% a "& echo y | CACLS"% PF% \ %% a "/ t / c / p Everyone: N> NUL 2> NUL
DEL / A / F / Q% PF% \ autorun.inf & md "% PF% \ autorun.inf \ immunohist catalog Do not delete! ... \" & attrib + s + h + r% pf% \ autorun.inf& Echo y | CACLS "% PF% \ autorun.inf" / t / c / p Everyone: n> NUL 2> NUL
Goto DoneclearAuto
) >nul 2>nul
Fsutil Fsinfo DriveType% PF% | Find / i "Removable Drive" &&
FOR / F "tokens = 2 Delims ==" %% a in (% pf% \ autorun.inf) Do del / a / f / q "% PF% \ %% a" & md "% PF% \ %%A \ immunohist catalog Do not delete! ... \ "& attrib + s + h + r"% PF% \ %% a "& echo y | CACLS"% PF% \ %% a "/ t / c / p Everyone: N> NUL 2> NUL
DEL / A / F / Q% PF% \ autorun.inf & md "% PF% \ autorun.inf \ immunohist catalog Do not delete! ... \" & attrib + s + h + r% pf% \ autorun.inf& Echo y | CACLS "% PF% \ autorun.inf" / t / c / p Everyone: n> NUL 2> NUL
Goto DoneclearAuto
) >nul 2>nul
Echo.
Echo The drive letter you entered does not exist or only the device.
Echo please enter again
Goto clearauto5
:DoneclearAuto
cls
Echo.
Echo specified disk %pf% has been successfully removed and immunized against autorun viruses
Echo.
Echo continues to immune to other disks
Echo is returned to the main menu
Set /p choice - Please enter your selection (1/0):
If %choice%="" Goto DoneclearAuto
If %choice%="1" Goto clearauto5
If %choice%="0" Goto clearauto
:clearauto6
cls
Echo.
Set /p pf - Enter a disc character such as "F:" (excluding quotation marks)
Echo is about to unimmune %pf% plate... | f ind /i ":"|| Set pf-%pf%: and Echo is about to unimmune %pf%...
fsutil fsinfo drivetype %pf% |find /i "fixed drive"
cacls "%pf%\autorun.inf" /T /C /P everyone:F&Del /a /f /q "%pf%\autorun.inf" & rd /s /q "%pf%\autorun.inf">nul 2>nul
Goto DoneUnauto
)>nul 2>nul
fsutil fsinfo drivetype %pf% |find /i "removable drive"
cacls "%pf%\autorun.inf" /T /C /P everyone:F&Del /a /f /q "%pf%\autorun.inf" & rd /s /q "%pf%\autorun.inf">nul 2>nul
Goto DoneUnauto
)>nul 2>nul
Echo.
Echo The disc character you entered does not exist or is read-only.
Echo please enter again
Goto clearauto6
:DoneUnauto
cls
Echo.
Echo specified disk %pf% has successfully disimunized autorun viruses
Echo.
Echo continues to unimmune other disks
Echo is returned to the main menu
Set choice=
Set /p choice - Please enter your selection (1/0):
If %choice%="" Goto DoneUnauto
If %choice%="1" Goto clearauto6
If %choice%="0" Goto clearauto
:clearauto7
cls
Rem prevents files from being completely hidden, prohibited, and so on in Explorer
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /v CheckedValue /t REG_DWORD /d 0x00000001 /f>nul 2>nul
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f>nul 2>nul
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /f>nul 2>nul
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v DisallowRun /f>nul 2>nul
Rem prevents the transfer of the startup group location
reg add "HKCU-Software-Microsoft-Windows?CurrentVersion?Explorer?Shell Folders"/v Startup/d"%USERPROFILE%""Start" menu"-program-start-up"/f>nul 2>nul
REG ADD "HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ shell folders" / v "Common Startup" / D "% allusersprofile% \" Start "menu \ Program \ launch" / f> NUL 2> NUL
Echo.
Echo-related registry recovery is complete, any key returns...
pause>nul
Goto clearauto