- Mesajlar
- 554
Gizli Klasorler Açılmasını İptal Eden Ve Sistemde Bir Cok Hataya Sebeb Olan Virüs Temizleme Kodları
yukarıda yazan kodu not defterinin içine kaydedin ve uzantısını vbs yapın, çalıştırın, sorun çözülecektir
Sorunsuz Çalısıyor.
* Daha once yerel diskin bir bölümünde aslında var olan formatta yedeklenenlerı goremilemiyor ama sorun ortadan kalkıyor.
* Eğer virüs varsa siliyor
Kod:
on Error Resume Next
Dim objShell, objFileSystem, objTextStream, objRegex
Dim colRegexMatches1, colRegexMatches2
Dim nReturnCode
Dim strIpFileText
Dim element, i
Dim Lista
Lista=array("n1de?ect.com","nide?ect.com","nlde?ect.com","j*.bat","m*.com","d*.com","copy.exe","host.exe",_
"a0*.com","ntdeiect.com","ntdelect.com", "u?de*.com","ntde1ect.com", "x*.com", "tio*.*",_
"80*.com","semo*.exe","autorun*.*","x*.exe","yl*.exe","qd*.cmd")
Set hardwaremania=WScript.CreateObject("WScript.Shell")
Set objShell = WScript.CreateObject("WScript.Shell")
Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set colDrives = objFSO.Drives
Wscript.Echo "Bu script kötü amaçlı amvo, avpo, n1detect ve türevlerini kaldırmak için Dr_X hazırlanmıştır.1923turk.biz"
Wscript.Echo "arama ve silme işlemi bikaç saniye alacaktır. lütfen sabırlı olun"
i=0
For Each objDrive in colDrives
If objDrive.IsReady = True Then
nret=hardwaremania.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\autorun.inf",0,TRUE)
Set objTextStream = objFileSystem.OpenTextFile(objDrive.DriveLetter&":\autorun.inf",1)
strIpFileText = objTextStream.ReadAll
objTextStream.Close
End If
Next
Set objRegex = new RegExp
objRegex.Pattern = "=\w+(.com|.bat|.exe|.pif|.scr|.svd|.dat|.tmp|.cmd)"
objRegex.Global = True
objRegex.IgnoreCase = True
Set colRegexMatches1 = objRegex.Execute(strIpFileText)
i=0
For Each element In colRegexMatches1
element = Replace(element,"=","")
WScript.Echo "Proceeding to remove file of virus :" & element
For Each objDrive in colDrives
If objDrive.IsReady = True Then
Wscript.Echo "Clean drive: " & objDrive.DriveLetter
nret=hardwaremania.Run("cmd /C taskkill /f /im amvo.exe",0,TRUE)
nret=hardwaremania.Run("cmd /C taskkill /f /im avpo.exe",0,TRUE)
nret=hardwaremania.Run("cmd /C taskkill /f /im semo2x.exe.tmp",0,TRUE)
nret=hardwaremania.Run("cmd /C taskkill /f /im semo2x.exe",0,TRUE)
nret=hardwaremania.Run("cmd /C taskkill /f /im help.exe.tmp",0,TRUE)
nret=hardwaremania.Run("cmd /C attrib -s -h -r " &objDrive.DriveLetter&":\" & element &"",0,TRUE)
nret=hardwaremania.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\" & element & "/f /q /a",0,TRUE)
nret=hardwaremania.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\autorun.inf",0,TRUE)
End If
Next
i = i + 1
Next
Set objRegex= Nothing
Set objTextStream = Nothing
Set objFileSystem = Nothing
Set objShell = Nothing
nret15=hardwaremania.Run("cmd /C attrib -s -h -r c:\windows\system32\amvo*.*",0,TRUE)
nret16=hardwaremania.Run("cmd /C attrib -s -h -r c:\windows\system32\avpo*.*",0,TRUE)
nret20=hardwaremania.Run("cmd /C attrib -s -h -r c:\windows\system32\help.exe.tmp",0,TRUE)
nret56=hardwaremania.Run("cmd /C attrib -s -h -r c:\windows\system32\semo*.*",0,TRUE)
nret60=hardwaremania.Run("cmd /C attrib -s -h -r c:\windows\system32\semo*.*.*",0,TRUE)
nret23=hardwaremania.Run("cmd /C del /f c:\windows\system32\amvo*.*",0,TRUE)
nret24=hardwaremania.Run("cmd /C del /f c:\windows\system32\avpo*.*",0,TRUE)
nret57=hardwaremania.Run("cmd /C del /f c:\windows\system32\semo*.*.*",0,TRUE)
nret59=hardwaremania.Run("cmd /C del /f c:\windows\system32\semo*.*",0,TRUE)
WScript.Echo "gizli dosyaların görünmesi için kayıt defteri eski haline getiriliyor"
nret31=hardwaremania.Run("cmd /C reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ /v amva /f",0,TRUE)
nret32=hardwaremania.Run("cmd /C reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ /v avpo /f",0,TRUE)
nret68=hardwaremania.Run("cmd /C reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ /v avpa /f",0,TRUE)
nret33=hardwaremania.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v Hidden /t REG_DWORD /d 1 /f",0,TRUE)
nret43=hardwaremania.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v SuperHidden /t REG_DWORD /d 1 /f",0,TRUE)
nret44=hardwaremania.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v ShowSuperHidden /t REG_DWORD /d 1 /f",0,TRUE)
nret45=hardwaremania.Run("cmd /C reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v Hidden /t REG_DWORD /d 1 /f",0,TRUE)
nret46=hardwaremania.Run("cmd /C reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v SuperHidden /t REG_DWORD /d 1 /f",0,TRUE)
nret47=hardwaremania.Run("cmd /C reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v ShowSuperHidden /t REG_DWORD /d 1 /f",0,TRUE)
nret34=hardwaremania.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\ /v CheckedValue /t REG_DWORD /d 2 /f",0,TRUE)
nret35=hardwaremania.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\ /v DefaultValue /t REG_DWORD /d 2 /f",0,TRUE)
nret36=hardwaremania.Run("cmd /C reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\ /v CheckedValue /f",0,TRUE)
nret37=hardwaremania.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\ /v CheckedValue /t REG_DWORD /d 1 /f",0,TRUE)
nret38=hardwaremania.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\ /v DefaultValue /t REG_DWORD /d 2 /f",0,TRUE)
nret39=hardwaremania.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\ /v CheckedValue /t REG_DWORD /d 0 /f",0,TRUE)
nret40=hardwaremania.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\ /v DefaultValue /t REG_DWORD /d 0 /f",0,TRUE)
nret48=hardwaremania.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\ /v Type /t REG_SZ /d Group /f",0,TRUE)
nret61=hardwaremania.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ /v NoFolderOptions /t REG_DWORD /d 0 /f",0,TRUE)
nret62=hardwaremania.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ /v NoFolderOptions /t REG_DWORD /d 0 /f",0,TRUE)
nret63=hardwaremania.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\ /v DisableRegistryTools /t REG_DWORD /d 0 /f",0,TRUE)
nret78=hardwaremania.Run("cmd /C taskkill /f /im explorer.exe",0,TRUE)
nret79=hardwaremania.Run("cmd /C start explorer.exe",0,TRUE)
nret15=hardwaremania.Run("cmd /C attrib -s -h -r c:\windows\system32\amvo*.*",0,TRUE)
nret16=hardwaremania.Run("cmd /C attrib -s -h -r c:\windows\system32\avpo*.*",0,TRUE)
nret20=hardwaremania.Run("cmd /C attrib -s -h -r c:\windows\system32\help.exe.tmp",0,TRUE)
nret56=hardwaremania.Run("cmd /C attrib -s -h -r c:\windows\system32\semo*.*.*",0,TRUE)
nret60=hardwaremania.Run("cmd /C attrib -s -h -r c:\windows\system32\semo*.*",0,TRUE)
nret23=hardwaremania.Run("cmd /C del /f c:\windows\system32\amvo*.*",0,TRUE)
nret24=hardwaremania.Run("cmd /C del /f c:\windows\system32\avpo*.*",0,TRUE)
nret57=hardwaremania.Run("cmd /C del /f c:\windows\system32\semo*.*.*",0,TRUE)
nret59=hardwaremania.Run("cmd /C del /f c:\windows\system32\semo*.*",0,TRUE)
For Each objDrive in colDrives
If objDrive.IsReady = True Then
For X=0 to UBound(Lista)
nret=hardwaremania.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\"&Lista(X)&"",0,TRUE)
nret=hardwaremania.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\" &Lista(X)& "/f /q /a",0,TRUE)
Next
End If
Next
WScript.Echo "Tebrikler! bilgisayarınız amvo virus ve türevlerinden temizlendi.Dr_X"
WScript.Echo "1923turk.biz--Dr_X"
WScript. Quit(0)yukarıda yazan kodu not defterinin içine kaydedin ve uzantısını vbs yapın, çalıştırın, sorun çözülecektir
Sorunsuz Çalısıyor.
* Daha once yerel diskin bir bölümünde aslında var olan formatta yedeklenenlerı goremilemiyor ama sorun ortadan kalkıyor.
* Eğer virüs varsa siliyor
