Recently, all the exe files in my shared directory were infected by viruses. After checking online, I found out that it was "logo1_.exe" that was responsible. The harmfulness of this virus is highly rated on the Internet, and it is believed that as long as it is infected with the virus, the entire machine can only "Format". The reason is probably because all applications are infected, and running any program will cause the virus to "rebirth". I used "Kaba Driver" to kill the virus, but the result was that it could not be removed and my entire exe file was deleted. In depression, I wrote this dong dong myself to remove viruses from infected programs.
If you are infected by the "logo1_.exe" virus, please go online to find the relevant removal methods. This tool only removes viruses from infected files. Since there is not much time, there is no automatic registry recovery function;)
Poisoning phenomenon: A hidden "_desktop.ini" file will be created in all directories containing exe files, which records the date of virus infection. If you delete this file, the virus will re-infect the infected application and regenerate the "_desktop.ini" file; many virus-infected applications will have a very blurry ICO icon.
It is said on the Internet that the virus activates every three minutes. It is also said that newly installed machines working on a virus-infected network will be poisoned within three minutes. Friends who install a new system, be careful.
To prevent careless friends from running virus files, I have removed the ".exe" suffix. You can add the ".exe" suffix to compare the ICO icon transformation before and after anti-virus.
Remind again: Do not run the "Virus Sample" program before using this tool to remove the viruses in the "Virus Sample". Otherwise, you will win the bid immediately :D
Save it as:Logo1_Kill.js and run it
TaskKill("logo1_.exe");
TaskKill("rundl132.exe");
var window, lstKill, pnlScan, form1 = new Form;
form1.Run();
function Form()
{
var IE = WSH.GetObject("", "InternetExplorer.Application");
IE.ToolBar = 0;
IE.StatusBar = 0;
IE.Width = 350;
IE.Height = 360;
IE.Navigate("about:blank");
var document = IE.document;
document.body.scroll = "no";
document.body.style.font = "9pt 宋体";
window = document.frames;
document.body.charset = "gb2312";
document.bgColor = "menu";
document.body.style.border = 0;
document.title = "Logo1_.exe 病毒清除工具";
this.Run = function()
{
var btnKill = new Button("清除病毒");
var filebox = new FileBox;
var grpScan = new Group;
var grpKill = new Group("快速清除病毒");
var dirPath = new TextBox;
var btnScan = new Button("开始扫描");
pnlScan = new Panel;
lstKill = new ListBox;
dirPath.value = "D:\";
grpScan.Text.data = "目录扫描";
pnlScan.Text.data = "准备就绪";
lstKill.style.width = "100%";
lstKill.style.height = "2in";
AddControl(grpKill);
grpKill.Add(filebox);
grpKill.Add(btnKill);
AddControl(grpScan);
grpScan.Add(dirPath);
grpScan.Add(btnScan);
grpScan.Add(pnlScan);
grpScan.Add(lstKill);
btnKill.onclick = btnKill_Clicked;
btnScan.onclick = btnScan_Clicked;
IE.Visible = true;
try
{
while(!window.closed)
{
if(btnScan.disabled)
{
try
{
var FSO = new ActiveXObject("Scripting.FileSystemObject");
var Folder = FSO.getFolder(dirPath.value);
FolderList(Folder);
}
catch(err) ;
{}
function btnKill_Clicked()
{
var FilePath = filebox.value;
if(FilePath && Check(FilePath))
{
if(window.confirm("Virus found, do you want to remove it?"))
{
try
{
Backup (FilePath);
}
Catch (ERR) {}
While (Check (Filepath)) Clear (filepath); . ");
");
}
}
function btnScan_Clicked()
{
while(lstKill.options.length) lstKill.options.remove(0);
btnScan.disabled = true;
}
}
function AddControl(obj)
{
document.body.appendChild(obj);
}
function FileBox()
{
var obj = document.createElement("input");
obj.type = "file";
return obj;
}
function Button(text)
{
var obj = document.createElement("input");
obj.type = "button";
obj.value = text;
return obj;
}
function TextBox()
{
return document.createElement("input");
}
function Panel()
{
var Div = document.createElement("div");
Div.Add = function(Obj)
{
this.appendChild(Obj);
}
Div.Text = document.createTextNode();
Div.Add(Div.Text);
Div.style.overflow = "hidden";
return Div;
}
function Group(Title)
{
var fieldset = document.createElement("fieldset");
var legend = document.createElement("legend");
fieldset.Text = document.createTextNode();
fieldset.Text.data = Title;
legend.appendChild(fieldset.Text);
fieldset.Add = function(Obj)
{
this.appendChild(Obj);
}
fieldset.Add(legend);
fieldset.style.marginBottom = "2mm";
return fieldset;
}
function ListBox()
{
var select = document.createElement("select");
select.multiple = true;
select.Add = function(text)
{
var opt = window.Option(text);
select.options.add(opt);
}
return select;
}
}
function TaskKill(Process)
{
var WinMgmts = GetObject("WinMgmts://127.0.0.1");
var ProcList = WinMgmts.ExecQuery("select * from win32_process");
var ProcList = new Enumerator(ProcList);
while(!ProcList.atEnd())
{
if(ProcList.item().Name.toLowerCase() == Process.toLowerCase())
ProcList.item().terminate();
ProcList.moveNext();
}
}
function Check(SourcePath)
{
var Code = "MZKERNEL32.DLLx00x00LoadLibraryAx00x00x00x00GetProcAddressx00x00|x00x00BKwdwing@";
var Stream = new ActiveXObject("Adodb.Stream");
Stream.Open();
Stream.Charset = "gb2312";
Stream.LoadFromFile(SourcePath);
var Body = Stream.ReadText(60);
Stream.Close();
Body = Body.replace(/[sS]x00x00BK/, "|x00x00BK");
return Body == Code;
}
function Clear(SourcePath)
{
var Stream = new ActiveXObject("Adodb.Stream");
Stream.Open();
Stream.LoadFromFile(SourcePath);
var Body = Stream.ReadText(500 * 1024);
Stream.Close();
var Match = "";
while(Match.length < 21) Match = "x00";
Match = "MZ";
var C = 0, Temp = "";
while(C< Body.length && Temp.indexOf(Match) <0)
{
var Uni = Body.substr(C, 1000);
C = 1000;
Temp = Decode(Uni);
}
var Position = Temp.indexOf(Match) 21;
Stream.Type = 1;
Stream.Open();
Stream.LoadFromFile(SourcePath);
Stream.Position = Position;
Body = Stream.Read();
Stream.Position = 0;
Stream.SetEOS();
Stream.Write(Body);
Stream.SaveToFile(SourcePath, 2);
Stream.Close();
}
function Backup(SourcePath)
{
var FSO = new ActiveXObject("Scripting.FileSystemObject");
var File = FSO.GetFile(SourcePath);
File.Copy(SourcePath ".logo1_vir", false);
}
function Decode(text)
{
return text.replace(/([u0000-uffff])/g, function($1)
{
var uni = $1.charCodeAt(0).toString(16);
while(uni.length < 4) uni = "0" uni;
uni = uni.replace(/(w{2})(w{2})/g, "%$2%$1");
return unescape(uni);
});
}
함수 ScanFiles(Folder)
{
var Files = new Enumerator(Folder.Files);
while(!Files.atEnd())
{
if(Files.item().Name.slice(-4).toLowerCase() == ".exe")
{
var Path = Files.item().Path;
pnlScan.Text.data = 경로;
if(Check(Path))
{
시도
{
백업(경로);
}
catch(err){}
while(Check(Path)) Clear(Path);
lstKill.Add(Path " (OK)");
}
WSH.Sleep(50);
}
Files.moveNext();
}
}
function FolderList(폴더)
{
ScanFiles(폴더);
var Folders = new Enumerator(Folder.SubFolders);
WSH.Sleep(50);
while(!Folders.atEnd())
{
if(Folders.item().Path.match(/\/g).length > 255) continue;
pnlScan.Text.data = Folders.item().Path "\";
FolderList(Folders.item());
Folders.moveNext();
}
}
Statement:The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn