KillerDlg.cpp
资源名称:blog.rar [点击查看]
上传用户:ghp266
上传日期:2021-03-31
资源大小:6k
文件大小:34k
源码类别:
杀毒
开发平台:
Visual C++
- // KillerDlg.cpp : implementation file
- //
- #include "stdafx.h"
- #include "KillerDlg.h"
- #include<Tlhelp32.h>
- #ifdef _DEBUG
- #define new DEBUG_NEW
- #undef THIS_FILE
- static char THIS_FILE[] = __FILE__;
- #endif
- /////////////////////////////////////////////////////////////////////////////
- //log
- FILE *fp;
- //Registry Editor
- HKEY hKey;
- char content[256];
- DWORD dwType=REG_SZ;
- DWORD dwLength=256;
- struct HKEY__*RootKey;
- TCHAR *SubKey;
- TCHAR *KeyName;
- TCHAR *ValueName;
- LPBYTE SetContent_S;
- int SetContent_D[256];
- BYTE SetContent_B[256];
- int ShowContent (struct HKEY__*ReRootKey,TCHAR *ReSubKey,TCHAR *ReValueName);
- int SetValue_S (struct HKEY__*ReRootKey,TCHAR *ReSubKey,TCHAR *ReValueName,LPBYTE ReSetContent_S);
- int SetValue_D (struct HKEY__*ReRootKey,TCHAR *ReSubKey,TCHAR *ReValueName,int ReSetContent_D[256]);
- int SetValue_B (struct HKEY__*ReRootKey,TCHAR *ReSubKey,TCHAR *ReValueName,BYTE ReSetContent_B[256]);
- int DeleteKey (struct HKEY__*ReRootKey,TCHAR *ReSubKey,TCHAR *ReKeyName);
- int DeleteValue (struct HKEY__*ReRootKey,TCHAR *ReSubKey,TCHAR *ReValueName);
- /**********************************************************
- Function name:ShowContent
- Description:show content
- Parameter:ReRootKey root key, ReSubKey sub keu
- ReValueName value name
- Return:int
- Time:2006.07.31
- ***********************************************************/
- ShowContent (struct HKEY__*ReRootKey,TCHAR *ReSubKey,TCHAR *ReValueName)
- {
- int i=0; //0==succeed
- if(RegOpenKeyEx(ReRootKey,ReSubKey,0,KEY_READ,&hKey)==ERROR_SUCCESS)
- {
- if(RegQueryValueEx(hKey,ReValueName,NULL,&dwType,(unsigned char *)content,&dwLength)!=ERROR_SUCCESS)
- {
- AfxMessageBox("Error:cannot access Registry");
- i=1;
- }
- RegCloseKey(hKey);
- }
- else
- {
- AfxMessageBox("Error:cannot find the hKEY");
- i=1;
- }
- return i;
- }
- /**********************************************************
- Function name:SetValue_S
- Description:set string value
- Parameter:ReRootKey root key, ReSubKey sub keu
- ReValueName value name
- Return:int
- Time:2006.07.31
- ***********************************************************/
- SetValue_S (struct HKEY__*ReRootKey,TCHAR *ReSubKey,TCHAR *ReValueName,LPBYTE ReSetContent_S)
- {
- int i=0; //0==succeed
- //int StrLength;
- //StrLength=CString(SetContent_S).GetLength();
- if(RegOpenKeyEx(ReRootKey,ReSubKey,0,KEY_WRITE,&hKey)==ERROR_SUCCESS)
- {
- if(RegSetValueEx(hKey,ReValueName,NULL,REG_SZ,ReSetContent_S,CString(SetContent_S).GetLength())!=ERROR_SUCCESS)
- {
- AfxMessageBox("Error:cannot access Registry");
- i=1;
- }
- RegCloseKey(hKey);
- }
- else
- {
- AfxMessageBox("Error:cannot find the hKEY");
- i=1;
- }
- return i;
- }
- /**********************************************************
- Function name:SetValue_D
- Description:set DWORD value
- Parameter:ReRootKey root key, ReSubKey sub keu
- ReValueName value name
- Return:int
- Time:2006.07.31
- ***********************************************************/
- SetValue_D (struct HKEY__*ReRootKey,TCHAR *ReSubKey,TCHAR *ReValueName,int ReSetContent_D[256])
- {
- int i=0; //0==succeed
- if(RegOpenKeyEx(ReRootKey,ReSubKey,0,KEY_WRITE,&hKey)==ERROR_SUCCESS)
- {
- if(RegSetValueEx(hKey,ReValueName,NULL,REG_DWORD,(const unsigned char *)ReSetContent_D,4)!=ERROR_SUCCESS)
- {
- AfxMessageBox("Error:cannot access Registry");
- i=1;
- }
- RegCloseKey(hKey);
- }
- else
- {
- AfxMessageBox("Error:cannot find the hKEY");
- i=1;
- }
- return i;
- }
- /**********************************************************
- Function name:SetValue_B
- Description:set binary value
- Parameter:ReRootKey root key, ReSubKey sub keu
- ReValueName value name
- Return:int
- Time:2006.07.31
- ***********************************************************/
- SetValue_B (struct HKEY__*ReRootKey,TCHAR *ReSubKey,TCHAR *ReValueName,BYTE ReSetContent_B[256])
- {
- int i=0; //0==succeed
- if(RegOpenKeyEx(ReRootKey,ReSubKey,0,KEY_WRITE,&hKey)==ERROR_SUCCESS)
- {
- if(RegSetValueEx(hKey,ReValueName,NULL,REG_BINARY,(const unsigned char *)ReSetContent_B,4)!=ERROR_SUCCESS)
- {
- AfxMessageBox("Error:cannot access Registry");
- i=1;
- }
- RegCloseKey(hKey);
- }
- else
- {
- AfxMessageBox("Error:cannot find the hKEY");
- i=1;
- }
- return i;
- }
- /**********************************************************
- Function name:DeleteKey
- Description:delete sub key
- Parameter:ReRootKey root key, ReSubKey sub keu
- ReValueName value name
- Return:int
- Time:2006.07.31
- ***********************************************************/
- DeleteKey (struct HKEY__*ReRootKey,TCHAR *ReSubKey,TCHAR *ReKeyName)
- {
- int i=0; //0==succeed
- if((RegOpenKeyEx(ReRootKey,ReSubKey,0,KEY_WRITE,&hKey))==ERROR_SUCCESS)
- {
- if((RegDeleteKey(hKey,ReKeyName))!=ERROR_SUCCESS)
- {
- AfxMessageBox("Error: cannot delete sub key!");
- i=1;
- }
- RegCloseKey(hKey);
- }
- else
- {
- AfxMessageBox("Error:cannot find the hKEY");
- i=1;
- }
- return i;
- }
- /**********************************************************
- Function name:DeleteValue
- Description:delete value
- Parameter:ReRootKey root key, ReSubKey sub keu
- ReValueName value name
- Return:int
- Time:2006.07.31
- ***********************************************************/
- DeleteValue (struct HKEY__*ReRootKey,TCHAR *ReSubKey,TCHAR *ReValueName)
- {
- int i=0; //0==succeed
- if(RegOpenKeyEx(ReRootKey,ReSubKey,0,KEY_WRITE,&hKey)==ERROR_SUCCESS)
- {
- if(RegDeleteValue(hKey,ReValueName)!=ERROR_SUCCESS)
- {
- i=1;
- }
- RegCloseKey(hKey);
- }
- else
- {
- i=1;
- }
- return i;
- }
- /////////////////////////////////////////////////////////////////////////////
- // CAboutDlg dialog used for App About
- class CAboutDlg : public CDialog
- {
- public:
- CAboutDlg();
- // Dialog Data
- //{{AFX_DATA(CAboutDlg)
- enum { IDD = IDD_ABOUTBOX };
- //}}AFX_DATA
- // ClassWizard generated virtual function overrides
- //{{AFX_VIRTUAL(CAboutDlg)
- protected:
- virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support
- //}}AFX_VIRTUAL
- // Implementation
- protected:
- //{{AFX_MSG(CAboutDlg)
- //}}AFX_MSG
- DECLARE_MESSAGE_MAP()
- };
- CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD)
- {
- //{{AFX_DATA_INIT(CAboutDlg)
- //}}AFX_DATA_INIT
- }
- void CAboutDlg::DoDataExchange(CDataExchange* pDX)
- {
- CDialog::DoDataExchange(pDX);
- //{{AFX_DATA_MAP(CAboutDlg)
- //}}AFX_DATA_MAP
- }
- BEGIN_MESSAGE_MAP(CAboutDlg, CDialog)
- //{{AFX_MSG_MAP(CAboutDlg)
- // No message handlers
- //}}AFX_MSG_MAP
- END_MESSAGE_MAP()
- /////////////////////////////////////////////////////////////////////////////
- // CMyDlg dialog
- CMyDlg::CMyDlg(CWnd* pParent /*=NULL*/)
- : CDialog(CMyDlg::IDD, pParent)
- {
- //{{AFX_DATA_INIT(CMyDlg)
- // NOTE: the ClassWizard will add member initialization here
- //}}AFX_DATA_INIT
- // Note that LoadIcon does not require a subsequent DestroyIcon in Win32
- m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
- }
- void CMyDlg::DoDataExchange(CDataExchange* pDX)
- {
- CDialog::DoDataExchange(pDX);
- //{{AFX_DATA_MAP(CMyDlg)
- DDX_Control(pDX, IDC_LIST1, m_list);
- DDX_Control(pDX, IDC_PROGRESS1, m_progress);
- //}}AFX_DATA_MAP
- }
- BEGIN_MESSAGE_MAP(CMyDlg, CDialog)
- //{{AFX_MSG_MAP(CMyDlg)
- ON_WM_SYSCOMMAND()
- ON_WM_PAINT()
- ON_WM_QUERYDRAGICON()
- ON_BN_CLICKED(IDC_BUTTON2, OnButton2)
- ON_BN_CLICKED(IDC_BUTTON1, OnButton1)
- ON_BN_CLICKED(IDC_BUTTON3, OnButton3)
- //}}AFX_MSG_MAP
- END_MESSAGE_MAP()
- /////////////////////////////////////////////////////////////////////////////
- // CMyDlg message handlers
- BOOL CMyDlg::OnInitDialog()
- {
- CDialog::OnInitDialog();
- m_bFinded = FALSE;
- m_progress.SetRange(0,100);
- m_progress.SetPos(0);
- iPos = 0;
- m_list.InsertColumn(0, " Virus Name", LVCFMT_LEFT, 120, 0);
- m_list.InsertColumn(1, "ProID", LVCFMT_CENTER, 65, 1);
- m_list.InsertColumn(2, "Parent ProID", LVCFMT_CENTER, 90, 2);
- m_list.DeleteAllItems();
- // Add "About..." menu item to system menu.
- // IDM_ABOUTBOX must be in the system command range.
- ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
- ASSERT(IDM_ABOUTBOX < 0xF000);
- CMenu* pSysMenu = GetSystemMenu(FALSE);
- if (pSysMenu != NULL)
- {
- CString strAboutMenu;
- strAboutMenu.LoadString(IDS_ABOUTBOX);
- if (!strAboutMenu.IsEmpty())
- {
- pSysMenu->AppendMenu(MF_SEPARATOR);
- pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
- }
- }
- // Set the icon for this dialog. The framework does this automatically
- // when the application's main window is not a dialog
- SetIcon(m_hIcon, TRUE); // Set big icon
- SetIcon(m_hIcon, FALSE); // Set small icon
- // TODO: Add extra initialization here
- return TRUE; // return TRUE unless you set the focus to a control
- }
- void CMyDlg::OnSysCommand(UINT nID, LPARAM lParam)
- {
- if ((nID & 0xFFF0) == IDM_ABOUTBOX)
- {
- CAboutDlg dlgAbout;
- dlgAbout.DoModal();
- }
- else
- {
- CDialog::OnSysCommand(nID, lParam);
- }
- }
- // If you add a minimize button to your dialog, you will need the code below
- // to draw the icon. For MFC applications using the document/view model,
- // this is automatically done for you by the framework.
- void CMyDlg::OnPaint()
- {
- if (IsIconic())
- {
- CPaintDC dc(this); // device context for painting
- SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);
- // Center icon in client rectangle
- int cxIcon = GetSystemMetrics(SM_CXICON);
- int cyIcon = GetSystemMetrics(SM_CYICON);
- CRect rect;
- GetClientRect(&rect);
- int x = (rect.Width() - cxIcon + 1) / 2;
- int y = (rect.Height() - cyIcon + 1) / 2;
- // Draw the icon
- dc.DrawIcon(x, y, m_hIcon);
- }
- else
- {
- CDialog::OnPaint();
- }
- }
- // The system calls this to obtain the cursor to display while the user drags
- // the minimized window.
- HCURSOR CMyDlg::OnQueryDragIcon()
- {
- return (HCURSOR) m_hIcon;
- }
- /**********************************************************
- Function name:DeleteVirusFiles
- Description:delete virus files
- Parameter: NULL
- Return:int count of virus files
- Time:2006.07.31
- ***********************************************************/
- int CMyDlg::DeleteVirusFiles()
- {
- int i = 0;
- BOOL bRet = FALSE;
- char chBuf[256];
- char chLog[256];
- CString str, strWIN, strSYS, strPRO;
- GetWindowsDirectory(chBuf, 256);
- strWIN = chBuf;
- strcat(chBuf, "\SMSS.EXE");
- HANDLE hFile = CreateFile(chBuf, GENERIC_READ|GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
- if (hFile == INVALID_HANDLE_VALUE)
- {
- WriteLog("No virus files found");
- return -1;
- }
- CloseHandle(hFile);
- WriteLog("Find virus key process:SMSS.exe");
- m_progress.SetPos(iPos++);
- str = strWIN + "\1.com";
- bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
- if (bRet)
- {
- sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to delete virus file‘ %s’", str);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- str = strWIN + "\ExERoute.exe";
- bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
- if (bRet)
- {
- sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to delete virus file‘ %s’", str);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- str = strWIN + "\explorer.com";
- bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
- if (bRet)
- {
- sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to delete virus file‘ %s’", str);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- str = strWIN + "\finder.com";
- bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
- if (bRet)
- {
- sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to delete virus file‘ %s’", str);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- str = strWIN + "\SMSS.EXE";
- bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
- if (bRet)
- {
- sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to delete virus file‘ %s’", str);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- str = strWIN + "\BOOT.BIN.BAK";
- bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
- if (bRet)
- {
- sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to delete virus file‘ %s’", str);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- str = strWIN + "\Debug\DebugProgram.exe";
- bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
- if (bRet)
- {
- sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to delete virus file‘ %s’", str);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- strSYS = strWIN + "\system32";
- str = strSYS + "\command.pif";
- bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
- if (bRet)
- {
- sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to delete virus file‘ %s’", str);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- str = strSYS + "\dxdiag.com";
- bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
- if (bRet)
- {
- sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to delete virus file‘ %s’", str);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- str = strSYS + "\finder.com";
- bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
- if (bRet)
- {
- sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to delete virus file‘ %s’", str);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- str = strSYS + "\MSCONFIG.COM";
- bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
- if (bRet)
- {
- sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to delete virus file‘ %s’", str);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- str = strSYS + "\regedit.com";
- bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
- if (bRet)
- {
- sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to delete virus file‘ %s’", str);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- str = strSYS + "\rundll32.com";
- bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
- if (bRet)
- {
- sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to delete virus file‘ %s’", str);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- strPRO = strWIN.Left(1) + ":\Program Files";
- str = strPRO + "\Internet Explorer\iexplore.com";
- bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
- if (bRet)
- {
- sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to delete virus file‘ %s’", str);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- str = strPRO + "\Common Files\iexplore.pif";
- bRet = DeleteFile( str.GetBuffer(str.GetLength()) );
- if (bRet)
- {
- sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to delete virus file‘ %s’", str);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- bRet = DeleteFile("D:\autorun.inf");
- if (bRet)
- {
- sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to delete virus file‘ %s’", str);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- bRet = DeleteFile("D:\pagefile.pif");
- if (bRet)
- {
- sprintf(chLog, "deleted virus file‘ %s’ successfully!", str);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to delete virus file‘ %s’", str);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- return i;
- }
- /**********************************************************
- Function name:DeleteRegValues
- Description:delete virus registry
- Parameter: NULL
- Return:int
- Time:2006.07.31
- ***********************************************************/
- int CMyDlg::DeleteRegValues()
- {
- int i = 0;
- char chLog[256];
- RootKey = HKEY_LOCAL_MACHINE;
- SubKey = "Software\Microsoft\Windows\CurrentVersion\Run";
- ValueName = "TProgram";
- if( !(DeleteValue(RootKey, SubKey, ValueName)) )
- {
- sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to recover registry key <%s>", SubKey);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- RootKey = HKEY_LOCAL_MACHINE;
- SubKey = "Software\Microsoft\Windows\CurrentVersion\Runservices";
- ValueName = "TProgram";
- if( !(DeleteValue(RootKey, SubKey, ValueName)) )
- {
- sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to recover registry key <%s>", SubKey);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- RootKey = HKEY_LOCAL_MACHINE;
- SubKey = "Software\Microsoft\Windows NT\CurrentVersion\Winlogon";
- ValueName = "Shell";
- SetContent_S = LPBYTE("Explorer.exe");
- if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
- {
- sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to recover registry key <%s>", SubKey);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- RootKey = HKEY_LOCAL_MACHINE;
- SubKey = "Software\Classes\.bfc\ShellNew";
- ValueName = "Command";
- SetContent_S = LPBYTE("%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\syncui.dll,Briefcase_Create %2!d! %1");
- if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
- {
- sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to recover registry key <%s>", SubKey);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- RootKey = HKEY_LOCAL_MACHINE;
- SubKey = "Software\Classes\.lnk\ShellNew";
- ValueName = "Command";
- SetContent_S = LPBYTE("rundll32.exe appwiz.cpl,NewLinkHere %1");
- if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
- {
- sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to recover registry key <%s>", SubKey);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- RootKey = HKEY_LOCAL_MACHINE;
- SubKey = "Software\Classes\Applications\iexplore.exe\shell\open\command";
- ValueName = "";
- SetContent_S = LPBYTE("%ProgramFiles%\Internet Explorer\IEXPLORE.EXE");
- if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
- {
- sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to recover registry key <%s>", SubKey);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- RootKey = HKEY_LOCAL_MACHINE;
- SubKey = "Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\command";
- ValueName = "";
- SetContent_S = LPBYTE("%ProgramFiles%\Internet Explorer\IEXPLORE.EXE");
- if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
- {
- sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to recover registry key <%s>", SubKey);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- RootKey = HKEY_LOCAL_MACHINE;
- SubKey = "Software\Classes\cplfile\shell\cplopen\command";
- ValueName = "";
- SetContent_S = LPBYTE("rundll32.exe shell32.dll,Control_RunDLL %1,%*");
- if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
- {
- sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to recover registry key <%s>", SubKey);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- RootKey = HKEY_LOCAL_MACHINE;
- SubKey = "Software\Classes\Drive\shell\find\command";
- ValueName = "";
- SetContent_S = LPBYTE("%SystemRoot%\Explorer.exe");
- if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
- {
- sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to recover registry key <%s>", SubKey);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- RootKey = HKEY_LOCAL_MACHINE;
- SubKey = "Software\Classes\dunfile\shell\open\command";
- ValueName = "";
- SetContent_S = LPBYTE("%SystemRoot%\system32\RUNDLL32.EXE NETSHELL.DLL,InvokeDunFile %1");
- if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
- {
- sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to recover registry key <%s>", SubKey);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- RootKey = HKEY_LOCAL_MACHINE;
- SubKey = "Software\Classes\ftp\shell\open\command";
- ValueName = "";
- SetContent_S = LPBYTE("%ProgramFiles%\Internet Explorer\iexplore.exe %1");
- if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
- {
- sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to recover registry key <%s>", SubKey);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- RootKey = HKEY_LOCAL_MACHINE;
- SubKey = "Software\Classes\htmlfile\shell\open\command";
- ValueName = "";
- SetContent_S = LPBYTE("%ProgramFiles%\Internet Explorer\iexplore.exe %1");
- if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
- {
- sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to recover registry key <%s>", SubKey);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- RootKey = HKEY_LOCAL_MACHINE;
- SubKey = "Software\Classes\htmlfile\shell\opennew\command";
- ValueName = "";
- SetContent_S = LPBYTE("%ProgramFiles%\Internet Explorer\iexplore.exe %1");
- if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
- {
- sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to recover registry key <%s>", SubKey);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- RootKey = HKEY_LOCAL_MACHINE;
- SubKey = "Software\Classes\http\shell\open\command";
- ValueName = "";
- SetContent_S = LPBYTE("%ProgramFiles%\Internet Explorer\iexplore.exe %1");
- if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
- {
- sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to recover registry key <%s>", SubKey);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- RootKey = HKEY_LOCAL_MACHINE;
- SubKey = "Software\Classes\inffile\shell\install\command";
- ValueName = "";
- SetContent_S = LPBYTE("%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1");
- if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
- {
- sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to recover registry key <%s>", SubKey);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- RootKey = HKEY_LOCAL_MACHINE;
- SubKey = "Software\Classes\inffile\shell\open\command";
- ValueName = "";
- SetContent_S = LPBYTE("%SystemRoot%\System32\NOTEPAD.EXE %1");
- if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
- {
- sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to recover registry key <%s>", SubKey);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- RootKey = HKEY_LOCAL_MACHINE;
- SubKey = "Software\Classes\inffile\shell\print\command";
- ValueName = "";
- SetContent_S = LPBYTE("%SystemRoot%\System32\NOTEPAD.EXE /p %1");
- if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
- {
- sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to recover registry key <%s>", SubKey);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- RootKey = HKEY_LOCAL_MACHINE;
- SubKey = "Software\Classes\InternetShortcut\shell\open\command";
- ValueName = "";
- SetContent_S = LPBYTE("%ProgramFiles%\Internet Explorer\iexplore.exe %1");
- if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
- {
- sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to recover registry key <%s>", SubKey);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- RootKey = HKEY_LOCAL_MACHINE;
- SubKey = "Software\Classes\InternetShortcut\shell\print\command";
- ValueName = "";
- SetContent_S = LPBYTE("rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1"");
- if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
- {
- sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to recover registry key <%s>", SubKey);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- RootKey = HKEY_LOCAL_MACHINE;
- SubKey = "Software\Classes\InternetShortcut\shell\printto\command";
- ValueName = "";
- SetContent_S = LPBYTE("rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" "%2" "%3" "%4"");
- if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
- {
- sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to recover registry key <%s>", SubKey);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- RootKey = HKEY_LOCAL_MACHINE;
- SubKey = "Software\Classes\scrfile\shell\install\command";
- ValueName = "";
- SetContent_S = LPBYTE("rundll32.exe desk.cpl,InstallScreenSaver %l");
- if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
- {
- sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to recover registry key <%s>", SubKey);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- RootKey = HKEY_LOCAL_MACHINE;
- SubKey = "Software\Classes\scrfile\shell\open\command";
- ValueName = "";
- SetContent_S = LPBYTE(""%1" /S");
- if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
- {
- sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to recover registry key <%s>", SubKey);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- RootKey = HKEY_LOCAL_MACHINE;
- SubKey = "Software\Classes\scriptletfile\shell\Generate Typelib\command";
- ValueName = "";
- SetContent_S = LPBYTE(""C:\WINNT\system32\RUNDLL32.EXE" C:\WINNT\system32\scrobj.dll,GenerateTypeLib "%1"");
- if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
- {
- sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to recover registry key <%s>", SubKey);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- RootKey = HKEY_LOCAL_MACHINE;
- SubKey = "Software\Classes\scriptletfile\shell\open\command";
- ValueName = "";
- SetContent_S = LPBYTE(""C:\WINNT\NOTEPAD.EXE" "%1"");
- if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
- {
- sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to recover registry key <%s>", SubKey);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- RootKey = HKEY_LOCAL_MACHINE;
- SubKey = "Software\Classes\telnet\shell\open\command";
- ValueName = "";
- SetContent_S = LPBYTE("C:\Program Files\Windows NT\hypertrm.exe /t %1");
- if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
- {
- sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to recover registry key <%s>", SubKey);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- RootKey = HKEY_LOCAL_MACHINE;
- SubKey = "Software\Classes\Unknown\shell\openas\command";
- ValueName = "";
- SetContent_S = LPBYTE("%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1");
- if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
- {
- sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to recover registry key <%s>", SubKey);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- RootKey = HKEY_LOCAL_MACHINE;
- SubKey = "Software\Clients\StartMenuInternet";
- ValueName = "";
- SetContent_S = LPBYTE("iexplore.exe");
- if( !(SetValue_S(RootKey, SubKey, ValueName, SetContent_S)) )
- {
- sprintf(chLog, "recovered registry key <%s> successfully!", SubKey);
- WriteLog(chLog);
- }
- else
- {
- i++;
- sprintf(chLog, "failed to recover registry key <%s>", SubKey);
- WriteLog(chLog);
- }
- m_progress.SetPos(iPos++);
- return i;
- }
- /**********************************************************
- Function name:WriteLog
- Description: log
- Parameter: char* chLog
- Return:void
- Time:2006.07.31
- ***********************************************************/
- void CMyDlg::WriteLog(char* chLog)
- {
- SYSTEMTIME NowT;
- GetLocalTime(&NowT);
- //char chTEMP[256];
- //sprintf(chTEMP,"%%SystemRoot%%\system32\syncui.dll,Briefcase_Create %%2!d! %%1");
- fp = fopen("result.log", "a+");
- if (fp != NULL)
- {
- fprintf(fp," %d/%d/%d/ %d:%d:%d %sn", NowT.wYear, NowT.wMonth, NowT.wDay,
- NowT.wHour, NowT.wMinute, NowT.wSecond, chLog);
- //fprintf(fp,"%s%n",chLog);
- fclose(fp);
- }
- }
- void CMyDlg::OnOK()
- {
- CString strVirusName;
- char chMsg[256];
- int iCount = 0;
- iCount = DeleteRegValues();
- if (iCount>0)
- {
- sprintf(chMsg, "failed to delete [%d] virus files, please try it again on Safemode. read log for details.", iCount);
- AfxMessageBox(chMsg);
- }
- m_bFinded = FALSE;
- m_list.DeleteAllItems();
- HANDLE SnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
- if (SnapShot == NULL)
- {
- MessageBox("failed to kill the virus, please try it again on Safemode.");
- return;
- }
- SHFILEINFO shSmall;
- int nIndex;
- CString str, prcnum;
- PROCESSENTRY32 ProcessInfo;//declare process information
- ProcessInfo.dwSize = sizeof(ProcessInfo);//size of ProcessInfo
- BOOL Status = Process32First(SnapShot, &ProcessInfo);
- int m_nProcess=0, num=0;
- while(Status)
- {
- m_nProcess++;
- num++;
- //ZeroMemory(&shSmall,sizeof(shSmall));
- //get process info
- SHGetFileInfo(ProcessInfo.szExeFile, 0, &shSmall,
- sizeof(shSmall), SHGFI_ICON|SHGFI_SMALLICON);
- strVirusName = ProcessInfo.szExeFile;
- if (!strVirusName.Compare("SMSS.exe"))
- {
- WriteLog("detected SMSS virus");
- nIndex = m_list.InsertItem(m_nProcess, ProcessInfo.szExeFile);
- str.Format("%08x",ProcessInfo.th32ProcessID);
- m_list.SetItemText(nIndex,1,str);
- str.Format("%08x",ProcessInfo.th32ParentProcessID);
- m_list.SetItemText(nIndex,2,str);
- HANDLE hProcess = OpenProcess( PROCESS_ALL_ACCESS, FALSE,ProcessInfo.th32ProcessID);
- if (!::TerminateProcess(hProcess,1))
- {
- WriteLog("failed to kill");
- MessageBox("failed to kill the virus, please try it again on Windows Safemode.");
- iPos = 0;
- m_progress.SetPos(iPos);
- return;
- }
- m_progress.SetPos(iPos++);
- Sleep(100);//wait for stopping process
- iCount = DeleteVirusFiles();
- if (iCount>0)
- {
- sprintf(chMsg, "failed to delete [%d] virus files, please try it again on Safemode. read log for details.", iCount);
- AfxMessageBox(chMsg);
- }
- iCount = DeleteRegValues();
- if (iCount>0)
- {
- sprintf(chMsg, "failed to delete [%d] virus files, please try it again on Safemode. read log for details.", iCount);
- AfxMessageBox(chMsg);
- }
- m_bFinded = TRUE;
- break;
- }
- //get next process info
- Status=Process32Next(SnapShot,&ProcessInfo);
- }
- if (!m_bFinded)
- {
- WriteLog("no virus");
- if (DeleteVirusFiles() >= 0)
- {//cannot be found in processes, but in harddisk
- m_bFinded = TRUE;
- iCount = DeleteRegValues();
- if (iCount>0)
- {
- sprintf(chMsg, "failed to delete [%d] virus files, please try it again on Safemode. read log for details.", iCount);
- AfxMessageBox(chMsg);
- }
- }
- }
- m_progress.SetPos(100);
- if (!m_bFinded)
- MessageBox("congratulation! no virus be found");
- m_progress.SetPos(0);
- //CDialog::OnOK();
- }
- void CMyDlg::OnCancel()
- {
- // TODO: Add extra cleanup here
- CDialog::OnCancel();
- }
- void CMyDlg::OnButton2()
- {
- ShellExecute(NULL,"open","result.log","","", SW_SHOW);
- }
- void CMyDlg::OnButton1()
- {
- DeleteFile("result.log");
- }
- void CMyDlg::OnButton3()
- {
- PROCESS_INFORMATION pProcInfo;
- STARTUPINFO startUpInfo = { sizeof(STARTUPINFO),NULL,"",NULL,0,0,0,0,0,0,0,STARTF_USESHOWWINDOW,0,0,NULL,0,0,0};
- startUpInfo.wShowWindow = SW_SHOW;
- startUpInfo.lpDesktop = NULL;
- CreateProcess("C:\WINNT\explore.exe","d:\a.exe",NULL,NULL,TRUE,NORMAL_PRIORITY_CLASS,NULL,"d:\",&startUpInfo,&pProcInfo);
- }