一个简单AutoRun病毒专杀的源代码-阿里云开发者社区

开发者社区> 数据库> 正文

一个简单AutoRun病毒专杀的源代码

简介:
InBlock.gif
#include <iostream.h> 
InBlock.gif#include <windows.h> 
InBlock.gif 
InBlock.gifBOOL DELU() 
InBlock.gif
InBlock.gif        UINT        revtype; 
InBlock.gif        HANDLE        hFile; 
InBlock.gif        DWORD        dwread; 
InBlock.gif        int                j,n,q; 
InBlock.gif        BOOL        retu; 
InBlock.gif        char        buff[256]; 
InBlock.gif        char        name[256] = "h:\\"; 
InBlock.gif        char        sname[256] = "h:\\autorun.inf"
InBlock.gif        for (BYTE i=0x41; i < 0x5b; i++)        //遍历所有盘符,从“A”到“Z” 
InBlock.gif 
InBlock.gif        { 
InBlock.gif                name[0] = i; 
InBlock.gif                revtype = GetDriveType(name);        //取得盘符类型 
InBlock.gif 
InBlock.gif                if (DRIVE_REMOVABLE == revtype)        //如果是移动盘符 
InBlock.gif 
InBlock.gif                { 
InBlock.gif                        sname[0] = name[0];                        //改变字符数组的第一个字母,也即盘符 
InBlock.gif 
InBlock.gif                        SetFileAttributes(sname, FILE_ATTRIBUTE_NORMAL);        //设置autorun.inf文件属性为正常,方便删除 
InBlock.gif 
InBlock.gif                        cout<<"找到移动设备,盘符为:"<<name[0]<<endl; 
InBlock.gif                        hFile = CreateFile(sname,        //打开找到的autorun.inf文件 
InBlock.gif 
InBlock.gif                                GENERIC_READ,    
InBlock.gif                                FILE_SHARE_READ,    
InBlock.gif                                NULL, OPEN_EXISTING,    
InBlock.gif                                FILE_ATTRIBUTE_ARCHIVE,    
InBlock.gif                                NULL); 
InBlock.gif                        ReadFile(hFile, &buff, strlen(buff), &dwread, NULL);        //读取autorun.inf文件的内容放到buff中 
InBlock.gif 
InBlock.gif                        CloseHandle(hFile); 
InBlock.gif                        retu = DeleteFile(sname); 
InBlock.gif                        if (retu) 
InBlock.gif                        { 
InBlock.gif                                cout<<"autorun.inf文件已经删除成功!"<<endl; 
InBlock.gif                        } 
InBlock.gif                        for (j = 0; buff[j] >= 1 && buff[j] <= 122; j++)                //截断放入到buff中的数据,得到inf文件内容 
InBlock.gif 
InBlock.gif                        { 
InBlock.gif 
InBlock.gif                        if (buff[j-3] == 'E' && buff[j-2] == 'X' && buff[j-1] == 'E')        //如果发现是EXE,就停下来,并且结束字符串 
InBlock.gif 
InBlock.gif                                { 
InBlock.gif                                        buff[j] = 0x00;                //0x00表示字符串结束标志 
InBlock.gif 
InBlock.gif                                        break
InBlock.gif                                } 
InBlock.gif                        } 
InBlock.gif                        n = j; 
InBlock.gif                        while ((buff[n] != '=') && (n > 9))                //从缓冲区后面开始找等号 
InBlock.gif 
InBlock.gif                        { 
InBlock.gif                                n-=1; 
InBlock.gif                        } 
InBlock.gif                        for (j = n+1, q = 3; buff[j]; j++,q++)        //上面一个for和while实现了找出木马完整路径,下面的把该路径赋值给name数组 
InBlock.gif 
InBlock.gif                        { 
InBlock.gif                                name[q] = buff[j]; 
InBlock.gif                        } 
InBlock.gif                        name[q] = 0x00; 
InBlock.gif                        SetFileAttributes(name, FILE_ATTRIBUTE_NORMAL); 
InBlock.gif                        retu = FALSE; 
InBlock.gif                        retu = DeleteFile(name); 
InBlock.gif                        if (retu) 
InBlock.gif                        { 
InBlock.gif                                cout<<name<<"文件已经删除!"<<endl; 
InBlock.gif                        } 
InBlock.gif                        cout<<"扫描结束!"<<endl; 
InBlock.gif 
InBlock.gif                } 
InBlock.gif        } 
InBlock.gif        return true
InBlock.gif
InBlock.gif 
InBlock.gifint main() 
InBlock.gif
InBlock.gif        cout<<"U盘病毒专杀!"<<endl; 
InBlock.gif        cout<<"-------by wiliwiin"<<endl; 
InBlock.gif        BOOL Bret; 
InBlock.gif        Bret = DELU(); 
InBlock.gif        return 0; 
InBlock.gif

InBlock.gif 



本文转自wiliiwin 51CTO博客,原文链接:http://blog.51cto.com/wiliiwin/222098


版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。

分享:
数据库
使用钉钉扫一扫加入圈子
+ 订阅

分享数据库前沿,解构实战干货,推动数据库技术变革

其他文章