增加屏蔽:

16a.us

www.nice8.org

更新对新的木马的查杀,修改结束进程模块.

本来这个专杀只是玩VBS时做的一个拙品,但是看到有人还在提醒我木马群更新,专杀杀不干净的时候我就又再次更新了.需要的朋友就继续关注这里的更新吧.送佛送到西....

vbs文件

复制代码 代码如下:

onerrorresumenext

msgbox"本专杀由[G-AVR]Gryesign提供，请关注BLOG及时更新专杀---http://hi.baidu.com/greysign",64,"搜索引擎乱码病毒专杀,请重复运行两次以便根除病毒"

'-----------------病毒进程结束模块开始-----------------

DimstrComputer,strPath,strExePath

DimobjWMI,objFSO

DimcolProcesses

DimobjProcess,objFile

SetobjFSO=CreateObject("Scripting.FileSystemObject")

strComputer="."

nCount=0

strPath=CreateObject("WScript.Shell").ExpandEnvironmentStrings_

("%ProgramFiles%InternetExploreriexplore.exe")

SetobjFile=objFSO.GetFile(strPath)

strPath=objFile.ShortPath

SetobjFile=Nothing

SetobjWMI=GetObject("winmgmts:{impersonationLevel=impersonate}"&_

strComputer&"rootcimv2")

SetcolProcesses=objWMI.ExecQuery("SELECT*FROMWin32_Process"&_

"WHEREName='iexplore.exe'")

ForEachobjProcessIncolProcesses

SetobjFile=objFSO.GetFile(objProcess.ExecutablePath)

strExePath=objFile.ShortPath

SetobjFile=Nothing

IfStrComp(strExePath,strPath,1)Then

objProcess.Terminate

Else

EndIf

Next

setobjFSO=CreateObject("Scripting.FileSystemObject")

strComputer="."

nCount=0

strPath=CreateObject("WScript.Shell").ExpandEnvironmentStrings_

("%windir%system32smss.exe")

SetobjFile=objFSO.GetFile(strPath)

strPath=objFile.ShortPath

SetobjFile=Nothing

SetobjWMI=GetObject("winmgmts:{impersonationLevel=impersonate}"&_

strComputer&"rootcimv2")

SetcolProcesses=objWMI.ExecQuery("SELECT*FROMWin32_Process"&_

"WHEREName='smss.exe'")

ForEachobjProcessIncolProcesses

SetobjFile=objFSO.GetFile(objProcess.ExecutablePath)

strExePath=objFile.ShortPath

SetobjFile=Nothing

IfStrComp(strExePath,strPath,1)Then

objProcess.Terminate

Else

EndIf

Next

setobjFSO=CreateObject("Scripting.FileSystemObject")

strComputer="."

nCount=0

strPath=CreateObject("WScript.Shell").ExpandEnvironmentStrings_

("%windir%system32services.exe")

SetobjFile=objFSO.GetFile(strPath)

strPath=objFile.ShortPath

SetobjFile=Nothing

SetobjWMI=GetObject("winmgmts:{impersonationLevel=impersonate}"&_

strComputer&"rootcimv2")

SetcolProcesses=objWMI.ExecQuery("SELECT*FROMWin32_Process"&_

"WHEREName='services.exe'")

ForEachobjProcessIncolProcesses

SetobjFile=objFSO.GetFile(objProcess.ExecutablePath)

strExePath=objFile.ShortPath

SetobjFile=Nothing

IfStrComp(strExePath,strPath,1)Then

objProcess.Terminate

Else

EndIf

Next

setobjFSO=CreateObject("Scripting.FileSystemObject")

strComputer="."

nCount=0

strPath=CreateObject("WScript.Shell").ExpandEnvironmentStrings_

("%windir%system32svshost.exe")

SetobjFile=objFSO.GetFile(strPath)

strPath=objFile.ShortPath

SetobjFile=Nothing

SetobjWMI=GetObject("winmgmts:{impersonationLevel=impersonate}"&_

strComputer&"rootcimv2")

SetcolProcesses=objWMI.ExecQuery("SELECT*FROMWin32_Process"&_

"WHEREName='svshost.exe'")

ForEachobjProcessIncolProcesses

SetobjFile=objFSO.GetFile(objProcess.ExecutablePath)

strExePath=objFile.ShortPath

SetobjFile=Nothing

IfStrComp(strExePath,strPath,1)Then

objProcess.Terminate

Else

EndIf

Next

setobjFSO=CreateObject("Scripting.FileSystemObject")

strComputer="."

nCount=0

strPath=CreateObject("WScript.Shell").ExpandEnvironmentStrings_

("%windir%system32csrss.exe")

SetobjFile=objFSO.GetFile(strPath)

strPath=objFile.ShortPath

SetobjFile=Nothing

SetobjWMI=GetObject("winmgmts:{impersonationLevel=impersonate}"&_

strComputer&"rootcimv2")

SetcolProcesses=objWMI.ExecQuery("SELECT*FROMWin32_Process"&_

"WHEREName='csrss.exe'")

ForEachobjProcessIncolProcesses

SetobjFile=objFSO.GetFile(objProcess.ExecutablePath)

strExePath=objFile.ShortPath

SetobjFile=Nothing

IfStrComp(strExePath,strPath,1)Then

objProcess.Terminate

Else

EndIf

Next

setobjFSO=CreateObject("Scripting.FileSystemObject")

strComputer="."

nCount=0

strPath=CreateObject("WScript.Shell").ExpandEnvironmentStrings_

("%windir%system32ctfmon.exe")

SetobjFile=objFSO.GetFile(strPath)

strPath=objFile.ShortPath

SetobjFile=Nothing

SetobjWMI=GetObject("winmgmts:{impersonationLevel=impersonate}"&_

strComputer&"rootcimv2")

SetcolProcesses=objWMI.ExecQuery("SELECT*FROMWin32_Process"&_

"WHEREName='ctfmon.exe'")

ForEachobjProcessIncolProcesses

SetobjFile=objFSO.GetFile(objProcess.ExecutablePath)

strExePath=objFile.ShortPath

SetobjFile=Nothing

IfStrComp(strExePath,strPath,1)Then

objProcess.Terminate

Else

EndIf

Next

setobjFSO=CreateObject("Scripting.FileSystemObject")

strComputer="."

nCount=0

strPath=CreateObject("WScript.Shell").ExpandEnvironmentStrings_

("%windir%explorer.exe")

SetobjFile=objFSO.GetFile(strPath)

strPath=objFile.ShortPath

SetobjFile=Nothing

SetobjWMI=GetObject("winmgmts:{impersonationLevel=impersonate}"&_

strComputer&"rootcimv2")

SetcolProcesses=objWMI.ExecQuery("SELECT*FROMWin32_Process"&_

"WHEREName='explorer.exe'")

ForEachobjProcessIncolProcesses

SetobjFile=objFSO.GetFile(objProcess.ExecutablePath)

strExePath=objFile.ShortPath

SetobjFile=Nothing

objProcess.Terminate

Next

SetcolProcesses=Nothing

SetobjWMI=Nothing

'======================================================================

setw=getobject("winmgmts:")

setp=w.execquery("select*fromwin32_processwherename='fyso.exe'")

foreachiinp

i.terminate

next

onerrorresumenext

setw=getobject("winmgmts:")

setp=w.execquery("select*fromwin32_processwherename='jtso.exe'")

foreachiinp

i.terminate

next

setw=getobject("winmgmts:")

setp=w.execquery("select*fromwin32_processwherename='mhso.exe'")

foreachiinp

i.terminate

next

setw=getobject("winmgmts:")

setp=w.execquery("select*fromwin32_processwherename='qjso.exe'")

foreachiinp

i.terminate

next

setw=getobject("winmgmts:")

setp=w.execquery("select*fromwin32_processwherename='qqso.exe'")

foreachiinp

i.terminate

next

setw=getobject("winmgmts:")

setp=w.execquery("select*fromwin32_processwherename='wgso.exe'")

foreachiinp

i.terminate

next

setw=getobject("winmgmts:")

setp=w.execquery("select*fromwin32_processwherename='wlso.exe'")

foreachiinp

i.terminate

next

setw=getobject("winmgmts:")

setp=w.execquery("select*fromwin32_processwherename='wmso.exe'")

foreachiinp

i.terminate

next

setw=getobject("winmgmts:")

setp=w.execquery("select*fromwin32_processwherename='woso.exe'")

foreachiinp

i.terminate

next

setw=getobject("winmgmts:")

setp=w.execquery("select*fromwin32_processwherename='ztso.exe'")

foreachiinp

i.terminate

next

setw=getobject("winmgmts:")

setp=w.execquery("select*fromwin32_processwherename='nwizAskTao.exe'")

foreachiinp

i.terminate

next

setw=getobject("winmgmts:")

setp=w.execquery("select*fromwin32_processwherename='rxso.exe'")

foreachiinp

i.terminate

next

setw=getobject("winmgmts:")

setp=w.execquery("select*fromwin32_processwherename='mmc.exe'")

foreachiinp

i.terminate

next

setw=getobject("winmgmts:")

setp=w.execquery("select*fromwin32_processwherename='svchost32.exe'")

foreachiinp

i.terminate

next

setw=getobject("winmgmts:")

setp=w.execquery("select*fromwin32_processwherename='spglsdr.exe'")

foreachiinp

i.terminate

next

'-----------------病毒进程结束模块终止-----------------

'-----------------病毒文件删除模块开始-----------------

setfso=createobject("scripting.filesystemobject")

setdel=wscript.createobject("wscript.shell")

d1=del.ExpandEnvironmentStrings("%temp%fyso.exe")

d2=del.ExpandEnvironmentStrings("%temp%jtso.exe")

d3=del.ExpandEnvironmentStrings("%temp%mhso.exe")

d4=del.ExpandEnvironmentStrings("%temp%qjso.exe")

d5=del.ExpandEnvironmentStrings("%temp%qqso.exe")

d6=del.ExpandEnvironmentStrings("%temp%wgso.exe")

d7=del.ExpandEnvironmentStrings("%temp%wlso.exe")

d8=del.ExpandEnvironmentStrings("%temp%wmso.exe")

d9=del.ExpandEnvironmentStrings("%temp%woso.exe")

d10=del.ExpandEnvironmentStrings("%temp%ztso.exe")

d11=del.ExpandEnvironmentStrings("%temp%fyso0.dll")

d12=del.ExpandEnvironmentStrings("%temp%jtso0.dll")

d13=del.ExpandEnvironmentStrings("%temp%mhso0.dll")

d14=del.ExpandEnvironmentStrings("%temp%conime.exe")

d15=del.ExpandEnvironmentStrings("%temp%qjso0.dll")

d16=del.ExpandEnvironmentStrings("%temp%qqso0.dll")

d17=del.ExpandEnvironmentStrings("%temp%wgso0.dll")

d18=del.ExpandEnvironmentStrings("%temp%wlso0.dll")

d19=del.ExpandEnvironmentStrings("%temp%wmso0.dll")

d20=del.ExpandEnvironmentStrings("%temp%woso0.dll")

d21=del.ExpandEnvironmentStrings("%temp%ztso0.dll")

d22=del.ExpandEnvironmentStrings("%programfiles%Intern~1PLUGINSBinNice.bak")

d23=del.ExpandEnvironmentStrings("%programfiles%Intern~1PLUGINSBinNice.dll")

d24=del.ExpandEnvironmentStrings("%temp%svchost.exe")

d25=del.ExpandEnvironmentStrings("%temp%IEXPLORE.EXE")

d26=del.ExpandEnvironmentStrings("%windir%system32nwiztlbb.exe")

d27=del.ExpandEnvironmentStrings("%windir%system32nwizAskTao.exe")

d28=del.ExpandEnvironmentStrings("%windir%system32nwiztlbb.dll")

d29=del.ExpandEnvironmentStrings("%windir%system32nwizAskTao.dll")

d30=del.ExpandEnvironmentStrings("%temp%svchost32.exe")

d31=del.ExpandEnvironmentStrings("%temp%srogm.exe")

d32=del.ExpandEnvironmentStrings("%temp%csrss.exe")

d33=del.ExpandEnvironmentStrings("%temp%rxso.exe")

d34=del.ExpandEnvironmentStrings("%temp%mmc.exe")

d35=del.ExpandEnvironmentStrings("%temp%rxso0.dll")

d36=del.ExpandEnvironmentStrings("%temp%spglsdr.exe")

d37=del.ExpandEnvironmentStrings("%temp%services.exe")

d38=del.ExpandEnvironmentStrings("%temp%daso.exe")

d39=del.ExpandEnvironmentStrings("%temp%tlso.exe")

d40=del.ExpandEnvironmentStrings("%temp%tlso0.dll")

d41=del.ExpandEnvironmentStrings("%temp%daso0.dll")

d42=del.ExpandEnvironmentStrings("%programfiles%Intern~1HiJack.bak")

d43=del.ExpandEnvironmentStrings("%programfiles%Intern~1HiJack.dll")

d44=del.ExpandEnvironmentStrings("%temp%wdso.exe")

d45=del.ExpandEnvironmentStrings("%temp%wdso0.dll")

d46=del.ExpandEnvironmentStrings("%temp%smss.exe")

d47=del.ExpandEnvironmentStrings("%temp%copypfh.exe")

setv1=fso.getfile(d1)

setv2=fso.getfile(d2)

setv3=fso.getfile(d3)

setv4=fso.getfile(d4)

setv5=fso.getfile(d5)

setv6=fso.getfile(d6)

setv7=fso.getfile(d7)

setv8=fso.getfile(d8)

setv9=fso.getfile(d9)

setv10=fso.getfile(d10)

setv11=fso.getfile(d11)

setv12=fso.getfile(d12)

setv13=fso.getfile(d13)

setv14=fso.getfile(d14)

setv15=fso.getfile(d15)

setv16=fso.getfile(d16)

setv17=fso.getfile(d17)

setv18=fso.getfile(d18)

setv19=fso.getfile(d19)

setv20=fso.getfile(d20)

setv21=fso.getfile(d21)

setv22=fso.getfile(d22)

setv23=fso.getfile(d23)

setv24=fso.getfile(d24)

setv25=fso.getfile(d25)

setv26=fso.getfile(d26)

setv27=fso.getfile(d27)

setv28=fso.getfile(d28)

setv29=fso.getfile(d29)

setv30=fso.getfile(d30)

setv31=fso.getfile(d31)

setv32=fso.getfile(d32)

setv33=fso.getfile(d33)

setv34=fso.getfile(d34)

setv35=fso.getfile(d35)

setv36=fso.getfile(d36)

setv37=fso.getfile(d37)

setv38=fso.getfile(d38)

setv39=fso.getfile(d39)

setv40=fso.getfile(d40)

setv41=fso.getfile(d41)

setv42=fso.getfile(d42)

setv43=fso.getfile(d43)

setv44=fso.getfile(d44)

setv45=fso.getfile(d45)

setv46=fso.getfile(d46)

setv47=fso.getfile(d47)

v1.attributes=0

v2.attributes=0

v3.attributes=0

v4.attributes=0

v5.attributes=0

v6.attributes=0

v7.attributes=0

v8.attributes=0

v9.attributes=0

v10.attributes=0

v11.attributes=0

v12.attributes=0

v13.attributes=0

v14.attributes=0

v15.attributes=0

v16.attributes=0

v17.attributes=0

v18.attributes=0

v19.attributes=0

v20.attributes=0

v21.attributes=0

v22.attributes=0

v23.attributes=0

v24.attributes=0

v25.attributes=0

v26.attributes=0

v27.attributes=0

v28.attributes=0

v29.attributes=0

v30.attributes=0

v31.attributes=0

v32.attributes=0

v33.attributes=0

v34.attributes=0

v35.attributes=0

v36.attributes=0

v37.attributes=0

v38.attributes=0

v39.attributes=0

v40.attributes=0

v41.attributes=0

v42.attributes=0

v43.attributes=0

v44.attributes=0

v45.attributes=0

v46.attributes=0

v47.attributes=0

v1.delete

v2.delete

v3.delete

v4.delete

v5.delete

v6.delete

v7.delete

v8.delete

v9.delete

v10.delete

v11.delete

v12.delete

v13.delete

v14.delete

v15.delete

v16.delete

v17.delete

v18.delete

v19.delete

v20.delete

v21.delete

v22.delete

v23.delete

v24.delete

v25.delete

v26.delete

v27.delete

v28.delete

v29.delete

v30.delete

v31.delete

v32.delete

v33.delete

v34.delete

v35.delete

v36.delete

v37.delete

v38.delete

v39.delete

v40.delete

v41.delete

v42.delete

v43.delete

v44.delete

v45.delete

v46.delete

v47.delete

'-----------------病毒文件删除模块终止-----------------

'-----------------病毒文件免疫模块开始-----------------

CreateFolderCreateObject("Scripting.FileSystemObject").CreateFolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%fyso.exe")

CreateObject("Scripting.FileSystemObject").CreateFolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%jtso.exe")

CreateObject("Scripting.FileSystemObject").CreateFolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%mhso.exe")

CreateObject("Scripting.FileSystemObject").CreateFolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%qjso.exe")

CreateObject("Scripting.FileSystemObject").CreateFolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%qqso.exe")

CreateObject("Scripting.FileSystemObject").CreateFolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%wgso.exe")

CreateObject("Scripting.FileSystemObject").CreateFolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%wlso.exe")

CreateObject("Scripting.FileSystemObject").CreateFolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%wmso.exe")

CreateObject("Scripting.FileSystemObject").CreateFolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%woso.exe")

CreateObject("Scripting.FileSystemObject").CreateFolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%ztso.exe")

CreateObject("Scripting.FileSystemObject").CreateFolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%fyso0.dll")

CreateObject("Scripting.FileSystemObject").CreateFolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%jtso0.dll")

CreateObject("Scripting.FileSystemObject").CreateFolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%mhso0.dll")

CreateObject("Scripting.FileSystemObject").CreateFolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%qjso0.dll")

CreateObject("Scripting.FileSystemObject").CreateFolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%qqso0.dll")

CreateObject("Scripting.FileSystemObject").CreateFolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%wgso0.dll")

CreateObject("Scripting.FileSystemObject").CreateFolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%wlso0.dll")

CreateObject("Scripting.FileSystemObject").CreateFolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%wmso0.dll")

CreateObject("Scripting.FileSystemObject").CreateFolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%woso0.dll")

CreateObject("Scripting.FileSystemObject").CreateFolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%ztso0.dll")

CreateObject("Scripting.FileSystemObject").CreateFolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%programfiles%Intern~1PLUGINSBinNice.bak")

CreateObject("Scripting.FileSystemObject").CreateFolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%programfiles%Intern~1PLUGINSBinNice.dll")

CreateObject("Scripting.FileSystemObject").CreateFolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%svchost.exe")

CreateObject("Scripting.FileSystemObject").CreateFolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%IEXPLORE.EXE")

CreateObject("Scripting.FileSystemObject").CreatefolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%windir%system32nwiztlbb.exe")

CreateObject("Scripting.FileSystemObject").CreatefolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%windir%system32nwizAskTao.exe")

CreateObject("Scripting.FileSystemObject").CreatefolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%windir%system32nwiztlbb.dll")

CreateObject("Scripting.FileSystemObject").CreatefolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%windir%system32nwizAskTao.dll")

CreateObject("Scripting.FileSystemObject").CreatefolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%svchost32.exe")

CreateObject("Scripting.FileSystemObject").CreatefolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%srogm.exe")

CreateObject("Scripting.FileSystemObject").CreatefolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%csrss.exe")

CreateObject("Scripting.FileSystemObject").CreatefolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%conime.exe")

CreateObject("Scripting.FileSystemObject").CreatefolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%rxso.exe")

CreateObject("Scripting.FileSystemObject").CreatefolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%mmc.exe")

CreateObject("Scripting.FileSystemObject").CreatefolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%rxso0.dll")

CreateObject("Scripting.FileSystemObject").CreatefolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%spglsdr.exe")

CreateObject("Scripting.FileSystemObject").CreatefolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%services.exe")

CreateObject("Scripting.FileSystemObject").CreatefolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%copypfh.exe")

CreateObject("Scripting.FileSystemObject").CreatefolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%daso.exe")

CreateObject("Scripting.FileSystemObject").CreatefolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%tlso.exe")

CreateObject("Scripting.FileSystemObject").CreatefolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%tlso0.dll")

CreateObject("Scripting.FileSystemObject").CreatefolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%daso0.dll")

CreateObject("Scripting.FileSystemObject").CreateFolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%programfiles%Intern~1HiJack.dll")

CreateObject("Scripting.FileSystemObject").CreateFolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%programfiles%Intern~1HiJack.bak")

CreateObject("Scripting.FileSystemObject").CreatefolderCreateObject("WScript.Shell").ExpandEnvironmentStrings("%temp%smss.exe")

'-----------------病毒文件免疫模块终止-----------------

'-----------------遍历删除各盘符根目录下病毒文件模块开始-----------------

setfso=createobject("scripting.filesystemobject")

setdrvs=fso.drives

foreachdrvindrvs

ifdrv.drivetype=1ordrv.drivetype=2ordrv.drivetype=3ordrv.drivetype=4then

setu=fso.getfile(drv.driveletter&":autorun.inf")

u.attributes=0

u.delete

endif

next

'-----------------遍历删除各盘符根目录下病毒文件模块终止-----------------

'-----------------注册表操作模块开始-----------------

setreg=wscript.createobject("wscript.shell")

SetobjFSO=CreateObject("Scripting.FileSystemObject")

reg.regwrite"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsNTCurrentVersionWinlogonUserinit",objFSO.GetSpecialFolder(1)&"userinit.exe,","REG_SZ"

reg.regwrite"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALLCheckedValue",1,"REG_DWORD"

reg.regwrite"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALLDefaultValue",2,"REG_DWORD"

reg.regwrite"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenNOHIDDENCheckedValue",2,"REG_DWORD"

reg.regwrite"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenNOHIDDENDefaultValue",2,"REG_DWORD"

reg.regdelete"HKEY_CLASSES_ROOTCLSID{06E6B6B6-BE3C-6E23-6C8E-B833E2CE63B8}"

reg.regdelete"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks{06E6B6B6-BE3C-6E23-6C8E-B833E2CE63B8}"

reg.regdelete"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks{01F6EB6F-AB5C-1FDD-6E5B-FB6EE3CC6CD6}"

reg.regdelete"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks{A6011F8F-A7F8-49AA-9ADA-49127D43138F}"

reg.regdelete"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunfysa"

reg.regdelete"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunjtsa"

reg.regdelete"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunmhsa"

reg.regdelete"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunqjsa"

reg.regdelete"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunqqsa"

reg.regdelete"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunwgsa"

reg.regdelete"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunwlsa"

reg.regdelete"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunwmsa"

reg.regdelete"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunwosa"

reg.regdelete"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunztsa"

reg.regdelete"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunnwizAskTao"

reg.regdelete"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunnwiztlbb"

reg.regdelete"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunrxsa"

reg.regdelete"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRundasa"

reg.regdelete"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRuntlsa"

reg.regdelete"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunwdsa"

'-----------------注册表操作模块终止-----------------

'-----------------系统文件恢复模块开始-----------------

'-----------------系统文件修复模块终止-----------------

'-----------------HOST文件修复模块开始-----------------

setfso=createobject("scripting.filesystemobject")

SetobjFSO=CreateObject("Scripting.FileSystemObject")

setre=fso.OpenTextFile(objFSO.GetSpecialFolder(1)&"driversetchosts",2,0)

re.Write"127.0.0.1localhost"&vbCrLf

re.Write"127.0.0.17y7.us"&vbCrLf

re.Write"127.0.0.1www.beginget.com"&vbCrLf

re.Write"127.0.0.116a.us"&vbCrLf

re.Write"127.0.0.1www.nice8.org"&vbCrLf

re.Close

setre=nothing

'-----------------HOST文件修复模块终止-----------------

'-----------------Autorun免疫模块开始-----------------

setdrvs=fso.drives

foreachdrvindrvs

ifdrv.drivetype=1ordrv.drivetype=2ordrv.drivetype=3ordrv.drivetype=4then

fso.createfolder(drv.driveletter&":autorun.inf")

fso.createfolder(drv.driveletter&":autorun.inf免疫文件夹..")

setfl=fso.getfolder(drv.driveletter&":autorun.inf")

fl.attributes=3

endif

next

'-----------------Autorun免疫模块终止-----------------

msgbox"病毒清除成功，请重启电脑！假如病毒还未根除请到安全模式下运行",64,"搜索引擎乱码病毒专杀"

7y7.us专杀工具下载地址:

http://hzyo.com/killvirus.rar