JavaScript has written an antivirus tool that clears "Logo1_.exe" (scan directory) _javascript tips

Source: Internet
Author: User
Tags sleep
Recently, I shared a directory where all the EXE files are infected with the virus, the Internet to find out that it is "logo1_.exe" this banging ghost. Online on the harm of the virus is very high, that as long as the virus, the entire machine can only "Format." The reason for this is probably because all applications are infected, and running any program will "regenerate" the virus. I use "Kabbah driver" antivirus, the result is not clear, the results of my entire EXE file to delete. Depressed, he wrote this punch to clear the infected program of the virus.





In the "Logo1_.exe" Virus please go online to find relevant removal methods, this tool is only to clear infected files inside the virus, because there is not much time, did not do the registry automatic recovery function;





Poisoning phenomenon: In all the directories containing EXE files to create a hidden "_desktop.ini" file, which recorded the date of the virus infection. If you delete the file, the virus repeats the infected application and regenerates the "_desktop.ini" file, and many infected applications appear with a vague ico icon.





Online legend of the virus every three minutes activity oh, also said that the new machine in the network work with poison, within three minutes will be killed, installed a friend of the system carefully.





To prevent careless friends from running virus files, I have removed the ". exe" suffix. You can add the ". exe" suffix name compared to antivirus before and after the ICO icon transformation.


Reminder again: Do not run the virus sample program until you have removed the virus from the virus samples using this tool. Otherwise immediately won the bid: D


Save As: Logo1_kill.js can be run


Copy Code code as follows:



TaskKill ("Logo1_.exe");


TaskKill ("Rundl132.exe");


var window, Lstkill, Pnlscan, Form1 = new Form;


Form1. Run ();


function Form ()


{


var IE = WSH. GetObject ("", "internetexplorer.application");


Ie. ToolBar = 0;


Ie. StatusBar = 0;


Ie. Width = 350;


Ie. Height = 360;


Ie. Navigate ("About:blank");


var document = Ie.document;


Document.body.scroll = "No";


Document.body.style.font = "9pt song body";


window = Document.frames;


Document.body.charset = "gb2312";


Document.bgcolor = "Menu";


Document.body.style.border = 0;


Document.title = "Logo1_.exe virus removal Tool";


This. Run = function ()


{


var Btnkill = new button ("Purge virus");


var filebox = new Filebox;


var grpscan = new Group;


var Grpkill = new Group ("Quick purge virus");


var dirpath = new TextBox;


var btnscan = New button ("Start Scan");


Pnlscan = new Panel;


Lstkill = new ListBox;


Dirpath.value = "d:\\";


GrpScan.Text.data = "Directory Scan";


PnlScan.Text.data = "Ready";


LstKill.style.width = "100%";


LstKill.style.height = "2in";


AddControl (Grpkill);


Grpkill.add (Filebox);


Grpkill.add (Btnkill);


AddControl (Grpscan);


Grpscan.add (Dirpath);


Grpscan.add (Btnscan);


Grpscan.add (Pnlscan);


Grpscan.add (Lstkill);


Btnkill.onclick = btnkill_clicked;


Btnscan.onclick = btnscan_clicked;


Ie. Visible = true;


Try


{


while (!window.closed)


{


if (btnscan.disabled)


{


Try


{


var FSO = new ActiveXObject ("Scripting.FileSystemObject");


var Folder = Fso.getfolder (Dirpath.value);


Folderlist (Folder);


}


catch (Err)


{


Window.alert (Err.message);


}


btnscan.disabled = false;


Window.alert ("Scan complete.") ");


}


WSH. Sleep (1000);


}


}


catch (Err)


{}


function btnkill_clicked ()


{


var FilePath = Filebox.value;


if (FilePath && Check (FilePath))


{


if (window.confirm) ("Virus detected, do you want to clear?") "))


{


Try


{


Backup (FilePath);


}


catch (ERR) {}


while (Check (FilePath)) Clear (FilePath);


Window.alert ("Clears a virus.") ");


}


}


Else


{


Window.alert ("No virus found.) ");


}


}


function btnscan_clicked ()


{


while (lstKill.options.length) lstKill.options.remove (0);


Btnscan.disabled = true;


}


}


function AddControl (obj)


{


Document.body.appendChild (obj);


}


function Filebox ()


{


var obj = document.createelement ("input");


Obj.type = "File";


return obj;


}


function Button (text)


{


var obj = document.createelement ("input");


Obj.type = "button";


Obj.value = text;


return obj;


}


function TextBox ()


{


return document.createelement ("input");


}


function Panel ()


{


var div = document.createelement ("div");


Div.add = function (OBJ)


{


This.appendchild (OBJ);


}


Div.text = document.createTextNode ();


Div.add (Div.text);


Div.style.overflow = "hidden";


return DIV;


}


function Group (Title)


{


var fieldset = document.createelement ("fieldset");


var legend = document.createelement ("Legend");


FieldSet. Text = document.createTextNode ();


FieldSet. Text.data = Title;


Legend.appendchild (fieldset. Text);


FieldSet. ADD = function (OBJ)


{


This.appendchild (OBJ);


}


FieldSet. ADD (legend);


Fieldset.style.marginBottom = "2mm";


return fieldset;


}


function ListBox ()


{


var select = Document.createelement ("select");


Select.multiple = true;


Select. ADD = function (text)


{


var opt = window. Option (text);


Select.options.add (opt);


}


return select;


}


}


function TaskKill (Process)


{


var winmgmts = GetObject ("winmgmts://127.0.0.1");


var proclist = winmgmts.execquery ("SELECT * from Win32_Process");


var proclist = new Enumerator (proclist);


while (! Proclist.atend ())


{


if (Proclist.item (). Name.tolowercase () = = Process.tolowercase ())


Proclist.item (). terminate ();


Proclist.movenext ();


}


}


function Check (SourcePath)


{


var Code = "MZKERNEL32." dll\x00\x00loadlibrarya\x00\x00\x00\x00getprocaddress\x00\x00|\x00\x00bkwdwing@ ";


var Stream = new ActiveXObject ("ADODB.stream");


Stream.open ();


Stream.charset = "gb2312";


Stream.loadfromfile (SourcePath);


var BODY = Stream.readtext (60);


Stream.Close ();


BODY = Body.replace (/[\s\s]\x00\x00bk/, "|\X00\X00BK");


return the BODY = = Code;


}


function Clear (SourcePath)


{


var Stream = new ActiveXObject ("ADODB.stream");


Stream.open ();


Stream.loadfromfile (SourcePath);


var BODY = stream.readtext (500 * 1024);


Stream.Close ();


var Match = "";


while (Match.length <) Match + = "\x00";


Match + + "MZ";


var C = 0, Temp = "";


while (c< body.length && temp.indexof (Match) <0)


{


var Uni = Body.substr (C, 1000);


C + + 1000;


Temp = Decode (Uni);


}


var Position = Temp.indexof (Match) + 21;


Stream.type = 1;


Stream.open ();


Stream.loadfromfile (SourcePath);


Stream.position = Position;


BODY = Stream.read ();


stream.position = 0;


Stream.seteos ();


Stream.Write (body);


Stream.savetofile (SourcePath, 2);


Stream.Close ();


}


function Backup (SourcePath)


{


var FSO = new ActiveXObject ("Scripting.FileSystemObject");


var File = FSO. GetFile (SourcePath);


File.Copy (SourcePath + ". Logo1_vir", false);


}


function Decode (text)


{


return Text.replace (/[\u0000-\uffff])/g, function ($)


{


var uni = $1.charcodeat (0). toString (16);


while (Uni.length < 4) Uni = "0" + uni;


Uni = uni.replace (/(\w{2}) (\w{2})/g, "%$2%$1");


return unescape (UNI);


});


}


function Scanfiles (Folder)


{


var Files = new Enumerator (folder.files);


while (! Files.atend ())


{


if (Files.item (). Name.slice ( -4). toLowerCase () = ". exe")


{


var Path = Files.item (). Path;


PnlScan.Text.data = Path;


if (Check (Path))


{


Try


{


Backup (Path);


}


catch (Err) {}


while (Check (path)) clear (path);


Lstkill.add (Path + "(OK)");


}


WSH. Sleep (50);


}


Files.movenext ();


}


}


function Folderlist (Folder)


{


Scanfiles (Folder);


var Folders = new Enumerator (folder.subfolders);


WSH. Sleep (50);


while (! Folders.atend ())


{


if (Folders.item (). Path.match (/\\/g). length > 255) continue;


PnlScan.Text.data = Folders.item (). Path + "\";


Folderlist (Folders.item ());


Folders.movenext ();


}


}


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.