How to implement Autorun virus removal tool in batch processing 01/17 Update SLTechnology News&Howtos

How to implement Autorun virus removal tool in batch processing

2025-01-17 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Shulou(Shulou.com)06/03 Report--

This article mainly introduces how to batch Autorun virus removal tool, the article is very detailed, has a certain reference value, interested friends must read it!

@ Echo Off

Color 2f

Title Autorun virus removal tool-By Phexon

Rem killing process

Taskkill / F / IM SocksA.exe / IM SVOHOST.exe / IM AdobeR.exe / IM ravmone.exe / IM wincfgs.exe / IM doc.exe / IM rose.exe / IM sxs.exe / IM autorun.exe / IM KB20060111.exe / IM tel.xls.exe > nul 2 > nul

: clearauto

Cls

Echo.

Echo Autorun virus removal tool

Echo.

Echo production: Phexon

Echo.

Echo this program automatically clears the Autorun virus under each drive letter after running.

Echo the principle of this program is based on reading Autorun.inf related fields under each drive letter.

Echo.

Echo [1] only removes the Autorun virus under all drive letters

Echo [2] remove all Autorun viruses under the drive letter and establish an immunization directory with the same name (recommended!)

Echo [3] disable the Autorun mechanism of the system to avoid reinfection of Autorun virus

Echo [4] cancel Autorun virus immunity for all drive characters

Echo [5] removes and immunizes the Autorun virus with the specified drive letter

Echo [6] cancel immunizing specified drive letter

Echo [7] restore the default values of relevant registry keys

Echo [0] exit

Echo.

Set / p clearslt= Please enter your choice (1, 2, 3, 4, 5, 5, 6, 7, 0):

If "% clearslt%" = "" Goto clearauto

If "% clearslt%" = = "1" Goto clearauto1

If "% clearslt%" = = "2" Goto clearauto2

If "% clearslt%" = = "3" Goto clearauto3

If "% clearslt%" = = "4" Goto clearauto4

If "% clearslt%" = = "5" Goto clearauto5

If "% clearslt%" = = "6" Goto clearauto6

If "% clearslt%" = = "7" Goto clearauto7

If "% clearslt%" = = "0" Exit

: clearauto1

For an In (C D E F G H I J K L M N O P Q R S T U V W X Y Z) Do (

Fsutil fsinfo drivetype% a: | find / I "fixed drive" & & (

For / f "tokens=2 delims=="% b In (% a:\ autorun.inf) Do Del / a / f / Q "% a:\% b" > nul 2 > nul

Del / a / f / Q% a:\ autorun.inf > nul 2 > nul

) > nul 2 > nul

Fsutil fsinfo drivetype% a: | find / I "removable drive" & & (

For / f "tokens=2 delims=="% b In (% a:\ autorun.inf) Do Del / a / f / Q "% a:\% b" > nul 2 > nul

Del / a / f / Q% a:\ autorun.inf > nul 2 > nul

) > nul 2 > nul

)

Cls

After the Echo Autorun virus has been cleared, any key returns.

Pause > nul

Goto clearauto

: clearauto2

For an In (C D E F G H I J K L M N O P Q R S T U V W X Y Z) Do (

Fsutil fsinfo drivetype% a: | find / I "fixed drive" & & (

For / f "tokens=2 delims=="% b In (% a:\ autorun.inf) Do Del / a / f / Q "% a:\% b" & md "% a:\% b\ immune directory do not delete!.\" & attrib + s + h + r "% a:\% b" & Echo Y | cacls "% a:\% b" / T / C / P everyone:N > nul 2 > nul

Del / a / f / Q% a:\ autorun.inf & md "% a:\ autorun.inf\ Immunization directory do not delete!.\" & attrib + s + h + r% a:\ autorun.inf & Echo Y | cacls "% a:\ autorun.inf" / T / C / P everyone:N > nul 2 > nul

) > nul 2 > nul

Fsutil fsinfo drivetype% a: | find / I "removable drive" & & (

) > nul 2 > nul

)

Cls

Echo Autorun virus has been cleared and immunized, any key to return.

Pause > nul

Goto clearauto

: clearauto3

Cls

Echo.

Echo is shutting down related services.

Echo.

Reg add "HKLM\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ policies\ Explorer" / v NoDriveTypeAutoRun / t REG_DWORD / d 0x000000ff / f > nul 2 > nul

Reg add "HKCU\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ policies\ Explorer" / v NoDriveTypeAutoRun / t REG_DWORD / d 0x000000ff / f > nul 2 > nul

Net stop ShellHWDetection > nul 2 > nul

Sc config ShellHWDetection start= disabled > nul 2 > nul

Rem adds a policy to prevent executables from running directly from the Recycle Bin or directories imitating the Recycle Bin

Set REGPATH=HKLM\ SOFTWARE\ Policies\ Microsoft\ Windows\ Safer\ CodeIdentifiers\ 0\ Paths

Set SFLAG=/v SaferFlags / t REG_DWORD / d 0x00000000 / f

Set IDATA=/f / v ItemData / d "?:\ Recyc?

Reg add% REGPATH%\ {00ffa5bf-abe7-4901-aacf-4f58aa31217a}% SFLAG% > nul

Reg add% REGPATH%\ {00ffa5bf-abe7-4901-aacf-4f58aa31217a}% IDATA%\ *. * "> nul

Reg add% REGPATH%\ {41fe7eed-c47a-46f6-840a-240796fd03cf}% SFLAG% > nul

Reg add% REGPATH%\ {41fe7eed-c47a-46f6-840a-240796fd03cf}% IDATA%\ *. * "> nul

Reg add% REGPATH%\ {4e93c91c-a40e-462e-9b89-3b0832d222d9}% SFLAG% > nul

Reg add% REGPATH%\ {4e93c91c-a40e-462e-9b89-3b0832d222d9}% IDATA%\ *. * "> nul

Reg add% REGPATH%\ {5bfc100b-d3fb-450e-88ec-6819ab56a9ff}% SFLAG% > nul

Reg add% REGPATH%\ {5bfc100b-d3fb-450e-88ec-6819ab56a9ff}% IDATA%\ *. * "> nul

Reg add% REGPATH%\ {5c5e2bcd-7057-43f4-830c-e4361d2afadd}% SFLAG% > nul

Reg add% REGPATH%\ {5c5e2bcd-7057-43f4-830c-e4361d2afadd}% IDATA%\ *. * "> nul

Reg add% REGPATH%\ {5f8ff865-0638-4c6e-98de-923e7bc6b330}% SFLAG% > nul

Reg add% REGPATH%\ {5f8ff865-0638-4c6e-98de-923e7bc6b330}% IDATA%\ *. * "> nul

Reg add% REGPATH%\ {649c1429-0e79-453c-abe9-b5682e035ae7}% SFLAG% > nul

Reg add% REGPATH%\ {649c1429-0e79-453c-abe9-b5682e035ae7}% IDATA%\ *\ *. "> nul

Reg add% REGPATH%\ {718f54b2-c669-4d7b-aeff-18d69f100034}% SFLAG% > nul

Reg add% REGPATH%\ {718f54b2-c669-4d7b-aeff-18d69f100034}% IDATA%\ *\ *. "> nul

Reg add% REGPATH%\ {8385d9d2-80c9-4ac1-a100-ed3e62863d97}% SFLAG% > nul

Reg add% REGPATH%\ {8385d9d2-80c9-4ac1-a100-ed3e62863d97}% IDATA%\ *. * "> nul

Reg add% REGPATH%\ {af2a4fcf-441c-421e-9663-52cd3502cfd7}% SFLAG% > nul

Reg add% REGPATH%\ {af2a4fcf-441c-421e-9663-52cd3502cfd7}% IDATA%\ *. * "> nul

Reg add% REGPATH%\ {b997f4b2-c037-4e97-b051-31f5d86df802}% SFLAG% > nul

Reg add% REGPATH%\ {b997f4b2-c037-4e97-b051-31f5d86df802}% IDATA%\ *\ *. "> nul

Reg add% REGPATH%\ {d4e7b6ff-d76f-407f-b8bb-ea0835f5babc}% SFLAG% > nul

Reg add% REGPATH%\ {d4e7b6ff-d76f-407f-b8bb-ea0835f5babc} / f / v ItemData / d "RECYC*.*" > nul

Rem clears viruses that like to use the mobile disk of the Recycle Bin to run automatically

For% an In (c rec dpense e rep f g ref g Do) Do (

For% b In (exe pif com) Do (

Echo Y | cacls "% a:\ Recycler\ *.% b" / C / T / P everyone:F > nul 2 > nul&Echo Y | cacls "% a:\ Recycled\ *.% b" / C / T / P everyone:F > nul 2 > nul&Echo Y | cacls "% a:\ Recycled\ Recycled\ *.% b" / C / T / P everyone:F > nul 2 > nul

Del / A / F / S / Q "% a:\ Recycler\ *.% b" > nul 2 > nul&Del / A / F / S / Q "% a:\ Recycled\ *.% b" > nul 2 > nul&Del / A / F / S / Q "% a:\ Recycled\ Recycled\ *.% b" > nul 2 > nul

)

) > nul 2 > nul

Echo.

Echo related services have been stopped and disabled, any key returns.

Pause > nul

Goto clearauto

: clearauto4

For an In (C D E F G H I J K L M N O P Q R S T U V W X Y Z) Do (

Fsutil fsinfo drivetype% a: | find / I "fixed drive" & & (

Cacls "% a:\ autorun.inf" / T / C / P everyone:F&Del / a / f / Q "% a:\ autorun.inf" & rd / s / Q "% a:\ autorun.inf" > nul 2 > nul

) > nul 2 > nul

Fsutil fsinfo drivetype% a: | find / I "removable drive" & & (

Cacls "% a:\ autorun.inf" / T / C / P everyone:F&Del / a / f / Q "% a:\ autorun.inf" & rd / s / Q "% a:\ autorun.inf" > nul 2 > nul

) > nul 2 > nul

)

Cls

Echo.

Echo has been immune to all drive characters, any key to return.

Pause > nul

Goto clearauto

: clearauto5

Cls

Echo.

Set / p pf= Please enter a drive letter, such as "F:" (excluding quotation marks)

Fsutil fsinfo drivetype% pf% | find / I "fixed drive" & & (

For / f "tokens=2 delims=="% an In (% pf%\ autorun.inf) Do Del / a / f / Q "% pf%\% a" & md "% pf%\% a\ immune directory do not delete!.\" & attrib + s + h + r "% pf%\% a" & Echo Y | cacls "% pf%\% a" / T / C / P everyone:N > nul 2 > nul

Del / a / f / Q% pf%\ autorun.inf & md "% pf%\ autorun.inf\ Immunization directory do not delete!.\" & attrib + s + h + r% pf%\ autorun.inf & Echo Y | cacls "% pf%\ autorun.inf" / T / C / P everyone:N > nul 2 > nul

Goto DoneclearAuto

) > nul 2 > nul

Fsutil fsinfo drivetype% pf% | find / I "removable drive" & & (

Goto DoneclearAuto

) > nul 2 > nul

Echo.

Echo the drive letter you entered does not exist or is a read-only device

Echo, please re-enter

Goto clearauto5

: DoneclearAuto

Cls

Echo.

The disk% pf% specified by Echo has successfully cleared and immunized Autorun virus.

Echo.

Echo [1] continues to immunize other disks

Echo [0] returns to the main menu

Set / p choice= Please enter your choice (1ram 0):

If choice%= "" Goto DoneclearAuto

If choice%='1' Goto clearauto5

If choice%='0' Goto clearauto

: clearauto6

Cls

Echo.

Set / p pf= Please enter a drive letter, such as "F:" (excluding quotation marks)

Fsutil fsinfo drivetype% pf% | find / I "fixed drive" & & (

Cacls "% pf%\ autorun.inf" / T / C / P everyone:F&Del / a / f / Q "% pf%\ autorun.inf" & rd / s / Q "% pf%\ autorun.inf" > nul 2 > nul

Goto DoneUnauto

) > nul 2 > nul

Fsutil fsinfo drivetype% pf% | find / I "removable drive" & & (

Cacls "% pf%\ autorun.inf" / T / C / P everyone:F&Del / a / f / Q "% pf%\ autorun.inf" & rd / s / Q "% pf%\ autorun.inf" > nul 2 > nul

Goto DoneUnauto

) > nul 2 > nul

Echo.

Echo the drive letter you entered does not exist or is a read-only device

Echo, please re-enter

Goto clearauto6

: DoneUnauto

Cls

Echo.

The disk% pf% specified by Echo has successfully unimmunized Autorun virus.

Echo.

Echo [1] continues to unimmunize other disks

Echo [0] returns to the main menu

Set choice=

Set / p choice= Please enter your choice (1ram 0):

If choice%= "" Goto DoneUnauto

If choice%='1' Goto clearauto6

If choice%='0' Goto clearauto

: clearauto7

Cls

Rem prevents files from being completely hidden, prohibited, etc., in Explorer

Reg add "HKLM\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced\ Folder\ Hidden\ SHOWALL" / v CheckedValue / t REG_DWORD / d 0x00000001 / f > nul 2 > nul

Reg delete "HKCU\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ MountPoints2" / f > nul 2 > nul

Reg delete "HKCU\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ Explorer\ DisallowRun" / f > nul 2 > nul

Reg delete "HKCU\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ Explorer" / v DisallowRun / f > nul 2 > nul

Rem prevents transfer of startup group location

Reg add "HKCU\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Shell Folders" / v Startup / d "% USERPROFILE%\ start menu\ Program\ launch" / f > nul 2 > nul

Reg add "HKCU\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Shell Folders" / v "Common Startup" / d "% ALLUSERSPROFILE%\ start menu\ Program\ launch" / f > nul 2 > nul

Echo.

The relevant registry of Echo has been restored, any key returns.

Pause > nul

Goto clearauto

These are all the contents of this article entitled "how to batch implement Autorun virus removal tool". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.