mcafee识别到可疑病毒文件,但病毒库里没有病毒定义,就会把文件扩展名命名为vir或vxe,固建立此批处理文件,用已恢复被修改掉的exe文件
MCAFEE更名原则:
| Original Renamed | Description |
| Not V?? V?? | File extensions that do not start with v are renamed with v as |
| the initial letter of the file extension. For example, | |
| MYFILE.DOC becomes MYFILE.VOC. | |
| V?? VIR | File extensions that start with v are renamed as .VIR. For |
| example, MYFILE.VBs becomes MYFILE.VIR. | |
| VIR, V01–V99 |
These files are recognized as already infected, and are not renamed again. |
| VIR | Files with no extensions are given the extension, .VIR. |
@echo off
echo On Error Resume Next >%temp%\filesystem.vbs
echo Const wbemFlagReturnImmediately = ^&h10 >>%temp%\filesystem.vbs
echo Const wbemFlagForwardOnly = ^&h20 >>%temp%\filesystem.vbs
echo For Each strComputer In arrComputers >>%temp%\filesystem.vbs
echo Set objWMIService = GetObject(“winmgmts:\\.\root\CIMV2”) >>%temp%\filesystem.vbs >>%temp%\filesystem.vbs
echo Set colItems = objWMIService.ExecQuery(“SELECT * FROM Win32_LogicalDisk”, “WQL”, _ >>%temp%\filesystem.vbs
echo wbemFlagReturnImmediately + wbemFlagForwardOnly) >>%temp%\filesystem.vbs
echo For Each objItem In colItems >>%temp%\filesystem.vbs
echo if objItem.DriverType=3 Then WScript.Echo objItem.Caption ^& “\” End if >>%temp%\filesystem.vbs
echo Next >>%temp%\filesystem.vbs
echo Next >>%temp%\filesystem.vbs
for /f %%i in (‘cscript //nologo %temp%\filesystem.vbs’) do call :change %%i
goto end
:change
cd /d %1
for /f “delims=|” %%i in (‘dir *.vxe /b /s /a’) do (cacls “%%i” /e /g everyone:f & ren “%%i” *.exe)
:end
del %temp%\filesystem.vbs
您可能感兴趣的文章:
- 批处理ren重命名的方式
- C#使用OpenCv图像批处理并改变图片大小并且重命名
- Python批处理删除和重命名文件夹的实例
- 重命名批处理python脚本
- 文件夹取其名称前两位重命名的批处理代码
- 批处理重命名特殊文件名的代码
- 全盘搜索指定文件并拷贝到指定位置[自动重命名]的批处理
- 用批处理实现将文件以数字重命名的代码
- 用批处理重命名文本文件名的代码
- 重命名administrator账号的批处理文件
- 批处理应用:根据文件内容进行重命名操作
- 批处理应用根据文件内容进行重命名操作
- 批处理重命名系列案例代码
评论(0)