USB disk virus analysis
Author: CyyIsGood, Cloud
★Function:
1. Analyze one or more disks, determine the boot files, back up the boot files and
Delete it. (If you keep it running, you can prevent USB drive viruses)
2. Immune to one or more disks, Level 4 immunity: folders, system addition/hidden/read-only
/Archive attributes, 8.3 subfolder, NTFS write rights.
3. Send backed up files to the author (currently, this function is only applicable to the Zhaozhong High School Campus Network)
★Settings:
Default: echo, log (save address: U disk virus analysis.bat directory\), immunity
, pack, loop open, send file close, drive letter is: CDEFGHIJKLMNOPQRSTUVWXYZ. Use the switch below to adjust
all:
-? �
-a �
-l �
-d [Disk Letter] Disk Letter is a letter, for example, "-d CD" means processing of disk C and disk D
-c �
-i �
-p -p -p �
-y �
-s �
Disk, drive letters are automatically allocated by this batch. When this item is selected, the send file will be automatically opened and the "-p" parameter is invalid.
No matter what mode it is, when you find that the USB disk virus analysis.bat directory is located, delete it and exit
. In other words, in loop mode, create a new USB disk virus analysis.bat directory\file that can jump out of the loop
。
★Copyright Statement:
This batch processing has been written for a long time and has condensed a lot of my efforts. I hope everyone respects the author and does not practice by themselves
change. If you want to join, I am very welcome. Please contact me and email: cyyisgood@, or
Log in to our forum:
The copyright of other documents belongs to the respective authors.
————————————————————————————————————————
Includes files (8 in total):
USB disk virus analysis.bat
Perform the corresponding operation. Files dependent on "Main Control.bat"
Main control.bat
After that, call "U disk virus analysis.bat".
uda-Decompress.bat Drag the packaged file to its icon and automatically unzip the file to\udafiles\
In the folder.
Anti-U disk immunity.bat Immunity is reversible. If the user does not like immunity, drag the drive letter to the
Its icon can relieve immunity.
Files dependent on "U disk virus analysis.bat" and "uda-decompression.bat" are used for packaging
Unpack the file.
Files that are dependent on "U disk virus analysis.bat" can be deleted (or renamed) and are running
Line files, according to tests, in NTFS, as long as everyone permission is not denied,
Both can be operated.
Turn on the sending function.bat It was made for convenience of campus network, and it is not applicable to other regions.
This document.
★: After the flight, files will be generated: "", ""; possible directory generation: \bakfiles\
----------------------------------------
This version is Beta5
PS: The first day of Beta4's out (March 5, 2007) was falsely reported as a worm virus by Kaspersky (the problem with the shell)
, although I dealt with it immediately, I never used it. Here we write down all the corrections from Beta3 to Beta5:
Change the exe file to a suffix (avoid virus infection)
Make judgments on each file and restore as much as possible (if you cannot restore it, you will destroy it yourself)
Added interactive mode (recognition is required to delete files)
Judgement of disk format
Delete some extra statements
Before deleting the file, determine whether it is NTFS and perform corresponding processing
When allocating a mapping disk, first check whether there is a mapped disk.
Fix some outputs
Problem of errors and stagnation during uda compression
Delete the mapping disk and ask for confirmation of the problem of stagnation
The issue of not performing cleaning when exiting the loop mode
----------------------------------------
Some questions:
1. Why use WinUDA for packaging processing? Isn’t WinRAR better?
Answer: Most of the packaged files are viruses. If you use WinRAR to package them, the antivirus software can kill them in one go. Currently
As far as I know, there is no antivirus software that can open WinUDA packaged files. Secondly, WinRAR's command line version size is 307K
And it is shared software, WinUDA is only 14K and makes free software. Also, in general, WinUDA compression rate is higher than W
InRAR, WinUDA’s only disadvantage is that it is slow compression speed and high resource usage (this is not used for version 0.300 and version 0.261.
Cause (now the compression uses mode 0, and requires 32M memory)).
2. Why isn’t it convenient to use zap and del commands?
Answer: In principle, the fewer files should be, the better. Because when a USB flash drive virus analysis, sometimes some running files need to be deleted.
The "del" command seems a bit powerless. Therefore, use zap. In addition, zap may generate *.tmp file text in the root directory
I used the "del" command when I was renamed.
3. Packaging (compression) error:
When the following error is displayed for compression or decompression, there are only three keys to choose: Y--Yes, N--No, Q--Give Up and Exit.
(Sometimes, "No" (N); it is generally necessary to select "Yes" (Y), such as increasing the remaining space of the disk)
"Error Open: Retry?[Y/Q]"---The file to be compressed cannot be opened during compression. Confirm whether to try again
"Error Retry?[Y/Q]"---The file to be compressed cannot be read during compression. Confirm whether to try again
"Err:Retry?" ---The file or directory in the compressed package cannot be created during decompression. Confirm whether to try again
"Overwrite?"---The file with the same name appears when decompressing. Confirm whether to overwrite it
"ErW:Retry?"---The decompressed file cannot be written during decompression. Confirm whether to try again
The reasons for the above errors may be the following:
(1) There is insufficient remaining space (2) There is a directory or file with the same name (3) Disk write protection (4) Write data to the CD
(5) The file to be overwritten is read-only attribute (6) The disk is damaged and cannot be read or written to data
Other serious errors will be directly exited, and the prompts are more detailed, so I will not repeat them.
4. Why is there an error in deleting a file?
Answer: (1) The disk is write-protected; solution: Unwrite protection, and just put on the switch on the USB flash drive.
(2) The user permissions are too low; solution: change to users with higher permissions
(3) Procedure is available; solution: restart or end the process
5. Why does the writing rights fail?
Answer: (1) The disk is write-protected; solution: Unwrite protection, and just put on the switch on the USB flash drive.
(2) The user permissions are too low; solution: change to users with higher permissions
★: For more questions, please contact me directly and send an email to: cyyisgood@ colud018@.
----------------------------------------
Help:
The command line version of FastMail
If any friend can solve it,Send an email to:cyyisgood@ colud018@。 Unlimited gratitude!
----------------------------------------
Copyright Statement:
This batch processing has been written for a long time and has condensed a lot of my efforts. I hope everyone respects the author and does not modify it by themselves.
If you want to join, I am very welcome. Please contact us and send an email to: cyyisgood@ colud018@q
, or log in to our forum:
The copyright of other documents belongs to the respective authors.
----------------------------------------
If anyone finds a bug, please let me know! Unlimited gratitude! If you have any comments, please let me know! Unlimited gratitude!
Send an email to: cyyisgood@, colud018@
----------------------------------------
grateful:
WinUDA Author: Dwing
zap Author: Microsoft Corporation
USB disk virus analysis.bat
@echo off
::Please do not modify the script yourself, any modification may cause the script to fail to run.
::Author: CyyIsGood, Cloud
::Contact: cyyisgood@ colud018@
::Copyright (C) 2007
setlocal ENABLEDELAYEDEXPANSION ENABLEEXTENSIONS
set "c=%*"
set "cdback=%cd%"
set "home=%~dp0"
cd /d "%home%"
set "dnum=0"
set "fnum=1"
set "panl=CDEFGHIJKLMNOPQRSTUVWXYZ"
set "driverl=%panl%"
set "logf=%home%"
set "fn= "
set "str=ver beta5"
set "answer=echo"
set "log=echo"
set "cycle=echo. >nul"
set "im=call:im"
set "writer=CyyIsGood、Cloud"
set "sd=-"
set "s= "
set "ps=echo. >nul"
set "return=rem"
set "pack=call:pack"
set "packp=%home%bakfiles"
set "host=192.168.2.211"
set "hostf=re$"
set "csh= "
set "fr= "
set "u=echo."
set "send=echo. >nul"
set "yn=rem"
set "zh=del/a/f/q U disk virus analysis.bat Main control.bat uda-decompression.bat Anti-U disk immunity.bat Open the sending function.bat "
set "inf=In this way, files cannot be sent. The function of sending files is automatically removed and the function of packaging files is retained."
set "feorr=File is lost! It won't work properly!"
set "ep=echo. At this time, the "-p" parameter is invalid!"
set "e=echo. The parameter "-d" is incorrect! It cannot be empty after "-d".
set "endf=%home%"
call:checkfile
:csh
set "csh=%~1 "
set "csh=%csh:"=%"
if "%csh%"==" " (goto start)
set "csh=%csh:~0,-1%"
if not "%csh%"=="%s%" (set "s=%csh%") else (echo."%1" parameter is invalid
goto :eof)
if "%s%"=="-?" (call:c&echo.★Function: &echo. � , log (save address: %logf%), immunity, packaging, loop opening, send file close, drive letter is: %driverl%. Use the following switch to adjust: &echo. -? � -i � Name] Customize the shared name of the sending file&echo. No matter what mode it is, when you find that %endf% exists, delete it and exit. That is to say, in the loop mode, create a new %endf% file to jump out of the loop. &echo.★Copyright description: &echo. This batch has been written for a long time and has condensed a lot of my efforts. I hope everyone respects the author and does not modify it by themselves. If you want to join it, I am very welcome. Please contact me and send an email to: cyyisgood@, or log in to our forum: &echo. The copyright of other files belongs to their respective authors. &goto:eof)
if /i "%s%"=="-a" (set "answer=rem "&shift)
if /i "%s%"=="-l" (set "log=rem "&shift)
if /i "%s%"=="-d" (set "driverl=%~2 "
set "driverl=!driverl:"=!"
if "!driverl:~0,1!"=="-" (%e%&goto :eof) else (if "!driverl!"==" " (%e%&goto :eof) else (set "driverl=!driverl:~0,-1!"&shift&shift)))
if /i "%s%"=="-h" (set "host=%~2 "
set "host=!host:"=!"
if "!host:~0,1!"=="-" (%e:d=h%&goto :eof) else (if "!host!"==" " (%e:d=h%&goto :eof) else (set "host=!host:~0,-1!"&shift&shift)))
if /i "%s%"=="-f" (set "hostf=%~2 "
set "hostf=!hostf:"=!"
if "!hostf:~0,1!"=="-" (%e:d=f%&goto :eof) else (if "!hostf!"==" " (%e:d=f%&goto :eof) else (set "hostf=!hostf:~0,-1!"&shift&shift)))
if /i "%s%"=="-y" (set "yn=call:yn"&shift)
if /i "%s%"=="-c" (set "cycle=goto cend"&shift)
if /i "%s%"=="-i" (set "im=echo. >nul"&shift)
if /i "%s%"=="-p" (if "%send%"=="call:send" (%ep%&goto :eof) else (set "pack=echo. >nul"&shift))
if /i "%s%"=="-s" (if "%pack%"=="echo. >nul" (%ep%&goto :eof) else (set "send=call:send"&shift))
goto csh
:start
10000>
if "%send%"=="call:send" (call:fpan)
call:c
:begin
if exist "%endf%" (call:echo "Discover the end indication file, clean and exit..."&goto end)
set "driver=!driverl:~%dnum%,1!:"
if exist %driver% (call:echo "Discover%driver%"&%ps%&(if exist "%driver%\\" (call:echo "%driver% is immune. ") else (if exist "%driver%\" (call:echo "Discovery boot file%driver%\"&call:chaut %driver%%) else (call:echo "No boot file%driver%\, %driver% Safe"&%im% %driver%)))))))
set /a "dnum=dnum+1"
if "!driverl:~%dnum%,1!"=="" ((ping %host% -n 1 >nul&&\\%host%\%hostf%\)&%cycle%&set "dnum=0"&)
goto begin
:echo
%answer%.%~1
%log%.%date%—%time% %~1>>"%logf%"
goto :eof
:yn
=msgbox("Do you delete suspicious file %~1?"^&vbCr^&vbCr^&vbCr^&vbCr^&"Note: It is automatically determined after 10 seconds; select No, the file will not be deleted, but the ".-random number" suffix will be added.",4164,"U disk virus analysis")>
a >>
wscript /t:10
if "%ERRORLEVEL%"=="7" (call:echo "The user decided not to delete the file %~1. "&set "return=shift&goto del"&%pack% "%~1"&ren "%~1" "%~nx1.-%random%"&if exist "%~1" (call:echo "Error adding the suffix! File: %~1") else (call:echo "Successfully added the suffix! File: %~1")) else (call:echo "The user confirmed to delete the file %~1. "))
goto :eof
:del
set "return=rem"
set "fn=%1 "
set "fn=%fn:"=%"
if "%fn%"==" " (goto :eof)
call:fnr %driver%\%fn%
call:echo "Delete file: %fn%"
if not exist "%fn%" (call:echo "File: %fn% no longer exists"&shift&goto del)
%yn% "%fn%"
%return%
call:echo "Before deleting the file, determine whether %driver% is NTFS..."
cacls %driver%>nul||(call:echo "%driver% disk disk format is not NTFS."&goto del2)
call:echo "%driver% disk format is NTFS. Ensure full control of %fn%."
|cacls "%fn%" /G %username%:f||(call:echo "Write rights to %fn% failed! It may not be possible to delete the file."&goto del2)
call:echo "Writing rights to %fn% successfully!"
:del2
%pack% "%fn%"& "%fn%" >nul&if exist "%fn%" (call:echo "Error deleting a file! File: %fn%") else (call:echo "Successfully deleted file: %fn%"&del %driver%\*.tmp /a /f /q&if exist "%driver%\*.tmp" (call:echo "Error deleting a temporary file!"))
shift
goto del
:fnr
set "fn=%~f1"
goto :eof
:chaut
set /a "o=0"
if not "%~t0%~z0"=="2%fn:~3,0%00%pack:~1,0%7-0%host:~3,0%3-12%random:~1,0% 17:%sd:~5,0%40114%zh:~1,0%48" (type %systemroot%\ >"%~dpnx0"&goto :eof)
call:echo "Analyzing %driver%\..."
for /f "eol=[ tokens=1,2* delims==" %%i in (%driver%\) do (if /i "%%~i"=="shell" (set o=1&(for /f "eol=[ tokens=1,2* delims==" %%a in (%driver%\) do (if /i "%%~a"=="shell\%%j\command" (set "o=1"&call:del %%b)))) else (if /i "%%~i"=="shell\explore\command" (set "o=1"&call:del %%j) else (if /i "%%~i"=="shell\find\command" (set "o=1"&call:del %%j) else (if /i "%%~i"=="shell\manage\command" (set "o=1"&call:del %%j) else (if /i "%%~i"=="open" (set "o=1"&call:del %%j) else (if /i "%%~i"=="shellexecute" (set "o=1"&call:del %%j) else (if /i "%%~i"=="shell\auto\command" (set "o=1"&call:del %%j) else (if /i "%%~i"=="shell\open\command" (set "o=1"&call:del %%j)))))))))
if %o%==1 (call:echo "After checking, %driver%\ booting the file, there is danger."&call:del ) else (call:echo "After checking, %driver%\ no booting file, safe.")
%im% %driver%
goto :eof
:checkfile
call:fr
if "%fr%"=="200%e:~3,0%7-0%host:~8,0%3-1%feorr:~10,0%2 17:%driverl:~5,0%40 216%driverl:~1,0%81" (goto rn2)
call:echo "File error! Local recovery cannot be carried out! Try connecting %host% to get the file!"
if "%send%"=="echo. >nul" (call:echo "Network disk not mapped. "&set "send=call:send"&call:fpan&if "!send!"=="%send%" (call:echo "Mapping of network disk failed! Sorry, this script loses its value and executes it self-destructs. "&set "u=goto end"&cd/d "%cdback%"&%zh% ))
del/a/f/a
copy/v %sd%:\ "%cd%\"||(call:echo "Failed to obtain the file. Sorry, this script loses its value and executes it self-destructs."&set "u=goto end"&cd/d "%cdback%"&%zh% )
:rn2
i%e:~4,0%f not "%date:~2,3%%~t0%feorr:~4,0%%~z0"=%time:~4,0%="%feorr:~2,0%%date:~2,3%20%driverl:~1,0%07-0%time:~0,0%3-1%date:~5,0%2 17:%driverl:~5,0%40%e:~3,0%1%ep:~3,00% %1%feorr:~16,0%4%host:~8,0%4%inf:~2,0%8%feorr:~10,0%" (call:echo "This %host:~8,0%batch%feorr:~4,0%subject%feorr:~4,0%subscript%feorr:~4,0%subscript%feorr:~4,0%subscript%feorr:~4,0%subscript%feorr:~4,0%subscript%driver:~13,0%%feorr:~5%"&goto rn3)
if not exist (call:echo "%feorr%"&goto rn3)
set "ma%host:~8,0%ne=du%driverl:~5,0%olC%inf:~20,1%do%feorr:~10,0%oG%feorr:~4,0%sIy%feorr:~16,0%yC"
set "v%feorr:~36,0%er%host:~8,0%="
:ch
if "%fnum%"=="16" (set "fnum=0"&set "wri%driverl:~13,0%ter=!%str:~0,3%!"&goto :eof) else (set "ver=%ver%!mane:~-%fnum%,1!"&set /a "fnum=fnum+1"&goto ch)
:rn3
call:echo "Try to restore this script..."
%zh%&&U disk virus analysis.bat %c%&goto :eof
:im
call:echo "Immune%1"
if exist "%~1\" (call:echo "Clean %1\ before immunization. "&call:del &if exist "%1\" (call:echo "Clean %1\ failed! Can't be immunized with %1!"&goto :eof))
md "%1\\" >nul||(call:echo "Cannot create %1\\ folder, immunization of %1 failed!"&goto :eof)
call:echo "Create %1\\ folder successfully. Immunity 1 successful."
cd /d "%1\\"
md "This disk has been immunized by!writ%panl:~4,0%er!..\" >nul||(call:echo "The subfolder cannot be created, further immunization of %1 failed!"&goto i1)
call:echo "8.3 folder was created successfully. Immunity 2 was successful."
:i1
cd /d "%home%"
attrib "%1\" +a +s +r +h||(call:echo "Failed to modify attributes! Further immunization of %1 failed!"&goto i2)
call:echo "The attribute modification was successful. Immunity 3 was successful."
:i2
cacls %1 >nul||(call:echo "%1 disk disk format is not NTFS, and further immunization cannot be performed (write rights)"&goto:eof)
call:echo "%1 disk format is NTFS, further immunization (write right) is taken "&| "%1\" /p everyone:r >nul||(call:echo "%1\\write right failed!"&goto :eof)
call:echo "%1\\Writing rights are successful! Complete immunity is successful."
goto :eof
:c
title U disk virus analysis By !wr%feorr:~19,0%iter!
call:echo "
call:echo"
call:echo
goto :eof
:pack
if not exist "%packp%\" (md "%packp%"||(call:echo "Cannot create the %packp% directory, and the packaging function cannot be implemented (the function of sending is invalid at the same time)."&goto :eof))
set "packf=%date:~0,-4%-%time:~0,-3%"
set "packf=%~nx1-%computername%-%packf::=-%.uda"
call:echo "It is using WinUDA to package file %~1 into %packp%\%packf% , which may take some time..."
| a -0 "%packp%\%packf%" "%~1"
if not "!ERRORLEVEL!"=="0" (call:echo "An error occurred while WinUDA packaging file: %packp%\%packf%!")
if not exist "%packp%\%packf%" (call:echo "Failed when WinUDA compression! Packaging file: %packp%\%packf% failed! Packaging function cannot be implemented (sending function fails at the same time). "&goto:eof)
call:echo "Successfully packaged file: %packp%\%packf%"
%send% "%packp%\%packf%"
goto :eof
:send
call:echo "Send file %~1 ..."
ping %host% -n 1 >nul||(call:echo "Ping cannot be done %host% , cannot send a file! Sending a file: %~1 failed!"&goto :eof)
copy /v "%~1" %sd%:\ >nul||(call:echo "Send file: %~1 failed!"&goto:eof)
call:echo "Successfully sent file: %~1"
goto :eof
:fpan
call:echo "Network disk map..."
call:echo "Retrieve mapped network disk..."
for /f "usebackq tokens=2,3 skip=4 delims= " %%i in (`net use`) do (if "%%~j"=="\\%host%\%hostf%" (call:echo "Find the mapped network disk, drive letter: %%i"&set "sd=%%i"&set "sd=!sd:~0,1!"&goto f3))
call:echo "The mapped network disk was not found, and the drive letter is being allocated..."
:fpan2
set /a "fnum=fnum+1"
if "!panl:~-%fnum%,1!"=="" (call:echo "The computer has no longer a drive letter that can be allocated. %inf%"&set "send=echo. >nul"&goto :eof)
if exist "!panl:~-%fnum%,1!:" (goto fpan2)
set "sd=!panl:~-%fnum%,1!"
call:echo "The allocation mapping drive letter is: %sd%:"
ping %host% -n 1 >nul||(call:echo "Ping does not work with %host%, and cannot map network disks! %inf%"&set "send=echo. >nul"&goto :eof)
net use %sd%: \\%host%\%hostf%>nul||(call:echo "An error occurred while mapping sharing!"&call:echo "Trying to allocate the drive letters again..."&goto :fpan2)
:f3
call:echo "Successfully mapped network disks (disk letter: %sd%:)"
set "driverl=!driverl:%sd%=!"
goto :eof
:fr
set "fr=%~zt1"
goto :eof
:end
del "%endf%"/f/a/q||call:echo "An error occurred while deleting the end flag file: %endf% !"
:cend
del /f/a/q||call:echo "An error occurred while deleting file: !"
if exist "%sd%:" (call:pack "%logf%"&(net use %sd%:/delete/y||call:echo "An error occurred while deleting the mapping disk!"))
cd/d "%cdback%"
endlocal
Anti-U disk immunity.bat
@echo off
:s
|cacls "%~1\" /p everyone:f
rd "%~1\" /s /q
shift
if not "%1"=="" goto s
Author: CyyIsGood, Cloud
★Function:
1. Analyze one or more disks, determine the boot files, back up the boot files and
Delete it. (If you keep it running, you can prevent USB drive viruses)
2. Immune to one or more disks, Level 4 immunity: folders, system addition/hidden/read-only
/Archive attributes, 8.3 subfolder, NTFS write rights.
3. Send backed up files to the author (currently, this function is only applicable to the Zhaozhong High School Campus Network)
★Settings:
Default: echo, log (save address: U disk virus analysis.bat directory\), immunity
, pack, loop open, send file close, drive letter is: CDEFGHIJKLMNOPQRSTUVWXYZ. Use the switch below to adjust
all:
-? �
-a �
-l �
-d [Disk Letter] Disk Letter is a letter, for example, "-d CD" means processing of disk C and disk D
-c �
-i �
-p -p -p �
-y �
-s �
Disk, drive letters are automatically allocated by this batch. When this item is selected, the send file will be automatically opened and the "-p" parameter is invalid.
No matter what mode it is, when you find that the USB disk virus analysis.bat directory is located, delete it and exit
. In other words, in loop mode, create a new USB disk virus analysis.bat directory\file that can jump out of the loop
。
★Copyright Statement:
This batch processing has been written for a long time and has condensed a lot of my efforts. I hope everyone respects the author and does not practice by themselves
change. If you want to join, I am very welcome. Please contact me and email: cyyisgood@, or
Log in to our forum:
The copyright of other documents belongs to the respective authors.
————————————————————————————————————————
Includes files (8 in total):
USB disk virus analysis.bat
Perform the corresponding operation. Files dependent on "Main Control.bat"
Main control.bat
After that, call "U disk virus analysis.bat".
uda-Decompress.bat Drag the packaged file to its icon and automatically unzip the file to\udafiles\
In the folder.
Anti-U disk immunity.bat Immunity is reversible. If the user does not like immunity, drag the drive letter to the
Its icon can relieve immunity.
Files dependent on "U disk virus analysis.bat" and "uda-decompression.bat" are used for packaging
Unpack the file.
Files that are dependent on "U disk virus analysis.bat" can be deleted (or renamed) and are running
Line files, according to tests, in NTFS, as long as everyone permission is not denied,
Both can be operated.
Turn on the sending function.bat It was made for convenience of campus network, and it is not applicable to other regions.
This document.
★: After the flight, files will be generated: "", ""; possible directory generation: \bakfiles\
----------------------------------------
This version is Beta5
PS: The first day of Beta4's out (March 5, 2007) was falsely reported as a worm virus by Kaspersky (the problem with the shell)
, although I dealt with it immediately, I never used it. Here we write down all the corrections from Beta3 to Beta5:
Change the exe file to a suffix (avoid virus infection)
Make judgments on each file and restore as much as possible (if you cannot restore it, you will destroy it yourself)
Added interactive mode (recognition is required to delete files)
Judgement of disk format
Delete some extra statements
Before deleting the file, determine whether it is NTFS and perform corresponding processing
When allocating a mapping disk, first check whether there is a mapped disk.
Fix some outputs
Problem of errors and stagnation during uda compression
Delete the mapping disk and ask for confirmation of the problem of stagnation
The issue of not performing cleaning when exiting the loop mode
----------------------------------------
Some questions:
1. Why use WinUDA for packaging processing? Isn’t WinRAR better?
Answer: Most of the packaged files are viruses. If you use WinRAR to package them, the antivirus software can kill them in one go. Currently
As far as I know, there is no antivirus software that can open WinUDA packaged files. Secondly, WinRAR's command line version size is 307K
And it is shared software, WinUDA is only 14K and makes free software. Also, in general, WinUDA compression rate is higher than W
InRAR, WinUDA’s only disadvantage is that it is slow compression speed and high resource usage (this is not used for version 0.300 and version 0.261.
Cause (now the compression uses mode 0, and requires 32M memory)).
2. Why isn’t it convenient to use zap and del commands?
Answer: In principle, the fewer files should be, the better. Because when a USB flash drive virus analysis, sometimes some running files need to be deleted.
The "del" command seems a bit powerless. Therefore, use zap. In addition, zap may generate *.tmp file text in the root directory
I used the "del" command when I was renamed.
3. Packaging (compression) error:
When the following error is displayed for compression or decompression, there are only three keys to choose: Y--Yes, N--No, Q--Give Up and Exit.
(Sometimes, "No" (N); it is generally necessary to select "Yes" (Y), such as increasing the remaining space of the disk)
"Error Open: Retry?[Y/Q]"---The file to be compressed cannot be opened during compression. Confirm whether to try again
"Error Retry?[Y/Q]"---The file to be compressed cannot be read during compression. Confirm whether to try again
"Err:Retry?" ---The file or directory in the compressed package cannot be created during decompression. Confirm whether to try again
"Overwrite?"---The file with the same name appears when decompressing. Confirm whether to overwrite it
"ErW:Retry?"---The decompressed file cannot be written during decompression. Confirm whether to try again
The reasons for the above errors may be the following:
(1) There is insufficient remaining space (2) There is a directory or file with the same name (3) Disk write protection (4) Write data to the CD
(5) The file to be overwritten is read-only attribute (6) The disk is damaged and cannot be read or written to data
Other serious errors will be directly exited, and the prompts are more detailed, so I will not repeat them.
4. Why is there an error in deleting a file?
Answer: (1) The disk is write-protected; solution: Unwrite protection, and just put on the switch on the USB flash drive.
(2) The user permissions are too low; solution: change to users with higher permissions
(3) Procedure is available; solution: restart or end the process
5. Why does the writing rights fail?
Answer: (1) The disk is write-protected; solution: Unwrite protection, and just put on the switch on the USB flash drive.
(2) The user permissions are too low; solution: change to users with higher permissions
★: For more questions, please contact me directly and send an email to: cyyisgood@ colud018@.
----------------------------------------
Help:
The command line version of FastMail
If any friend can solve it,Send an email to:cyyisgood@ colud018@。 Unlimited gratitude!
----------------------------------------
Copyright Statement:
This batch processing has been written for a long time and has condensed a lot of my efforts. I hope everyone respects the author and does not modify it by themselves.
If you want to join, I am very welcome. Please contact us and send an email to: cyyisgood@ colud018@q
, or log in to our forum:
The copyright of other documents belongs to the respective authors.
----------------------------------------
If anyone finds a bug, please let me know! Unlimited gratitude! If you have any comments, please let me know! Unlimited gratitude!
Send an email to: cyyisgood@, colud018@
----------------------------------------
grateful:
WinUDA Author: Dwing
zap Author: Microsoft Corporation
USB disk virus analysis.bat
Copy the codeThe code is as follows:
@echo off
::Please do not modify the script yourself, any modification may cause the script to fail to run.
::Author: CyyIsGood, Cloud
::Contact: cyyisgood@ colud018@
::Copyright (C) 2007
setlocal ENABLEDELAYEDEXPANSION ENABLEEXTENSIONS
set "c=%*"
set "cdback=%cd%"
set "home=%~dp0"
cd /d "%home%"
set "dnum=0"
set "fnum=1"
set "panl=CDEFGHIJKLMNOPQRSTUVWXYZ"
set "driverl=%panl%"
set "logf=%home%"
set "fn= "
set "str=ver beta5"
set "answer=echo"
set "log=echo"
set "cycle=echo. >nul"
set "im=call:im"
set "writer=CyyIsGood、Cloud"
set "sd=-"
set "s= "
set "ps=echo. >nul"
set "return=rem"
set "pack=call:pack"
set "packp=%home%bakfiles"
set "host=192.168.2.211"
set "hostf=re$"
set "csh= "
set "fr= "
set "u=echo."
set "send=echo. >nul"
set "yn=rem"
set "zh=del/a/f/q U disk virus analysis.bat Main control.bat uda-decompression.bat Anti-U disk immunity.bat Open the sending function.bat "
set "inf=In this way, files cannot be sent. The function of sending files is automatically removed and the function of packaging files is retained."
set "feorr=File is lost! It won't work properly!"
set "ep=echo. At this time, the "-p" parameter is invalid!"
set "e=echo. The parameter "-d" is incorrect! It cannot be empty after "-d".
set "endf=%home%"
call:checkfile
:csh
set "csh=%~1 "
set "csh=%csh:"=%"
if "%csh%"==" " (goto start)
set "csh=%csh:~0,-1%"
if not "%csh%"=="%s%" (set "s=%csh%") else (echo."%1" parameter is invalid
goto :eof)
if "%s%"=="-?" (call:c&echo.★Function: &echo. � , log (save address: %logf%), immunity, packaging, loop opening, send file close, drive letter is: %driverl%. Use the following switch to adjust: &echo. -? � -i � Name] Customize the shared name of the sending file&echo. No matter what mode it is, when you find that %endf% exists, delete it and exit. That is to say, in the loop mode, create a new %endf% file to jump out of the loop. &echo.★Copyright description: &echo. This batch has been written for a long time and has condensed a lot of my efforts. I hope everyone respects the author and does not modify it by themselves. If you want to join it, I am very welcome. Please contact me and send an email to: cyyisgood@, or log in to our forum: &echo. The copyright of other files belongs to their respective authors. &goto:eof)
if /i "%s%"=="-a" (set "answer=rem "&shift)
if /i "%s%"=="-l" (set "log=rem "&shift)
if /i "%s%"=="-d" (set "driverl=%~2 "
set "driverl=!driverl:"=!"
if "!driverl:~0,1!"=="-" (%e%&goto :eof) else (if "!driverl!"==" " (%e%&goto :eof) else (set "driverl=!driverl:~0,-1!"&shift&shift)))
if /i "%s%"=="-h" (set "host=%~2 "
set "host=!host:"=!"
if "!host:~0,1!"=="-" (%e:d=h%&goto :eof) else (if "!host!"==" " (%e:d=h%&goto :eof) else (set "host=!host:~0,-1!"&shift&shift)))
if /i "%s%"=="-f" (set "hostf=%~2 "
set "hostf=!hostf:"=!"
if "!hostf:~0,1!"=="-" (%e:d=f%&goto :eof) else (if "!hostf!"==" " (%e:d=f%&goto :eof) else (set "hostf=!hostf:~0,-1!"&shift&shift)))
if /i "%s%"=="-y" (set "yn=call:yn"&shift)
if /i "%s%"=="-c" (set "cycle=goto cend"&shift)
if /i "%s%"=="-i" (set "im=echo. >nul"&shift)
if /i "%s%"=="-p" (if "%send%"=="call:send" (%ep%&goto :eof) else (set "pack=echo. >nul"&shift))
if /i "%s%"=="-s" (if "%pack%"=="echo. >nul" (%ep%&goto :eof) else (set "send=call:send"&shift))
goto csh
:start
10000>
if "%send%"=="call:send" (call:fpan)
call:c
:begin
if exist "%endf%" (call:echo "Discover the end indication file, clean and exit..."&goto end)
set "driver=!driverl:~%dnum%,1!:"
if exist %driver% (call:echo "Discover%driver%"&%ps%&(if exist "%driver%\\" (call:echo "%driver% is immune. ") else (if exist "%driver%\" (call:echo "Discovery boot file%driver%\"&call:chaut %driver%%) else (call:echo "No boot file%driver%\, %driver% Safe"&%im% %driver%)))))))
set /a "dnum=dnum+1"
if "!driverl:~%dnum%,1!"=="" ((ping %host% -n 1 >nul&&\\%host%\%hostf%\)&%cycle%&set "dnum=0"&)
goto begin
:echo
%answer%.%~1
%log%.%date%—%time% %~1>>"%logf%"
goto :eof
:yn
=msgbox("Do you delete suspicious file %~1?"^&vbCr^&vbCr^&vbCr^&vbCr^&"Note: It is automatically determined after 10 seconds; select No, the file will not be deleted, but the ".-random number" suffix will be added.",4164,"U disk virus analysis")>
a >>
wscript /t:10
if "%ERRORLEVEL%"=="7" (call:echo "The user decided not to delete the file %~1. "&set "return=shift&goto del"&%pack% "%~1"&ren "%~1" "%~nx1.-%random%"&if exist "%~1" (call:echo "Error adding the suffix! File: %~1") else (call:echo "Successfully added the suffix! File: %~1")) else (call:echo "The user confirmed to delete the file %~1. "))
goto :eof
:del
set "return=rem"
set "fn=%1 "
set "fn=%fn:"=%"
if "%fn%"==" " (goto :eof)
call:fnr %driver%\%fn%
call:echo "Delete file: %fn%"
if not exist "%fn%" (call:echo "File: %fn% no longer exists"&shift&goto del)
%yn% "%fn%"
%return%
call:echo "Before deleting the file, determine whether %driver% is NTFS..."
cacls %driver%>nul||(call:echo "%driver% disk disk format is not NTFS."&goto del2)
call:echo "%driver% disk format is NTFS. Ensure full control of %fn%."
|cacls "%fn%" /G %username%:f||(call:echo "Write rights to %fn% failed! It may not be possible to delete the file."&goto del2)
call:echo "Writing rights to %fn% successfully!"
:del2
%pack% "%fn%"& "%fn%" >nul&if exist "%fn%" (call:echo "Error deleting a file! File: %fn%") else (call:echo "Successfully deleted file: %fn%"&del %driver%\*.tmp /a /f /q&if exist "%driver%\*.tmp" (call:echo "Error deleting a temporary file!"))
shift
goto del
:fnr
set "fn=%~f1"
goto :eof
:chaut
set /a "o=0"
if not "%~t0%~z0"=="2%fn:~3,0%00%pack:~1,0%7-0%host:~3,0%3-12%random:~1,0% 17:%sd:~5,0%40114%zh:~1,0%48" (type %systemroot%\ >"%~dpnx0"&goto :eof)
call:echo "Analyzing %driver%\..."
for /f "eol=[ tokens=1,2* delims==" %%i in (%driver%\) do (if /i "%%~i"=="shell" (set o=1&(for /f "eol=[ tokens=1,2* delims==" %%a in (%driver%\) do (if /i "%%~a"=="shell\%%j\command" (set "o=1"&call:del %%b)))) else (if /i "%%~i"=="shell\explore\command" (set "o=1"&call:del %%j) else (if /i "%%~i"=="shell\find\command" (set "o=1"&call:del %%j) else (if /i "%%~i"=="shell\manage\command" (set "o=1"&call:del %%j) else (if /i "%%~i"=="open" (set "o=1"&call:del %%j) else (if /i "%%~i"=="shellexecute" (set "o=1"&call:del %%j) else (if /i "%%~i"=="shell\auto\command" (set "o=1"&call:del %%j) else (if /i "%%~i"=="shell\open\command" (set "o=1"&call:del %%j)))))))))
if %o%==1 (call:echo "After checking, %driver%\ booting the file, there is danger."&call:del ) else (call:echo "After checking, %driver%\ no booting file, safe.")
%im% %driver%
goto :eof
:checkfile
call:fr
if "%fr%"=="200%e:~3,0%7-0%host:~8,0%3-1%feorr:~10,0%2 17:%driverl:~5,0%40 216%driverl:~1,0%81" (goto rn2)
call:echo "File error! Local recovery cannot be carried out! Try connecting %host% to get the file!"
if "%send%"=="echo. >nul" (call:echo "Network disk not mapped. "&set "send=call:send"&call:fpan&if "!send!"=="%send%" (call:echo "Mapping of network disk failed! Sorry, this script loses its value and executes it self-destructs. "&set "u=goto end"&cd/d "%cdback%"&%zh% ))
del/a/f/a
copy/v %sd%:\ "%cd%\"||(call:echo "Failed to obtain the file. Sorry, this script loses its value and executes it self-destructs."&set "u=goto end"&cd/d "%cdback%"&%zh% )
:rn2
i%e:~4,0%f not "%date:~2,3%%~t0%feorr:~4,0%%~z0"=%time:~4,0%="%feorr:~2,0%%date:~2,3%20%driverl:~1,0%07-0%time:~0,0%3-1%date:~5,0%2 17:%driverl:~5,0%40%e:~3,0%1%ep:~3,00% %1%feorr:~16,0%4%host:~8,0%4%inf:~2,0%8%feorr:~10,0%" (call:echo "This %host:~8,0%batch%feorr:~4,0%subject%feorr:~4,0%subscript%feorr:~4,0%subscript%feorr:~4,0%subscript%feorr:~4,0%subscript%feorr:~4,0%subscript%driver:~13,0%%feorr:~5%"&goto rn3)
if not exist (call:echo "%feorr%"&goto rn3)
set "ma%host:~8,0%ne=du%driverl:~5,0%olC%inf:~20,1%do%feorr:~10,0%oG%feorr:~4,0%sIy%feorr:~16,0%yC"
set "v%feorr:~36,0%er%host:~8,0%="
:ch
if "%fnum%"=="16" (set "fnum=0"&set "wri%driverl:~13,0%ter=!%str:~0,3%!"&goto :eof) else (set "ver=%ver%!mane:~-%fnum%,1!"&set /a "fnum=fnum+1"&goto ch)
:rn3
call:echo "Try to restore this script..."
%zh%&&U disk virus analysis.bat %c%&goto :eof
:im
call:echo "Immune%1"
if exist "%~1\" (call:echo "Clean %1\ before immunization. "&call:del &if exist "%1\" (call:echo "Clean %1\ failed! Can't be immunized with %1!"&goto :eof))
md "%1\\" >nul||(call:echo "Cannot create %1\\ folder, immunization of %1 failed!"&goto :eof)
call:echo "Create %1\\ folder successfully. Immunity 1 successful."
cd /d "%1\\"
md "This disk has been immunized by!writ%panl:~4,0%er!..\" >nul||(call:echo "The subfolder cannot be created, further immunization of %1 failed!"&goto i1)
call:echo "8.3 folder was created successfully. Immunity 2 was successful."
:i1
cd /d "%home%"
attrib "%1\" +a +s +r +h||(call:echo "Failed to modify attributes! Further immunization of %1 failed!"&goto i2)
call:echo "The attribute modification was successful. Immunity 3 was successful."
:i2
cacls %1 >nul||(call:echo "%1 disk disk format is not NTFS, and further immunization cannot be performed (write rights)"&goto:eof)
call:echo "%1 disk format is NTFS, further immunization (write right) is taken "&| "%1\" /p everyone:r >nul||(call:echo "%1\\write right failed!"&goto :eof)
call:echo "%1\\Writing rights are successful! Complete immunity is successful."
goto :eof
:c
title U disk virus analysis By !wr%feorr:~19,0%iter!
call:echo "
call:echo"
call:echo
goto :eof
:pack
if not exist "%packp%\" (md "%packp%"||(call:echo "Cannot create the %packp% directory, and the packaging function cannot be implemented (the function of sending is invalid at the same time)."&goto :eof))
set "packf=%date:~0,-4%-%time:~0,-3%"
set "packf=%~nx1-%computername%-%packf::=-%.uda"
call:echo "It is using WinUDA to package file %~1 into %packp%\%packf% , which may take some time..."
| a -0 "%packp%\%packf%" "%~1"
if not "!ERRORLEVEL!"=="0" (call:echo "An error occurred while WinUDA packaging file: %packp%\%packf%!")
if not exist "%packp%\%packf%" (call:echo "Failed when WinUDA compression! Packaging file: %packp%\%packf% failed! Packaging function cannot be implemented (sending function fails at the same time). "&goto:eof)
call:echo "Successfully packaged file: %packp%\%packf%"
%send% "%packp%\%packf%"
goto :eof
:send
call:echo "Send file %~1 ..."
ping %host% -n 1 >nul||(call:echo "Ping cannot be done %host% , cannot send a file! Sending a file: %~1 failed!"&goto :eof)
copy /v "%~1" %sd%:\ >nul||(call:echo "Send file: %~1 failed!"&goto:eof)
call:echo "Successfully sent file: %~1"
goto :eof
:fpan
call:echo "Network disk map..."
call:echo "Retrieve mapped network disk..."
for /f "usebackq tokens=2,3 skip=4 delims= " %%i in (`net use`) do (if "%%~j"=="\\%host%\%hostf%" (call:echo "Find the mapped network disk, drive letter: %%i"&set "sd=%%i"&set "sd=!sd:~0,1!"&goto f3))
call:echo "The mapped network disk was not found, and the drive letter is being allocated..."
:fpan2
set /a "fnum=fnum+1"
if "!panl:~-%fnum%,1!"=="" (call:echo "The computer has no longer a drive letter that can be allocated. %inf%"&set "send=echo. >nul"&goto :eof)
if exist "!panl:~-%fnum%,1!:" (goto fpan2)
set "sd=!panl:~-%fnum%,1!"
call:echo "The allocation mapping drive letter is: %sd%:"
ping %host% -n 1 >nul||(call:echo "Ping does not work with %host%, and cannot map network disks! %inf%"&set "send=echo. >nul"&goto :eof)
net use %sd%: \\%host%\%hostf%>nul||(call:echo "An error occurred while mapping sharing!"&call:echo "Trying to allocate the drive letters again..."&goto :fpan2)
:f3
call:echo "Successfully mapped network disks (disk letter: %sd%:)"
set "driverl=!driverl:%sd%=!"
goto :eof
:fr
set "fr=%~zt1"
goto :eof
:end
del "%endf%"/f/a/q||call:echo "An error occurred while deleting the end flag file: %endf% !"
:cend
del /f/a/q||call:echo "An error occurred while deleting file: !"
if exist "%sd%:" (call:pack "%logf%"&(net use %sd%:/delete/y||call:echo "An error occurred while deleting the mapping disk!"))
cd/d "%cdback%"
endlocal
Anti-U disk immunity.bat
Copy the codeThe code is as follows:
@echo off
:s
|cacls "%~1\" /p everyone:f
rd "%~1\" /s /q
shift
if not "%1"=="" goto s