-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrun.bat
59 lines (46 loc) · 1015 Bytes
/
run.bat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
@echo off
echo -------------------------------------------------------
echo.
echo 1KB lnks Virus Killer for Windows
echo.
echo -------------------------------------------------------
rem kill the virus procession
echo Killing virus procession...
echo.
taskkill /f /im wscript.exe
echo Success!
echo.
rem access U disk directory
for /f "skip=1" %%i in ('wmic logicaldisk where "drivetype=2" get caption') do %%i
rem list all the hiding files
dir /a:h /b >hfiles.txt
for /f "tokens=* delims= " %%a in (hfiles.txt) do (
if %%~xa==.vbe (
rem %%a points to the virus
call :killv "%%a"
) else (
rem %%a points to the hiding directory
call :recover "%%a"
)
)
del hfiles.txt
rem Delete all the Inks
del *.lnk
echo.
echo All done!
pause
:killv
set var=%1
echo Find virus %var%
echo.
rem remove hiding attributes
attrib -a -s -h -r %var%
echo Killing virus %var%...
echo.
del %var%
:recover
set var=%1
echo Recovering %var%...
echo.
rem remove hiding attributes
attrib -a -s -h -r %var%