CopyCode The Code is as follows: using system;
Using system. IO;
Using system. Threading;
Using system. Windows. forms;
Using system. net;
Namespace trojanmonitor
{
Public partial class form1: Form
{
Public form1 ()
{
Initializecomponent ();
}
Delegate void settextcallback (string text );
Private string fname, code, emailkey, IP;
Private thread thr;
Private void fsw_changed (Object sender, filesystemeventargs E)
{// File change monitoring (including new)
Fname = E. Name;
Thr = new thread (New threadstart (chkfile ));
Thr. isbackground = true;
Thr. Start ();
}
Private void fsw_renamed (Object sender, renamedeventargs E)
{// Rename monitoring
Fname = E. Name;
Thr = new thread (New threadstart (chkfile ));
Thr. isbackground = true;
Thr. Start ();
}
Private void chkfile (){
String filename = fname;
String content = "", filepath = FSW. Path + @ "\" + filename, filename = "", hzhui = "";
Filename = path. getfilename (filename );
Hzhui = path. getextension (filename). tolower ();
If (hzhui = ". ASP "| hzhui = ". aspx "| hzhui = ". PHP "| hzhui = ". jpg "| hzhui = ". GIF ")
{
Try {
If (isfileinuse (filename) {system. Threading. thread. Sleep (2000); chkfile ();}
Streamreader sr = new streamreader (filepath );
Content = Sr. readtoend ();
Sr. Close ();
If (chkcontent (content )){
Try {
String bakpath = application. startuppath + @ "\ trojanmonitorbak ",
Logfile = bakpath + @ "\ log" + datetime. Today. to1_datestring () + ". dat ",
Newfile = bakpath + @ "\" + datetime. Today. to1_datestring () + @"\",
Newfilepath = newfile + datetime. now. hour. tostring () + "point" + datetime. now. minute. tostring () + "Minute" + datetime. now. second. tostring () + "second" + datetime. now. millisecond. tostring () + "millisecond-" + filename;
If (! Directory. exists (bakpath) {directory. createdirectory (bakpath );}
If (! Directory. exists (newfile) {directory. createdirectory (newfile );}
If (file. exists (newfilepath) {file. Delete (newfilepath );}
File. Move (filepath, newfilepath );
String STR = "[" + datetime. Now + "] suspicious files: [" + filepath + "] to [" + newfilepath + "]";
Addtiem (STR );
Streamwriter Sw = file. appendtext (logfile );
Sw. writeline (STR + "\ r \ n"); // write logs
Sw. Flush ();
Sw. Close ();
Sw. Dispose ();
Downurl ("http://www.cqeh.com/mail? Emailsubject = Suspicious File ("+ IP +") & emailkey = "+ emailkey +" & sendhtml = ["+ IP +"] ["+ datetime. now + "] Suspicious File found: [" + filepath + "]"); // send an email
Sw = file. appendtext (filepath );
Sw. writeline ("suspicious problem detected in this file! Contact the administrator! ");
Sw. Flush ();
Sw. Close ();
Sw. Dispose ();
}
Catch (exception ex) {addtiem (ex. tostring ());}
}
}
Catch (exception ex) {addtiem (ex. tostring ());}
}
}
Private string downurl (string URL ){
WebClient client = new WebClient ();
String result = client. downloadstring (URL );
Return result;
}
Private void addtiem (string text ){
If (this. lb. invokerequired ){
Settextcallback d = new settextcallback (addtiem );
This. Invoke (D, new object [] {text });
} Else {
This. lb. Items. Add (text );
}
}
Private bool chkcontent (string content)
{
Bool returnval = false;
String [] sarray = code. tolower (). Split ('| ');
Content = content. tolower ();
Foreach (string I in sarray)
{
If (content. indexof (I)>-1) {returnval = true; break ;}
}
Return returnval;
}
Private void form1_load (Object sender, eventargs e ){
IP = DNS. gethostentry (environment. machinename). Addresslist [0]. tostring ();
String Config = file. readalltext (application. startuppath + "// monitorpath. ini"); // obtain the monitoring path D: \ wwwroot
Try {
Code = downurl ("http://www.cqeh.com/txt/trojan.txt ");
// Obtain the trojan feature Library
Filepath. Text = config;
FSW. Path = config;
Emailkey = downurl ("http://www.cqeh.com/txt/trojanemailkey.txt ");
// Obtain the email sending license key;
This. showintaskbar = false;
This. Visible = false;
}
Catch (exception ex ){
MessageBox. Show ("error:" + ex. message, "cannot be started Program ! ", Messageboxbuttons. OK); application. Exit ();
}
Finally {}
}
Bool isfileinuse (string filename) {// checks whether the file is in use
Bool inuse = true;
If (file. exists (filename )){
Filestream FS = NULL;
Try {FS = new filestream (filename, filemode. Open, fileaccess. Read, fileshare. None); inuse = false ;}
Catch {} finally {If (FS! = NULL) fs. Close ();}
Return inuse;
} Else {return false ;}
}
Private void policyicon#mousedoubleclick (Object sender, mouseeventargs E)
{
This. Visible = true;
This. windowstate = formwindowstate. normal;
This. showintaskbar = true;
}
Private void form1_resize (Object sender, eventargs E)
{
If (this. windowstate = formwindowstate. Minimized ){
This. showintaskbar = false;
This. Visible = false;
}
}
Private void exit system toolstripmenuitem_click_1 (Object sender, eventargs e ){
Application. Exit ();
}
Private void display window toolstripmenuitem_click (Object sender, eventargs e ){
This. Visible = true;
This. windowstate = formwindowstate. normal;
This. showintaskbar = true;
}
Private void form=formclosing (Object sender, formclosingeventargs e ){
This. showintaskbar = false;
This. Visible = false;
E. Cancel = true;
}
}
}
Download source code package