<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>七位字母命名的病毒专杀工具</title>
<HTA:APPLICATION
APPLICATIONNAME="KILLVIRUS"
border="thin"
borderstyle="normal"
caption="yes"
icon="c.ico"
maximizebutton="no"
minimizebutton="yes"
showintaskbar="yes"
singleinstance="yes"
sysmenu="yes"
version="1.0"
windowState="normal"
>
<style type="text/css">
body {background-color:#FFF}
body,input {font:9pt tahoma}
body a {font-size:12px;text-decoration:none}
body a:link {color:#0000CC;text-decoration:none}
body a:visited {color:#0000CC;text-decoration:none}
fieldset {height:230x}
legend {font-weight: bolder}
#DataArea {color:#FF0000}
textarea {scrollbar-face-color:#FFF;
scrollbar-arrow-color:#000;
scrollbar-base-color:#FFF;
scrollbar-dark-shadow-color:##2D5B2D;
}
</style>
</head>
<script language="VBScript">
Sub Window_onLoad
window.resizeTo 620,400
End Sub
Sub DONOW
DataArea.InnerHTML = "正在进行快速杀毒……请稍等……"
End Sub
Sub DOEND
DataArea.InnerHTML = "病毒清除成功,如果你发现有本专杀不能清除的病毒,请提交样本:ycosxhack@126.com,压缩加密virus。"
End Sub
Sub KILLVIRUS
DONOW
on error resume next
msgbox "本专杀由余弦函数制作,点击确实开始杀毒。",64,"Autorun随机七位字母命名的病毒专杀"
set w=getobject("winmgmts:")
set p=w.execquery("select * from win32_process where name='dmecvcm.exe' or name='iywdqdf.exe' or name='oduxyym.exe' or name='wojhadp.exe' or name='rmwaccq.exe' or name='dtstorp.exe' or name='ouvjwsc.exe' or name='wocfiba.exe' or name='gnkjkrl.exe' or name='lnmwiid.exe' or name='suvtufx.exe' or name='wojhadp.exe' or name='rmwaccq.exe' or name='egclmvo.exe' or name='cyqttve.exe'")
for each i in p
i.terminate
next
set fso=createobject("scripting.filesystemobject")
set del=createobject("wscript.shell")
dim d(16)
dim v(16)
d(0)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\dmecvcm.exe")
d(1)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\iywdqdf.exe")
d(2)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\meex.com")
d(3)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\oduxyym.exe")
d(4)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\wojhadp.exe")
d(5)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\rmwaccq.exe")
d(6)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\dtstorp.exe")
d(7)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\ouvjwsc.exe")
d(8)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\wocfiba.exe")
d(9)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\gnkjkrl.exe")
d(10)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\lnmwiid.exe")
d(11)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\suvtufx.exe")
d(12)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\wojhadp.exe")
d(13)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\rmwaccq.exe")
d(14)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\egclmvo.exe")
d(15)=del.ExpandEnvironmentStrings("%SystemRoot%\system32\cyqttve.exe")
for i=0 to 15
set v(i)=fso.getfile(d(i))
v(i).attributes=0
v(i).delete
next
set fso=createobject("scripting.filesystemobject")
set drvs=fso.drives
for each drv in drvs
if drv.drivetype=1 or drv.drivetype=2 or&ndows NT\CurrentVersion\Image File Execution Options\KvXP.kxp\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp\"
reg.regdelete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp\"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dmecvcm.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iywdqdf.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\meex.com\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oduxyym.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wojhadp.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rmwaccq.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dtstorp.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ouvjwsc.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wocfiba.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gnkjkrl.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnmwiid.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\suvtufx.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wojhadp.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rmwaccq.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kocmbcd.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vlskjgs.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\haqeyfy.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udnnnvq.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nqgphqd.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egclmvo.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cyqttve.exe\Debugger","NoVirus","REG_SZ"
reg.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmxpbpl.exe\Debugger","NoVirus","REG_SZ"
set fso=nothing
DOEND
End Sub
Sub EXITKILL
window.close()
End Sub
</script>
<body>
<input type="button" value="KillVirus" onClick="KILLVIRUS">
<input type="button" value="My BLOG" onClick="window.open('http://hi.baidu.com/ycosxhack')">
<input type="button" value="EXIT" onClick="EXITKILL">
<-------------------------专杀更新时间2007年6月7日 POWERED BY <a href="http://hi.baidu.com/ycosxhack">余弦函数</a>
<p><span id=DataArea>点击KillVirus开始杀毒……</span><p>
<fieldset>
<legend>- Read Me First -</legend>
<textarea id="readme" style="border:0; background-color:#FFFFFF; width:98%; height:226px;">
Autorun随机七位字母命名的病毒专杀
1、专杀目前可以完全查杀kocmbcd.exe、ouvjwsc.exen、qgphqd.exe、udnnnvq.exe与cmxpbpl.exe通过移动盘传播的病毒!这些都是同类病毒的变种,遇到新变种我会继续更新杀毒指令。
2、如果你中的是其它变种的Virus.Win32.AutoRun或Trojan-Downloader.Win32.Agent,运行此专杀将能暂时解决部分问题。你可以将病毒样本发到此邮箱ycosxhack@126.com,以便我更新杀毒指令。
3、转载本专杀的源码请务必保持源码的完整性……
BY 余弦函数 2007年6月7日 http://hi.baidu.com/ycosxhack <--我的博客
</textarea>
</fieldset>
</body>
</html>
打包文件下载 |
|
转播
