import os
import re
import sys
import time# property of the virus
sigin = "m4S4nAC/nA"
filepath = "/boot/dingzhi_random_10_word1;/lib/udev/udev"
delpath = "/etc/cron.hourly/cron.sh;/etc/init.d/fromdingzhi_"#read file
def readfile(path):file = open(path)try:content = file.read()finally:file.close()return content#scan the filesystem in the os with specify eigenvalue
def scanforeigen(path,word):for filename in os.listdir(path):fp = os.path.join(path,filename)if os.path.isfile(fp):print fpwith open(fp) as f:for line in f:if word in line:print "find in the file:" + fpreturn fpbreakelif os.path.isdir(fp):scanforeigen(fp,word)#check the specify dir thrugh property return the path in a lis
def check():targetlist = []bootfile = scanforeigen("/boot",sigin)if bootfile is not None and bootfile != '':bootfilename = bootfile.split("/")[-1]if len(bootfilename) == 10 and re.match('^[a-z]+$',bootfilename):targetlist.append(bootfile)libfile = scanforeigen("/lib/udev",sigin)if libfile is not None and libfile != '':libfilename = libfile.split("/")[-1]if libfilename == "udev":targetlist.append(libfile)return targetlistdef kill():itemlist = []targetlist = check()print targetlistboot = targetlist[0]print "boot is " + bootbootname = boot.split('/')[-1]for itemnum in os.listdir("/proc"):                   #throught the filename to find the pid and returnif itemnum.isdigit():print "the dir is " + itemnum path = "/proc/" + itemnum + "/maps"print pathmapscontent = readfile(path)if bootname in mapscontent:print "the pid of the " + bootname + " is " + itemnumitemlist.append(itemnum)print itemlist#stop the father processfor item in itemlist:print "item is " + item cmd = "kill -STOP " + itemos.popen(cmd)time.sleep(5)print "going sleeping"#delete the file for target in targetlist:print "del the" + targetcmd = "rm " + targetos.popen(cmd)dellist = delpath.split(';')for delfile in dellist:print "the delfile" + delfileif delfile.split('/')[-1] == "fromdingzhi_":delfile = delfile.replace("fromdingzhi_",bootname)print "del the " + delfilecmd = "rm " + delfileos.popen(cmd)#kill the processcmd = "kill -9 " + itemprint cmdos.popen(cmd)if __name__ == '__main__':
#list = check()if sys.argv[1] == "-check":list = check()elif sys.argv[1] == '-kill':kill()

import os
import sys
import time#linux.tragon.bill.gatessigin = "88FD2FE8EF8D51263B037677FD30F25CBFEB57F759F711FB41956288A85E9655F"
initpaht = "/etc/init.d/selinux;/etc/init.d/DbSecuritySpt"
filedir = "/usr/bin;/usr/sbin;/bin;/usr/bin/bsd-port;/usr/bin/dpkgd"
filepath = "/usr/bin/.sshd;/usr/bin/bsd-port/getty"
delpath = "/usr/bin/ps;/usr/bin/ss;/usr/bin/lsof;/usr/bin/netsata;/usr/sbin/ps;/usr/sbin/ss;/usr/sbin/lsof;/usr/sbin/netsata;/bin/ps;/bin/ss;/bin/lsof;/bin/netsata;/etc/init.d/selinux;/etc/init.d/DbSecuritySpt;/tmp/moni.lod;/tmp/gates.lod;/usr/bin/bsd-port/getty.lock"
configfile = "/tmp/moni.lod;/tmp/gates.lod;/usr/bin/bsd-port/getty.lock"findlist = []#read file
def readfile(path):file = open(path)try:content = file.read()finally:file.close()return content#scan the filesystem in the os with specify eigenvalue
def scanforeigen(path,word):for filename in os.listdir(path):fp = os.path.join(path,filename)if os.path.isfile(fp):print fpwith open(fp) as f:for line in f:if word in line:print "find in the file:" + fpfindlist.append(fp)return fpelif os.path.isdir(fp):scanforeigen(fp,word)#check the specify dir thrugh property return the path in a lis
def check():targetlist = []dirlist = filedir.split(";")for dirpath in dirlist:checkfile = scanforeigen(dirpath,sigin)'''print "the checkfile is :"print checkfiletargetlist.append(checkfile)'''
#start kill
def kill():piddic = {}check()print findlist#get pidif findlist is not None:conflist = configfile.split(";")for confpath in conflist:content = readfile(confpath)print "the path " + confpath + "content is " + content piddic[confpath] = contentprint piddic#get the filepath restart by DbSecuritySptspecialpath = readfile("/etc/init.d/DbSecuritySpt")specialpath = specialpath[12:]print "dd" + specialpath#stop the process in the pidlistfor key in piddic:cmd = "kill -STOP " + piddic[key]os.popen(cmd)#start to delete the filedelfile = delpath.split(";")for delfielpath in delfile:cmd = "rm " + delfielpathos.popen(cmd)cmd = "rm " + specialpathos.popen(cmd)cmd = "cp /usr/bin/dpkgd/ps /bin"os.popen(cmd)cmd = "cp /usr/bin/dpkgd/ss /bin"os.popen(cmd)cmd = "cp /usr/bin/dpkgd/lsof /bin"os.popen(cmd)cmd = "cp /usr/bin/dpkgd/netstat /bin"os.popen(cmd)for key in piddic:cmd = "kill -9 " + piddic[key]os.popen(cmd)if __name__ == '__main__':
#list = check()if sys.argv[1] == "-check":list = check()elif sys.argv[1] == '-kill':kill()