蠕虫病毒的杀毒程序的源码

重剑无锋

管理员

Rank: 18

UID: 1
积分: 1998
活跃度: 3658

发短消息
加为好友
当前离线

楼主大中小发表于 2008-8-16 10:18 只看该作者

蠕虫病毒的杀毒程序的源码

'>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>By CaoHai 2002.12.1>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
'>>>>>>>>>>>>>>>>> This 2 Strings are character strings of that virus >>>>>>>>>>>>>>>>>>>>>>>>
Dim HtmlText, HtmlTextR, FSO, WSH, WinPath,FilesNum,VirusNum
HtmlText = "<" & "script language=vbscript>" & vbCrLf & "document.write " & """" & "<" & _
"div style='position:absolute; left:0px; top:0px; width:0px; height:0px; z-index:28;" & _
" visibility: hidden'>" & "<"" & """ & "APPLET NAME=KJ"" & ""_guest HEIGHT=0 WIDTH=0" & _
" code=com.ms.""&""activeX.Active""&""XComponent>"
HtmlTextR ="<" & "BODY onload=""" & "vbscript:" & "KJ_start()""" & ">"
'>>>>>>>>>>>>>>>>> Start Here >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Main
'>>>>>>>>>>>>>>>> Subs&Functions >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Sub Main()
Set FSO = CreateObject("Scripting.FileSystemObject")
Set WSH = CreateObject("WScript.Shell")
WinPath = FSO.GetSpecialFolder(0) & "\"
FilesNum=0
VirusNum=0
StrMsg = "This program will kill all KJ-Virus in your computer,"
StrMsg = StrMsg & vbCrLf & " but you have to shut other programs and wait"
StrMsg = StrMsg & " several minutes Untill he says OK!" & vbCrLf & "Would you like to Contine?"

Go = MsgBox(StrMsg, vbYesNo + vbInformation, "CaoHai")
If Go = vbNo Then WScript.Quit
DefaultPath = Left(WScript.ScriptFullName,Len(WScript.ScriptFullName)-Len(WScript.ScriptName))
StrMsg = "Please input The path you want to scan then press OK or Press CANCEL to scan all drives."
RecoverPath = InputBox(StrMsg,"CaoHai",DefaultPath)
WScript.Echo "Be patient, scanning...."
If Len(RecoverPath)>2 Then
RecoverFolder RecoverPath
DelRegistry
      DelAllHiden
Else
RecoverAll
End If
StrMsg = "Scan was finished!"
StrMsg = StrMsg & vbCrlf & "Scaned Files: " & FilesNum & vbCrlf & "Killed Virus: " & VirusNum
WScript.Echo StrMsg
WScript.Quit
End Sub
'_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
'_-_-_-_-_-_-_ Kill all virus on disks _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
Sub RecoverAll()
DelRegistry
DelAllHiden
Set Drives = FSO.Drives
Floppy = MsgBox("Would you like to Kill virus on Floppy(A:\)?", _
vbYesNo + vbQuestion, "CaoHai")
If Floppy = vbYes Then
      Set DiskA = FSO.GetDrive("A:")
      If DiskA.IsReady Then
         RecoverFolder "A:\"
      Else
         MsgBox "Floppy(A:\) is Not Ready!" & vbCrLf & _
"It will be Skipped!", vbOKOnly + vbCritical, "CaoHai"
      End If
Else
      MsgBox "Please Take Out your Floppy Disk and Press OK", _
vbOKOnly + vbInformation, "CaoHai"
End If
For Each TempDrive In Drives
      On Error Resume Next
      If TempDrive.DriveType = 2 Then
         CurDrive = TempDrive.DriveLetter & ":\"
         RecoverFolder CurDrive
      End If
Next
DelRegistry
DelAllHiden
End Sub
'_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
'_-_-_-_-_-_-_-_Kill all virus in Folders_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
Sub RecoverFolder(CurPath)
'DelDesktop (CurPath)
On Error Resume Next
RecoverFile (CurPath)
Set TempFolder = FSO.GetFolder(CurPath)
For Each TempSubFolder In TempFolder.SubFolders
      RecoverFolder TempSubFolder.Path
Next
End Sub
'_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
'_-_-_-_-_-_-_-_ Kill virus in a Folder _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Sub RecoverFile(CurPath)
Set TempFolder = FSO.GetFolder(CurPath)
For Each TempFile In TempFolder.Files
      TFileAttr = TempFile.Attributes
      TempFile.Attributes = 0
      ClearVirus TempFile
      TempFile.Attributes = TFileAttr
Next
End Sub
'_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
'_-_-_-_-_-_-_-_ Kill virus in a File _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Sub ClearVirus(CurFile)
FilesNum=FilesNum+1
If CurFile.Size<256 Then Exit Sub
FileExtName = UCase(FSO.GetExtensionName(CurFile.Name))
Select Case FileExtName
      Case "VBS"
         Set ReadTemp = FSO.OpenTextFile(CurFile.Path, 1)
         TempStr = ReadTemp.ReadAll
         ReadTemp.Close
         VirusPos = InStr(TempStr, "ExeString = ")
         If VirusPos > 0 And Right(TempStr, 10) = "KJ_start()" Then
            Set WriteTemp = FSO.OpenTextFile(CurFile.Path, 2)
            TempStr = Left(TempStr, VirusPos - 1)
            WriteTemp.Write TempStr
            WriteTemp.Close
            VirusNum=VirusNum+1
         End If
      Case "HTT"
         If (FSO.FileExists("CHKill.txt")) Then
            FSO.CopyFile "CHKill.txt", CurFile.Path
            Exit Sub
         End If
         Set ReadTemp = FSO.OpenTextFile(CurFile.Path, 1)
         TempHead = ReadTemp.ReadLine
         TempStr = ReadTemp.ReadAll
         ReadTemp.Close
      VirusPos = InStr(TempStr, HtmlText)
         If VirusPos > 0 And InStr(TempHead, "vbscript:KJ_start()") > 0 Then
            Set WriteTemp = FSO.OpenTextFile(CurFile.Path, 2)
            TempStr = Left(TempStr, VirusPos - 1)
            WriteTemp.Write TempStr
'WriteTemp.WriteLine ""
            WriteTemp.Close
            VirusNum=VirusNum+1
         End If
         CurFile.Attributes = 3
         FSO.CopyFile CurFile.Path, "CHKill.txt"
      Case "HTM", "HTML", "ASP", "PHP", "JSP"
         Set ReadTemp = FSO.OpenTextFile(CurFile.Path, 1)
         TempStr = ReadTemp.ReadAll
         ReadTemp.Close
         VirusPos = InStr(TempStr, HtmlTextR)
         If VirusPos > 0 Then
            Set WriteTemp = FSO.OpenTextFile(CurFile.Path, 2)
            TempStr = Left(TempStr, VirusPos - 1)
            WriteTemp.Write TempStr
            'WriteTemp.WriteLine ""
            WriteTemp.Close
            VirusNum=VirusNum+1
         End If
End Select
End Sub
'_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
'_-_-_-_-_-_-_-_ Dlete All Hiden Virus Files _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Sub DelAllHiden()
ShareFile = Left(WinPath, 3)
ShareFile = ShareFile & "Program Files\Common Files\Microsoft Shared\Stationery\blank.htm"
StationeryFile = Left(WinPath, 3)
StationeryFile = StationeryFile & "Program Files\Common Files\Microsoft"
StationeryFile = StationeryFile & "Shared\Stationery\Folder.htt"

If (FSO.FileExists(ShareFile)) Then
      FSO.DeleteFile ShareFile, True
End If
If (FSO.FileExists(WinPath & "system32\kjwall.gif")) Then
      FSO.DeleteFile WinPath & "system32\kjwall.gif", True
End If
If (FSO.FileExists(WinPath & "SYSTEM\Kernel.dll")) Then
      FSO.DeleteFile WinPath & "SYSTEM\Kernel.dll", True
End If
If (FSO.FileExists(WinPath & "SYSTEM\Kernel32.dll")) Then
      If Not (FSO.FileExists(WinPath & "WScript.exe")) Then
         FSO.DeleteFile WinPath & "SYSTEM\Kernel32.dll", True
      End If
End If
If (FSO.FileExists(StationeryFile)) Then
      FSO.DeleteFile StationeryFile, True
End If
If (FSO.FileExists("CHKill.txt")) Then
      FSO.DeleteFile "CHKill.txt", True
End If
End Sub

'_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
'_-_-_-_-_-_-_-_ Delete All Keys of virus _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Sub DelRegistry()
On Error Resume Next
WSH.RegDelete "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Kernel32"
WSH.RegDelete "HKEY_CLASSES_ROOT\.dll\"
WSH.RegDelete "HKEY_CLASSES_ROOT\dllFile\Shell\Open\"
WSH.RegDelete "HKEY_CLASSES_ROOT\dllFile\ShellEx\PropertySheetHandlers\WSHProps\"
WSH.RegDelete "HKEY_CLASSES_ROOT\dllFile\ScriptHostEncode\"
DefaultId = WSH.RegRead("HKEY_CURRENT_USER\Identities\Default User ID")
OutLookVersion = WSH.RegRead("HKEY_LOCAL_MACHINE\Software\Microsoft\Outlook Express\MediaVer")
WSH.RegDelete "HKEY_CURRENT_USER\Identities\" & DefaultId & "\Software\Microsoft\Outlook Express\" & _
Left(OutLookVersion, 1) & ".0\Mail\Compose Use Stationery"
WSH.RegDelete "HKEY_CURRENT_USER\Identities\" & DefaultId & "\Software\Microsoft\Outlook Express\" & _
Left(OutLookVersion, 1) & ".0\Mail\Stationery Name"
WSH.RegDelete "HKEY_CURRENT_USER\Identities\" & DefaultId & "\Software\Microsoft\Outlook Express\" & _
Left(OutLookVersion, 1) & ".0\Mail\Wide Stationery Name"
WSH.RegDelete "HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Outlook\Options\Mail\EditorPreference"
WSH.RegDelete "HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging Subsystem\Profiles\" & _
"Microsoft Outlook Internet Settings\0a0d020000000000c000000000000046\001e0360"
WSH.RegDelete "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\" & _
"Profiles\Microsoft Outlook Internet Settings\0a0d020000000000c000000000000046\001e0360"
WSH.RegDelete "HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook\Options\Mail\EditorPreference"
WSH.RegDelete "HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Common\MailSettings\NewStationery"
WSH.RegDelete "HKEY_LOCAL_MACHINE\Software\Microsoft\Outlook Express\Degree"
End Sub
'_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
'_-_-_-_-_-_-_-_ Delete All Desktop.ini  _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
Sub DelDesktop(CurPath)
CurPathD = CurPath
If Right(CurPathD, 1) <> "\" Then CurPathD = CurPath & "\"
If CurPathD = WinPath Or CurPath = WinPath & "System\" Or CurPath = WinPath & "System32\" Then
      Exit Sub
End If
CurPathD = CurPathD & "Desktop.ini"
If FSO.FileExists(CurPathD) Then
      FSO.DeleteFile CurPathD, True
End If
End Sub
'_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
'>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>By CaoHai 2002.12.1>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

TOP

‹‹ 上一主题 | 下一主题 ››