Scribd
Upload
117 views3 pages

Xoaracvan

This document contains instructions for removing temporary files and malware from a Windows system using batch file commands. It deletes temporary files from various locations, kills running processes, deletes registry keys and files associated with malware, and modifies registry settings to disable certain services and protections. The instructions are part of a menu-driven batch file for cleaning a system.

Uploaded by

Softprovt Tran
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
117 views3 pages

Xoaracvan

This document contains instructions for removing temporary files and malware from a Windows system using batch file commands. It deletes temporary files from various locations, kills running processes, deletes registry keys and files associated with malware, and modifies registry settings to disable certain services and protections. The instructions are part of a menu-driven batch file for cleaning a system.

Uploaded by

Softprovt Tran
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

TITLE " :quetlai CLS @ECHO off :MENU echo. echo. echo. echo. echo ECHO. ECHO echo.

XOA RAC VA QUET VIRUS - VANTEOIT86

"

XOA RAC VA QUET VIRUS - VANTEOIT86 ! chuyen xoa rac va virus Secret !!

ECHO. ECHO ECHO 1 : xoarac . ECHO 2 : ill :diet virus logoff ECHO 3 : thoat . ECHO ECHO. SET /P = Ban. chon. : IF % %==1 GOTO xoarac IF % %==2 GOTO ill IF % %==3 GOTO thoat CLS GOTO MENU :XOARAC @echo off del /f /s /q /a "%userprofile%\Local Settings\Temp\*.*" rd /s /q "%userprofile%\Local Settings\Temp" md "%userprofile%\Local Settings\Temp" del /f /s /q /a "%userprofile%\Local Settings\Temporary Internet Files\*.*" rd /s /q "%userprofile%\Local Settings\Temporary Internet Files" md "%userprofile%\Local Settings\Temporary Internet Files" del /f /s /q /a "%userprofile%\Recent\*.*" rd /s /q "%userprofile%\Recent" md "%userprofile%\Recent" del /f /s /q /a "%userprofile%\Coo ies\*.*" rd /s /q "%userprofile%\Coo ies" md "%userprofile%\Coo ies" del /f /s /q /a "%windir%\temp\*.*" rd /s /q "%windir%\temp" md "%windir%\temp" del /f /s /q /a "%windir%\prefetch\*.*" rd /s /q "%windir%\prefetch" md "%windir%\prefetch" CLS GOTO MENU :KILL

tas ill /f /fi "IMAGENAME eq explorer*"

MD %windir%\system32\system.exe\........\ attrib +s +h +r %windir%\system32\system.exe tas ill /f /fi "IMAGENAME eq phimnguoilon*" Del /Q /F /A s /S %windir%\phimnguoilon.exe tas ill /f /fi "IMAGENAME eq phimhot*" Del /Q /F /A s /S %windir%\phimhot.exe tas ill /f /fi "IMAGENAME eq secret*" Del /Q /F /A s /S %windir%\secret.exe tas ill /f /fi "IMAGENAME eq bimat*" Del /Q /F /A s /S %windir%\bimat.exe Del Del Del Del Del Del Del Del Del Del Del Del Del Del Del Del Del Del Del Del Del Del Del Del

Reg Add HKLM\SYSTEM\CurrentControlSet\Services\wscsvc /v AutorunsDisabled /t REG

tas Del tas Del

tas tas Del Del

ill /f /fi "IMAGENAME eq system.exe" ill /f /fi "IMAGENAME eq userinit.exe" /Q /F /A s %windir%\system32\system.exe /Q /F /A s %windir%\userinit.exe ill /f /fi "IMAGENAME eq system.exe" /Q /F /A s %windir%\system32\system.exe ill /f /fi "IMAGENAME eq userinit.exe" /Q /F /A s %windir%\userinit.exe

/Q /Q /Q /Q /Q /Q /Q /Q /Q /Q /Q /Q /Q /Q /Q /Q /Q /Q /Q /Q /Q /Q /Q /Q

/F /F /F /F /F /F /F /F /F /F /F /F /F /F /F /F /F /F /F /F /F /F /F /F

/A /A /A /A /A /A /A /A /A /A /A /A /A /A /A /A /A /A /A /A /A /A /A /A

s s s s s s s s s s s s s s s s s s s s s s s s

c:\autorun* d:\autorun* e:\autorun* f:\autorun* g:\autorun* h:\autorun* i:\autorun* j:\autorun* :\autorun* l:\autorun* m:\autorun* n:\autorun* o:\autorun* p:\autorun* q:\autorun* r:\autorun* s:\autorun* t:\autorun* u:\autorun* v:\autorun* w:\autorun* x:\autorun* y:\autorun* z:\autorun*

_DWORD /d 1 /f Reg Add HKLM\SYSTEM\CurrentControlSet\Services\wscsvc /v Start /t REG_DWORD /d 4 /f Reg Add HKLM\SYSTEM\CurrentControlSet\Services\wuauserv /v AutorunsDisabled /t R EG_DWORD /d 1 /f Reg Add HKLM\SYSTEM\CurrentControlSet\Services\wuauserv /v Start /t REG_DWORD /d 4 /f Reg Add "HKCU\Software\Microsoft\Search Assistant" /v SocialUI /t REG_DWORD /d 0 /f Reg Add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t REG_SZ /d Explorer.exe /f Reg Add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /t REG_SZ /d C:\WINDOWS\system32\userinit.exe, /F reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "Dis ableRegistryTools" /t REG_DWORD /d 0 /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "Dis ableTas Mgr" /t REG_DWORD /d 0 /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "N oFolderOptions" /t REG_DWORD /d 0 /f reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Fol der\Hidden\ShowAll" /v "Chec edValue" /f reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder \Hidden\ShowAll" /v "Chec edValue" /t REG_DWORD /d 1 /f CLS GOTO EX :EX EXPLORER EXIT :thoat exit

You might also like