批处理《sec520.exe专杀》,该病毒带有灰鸽子远程监控。
- @echo off
- echo ************************************************************
- echo sec520.exe专杀
- echo BY:甲兵时代
- echo http://hi.baidu.com/cjiabing
- echo ************************************************************
- pause
- tskill IEXPLORE
- taskkill /f /im IEXPLORE.EXE
- if exist %SystemRoot%\sec520.exe echo ---病毒警报,发现病毒
- sc config eon_bbssec520.com start= DISABLED
- sfc /purgecache
- attrib -h -r -s %SystemRoot%\sec520.exe
- attrib -h -r -s %SystemRoot%\System32\RRyvpaJDqsnvPNBlAZpXuKGOYDfYfwTLr9UshG4OfZUB.exe
- attrib -h -r -s %SystemRoot%\System32\cdZhbQxPuBho2hHeWZoZ7TYplfPE3NNcWSJXggzDkejz.exe
- attrib -h -r -s %SystemRoot%\System32\zSBJxpKI1h1kfL7XkFnMETKkQduLV1dQOMw6hf1YYUKK.exe
- attrib -h -r -s %SystemRoot%\System32\ou4YZD2SogZiTGLQOu2luyZd9n9pwN4RSyalQr2jsSff.exe
- del %SystemRoot%\sec520.exe
- del %SystemRoot%\System32\RRyvpaJDqsnvPNBlAZpXuKGOYDfYfwTLr9UshG4OfZUB.exe
- del %SystemRoot%\System32\cdZhbQxPuBho2hHeWZoZ7TYplfPE3NNcWSJXggzDkejz.exe
- del %SystemRoot%\System32\zSBJxpKI1h1kfL7XkFnMETKkQduLV1dQOMw6hf1YYUKK.exe
- del %SystemRoot%\System32\ou4YZD2SogZiTGLQOu2luyZd9n9pwN4RSyalQr2jsSff.exe
- reg delete HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eon_bbssec520.com /va /f
- reg delete HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\eon_bbssec520.com /va /f
- reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eon_bbssec520.com /va /f
- echo ★杀毒完成★
- echo.&pause
复制代码
[ 本帖最后由 cjiabing 于 2009-2-25 15:52 编辑 ] |