Saturday, July 6, 2013

Recycler virus သတ္ဖို႔ကုဒ္ေလးေတြပါ

Recycler virus သတ္ဖို႔ကုဒ္ေလးေတြပါ 
ေအာက္ပါကုဒ္မ်ားအား notepad တြင္ေကာ္ပီကူးလိုက္ပါ
save လွ်င္ All files ႏွင့္ .bat extension ႏွင့္ save လိုက္ပါ ၿပီးလွ်င္ run ပါ

Taskkill /F /IM Recycler.exe /im uninstx.exe /im FDD23C.exe /im 59ef4c.exe
Taskkill /F /IM 7EB74E.EXE /im 3fcfba.exe /im 74F7CA.EXE
msg * Please Wait…

attrib -a -r -s -h %systemroot%\AUTORUN.INF
attrib -a -r -s -h %systemroot%\confi.exe
attrib -a -r -s -h %systemroot%\Config.ini
attrib -a -r -s -h %systemroot%\Recycler.exe
attrib -a -r -s -h %systemroot%\uninstx.exe
attrib -a -r -s -h %systemroot%\keyvect.dll
attrib -a -r -s -h %systemroot%\netscv.exe
del %systemroot%\AUTORUN.INF
del %systemroot%\confi.exe
del %systemroot%\Config.ini
del %systemroot%\Recycler.exe
del %systemroot%\uninstx.exe
del %systemroot%\keyvect.dll
del %systemroot%\netscv.exe
attrib -a -r -h -s %systemroot%\system32\4D51C1\74F7CA.EXE
attrib -a -r -h -s %systemroot%\system32\2ff48c\59ef4c.exe
attrib -a -r -h -s %systemroot%\system32\9b023b\3fcfba.exe
attrib -a -r -h -s %systemroot%\system32\65B3DF\FDD23C.EXE
attrib -a -r -h -s %systemroot%\system32\7681CF\7EB74E.EXE
del %systemroot%\system32\4D51C1\74F7CA.EXE
del %systemroot%\system32\2ff48c\59ef4c.exe
del %systemroot%\system32\9b023b\3fcfba.exe
del %systemroot%\system32\65B3DF\FDD23C.EXE
del %systemroot%\system32\7681CF\7EB74E.EXE

attrib -a -r -h -s %systemroot%\system32\4D51C1
attrib -a -r -h -s %systemroot%\system32\2ff48c
attrib -a -r -h -s %systemroot%\system32\9b023b
attrib -a -r -h -s %systemroot%\system32\65B3DF
attrib -a -r -h -s %systemroot%\system32\7681CF
attrib -a -r -h -s “%systemroot%\system32\4D51C1\*.*”
attrib -a -r -h -s “%systemroot%\system32\2ff48c\*.*”
attrib -a -r -h -s “%systemroot%\system32\9b023b\*.*”
attrib -a -r -h -s “%systemroot%\system32\65B3DF\*.*”
attrib -a -r -h -s “%systemroot%\system32\7681CF\*.*”
del “%systemroot%\system32\4D51C1\*.*” /a /f /q
del “%systemroot%\system32\2ff48c\*.*” /a /f /q
del “%systemroot%\system32\9b023b\*.*” /a /f /q
del “%systemroot%\system32\65B3DF\*.*” /a /f /q
del “%systemroot%\system32\7681CF\*.*” /a /f /q
rd %systemroot%\system32\4D51C1
rd %systemroot%\system32\2ff48c
rd %systemroot%\system32\9b023b
rd %systemroot%\system32\65B3DF
rd %systemroot%\system32\7681CF

reg delete HKLM\software\Microsoft\Windows\CurrentVersion\Run /v 74F7CA /f
reg delete HKLM\software\Microsoft\Windows\CurrentVersion\Run /v 59ef4c /f
reg delete HKLM\software\Microsoft\Windows\CurrentVersion\Run /v 3fcfba /f
reg delete HKLM\software\Microsoft\Windows\CurrentVersion\Run /v FDD23C /f
reg delete HKLM\software\Microsoft\Windows\CurrentVersion\Run /v 7EB74E /f

DEL “%systemdrive%\Documents and Settings\Administrator\Start Menu\Programs\Startup\iiiiii.lnk” /a /f /q
DEL “%systemdrive%\Documents and Settings\Administrator\Start Menu\Programs\Startup\74F7CA.lnk” /a /f /q
DEL “%systemdrive%\Documents and Settings\Administrator\Start Menu\Programs\Startup\59ef4c.lnk” /a /f /q
DEL “%systemdrive%\Documents and Settings\Administrator\Start Menu\Programs\Startup\9b023b.lnk” /a /f /q
DEL “%systemdrive%\Documents and Settings\Administrator\Start Menu\Programs\Startup\FDD23C.lnk” /a /f /q
DEL “%systemdrive%\Documents and Settings\Administrator\Start Menu\Programs\Startup\7EB74E.lnk” /a /f /q
DEL “%userprofile%\Start Menu\Programs\Startup\iiiiii.lnk” /a /f /q
DEL “%userprofile%\Start Menu\Programs\Startup\74F7CA.lnk” /a /f /q
DEL “%userprofile%\Start Menu\Programs\Startup\59ef4c.lnk” /a /f /q
DEL “%userprofile%\Start Menu\Programs\Startup\9b023b.lnk” /a /f /q
DEL “%userprofile%\Start Menu\Programs\Startup\FDD23C.lnk” /a /f /q
DEL “%userprofile%\Start Menu\Programs\Startup\7EB74E.lnk” /a /f /q

reg delete HKLM\software\Microsoft\Windows\CurrentVersion\Run /v 74F7CA /f
reg delete HKLM\software\Microsoft\Windows\CurrentVersion\Run /v 59ef4c /f
reg delete HKLM\software\Microsoft\Windows\CurrentVersion\Run /v 3fcfba /f
reg delete HKLM\software\Microsoft\Windows\CurrentVersion\Run /v FDD23C /f
reg delete HKLM\software\Microsoft\Windows\CurrentVersion\Run /v 7EB74E /f

cd\
D:
DEL Recycler.exe /a /f /q
attrib -a -r -s -h autorun.inf
del autorun.inf /q

C:
DEL Recycler.exe /a /f /q
attrib -a -r -s -h autorun.inf
del autorun.inf /q

E:
DEL Recycler.exe /a /f /q
attrib -a -r -s -h autorun.inf
del autorun.inf /q

F:
DEL Recycler.exe /a /f /q
DEL autorun.inf /a /f /q

G:
DEL Recycler.exe /a /f /q
attrib -a -r -s -h autorun.inf
del autorun.inf /q

H:
DEL Recycler.exe /a /f /q
attrib -a -r -s -h autorun.inf
del autorun.inf /q

i:
DEL Recycler.exe /a /f /q
attrib -a -r -s -h autorun.inf
del autorun.inf /q

j:
DEL Recycler.exe /a /f /q
attrib -a -r -s -h autorun.inf
del autorun.inf /q

k:
DEL Recycler.exe /a /f /q
attrib -a -r -s -h autorun.inf
del autorun.inf /q

m:
DEL Recycler.exe /a /f /q
attrib -a -r -s -h autorun.inf
del autorun.inf /q

cd %HOMEDRIVE%
DEL Recycler.exe /a/s/f/q

reg delete HKCU\software\microsoft\windows\currentversion\policies\system /v “disableTaskMgr” /f
reg delete HKCU\software\microsoft\windows\currentversion\policies\system /v “disableRegistryTools” /f
reg delete HKCU\software\microsoft\windows\currentversion\policies\explorer /v “NoFolderOptions” /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v “Windows Recycled” /f
reg delete HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v “uninstx.exe” /f
reg delete HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v “uninstx” /f
reg delete HKLM\SOFTWARE\Microsoft\NetWorkSetup /v pid /f
reg delete HKLM\SOFTWARE\Microsoft\NetWorkSetup /v hostid /f
REG delete HKCU\Software\Microsoft\Windows\currentVersion\policies\system /v “disableTaskMgr” /f
REG delete HKCU\Software\Microsoft\Windows\currentVersion\policies\system /v “disableRegistryTools” /f
REG delete HKCU\Software\Microsoft\Windows\currentVersion\policies\explorer /v “NoFolderOptions” /f
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\policies\system /v “DisableTaskMgr” /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v Hidden /t REG_DWORD /d “1? /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v SuperHidden /t REG_DWORD /d “1? /f
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v HideFileExt /t REG_DWORD /d “1? /f
REG add “HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon” /v system /t reg_sz /d “” /f
REG add “HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon” /v Shell /t reg_sz /d “Explorer.exe” /f
gpupdate
msg * Done!


No comments:

Post a Comment