Shulou(Shulou.com)06/03 Report--

This article mainly shows you "tel.xls.vbs how to achieve xls kill tool", the content is easy to understand, clear, hope to help you solve your doubts, the following let the editor lead you to study and learn "tel.xls.vbs how to achieve xls kill tool" this article.

1. Double-click to run tel.xls.vbs to destroy Trojan.Win32.Patched.v virus.

2, this special kill uses VBS script to write, the execution efficiency is high, but lacks intelligence, I also do not want to add those IF judgment statements to make intelligent judgment, this is not necessary. As long as it is my analysis of the virus and written for the special kill is effective, of course, the virus mutated that there is no way, any special killing is like this. If you have a variant, you can contact me at http://hi.baidu.com/ycosxhack.

3. To learn how to write your own killing tool in VBS, you can see here:

Http://hi.baidu.com/ycosxhack/blog/item/36569f51dbd0cc8e8c5430d8.html

BY cosine function 2007.6.1 has some shortcomings. It is also expected to point out:)

The code is as follows:

On error resume next

Msgbox "this special kill has ycosxhack to provide http://hi.baidu.com/ycosxhack!" , 64, "tel.xls.exe virus kill"

This special template is made by ycosxhack (CoSine function). My blog: http://hi.baidu.com/ycosxhack, welcome to discuss.

Set w=getobject ("winmgmts:")

Set p=w.execquery ("select * from win32_process where name='algsrv.exe' or name='SocksA.exe'")

For each i in p

I.terminate

Next

Set fso=createobject ("scripting.filesystemobject")

Set del=wscript.createobject ("wscript.shell")

Dim d (5)

Dim v (5)

D (0) = del.ExpandEnvironmentStrings ("% SystemRoot%\ system32\ SocksA.exe")

D (1) = del.ExpandEnvironmentStrings ("% SystemRoot%\ system32\ FileKan.exe")

D (2) = del.ExpandEnvironmentStrings ("% SystemRoot%\ system32\ algsrv.exe")

D (3) = del.ExpandEnvironmentStrings ("% SystemRoot%\ Session.exe")

D (4) = del.ExpandEnvironmentStrings ("% SystemRoot%\ BACKINF.TAB")

For iTunes 0 to 1

Set v (I) = fso.getfile (d (I))

V (I). Attributes=0

V (I). Delete

Next

Set fso=createobject ("scripting.filesystemobject")

Set drvs=fso.drives

For each drv in drvs

If drv.drivetype=1 or drv.drivetype=2 or drv.drivetype=3 or drv.drivetype=4 then

Set w=fso.getfile (drv.driveletter& ":\ tel.xls.exe")

W.attributes=0

W.delete

Set u=fso.getfile (drv.driveletter& ":\ AUTORUN.INF")

U.attributes=0

U.delete

End if

Next

Set reg=wscript.createobject ("wscript.shell")

Reg.regwrite "HKLM\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced\ Folder\ Hidden\ SHOWALL\ CheckedValue", 1, "REG_DWORD"

Reg.regwrite "HKLM\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced\ Folder\ Hidden\ SHOWALL\ DefaultValue", 2, "REG_DWORD"

Reg.regwrite "HKLM\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced\ Folder\ Hidden\ NOHIDDEN\ CheckedValue", 2, "REG_DWORD"

Reg.regwrite "HKLM\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced\ Folder\ Hidden\ NOHIDDEN\ DefaultValue", 2, "REG_DWORD"

Reg.regwrite "HKLM\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced\ Folder\ SuperHidden\ UncheckedValue", 1, "REG_DWORD"

Reg.regwrite "HKLM\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced\ Folder\ HideFileExt\ UncheckedValue", 0, "REG_DWORD"

Reg.regdelete "HKLM\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Run\ ASocksrv"

'- Autorun virus immune module-

Set fso=createobject ("scripting.filesystemobject")

Set drvs=fso.drives

For each drv in drvs

If drv.drivetype=1 or drv.drivetype=2 or drv.drivetype=3 or drv.drivetype=4 then

Fso.createfolder (drv.driveletter& ":\ autorun.inf")

Fso.createfolder (drv.driveletter& ":\ autorun.inf\ Immunization folder..\")

Set fl=fso.getfolder (drv.driveletter& ":\ autorun.inf")

Fl.attributes=3

End if

Next

'- Autorun virus immune module-

Set fso=nothing

Msgbox "virus cleared successfully, please restart your computer!" , 64, "xxx virus kill"

The above is all the content of this article "how to achieve xls Kill tool in tel.xls.vbs". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.