killruntimedlg.cpp

杀runtime病毒的源代码

// KillRunTimeDlg.cpp : implementation file
//

#include "stdafx.h"
#include "KillRunTime.h"
#include "KillRunTimeDlg.h"

#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif

/////////////////////////////////////////////////////////////////////////////
// CAboutDlg dialog used for App About

class CAboutDlg : public CDialog
{
public:
	CAboutDlg();

// Dialog Data
	//{{AFX_DATA(CAboutDlg)
	enum { IDD = IDD_ABOUTBOX };
	//}}AFX_DATA

	// ClassWizard generated virtual function overrides
	//{{AFX_VIRTUAL(CAboutDlg)
	protected:
	virtual void DoDataExchange(CDataExchange* pDX);    // DDX/DDV support
	//}}AFX_VIRTUAL

// Implementation
protected:
	//{{AFX_MSG(CAboutDlg)
	//}}AFX_MSG
	DECLARE_MESSAGE_MAP()
};

CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD)
{
	//{{AFX_DATA_INIT(CAboutDlg)
	//}}AFX_DATA_INIT
}

void CAboutDlg::DoDataExchange(CDataExchange* pDX)
{
	CDialog::DoDataExchange(pDX);
	//{{AFX_DATA_MAP(CAboutDlg)
	//}}AFX_DATA_MAP
}

BEGIN_MESSAGE_MAP(CAboutDlg, CDialog)
	//{{AFX_MSG_MAP(CAboutDlg)
		// No message handlers
	//}}AFX_MSG_MAP
END_MESSAGE_MAP()

/////////////////////////////////////////////////////////////////////////////
// CKillRunTimeDlg dialog

CKillRunTimeDlg::CKillRunTimeDlg(CWnd* pParent /*=NULL*/)
	: CDialog(CKillRunTimeDlg::IDD, pParent)
{
	//{{AFX_DATA_INIT(CKillRunTimeDlg)
	m_Path = _T("");
	m_Result = _T("");
	//}}AFX_DATA_INIT
	// Note that LoadIcon does not require a subsequent DestroyIcon in Win32
	m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}

void CKillRunTimeDlg::DoDataExchange(CDataExchange* pDX)
{
	CDialog::DoDataExchange(pDX);
	//{{AFX_DATA_MAP(CKillRunTimeDlg)
	DDX_Text(pDX, IDC_EDIT1, m_Path);
	DDX_Text(pDX, IDC_RESULT, m_Result);
	//}}AFX_DATA_MAP
}

BEGIN_MESSAGE_MAP(CKillRunTimeDlg, CDialog)
	//{{AFX_MSG_MAP(CKillRunTimeDlg)
	ON_WM_SYSCOMMAND()
	ON_WM_PAINT()
	ON_WM_QUERYDRAGICON()
	//}}AFX_MSG_MAP
END_MESSAGE_MAP()

/////////////////////////////////////////////////////////////////////////////
// CKillRunTimeDlg message handlers

BOOL CKillRunTimeDlg::OnInitDialog()
{
	CDialog::OnInitDialog();

	// Add "About..." menu item to system menu.

	// IDM_ABOUTBOX must be in the system command range.
	ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
	ASSERT(IDM_ABOUTBOX < 0xF000);

	CMenu* pSysMenu = GetSystemMenu(FALSE);
	if (pSysMenu != NULL)
	{
		CString strAboutMenu;
		strAboutMenu.LoadString(IDS_ABOUTBOX);
		if (!strAboutMenu.IsEmpty())
		{
			pSysMenu->AppendMenu(MF_SEPARATOR);
			pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
		}
	}

	// Set the icon for this dialog.  The framework does this automatically
	//  when the application's main window is not a dialog
	SetIcon(m_hIcon, TRUE);			// Set big icon
	SetIcon(m_hIcon, FALSE);		// Set small icon
	
	// TODO: Add extra initialization here
	DWORD dwDrives=GetLogicalDrives();
	for(char drive='A';drive<='Z'; ++drive)
		{
		if (dwDrives>>(drive-'A')&1)
			{
			CString sDrive;
			sDrive.Format("%c:",drive);
			if (::GetDriveType(sDrive)==DRIVE_FIXED||
				::GetDriveType(sDrive)==DRIVE_RAMDISK||
				::GetDriveType(sDrive)==DRIVE_NO_ROOT_DIR) m_Path+=sDrive+";";
			}
		}
	UpdateData(FALSE);

	return TRUE;  // return TRUE  unless you set the focus to a control
}

void CKillRunTimeDlg::OnSysCommand(UINT nID, LPARAM lParam)
{
	if ((nID & 0xFFF0) == IDM_ABOUTBOX)
	{
		CAboutDlg dlgAbout;
		dlgAbout.DoModal();
	}
	else
	{
		CDialog::OnSysCommand(nID, lParam);
	}
}

// If you add a minimize button to your dialog, you will need the code below
//  to draw the icon.  For MFC applications using the document/view model,
//  this is automatically done for you by the framework.

void CKillRunTimeDlg::OnPaint() 
{
	if (IsIconic())
	{
		CPaintDC dc(this); // device context for painting

		SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);

		// Center icon in client rectangle
		int cxIcon = GetSystemMetrics(SM_CXICON);
		int cyIcon = GetSystemMetrics(SM_CYICON);
		CRect rect;
		GetClientRect(&rect);
		int x = (rect.Width() - cxIcon + 1) / 2;
		int y = (rect.Height() - cyIcon + 1) / 2;

		// Draw the icon
		dc.DrawIcon(x, y, m_hIcon);
	}
	else
	{
		CDialog::OnPaint();
	}
}

// The system calls this to obtain the cursor to display while the user drags
//  the minimized window.
HCURSOR CKillRunTimeDlg::OnQueryDragIcon()
{
	return (HCURSOR) m_hIcon;
}

void CKillRunTimeDlg::OnOK() 
{
	// TODO: Add extra validation here
	UpdateData();
	MessageBox("请暂时关闭任何实时防火墙,以免防火墙读取文件引起病毒驻留！按“确定”开始杀毒！");
	m_Result="";
	char Path[1024];
	GetWindowsDirectory(Path,1024);
	CString WinPath=Path;
	SetFileAttributes(WinPath+"\\system\\blank.htm",FILE_ATTRIBUTE_NORMAL);
	if (::DeleteFile(WinPath+"\\system\\blank.htm")==TRUE)
		{m_Result+="Found Virus in "+WinPath+"\\system\\blank.htm Delete Success!\r\n";
		UpdateData(FALSE);}
	CFile RegFile;
	if (RegFile.Open("c:\\TanKill.reg",CFile::modeCreate|CFile::modeWrite)==TRUE)
		{
		CString RegData="REGEDIT4\r\n[HKEY_CURRENT_USER\\Control Panel\\International]\r\n\"Locale\"=\"00000804\"\r\n\"s1159\"=\"AM\"\r\n\"s2359\"=\"PM\"\r\n[HKEY_CLASSES_ROOT\\CLSID\\{21EC2020-3AEA-1069-A2DD-08002B30309D}]\r\n@=\"控制面板\"\r\n[HKEY_CLASSES_ROOT\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}]\r\n@=\"我的文档\"\r\n[HKEY_CLASSES_ROOT\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}]\r\n@=\"回收站\"\r\n[HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}]\r\n@=\"我的电脑\"\r\n[HKEY_CLASSES_ROOT\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}]\r\n@=\"打印机\"\r\n[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced]\r\n\"Hidden\"=dword:00000000\r\n\"HideFileExt\"=dword:00000000\r\n[HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main]\r\n\"Local Page\"=\"about:blank\"\r\n\"Start Page\"=\"about:blank\"\r\n";
		RegFile.Write(RegData,RegData.GetLength());
		RegFile.Close();
		if ((UINT)ShellExecute(NULL,_T("open"),"regedit.exe","/s c:\\TanKill.reg",WinPath,SW_HIDE)>HINSTANCE_ERROR)
			{m_Result+="Update System Registry Success!\r\n";
			UpdateData(FALSE);}
		else
			{m_Result+="[Error]Update System Registry Failed!\r\n";
			UpdateData(FALSE);
			MessageBox("不能恢复注册表键值!");}
		::DeleteFile("c:\\TanKill.reg");
		}
	else
		{m_Result+="[Error]Update System Registry Failed!\r\n";
		UpdateData(FALSE);
		MessageBox("不能恢复注册表键值!");}

	CString TmpPath;
	while(!m_Path.IsEmpty())
		{
		if (m_Path.Find(";",0)!=-1)
			{TmpPath=m_Path.Left(m_Path.Find(";",0));
			m_Path=m_Path.Mid(m_Path.Find(";",0)+1);
			}
		else
			{TmpPath=m_Path;
			m_Path="";}
		if (TmpPath.GetAt(TmpPath.GetLength()-1)==(TCHAR)'\\')
			TmpPath=TmpPath.Left(TmpPath.GetLength()-1);
		KillMyDirectory(TmpPath);
		}
	MessageBox("杀毒完成!");
}

void CKillRunTimeDlg::KillMyDirectory(CString FindPath)
{
WIN32_FIND_DATA fd;
HANDLE FindHandle=NULL;
CString Path=FindPath+"\\*.*";
CString FileName;
char VirusFeature[4];
VirusFeature[0]=(char)0x87;
VirusFeature[1]=(char)0x95;
VirusFeature[2]='\0';
FindHandle=::FindFirstFile(Path,&fd);
do
{
if (FindHandle!=INVALID_HANDLE_VALUE)
	{if (fd.dwFileAttributes&FILE_ATTRIBUTE_DIRECTORY)
		{if (fd.cFileName[0]!='.')
			KillMyDirectory(FindPath+"\\"+fd.cFileName);
		}
	else
		{
		FileName=fd.cFileName;
		FileName.MakeLower();
		FileName=FindPath+"\\"+FileName;
		GetDlgItem(IDC_DISPLAY)->SetWindowText("Scaning..."+FileName);
		if (FileName.Find(".htt",0)!=-1) ScanFile(FileName);
		else if (FileName.Find(".htm",0)!=-1) ScanFile(FileName);
		else if (FileName.Find(".html",0)!=-1) ScanFile(FileName);
		else if (FileName.Find(".asp",0)!=-1) ScanFile(FileName);
		else if (FileName.Find(".php",0)!=-1) ScanFile(FileName);
		else if (FileName.Find(".jsp",0)!=-1) ScanFile(FileName);
		else if (FileName.Find(".vbs",0)!=-1) ScanFile(FileName);
		else if (FileName.Find(VirusFeature,0)!=-1) CheckFile(FileName);
		}
	}
}
while(FindHandle!=INVALID_HANDLE_VALUE&&::FindNextFile(FindHandle,&fd)==TRUE);
}

void CKillRunTimeDlg::ScanFile(CString FileName)
{
CFile tmpFile;
if (tmpFile.Open(FileName,CFile::modeRead)==FALSE)
	{MessageBox("不能打开文件"+FileName);
	m_Result+="[Error]Can't Open File "+FileName+"\r\n";
	UpdateData(FALSE);
	return;}
CString tmpComp;
char tmpData[1025];
tmpFile.Read(&tmpData,40);
tmpData[40]='\0';
tmpComp=tmpData;
tmpComp.MakeLower();
if (tmpComp.Find("vbscript:run_time()",0)!=-1)
	{
	tmpFile.SeekToBegin();
	tmpComp="";
	UINT uBytesRead=1024;
	for(;uBytesRead==1024;)
		{
		uBytesRead=tmpFile.Read(&tmpData,1024);
		tmpData[uBytesRead]='\0';
		tmpComp+=tmpData;
		}
	if (tmpComp.Find(">",0)!=-1)
		{
		tmpComp=tmpComp.Mid(tmpComp.Find(">",0)+1);
		if (tmpComp.Find("<!-- Don't modify this line, required by system protocol! -->",0)!=-1)
			tmpComp=tmpComp.Left(tmpComp.Find("<!-- Don't modify this line, required by system protocol! -->",0));
		tmpFile.Close();
		if (tmpFile.Open(FileName,CFile::modeWrite|CFile::modeCreate)==FALSE)
			{MessageBox("不能修改文件"+FileName);
			m_Result+="[Error]Found Virus "+FileName+"...Modified Error!\r\n";
			UpdateData(FALSE);
			return;}
		tmpFile.Write(tmpComp,tmpComp.GetLength());
		}
	m_Result+="Found Virus "+FileName+"...Killed Success!\r\n";
	UpdateData(FALSE);
	}
tmpFile.Close();
}

void CKillRunTimeDlg::CheckFile(CString FileName)
{
CFile tmpFile;
if (tmpFile.Open(FileName,CFile::modeRead)==FALSE)
	{MessageBox("不能打开文件"+FileName);
	m_Result+="[Error]Can't Open File "+FileName+"\r\n";
	UpdateData(FALSE);
	return;}
CString tmpComp;
char tmpData[1025];
tmpFile.Read(&tmpData,40);
tmpFile.Close();
tmpData[40]='\0';
tmpComp=tmpData;
tmpComp.MakeLower();
if (tmpComp.Find("MZ@",0)!=-1)
	{
	SetFileAttributes(FileName,FILE_ATTRIBUTE_NORMAL);
	if (::DeleteFile(FileName)==TRUE)
		m_Result+="Found Virus in "+FileName+"...Delete Success!\r\n";
	else
		m_Result+="[Error]Found Virus in "+FileName+"...Delete Failed!\r\n";
	UpdateData(FALSE);
	}
}