?? formmain.frm
字號:
VERSION 5.00
Begin VB.Form FormRasserKav
BorderStyle = 1 'Fixed Single
Caption = "[震蕩波 - sasser.A-F]病毒專殺工具"
ClientHeight = 4395
ClientLeft = 1395
ClientTop = 1290
ClientWidth = 6825
BeginProperty Font
Name = "宋體"
Size = 9
Charset = 0
Weight = 400
Underline = 0 'False
Italic = 0 'False
Strikethrough = 0 'False
EndProperty
Icon = "FormMain.frx":0000
LinkTopic = "Form1"
MaxButton = 0 'False
ScaleHeight = 4395
ScaleWidth = 6825
StartUpPosition = 2 '屏幕中心
Begin VB.ListBox lstdirs
Height = 420
Left = 3720
TabIndex = 4
Top = 1200
Visible = 0 'False
Width = 2655
End
Begin VB.CommandButton CommandKill
Caption = "開始殺毒"
Height = 375
Left = 720
TabIndex = 1
Top = 120
Width = 975
End
Begin VB.ListBox ListVir
Appearance = 0 'Flat
Height = 2910
Left = 120
TabIndex = 0
Top = 600
Width = 6615
End
Begin VB.Image Image1
Height = 480
Left = 120
Picture = "FormMain.frx":0E42
Top = 80
Width = 480
End
Begin VB.Label LabelCount
BeginProperty Font
Name = "MS Sans Serif"
Size = 8.25
Charset = 0
Weight = 400
Underline = 0 'False
Italic = 0 'False
Strikethrough = 0 'False
EndProperty
Height = 255
Left = 1200
TabIndex = 6
Top = 3960
Width = 5415
End
Begin VB.Label Label1
Caption = "掃描文件數:"
Height = 255
Left = 120
TabIndex = 5
Top = 3960
Width = 1095
End
Begin VB.Label LabelState
AutoSize = -1 'True
BeginProperty Font
Name = "MS Sans Serif"
Size = 8.25
Charset = 0
Weight = 400
Underline = 0 'False
Italic = 0 'False
Strikethrough = 0 'False
EndProperty
Height = 195
Left = 1080
TabIndex = 3
Top = 3720
Width = 5565
End
Begin VB.Label LabelSM
Caption = "掃描狀態:"
Height = 255
Left = 120
TabIndex = 2
Top = 3720
Width = 855
End
End
Attribute VB_Name = "FormRasserKav"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Dim bExistVir As Boolean
Dim lFileCount As Long
Private Sub CommandKill_Click()
lFileCount = 0
CommandKill.Enabled = False
ListVir.AddItem "開始掃描內存..."
GetCurrentProcess
ListVir.AddItem "內存掃描完成..."
If bExistVir = False Then ListVir.AddItem "內存中未發現震蕩波病毒!"
ListVir.AddItem "正在掃描文件..."
ScanFiles
ListVir.AddItem "殺毒完成!"
CommandKill.Enabled = True
End Sub
Private Sub Form_Load()
Me.Show
bExistVir = False
End Sub
Public Function GetCurrentProcess()
Dim lShotHwnd As Long
Dim OneProcess As PROCESSENTRY32
'取進系統快照
lShotHwnd = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
'如果出錯就退出
If lShotHwnd = 0 Then Exit Function
OneProcess.dwSize = Len(OneProcess)
If Process32First(lShotHwnd, OneProcess) Then
Dim sProcessName As String
Dim lProcessNumber As Long
lProcessNumber = 1
Do
'進程名
sProcessName = Left(OneProcess.szExeFile, InStr(1, OneProcess.szExeFile, Chr(0)) - 1)
'病毒特征
If Right(sProcessName, 7) = "_up.exe" _
Or Left(sProcessName, 7) = "avserve" _
Or Left(sProcessName, 9) = "skynetave" _
Or Left(sProcessName, 11) = "_upload.exe" _
Or sProcessName = "olsasss.exe" _
Or sProcessName = "ohkey.exe" _
Or sProcessName = "omsiwin84.exe" _
Or sProcessName = "napatch.exe" _
Or sProcessName = "lsasss.exe" _
Or sProcessName = "owmiprvsw.exe" Then
bExistVir = True
Dim lRetValue
lRetValue = OpenProcess(PROCESS_ALL_ACCESS, 0, OneProcess.th32ProcessID)
lRetValue = TerminateProcess(lRetValue, 0)
If lRetValue = 0 Then
ListVir.AddItem "發現震蕩波病毒.查殺失敗!"
Else
ListVir.AddItem "發現震蕩波病毒.已查殺!"
End If
End If
lProcessNumber = lProcessNumber + 1
Loop While Process32Next(lShotHwnd, OneProcess)
End If
End Function
Public Function ScanFiles()
Dim DrvBitMask As Long
DrvBitMask = GetLogicalDrives()
If DrvBitMask Then
Dim Maxpwr As Long
Maxpwr = Int(Log(DrvBitMask) / Log(2))
Dim pwr As Long
For pwr = 0 To Maxpwr
'添加所有盤
lstdirs.AddItem Chr$(vbKeyC + pwr) & ":\"
Next
End If
Do
'掃描的文件個數
LabelCount.Caption = lFileCount
'搜索lstdirs中第一行
FindFilesApi lstdirs.List(0), "*.*"
'第一行搜索完成后刪除第一行
lstdirs.RemoveItem 0
'直到完成所有的搜索
Loop Until lstdirs.ListCount = 0
End Function
Sub FindFilesApi(DirPath As String, FileSpec As String)
'文件名
Dim FileString As String
'API用自定義結構。
Dim FindData As WIN32_FIND_DATA
'FindFirstfile返回的句柄
Dim FindHandle As Long
'FindNextFile返回的句柄
Dim FindNextHandle As Long
'要搜索的目錄
DirPath = Trim$(DirPath)
'構成完整目錄形式
If Right(DirPath, 1) <> "\" Then
DirPath = DirPath & "\"
End If
'在目標目錄中取得第一個文件名
FindHandle = FindFirstFile(DirPath & FileSpec, FindData)
'如果沒有失敗(說明有文件)
If FindHandle <> 0 Then
If FindData.dwFileAttributes And FILE_ATTRIBUTE_DIRECTORY Then
'如果是一個目錄
If Left$(FindData.cFileName, 1) <> "." And Left$(FindData.cFileName, 2) <> ".." Then
FileString = DirPath & Trim$(FindData.cFileName) & "\"
'添加到目錄列中
lstdirs.AddItem FileString
End If
Else
'添加文件夾(此處只是第一個文件,第一個文件正好是木馬的可能性太小,此版本中不考慮)
FileString = DirPath & Trim$(FindData.cFileName)
End If
End If
'現在開始找其它文件
If FindHandle <> 0 Then
Do
DoEvents
'如果標志不成立則退出
'If bFlag <> True Then Exit Do
'找下一個文件
FindNextHandle = FindNextFile(FindHandle, FindData)
If FindNextHandle <> 0 Then
If FindData.dwFileAttributes And FILE_ATTRIBUTE_DIRECTORY Then
'是目錄的話,就加到目錄列表
If Left$(FindData.cFileName, 1) <> "." And Left$(FindData.cFileName, 2) <> ".." Then
FileString = DirPath & Trim$(FindData.cFileName) & "\"
lstdirs.AddItem FileString
End If
Else
'是文件的話
'取正真的文件名
FileString = Left(FindData.cFileName, InStr(1, FindData.cFileName, Chr(0)) - 1)
lFileCount = lFileCount + 1
LabelState.Caption = DirPath
If Right(FileString, 4) = ".exe" Then
'檢測文件名
If Right(FileString, 7) = "_up.exe" _
Or Left(FileString, 7) = "avserve" _
Or Left(FileString, 9) = "skynetave" _
Or Left(FileString, 11) = "_upload.exe" _
Or FileString = "olsasss.exe" _
Or FileString = "lsasss.exe" _
Or FileString = "napatch.exe" _
Or FileString = "ohkey.exe" _
Or FileString = "omsiwin84.exe" _
Or FileString = "owmiprvsw.exe" Then
SetFileAttributes DirPath & FileString, 0
Kill DirPath & FileString
ListVir.AddItem DirPath & FileString & " 已清除..."
End If
End If
End If
Else
Exit Do
End If
Loop
End If
'關閉句柄
Call FindClose(FindHandle)
End Sub
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -