📄 main.pas
字号:
BakupFileName :String;
function IsDirNotation(ADirName: string): Boolean;
begin
Result := (ADirName = '.') or (ADirName = '..');
end;
begin
FindResult := FindFirst(ScanPath + '\*.*', faDirectory + faHidden, DSearchRec);//找目录
try
begin
while FindResult = 0 do
begin
if ProgressBar1.Position<190 then
ProgressBar1.Position:=ProgressBar1.Position+1;//放慢进度
Application.ProcessMessages;
if ForceStop then
Exit;
if ((DSearchRec.Attr and faDirectory) = faDirectory) and not
IsDirNotation(DSearchRec.Name) then
begin
Console.Lines.Add(ScanPath+'\'+ DSearchRec.Name);
StatusBar1.Panels.Items[0].Text:=ScanPath+'\'+ DSearchRec.Name;
ScanDir(ScanPath+'\'+ DSearchRec.Name);
end;
FindResult := FindNext(DSearchRec);
end;
////////////////////////////////////////////////
//Search the file
FindResult := FindFirst(ScanPath + '\*.*', faAnyFile + faHidden +//找文件
faSysFile + faReadOnly, FSearchRec);
try
while (FindResult = 0) do
begin
Application.ProcessMessages;
if ForceStop then
Exit;
If CompareFileNames(FSearchRec.Name, TrojanNameList)=True Then
Begin
Console.Lines.Add('硬盘上发现Trojan.QQ.Apple木马程序... ');
case Application.MessageBox(PChar('发现Trojan.QQ.Apple木马程序,确定要杀死Trojan.QQ.Apple木马程序吗?'+#13#10+ScanPath +'\'+FSearchRec.Name),'确认杀死Trojan.QQ.Apple木马程序',MB_YESNOCANCEL) of
IDYES:
begin
Inc(TrojanCnt);
Inc(DiskTrojanCnt);
if not DeleteFile(ScanPath +'\'+FSearchRec.Name) then
Console.Lines.Add(' 删除Trojan.QQ.Apple木马程序失败,杀毒继续!'+#13#10+' >>'+ScanPath +'\'+ FSearchRec.Name)
else
Console.Lines.Add(' 删除Trojan.QQ.Apple木马程序成功,杀毒继续!'+#13#10+' >>'+ScanPath +'\'+ FSearchRec.Name);
end;
IDNO:
begin
Inc(TrojanCnt);
Inc(SkipTrojanCnt);
Console.Lines.Add(' 删除Trojan.QQ.Apple木马程序跳过,杀毒继续!'+#13#10+' >>'+ScanPath + FSearchRec.Name);
end;
else
begin
Inc(TrojanCnt);
Inc(SkipTrojanCnt);
Console.Lines.Add(' 删除Trojan.QQ.Apple木马程序被取消,杀毒中止!');
ProgressBar1.Position:=0;
StatusBar1.Panels.Items[0].Text:='杀毒被中止.';
UnLockBtn;
Exit;
end;
End;
FindResult := FindNext(FSearchRec);
End
Else
Begin
FindResult := FindNext(FSearchRec);
End;
end;
finally
FindClose(FSearchRec);
end;
//继续查找下一个目录
FindResult := FindNext(DSearchRec);
///////////////////////////////////////////////
end;
finally
FindClose(DSearchRec);
end;
end;
procedure TMainForm.CopyMsgBtnClick(Sender: TObject);
begin
ClipBoard.Clear;
ClipBoard.SetTextBuf(TaskList.Items.GetText);
end;
procedure TMainForm.FlushProcBtnClick(Sender: TObject);
var
I: Integer;
hHandle: THandle;
PE32: TProcessEntry32;
bFind: Boolean;
begin
I := TaskList.ItemIndex;
TaskList.Items.Clear;
hHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if hHandle <= 0 then
begin
Exit;
end;
PE32.dwSize := SizeOf(TProcessEntry32);
bFind := Process32First(hHandle, PE32);
while bFind do
begin
TaskList.Items.Add(PE32.szExeFile);
bFind := Process32Next(hHandle, PE32);
end;
TaskList.ItemIndex := I;
if (TaskList.Count > 0) and (TaskList.ItemIndex < 0) then
TaskList.Selected[0] := True;
end;
procedure TMainForm.EndProcBtnClick(Sender: TObject);
begin
if TaskList.ItemIndex >= 0 then
begin
KillTaskByName(TaskList.Items[TaskList.ItemIndex]);
Sleep(10);
FlushProcBtnClick(Sender);
end;
end;
procedure TMainForm.KillAntivirusBtnClick(Sender: TObject);
var
hProc : THandle;
begin
LockBtn;
{
if SearchDirEdit.Text='' then
SearchDirEdit.Text:=gWinPath + '\System32';
}
gSearchPath:=SearchDirEdit.Text;//获取查杀路径
if TrojanNameList=Nil then
TrojanNameList:=TStringList.Create
else
TrojanNameList.Clear;
TrojanNameList.Add( LowerCase(TrojanProcName) );//添加查杀列表
TrojanNameList.Add( LowerCase(TrojanDLLName) );//添加查杀列表
ForceStop := False;
TrojanCnt := 0;
MemTrojanCnt := 0;
DiskTrojanCnt := 0;
RegTrojanCnt := 0;
SkipTrojanCnt := 0;
Console.Clear;
ProgressBar1.Max:=200;
ProgressBar1.Position:=0;
StatusBar1.Panels.Items[0].Text:='扫描内存进程...';
//开始扫描内存进程
StatusBar1.Panels.Items[0].Text:='扫描内存进程...';
Console.Lines.Add('开始查毒'#13#10'==============');
Console.Lines.Add('开始扫描内存进程...');
ProgressBar1.Position:=10;
StatusBar1.Panels.Items[0].Text:='扫描内存中的QQ程序进程...';
Console.Lines.Add('开始扫描内存中的QQ程序进程...');
if ProcessStopMsg then Exit;
//扫描并中止QQ进程
hProc := FindProcByName(QQProcName);
if hProc <= 0 then
Console.Lines.Add('内存中没有发现QQ程序进程 ')
else
begin
Console.Lines.Add('内存中发现QQ程序进程,准备中止QQ进程... ');
case Application.MessageBox('要继续杀毒,强烈建议关闭QQ程序,确定要关闭所有QQ程序吗?','确认关闭QQ程序',MB_YESNOCANCEL) of
IDYES:
begin
while hProc>0 do
begin
if not KillTaskByProc(hProc) then
Console.Lines.Add(' 关闭QQ程序失败,杀毒继续!')
else
Console.Lines.Add(' 关闭QQ程序成功,杀毒继续!');
Sleep(100);
hProc := FindProcByName(QQProcName);//如果还有QQ进程,继续关闭
end;
end;
IDNO:
begin
Console.Lines.Add(' 关闭QQ程序跳过,杀毒继续!');
end;
else
begin
Console.Lines.Add(' 关闭QQ程序被取消,杀毒中止!');
ProgressBar1.Position:=0;
StatusBar1.Panels.Items[0].Text:='杀毒被中止.';
UnLockBtn;
Exit;
end;
end;
end;
Sleep(100);
if ProcessStopMsg then Exit;
Console.Lines.Add(''#13#10'==============');
ProgressBar1.Position:=20;
StatusBar1.Panels.Items[0].Text:='扫描内存中的Trojan.QQ.Apple木马程序...';
Console.Lines.Add('开始扫描内存中的Trojan.QQ.Apple木马程序...');
//扫描并中止Trojan.QQ.Apple木马进程
hProc := FindProcByName(TrojanProcName);
if hProc <= 0 then
Console.Lines.Add('内存中没有发现Trojan.QQ.Apple木马程序进程 ')
else
begin
Console.Lines.Add('内存中发现Trojan.QQ.Apple木马程序进程'+#13#10+'准备中止Trojan.QQ.Apple木马进程... ');
case Application.MessageBox(PChar('发现Trojan.QQ.Apple木马程序,确定要杀死所有Trojan.QQ.Apple木马程序吗?'+#13#10+ProcTrojanProcName),'确认杀死Trojan.QQ.Apple木马程序',MB_YESNOCANCEL) of
IDYES:
begin
while hProc>0 do
begin
Inc(TrojanCnt);
Inc(MemTrojanCnt);
if not KillTaskByProc(hProc) then
Console.Lines.Add(' 关闭Trojan.QQ.Apple木马程序失败!')
else
Console.Lines.Add(' 关闭Trojan.QQ.Apple木马程序成功,杀毒继续!');
Sleep(10);
hProc := FindProcByName(TrojanProcName);//如果还有Trojan.QQ.Apple木马进程,继续关闭
end;
end;
IDNO:
begin
Inc(TrojanCnt);
Inc(SkipTrojanCnt);
Console.Lines.Add(' 关闭Trojan.QQ.Apple木马程序跳过,杀毒继续!');
end;
else
begin
Inc(TrojanCnt);
Inc(SkipTrojanCnt);
Console.Lines.Add(' 关闭Trojan.QQ.Apple木马程序被取消,杀毒中止!');
ProgressBar1.Position:=0;
StatusBar1.Panels.Items[0].Text:='杀毒被中止.';
UnLockBtn;
Exit;
end;
end;
end;
Sleep(100);
if ProcessStopMsg then Exit;
Console.Lines.Add(''#13#10'==============');
ProgressBar1.Position:=30;
StatusBar1.Panels.Items[0].Text:='检测并删除系统目录中的Trojan.QQ.Apple木马程序...';
Console.Lines.Add('检测并删除系统目录中的Trojan.QQ.Apple木马程序...');
DelVirusFile(gWinPath + '\System32\'+TrojanProcName);
DelVirusFile(gWinPath + '\System32\'+TrojanDLLName);
DelVirusFile(gWinPath + '\System\'+TrojanProcName);
DelVirusFile(gWinPath + '\System\'+TrojanDLLName);
DelVirusFile(gWinPath + '\'+TrojanProcName);
DelVirusFile(gWinPath + '\'+TrojanDLLName);
if ProcessStopMsg then Exit;
Console.Lines.Add(''#13#10'==============');
ProgressBar1.Position:=40;
StatusBar1.Panels.Items[0].Text:='检查并恢复系统注册表项...';
Console.Lines.Add('检查并恢复系统注册表项...');
if RepairRegedit then
Console.Lines.Add(' 检查并恢复系统注册表项成功!')
else
Console.Lines.Add(' 检查并恢复系统注册表项失败!');
if ProcessStopMsg then Exit;
//下面开始扫描硬盘
Console.Lines.Add(''#13#10'==============');
ProgressBar1.Position:=50;
StatusBar1.Panels.Items[0].Text:='始扫描硬盘>>'+gSearchPath;
Console.Lines.Add('始扫描硬盘>>'+gSearchPath);
if gSearchPath<>'' then
begin
ScanDir(gSearchPath);
if ForceStop then
begin
ProcessStopMsg;
end;
end
else
begin
ProgressBar1.Position:=200;
StatusBar1.Panels.Items[0].Text:='跳过硬盘扫描>>'+gSearchPath;
Console.Lines.Add('跳过硬盘扫描>>'+gSearchPath);
end;
//显示最后杀毒结果
Console.Lines.Add('');
Console.Lines.Add('------------------------');
Console.Lines.Add('共发现并删除'+IntToStr(TrojanCnt)+'个Trojan.QQ.Apple木马.');
Console.Lines.Add('内存中'+IntToStr(MemTrojanCnt)+'个.');
Console.Lines.Add('注册表中'+IntToStr(RegTrojanCnt)+'个.');
Console.Lines.Add('硬盘中'+IntToStr(DiskTrojanCnt)+'个.');
Console.Lines.Add('跳过'+IntToStr(SkipTrojanCnt)+'个.');
if ForceStop then
begin
Console.Lines.Add('查杀被停止!');
StatusBar1.Panels.Items[0].Text:='查杀被停止:共发现'+IntToStr(TrojanCnt)+'个Trojan.QQ.Apple木马,内存中'+IntToStr(MemTrojanCnt)+'个,硬盘中'+IntToStr(DiskTrojanCnt)+'个,跳过'+IntToStr(SkipTrojanCnt)+'个.';
end
else
begin
Console.Lines.Add('查杀完毕!');
StatusBar1.Panels.Items[0].Text:='查杀完毕:共发现'+IntToStr(TrojanCnt)+'个Trojan.QQ.Apple木马,内存中'+IntToStr(MemTrojanCnt)+'个,硬盘中'+IntToStr(DiskTrojanCnt)+'个,跳过'+IntToStr(SkipTrojanCnt)+'个.';
end;
Console.Lines.Add('------------------------');
ProgressBar1.Position := ProgressBar1.Max;
UnLockBtn;
FlushProcBtnClick(Sender);
end;
var
aBuf: Array[0..MAX_PATH] of Char;
procedure TMainForm.AboutBtnClick(Sender: TObject);
begin
AboutForm.ShowModal;
end;
procedure TMainForm.CloseBtnClick(Sender: TObject);
begin
Application.Terminate;
end;
procedure TMainForm.StopBtnClick(Sender: TObject);
begin
ForceStop := True;
Application.ProcessMessages;
end;
procedure TMainForm.LockBtn;
begin
KillAntivirusBtn.Enabled := False;
CloseBtn.Enabled := False;
StopBtn.Enabled := True;
end;
procedure TMainForm.UnLockBtn;
begin
KillAntivirusBtn.Enabled := True;
CloseBtn.Enabled := True;
StopBtn.Enabled := False;
end;
//初始化
procedure TMainForm.autoFlushTimerTimer(Sender: TObject);
begin
FlushProcBtn.Enabled:=False;
Sleep(10);
FlushProcBtnClick(Sender);
FlushProcBtn.Enabled:=True;
end;
procedure TMainForm.autoFlushProcListCBtnClick(Sender: TObject);
begin
if autoFlushProcListCBtn.Checked=True then
begin
autoFlushTimer.Enabled:=True;
end
else
begin
autoFlushTimer.Enabled:=False;
end;
end;
procedure TMainForm.SelectDirBtnClick(Sender: TObject);
begin
if SelectDirForm.ShowModal = mrOK then
begin
if Length(SelectDirForm.DirectoryListBox1.GetItemPath(SelectDirForm.DirectoryListBox1.ItemIndex))=3 then
SearchDirEdit.Text:=Copy(SelectDirForm.DirectoryListBox1.GetItemPath(SelectDirForm.DirectoryListBox1.ItemIndex), 0, 2)
else
SearchDirEdit.Text:=SelectDirForm.DirectoryListBox1.GetItemPath(SelectDirForm.DirectoryListBox1.ItemIndex);
end;
end;
initialization
GetWindowsDirectory(aBuf, MAX_PATH);
gWinPath := aBuf;
ForceStop := False;
//终止处理
finalization
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -