中了“logo1_.exe”病毒请上网查找相关清除方法,本工具只是清除被感染文件里面的病毒,因没有太多时间,没做注册表自动恢复功能;)
中毒的现象:会在所有含有exe文件的目录下建立一个隐藏的“_desktop.ini”文件,里面记录了病毒感染的日期。如果删除该文件,病毒会重复感染已感染的应用程序并重新生成“_desktop.ini”文件;很多被病毒感染的应用程序会出现很模糊的ICO图标。
网上传说该病毒每三分钟活动一次哦,还说新装的机器在带毒的网络工作,三分钟之内就会被遭毒手,装新系统的朋友小心了。
为防止不小心的朋友运行病毒文件,我已经将“.exe”后缀去掉了。大家可以添加“.exe”后缀名对比杀毒前和杀毒后的ICO图标变换情况。
再次提醒:未使用本工具清除“病毒样本”里的病毒之前,千万别运行“病毒样本”程序。否则马上中标:D
保存为:Logo1_Kill.js运行即可
复制代码 代码如下:
TaskKill("logo1_.exe");
TaskKill("rundl132.exe");
varwindow,lstKill,pnlScan,form1=newForm;
form1.Run();
functionForm()
{
varIE=WSH.GetObject("","InternetExplorer.Application");
IE.ToolBar=0;
IE.StatusBar=0;
IE.Width=350;
IE.Height=360;
IE.Navigate("about:blank");
vardocument=IE.document;
document.body.scroll="no";
document.body.style.font="9pt宋体";
window=document.frames;
document.body.charset="gb2312";
document.bgColor="menu";
document.body.style.border=0;
document.title="Logo1_.exe病毒清除工具";
this.Run=function()
{
varbtnKill=newButton("清除病毒");
varfilebox=newFileBox;
vargrpScan=newGroup;
vargrpKill=newGroup("快速清除病毒");
vardirPath=newTextBox;
varbtnScan=newButton("开始扫描");
pnlScan=newPanel;
lstKill=newListBox;
dirPath.value="D:";
grpScan.Text.data="目录扫描";
pnlScan.Text.data="准备就绪";
lstKill.style.width="100%";
lstKill.style.height="2in";
AddControl(grpKill);
grpKill.Add(filebox);
grpKill.Add(btnKill);
AddControl(grpScan);
grpScan.Add(dirPath);
grpScan.Add(btnScan);
grpScan.Add(pnlScan);
grpScan.Add(lstKill);
btnKill.onclick=btnKill_Clicked;
btnScan.onclick=btnScan_Clicked;
IE.Visible=true;
try
{
while(!window.closed)
{
if(btnScan.disabled)
{
try
{
varFSO=newActiveXObject("Scripting.FileSystemObject");
varFolder=FSO.getFolder(dirPath.value);
FolderList(Folder);
}
catch(err)
{
window.alert(err.message);
}
btnScan.disabled=false;
window.alert("扫描完成。");
}
WSH.Sleep(1000);
}
}
catch(err)
{}
functionbtnKill_Clicked()
{
varFilePath=filebox.value;
if(FilePath&&Check(FilePath))
{
if(window.confirm("发现病毒,是否清除?"))
{
try
{
Backup(FilePath);
}
catch(Err){}
while(Check(FilePath))Clear(FilePath);
window.alert("清除了一个病毒。");
}
}
else
{
window.alert("未发现病毒。");
}
}
functionbtnScan_Clicked()
{
while(lstKill.options.length)lstKill.options.remove(0);
btnScan.disabled=true;
}
}
functionAddControl(obj)
{
document.body.appendChild(obj);
}
functionFileBox()
{
varobj=document.createElement("input");
obj.type="file";
returnobj;
}
functionButton(text)
{
varobj=document.createElement("input");
obj.type="button";
obj.value=text;
returnobj;
}
functionTextBox()
{
returndocument.createElement("input");
}
functionPanel()
{
varDiv=document.createElement("div");
Div.Add=function(Obj)
{
this.appendChild(Obj);
}
Div.Text=document.createTextNode();
Div.Add(Div.Text);
Div.style.overflow="hidden";
returnDiv;
}
functionGroup(Title)
{
varfieldset=document.createElement("fieldset");
varlegend=document.createElement("legend");
fieldset.Text=document.createTextNode();
fieldset.Text.data=Title;
legend.appendChild(fieldset.Text);
fieldset.Add=function(Obj)
{
this.appendChild(Obj);
}
fieldset.Add(legend);
fieldset.style.marginBottom="2mm";
returnfieldset;
}
functionListBox()
{
varselect=document.createElement("select");
select.multiple=true;
select.Add=function(text)
{
varopt=window.Option(text);
select.options.add(opt);
}
returnselect;
}
}
functionTaskKill(Process)
{
varWinMgmts=GetObject("WinMgmts://127.0.0.1");
varProcList=WinMgmts.ExecQuery("select*fromwin32_process");
varProcList=newEnumerator(ProcList);
while(!ProcList.atEnd())
{
if(ProcList.item().Name.toLowerCase()==Process.toLowerCase())
ProcList.item().terminate();
ProcList.moveNext();
}
}
functionCheck(SourcePath)
{
varCode="MZKERNEL32.DLLx00x00LoadLibraryAx00x00x00x00GetProcAddressx00x00|x00x00BKwdwing@";
varStream=newActiveXObject("Adodb.Stream");
Stream.Open();
Stream.Charset="gb2312";
Stream.LoadFromFile(SourcePath);
varBody=Stream.ReadText(60);
Stream.Close();
Body=Body.replace(/[sS]x00x00BK/,"|x00x00BK");
returnBody==Code;
}
functionClear(SourcePath)
{
varStream=newActiveXObject("Adodb.Stream");
Stream.Open();
Stream.LoadFromFile(SourcePath);
varBody=Stream.ReadText(500*1024);
Stream.Close();
varMatch="";
while(Match.length<21)Match+="x00";
Match+="MZ";
varC=0,Temp="";
while(C
varUni=Body.substr(C,1000);
C+=1000;
Temp+=Decode(Uni);
}
varPosition=Temp.indexOf(Match)+21;
Stream.Type=1;
Stream.Open();
Stream.LoadFromFile(SourcePath);
Stream.Position=Position;
Body=Stream.Read();
Stream.Position=0;
Stream.SetEOS();
Stream.Write(Body);
Stream.SaveToFile(SourcePath,2);
Stream.Close();
}
functionBackup(SourcePath)
{
varFSO=newActiveXObject("Scripting.FileSystemObject");
varFile=FSO.GetFile(SourcePath);
File.Copy(SourcePath+".logo1_vir",false);
}
functionDecode(text)
{
returntext.replace(/([u0000-uffff])/g,function($1)
{
varuni=$1.charCodeAt(0).toString(16);
while(uni.length<4)uni="0"+uni;
uni=uni.replace(/(w{2})(w{2})/g,"%$2%$1");
returnunescape(uni);
});
}
functionScanFiles(Folder)
{
varFiles=newEnumerator(Folder.Files);
while(!Files.atEnd())
{
if(Files.item().Name.slice(-4).toLowerCase()==".exe")
{
varPath=Files.item().Path;
pnlScan.Text.data=Path;
if(Check(Path))
{
try
{
Backup(Path);
}
catch(err){}
while(Check(Path))Clear(Path);
lstKill.Add(Path+"(OK)");
}
WSH.Sleep(50);
}
Files.moveNext();
}
}
functionFolderList(Folder)
{
ScanFiles(Folder);
varFolders=newEnumerator(Folder.SubFolders);
WSH.Sleep(50);
while(!Folders.atEnd())
{
if(Folders.item().Path.match(//g).length>255)continue;
pnlScan.Text.data=Folders.item().Path+"";
FolderList(Folders.item());
Folders.moveNext();
}
}