找一台没有中毒的机器,并且让其显示文件扩展名(方法是:我的电脑→工具→文件夹选项→查看,把“隐藏已知文件类型的扩展名”前面的勾去掉)
你的U盘(内存卡)根目录下右键:新建→文本文档,打开这个新建文本文件。将下面代码粘贴进去:
@echo off
title Killer Of Trojan.Win32.Hider.i
echo Killer Of Trojan.Win32.Hider.i
chcp | find "437" >nul && (set "fs=Removable Drive" & set "rs=Application" & goto :start)
chcp | find "936" >nul && (set "fs=可移动驱动器" & set "rs=应用程序" & goto :start)
chcp | find "950" >nul && (set "fs=卸除式磁碟机" & set "rs=应用程式" & goto :start)
echo Language Not Supported & pause
goto :eof
:start
rem Kill Process
taskkill /f /im isass.exe >nul
rem Delte Files
del %windir%\system32\isass.exe /f /q /a >nul
rem Clean Registry
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt" /v UncheckedValue /t REG_DWORD /d 0 /f >nul
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden" /v UncheckedValue /t REG_DWORD /d 1 /f >nul
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 1 /f >nul
reg add "HKCR\exefile" /ve /d %rs% /f >nul
sc delete "CSNetManagerXp" >nul
rem Other
if not exist %windir%\system32\wbem\wmic.exe goto :C1
for /f "skip=2" %%i in ('fsutil fsinfo drives ^| more') do (
fsutil fsinfo drivetype %%i | find "%fs%" >nul&& call
F %%i
)
goto :END
:C1
set /p "u=%fs%:?(g:\ OR g:\ h:\)"
for %%i in (%u%) do call
F %%i
goto :END
F
for /f "delims=" %%a in ('dir %1 /b /ad /s') do (
attrib "%%~dpna" -s -h
del "%%~dpna.exe" /f /q /a 1>nul 2>nul
)
goto :eof
:END
pause
存盘退出记事本,将这个文件扩展名改为*.bat,然后运行它即可。
