最新Viking(维金)病毒专杀工具,纯VB编写。
Viking的肆虐让很多受害者忍无可忍,更可气的是专业软件公司提供的专杀工具竟然无法彻底清除。
无奈之余自己动手写了一个,请需要的朋友到这里下载:http://www.chenoe.com
该工具可以有效解除被感染的exe中的病毒并还原exe文件,网上的大部分工具是直接删除exe文件。另外,本工具还具有Viking免疫功能。
下载后直接运行即可查杀,如果查杀几次都有无法关闭的进程的,重新启动一下计算机继续查杀应该可以杀掉。直到病毒数为0时为止。
另外提供该工具中结束进程部分的代码,结束进程一般采用TerminateProcess函数,但是对于比较顽固的进程就要用非常规的手段来Kill了。
我的方法是,先提高本程序为Debug级别的权限。再用TerminateProcess关闭,如果失败就枚举该进程中的线程并用TerminateThread关闭。然后再用TerminateProcess结束进程。这样就基本上可以关闭99%的非系统进程了。
还有,对于被注入了病毒dll的进程,要先枚举进程中的模块并判断。然后决定是否Kill,Kill方法同上。
以下为进程、线程、模块相关的代码:
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long
Private Declare Function Process32First Lib "kernel32" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function Process32Next Lib "kernel32" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function Thread32First Lib "KERNEL32.dll" (ByVal hSnapshot As Long, ByRef lpte As THREADENTRY32) As Long
Private Declare Function Thread32Next Lib "KERNEL32.dll" (ByVal hSnapshot As Long, ByRef lpte As THREADENTRY32) As Long
Private Declare Function Module32First Lib "KERNEL32.dll" (ByVal hSnapshot As Long, ByRef lppe As MODULEENTRY32) As Long
Private Declare Function Module32Next Lib "KERNEL32.dll" (ByVal hSnapshot As Long, ByRef lpme As MODULEENTRY32) As Long
Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long
Private Declare Function TerminateThread Lib "kernel32" (ByVal hThread As Long, ByVal dwExitCode As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function OpenThread Lib "KERNEL32.dll" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwThreadId As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Const TH32CS_SNAPPROCESS = &H2
Private Const TH32CS_SNAPTHREAD = &H4
Private Const TH32CS_SNAPMODULE As Long = &H8
Private Const PROCESS_TERMINATE As Long = (&H1)
Private Const MAX_PATH As Integer = 260
Private Type PROCESSENTRY32
dwsize As Long
cntusage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
dwFlags As Long
szExeFile As String * MAX_PATH
End Type
Private Type MODULEENTRY32 '模块
dwsize As Long
th32ModuleID As Long
th32ProcessID As Long
GlblcntUsage As Long
ProccntUsage As Long
modBaseAddr As Byte
modBaseSize As Long
hModule As Long
szModule As String * 256
szExePath As String * 1024
End Type
Private Type THREADENTRY32 '线程
dwsize As Long
cntusage As Long
th32threadID As Long
th32OwnerProcessID As Long
tpBasePri As Long
tpDeltaPri As Long
dwFlags As Long
End Type
Public Function KillThread(ByVal ProcessID As Long) As Boolean
Dim hThread As Long, r As Long, i As Long
Dim TList() As THREADENTRY32
TList = GetThreadList(ProcessID)
For i = 0 To UBound(TList)
With TList(i)
hThread = OpenThread(PROCESS_TERMINATE, False, .th32threadID) '获取进程句柄
If hThread <> 0 Then
r = TerminateThread(hThread, 0) '关闭进程
End If
End With
Next
KillThread = r <> 0
End Function
Public Function KillProcess(ByVal ProcessName As String, Optional ByVal bKillThread As Boolean) As Boolean
Dim hProcess As Long, r As Long
Dim PList() As PROCESSENTRY32
Dim Name As String, i As Long
PList = GetProcessList
For i = 0 To UBound(PList)
With PList(i)
Name = Left(.szExeFile, InStr(1, .szExeFile, vbNullChar) - 1)
DoEvents
Form1.lbState.Caption = "正在内存查毒: " & Name
r = InModule(.th32ProcessID, ProcessName)
If LCase(Trim(Name)) = LCase(Trim(ProcessName)) Or r Then
hProcess = OpenProcess(PROCESS_TERMINATE, False, .th32ProcessID) '获取进程句柄
If hProcess <> 0 Then
r = TerminateProcess(hProcess, 0) '关闭进程
If r Then
AddLog Name, "已结束进程"
Else
If bKillThread Then
If KillThread(.th32ProcessID) Then
AddLog Name, "已结束线程"
Else
AddLog Name, "线程结束失败"
End If
End If
r = TerminateProcess(hProcess, 0) '关闭进程
If r Then
AddLog Name, "已结束进程"
Else
AddLog Name, "进程结束失败"
End If
End If
Else
AddLog Name, "无法获得进程句柄"
End If
End If
End With
Next
End Function
Private Function GetThreadList(ByVal ProcessID As Long) As THREADENTRY32()
Dim i As Long
Dim TList() As THREADENTRY32
Dim TE32 As THREADENTRY32
Dim hThreadSnap As Long
Dim TheLoop As Long
hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, ProcessID)
TE32.dwsize = Len(TE32)
TheLoop = Thread32First(hThreadSnap, TE32)
While TheLoop <> 0
If TE32.th32OwnerProcessID = ProcessID Then
ReDim Preserve TList(i)
TerminateThread TE32.th32threadID, 0
TList(i) = TE32
i = i + 1
End If
TheLoop = Thread32Next(hThreadSnap, TE32)
Wend
CloseHandle hThreadSnap
GetThreadList = TList
End Function
Private Function GetProcessList() As PROCESSENTRY32()
Dim i As Long
Dim PList() As PROCESSENTRY32
Dim PE32 As PROCESSENTRY32
Dim hProcessSnap As Long
Dim TheLoop As Long
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
PE32.dwsize = Len(PE32)
TheLoop = Process32First(hProcessSnap, PE32)
While TheLoop <> 0
ReDim Preserve PList(i)
PList(i) = PE32
i = i + 1
TheLoop = Process32Next(hProcessSnap, PE32)
Wend
CloseHandle hProcessSnap
GetProcessList = PList
End Function
Private Function GetModuleList(ByVal ProcessID As Long) As MODULEENTRY32()
Dim i As Long
Dim MList() As MODULEENTRY32
Dim ME32 As MODULEENTRY32
Dim hModuleSnap As Long
Dim TheLoop As Long
hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, ProcessID)
ME32.dwsize = Len(ME32)
TheLoop = Module32First(hModuleSnap, ME32)
While TheLoop <> 0
ReDim Preserve MList(i)
MList(i) = ME32
i = i + 1
TheLoop = Module32Next(hModuleSnap, ME32)
Wend
CloseHandle hModuleSnap
GetModuleList = MList
End Function
Private Function InModule(ByVal ProcessID As Long, ByVal ModuleName As String) As Boolean
Dim i As Long
Dim MList() As MODULEENTRY32
Dim Name As String
On Error GoTo Err:
MList = GetModuleList(ProcessID)
For i = 0 To UBound(MList)
With MList(i)
Name = Left(.szModule, InStr(1, .szModule, vbNullChar) - 1)
If LCase(Name) = LCase(ModuleName) Then
InModule = True
Exit For
End If
End With
Next
Err:
End Function
'这个是显示的杀毒记录
Sub AddLog(txt1 As String, txt2 As String)
Dim Item As ListItem
Set Item = Form1.lv.ListItems.Add(, , txt1)
Item.SubItems(1) = txt2
End Sub
以下为设置本程序权限级别的代码,在程序加载前调用EnableDebugPrivilege即可:
Private Type LARGE_INTEGER
lowpart As Long
highpart As Long
End Type
Private Const ANYSIZE_ARRAY As Long = 1
Private Const SE_PRIVILEGE_ENABLED As Long = &H2
Private Const TOKEN_ADJUST_PRIVILEGES As Long = &H20
Private Const TOKEN_QUERY As Long = &H8
Private Type LUID_AND_ATTRIBUTES
LUID As LARGE_INTEGER
Attributes As Long
End Type
Private Type TOKEN_PRIVILEGES
PrivilegeCount As Long
Privileges(ANYSIZE_ARRAY) As LUID_AND_ATTRIBUTES
End Type
Private Declare Function LookupPrivilegeValue Lib "advapi32.dll" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, ByRef lpLuid As LARGE_INTEGER) As Long
Private Declare Function AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, ByRef NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, ByRef PreviousState As Long, ByRef ReturnLength As Long) As Long
Private Declare Function GetCurrentProcess Lib "KERNEL32.dll" () As Long
Private Declare Function GetCurrentProcessId Lib "KERNEL32.dll" () As Long
Private Declare Function CloseHandle Lib "KERNEL32.dll" (ByVal hObject As Long) As Long
Private Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, ByRef TokenHandle As Long) As Long
Private Declare Function GetLastError Lib "KERNEL32.dll" () As Long
Function EnableDebugPrivilege() As Boolean
Dim TP As TOKEN_PRIVILEGES
Dim hToken As Long, r As Long, e As Long
r = OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, hToken)
e = GetLastError
' Err.Raise 6
If r And Not e Then
r = LookupPrivilegeValue(vbNullString, "SeDebugPrivilege", TP.Privileges(0).LUID)
e = GetLastError
If r And Not e Then
TP.PrivilegeCount = 1
TP.Privileges(0).Attributes = SE_PRIVILEGE_ENABLED
r = AdjustTokenPrivileges(hToken, False, TP, LenB(TP), 0, 0)
EnableDebugPrivilege = GetLastError = 0
End If
End If
Call CloseHandle(hToken)
End Function
最新Viking(维金)病毒专杀工具,纯VB编写。相关推荐
- 最新Viking(维金)病毒专杀工具,纯VB编写。(升级版)
维金的泛滥愈演愈烈,10月份发布了几个专杀工具帮助千百万计的用户脱离苦海,近日又接到了很多用户发来的维金病毒报告邮件,没想到这个病毒比原来更猖獗了.原来的工具源码在一次意外中丢失,这次又狠下心重新编写 ...
- 最新Viking(维金)病毒专杀工具,纯VB编写。 (代码续)
(声明:魏滔序原创,转贴请注明出处.) 原文地址:http://blog.csdn.net/Modest/archive/2006/10/11/1330505.aspx?Pendin ...
- 最新流氓网站8749病毒专杀工具下载
关键词:8749病毒专杀工具下载 流氓网站8749.com 此木马监控标题栏,关键字很严密 1.例如专 和 杀不能在一起出现 ,一起就会关闭 打空格 干扰码都不行 2.程序.网页 等 标题有 360 ...
- ARP病毒专杀工具免费下载
ARP病毒专杀工具免费下载 ARP病毒专杀工具免费下载 近期有某种arp病毒在校园网里传播,感染该病毒后,会影响整个网段(宿舍区整单元.办公区整个楼层)计算机的正常上网,出现同一网段的大面积断网断线. ...
- devos勒索病毒解决办法|devos勒索病毒解密|devos勒索病毒专杀工具|devos勒索病毒如何感染电脑
.devos后缀勒索病毒解密工具|勒索病毒解密恢复|devos勒索病毒解密|devos勒索病毒文件恢复|数据库恢复 devos勒索病毒解决办法|devos勒索病毒解密|devos勒索病毒专杀工具|de ...
- lockbit勒索病毒专杀工具,.lockbit勒索病毒数据恢复,lockbit勒索病毒解密处理,数据库恢复
lockbit勒索病毒专杀工具,.lockbit勒索病毒数据恢复,lockbit勒索病毒解密处理,数据库恢复 目录: lockbit勒索病毒简述 计算机感染lockbit勒索病毒后的表现 lockbi ...
- 程序之家系列教程之手把手教你写熊猫烧香病毒专杀工具
(作者:chenhui530,论坛 http://chenhui530.com ) 前言 经过去年和熊猫烧香.威金等病毒的"斗争",我也累了,"程序之家病毒专 ...
- OSO.EXE病毒专杀工具
oso.exe是一个典型的U盘病毒,典型特征就是在硬盘的每个盘下面生成autorun.inf和oso.exe文件,并在硬盘右键出现AUTO,并在系统盘下生成可执行文件 c:/windows/syste ...
- 自己动手写个病毒专杀工具
下方查看历史精选文章 重磅发布 - 自动化框架基础指南pdf 大数据测试过程.策略及挑战 测试框架原理,构建成功的基石 在自动化测试工作之前,你应该知道的10条建议 在自动化测试中,重要的不是工具 此 ...
最新文章
- 基于Hadoop的大数据平台实施记——整体架构设计[转]
- 迈向智慧化 物联网规模应用不断拓展
- javaScript常用知识点有哪些
- 菜鸟学习计划浅谈之Linux系统
- httpclient3.1的多线程处理
- 使用RegularExpressionValidator限制多行文本框的字数
- 软件配置管理七重境界
- 【Linux系统编程】线程堆栈大小的使用介绍
- myeclipse中代码提示和编辑区颜色设置
- 【转】为什么螺丝都是六角的?
- 网卡驱动程序之编写虚拟网卡(二)
- JAVA入门级教学之(JAVA注释)
- (六)使用Coral USB Accelerator在Raspberry Pi上部署YOLOv5模型
- 温州动车事故中受伤的“我”,还好吗?
- 市场推广的及时性要素
- java读取某一行_java 读取指定某一行的文本
- mac flutter开发环境 flutter环境变量的配置
- java整形数组的最大最小值
- Ubuntu安装蓝牙驱动
- C/C++快速读写磁盘数据的方法