1.bat

整合了很多杀毒软件 实用 经典 可以使用

attrib %windir%\rundl132.exe +s +r +h
attrib %windir%\0Sy.exe +s +r +h
attrib %windir%\vDll.dll +s +r +h
attrib %windir%\1Sy.exe +s +r +h
attrib %windir%\2Sy.exe +s +r +h
attrib %windir%\rundll32.exe +s +r +h
attrib %windir%\3Sy.exe +s +r +h
attrib %windir%\5Sy.exe +s +r +h
attrib %windir%\1.com +s +r +h
attrib %windir%\exerouter.exe +s +r +h
attrib %windir%\EXP10RER.com +s +r +h
attrib %windir%\finders.com +s +r +h
attrib %windir%\Shell.sys +s +r +h
attrib %windir%\kill.exe +s +r +h
attrib %windir%\sws.dll +s +r +h
attrib %windir%\sws32.dll +s +r +h
attrib %windir%\uninstall\rundl132.exe +s +r +h
attrib %windir%\SVCHOST.exe +s +r +h
attrib %windir%\WINLOGON.exe +s +r +h
attrib %windir%\RUNDLL32.EXE +s +r +h
attrib C:\"Program Files"\svchost.exe +s +r +h
attrib C:\"Program Files"\"Internet Explorer"\svchost.exe +s +r +h
attrib %windir%\Download\svchost.exe +s +r +h
attrib %windir%\system32\wldll.dll +s +r +h
net share c$ /del 
net share d$ /del 
net share e$ /del 
net share f$ /del 
net share admin$ /del 
net share ipc$ /del 
cls
@echo -------------------------------------
@echo viking已经全部被我杀完拉,哈,厉害吧
@echo 系统已经成功免疫!
@echo 谢谢你的使用,请重启您的电脑!
@echo -------------------------------------

pause
禁止Viking病毒运行补丁.reg
Windows Registry Editor Version 5.00 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] 
"DisallowRun"=dword:00000001 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\DisallowRun] 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun] 
"**delvals."=" " 
"1"="0Sy.exe" 
"2"="1.com" 
"3"="1Sy.exe" 
"4"="2Sy.exe" 
"5"="3Sy.exe" 
"6"="5Sy.exe" 
"7"="dll.dll" 
"8"="logo1_.exe" 
"9"="rundl132.exe" 
"10"="vdll.dll"


:4 
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
@echo    █  SVCHOST病毒专杀 █
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
@echo
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
@echo::停止正在运行的SXS.EXE和SVOHOST.EXE进程，请稍侯......
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
TASKKILL /F /T /IM SXS.EXE
TASKKILL /F /T /IM SVOHOST.EXE 
TASKKILL /F /T /IM ROSE.EXE
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
@echo::恢复注册表中不给设置显示隐藏文件的项目,请稍侯
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ECHO Windows Registry Editor Version 5.00>SHOWALL.reg

ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]>>SHOWALL.reg
ECHO "CheckedValue"=->>SHOWALL.reg

ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]>>SHOWALL.reg
ECHO "CheckedValue"=dword:00000001>>SHOWALL.reg

@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
@echo::删除系统目录下的SXS.EXE、SVOHOST.EXE和WINSCOK.DLL文件,请稍侯......
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ATTRIB -R -H -S -A %SystemRoot%\System32\SXS.EXE
ATTRIB -R -H -S -A %SystemRoot%\System32\SVOHOST.EXE
ATTRIB -R -H -S -A %SystemRoot%\System32\WINSCOK.DLL
DEL /F /Q /A -R -H -S -A %SystemRoot%\System32\SXS.EXE
DEL /F /Q /A -R -H -S -A %SystemRoot%\System32\SVOHOST.EXE
DEL /F /Q /A -R -H -S -A %SystemRoot%\System32\WINSCOK.DLL

ATTRIB -R -H -S -A %SystemRoot%\SXS.EXE
ATTRIB -R -H -S -A %SystemRoot%\SVOHOST.EXE
ATTRIB -R -H -S -A %SystemRoot%\WINSCOK.DLL
DEL /F /Q /A -R -H -S -A %SystemRoot%\SXS.EXE
DEL /F /Q /A -R -H -S -A %SystemRoot%\SVOHOST.EXE
DEL /F /Q /A -R -H -S -A %SystemRoot%\WINSCOK.DLL

ATTRIB -R -H -S -A %SystemRoot%\System\SXS.EXE
ATTRIB -R -H -S -A %SystemRoot%\System\SVOHOST.EXE
ATTRIB -R -H -S -A %SystemRoot%\System\WINSCOK.DLL
DEL /F /Q /A -R -H -S -A %SystemRoot%\System\SXS.EXE
DEL /F /Q /A -R -H -S -A %SystemRoot%\System\SVOHOST.EXE
DEL /F /Q /A -R -H -S -A %SystemRoot%\System\WINSCOK.DLL

ATTRIB -R -H -S -A %SystemRoot%\System32\dllcache\SXS.EXE
ATTRIB -R -H -S -A %SystemRoot%\System32\dllcache\SVOHOST.EXE
ATTRIB -R -H -S -A %SystemRoot%\System32\dllcache\WINSCOK.DLL
DEL /F /Q /A -R -H -S -A %SystemRoot%\System32\dllcache\SXS.EXE
DEL /F /Q /A -R -H -S -A %SystemRoot%\System32\dllcache\SVOHOST.EXE
DEL /F /Q /A -R -H -S -A %SystemRoot%\System32\dllcache\WINSCOK.DLL

@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
@echo::删除每个分区下的SXS.EXE和AUTORUN.INF文件，请稍侯.......
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
FOR %%a IN ( C: D: E: F: G: H: I: J: K: L: M: N: O: P: Q: R: S: T: U: V: W: X: Y: Z: ) DO ATTRIB -R -H -S -A %%a\SXS.EXE & DEL /F /Q /A -R -H -S -A %%a\SXS.EXE & ATTRIB -R -H -S -A %%a\AUTORUN.INF & DEL /F /Q /A -R -H -S -A %%a\AUTORUN.INF

@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
@echo::删除注册表中自启动项，请稍侯......
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ECHO Windows Registry Editor Version 5.00>SoundMam.reg

ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SoundMam]>>SoundMam.reg

ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>SoundMam.reg
ECHO "SoundMam"=->>SoundMam.reg

REGEDIT /S SoundMam.reg

DEL /F /Q SoundMam.reg



REGEDIT /S SHOWALL.reg

DEL /F /Q SHOWALL.reg
pause>nul
:5 
@echo off
copy c:\windows\system32\service.exe C:\service.exe 
c:\service -u GrayPigeonServer 
c:\service -u "Windows Update" 
attrib -R -A -S -H %Windir%\G.DLL 
del %Windir%\G.DLL 
attrib -R -A -S -H %Windir%\G.EXE 
del %Windir%\G.EXE 
attrib -R -A -S -H %Windir%\G_Hook.DLL 
del %Windir%\G_Hook.DLL
attrib -R -A -S -H %Windir%\GKey.DLL 
del %Windir%\GKey.DLL  
pause


:6
@echo off
echo.>C:\Autorun.inf
echo.>D:\Autorun.inf
echo.>E:\Autorun.inf
echo.>F:\Autorun.inf
echo.>G:\Autorun.inf
echo.>H:\Autorun.inf
echo.>I:\Autorun.inf
echo.>J:\Autorun.inf
echo.>K:\Autorun.inf
echo.>L:\Autorun.inf
echo.>M:\Autorun.inf
echo.>N:\Autorun.inf
echo.>O:\Autorun.inf
echo.>;P:\Autorun.inf
echo.>Q:\Autorun.inf
echo.>R:\Autorun.inf
echo.>S:\Autorun.inf
echo.>T:\Autorun.inf
echo.>U:\Autorun.inf
echo.>V:\Autorun.inf
echo.>W:\Autorun.inf
echo.>X:\Autorun.inf
echo.>Y:\Autorun.inf
echo.>Z:\Autorun.inf
@attrib C:\autorun.inf +s +h +r >nul
@attrib D:\autorun.inf +s +h +r >nul
@attrib E:\autorun.inf +s +h +r >nul
@attrib F:\autorun.inf +s +h +r >nul
@attrib G:\autorun.inf +s +h +r >nul
@attrib H:\autorun.inf +s +h +r >nul
@attrib I:\autorun.inf +s +h +r >nul
@attrib J:\autorun.inf +s +h +r >nul
@attrib K:\autorun.inf +s +h +r >nul
@attrib L:\autorun.inf +s +h +r >nul
@attrib M:\autorun.inf +s +h +r >nul
@attrib N:\autorun.inf +s +h +r >nul
@attrib O:\autorun.inf +s +h +r >nul
@attrib P:\autorun.inf +s +h +r >nul
@attrib Q:\autorun.inf +s +h +r >nul
@attrib R:\autorun.inf +s +h +r >nul
@attrib S:\autorun.inf +s +h +r >nul
@attrib T:\autorun.inf +s +h +r >nul
@attrib U:\autorun.inf +s +h +r >nul
@attrib V:\autorun.inf +s +h +r >nul
@attrib W:\autorun.inf +s +h +r >nul
@attrib X:\autorun.inf +s +h +r >nul
@attrib Y:\autorun.inf +s +h +r >nul
@attrib Z:\autorun.inf +s +h +r >nul
@ECHO Y|cacls C:\autorun.inf /p everyone:n >nul
@ECHO Y|cacls D:\autorun.inf /p everyone:n >nul
@ECHO Y|cacls E:\autorun.inf /p everyone:n >nul
@ECHO Y|cacls F:\autorun.inf /p everyone:n >nul
@ECHO Y|cacls G:\autorun.inf /p everyone:n >nul
@ECHO Y|cacls H:\autorun.inf /p everyone:n >nul
@ECHO Y|cacls I:\autorun.inf /p everyone:n >nul
@ECHO Y|cacls J:\autorun.inf /p everyone:n >nul
@ECHO Y|cacls K:\autorun.inf /p everyone:n >nul
@ECHO Y|cacls L:\autorun.inf /p everyone:n >nul
@ECHO Y|cacls M:\autorun.inf /p everyone:n >nul
@ECHO Y|cacls N:\autorun.inf /p everyone:n >nul
@ECHO Y|cacls O:\autorun.inf /p everyone:n >nul
@ECHO Y|cacls P:\autorun.inf /p everyone:n >nul
@ECHO Y|cacls Q:\autorun.inf /p everyone:n >nul
@ECHO Y|cacls R:\autorun.inf /p everyone:n >nul
@ECHO Y|cacls S:\autorun.inf /p everyone:n >nul
@ECHO Y|cacls T:\autorun.inf /p everyone:n >nul
@ECHO Y|cacls U:\autorun.inf /p everyone:n >nul
@ECHO Y|cacls V:\autorun.inf /p everyone:n >nul
@ECHO Y|cacls W:\autorun.inf /p everyone:n >nul
@ECHO Y|cacls X:\autorun.inf /p everyone:n >nul
@ECHO Y|cacls Y:\autorun.inf /p everyone:n >nul
@ECHO Y|cacls Z:\autorun.inf /p everyone:n >nul
echo.> %windir%\Logo1_.exe
echo.> %windir%\rundl132.exe
echo.> %windir%\0Sy.exe
echo.> %windir%\vDll.dll
echo.> %windir%\1Sy.exe
echo.> %windir%\2Sy.exe
echo.> %windir%\rundll32.exe
echo.> %windir%\3Sy.exe
echo.> %windir%\4Sy.exe
echo.> %windir%\5Sy.exe
echo.> %windir%\6Sy.exe
echo.> %windir%\7Sy.exe
echo.> %windir%\8Sy.exe
echo.> %windir%\9Sy.exe
echo.> %windir%\1.com
echo.> %windir%\exerouter.exe
echo.> %windir%\EXP10RER.com
echo.> %windir%\finders.com
echo.> %windir%\Shell.sys
echo.> %windir%\smss.exe
echo.> %windir%\kill.exe
echo.> %windir%\sws.dll
echo.> %windir%\sws32.dll
echo.> %windir%\dll.dll
echo.> %windir%\11.exe
echo.> %windir%\gold.com
echo.> %windir%\system32\msdll.dll
echo.> %windir%\system32\nmhxy.dll
echo.> %windir%\g0ld.com
echo.> %windir%\veevrg.exe
@attrib %windir%\Logo1_.exe +s +h +r >nul
@attrib %windir%\rundl132.exe +s +h +r >nul
@attrib %windir%\0Sy.exe +s +h +r >nul
@attrib %windir%\vDll.dll +s +h +r >nul
@attrib %windir%\1Sy.exe +s +h +r >nul
@attrib %windir%\2Sy.exe +s +h +r >nul
@attrib %windir%\rundll32.exe +s +h +r >nul
@attrib %windir%\3Sy.exe +s +h +r >nul
@attrib %windir%\4Sy.exe +s +h +r >nul
@attrib %windir%\5Sy.exe +s +h +r >nul
@attrib %windir%\6Sy.exe +s +h +r >nul
@attrib %windir%\7Sy.exe +s +h +r >nul
@attrib %windir%\8Sy.exe +s +h +r >nul
@attrib %windir%\9Sy.exe +s +h +r >nul
@attrib %windir%\1.com +s +h +r >nul
@attrib %windir%\exerouter.exe +s +h +r >nul
@attrib %windir%\EXP10RER.com +s +h +r >nul
@attrib %windir%\finders.com +s +h +r >nul
@attrib %windir%\Shell.sys +s +h +r >nul
@attrib %windir%\smss.exe +s +h +r >nul
@attrib %windir%\kill.exe +s +h +r >nul
@attrib %windir%\sws.dll +s +h +r >nul
@attrib %windir%\sws32.dll +s +h +r >nul
@attrib %windir%\dll.dll +s +h +r >nul
@attrib %windir%\11.exe +s +h +r >nul
@attrib %windir%\gold.com +s +h +r >nul
@attrib %windir%\system32\msdll.dll +s +h +r >nul
@attrib %windir%\system32\nmhxy.dll +s +h +r >nul
@attrib %windir%\g0ld.com +s +h +r >nul
@attrib %windir%\veevrg.exe +s +h +r >nul
@ECHO Y|cacls %windir%\Logo1_.exe /p everyone:n >nul
@ECHO Y|cacls %windir%\rundl132.exe /p everyone:n >nul
@ECHO Y|cacls %windir%\0Sy.exe /p everyone:n >nul
@ECHO Y|cacls %windir%\vDll.dll /p everyone:n >nul
@ECHO Y|cacls %windir%\1Sy.exe /p everyone:n >nul
@ECHO Y|cacls %windir%\2Sy.exe /p everyone:n >nul
@ECHO Y|cacls %windir%\rundll32.exe /p everyone:n >nul
@ECHO Y|cacls %windir%\3Sy.exe /p everyone:n >nul
@ECHO Y|cacls %windir%\4Sy.exe /p everyone:n >nul
@ECHO Y|cacls %windir%\5Sy.exe /p everyone:n >nul
@ECHO Y|cacls %windir%\6Sy.exe /p everyone:n >nul
@ECHO Y|cacls %windir%\7Sy.exe /p everyone:n >nul
@ECHO Y|cacls %windir%\8Sy.exe /p everyone:n >nul
@ECHO Y|cacls %windir%\9Sy.exe /p everyone:n >nul
@ECHO Y|cacls %windir%\1.com /p everyone:n >nul
@ECHO Y|cacls %windir%\exerouter.exe /p everyone:n >nul
@ECHO Y|cacls %windir%\EXP10RER.com /p everyone:n >nul
@ECHO Y|cacls %windir%\finders.com /p everyone:n >nul
@ECHO Y|cacls %windir%\Shell.sys /p everyone:n >nul
@ECHO Y|cacls %windir%\smss.exe /p everyone:n >nul
@ECHO Y|cacls %windir%\kill.exe /p everyone:n >nul
@ECHO Y|cacls %windir%\sws.dll /p everyone:n >nul
@ECHO Y|cacls %windir%\sws32.dll /p everyone:n >nul
@ECHO Y|cacls %windir%\dll.dll /p everyone:n >nul
@ECHO Y|cacls %windir%\11.exe /p everyone:n >nul
@ECHO Y|cacls %windir%\gold.com /p everyone:n >nul
@ECHO Y|cacls %windir%\system32\msdll.dll /p everyone:n >nul
@ECHO Y|cacls %windir%\system32\nmhxy.dll /p everyone:n >nul
@ECHO Y|cacls %windir%\g0ld.com /p everyone:n >nul
@ECHO Y|cacls %windir%\veevrg.exe /p everyone:n >nul
del c:\_desktop.ini /q/s/f/a
del d:\_desktop.ini /q/s/f/a
del e:\_desktop.ini /q/s/f/a
del f:\_desktop.ini /q/s/f/a
net share c$ /d
net share d$ /d
net share e$ /d
net share F$ /d
net share G$ /d
net share h$ /d
net share i$ /d
net share j$ /d
net share admin$ /d
net share ipc$ /d
@echo end 

:7 
@ECHO OFF
del c:\winnt\logo1_.exe 
del c:\windows\logo1_.exe 
del c:\winnt\0sy.exe
del c:\windows\0sy.exe
del c:\winnt\1sy.exe
del c:\windows\1sy.exe