Code Snippet: Quick Virus Removal

USB Flashdrives are the most common medium of viral transport. If you normally take your Flashdrive to school or work, you shouldn't be surprised if you see hundreds of anti-virus alerts once you plug it in your system.

But what if you don't have an anti-virus installed?

A common method is to use a batch file. A batch file (.bat) is a script written using a plain text editor and executed through the command line. There are thousands of virus removal batch files available on the internet, but not all of them work. I've found a pretty reliable one, and you can use it whenever you feel like your system is infested with viruses.

Here's the script:

@echo Modified by Gigz Acelajado ---- gigz09@gmail.com
@echo Definition: 02.22.08
path %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;

Color 1F

tskill bar311
tskill blastcln
tskill mveo
tskill password_viewer
tskill photos
tskill sscviihost
tskill services
tskill silentsoftech
tskill smss
tskill wscript

taskkill /f /im awkeygen.exe
taskkill /f /im boot.exe
taskkill /f /im calc.exe
taskkill /f /im ccprxy.exe
taskkill /f /im ctfmon.exe
taskkill /f /im exp1orer.exe
taskkill /f /im exiplorer.exe
taskkill /f /im "Funny UST Scandal.avi.exe"
taskkill /f /im iexp1ore.exe
taskkill /f /im iexplore.exe
taskkill /f /im iloveher.exe
taskkill /f /im jay.exe
taskkill /f /im killer.exe
taskkill /f /im knight.exe
taskkill /f /im krag.exe
taskkill /f /im ld.exe
taskkill /f /im netsvcs.exe
taskkill /f /im "new document.exe"
taskkill /f /im "new folder.exe"
taskkill /f /im pet32.exe
taskkill /f /im ravmone.exe
taskkill /f /im scvhosts.exe
taskkill /f /im scvshosts.exe
taskkill /f /im scvvhsot.exe
taskkill /f /im SecretStub.exe
taskkill /f /im spoclsv.exe
taskkill /f /im sscvihost.exe
taskkill /f /im svchosl.exe
taskkill /f /im svhost.exe
taskkill /f /im svhost32.exe
taskkill /f /im svohost.exe
taskkill /f /im svshost.exe
taskkill /f /im vhost.exe
taskkill /f /im wmiprvse.exe

Color 4F

REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableRegistryTools /t REG_DWORD /d 0 /f > nul
REG add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableRegistryTools /t REG_DWORD /d 0 /f > nul
REG delete "HKCU\Software\BARRY" /f >nul

REG add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Userinit" /t reg_sz /d "%SystemRoot%\system32\userinit.exe," /f >nul
REG delete "HKCU\Software\Microsoft\Command Processor" /v "autorun" /f >nul
REG delete "HKLM\Software\Microsoft\Command Processor" /v "autorun" /f >nul

echo.

rd /q /s c:\docume~1\admini~1\mydocu~1\ratedr~1
cd %userprofile%
del /f /a wintask.exe
cd..
cd alluse~1\startm~1\programs\startup
del /f /a lsass.exe
cd %userprofile%\startm~1\programs\startup
del /f /a ctfmon.exe
del startu~1.com
cd %userprofile%\applic~1\micros~1\intern~1\quickl~1
del intern~1.lnk
cd %userprofile%\locals~1\applic~1
del jalak-~1.com
rd /q /s dv6116~1
cd\docume~1\anggra~1\locals~1\applic~1
del jalak-~1.com
rd /q /s dv6156~1
cd\docume~1\locals~1\locals~1\applic~1
del jalak-~1.com
rd /q /s dv6191~1
rd /q /s dv6333~1
cd\docume~1\admini~1.use\locals~1\applic~1
del jalak-~1.com
rd /q /s dv6211~1
cd %userprofile%\locals~1\temp
del winlogon.exe
cd\progra~1\common~1\micros~1\msinfo

del /f /a c:\docume~1\admini~1\wintask.exe
del /f /a c:\docume~1\admini~1\templa~1\ld.exe
del /f /a c:\docume~1\admini~1\templa~1\ldup.exe
del /f /a c:\docume~1\admini~1\mydocu~1\myfold~1.com
del /f /a c:\docume~1\admini~1\mydocu~1\ratedr~1
del /f /a c:\docume~1\admini~1\mydocu~1\ratedr~1.com
del /f /a c:\docume~1\alluse~1\startm~1\programs\startup\dllhost.com

del /f /a exp1orer.exe
del /f /a noteped.exe
del /f /a redelbat.bat

del /f /a c:\aikelyu.html
del /f /a c:\iloveher.exe
del /f /a c:\SilentSoftecth.exe

del /f /a c:\FLEXLM\awkeygen.exe



del /f /a %windir%\_defau~1.pif
del /f /a %windir%\autorun.*
del /f /a %windir%\bar311.exe
del /f /a %windir%\FS6519.dll.vbs
del /f /a %windir%\funnyu~1.exe
del /f /a %windir%\iloveher.exe
del /f /a %windir%\infrom.dat
del /f /a %windir%\j6154022.exe
del /f /a %windir%\killer.exe
del /f /a %windir%\knight.exe
del /f /a %windir%\krag.exe
del /f /a %windir%\ld.exe
del /f /a %windir%\ldjs.txt
del /f /a %windir%\ldlist.txt
del /f /a %windir%\ldup.exe
del /f /a %windir%\lsass.exe
del /f /a %windir%\lsasse~1.exe
del /f /a %windir%\maskrider2001.vbs
del /f /a %windir%\mdm.exe
del /f /a %windir%\ms32dll.dll.vbs
del /f /a %windir%\ms.config`.exe
del /f /a %windir%\ntkros.dll
del /f /a %windir%\ntsys.exe
del /f /a %windir%\o4154027.exe
del /f /a %windir%\passwo~1.exe
del /f /a %windir%\pc-off.bat
del /f /a %windir%\photos~1.exe
del /f /a %windir%\ravmone.exe
del /f /a %windir%\scvvhsot.exe
del /f /a %windir%\services.exe
del /f /a %windir%\SecretStub.exe
del /f /a %windir%\smss.exe
del /f /a %windir%\sscviihost.exe
del /f /a %windir%\svchost.exe
del /f /a %windir%\svchost.ini
del /f /a %windir%\sy.exe
del /f /a %windir%\ttms*.dll.vbs
del /f /a %windir%\winlogon.exe
del /f /a %windir%\svhost.exe
del /f /a %windir%\svhost32.exe

del /f /a %windir%\system\111.exe
del /f /a %windir%\system\desktrukto.vbs
del /f /a %windir%\system\lsass.exe
del /f /a %windir%\system\svchosl.exe
del /f /a %windir%\system\svchost.exe
del /f /a %windir%\system\svchost32.exe
del /f /a %windir%\system\ymworm.exe

del /f /a %windir%\system32\__.*
del /f /a %windir%\system32\_exp1orer.exe
del /f /a %windir%\system32\_noteped.exe
del /f /a %windir%\system32\alecks.*
del /f /a %windir%\system32\autorun*.*
del /f /a %windir%\system32\amvo.exe
del /f /a %windir%\system32\amvo0.dll
del /f /a %windir%\system32\amvo1.dll
del /f /a %windir%\system32\avpo*.*
del /f /a %windir%\system32\azkaban.*
del /f /a %windir%\system32\blastclnnn.exe
del /f /a %windir%\system32\ccprxy.exe
del /f /a %windir%\system32\crss.exe
del /f /a %windir%\system32\destrukto.*
del /f /a %windir%\system32\dismgnt.exe
del /f /a %windir%\system32\dllhost.com
del /f /a %windir%\system32\dnscon70.dll
del /f /a %windir%\system32\exiplorer.exe
del /f /a %windir%\system32\explorer.vbs
del /f /a %windir%\system32\explorer.exe
del /f /a %windir%\system32\homepage.html
del /f /a %windir%\system32\imgkulot.*
del /f /a %windir%\system32\isass.exe
del /f /a %windir%\system32\kavo.exe
del /f /a %windir%\system32\kavo0.dll
del /f /a %windir%\system32\kavo1.dll
del /f /a %windir%\system32\kernel~1.vbs
del /f /a %windir%\system32\kernell.dll.vbs
del /f /a %windir%\system32\kulitut.*
del /f /a %windir%\system32\mgrShell.exe
del /f /a %windir%\system32\mma.bat
del /f /a %windir%\system32\mma.reg
del /f /a %windir%\system32\mma.vbs
del /f /a %windir%\system32\mstcpcon20.dll
del /f /a %windir%\system32\mveo.exe
del /f /a %windir%\system32\netmanage.dll
del /f /a %windir%\system32\netsvcs.exe
del /f /a %windir%\system32\netused.dll
del /f /a %windir%\system32\ntkros.dll
del /f /a %windir%\system32\ntsys.exe
del /f /a %windir%\system32\ofcpfwsvcs.exe
del /f /a %windir%\system32\S2pidwaraynon.html
del /f /a %windir%\system32\scvhost.exe
del /f /a %windir%\system32\scvhosts.exe
del /f /a %windir%\system32\scvshosts.exe
del /f /a %windir%\system32\scvvhsot.exe
del /f /a %windir%\system32\setting.ini
del /f /a %windir%\system32\silent~1.exe
del /f /a %windir%\system32\sscvihost.exe
del /f /a %windir%\system32\sscviihost.exe
del /f /a %windir%\system32\ssvichosst.exe
del /f /a %windir%\system32\svshost.exe
del /f /a %windir%\system32\svohost.exe
del /f /a %windir%\system32\test.*
del /f /a %windir%\system32\vhost.exe
del /f /a %windir%\system32\wincab.sys
del /f /a %windir%\system32\winkrnl.exe
del /f /a %windir%\system32\winscok.dll
del /f /a %windir%\system32\wmiprvse.exe
del /f /a %windir%\system32\wvcst.*
del /f /a %windir%\system32\x264~1.exe
del /f /a %windir%\system32\zllictbl.dat

del /f /a %windir%\system32\drivers\spoclsv.exe

rd /q /s %windir%\ac12594
rd /q /s %windir%\Ad22098
rd /q /s %windir%\an16554
rd /q /s %windir%\SY20118
rd /q /s %windir%\ugqe

del /f /a %windir%\setup\dllhost.com
rd /q /s %windir%\setup

rd /q /s %windir%\system\_sv_cmd_

rd /q /s %windir%\system32\n2847
rd /q /s %windir%\system32\n5619
rd /q /s %windir%\system32\n8127
rd /q /s %windir%\system32\s5421
rd /q /s %windir%\system32\s8787
rd /q /s %windir%\system32\s6939

rd /q /s %windir%\temp\_istmpi.dir

for %%i in (C D E F G H) do del /f /a %%i:\aikelyu.html
for %%i in (C D E F G H) do del /f /a %%i:\__.*
for %%i in (C D E F G H) do del /f /a %%i:\3g08.bat
for %%i in (C D E F G H) do del /f /a %%i:\3wcxx91.cmd
for %%i in (C D E F G H) do del /f /a %%i:\8ng8w.com
for %%i in (C D E F G H) do del /f /a %%i:\8ot8y86.exe
for %%i in (C D E F G H) do del /f /a %%i:\8u.com
for %%i in (C D E F G H) do del /f /a %%i:\adober.exe
for %%i in (C D E F G H) do del /f /a %%i:\alecks.*
for %%i in (C D E F G H) do del /f /a %%i:\autorun.*
for %%i in (C D E F G H) do del /f /a %%i:\azkaban.*
for %%i in (C D E F G H) do del /f /a %%i:\bacabr~1.txt
for %%i in (C D E F G H) do del /f /a %%i:\bar311.exe
for %%i in (C D E F G H) do del /f /a %%i:\boot.exe
for %%i in (C D E F G H) do del /f /a %%i:\copy.exe
for %%i in (C D E F G H) do del /f /a %%i:\d.com
for %%i in (C D E F G H) do del /f /a %%i:\desktop.exe
for %%i in (C D E F G H) do del /f /a %%i:\desktop.ini
for %%i in (C D E F G H) do del /f /a %%i:\destrukto.vbs
for %%i in (C D E F G H) do del /f /a %%i:\exiplorer.exe
for %%i in (C D E F G H) do del /f /a %%i:\exp1orer.exe
for %%i in (C D E F G H) do del /f /a %%i:\explorar.vbs
for %%i in (C D E F G H) do del /f /a %%i:\explorer.exe
for %%i in (C D E F G H) do del /f /a %%i:\folder.htt
for %%i in (C D E F G H) do del /f /a %%i:\funnyu~1.exe
for %%i in (C D E F G H) do del /f /a %%i:\FS6519.dll.vbs
for %%i in (C D E F G H) do del /f /a %%i:\g2p3s.exe
for %%i in (C D E F G H) do del /f /a %%i:\gwe(i~1.exe
for %%i in (C D E F G H) do del /f /a %%i:\h.cmd
for %%i in (C D E F G H) do del /f /a %%i:\h2.com
for %%i in (C D E F G H) do del /f /a %%i:\host.exe
for %%i in (C D E F G H) do del /f /a %%i:\iloveher.exe
for %%i in (C D E F G H) do del /f /a %%i:\ie.exe
for %%i in (C D E F G H) do del /f /a %%i:\imgkulot.*
for %%i in (C D E F G H) do del /f /a %%i:\infrom.exe
for %%i in (C D E F G H) do del /f /a %%i:\jay.exe
for %%i in (C D E F G H) do del /f /a %%i:\knight.exe
for %%i in (C D E F G H) do del /f /a %%i:\krag.exe
for %%i in (C D E F G H) do del /f /a %%i:\kragdor.log
for %%i in (C D E F G H) do del /f /a %%i:\kulitut.*
for %%i in (C D E F G H) do del /f /a %%i:\ldupver.txt
for %%i in (C D E F G H) do del /f /a %%i:\lsass.exe
for %%i in (C D E F G H) do del /f /a %%i:\maskrider2001.vbs
for %%i in (C D E F G H) do del /f /a %%i:\mma.bat
for %%i in (C D E F G H) do del /f /a %%i:\mma.reg
for %%i in (C D E F G H) do del /f /a %%i:\mma.vbs
for %%i in (C D E F G H) do del /f /a %%i:\MS32DLL.dll.vbs
for %%i in (C D E F G H) do del /f /a %%i:\msvcr71.dll
for %%i in (C D E F G H) do del /f /a %%i:\mswinsck.ocx
for %%i in (C D E F G H) do del /f /a %%i:\n1deiect.com
for %%i in (C D E F G H) do del /f /a %%i:\netsvcs.exe
for %%i in (C D E F G H) do del /f /a %%i:\newdoc~1.exe
for %%i in (C D E F G H) do del /f /a %%i:\newfol~1.exe
for %%i in (C D E F G H) do del /f /a %%i:\noteped.exe
for %%i in (C D E F G H) do del /f /a %%i:\ntde1ect.com
for %%i in (C D E F G H) do del /f /a %%i:\p3r1ud.exe
for %%i in (C D E F G H) do del /f /a %%i:\pet32.exe
for %%i in (C D E F G H) do del /f /a %%i:\poogs.vbs
for %%i in (C D E F G H) do del /f /a %%i:\pooh.vbs
for %%i in (C D E F G H) do del /f /a %%i:\ravmone.exe
for %%i in (C D E F G H) do del /f /a %%i:\ravmonlog
for %%i in (C D E F G H) do del /f /a %%i:\recycler.exe
for %%i in (C D E F G H) do del /f /a %%i:\rootfo~1.com
for %%i in (C D E F G H) do del /f /a %%i:\sender.vbs
for %%i in (C D E F G H) do del /f /a %%i:\sexvid~1.exe
for %%i in (C D E F G H) do del /f /a %%i:\scvhsot.exe
for %%i in (C D E F G H) do del /f /a %%i:\scvvhsot.exe
for %%i in (C D E F G H) do del /f /a %%i:\silent~1.exe
for %%i in (C D E F G H) do del /f /a %%i:\SilentSoftecth.exe
for %%i in (C D E F G H) do del /f /a %%i:\smss.exe
for %%i in (C D E F G H) do del /f /a %%i:\sqlserv.exe
for %%i in (C D E F G H) do del /f /a %%i:\SSCVIHOST.exe
for %%i in (C D E F G H) do del /f /a %%i:\SSCVIIHOST.exe
for %%i in (C D E F G H) do del /f /a %%i:\SSVICHOSST.exe
for %%i in (C D E F G H) do del /f /a %%i:\sxs.exe
for %%i in (C D E F G H) do del /f /a %%i:\t.exe
for %%i in (C D E F G H) do del /f /a %%i:\test.*
for %%i in (C D E F G H) do del /f /a %%i:\ttms*.dll.vbs
for %%i in (C D E F G H) do del /f /a %%i:\winconfig.dll.vbs
for %%i in (C D E F G H) do del /f /a %%i:\wsctf.exe
for %%i in (C D E F G H) do del /f /a %%i:\wvcst.*
for %%i in (C D E F G H) do del /f /a %%i:\x.com
for %%i in (C D E F G H) do del /f /a %%i:\xn1i9x.com
for %%i in (C D E F G H) do del /f /a %%i:\zelurm~1.exe
for %%i in (C D E F G H) do del /f /a %%i:\progra~1\intern~1\iexp1ore.exe
for %%i in (C D E F G H) do del /ah /ar /as %%i:\setup.exe
echo.

for %%i in (C D E F G H) do rd /q /s %%i:\$lddata$
for %%i in (C D E F G H) do rd /q /s %%i:\ms-dos
for %%i in (C D E F G H) do rd /q /s %%i:\ms.config
for %%i in (C D E F G H) do rd /q /s %%i:\msrm
for %%i in (C D E F G H) do rd /q /s %%i:\nt.config
for %%i in (C D E F G H) do rd /q /s %%i:\recycled
for %%i in (C D E F G H) do rd /q /s %%i:\rm
for %%i in (D E F G H) do rd /q /s %%i:\recycler\recycler
for %%i in (D E F G H) do rd /q /s %%i:\recycler
echo.

Color 7C

REG add "HKLM\Software\CLASSES\batfile\shell\edit\command" /ve /t reg_expand_sz /d "%SystemRoot%\System32\NOTEPAD.EXE %%1" /f >nul
REG add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t reg_sz /d "Explorer.exe" /f >nul
REG add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Userinit" /t reg_sz /d "%SystemRoot%\system32\userinit.exe," /f >nul
REG add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "LegalNoticeCaption" /t reg_sz /f >nul
REG add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "LegalNoticeText" /t reg_sz /f >nul


REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v "Hidden" /f >nul
REG add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /v "CheckedValue" /t reg_dword /d 1 /f >nul
REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableTaskMgr /t REG_DWORD /d 0 /f > nul
REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 1 /f >nul
REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoFind /t REG_DWORD /d 0 /f > nul
REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRun /t REG_DWORD /d 0 /f > nul
REG add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRun /t REG_DWORD /d 0 /f > nul
REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoFolderOptions /t REG_DWORD /d 0 /f >nul
REG add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoFolderOptions /t REG_DWORD /d 0 /f >nul
REG add "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v HomePage /t REG_DWORD /d 0 /f >nul
REG add "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /t reg_sz /d "http://www.google.com.ph/intl/en/" /f >nul

REM ----------------------------------------------------
REM [Hidden Value = [1 = Show, 2 = Hide Files (Default)]
REM ----------------------------------------------------
REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Hidden" /t reg_dword /d 1 /f >nul

REM ---------------------------------------------------------------------
REM [ShowSupperHidden Value = [1 = Show, 0 = Hide System Files (Default)]
REM ---------------------------------------------------------------------
REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowSuperHidden" /t reg_dword /d 1 /f >nul

REG delete "HKLM\Software\Microsoft\Windows\CurrentVersion" /v "RegisteredOrganization" /f >nul
REG delete "HKLM\Software\Microsoft\Windows\CurrentVersion" /v "RegisteredOwner" /f >nul
REG delete "HKLM\Software\Microsoft\Windows\CurrentVersion" /v "ProductId" /f >nul
REG delete "HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor\0" /v "ProcessorNameString" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /ve /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "{random}" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "ctfmon.exe" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "ampli" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "amva" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "avpa" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "ccPrxy.exe" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "Disk Knight" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "Explorer" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "EXPLORER.EXE" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "f1761gta" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Firewall auto setup" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "FS6519" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "kava" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "krag" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "Local Security Authority Service" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "maskrider" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "ms32dll" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "MSConfig" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "MSPetServ" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "N2328c" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "nav_x" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "nav_x" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "OfcpfwSvcs.exe" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "RavAV" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Runonce" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "S2pidwaraynon" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "scApp" /f
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "SilentSoftech" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "svchosl" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "svchost" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "svcshare" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "System File" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "Task Manager" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "winconfig" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "WindowNT" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "winlogon.exe" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "WinRun" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "wsctf.exe" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "y1860ace" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "Yahoo Messenger" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Yahoo Messengger" /f >nul

REG delete "HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" /f >nul
REG delete "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Window Title" /f >nul
REG delete "HKLM\SYSTEM\ControlSet001\Services\dnscon" /f >nul
REG delete "HKLM\SYSTEM\ControlSet001\Services\NetManager" /f >nul
REG delete "HKLM\SYSTEM\ControlSet001\Services\PmApiService" /f >nul
REG delete "HKLM\SYSTEM\ControlSet002\Services\dnscon" /f >nul
REG delete "HKLM\SYSTEM\ControlSet002\Services\NetManager" /f >nul
REG delete "HKLM\SYSTEM\ControlSet002\Services\PmApiService" /f >nul
REG delete "HKLM\SYSTEM\CurrentControlSet\Services\dnscon" /f >nul
REG delete "HKLM\SYSTEM\CurrentControlSet\Services\NetManager" /f >nul
REG delete "HKLM\SYSTEM\CurrentControlSet\Services\PmApiService" /f >nul
REG delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /v "N2328c" /f >nul
REG delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /v "N2373c" /f >nul
REG delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /v "PolicyRun" /f >nul
REG delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /v "y1860ace" /f >nul
REG delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /ve /f >nul

______________________________
Getting back the attributes.
______________________________
REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowSuperHidden" /t reg_dword /d 0 /f >nul
REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Hidden" /t reg_dword /d 2 /f >nul
REG add HCKU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v "HideFileExt" /t reg_dword /d 1 /f >nul
echo.

msg %username% /w /time:15 VIRUSES HAS BEEN REMOVED!!!
color 1E
echo.
@echo Thank You for Trusting and Using this Removal Tool
@echo GZX Computer Laboratory
@echo Computer Whiz
echo.
@echo Gigz Acelajado
@echo gigz09@gmail.com
@echo YM - gcace21
@echo _______________________________________________
@echo KK KK AA IIII ZZZZZ EEEEE RRRRR
@echo KK KK A A II ZZ EE RR R
@echo KKK AAAA II ZZ EEE RRRRR
@echo KK KK AA AA II ZZ EE RR RR
@echo KK kK AA AA IIII ZZZZZ EEEEE RR RR
@echo _______________________________________________
@echo Giancarlo Acelajado
@echo Kaizer Killer V1.8
@echo Definition: 02/22/08
pause

How to use the script
  1. Select the entire script by dragging your cursor from the first letter of the first line, to the last letter of the last line.
  2. Copy the selected script to clipboard (Ctrl + C).
  3. Open up Notepad, then paste (Ctrl + V).
  4. Save as a batch file by using .bat extension instead of .txt. (i.e., save as viruskiller.bat)
  5. Close Notepad, then execute the script (double-click the saved batch file, or access it via command line: go to Start Menu -> Run -> type in "cmd" (w/o the quotes) -> navigate to the location of the batch file (type in "cd [folder where the batch file is stored]" (w/o the quotes), hit Enter) -> type in the name of the batch file (i.e. viruskiller.bat) then hit Enter.
  6. The script will kill the most common USB-related viruses*, but don't rely on it solely. It won't remove all. We still prefer installing a reliable anti-virus .
What the script can't do
  • Totally eradicate all present spyware/malware;
  • Kill BIOS-related viruses;
  • Kill hardcoded viruses (viruses that came specifically with a program you manually installed as a poweruser/admin);
  • Kill new viruses;
  • and destroy viruses embedded in system files.
*Common USB Flash Drive viruses destroyed by the script
  • bar311.exe Virus (makes your PC slowdown; hides programs from running; reboots your PC when you access the command line - this virus has the yellow smiley icon)
  • Funny UST Scandal.avi.exe Virus
  • Ravmone.exe Virus
  • Krag.exe Virus
  • Knight.exe Virus (Disk Knight - the fake "USB" protection virus)
  • Iloveher.exe Virus
  • Passwordviewer.exe Virus
I found this script somewhere within Rapidshare, so I don't know the original source, although, the author appear to be Giancarlo Acelajado. Many thanks. ~ Francis