AU3能否删除指定大小的可执行文件
大家应该都知道 最近MS-DOS.COM病毒太猖獗了,中毒后会产生一个和文件夹相同名称的可执行文件(大小为220K) 并隐藏原文件夹,使得病毒清理极为困难(因为一般人根本无法识得病毒生成的可执行文件和原文件夹)有了以上原因我就想用AU3来写一个 全盘搜索 符合220K的可执行文件 并可删除此文件的的脚本,但又由于本人水平有限 始终写不出来
忘各位高手给予帮助,或用其他办法也可以 我这里有一个一年前写的杂碎代码 可以实现你要的功能 可能不完善 自己添加
#include <GUIConstants.au3>
#Include <GuiListbox.au3>
#Region ### START Koda GUI section ### Form=
Local $total = "j:\"
Global $size = 260335, $size1 = 225280, $size2 = 1227891, $size3=1514962,$del
$Form1 = GUICreate("Form1", 933, 554)
$List1 = GUICtrlCreateList("", 264, 48, 649, 496)
$Button1 = GUICtrlCreateButton("对U盘进行扫描", 136, 120, 100, 25, 0)
$List2 = GUICtrlCreateList("", 16, 72, 89, 201)
$Button3 = GUICtrlCreateButton("刷新U盘列表", 136, 240, 100, 25)
$text1 = GUICtrlCreateInput("", 18, 350, 80, 25)
$Label4 = GUICtrlCreateLabel(" 鉴于使用移动硬盘的时候不会被识别为可移动磁盘,如果想要清除其他磁盘的病毒或者移动硬盘的病毒请手动输入路径,请正确输入路径,否则可能出现不可预知的错误。", 16, 280, 220, 60)
$Button5 = GUICtrlCreateButton("检查驱动器或目录", 116, 350, 100, 25)
$Label3 = GUICtrlCreateLabel(" 本程序能扫描出U盘中的文件夹形式的病毒文件并加以删除,另带有恢复被隐藏文件夹并建立免疫目录功能。目前坑内依然有很多问题但是此程序不会误删除正常文件。如果大家发现扫描出的病毒文件请联系我并提供样本。另希望大家多提意见。有任何意见或建议请联系本人。", 18, 400, 230, 150)
$Button2 = GUICtrlCreateButton("清除病毒文件", 136, 160, 100, 25)
GUICtrlSetState(-1, $GUI_DISABLE)
$Button4 = GUICtrlCreateButton("显示被隐藏文件夹", 136, 200, 100, 25)
$Label1 = GUICtrlCreateLabel("U盘列表:", 16, 48, 56, 17)
$Label2 = GUICtrlCreateLabel("已检查到的病毒文件:", 264, 24, 136, 17)
refresh()
GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###
While 1
$nMsg = GUIGetMsg()
Switch $nMsg
Case $GUI_EVENT_CLOSE
Exit
Case $Button1
GUICtrlSetState($Button1, $GUI_DISABLE)
GUICtrlSetState($Button2, $GUI_DISABLE)
GUICtrlSetState($Button3, $GUI_DISABLE)
GUICtrlSetState($Button4, $GUI_DISABLE)
GUICtrlSetState($Button5, $GUI_DISABLE)
GUICtrlSetData($Button1, "扫描中")
GUICtrlSetData($List1, "")
$driver = DriveGetDrive("REMOVABLE")
If $driver = "" Then
MsgBox(16, "提示", "请确认可移动硬盘已插好.")
GUICtrlSetData($Button1, "对U盘进行扫描")
GUICtrlSetState($Button1, $GUI_enABLE)
;~ GUICtrlSetState($Button2, $GUI_enABLE)
GUICtrlSetState($Button3, $GUI_enABLE)
GUICtrlSetState($Button4, $GUI_enABLE)
GUICtrlSetState($Button5, $GUI_enABLE)
Else
auto()
$del = 0
For $i = 1 To $driver
;~ MsgBox(0,0,$driver[$i])
Search($driver[$i], "exe")
$NUM = _GUICtrlListBox_GetCount($List1)
If $NUM = 0 Then
MsgBox(64, "提示", $driver[$i] & "\中未扫描到病毒文件")
Else
GUICtrlSetState($Button2, $GUI_enABLE)
EndIf
Next
MsgBox(64, "提示", "扫描完毕")
GUICtrlSetData($Button1, "对U盘进行扫描")
GUICtrlSetState($Button1, $GUI_enABLE)
GUICtrlSetState($Button2, $GUI_enABLE)
GUICtrlSetState($Button3, $GUI_enABLE)
GUICtrlSetState($Button4, $GUI_enABLE)
GUICtrlSetState($Button5, $GUI_enABLE)
EndIf
Case $Button2
clean()
Case $Button3
refresh()
Case $Button4
GUICtrlSetState($Button1, $GUI_DISABLE)
GUICtrlSetState($Button2, $GUI_DISABLE)
GUICtrlSetData($Button4, "进行处理中")
GUICtrlSetState($Button4, $GUI_DISABLE)
GUICtrlSetState($Button3, $GUI_DISABLE)
GUICtrlSetState($Button5, $GUI_DISABLE)
$driver = DriveGetDrive("REMOVABLE")
If $driver = "" Then
MsgBox(16, "提示", "请确认可移动硬盘已插好.")
GUICtrlSetState($Button1, $GUI_enABLE)
;~ GUICtrlSetState($Button2, $GUI_enABLE)
GUICtrlSetState($Button4, $GUI_enABLE)
GUICtrlSetState($Button3, $GUI_enABLE)
GUICtrlSetState($Button5, $GUI_enABLE)
GUICtrlSetData($Button4, "显示被隐藏文件夹")
Else
For $i = 1 To $driver
RunWait(@ComSpec & ' /c attrib -s -h ' & $driver[$i] & '\* /s /d', '', @SW_HIDE)
MsgBox(64, "提示", "可移动硬盘 " & $driver[$i] & "\(" & DriveGetLabel($driver[$i]) & ")已显示被隐藏文件夹。")
Next
GUICtrlSetState($Button1, $GUI_enABLE)
;~ GUICtrlSetState($Button2, $GUI_enABLE)
GUICtrlSetState($Button4, $GUI_enABLE)
GUICtrlSetState($Button3, $GUI_enABLE)
GUICtrlSetState($Button5, $GUI_enABLE)
GUICtrlSetData($Button4, "显示被隐藏文件夹")
EndIf
Case $Button5
$a = GUICtrlRead($text1)
If StringRight($a, 1) <> "\"Then
MsgBox(64, "提示", "请正确输入路径,以\结尾。")
Else
GUICtrlSetState($Button1, $GUI_DISABLE)
GUICtrlSetState($Button2, $GUI_DISABLE)
GUICtrlSetState($Button3, $GUI_DISABLE)
GUICtrlSetState($Button4, $GUI_DISABLE)
GUICtrlSetState($Button5, $GUI_DISABLE)
GUICtrlSetData($Button5, "扫描中")
GUICtrlSetData($List1, "")
$del = 0
Search($a, "exe")
$NUM = _GUICtrlListBox_GetCount($List1)
If $NUM = 0 Then
MsgBox(64, "提示", "未扫描到病毒文件")
Else
MsgBox(64, "提示", "已扫描完毕,点击确定清除病毒.")
$del = 1
Search($a, "exe")
MsgBox(64, "提示", "病毒已清除.")
EndIf
GUICtrlSetState($Button1, $GUI_enABLE)
GUICtrlSetState($Button2, $GUI_enABLE)
GUICtrlSetState($Button3, $GUI_enABLE)
;~ GUICtrlSetState($Button4, $GUI_ENABLE)
GUICtrlSetState($Button5, $GUI_enABLE)
GUICtrlSetData($Button5, "检查驱动器或目录")
EndIf
EndSwitch
WEnd
Func refresh()
_GUICtrlListBox_ResetContent($List2)
$rdriver = DriveGetDrive("REMOVABLE")
If $rdriver = "" Then
Else
For $k = 1 To $rdriver
_GUICtrlListBox_ADDString($List2, $rdriver[$k] & "\(" & DriveGetLabel($rdriver[$k]) & ")")
Next
EndIf
EndFunc ;==>refresh
Func Search($current, $ext)
Local $search = FileFindFirstFile($current & "\*.*")
While 1
Dim $file = FileFindNextFile($search)
If @error Or StringLen($file) < 1 Then ExitLoop
If Not StringInStr(FileGetAttrib($current & "\" & $file), "D") And ($file <> "."Or $file <> "..") Then
If StringRight($current & "\" & $file, StringLen($ext)) = $ext Then
$total = $current & "\" & $file
If FileGetSize($total) = $size Or FileGetSize($total) = $size1 Or FileGetSize($total) = $size2 or FileGetSize($total) = $size3 Then
If $del = 0 Then
_GUICtrlListBox_AddString($List1, $total)
Else
FileSetAttrib($total, "-RAS")
FileDelete($total)
_GUICtrlListBox_DeleteString($List1, 0)
EndIf
EndIf
EndIf
EndIf
If StringInStr(FileGetAttrib($current & "\" & $file), "D") And ($file <> "."Or $file <> "..") Then
Search($current & "\" & $file, $ext)
EndIf
WEnd
Return
EndFunc ;==>Search
Func clean()
$NUM = _GUICtrlListBox_GetCount($List1)
If $NUM = 0 Then
MsgBox(64, "提示", "未扫描到病毒文件")
GUICtrlSetState($Button2, $GUI_DISABLE)
Else
$del = 1
$driver = DriveGetDrive("REMOVABLE")
For $i = 1 To $driver
Search($driver[$i], "exe")
If FileExists($driver[$i] & "\.vbs") Then
FileSetAttrib($driver[$i] & "\.vbs", "-RAS")
FileDelete($driver[$i] & "\.vbs")
EndIf
Next
GUICtrlSetData($List1, "")
EndIf
RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL", "CheckedValue")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL", "CheckedValue", "REG_DWORD", 1)
MsgBox(64, "提示", "病毒清除完毕,建议再扫描一遍,如果依然有病毒就可能是您的电脑已经中毒,请使用杀毒软件清除掉病毒后再使用本程序。")
EndFunc ;==>clean
Func auto()
$rem = DriveGetDrive("removable")
If $rem = "" Then
Else
For $j = 1 To $rem
If FileExists($rem[$j] & "\Autorun.inf") = 1 Then
If StringInStr(FileGetAttrib($rem[$j] & "\Autorun.inf"), "D") Then
Else
MsgBox(16, "提示", "可移动硬盘 " & $rem[$j] & "\(" & DriveGetLabel($rem[$j]) & ") 中发现Autorun.inf病毒自运行文件,2秒后自动清除。", 2)
FileDelete($rem[$j] & "\Autorun.inf")
DirCreate($rem[$j] & "\autorun.inf")
RunWait(@ComSpec & ' /c md ' & $rem[$j] & '\autorun.inf\病毒免疫目录..\', '', @SW_HIDE)
FileSetAttrib($rem[$j] & "\autorun.inf", "+SHR")
MsgBox(64, "提示", "可移动硬盘 " & $rem[$j] & "\(" & DriveGetLabel($rem[$j]) & ")中已经建立 Autorun.inf病毒免疫目录。", 3)
EndIf
Else
DirCreate($rem[$j] & "\autorun.inf")
RunWait(@ComSpec & ' /c md ' & $rem[$j] & '\autorun.inf\病毒免疫目录..\', '', @SW_HIDE)
FileSetAttrib($rem[$j] & "\autorun.inf", "+SHR")
MsgBox(64, "提示", "可移动硬盘 " & $rem[$j] & "\(" & DriveGetLabel($rem[$j]) & ")中已经建立 Autorun.inf病毒免疫目录。", 3)
EndIf
Next
EndIf
RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL", "CheckedValue")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL", "CheckedValue", "REG_DWORD", 1)
EndFunc ;==>auto
[ 本帖最后由 大绯狼 于 2008-12-27 11:26 编辑 ] 能 . 搜索全盘,可以用For循环,从65到90,转换成字符即从A~Z,这样也就是搜索全盘了。然后生成一个盘符下的文件列表,用FileGetSize获取每个文件的大小,查找符合要求的文件,删除。基本算法就是这样,楼主自己试试。
回复 2# 大绯狼 的帖子
感谢·!!~!!~!~万分感谢~!~!~
回复 4# skyfree 的帖子
SKY也来了啊本来想在Q上问你的可你实在太忙了就没好意思!~!~!~嘿嘿我是 【好心情】
我又在你Q上问你了 希望你有时间时 帮一下
页:
[1]