最近好多电脑中了U盘病毒，把U盘上所有正常文件夹隐藏，然后用病毒自己的程序充当文件夹，引起电脑运行缓慢，不能用注册表、任务管理器，感兴趣的朋友可以尝试一下这个批处理方法...

将以下内容另存文.bat批处理文档。运行试一下！

@REM -------------------------------------------------------------------------------------------------

@ECHO OFF
@REM VIRUS MAIN PROGRAM FILE'S NAME IS "RUNOUCE.EXE"
ECHO KILLING VIRUS MAIN PROGRAM IN MEMORY...
SET VIRUSPROG=RUNOUCE.EXE
SET VIRUSFILE=%SYSTEMROOT%\SYSTEM32\%VIRUSPROG%

TASKLIST | FIND /I "%VIRUSPROG%"

IF %ERRORLEVEL% GEQ 1 (GOTO NOVIRUS)

:FINDVIRUS
TASKKILL /F /IM "%VIRUSPROG%" /T
TASKLIST | FIND /I "%VIRUSPROG%"
IF %ERRORLEVEL% EQU 0 ( GOTO FINDVIRUS ) ELSE ( GOTO KILLEDVIRUS )

:KILLEDVIRUS
ECHO VIRUS IN MEMORY KILLED!
ECHO NOW DELETING THE VIRUS FILES:
GOTO DELETEFILE

:NOVIRUS
ECHO THERE'S NO VIRUS IN YOUR MACHINE!
GOTO END

:DELETEFILE
ECHO DELETING VIRUS MAIN PROGRAM FILE AND EMAILS CREATED BY VIRUS...

@REM DELETE MAIN VIRUS PROGRAM FILE
ATTRIB -R -S -H %VIRUSFILE%
DEL %VIRUSFILE%

@REM DELETE EMAIL FILE.
SET FILENAME=%PROGRAMFILES%\COMMON FILES\MICROSOFT SHARED\STATIONERY\README.EML
IF EXIST %FILENAME% DEL %FILENAME%
SET FILENAME=%PROGRAMFILES%\COMMON FILES\SYSTEM\ADO\README.EML
IF EXIST %FILENAME% DEL %FILENAME%
SET FILENAME=%PROGRAMFILES%\NETMEETING\README.EML
IF EXIST %FILENAME% DEL %FILENAME%

ECHO REPAIRE REGISTRY:
ECHO ENABLING SYSTEM TASK MANAGER...
REG DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system /V DisableTaskMgr /F
ECHO ENABLING SYSTEM REGISTRY TOOLS...
REG DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system /V DisableRegistryTools /F
ECHO DELETE VIRUS REGISTRY ...
REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Runonce /F

ECHO "DONE!"

:END
PAUSE

注意：该批处理只删除在系统盘\Windows\System32下的病毒主程序，和几个附加的email，不能删除优盘上的病毒。