#include <windows.h>
BOOL DELU()
{
UINT revtype;
HANDLE hFile;
DWORD dwread;
int j,n,q;
BOOL retu;
char buff[256];
char name[256] = "h:\\";
char sname[256] = "h:\\autorun.inf" ;
for (BYTE i=0x41; i < 0x5b; i++) //遍历所有盘符,从“A”到“Z”
{
name[0] = i;
revtype = GetDriveType(name); //取得盘符类型
if (DRIVE_REMOVABLE == revtype) //如果是移动盘符
{
sname[0] = name[0]; //改变字符数组的第一个字母,也即盘符
SetFileAttributes(sname, FILE_ATTRIBUTE_NORMAL); //设置autorun.inf文件属性为正常,方便删除
cout<< "找到移动设备,盘符为:" <<name[0]<<endl;
hFile = CreateFile(sname, //打开找到的autorun.inf文件
GENERIC_READ,
FILE_SHARE_READ,
NULL, OPEN_EXISTING,
FILE_ATTRIBUTE_ARCHIVE,
NULL);
ReadFile(hFile, &buff, strlen(buff), &dwread, NULL); //读取autorun.inf文件的内容放到buff中
CloseHandle(hFile);
retu = DeleteFile(sname);
if (retu)
{
cout<< "autorun.inf文件已经删除成功!" <<endl;
}
for (j = 0; buff[j] >= 1 && buff[j] <= 122; j++) //截断放入到buff中的数据,得到inf文件内容
{
if (buff[j-3] == 'E' && buff[j-2] == 'X' && buff[j-1] == 'E') //如果发现是EXE,就停下来,并且结束字符串
{
buff[j] = 0x00; //0x00表示字符串结束标志
break ;
}
}
n = j;
while ((buff[n] != '=') && (n > 9)) //从缓冲区后面开始找等号
{
n-=1;
}
for (j = n+1, q = 3; buff[j]; j++,q++) //上面一个for和while实现了找出木马完整路径,下面的把该路径赋值给name数组
{
name[q] = buff[j];
}
name[q] = 0x00;
SetFileAttributes(name, FILE_ATTRIBUTE_NORMAL);
retu = FALSE;
retu = DeleteFile(name);
if (retu)
{
cout<<name<< "文件已经删除!" <<endl;
}
cout<< "扫描结束!" <<endl;
}
}
return true ;
}
int main()
{
cout<< "U盘病毒专杀!" <<endl;
cout<< "-------by wiliwiin" <<endl;
BOOL Bret;
Bret = DELU();
return 0;
}
本文转自wiliiwin 51CTO博客,原文链接:http://blog.51cto.com/wiliiwin/222098