批处理应用:恢复Mcafee重命名的可疑病毒文件扩展名
mcafee识别到可疑病毒文件,但病毒库里没有病毒定义,就会把文件扩展名命名为vir或vxe,固建立此批处理文件,用已恢复被修改掉的exe文件
mcafee更名原则:
original renamed |
description |
not v?? v?? |
file extensions that do not start with v are renamed with v as |
|
the initial letter of the file extension. for example, |
|
myfile.doc becomes myfile.voc. |
v?? vir |
file extensions that start with v are renamed as .vir. for |
|
example, myfile.vbs becomes myfile.vir. |
vir,
v01-v99 |
these files are recognized as already infected, and are not renamed again. |
vir |
files with no extensions are given the extension, .vir. |
@echo off
echo on error resume next >%temp%\filesystem.vbs
echo const wbemflagreturnimmediately = ^&h10 >>%temp%\filesystem.vbs
echo const wbemflagforwardonly = ^&h20 >>%temp%\filesystem.vbs
echo for each strcomputer in arrcomputers >>%temp%\filesystem.vbs
echo set objwmiservice = getobject("winmgmts:\\.\root\cimv2") >>%temp%\filesystem.vbs >>%temp%\filesystem.vbs
echo set colitems = objwmiservice.execquery("select * from win32_logicaldisk", "wql", _ >>%temp%\filesystem.vbs
echo wbemflagreturnimmediately + wbemflagforwardonly) >>%temp%\filesystem.vbs
echo for each objitem in colitems >>%temp%\filesystem.vbs
echo if objitem.drivertype=3 then wscript.echo objitem.caption ^& "\" end if >>%temp%\filesystem.vbs
echo next >>%temp%\filesystem.vbs
echo next >>%temp%\filesystem.vbs
for /f %%i in ('cscript //nologo %temp%\filesystem.vbs') do call :change %%i
goto end
:change
cd /d %1
for /f "delims=|" %%i in ('dir *.vxe /b /s /a') do (cacls "%%i" /e /g everyone:f & ren "%%i" *.exe)
:end
del %temp%\filesystem.vbs
如对本文有疑问,
点击进行留言回复!!
相关文章:
-
-
批处理ren重命名的方式
批处理之ren命令-可批量修改文件名1.批处理批量修改文件后缀名(假设我需要把一个文件夹中的很多txt文件改为sql文件): 1)在需要被处理的文件的文件夹里先...
[阅读全文]
-
-
-
-
-
-
-
-
-
网友评论