Autorun随机7位字母命名的病毒专杀工具
作者:
Autorun随机7位字母命名的病毒专杀工具
<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>七位字母命名的病毒专杀工具</title>
<HTA:APPLICATION
APPLICATIONNAME="KILLVIRUS"
border="thin"
borderstyle="normal"
caption="yes"
icon="c.ico"
maximizebutton="no"
minimizebutton="yes"
showintaskbar="yes"
singleinstance="yes"
sysmenu="yes"
version="1.0"
windowState="normal"
>
<style type="text/css">
body {background-color:#FFF}
body,input {font:9pt tahoma}
body a {font-size:12px;text-decoration:none}
body a:link {color:#0000CC;text-decoration:none}
body a:visited {color:#0000CC;text-decoration:none}
fieldset {height:230x}
legend {font-weight: bolder}
#DataArea {color:#FF0000}
textarea {scrollbar-face-color:#FFF;
scrollbar-arrow-color:#000;
scrollbar-base-color:#FFF;
scrollbar-dark-shadow-color:##2D5B2D;
}
</style>
</head>
<script language="VBScript">
Sub Window_onLoad
window.resizeTo 620,400
End Sub
Sub DONOW
DataArea.InnerHTML = "正在进行快速杀毒……请稍等……"
End Sub
Sub DOEND
DataArea.InnerHTML = "病毒清除成功,如果你发现有本专杀不能清除的病毒,请提交样本:ycosxhack@126.com,压缩加密virus。"
End Sub
Sub KILLVIRUS
DONOW
on error resume next
msgbox "本专杀由余弦函数制作,点击确实开始杀毒。",64,"Autorun随机七位字母命名的病毒专杀"
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='dmecvcm.exe' or name='iywdqdf.exe' or name='oduxyym.exe' or name='wojhadp.exe' or name='rmwaccq.exe' or name='dtstorp.exe' or name='ouvjwsc.exe' or name='wocfiba.exe' or name='gnkjkrl.exe' or name='lnmwiid.exe' or name='suvtufx.exe' or name='wojhadp.exe' or name='rmwaccq.exe' or name='egclmvo.exe' or name='cyqttve.exe'")
for each i in p
i.terminate
next
set fso=createobject("scripting.filesystemobject")
set del=createobject("wscript.shell")
dim d(16)
dim v(16)
d(0)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\dmecvcm.exe")
d(1)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\iywdqdf.exe")
d(2)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\meex.com")
d(3)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\oduxyym.exe")
d(4)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\wojhadp.exe")
d(5)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\rmwaccq.exe")
d(6)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\dtstorp.exe")
d(7)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\ouvjwsc.exe")
d(8)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\wocfiba.exe")
d(9)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\gnkjkrl.exe")
d(10)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\lnmwiid.exe")
d(11)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\suvtufx.exe")
d(12)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\wojhadp.exe")
d(13)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\rmwaccq.exe")
d(14)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\egclmvo.exe")
d(15)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\cyqttve.exe")
for i=0 to 15
set v(i)=fso.getfile(d(i))
v(i).attributes=0
v(i).delete
next
set fso=createobject("scripting.filesystemobject")
set drvs=fso.drives
for each drv in drvs
if drv.drivetype=1 or drv.drivetype=2 or drv.drivetype=3 or drv.drivetype=4 then
set w=fso.getfile(drv.driveletter&":\kocmbcd.exe")
w.attributes=0
w.delete
set w_1=fso.getfile(drv.driveletter&":\vlskjgs.exe")
w_1.attributes=0
w_1.delete
set w_2=fso.getfile(drv.driveletter&":\haqeyfy.exe")
w_2.attributes=0
w_2.delete
set w_3=fso.getfile(drv.driveletter&":\udnnnvq.exe")
w_3.attributes=0
w_3.delete
set w_3=fso.getfile(drv.driveletter&":\nqgphqd.exe")
w_3.attributes=0
w_3.delete
set w_4=fso.getfile(drv.driveletter&":\cmxpbpl.exe")
w_4.attributes=0
w_4.delete
set u=fso.getfile(drv.driveletter&":\autorun.inf")
u.attributes=0
u.delete
end if
next
set reg=createobject("wscript.shell")
reg.regwrite "HKLM\SYSTEM\CurrentControlSet\Services\AVP\Start",2,"REG_DWORD"
reg.regwrite "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Start",2,"REG_DWORD"
reg.regwrite "HKLM\SYSTEM\CurrentControlSet\Services\helpsvc\Start",2,"REG_DWORD"
reg.regwrite "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Start",2,"REG_DWORD"
reg.regwrite "HKLM\SYSTEM\CurrentControlSet\Services\wscsvc\Start",2,"REG_DWORD"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue",1,"REG_DWORD"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\DefaultValue",2,"REG_DWORD"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\CheckedValue",2,"REG_DWORD"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\DefaultValue",2,"REG_DWORD"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\UncheckedValue",1,"REG_DWORD"
reg.regdelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhsonxn"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kocmbcd"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\haqeyfy"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vlskjgs"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\udnnnvq"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uragvod"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cfrxjwg"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nqgphqd"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmxpbpl"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dnpsalq"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FYFireWall.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPFMntor.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.EXE\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upiea.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.com\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp\"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dmecvcm.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iywdqdf.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\meex.com\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oduxyym.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wojhadp.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rmwaccq.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dtstorp.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ouvjwsc.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wocfiba.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gnkjkrl.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnmwiid.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\suvtufx.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wojhadp.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rmwaccq.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kocmbcd.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vlskjgs.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\haqeyfy.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udnnnvq.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nqgphqd.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egclmvo.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cyqttve.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmxpbpl.exe\Debugger","NoVirus","REG_SZ"
set fso=nothing
DOEND
End Sub
Sub EXITKILL
window.close()
End Sub
</script>
<body>
<input type="button" value="KillVirus" onClick="KILLVIRUS">
<input type="button" value="My BLOG" onClick="window.open('http://hi.baidu.com/ycosxhack')">
<input type="button" value="EXIT" onClick="EXITKILL">
<-------------------------专杀更新时间2007年6月7日 POWERED BY <a href="http://hi.baidu.com/ycosxhack">余弦函数</a>
<p><span id=DataArea>点击KillVirus开始杀毒……</span><p>
<fieldset>
<legend>- Read Me First -</legend>
<textarea id="readme" style="border:0; background-color:#FFFFFF; width:98%; height:226px;">
Autorun随机七位字母命名的病毒专杀
1、专杀目前可以完全查杀kocmbcd.exe、ouvjwsc.exen、qgphqd.exe、udnnnvq.exe与cmxpbpl.exe通过移动盘传播的病毒!这些都是同类病毒的变种,遇到新变种我会继续更新杀毒指令。
2、如果你中的是其它变种的Virus.Win32.AutoRun或Trojan-Downloader.Win32.Agent,运行此专杀将能暂时解决部分问题。你可以将病毒样本发到此邮箱ycosxhack@126.com,以便我更新杀毒指令。
3、转载本专杀的源码请务必保持源码的完整性……
BY 余弦函数 2007年6月7日 http://hi.baidu.com/ycosxhack <--我的博客
</textarea>
</fieldset>
</body>
</html>
打包文件下载
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>七位字母命名的病毒专杀工具</title>
<HTA:APPLICATION
APPLICATIONNAME="KILLVIRUS"
border="thin"
borderstyle="normal"
caption="yes"
icon="c.ico"
maximizebutton="no"
minimizebutton="yes"
showintaskbar="yes"
singleinstance="yes"
sysmenu="yes"
version="1.0"
windowState="normal"
>
<style type="text/css">
body {background-color:#FFF}
body,input {font:9pt tahoma}
body a {font-size:12px;text-decoration:none}
body a:link {color:#0000CC;text-decoration:none}
body a:visited {color:#0000CC;text-decoration:none}
fieldset {height:230x}
legend {font-weight: bolder}
#DataArea {color:#FF0000}
textarea {scrollbar-face-color:#FFF;
scrollbar-arrow-color:#000;
scrollbar-base-color:#FFF;
scrollbar-dark-shadow-color:##2D5B2D;
}
</style>
</head>
<script language="VBScript">
Sub Window_onLoad
window.resizeTo 620,400
End Sub
Sub DONOW
DataArea.InnerHTML = "正在进行快速杀毒……请稍等……"
End Sub
Sub DOEND
DataArea.InnerHTML = "病毒清除成功,如果你发现有本专杀不能清除的病毒,请提交样本:ycosxhack@126.com,压缩加密virus。"
End Sub
Sub KILLVIRUS
DONOW
on error resume next
msgbox "本专杀由余弦函数制作,点击确实开始杀毒。",64,"Autorun随机七位字母命名的病毒专杀"
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='dmecvcm.exe' or name='iywdqdf.exe' or name='oduxyym.exe' or name='wojhadp.exe' or name='rmwaccq.exe' or name='dtstorp.exe' or name='ouvjwsc.exe' or name='wocfiba.exe' or name='gnkjkrl.exe' or name='lnmwiid.exe' or name='suvtufx.exe' or name='wojhadp.exe' or name='rmwaccq.exe' or name='egclmvo.exe' or name='cyqttve.exe'")
for each i in p
i.terminate
next
set fso=createobject("scripting.filesystemobject")
set del=createobject("wscript.shell")
dim d(16)
dim v(16)
d(0)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\dmecvcm.exe")
d(1)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\iywdqdf.exe")
d(2)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\meex.com")
d(3)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\oduxyym.exe")
d(4)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\wojhadp.exe")
d(5)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\rmwaccq.exe")
d(6)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\dtstorp.exe")
d(7)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\ouvjwsc.exe")
d(8)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\wocfiba.exe")
d(9)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\gnkjkrl.exe")
d(10)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\lnmwiid.exe")
d(11)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\suvtufx.exe")
d(12)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\wojhadp.exe")
d(13)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\rmwaccq.exe")
d(14)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\egclmvo.exe")
d(15)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\cyqttve.exe")
for i=0 to 15
set v(i)=fso.getfile(d(i))
v(i).attributes=0
v(i).delete
next
set fso=createobject("scripting.filesystemobject")
set drvs=fso.drives
for each drv in drvs
if drv.drivetype=1 or drv.drivetype=2 or drv.drivetype=3 or drv.drivetype=4 then
set w=fso.getfile(drv.driveletter&":\kocmbcd.exe")
w.attributes=0
w.delete
set w_1=fso.getfile(drv.driveletter&":\vlskjgs.exe")
w_1.attributes=0
w_1.delete
set w_2=fso.getfile(drv.driveletter&":\haqeyfy.exe")
w_2.attributes=0
w_2.delete
set w_3=fso.getfile(drv.driveletter&":\udnnnvq.exe")
w_3.attributes=0
w_3.delete
set w_3=fso.getfile(drv.driveletter&":\nqgphqd.exe")
w_3.attributes=0
w_3.delete
set w_4=fso.getfile(drv.driveletter&":\cmxpbpl.exe")
w_4.attributes=0
w_4.delete
set u=fso.getfile(drv.driveletter&":\autorun.inf")
u.attributes=0
u.delete
end if
next
set reg=createobject("wscript.shell")
reg.regwrite "HKLM\SYSTEM\CurrentControlSet\Services\AVP\Start",2,"REG_DWORD"
reg.regwrite "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Start",2,"REG_DWORD"
reg.regwrite "HKLM\SYSTEM\CurrentControlSet\Services\helpsvc\Start",2,"REG_DWORD"
reg.regwrite "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Start",2,"REG_DWORD"
reg.regwrite "HKLM\SYSTEM\CurrentControlSet\Services\wscsvc\Start",2,"REG_DWORD"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue",1,"REG_DWORD"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\DefaultValue",2,"REG_DWORD"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\CheckedValue",2,"REG_DWORD"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\DefaultValue",2,"REG_DWORD"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\UncheckedValue",1,"REG_DWORD"
reg.regdelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hhsonxn"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kocmbcd"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\haqeyfy"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vlskjgs"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\udnnnvq"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uragvod"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cfrxjwg"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nqgphqd"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmxpbpl"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dnpsalq"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FYFireWall.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPFMntor.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.EXE\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upiea.exe\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.com\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp\"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dmecvcm.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iywdqdf.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\meex.com\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oduxyym.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wojhadp.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rmwaccq.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dtstorp.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ouvjwsc.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wocfiba.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gnkjkrl.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnmwiid.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\suvtufx.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wojhadp.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rmwaccq.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kocmbcd.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vlskjgs.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\haqeyfy.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udnnnvq.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nqgphqd.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egclmvo.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cyqttve.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmxpbpl.exe\Debugger","NoVirus","REG_SZ"
set fso=nothing
DOEND
End Sub
Sub EXITKILL
window.close()
End Sub
</script>
<body>
<input type="button" value="KillVirus" onClick="KILLVIRUS">
<input type="button" value="My BLOG" onClick="window.open('http://hi.baidu.com/ycosxhack')">
<input type="button" value="EXIT" onClick="EXITKILL">
<-------------------------专杀更新时间2007年6月7日 POWERED BY <a href="http://hi.baidu.com/ycosxhack">余弦函数</a>
<p><span id=DataArea>点击KillVirus开始杀毒……</span><p>
<fieldset>
<legend>- Read Me First -</legend>
<textarea id="readme" style="border:0; background-color:#FFFFFF; width:98%; height:226px;">
Autorun随机七位字母命名的病毒专杀
1、专杀目前可以完全查杀kocmbcd.exe、ouvjwsc.exen、qgphqd.exe、udnnnvq.exe与cmxpbpl.exe通过移动盘传播的病毒!这些都是同类病毒的变种,遇到新变种我会继续更新杀毒指令。
2、如果你中的是其它变种的Virus.Win32.AutoRun或Trojan-Downloader.Win32.Agent,运行此专杀将能暂时解决部分问题。你可以将病毒样本发到此邮箱ycosxhack@126.com,以便我更新杀毒指令。
3、转载本专杀的源码请务必保持源码的完整性……
BY 余弦函数 2007年6月7日 http://hi.baidu.com/ycosxhack <--我的博客
</textarea>
</fieldset>
</body>
</html>
打包文件下载