Virus kill VBS template update

Since the release ofWorm. Virus killing"and"Virus killing release and source code sharingAfter the virus killing in two articles, my virus killing VBS template has also begun to be considered and improved. This time, the added "HOSTS file recovery function module"and"Autorun Immune Function Module". The local service's control module is still under test... The source code is still completely public. This benefit is that friends who are interested can continue to improve it. Thank youLittle G、UMU、See through the world！

Updated on 07.4.30 as follows:
1. The "Virus File Deletion Module" supports environment variables, which makes this kill template more universal!
2. The "HOSTS file recovery module" supports line-breaking writing to the URL to be blocked, and complies with the HOSTS file format standard.

07.5.13 is updated as follows:
To solve the backslash\ problem, please see here:Virus kill VBS template update: Solve the backslash\problem. Template writing centers began to shift to WMI.

07.5.15 is updated as follows:
When writing *-PSW. virus killing, the code was optimized and elements such as arrays were added. For details, please check:*-PSW.Instructions in.

Please keep the template information complete if you reprint the following virus kill template. Thank you~~~

Attachment: If you want to learn how to write VBS special killing, you can refer to my previous article "VBS programming creates its own virus killing tool》, just throwing bricks and attracting jade... Thank you Xiao G, this template has to be perfected in time, and there are naturally many shortcomings. I hope everyone joins. Everyone is getting high firewood.

'-----------------------------------------------------------------------------------------------------------------------------
on error resume next
msgbox "This special killer is provided by ycosxhack/ycosxhack! ",64,"xxx virus killing"
'This special kill template has been made of ycosxhack (cosine function), my blog:/ycosxhack, welcome to discuss.

'-----------------------------------------------------------------------------------------------------------------------------
set w=getobject("winmgmts:")
set p=("select * from win32_process where name=''")
for each i in p

next
'-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

'-----------------------------------------------------------------------------------------------------------------------------
set WSHShell=("")
("ps /e * "),0,true
'Please put the third-party program and this special killer in the same directory
'-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

'-----------------------------------------------------------------------------------------------------------------------------
set fso=createobject("")
set del=("")
d1=("%temp%\")
d2=("%SystemRoot%\")
d3=("%SystemRoot%\system32\")
set v1=(d1)
set v2=(d2)
set v3=(d3)
set v4=("d:\virus\") 'If you do not involve environment variables, you can write it directly like this.
=0
=0
=0
=0

'-----------------------------------------------------------------------------------------------------------------------------

'-----------------------------------------------------------------------------------------------------------------------------
set fso=createobject("")
set drvs=
for each drv in drvs
if =1 or =2 or =3 or =4 then
set w=(&":\")
=0

set u=(&":\")
=0

end if
next
'-----------------------------------------------------------------------------------------------------------------------------

'-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
set fso=createobject("")
set reg=("")
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit", (1)&"\,","REG_SZ"
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools",0,"REG_DWORD"
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions"
'-----------------------------------------------------------------------------------------------------------------------------

'-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
set fso=createobject("")
set re=("C:\WINDOWS\system32\drivers\etc\hosts",2,0)
"127.0.0.1 localhost"
"127.0.0.1 �

set re=nothing
'-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

'-----------------------------------------------------------------------------------------------------------------------------
set fso=createobject("")
set drvs=
for each drv in drvs
if =1 or =2 or =3 or =4 then
(&":\")
(&":\\Immune folder..\")
set fl=(&":\")
=3
end if
next
'-----------------------------------------------------------------------------------------------------------------------------

set fso=nothing
msgbox "Virus removal is successful, please restart the computer!",64, "xxx virus killing"
'-----------------------------------------------------------------------------------------------------------------------------

Finally attachedUnautorun immunization folderThe red part below is the drive letter, you can continue to add...

@echo off
echo to relieve autorun immunity…Ycosxhack production
pause
for %%a in (c d e f) do rd %%a:\\immune folder..\ & attrib -h -r -s -a %%a:\ & rd %%a:\
@echo The immune release is completed!/ycosxhack
pause