#include <windows.h>
BOOL DELU()
{
UINT revtype;
HANDLE hFile;
DWORD dwread;
int
j,n,q;
BOOL retu;
char
buff[256];
char
name[256] = "h:\\";
char
sname[256] =
"h:\\autorun.inf"
;
for
(BYTE i=0x41; i < 0x5b; i++)
//遍历所有盘符,从“A”到“Z”
{
name[0] = i;
revtype = GetDriveType(name);
//取得盘符类型
if
(DRIVE_REMOVABLE == revtype)
//如果是移动盘符
{
sname[0] = name[0];
//改变字符数组的第一个字母,也即盘符
SetFileAttributes(sname, FILE_ATTRIBUTE_NORMAL);
//设置autorun.inf文件属性为正常,方便删除
cout<<
"找到移动设备,盘符为:"
<<name[0]<<endl;
hFile = CreateFile(sname,
//打开找到的autorun.inf文件
GENERIC_READ,
FILE_SHARE_READ,
NULL, OPEN_EXISTING,
FILE_ATTRIBUTE_ARCHIVE,
NULL);
ReadFile(hFile, &buff, strlen(buff), &dwread, NULL);
//读取autorun.inf文件的内容放到buff中
CloseHandle(hFile);
retu = DeleteFile(sname);
if
(retu)
{
cout<<
"autorun.inf文件已经删除成功!"
<<endl;
}
for
(j = 0; buff[j] >= 1 && buff[j] <= 122; j++)
//截断放入到buff中的数据,得到inf文件内容
{
if
(buff[j-3] == 'E' && buff[j-2] == 'X' && buff[j-1] == 'E')
//如果发现是EXE,就停下来,并且结束字符串
{
buff[j] = 0x00;
//0x00表示字符串结束标志
break
;
}
}
n = j;
while
((buff[n] != '=') && (n > 9))
//从缓冲区后面开始找等号
{
n-=1;
}
for
(j = n+1, q = 3; buff[j]; j++,q++)
//上面一个for和while实现了找出木马完整路径,下面的把该路径赋值给name数组
{
name[q] = buff[j];
}
name[q] = 0x00;
SetFileAttributes(name, FILE_ATTRIBUTE_NORMAL);
retu = FALSE;
retu = DeleteFile(name);
if
(retu)
{
cout<<name<<
"文件已经删除!"
<<endl;
}
cout<<
"扫描结束!"
<<endl;
}
}
return
true
;
}
int
main()
{
cout<<
"U盘病毒专杀!"
<<endl;
cout<<
"-------by wiliwiin"
<<endl;
BOOL Bret;
Bret = DELU();
return
0;
}
本文转自wiliiwin 51CTO博客,原文链接:http://blog.51cto.com/wiliiwin/222098
