Kill Uchelp.exe

根據達人提供資源編寫

【原創】UcHelp 病毒分析 By Cater  [url]http://bbs.pediy.com/showthread.php?t=45699[/url]

 

Kill-Uchelp.bat

-----------------------------------------------------------------------------

pskill -t explorer.exe
attrib -s -h c:\windows\system32\AceExt32.dll
attrib -s -h  "c:\windows\Downloaded Program Files\Ext32.dat"
attrib -s -h  "c:\windows\Downloaded Program Files\Ext32.dll"
attrib -s -h  "c:\windows\Downloaded Program Files\CxUSBKey.exe"
attrib -s -h  "c:\windows\Downloaded Program Files\ZipExt32.dll"
del "c:\windows\system32\AceExt32.dll"
del "c:\windows\Downloaded Program Files\Ext32.dat"
del "c:\windows\Downloaded Program Files\Ext32.dll"
del "c:\windows\Downloaded Program Files\CxUSBKey.exe"
del "c:\windows\Downloaded Program Files\ZipExt32.dll"
start explorer.exe
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\

                  CurrentVersion\ShellServiceObjectDelayLoad /v ZipExt32 /f
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\

                   CurrentVersion\ShellServiceObjectDelayLoad /v AceExt32 /f
reg delete HKEY_CLASSES_ROOT\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524140} /f
reg delete HKEY_CLASSES_ROOT\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524150} /f

 

 

說明：

1.附件需要分別改名爲pskill.exe和pdh.dll

2.文中reg delete後無換行

3.移動設備中的Uchelp.exe可根據Cater寫的文檔進行手工刪除

  （Step1：運用Attrib -s -h取消 RECYCLER下Uchelp.exe的隱藏和系統文件屬性）

   （Step2：Del Uchelp.exe）

*在刪除移動設備上的文件時，首先需要取消移動設備的AutoRun