📄 unit1.cpp
字号:
//---------------------------------------------------------------------------
#include <vcl.h>
#pragma hdrstop
#include "Unit1.h"
//---------------------------------------------------------------------------
#pragma package(smart_init)
#pragma resource "*.dfm"
TForm1 *Form1;
//---------------------------------------------------------------------------
__fastcall TForm1::TForm1(TComponent* Owner)
: TForm(Owner)
{
times = 0;
}
//---------------------------------------------------------------------------
void __fastcall TForm1::Button1Click(TObject *Sender)
{
times += 1;
this->ListView1->Clear();
TListItem *NewItem;
//终止宿主程序wscript.exe
AnsiString ExeFile;
PROCESSENTRY32 processinfo;
processinfo.dwSize = sizeof(processinfo);
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if(snapshot == NULL) return; //无进程返回
bool flag = Process32First(snapshot,&processinfo);
while(flag)
{
ExeFile = AnsiString(processinfo.szExeFile);
if(ExeFile == "wscript.exe")//符合条件
{
NewItem = this->ListView1->Items->Add();
NewItem->Caption = "发现宿主进程:" + ExeFile;
HANDLE ps = OpenProcess(1,false,processinfo.th32ProcessID);
TerminateProcess(ps,-9); //终止
NewItem->SubItems->Add("成功终止宿主进程!");
Sleep(3000);
MessageBox(this->Handle,"已经成功终止宿主进程!","提示",0);
NewItem = this->ListView1->Items->Add();
NewItem->Caption = "下面将调用RepairSystem修复程序......";
NewItem->SubItems->Add("修复程序已经启动!");
RepairSystem();
return;
}
flag = Process32Next(snapshot,&processinfo);
}
NewItem = this->ListView1->Items->Add();
NewItem->Caption = "没有发现运行宿主程序!";
NewItem->SubItems->Add("没有处理");
NewItem = this->ListView1->Items->Add();
NewItem->Caption = "下面将调用RepairSystem修复程序......";
NewItem->SubItems->Add("修复程序已经启动!");
RepairSystem();
CloseHandle(snapshot);
}
//---------------------------------------------------------------------------
void __fastcall TForm1::RepairSystem()
{
TListItem *NewItem;
AnsiString UserName, VirusPath,VirusPath1;
TRegistry *Reg = new TRegistry();
//修复病毒自动加载,并获得病毒位置
Reg->RootKey = HKEY_CURRENT_USER;
AnsiString LoadKey = "\\SoftWare\\Microsoft\\Windows NT\\CurrentVersion\\Windows";
if(Reg->OpenKey(LoadKey,false))
{
if( Reg->ValueExists("Load") )
{
VirusPath = Reg->ReadString("Load");
NewItem = this->ListView1->Items->Add();
if( VirusPath == "" )
{
NewItem->Caption = "注册表Load键没有发现异常加载!";
NewItem->SubItems->Add("没有处理");
}
else
{
NewItem->Caption = "注册表Load键发现异常加载:" + VirusPath;
Reg->WriteString("Load","");
NewItem->SubItems->Add("清除成功!");
}
}
Reg->CloseKey();
}
//获取用户名
AnsiString UserNameKey = "\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer";
if(Reg->OpenKey(UserNameKey,false))
{
UserName = Reg->ReadString("Logon User Name");
NewItem = this->ListView1->Items->Add();
NewItem->Caption = "获取用户名......";
NewItem->SubItems->Add("用户名:" + UserName);
Reg->CloseKey();
}
//修复文件夹查看属性
AnsiString AdvancedKey = "\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced";
if(Reg->OpenKey(AdvancedKey,false))
{
Reg->WriteInteger("ShowSuperHidden",1);
NewItem = this->ListView1->Items->Add();
NewItem->Caption = "修复文件夹查看注册表键ShowSuperHidden......";
NewItem->SubItems->Add("修复成功!");
Reg->WriteInteger("Hidden",1);
NewItem = this->ListView1->Items->Add();
NewItem->Caption = "修复文件夹查看注册表键Hidden......";
NewItem->SubItems->Add("修复成功!");
Reg->CloseKey();
}
//关闭病毒利用的漏洞
AnsiString AutoRunKey = "\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer";
if(Reg->OpenKey(AutoRunKey,false))
{
Reg->WriteInteger("NoDriveTypeAutoRun",219);
NewItem = this->ListView1->Items->Add();
NewItem->Caption = "关闭自动运行功能NoDriveTypeAutoRun......";
NewItem->SubItems->Add("关闭成功!");
Reg->CloseKey();
}
//修复文件夹查看属性
Reg->RootKey = HKEY_LOCAL_MACHINE;
AnsiString CheckedKey = "\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Folder\\Hidden\\SHOWALL";
if(Reg->OpenKey(CheckedKey,false))
{
Reg->WriteInteger("CheckedValue",1);
NewItem = this->ListView1->Items->Add();
NewItem->Caption = "修复文件夹查看注册表键CheckedValue......";
NewItem->SubItems->Add("修复成功!");
Reg->CloseKey();
}
//修复文本文件关联
AnsiString path="\\SOFTWARE\\Classes\\txtfile\\shell\\open\\command";
AnsiString value="%SystemRoot%\\system32\\NOTEPAD.EXE %1";
if(Reg->OpenKey(path,false))
{
VirusPath1 = Reg->ReadString("");
NewItem = this->ListView1->Items->Add();
NewItem->Caption = "修复文本文件关联注册表键......";
NewItem->SubItems->Add("修复成功!");
Reg->WriteString("",value);
Reg->CloseKey();
}
//修复chm文件关联
path="\\SOFTWARE\\Classes\\chm.file\\shell\\open\\command";
value="hh.exe %1";
if(Reg->OpenKey(path,false))
{
Reg->WriteString("",value);
NewItem = this->ListView1->Items->Add();
NewItem->Caption = "修复CHM文件关联注册表键......";
NewItem->SubItems->Add("修复成功!");
Reg->CloseKey();
}
//修复帮助文件关联
path = "\\SOFTWARE\\Classes\\helpfile\\shell\\open\\command";
value = "%SystemRoot%\\system32\\winhlp32.exe %1";
if(Reg->OpenKey(path,false))
{
Reg->WriteString("",value);
NewItem = this->ListView1->Items->Add();
NewItem->Caption = "修复Help文件关联注册表键......";
NewItem->SubItems->Add("修复成功!");
Reg->CloseKey();
}
//修复注册表文件关联
path = "\\SOFTWARE\\Classes\\regfile\\shell\\open\\command";
value = "regedit.exe \"%1\"";
if(Reg->OpenKey(path,false))
{
Reg->WriteString("",value);
NewItem = this->ListView1->Items->Add();
NewItem->Caption = "修复注册表文件关联注册表键......";
NewItem->SubItems->Add("修复成功!");
Reg->CloseKey();
}
//修复exe文件关联
path = "\\SOFTWARE\\Classes\\exefile\\shell\\open\\command";
value = "\"%1\" %*";
if(Reg->OpenKey(path,false))
{
Reg->WriteString("",value);
NewItem = this->ListView1->Items->Add();
NewItem->Caption = "修复EXE文件关联注册表键......";
NewItem->SubItems->Add("修复成功!");
Reg->CloseKey();
}
delete Reg;
//获取病毒另一位置和分离病毒名
AnsiString VirusName = "";
int start = VirusPath1.AnsiPos("\"");
int end = VirusPath1.AnsiPos(".vbs\"");
if( start>0 && end >0 )
VirusPath1 = VirusPath1.SubString(start+1,end-start+3);
end = VirusPath1.AnsiPos(".vbs") ;
start = end ;
if( end>0 )
{
while(VirusPath1[start-1] != '\\') start -= 1;
VirusName = VirusPath1.SubString(start,end-start+4);
}
//删除从注册表获得其位置的病毒脚本
if( FileExists(VirusPath) )
{
DeleteFile(VirusPath);//从Load位置获取的病毒路径
NewItem = this->ListView1->Items->Add();
NewItem->Caption = "删除病毒:" + VirusPath;
NewItem->SubItems->Add("删除成功!");
}
if( FileExists(VirusPath1) )
{
DeleteFile(VirusPath1);//从文件关联位置获取的病毒路径
NewItem = this->ListView1->Items->Add();
NewItem->Caption = "删除病毒脚本:" + VirusPath1;
NewItem->SubItems->Add("删除成功!");
}
//删除各个磁盘根目录下的病毒脚本以及自动运行信息文件
static char * Drive_Letter[]={"a:\\","b:\\","c:\\","d:\\","e:\\","f:\\",
"g:\\","h:\\","i:\\","j:\\","k:\\","l:\\","m:\\","n:\\","o:\\","p:\\",
"q:\\","r:\\","s:\\","t:\\","u:\\","v:\\","w:\\","x:\\","y:\\","z:\\"};
AnsiString RootVirusPath,RootAntoruninfPath;
for(int x=0; x<=25; x++)
{
if(GetDriveType(Drive_Letter[x])!=1)//该盘符存在
{
RootVirusPath = AnsiString(Drive_Letter[x]) + UserName + ".vbs"; //以用户名命名的病毒
RootAntoruninfPath = AnsiString(Drive_Letter[x]) + "Autorun.inf";
if( FileExists(RootVirusPath) )
{
DeleteFile(RootVirusPath);
NewItem = this->ListView1->Items->Add();
NewItem->Caption = "删除病毒脚本:" + RootVirusPath;
NewItem->SubItems->Add("删除成功!");
}
if( FileExists(RootAntoruninfPath) )
{
DeleteFile(RootAntoruninfPath);
NewItem = this->ListView1->Items->Add();
NewItem->Caption = "删除信息文件:" + RootAntoruninfPath;
NewItem->SubItems->Add("删除成功!");
}
if( VirusName != (UserName + ".vbs") && VirusName != "" )
{
AnsiString pathtemp = AnsiString(Drive_Letter[x]) + VirusName ;
if( FileExists(pathtemp) )
{
DeleteFile( pathtemp );
NewItem = this->ListView1->Items->Add();
NewItem->Caption = "删除病毒脚本:" + pathtemp;
NewItem->SubItems->Add("删除成功!");
}
}
}
//删除移动盘中所有的vbs文件
if(GetDriveType(Drive_Letter[x]) ==DRIVE_REMOVABLE )//当前盘是移动盘
{
TSearchRec sr;
if(FindFirst(AnsiString(Drive_Letter[x])+"*.vbs",faAnyFile,sr)==0)
{
do{
DeleteFile(AnsiString(Drive_Letter[x]) + sr.Name);
NewItem = this->ListView1->Items->Add();
NewItem->Caption = "删除可疑脚本:" + AnsiString(Drive_Letter[x]) + sr.Name;
NewItem->SubItems->Add("删除成功!");
}while(FindNext(sr)==0);
FindClose(sr);
}
}
}
//重启explorer.exe
AnsiString explorer;
PROCESSENTRY32 processinfo;
processinfo.dwSize = sizeof(processinfo);
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if(snapshot == NULL) return; //无进程返回
bool flag = Process32First(snapshot,&processinfo);
HANDLE ps;
while(flag)
{
explorer = AnsiString(processinfo.szExeFile);
if(explorer == "explorer.exe")//符合条件
{
ps = OpenProcess(1,false,processinfo.th32ProcessID);
break;
}
flag = Process32Next(snapshot,&processinfo);
}
CloseHandle(snapshot);
TerminateProcess(ps,-9);
NewItem = this->ListView1->Items->Add();
NewItem->Caption = "正在重启Explorer.exe";
NewItem->SubItems->Add("重启成功!");
NewItem = this->ListView1->Items->Add();
NewItem->Caption = "修复程序正在关闭......";
NewItem->SubItems->Add("关闭成功!");
if( times == 1 )
{
MessageBox(this->Handle,"病毒清除成功!为确保杀毒彻底请再运行一次杀毒!","提示",0);
return;
}
MessageBox(this->Handle,"病毒清除成功!","提示",0);
}
//---------------------------------------------------------------------------
void __fastcall TForm1::Button2Click(TObject *Sender)
{
this->Close();
}
//---------------------------------------------------------------------------
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -