当前位置:   article > 正文

最新征途木马专杀工具-------------------------SMSS.exe_smss.exe 专杀

smss.exe 专杀

SMSS病毒介绍:这是一种Windows下的PE病毒,它采用VB6编写 ,是一个能够破坏IE和EXPLORER的征途木马病毒变种。该病毒会在注册表中多处添加自己的启动项,还会修改系统文件,并在[WINDOWS]项中加入"RUN" = "%WINDIR%/SMSS.EXE"。
病毒症状:确定自己中招没就看看吧!如果打开网页超慢,资源管理器无法正常使用,并且系统会进入倒计时关机,以及系统进程中出现了2个smss.exe进程,而且其中的smss.exe路径是"WINDOWS/SMSS.EXE",那就是中了这种病毒。

针对现在最新的征途木马变种SMSS.exe写的专杀工具!!!enjoy!

因为不知道CSDN该怎么上传,所以只好引用我网络硬盘的地址了!唉!

下载地址:http://www.vdisk.cn/API/fileq.php?sid=1163360.1157101632.-1120202758

 

公布源码:

// KillerDlg.cpp : implementation file
//

#include "stdafx.h"
#include "KillerDlg.h"
#include<Tlhelp32.h>

#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif

/
//log
FILE *fp;
//Registry Editor
HKEY hKey;
char content[256];
DWORD dwType=REG_SZ;
DWORD dwLength=256;
struct HKEY__*RootKey;
TCHAR *SubKey;
TCHAR *KeyName;
TCHAR *ValueName;
LPBYTE SetContent_S;
int SetContent_D[256];
BYTE SetContent_B[256];

int ShowContent (struct HKEY__*ReRootKey,TCHAR *ReSubKey,TCHAR *ReValueName);
int SetValue_S (struct HKEY__*ReRootKey,TCHAR *ReSubKey,TCHAR *ReValueName,LPBYTE ReSetContent_S);
int SetValue_D (struct HKEY__*ReRootKey,TCHAR *ReSubKey,TCHAR *ReValueName,int ReSetContent_D[256]);
int SetValue_B (struct HKEY__*ReRootKey,TCHAR *ReSubKey,TCHAR *ReValueName,BYTE ReSetContent_B[256]);
int DeleteKey (struct HKEY__*ReRootKey,TCHAR *ReSubKey,TCHAR *ReKeyName);
int DeleteValue (struct HKEY__*ReRootKey,TCHAR *ReSubKey,TCHAR *ReValueName);

/**********************************************************
Function name:ShowContent
Description:show content
Parameter:ReRootKey root key, ReSubKey sub keu
   ReValueName value name
Return:int
Time:2006.07.31
***********************************************************/
ShowContent (struct HKEY__*ReRootKey,TCHAR *ReSubKey,TCHAR *ReValueName)
{
 int i=0; //0==succeed
 if(RegOpenKeyEx(ReRootKey,ReSubKey,0,KEY_READ,&hKey)==ERROR_SUCCESS)
 {
  if(RegQueryValueEx(hKey,ReValueName,NULL,&dwType,(unsigned char *)content,&dwLength)!=ERROR_SUCCESS)
  {
   AfxMessageBox("Error:cannot access Registry");
   i=1;
  }
  RegCloseKey(hKey);
 }
 else
 {
  AfxMessageBox("Error:cannot find the hKEY");
  i=1;
 }
 return i;
}

/**********************************************************
Function name:SetValue_S
Description:set string value
Parameter:ReRootKey root key, ReSubKey sub keu
   ReValueName value name
Return:int
Time:2006.07.31
***********************************************************/
SetValue_S (struct HKEY__*ReRootKey,TCHAR *ReSubKey,TCHAR *ReValueName,LPBYTE ReSetContent_S)
{
 int i=0; //0==succeed
 //int StrLength;
 //StrLength=CString(SetContent_S).GetLength();

 if(RegOpenKeyEx(ReRootKey,ReSubKey,0,KEY_WRITE,&hKey)==ERROR_SUCCESS)
 {
  if(RegSetValueEx(hKey,ReValueName,NULL,REG_SZ,ReSetContent_S,CString(SetContent_S).GetLength())!=ERROR_SUCCESS)
  {
   AfxMessageBox("Error:cannot access Registry");
   i=1;
  }
  RegCloseKey(hKey);
 }
 else
 {
  AfxMessageBox("Error:cannot find the hKEY");
  i=1;
 }
 return i;
}

/**********************************************************
Function name:SetValue_D
Description:set DWORD value
Parameter:ReRootKey root key, ReSubKey sub keu
   ReValueName value name
Return:int
Time:2006.07.31
***********************************************************/
SetValue_D (struct HKEY__*ReRootKey,TCHAR *ReSubKey,TCHAR *ReValueName,int ReSetContent_D[256])
{
 int i=0; //0==succeed
 if(RegOpenKeyEx(ReRootKey,ReSubKey,0,KEY_WRITE,&hKey)==ERROR_SUCCESS)
 {
  if(RegSetValueEx(hKey,ReValueName,NULL,REG_DWORD,(const unsigned char *)ReSetContent_D,4)!=ERROR_SUCCESS)
  {
   AfxMessageBox("Error:cannot access Registry");
   i=1;
  }
  RegCloseKey(hKey);
 }
 else
 {
  AfxMessageBox("Error:cannot find the hKEY");
  i=1;
 }
 return i;
}

/**********************************************************
Function name:SetValue_B
Description:set binary value
Parameter:ReRootKey root key, ReSubKey sub keu
   ReValueName value name
Return:int
Time:2006.07.31
***********************************************************/
SetValue_B (struct HKEY__*ReRootKey,TCHAR *ReSubKey,TCHAR *ReValueName,BYTE ReSetContent_B[256])
{
 int i=0; //0==succeed
 if(RegOpenKeyEx(ReRootKey,ReSubKey,0,KEY_WRITE,&hKey)==ERROR_SUCCESS)
 {
  if(RegSetValueEx(hKey,ReValueName,NULL,REG_BINARY,(const unsigned char *)ReSetContent_B,4)!=ERROR_SUCCESS)
  {
   AfxMessageBox("Error:cannot access Registry");
   i=1;
  }
  RegCloseKey(hKey);
 }
 else
 {
  AfxMessageBox("Error:cannot find the hKEY");
  i=1;
 }
 return i;
}

/**********************************************************
Function name:DeleteKey
Description:delete sub key
Parameter:ReRootKey root key, ReSubKey sub keu
   ReValueName value name
Return:int
Time:2006.07.31
***********************************************************/
DeleteKey (struct HKEY__*ReRootKey,TCHAR *ReSubKey,TCHAR *ReKeyName)
{
 int i=0; //0==succeed
 if((RegOpenKeyEx(ReRootKey,ReSubKey,0,KEY_WRITE,&hKey))==ERROR_SUCCESS)
 {
  if((RegDeleteKey(hKey,ReKeyName))!=ERROR_SUCCESS)
  {
   AfxMessageBox("Error: cannot delete sub key!");
   i=1;
  }
  RegCloseKey(hKey);
 }
 else
 {
  AfxMessageBox("Error:cannot find the hKEY");
  i=1;
 }
 return i;
}

/**********************************************************
Function name:DeleteValue
Description:delete value
Parameter:ReRootKey root key, ReSubKey sub keu
   ReValueName value name
Return:int
Time:2006.07.31
***********************************************************/
DeleteValue (struct HKEY__*ReRootKey,TCHAR *ReSubKey,TCHAR *ReValueName)
{
 int i=0; //0==succeed
 if(RegOpenKeyEx(ReRootKey,ReSubKey,0,KEY_WRITE,&hKey)==ERROR_SUCCESS)
 {
  if(RegDeleteValue(hKey,ReValueName)!=ERROR_SUCCESS)
  {
   i=1;
  }
  RegCloseKey(hKey);
 }
 else
 {
  i=1;
 }
 return i;
}

/
// CAboutDlg dialog used for App About

class CAboutDlg : public CDialog
{
public:
 CAboutDlg();

// Dialog Data
 //{{AFX_DATA(CAboutDlg)
 enum { IDD = IDD_ABOUTBOX };
 //}}AFX_DATA

 // ClassWizard generated virtual function overrides
 //{{AFX_VIRTUAL(CAboutDlg)
 protected:
 virtual void DoDataExchange(CDataExchange* pDX);    // DDX/DDV support
 //}}AFX_VIRTUAL

// Implementation
protected:
 //{{AFX_MSG(CAboutDlg)
 //}}AFX_MSG
 DECLARE_MESSAGE_MAP()
};

CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD)
{
 //{{AFX_DATA_INIT(CAboutDlg)
 //}}AFX_DATA_INIT
}

void CAboutDlg::DoDataExchange(CDataExchange* pDX)
{
 CDialog::DoDataExchange(pDX);
 //{{AFX_DATA_MAP(CAboutDlg)
 //}}AFX_DATA_MAP
}

BEGIN_MESSAGE_MAP(CAboutDlg, CDialog)
 //{{AFX_MSG_MAP(CAboutDlg)
  // No message handlers
 //}}AFX_MSG_MAP
END_MESSAGE_MAP()

/
// CMyDlg dialog

CMyDlg::CMyDlg(CWnd* pParent /*=NULL*/)
 : CDialog(CMyDlg::IDD, pParent)
{
 //{{AFX_DATA_INIT(CMyDlg)
  // NOTE: the ClassWizard will add member initialization here
 //}}AFX_DATA_INIT
 // Note that LoadIcon does not require a subsequent DestroyIcon in Win32
 m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}

void CMyDlg::DoDataExchange(CDataExchange* pDX)
{
 CDialog::DoDataExchange(pDX);
 //{{AFX_DATA_MAP(CMyDlg)
  DDX_Control(pDX, IDC_LIST1, m_list);
  DDX_Control(pDX, IDC_PROGRESS1, m_progress);
 //}}AFX_DATA_MAP
}

BEGIN_MESSAGE_MAP(CMyDlg, CDialog)
 //{{AFX_MSG_MAP(CMyDlg)
 ON_WM_SYSCOMMAND()
 ON_WM_PAINT()
 ON_WM_QUERYDRAGICON()
 ON_BN_CLICKED(IDC_BUTTON2, OnButton2)
 ON_BN_CLICKED(IDC_BUTTON1, OnButton1)
 ON_BN_CLICKED(IDC_BUTTON3, OnButton3)
 //}}AFX_MSG_MAP
END_MESSAGE_MAP()

/
// CMyDlg message handlers

BOOL CMyDlg::OnInitDialog()
{
 CDialog::OnInitDialog();

 m_bFinded = FALSE;

 m_progress.SetRange(0,100);
 m_progress.SetPos(0);
 iPos = 0;

 m_list.InsertColumn(0, "    Virus Name", LVCFMT_LEFT, 120, 0);
 m_list.InsertColumn(1, "ProID", LVCFMT_CENTER, 65, 1);
 m_list.InsertColumn(2, "Parent ProID", LVCFMT_CENTER, 90, 2);

 m_list.DeleteAllItems();

 // Add "About..." menu item to system menu.

 // IDM_ABOUTBOX must be in the system command range.
 ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
 ASSERT(IDM_ABOUTBOX < 0xF000);

 CMenu* pSysMenu = GetSystemMenu(FALSE);
 if (pSysMenu != NULL)
 {
  CString strAboutMenu;
  strAboutMenu.LoadString(IDS_ABOUTBOX);
  if (!strAboutMenu.IsEmpty())
  {
   pSysMenu->AppendMenu(MF_SEPARATOR);
   pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
  }
 }

 // Set the icon for this dialog.  The framework does this automatically
 //  when the application's main window is not a dialog
 SetIcon(m_hIcon, TRUE);   // Set big icon
 SetIcon(m_hIcon, FALSE);  // Set small icon

 // TODO: Add extra initialization here

 return TRUE;  // return TRUE  unless you set the focus to a control
}

void CMyDlg::OnSysCommand(UINT nID, LPARAM lParam)
{
 if ((nID & 0xFFF0) == IDM_ABOUTBOX)
 {
  CAboutDlg dlgAbout;
  dlgAbout.DoModal();
 }
 else
 {
  CDialog::OnSysCommand(nID, lParam);
 }
}

// If you add a minimize button to your dialog, you will need the code below
//  to draw the icon.  For MFC applications using the document/view model,
//  this is automatically done for you by the framework.

void CMyDlg::OnPaint()
{
 if (IsIconic())
 {
  CPaintDC dc(this); // device context for painting

  SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);

  // Center icon in client rectangle
  int cxIcon = GetSystemMetrics(SM_CXICON);
  int cyIcon = GetSystemMetrics(SM_CYICON);
  CRect rect;
  GetClientRect(&rect);
  int x = (rect.Width() - cxIcon + 1) / 2;
  int y = (rect.Height() - cyIcon + 1) / 2;

  // Draw the icon
  dc.DrawIcon(x, y, m_hIcon);
 }
 else
 {
  CDialog::OnPaint();
 }
}

// The system calls this to obtain the cursor to display while the user drags
//  the minimized window.
HCURSOR CMyDlg::OnQueryDragIcon()
{
 return (HCURSOR) m_hIcon;
}

/**********************************************************
Function name:DeleteVirusFiles
Description:delete virus files
Parameter: NULL
Return:int count of virus files
Time:2006.07.31
***********************************************************/
int CMyDlg::DeleteVirusFiles()
{
 int i = 0;
 BOOL bRet = FALSE;
 char chBuf[256];
 char chLog[256];
 CString str, strWIN, strSYS, strPRO;

 GetWindowsDirectory(chBuf, 256);

 strWIN = chBuf;

 strcat(chBuf, "//SMSS.EXE");

 HANDLE hFile = CreateFile(chBuf, GENERIC_READ|GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);

 if (hFile == INVALID_HANDLE_VALUE)
 {
  WriteLog("No virus files found");
  return -1;
 }

 CloseHandle(hFile);

 WriteLog("Find virus key process:SMSS.exe");

 m_progress.SetPos(iPos++);

 str = strWIN + "//1.com";
 bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
 if (bRet)
 {
  sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to delete virus file‘ %s’", str);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 str = strWIN + "//ExERoute.exe";
 bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
 if (bRet)
 {
  sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to delete virus file‘ %s’", str);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 str = strWIN + "//explorer.com";
 bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
 if (bRet)
 {
  sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to delete virus file‘ %s’", str);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 str = strWIN + "//finder.com";
 bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
 if (bRet)
 {
  sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to delete virus file‘ %s’", str);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 str = strWIN + "//SMSS.EXE";
 bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
 if (bRet)
 {
  sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to delete virus file‘ %s’", str);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 str = strWIN + "//BOOT.BIN.BAK";
 bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
 if (bRet)
 {
  sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to delete virus file‘ %s’", str);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 str = strWIN + "//Debug//DebugProgram.exe";
 bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
 if (bRet)
 {
  sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to delete virus file‘ %s’", str);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 strSYS = strWIN + "//system32";

 str = strSYS + "//command.pif";
 bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
 if (bRet)
 {
  sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to delete virus file‘ %s’", str);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 str = strSYS + "//dxdiag.com";
 bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
 if (bRet)
 {
  sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to delete virus file‘ %s’", str);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 str = strSYS + "//finder.com";
 bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
 if (bRet)
 {
  sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to delete virus file‘ %s’", str);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 str = strSYS + "//MSCONFIG.COM";
 bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
 if (bRet)
 {
  sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to delete virus file‘ %s’", str);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 str = strSYS + "//regedit.com";
 bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
 if (bRet)
 {
  sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to delete virus file‘ %s’", str);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 str = strSYS + "//rundll32.com";
 bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
 if (bRet)
 {
  sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to delete virus file‘ %s’", str);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 strPRO = strWIN.Left(1) + "://Program Files";

 str = strPRO + "//Internet Explorer//iexplore.com";
 bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
 if (bRet)
 {
  sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to delete virus file‘ %s’", str);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 str = strPRO + "//Common Files//iexplore.pif";
 bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
 if (bRet)
 {
  sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to delete virus file‘ %s’", str);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 bRet = DeleteFile("D://autorun.inf");
 if (bRet)
 {
  sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to delete virus file‘ %s’", str);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 bRet = DeleteFile("D://pagefile.pif");
 if (bRet)
 {
  sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to delete virus file‘ %s’", str);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 


 return i;
}

/**********************************************************
Function name:DeleteRegValues
Description:delete virus registry
Parameter: NULL
Return:int
Time:2006.07.31
***********************************************************/
int CMyDlg::DeleteRegValues()
{
 int i = 0;
 char chLog[256];

 RootKey = HKEY_LOCAL_MACHINE;
 SubKey = "Software//Microsoft//Windows//CurrentVersion//Run";
 ValueName = "TProgram";

 if( !(DeleteValue(RootKey, SubKey, ValueName)) )
 {
  sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to recover registry key <%s>", SubKey);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);


 RootKey = HKEY_LOCAL_MACHINE;
 SubKey = "Software//Microsoft//Windows//CurrentVersion//Runservices";
 ValueName = "TProgram";

 if( !(DeleteValue(RootKey, SubKey, ValueName)) )
 {
  sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to recover registry key <%s>", SubKey);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 RootKey = HKEY_LOCAL_MACHINE;
 SubKey = "Software//Microsoft//Windows NT//CurrentVersion//Winlogon";
 ValueName = "Shell";
 SetContent_S = LPBYTE("Explorer.exe");

 if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
 {
  sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to recover registry key <%s>", SubKey);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 RootKey = HKEY_LOCAL_MACHINE;
 SubKey = "Software//Classes//.bfc//ShellNew";
 ValueName = "Command";
 SetContent_S = LPBYTE("%SystemRoot%//system32//rundll32.exe %SystemRoot%//system32//syncui.dll,Briefcase_Create %2!d! %1");

 if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
 {
  sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to recover registry key <%s>", SubKey);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 RootKey = HKEY_LOCAL_MACHINE;
 SubKey = "Software//Classes//.lnk//ShellNew";
 ValueName = "Command";
 SetContent_S = LPBYTE("rundll32.exe appwiz.cpl,NewLinkHere %1");

 if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
 {
  sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to recover registry key <%s>", SubKey);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);


 RootKey = HKEY_LOCAL_MACHINE;
 SubKey = "Software//Classes//Applications//iexplore.exe//shell//open//command";
 ValueName = "";
 SetContent_S = LPBYTE("%ProgramFiles%//Internet Explorer//IEXPLORE.EXE");

 if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
 {
  sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to recover registry key <%s>", SubKey);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 RootKey = HKEY_LOCAL_MACHINE;
 SubKey = "Software//Classes//CLSID//{871C5380-42A0-1069-A2EA-08002B30309D}//shell//OpenHomePage//command";
 ValueName = "";
 SetContent_S = LPBYTE("%ProgramFiles%//Internet Explorer//IEXPLORE.EXE");

 if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
 {
  sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to recover registry key <%s>", SubKey);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 RootKey = HKEY_LOCAL_MACHINE;
 SubKey = "Software//Classes//cplfile//shell//cplopen//command";
 ValueName = "";
 SetContent_S = LPBYTE("rundll32.exe shell32.dll,Control_RunDLL %1,%*");

 if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
 {
  sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to recover registry key <%s>", SubKey);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 RootKey = HKEY_LOCAL_MACHINE;
 SubKey = "Software//Classes//Drive//shell//find//command";
 ValueName = "";
 SetContent_S = LPBYTE("%SystemRoot%//Explorer.exe");

 if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
 {
  sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to recover registry key <%s>", SubKey);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);


 RootKey = HKEY_LOCAL_MACHINE;
 SubKey = "Software//Classes//dunfile//shell//open//command";
 ValueName = "";
 SetContent_S = LPBYTE("%SystemRoot%//system32//RUNDLL32.EXE NETSHELL.DLL,InvokeDunFile %1");

 if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
 {
  sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to recover registry key <%s>", SubKey);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 RootKey = HKEY_LOCAL_MACHINE;
 SubKey = "Software//Classes//ftp//shell//open//command";
 ValueName = "";
 SetContent_S = LPBYTE("%ProgramFiles%//Internet Explorer//iexplore.exe %1");

 if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
 {
  sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to recover registry key <%s>", SubKey);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 RootKey = HKEY_LOCAL_MACHINE;
 SubKey = "Software//Classes//htmlfile//shell//open//command";
 ValueName = "";
 SetContent_S = LPBYTE("%ProgramFiles%//Internet Explorer//iexplore.exe %1");

 if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
 {
  sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to recover registry key <%s>", SubKey);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 RootKey = HKEY_LOCAL_MACHINE;
 SubKey = "Software//Classes//htmlfile//shell//opennew//command";
 ValueName = "";
 SetContent_S = LPBYTE("%ProgramFiles%//Internet Explorer//iexplore.exe %1");

 if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
 {
  sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to recover registry key <%s>", SubKey);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);


 RootKey = HKEY_LOCAL_MACHINE;
 SubKey = "Software//Classes//http//shell//open//command";
 ValueName = "";
 SetContent_S = LPBYTE("%ProgramFiles%//Internet Explorer//iexplore.exe %1");

 if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
 {
  sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to recover registry key <%s>", SubKey);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);


 RootKey = HKEY_LOCAL_MACHINE;
 SubKey = "Software//Classes//inffile//shell//install//command";
 ValueName = "";
 SetContent_S = LPBYTE("%SystemRoot%//System32//rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1");

 if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
 {
  sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to recover registry key <%s>", SubKey);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 RootKey = HKEY_LOCAL_MACHINE;
 SubKey = "Software//Classes//inffile//shell//open//command";
 ValueName = "";
 SetContent_S = LPBYTE("%SystemRoot%//System32//NOTEPAD.EXE %1");

 if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
 {
  sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to recover registry key <%s>", SubKey);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 RootKey = HKEY_LOCAL_MACHINE;
 SubKey = "Software//Classes//inffile//shell//print//command";
 ValueName = "";
 SetContent_S = LPBYTE("%SystemRoot%//System32//NOTEPAD.EXE /p %1");

 if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
 {
  sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to recover registry key <%s>", SubKey);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 RootKey = HKEY_LOCAL_MACHINE;
 SubKey = "Software//Classes//InternetShortcut//shell//open//command";
 ValueName = "";
 SetContent_S = LPBYTE("%ProgramFiles%//Internet Explorer//iexplore.exe %1");

 if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
 {
  sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to recover registry key <%s>", SubKey);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 RootKey = HKEY_LOCAL_MACHINE;
 SubKey = "Software//Classes//InternetShortcut//shell//print//command";
 ValueName = "";
 SetContent_S = LPBYTE("rundll32.exe %SystemRoot%//system32//mshtml.dll,PrintHTML /"%1/"");

 if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
 {
  sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to recover registry key <%s>", SubKey);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 RootKey = HKEY_LOCAL_MACHINE;
 SubKey = "Software//Classes//InternetShortcut//shell//printto//command";
 ValueName = "";
 SetContent_S = LPBYTE("rundll32.exe %SystemRoot%//system32//mshtml.dll,PrintHTML /"%1/" /"%2/" /"%3/" /"%4/"");

 if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
 {
  sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to recover registry key <%s>", SubKey);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 RootKey = HKEY_LOCAL_MACHINE;
 SubKey = "Software//Classes//scrfile//shell//install//command";
 ValueName = "";
 SetContent_S = LPBYTE("rundll32.exe desk.cpl,InstallScreenSaver %l");

 if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
 {
  sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to recover registry key <%s>", SubKey);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 RootKey = HKEY_LOCAL_MACHINE;
 SubKey = "Software//Classes//scrfile//shell//open//command";
 ValueName = "";
 SetContent_S = LPBYTE("/"%1/" /S");

 if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
 {
  sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to recover registry key <%s>", SubKey);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 RootKey = HKEY_LOCAL_MACHINE;
 SubKey = "Software//Classes//scriptletfile//shell//Generate Typelib//command";
 ValueName = "";
 SetContent_S = LPBYTE("/"C://WINNT//system32//RUNDLL32.EXE/" C://WINNT//system32//scrobj.dll,GenerateTypeLib /"%1/"");

 if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
 {
  sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to recover registry key <%s>", SubKey);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 RootKey = HKEY_LOCAL_MACHINE;
 SubKey = "Software//Classes//scriptletfile//shell//open//command";
 ValueName = "";
 SetContent_S = LPBYTE("/"C://WINNT//NOTEPAD.EXE/" /"%1/"");

 if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
 {
  sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to recover registry key <%s>", SubKey);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 RootKey = HKEY_LOCAL_MACHINE;
 SubKey = "Software//Classes//telnet//shell//open//command";
 ValueName = "";
 SetContent_S = LPBYTE("C://Program Files//Windows NT//hypertrm.exe /t %1");

 if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
 {
  sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to recover registry key <%s>", SubKey);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 RootKey = HKEY_LOCAL_MACHINE;
 SubKey = "Software//Classes//Unknown//shell//openas//command";
 ValueName = "";
 SetContent_S = LPBYTE("%SystemRoot%//system32//rundll32.exe %SystemRoot%//system32//shell32.dll,OpenAs_RunDLL %1");

 if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
 {
  sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to recover registry key <%s>", SubKey);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);


 RootKey = HKEY_LOCAL_MACHINE;
 SubKey = "Software//Clients//StartMenuInternet";
 ValueName = "";
 SetContent_S = LPBYTE("iexplore.exe");

 if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
 {
  sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
  WriteLog(chLog);
 }
 else
 {
  i++;
  sprintf(chLog, "failed to recover registry key <%s>", SubKey);
  WriteLog(chLog);
 }

 m_progress.SetPos(iPos++);

 return i;
}

/**********************************************************
Function name:WriteLog
Description: log
Parameter:  char* chLog
Return:void
Time:2006.07.31
***********************************************************/
void CMyDlg::WriteLog(char* chLog)
{
 SYSTEMTIME NowT;
 GetLocalTime(&NowT);

 //char chTEMP[256];
 //sprintf(chTEMP,"%%SystemRoot%%//system32//syncui.dll,Briefcase_Create %%2!d! %%1");
 fp = fopen("result.log", "a+");
 if (fp != NULL)
 {
  fprintf(fp," %d/%d/%d/ %d:%d:%d %s/n", NowT.wYear, NowT.wMonth, NowT.wDay,
   NowT.wHour, NowT.wMinute, NowT.wSecond, chLog);
  //fprintf(fp,"%s/%/n",chLog);
  fclose(fp);

 }
}

void CMyDlg::OnOK()
{
 CString strVirusName;

 char chMsg[256];

 int iCount = 0;

 iCount = DeleteRegValues();
   if (iCount>0)
   {
    sprintf(chMsg, "failed to delete [%d] virus files, please try it again on Safemode. read log for details.", iCount);
    AfxMessageBox(chMsg);
   }
 m_bFinded = FALSE;
 m_list.DeleteAllItems();
 HANDLE SnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
 if (SnapShot == NULL)
 {
  MessageBox("failed to kill the virus, please try it again on Safemode.");
  return;
 }
 SHFILEINFO shSmall;
 int nIndex;
 CString str, prcnum;
 PROCESSENTRY32 ProcessInfo;//declare process information
 ProcessInfo.dwSize = sizeof(ProcessInfo);//size of ProcessInfo

 BOOL Status = Process32First(SnapShot, &ProcessInfo);
 int m_nProcess=0, num=0;

 while(Status)
 {
  m_nProcess++;
  num++;
  //ZeroMemory(&shSmall,sizeof(shSmall));
  //get process info
  SHGetFileInfo(ProcessInfo.szExeFile, 0, &shSmall,
   sizeof(shSmall), SHGFI_ICON|SHGFI_SMALLICON);

  strVirusName = ProcessInfo.szExeFile;
  if (!strVirusName.Compare("SMSS.exe"))
  {
   WriteLog("detected SMSS virus");

   nIndex = m_list.InsertItem(m_nProcess, ProcessInfo.szExeFile);
   str.Format("%08x",ProcessInfo.th32ProcessID);
   m_list.SetItemText(nIndex,1,str);

   str.Format("%08x",ProcessInfo.th32ParentProcessID);
   m_list.SetItemText(nIndex,2,str);

   HANDLE hProcess = OpenProcess( PROCESS_ALL_ACCESS, FALSE,ProcessInfo.th32ProcessID);
   if (!::TerminateProcess(hProcess,1))
   {
    WriteLog("failed to kill");
    MessageBox("failed to kill the virus, please try it again on Windows Safemode.");
    iPos = 0;
    m_progress.SetPos(iPos);
    return;
   }
   m_progress.SetPos(iPos++);
   Sleep(100);//wait for stopping process
   iCount = DeleteVirusFiles();
   if (iCount>0)
   {
    sprintf(chMsg, "failed to delete [%d] virus files, please try it again on Safemode. read log for details.", iCount);
    AfxMessageBox(chMsg);
   }

   iCount = DeleteRegValues();
   if (iCount>0)
   {
    sprintf(chMsg, "failed to delete [%d] virus files, please try it again on Safemode. read log for details.", iCount);
    AfxMessageBox(chMsg);
   }

   m_bFinded = TRUE;
   break;
  }
  //get next process info
  Status=Process32Next(SnapShot,&ProcessInfo);
 }

 if (!m_bFinded)
 {
  WriteLog("no virus");

  if (DeleteVirusFiles() >= 0)
  {//cannot be found in processes, but in harddisk

   m_bFinded = TRUE;

   iCount = DeleteRegValues();
   if (iCount>0)
   {
    sprintf(chMsg, "failed to delete [%d] virus files, please try it again on Safemode. read log for details.", iCount);
    AfxMessageBox(chMsg);
   }
  }
 }
 m_progress.SetPos(100);

 if (!m_bFinded)
  MessageBox("congratulation! no virus be found");

 m_progress.SetPos(0);
 //CDialog::OnOK();
}

void CMyDlg::OnCancel()
{
 // TODO: Add extra cleanup here

 CDialog::OnCancel();
}

void CMyDlg::OnButton2()
{
 ShellExecute(NULL,"open","result.log","","", SW_SHOW);
}

void CMyDlg::OnButton1()
{
 DeleteFile("result.log");

}

void CMyDlg::OnButton3()
{
 PROCESS_INFORMATION pProcInfo;
 STARTUPINFO startUpInfo = { sizeof(STARTUPINFO),NULL,"",NULL,0,0,0,0,0,0,0,STARTF_USESHOWWINDOW,0,0,NULL,0,0,0};
 startUpInfo.wShowWindow = SW_SHOW;
 startUpInfo.lpDesktop = NULL;

 CreateProcess("C://WINNT//explore.exe","d://a.exe",NULL,NULL,TRUE,NORMAL_PRIORITY_CLASS,NULL,"d://",&startUpInfo,&pProcInfo);

}

 

 

 

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/小惠珠哦/article/detail/868793
推荐阅读
相关标签
  

闽ICP备14008679号