按照以下要求写一个源码

丰晨软件 · 发表于 2025-2-22 18:33:44

1、删除有关“smss”及“.vba”的启动项！

2、结束系统内如下进程：

%SystemRoot%/system/svchost.exe
%SystemRoot%/SYSTEM32/wscript.exe

（注意是%SystemRoot%/system/svchost.exe进程，不是%SystemRoot%/system32/svchost.exe进程）

3、接下来删除以下文件：
删除%SystemRoot%/system/svchost.exe
删除C:/盘至Z:/盘的根目录下的Autorun.inf文件
删除C:/盘至Z:/盘的根目录下的*.vbs文件
删除C:/盘至Z:/盘的根目录下的*.lnk文件

4、修改注册表，显示被隐藏的正常文件夹

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/Hidden/SHOWALL
"CheckedValue"=dword:00000001
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/Hidden/NOHIDDEN
"CheckedValue"=dword:00000002

5、如果检测到U盘，则把U盘隐藏的文件夹全部显示出来。

冷渣渣 · 发表于 2025-2-22 18:38:25

[Shell] 纯文本查看 复制代码

@echo off
setlocal enabledelayedexpansion

:: 请求管理员权限
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
if %errorlevel% neq 0 (
    echo 正在请求管理员权限...
    powershell -Command "Start-Process '%~dpnx0' -Verb RunAs"
    exit /b
)

:: 1.删除启动项
echo 正在清理恶意启动项...
for /f "tokens=2,*" %%a in ('reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Run /s /f "*smss*" 2^>nul') do (
    reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "%%a" /f >nul
)
for /f "tokens=2,*" %%a in ('reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Run /s /f "*smss*" 2^>nul') do (
    reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "%%a" /f >nul
)
for /f "tokens=2,*" %%a in ('reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Run /s /f "*.vba" 2^>nul') do (
    reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "%%a" /f >nul
)

:: 2.结束恶意进程
echo 正在终止恶意进程...
wmic process where "ExecutablePath like '%%\\\\system\\\\svchost.exe'" call terminate >nul 2>&1
wmic process where "ExecutablePath like '%%\\\\SYSTEM32\\\\wscript.exe'" call terminate >nul 2>&1

:: 3.删除恶意文件
echo 正在清理恶意文件...
del /f /q "%SystemRoot%\system\svchost.exe" >nul 2>&1

for %%d in (A B C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
    if exist %%d:\ (
        del /f /q "%%d:\Autorun.inf" >nul 2>&1
        del /f /q "%%d:\*.vbs" >nul 2>&1
        del /f /q "%%d:\*.lnk" >nul 2>&1
    )
)

:: 4.修复注册表设置
echo 正在修复隐藏文件设置...
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /v CheckedValue /t REG_DWORD /d 1 /f >nul
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN" /v CheckedValue /t REG_DWORD /d 2 /f >nul

:: 5.修复U盘隐藏文件
echo 正在修复U盘隐藏属性...
for /f "tokens=2 delims==" %%d in ('wmic logicaldisk where "drivetype=2" get deviceid /value ^| find "="') do (
    attrib -s -h -r "%%d\*" /s /d >nul
)

:: 刷新系统设置
echo 正在刷新系统设置...
taskkill /f /im explorer.exe >nul 2>&1
start explorer.exe >nul

echo 清理完成！按任意键退出...
pause >nul
exit

aipca · 发表于 2025-2-22 20:03:23

冷渣渣发表于 2025-2-22 18:38
[mw_shl_code=shell,false]@echo off
setlocal enabledelayedexpansion

这个批处理秀！

丰晨软件 · 发表于 2025-2-22 20:23:45

我需要一个易语言源码

hxnr · 发表于 2025-2-22 20:59:08

import os
import sys
import ctypes
import winreg
import psutil
import subprocess
import string
from time import sleep

def is_admin():
"""检查管理员权限"""
try:
      return ctypes.windll.shell32.IsUserAnAdmin()
except:
      return False

def elevate_admin():
"""请求管理员权限"""
ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, __file__, None, 1)
sys.exit()

def delete_startup_entries():
"""删除启动项"""
keys = [
      (winreg.HKEY_CURRENT_USER, r"Software\Microsoft\Windows\CurrentVersion\Run"),
      (winreg.HKEY_LOCAL_MACHINE, r"Software\Microsoft\Windows\CurrentVersion\Run")
]

for hive, subkey in keys:
      try:
         with winreg.OpenKey(hive, subkey, 0, winreg.KEY_ALL_ACCESS) as key:
            i = 0
            while True:
                  try:
                     name, value, _ = winreg.EnumValue(key, i)
                     if any(kw in value.lower() for kw in ("smss", ".vba")):
                        winreg.DeleteValue(key, name)
                        print(f"已删除启动项: {name}")
                     i += 1
                  except OSError:
                     break
      except FileNotFoundError:
         continue

def kill_malicious_processes():
"""终止恶意进程"""
system_root = os.environ['SystemRoot'].lower()
targets = [
      rf"{system_root}\system\svchost.exe",
      rf"{system_root}\system32\wscript.exe"
]

for proc in psutil.process_iter(['pid', 'exe']):
      try:
         exe_path = proc.info['exe']
         if exe_path is None:
            continue
         if any(exe_path.lower() == t.lower() for t in targets):
            proc.terminate()
            print(f"已终止进程: {exe_path}")
      except (psutil.NoSuchProcess, psutil.AccessDenied):
         continue

def delete_files():
"""删除恶意文件"""
# 删除系统文件
sys_file = rf"{os.environ['SystemRoot']}\system\svchost.exe"
try:
      os.remove(sys_file)
      print(f"已删除系统文件: {sys_file}")
except Exception as e:
      pass

# 遍历所有驱动器
drives = [f"{d}:\\" for d in string.ascii_uppercase if os.path.exists(f"{d}:")]
patterns = ["Autorun.inf", "*.vbs", "*.lnk"]

for drive in drives:
      for pattern in patterns:
         try:
            for f in os.listdir(drive):
                  if f.lower() == pattern.lower() or pattern.startswith('*'):
                     file_path = os.path.join(drive, f)
                     if os.path.isfile(file_path):
                        os.remove(file_path)
                        print(f"已删除文件: {file_path}")
         except PermissionError:
            print(f"权限不足无法访问: {drive}")
            continue
         except FileNotFoundError:
            continue

def fix_registry():
"""修复注册表设置"""
entries = [
      (r"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL", "CheckedValue", 1),
      (r"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN", "CheckedValue", 2)
]

for subkey, value_name, value in entries:
      try:
         key = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, subkey, 0, winreg.KEY_WRITE)
         winreg.SetValueEx(key, value_name, 0, winreg.REG_DWORD, value)
         winreg.CloseKey(key)
         print(f"已修复注册表项: {subkey}")
      except Exception as e:
         print(f"注册表修改失败: {e}")

def fix_usb_hidden_files():
"""修复U盘隐藏文件"""
drives = []
try:
      for part in psutil.disk_partitions():
         if 'removable' in part.opts.lower():
            drives.append(part.mountpoint)
except:
      pass

for drive in drives:
      try:
         subprocess.run(f'attrib -h -s -r "{drive}\\*" /s /d', shell=True, check=True)
         print(f"已修复U盘隐藏属性: {drive}")
      except subprocess.CalledProcessError as e:
         print(f"U盘处理失败: {e}")

def main():
if not is_admin():
      print("正在请求管理员权限...")
      elevate_admin()
      return

print("========== 正在处理启动项 ==========")
delete_startup_entries()

print("\n========== 正在终止恶意进程 ==========")
kill_malicious_processes()
sleep(1)  # 等待进程终止

print("\n========== 正在清理恶意文件 ==========")
delete_files()

print("\n========== 修复注册表设置 ==========")
fix_registry()

print("\n========== 处理U盘隐藏文件 ==========")
fix_usb_hidden_files()

print("\n========== 操作已完成 ==========")
print("提示：")
print("1. 建议手动重启资源管理器（explorer.exe）")
print("2. 部分更改可能需要重启计算机才能生效")
os.system("pause")

if __name__ == "__main__":
main()

丰晨软件 · 发表于 2025-2-26 12:49:51

已解决该问题

		自动登录	找回密码
密码			注册

[易语言] 按照以下要求写一个源码