www.pudn.com > RasserKav.rar > FormMain.frm
VERSION 5.00
Begin VB.Form FormRasserKav
BorderStyle = 1 'Fixed Single
Caption = "[震荡波 - sasser.A-F]病毒专杀工具"
ClientHeight = 4395
ClientLeft = 1395
ClientTop = 1290
ClientWidth = 6825
BeginProperty Font
Name = "宋体"
Size = 9
Charset = 0
Weight = 400
Underline = 0 'False
Italic = 0 'False
Strikethrough = 0 'False
EndProperty
Icon = "FormMain.frx":0000
LinkTopic = "Form1"
MaxButton = 0 'False
ScaleHeight = 4395
ScaleWidth = 6825
StartUpPosition = 2 '屏幕中心
Begin VB.ListBox lstdirs
Height = 420
Left = 3720
TabIndex = 4
Top = 1200
Visible = 0 'False
Width = 2655
End
Begin VB.CommandButton CommandKill
Caption = "开始杀毒"
Height = 375
Left = 720
TabIndex = 1
Top = 120
Width = 975
End
Begin VB.ListBox ListVir
Appearance = 0 'Flat
Height = 2910
Left = 120
TabIndex = 0
Top = 600
Width = 6615
End
Begin VB.Image Image1
Height = 480
Left = 120
Picture = "FormMain.frx":0E42
Top = 80
Width = 480
End
Begin VB.Label LabelCount
BeginProperty Font
Name = "MS Sans Serif"
Size = 8.25
Charset = 0
Weight = 400
Underline = 0 'False
Italic = 0 'False
Strikethrough = 0 'False
EndProperty
Height = 255
Left = 1200
TabIndex = 6
Top = 3960
Width = 5415
End
Begin VB.Label Label1
Caption = "扫描文件数:"
Height = 255
Left = 120
TabIndex = 5
Top = 3960
Width = 1095
End
Begin VB.Label LabelState
AutoSize = -1 'True
BeginProperty Font
Name = "MS Sans Serif"
Size = 8.25
Charset = 0
Weight = 400
Underline = 0 'False
Italic = 0 'False
Strikethrough = 0 'False
EndProperty
Height = 195
Left = 1080
TabIndex = 3
Top = 3720
Width = 5565
End
Begin VB.Label LabelSM
Caption = "扫描状态:"
Height = 255
Left = 120
TabIndex = 2
Top = 3720
Width = 855
End
End
Attribute VB_Name = "FormRasserKav"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Dim bExistVir As Boolean
Dim lFileCount As Long
Private Sub CommandKill_Click()
lFileCount = 0
CommandKill.Enabled = False
ListVir.AddItem "开始扫描内存..."
GetCurrentProcess
ListVir.AddItem "内存扫描完成..."
If bExistVir = False Then ListVir.AddItem "内存中未发现震荡波病毒!"
ListVir.AddItem "正在扫描文件..."
ScanFiles
ListVir.AddItem "杀毒完成!"
CommandKill.Enabled = True
End Sub
Private Sub Form_Load()
Me.Show
bExistVir = False
End Sub
Public Function GetCurrentProcess()
Dim lShotHwnd As Long
Dim OneProcess As PROCESSENTRY32
'取进系统快照
lShotHwnd = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
'如果出错就退出
If lShotHwnd = 0 Then Exit Function
OneProcess.dwSize = Len(OneProcess)
If Process32First(lShotHwnd, OneProcess) Then
Dim sProcessName As String
Dim lProcessNumber As Long
lProcessNumber = 1
Do
'进程名
sProcessName = Left(OneProcess.szExeFile, InStr(1, OneProcess.szExeFile, Chr(0)) - 1)
'病毒特征
If Right(sProcessName, 7) = "_up.exe" _
Or Left(sProcessName, 7) = "avserve" _
Or Left(sProcessName, 9) = "skynetave" _
Or Left(sProcessName, 11) = "_upload.exe" _
Or sProcessName = "olsasss.exe" _
Or sProcessName = "ohkey.exe" _
Or sProcessName = "omsiwin84.exe" _
Or sProcessName = "napatch.exe" _
Or sProcessName = "lsasss.exe" _
Or sProcessName = "owmiprvsw.exe" Then
bExistVir = True
Dim lRetValue
lRetValue = OpenProcess(PROCESS_ALL_ACCESS, 0, OneProcess.th32ProcessID)
lRetValue = TerminateProcess(lRetValue, 0)
If lRetValue = 0 Then
ListVir.AddItem "发现震荡波病毒.查杀失败!"
Else
ListVir.AddItem "发现震荡波病毒.已查杀!"
End If
End If
lProcessNumber = lProcessNumber + 1
Loop While Process32Next(lShotHwnd, OneProcess)
End If
End Function
Public Function ScanFiles()
Dim DrvBitMask As Long
DrvBitMask = GetLogicalDrives()
If DrvBitMask Then
Dim Maxpwr As Long
Maxpwr = Int(Log(DrvBitMask) / Log(2))
Dim pwr As Long
For pwr = 0 To Maxpwr
'添加所有盘
lstdirs.AddItem Chr$(vbKeyC + pwr) & ":\"
Next
End If
Do
'扫描的文件个数
LabelCount.Caption = lFileCount
'搜索lstdirs中第一行
FindFilesApi lstdirs.List(0), "*.*"
'第一行搜索完成后删除第一行
lstdirs.RemoveItem 0
'直到完成所有的搜索
Loop Until lstdirs.ListCount = 0
End Function
Sub FindFilesApi(DirPath As String, FileSpec As String)
'文件名
Dim FileString As String
'API用自定义结构。
Dim FindData As WIN32_FIND_DATA
'FindFirstfile返回的句柄
Dim FindHandle As Long
'FindNextFile返回的句柄
Dim FindNextHandle As Long
'要搜索的目录
DirPath = Trim$(DirPath)
'构成完整目录形式
If Right(DirPath, 1) <> "\" Then
DirPath = DirPath & "\"
End If
'在目标目录中取得第一个文件名
FindHandle = FindFirstFile(DirPath & FileSpec, FindData)
'如果没有失败(说明有文件)
If FindHandle <> 0 Then
If FindData.dwFileAttributes And FILE_ATTRIBUTE_DIRECTORY Then
'如果是一个目录
If Left$(FindData.cFileName, 1) <> "." And Left$(FindData.cFileName, 2) <> ".." Then
FileString = DirPath & Trim$(FindData.cFileName) & "\"
'添加到目录列中
lstdirs.AddItem FileString
End If
Else
'添加文件夹(此处只是第一个文件,第一个文件正好是木马的可能性太小,此版本中不考虑)
FileString = DirPath & Trim$(FindData.cFileName)
End If
End If
'现在开始找其它文件
If FindHandle <> 0 Then
Do
DoEvents
'如果标志不成立则退出
'If bFlag <> True Then Exit Do
'找下一个文件
FindNextHandle = FindNextFile(FindHandle, FindData)
If FindNextHandle <> 0 Then
If FindData.dwFileAttributes And FILE_ATTRIBUTE_DIRECTORY Then
'是目录的话,就加到目录列表
If Left$(FindData.cFileName, 1) <> "." And Left$(FindData.cFileName, 2) <> ".." Then
FileString = DirPath & Trim$(FindData.cFileName) & "\"
lstdirs.AddItem FileString
End If
Else
'是文件的话
'取正真的文件名
FileString = Left(FindData.cFileName, InStr(1, FindData.cFileName, Chr(0)) - 1)
lFileCount = lFileCount + 1
LabelState.Caption = DirPath
If Right(FileString, 4) = ".exe" Then
'检测文件名
If Right(FileString, 7) = "_up.exe" _
Or Left(FileString, 7) = "avserve" _
Or Left(FileString, 9) = "skynetave" _
Or Left(FileString, 11) = "_upload.exe" _
Or FileString = "olsasss.exe" _
Or FileString = "lsasss.exe" _
Or FileString = "napatch.exe" _
Or FileString = "ohkey.exe" _
Or FileString = "omsiwin84.exe" _
Or FileString = "owmiprvsw.exe" Then
SetFileAttributes DirPath & FileString, 0
Kill DirPath & FileString
ListVir.AddItem DirPath & FileString & " 已清除..."
End If
End If
End If
Else
Exit Do
End If
Loop
End If
'关闭句柄
Call FindClose(FindHandle)
End Sub