Gizli klasör sorunlarının çoğu flash virüsleri yüzündendir.
Evet bir çok arkadaşımın söylediği gibi gizli dosyaları gösterebilmek için Combofix iyi bir program.kolaylıkla bulunabilir ve çalıştırılabilir. Ama bu programın kötü tarafı aktif koruma sağlamaz. yani bilgisayarınızda virüs olduğundan şüpheleniyorsanız çalıştırırsınız siler. virüsün bilgisayara bulaşmasını engellemez. Bilgisayarınıza bu virüslerin bulaşmasını engellemek için ise yine küçük bir program olan "usb disk security" progamını kullanmanızı tavsiye ederim. Türkçe ve sınırsız sürümlerini kolayca bulabilirsiniz.
ayrıca aşağıdaki kodları kopyalayıp not defterine yapıştırın. dosyaya bir isim verin. dosyanın uzantısını da değiştirin ".txt"i silin yerine ".vbs" yazın. sonra kaydettiğiniz dosyaya çift tıklayın.Bu metodları internette daha önce bulmuştum ama bana kolaylık sağladı
on Error Resume Next
Dim objShell, objFileSystem, objTextStream, objRegex
Dim colRegexMatches1, colRegexMatches2
Dim nReturnCode
Dim strIpFileText
Dim element, i
Dim Lista
Lista=array("n1de?ect.com","nide?ect.com","nlde?ec t.com","j*.bat","m*.com","d*.com","copy.exe","host .exe",_
"a0*.com","ntdeiect.com","ntdelect.com", "u?de*.com","ntde1ect.com", "x*.com", "tio*.*",_
"80*.com","semo*.exe")
Set geekside=WScript.CreateObject("WScript.Shell")
Set objShell = WScript.CreateObject("WScript.Shell")
Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set colDrives = objFSO.Drives
Wscript.Echo "Bu program flash virüslerini ve onun çeşitli türevlerini silmek için tasarlanmıştır."
Wscript.Echo "Arama ve temizleme işlemi başlıyor. biraz sabırlı olalım."
i=0
For Each objDrive in colDrives
If objDrive.IsReady = True Then
nret=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\autorun.inf",0,TRUE)
Set objTextStream = objFileSystem.OpenTextFile(objDrive.DriveLetter&": \autorun.inf",1)
strIpFileText = objTextStream.ReadAll
objTextStream.Close
End If
Next
Set objRegex = new RegExp
objRegex.Pattern = "=\w+(.com|.bat|.exe|.pif|.scr|.svd|.dat|.tmp) "
objRegex.Global = True
objRegex.IgnoreCase = True
Set colRegexMatches1 = objRegex.Execute(strIpFileText)
i=0
For Each element In colRegexMatches1
element = Replace(element,"=","")
WScript.Echo "Virüsleri ve klasörlerini silme işi sürüyor :" & element
For Each objDrive in colDrives
If objDrive.IsReady = True Then
Wscript.Echo "Temizleniyor: " & objDrive.DriveLetter
nret=geekside.Run("cmd /C taskkill /f /im amvo.exe",0,TRUE)
nret=geekside.Run("cmd /C taskkill /f /im avpo.exe",0,TRUE)
nret=geekside.Run("cmd /C taskkill /f /im semo2x.exe.tmp",0,TRUE)
nret=geekside.Run("cmd /C taskkill /f /im semo2x.exe",0,TRUE)
nret=geekside.Run("cmd /C taskkill /f /im help.exe.tmp",0,TRUE)
nret=geekside.Run("cmd /C attrib -s -h -r " &objDrive.DriveLetter&":\" & element &"",0,TRUE)
nret=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\" & element & "/f /q /a",0,TRUE)
nret=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\autorun.inf",0,TRUE)
End If
Next
i = i + 1
Next
Set objRegex= Nothing
Set objTextStream = Nothing
Set objFileSystem = Nothing
Set objShell = Nothing
nret15=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\amvo*.*",0,TRUE)
nret16=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\avpo*.*",0,TRUE)
nret20=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\help.exe.tmp",0,TRUE)
nret56=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\semo*.*",0,TRUE)
nret60=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\semo*.*.*",0,TRUE)
nret23=geekside.Run("cmd /C del /f c:\windows\system32\amvo*.*",0,TRUE)
nret24=geekside.Run("cmd /C del /f c:\windows\system32\avpo*.*",0,TRUE)
nret57=geekside.Run("cmd /C del /f c:\windows\system32\semo*.*.*",0,TRUE)
nret59=geekside.Run("cmd /C del /f c:\windows\system32\semo*.*",0,TRUE)
WScript.Echo "Gizli dosya ayarları yeniden yapılandırılıyor"
nret31=geekside.Run("cmd /C reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\ /v amva /f",0,TRUE)
nret32=geekside.Run("cmd /C reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\ /v avpo /f",0,TRUE)
nret68=geekside.Run("cmd /C reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\ /v avpa /f",0,TRUE)
nret33=geekside.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\ /v Hidden /t REG_DWORD /d 1 /f",0,TRUE)
nret43=geekside.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\ /v SuperHidden /t REG_DWORD /d 1 /f",0,TRUE)
nret44=geekside.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\ /v ShowSuperHidden /t REG_DWORD /d 1 /f",0,TRUE)
nret45=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Advanced\ /v Hidden /t REG_DWORD /d 1 /f",0,TRUE)
nret46=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Advanced\ /v SuperHidden /t REG_DWORD /d 1 /f",0,TRUE)
nret47=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Advanced\ /v ShowSuperHidden /t REG_DWORD /d 1 /f",0,TRUE)
nret34=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\NOHIDDE N\ /v CheckedValue /t REG_DWORD /d 2 /f",0,TRUE)
nret35=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\NOHIDDE N\ /v DefaultValue /t REG_DWORD /d 2 /f",0,TRUE)
nret36=geekside.Run("cmd /C reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\SHOWALL \ /v CheckedValue /f",0,TRUE)
nret37=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\SHOWALL \ /v CheckedValue /t REG_DWORD /d 1 /f",0,TRUE)
nret38=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\SHOWALL \ /v DefaultValue /t REG_DWORD /d 2 /f",0,TRUE)
nret39=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\SuperHidden\ /v CheckedValue /t REG_DWORD /d 0 /f",0,TRUE)
nret40=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\SuperHidden\ /v DefaultValue /t REG_DWORD /d 0 /f",0,TRUE)
nret48=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\ /v Type /t REG_SZ /d Group /f",0,TRUE)
nret49=geekside.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\ /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f",0,TRUE)
nret50=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Explorer\ /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f",0,TRUE)
nret61=geekside.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\ /v NoFolderOptions /t REG_DWORD /d 0 /f",0,TRUE)
nret62=geekside.Run("cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\ /v NoFolderOptions /t REG_DWORD /d 0 /f",0,TRUE)
nret63=geekside.Run("cmd /C reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System\ /v DisableRegistryTools /t REG_DWORD /d 0 /f",0,TRUE)
nret78=geekside.Run("cmd /C taskkill /f /im explorer.exe",0,TRUE)
nret79=geekside.Run("cmd /C start explorer.exe",0,TRUE)
nret15=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\amvo*.*",0,TRUE)
nret16=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\avpo*.*",0,TRUE)
nret20=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\help.exe.tmp",0,TRUE)
nret56=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\semo*.*.*",0,TRUE)
nret60=geekside.Run("cmd /C attrib -s -h -r c:\windows\system32\semo*.*",0,TRUE)
nret23=geekside.Run("cmd /C del /f c:\windows\system32\amvo*.*",0,TRUE)
nret24=geekside.Run("cmd /C del /f c:\windows\system32\avpo*.*",0,TRUE)
nret57=geekside.Run("cmd /C del /f c:\windows\system32\semo*.*.*",0,TRUE)
nret59=geekside.Run("cmd /C del /f c:\windows\system32\semo*.*",0,TRUE)
For Each objDrive in colDrives
If objDrive.IsReady = True Then
For X=0 to UBound(Lista)
nret=geekside.Run("cmd /C attrib -s -h -r "&objDrive.DriveLetter&":\"&Lista(X)&"",0,TRUE )
nret=geekside.Run("cmd /C cd \ & del "&objDrive.DriveLetter&":\" &Lista(X)& "/f /q /a",0,TRUE)
Next
End If
Next
WScript.Echo "Tebrikler! Bilgisayarınız amvo virüsü ve onun türevleri olan tüm pisliklerden temizlenmiştir."
WScript.Echo "Güle Güle"
WScript.Echo "Gizliliğini değiştiremediğiniz dosya olursa attribute changer programını kullanın."
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Farklı bir metot
bu sefer doyanın uzantısını ".bat" yapın
----------------------------------
@COLOR 0A
@Title Virus Temizleyici.
@echo Genel temizlik esnasinda
@echo Lutfen islemin tamamlanmasini bekleyin
@echo -------
@echo OFF
taskkill /im explorer.exe /f
taskkill /im bittorrent.exe /f
taskkill /im wscript.exe
taskkill /im activexdebugger32.exe /f
start reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\EXp lorer\Advanced /v ShowSuperHidden /t REG_DWORD /d 1 /f
start reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\EXp lorer\Advanced /v Hidden /t REG_DWORD /d 1 /f
start reg import kill.reg
cd\
attrib -h -r -s fooool.exe
attrib -h -r -s autorun.inf
attrib -h -r -s bittorrent.exe
attrib -h -r -s sxs.exe
attrib -h -r -s copy.exe
attrib -h -r -s command.exe
attrib -h -r -s msvcr71.dll
attrib -h -r -s ie.exe
attrib -h -r -s copy.exe
attrib -h -r -s r6r.exe
attrib -h -r -s autorun.vbs
attrib -h -r -s WSscript.exe
del autorun.inf
del r6r.exe
del bittorrent.exe
del sxs.exe
del fooool.exe
del c:\windows\bittorrent.exe
del copy.exe
del command.exe
del ravmonlog
del msvcr71.dll
del ie.exe
del copy.exe
del autorun.vbs
del WSscript.exe
del winfile.exe
del WSscript.exe
del autorun.vbs.exe
cd windows
cd system32
attrib -h -r -s activexdebugger32.exe
del activexdebugger32.exe
attrib -h -r -s amvo.exe
attrib -h -r -s amvo0.dll
del amvo.exe
del amvo0.dll
d:
attrib -h -r -s fooool.exe
attrib -h -r -s autorun.inf
attrib -h -r -s bittorrent.exe
attrib -h -r -s sxs.exe
attrib -h -r -s copy.exe
attrib -h -r -s command.exe
attrib -h -r -s msvcr71.dll
attrib -h -r -s ie.exe
attrib -h -r -s copy.exe
attrib -h -r -s autorun.vbs
attrib -h -r -s WSscript.exe
attrib -h -r -s r6r.exe
del r6r.exe
del autorun.inf
del bittorrent.exe
del fooool.exe
del sxs.exe
del copy.exe
del command.exe
del ravmonlog
del msvcr71.dll
del ie.exe
del copy.exe
del autorun.vbs
del WSscript.exe
del WSscript.exe
del autorun.vbs.exe
del winfile.exe
e:
attrib -h -r -s autorun.inf
attrib -h -r -s bittorrent.exe
attrib -h -r -s sxs.exe
attrib -h -r -s fooool.exe
attrib -h -r -s copy.exe
attrib -h -r -s command.exe
attrib -h -r -s msvcr71.dll
attrib -h -r -s ie.exe
attrib -h -r -s copy.exe
attrib -h -r -s r6r.exe
attrib -h -r -s autorun.vbs
attrib -h -r -s WSscript.exe
del autorun.inf
del r6r.exe
del bittorrent.exe
del sxs.exe
del fooool.exe
del copy.exe
del command.exe
del ravmonlog
del msvcr71.dll
del ie.exe
del copy.exe
del autorun.vbs
del WSscript.exe
del WSscript.exe
del autorun.vbs.exe
del winfile.exe
f:
attrib -h -r -s autorun.inf
attrib -h -r -s fooool.exe
attrib -h -r -s bittorrent.exe
attrib -h -r -s sxs.exe
attrib -h -r -s copy.exe
attrib -h -r -s command.exe
attrib -h -r -s msvcr71.dll
attrib -h -r -s ie.exe
attrib -h -r -s copy.exe
attrib -h -r -s r6r.exe
attrib -h -r -s autorun.vbs
attrib -h -r -s WSscript.exe
attrib -h -r -s r6r.exe
del autorun.inf
del r6r.exe
del fooool.exe
del bittorrent.exe
del sxs.exe
del copy.exe
del command.exe
del ravmonlog
del msvcr71.dll
del ie.exe
del copy.exe
del autorun.vbs
del WSscript.exe
del WSscript.exe
del autorun.vbs.exe
del winfile.exe
g:
attrib -h -r -s autorun.inf
attrib -h -r -s fooool.exe
attrib -h -r -s bittorrent.exe
attrib -h -r -s sxs.exe
attrib -h -r -s r6r.exe
attrib -h -r -s copy.exe
attrib -h -r -s command.exe
attrib -h -r -s msvcr71.dll
attrib -h -r -s ie.exe
attrib -h -r -s copy.exe
attrib -h -r -s autorun.vbs
attrib -h -r -s WSscript.exe
del autorun.inf
del bittorrent.exe
del sxs.exe
del r6r.exe
del fooool.exe
del copy.exe
del command.exe
del ravmonlog
del msvcr71.dll
del ie.exe
del copy.exe
del autorun.vbs
del WSscript.exe
del WSscript.exe
del autorun.vbs.exe
del winfile.exe
h:
attrib -h -r -s autorun.inf
attrib -h -r -s bittorrent.exe
attrib -h -r -s sxs.exe
attrib -h -r -s r6r.exe
attrib -h -r -s fooool.exe
attrib -h -r -s copy.exe
attrib -h -r -s command.exe
attrib -h -r -s msvcr71.dll
attrib -h -r -s ie.exe
attrib -h -r -s copy.exe
attrib -h -r -s autorun.vbs
attrib -h -r -s WSscript.exe
del autorun.inf
del bittorrent.exe
del sxs.exe
del copy.exe
del r6r.exe
del command.exe
del ravmonlog
del msvcr71.dll
del fooool.exe
del ie.exe
del copy.exe
del autorun.vbs
del WSscript.exe
del WSscript.exe
del autorun.vbs.exe
del winfile.exe
i:
attrib -h -r -s autorun.inf
attrib -h -r -s bittorrent.exe
attrib -h -r -s fooool.exe
attrib -h -r -s sxs.exe
attrib -h -r -s r6r.exe
attrib -h -r -s copy.exe
attrib -h -r -s command.exe
attrib -h -r -s msvcr71.dll
attrib -h -r -s ie.exe
attrib -h -r -s copy.exe
attrib -h -r -s autorun.vbs
attrib -h -r -s WSscript.exe
del autorun.inf
del bittorrent.exe
del sxs.exe
del r6r.exe
del fooool.exe
del copy.exe
del command.exe
del ravmonlog
del msvcr71.dll
del ie.exe
del copy.exe
del autorun.vbs
del WSscript.exe
del winfile.exe
CLS
start explorer.exe
pause: Virusler silindi...
Unutmayın bunu yalnızca bir defa kullanmanız yeterli. Hazırlayan arkadaşlara Teşekkür ederim...