清除MSBlast蠕蟲病毒工具源代碼
以下是全部的程式, 以 Delphi 7 編譯正常
雖然 MSBlast蠕蟲 是很舊的 Worm, 但是重點是可以看到清除蠕蟲程式的架構寫法
代碼:
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs;
type
TForm1 = class(TForm)
procedure FormCreate(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
uses
tlhelp32,registry;
procedure Kill;
var
ID:DWORD;
I: string;
Ret: Boolean;
tmp:string;
SnapshotHandle: THandle;
PE32: tProcessEntry32;
hh: HWND;
begin
I := lowercase('msblast.exe');
SnapshotHandle := CreateToolHelp32Snapshot(TH32CS_SNAPPROCESS, 0);
PE32.dwSize := SizeOf(PE32);
Ret:= Process32First(SnapshotHandle, PE32);
while Integer(ret) <> 0 do
begin
tmp:=lowercase(PE32.szExeFile);
if pos(i,tmp)>0 then
begin
Id := PE32.th32ProcessID;
hh := OpenProcess(PROCESS_ALL_ACCESS, True,Id);
TerminateProcess(hh, 0);
end;
Ret:=Process32Next(SnapshotHandle,PE32);
end;
end;
function getdir:string;
var
reg:tregistry;
begin
result:=''
reg:=tregistry.create;
with reg do
begin
rootkey:=HKEY_LOCAL_MACHINE;
openkey('SOFTWARE\Microsoft\Windows\CurrentVersion\Run',false);
result:=readstring('windows auto update')
end;
reg.free;
end;
procedure clearrun;
var
reg:TRegistry;
begin
reg:=tregistry.Create;
reg.RootKey:=HKEY_LOCAL_MACHINE;
reg.OpenKey ('SOFTWARE\Microsoft\Windows\CurrentVersion\Run',true);
reg.Deletevalue('windows auto update');
Reg.CloseKey;
end;
procedure TForm1.FormCreate(Sender: TObject);
begin
kill;
deletefile(extractfilepath(getdir)+'\msblast.exe');
clearrun;
end;
end.
