肇庆市国峰科技有限公司

地址：肇庆市宋城二路幸福新城F区2幢电话：0758-2807110 传真：2807110 E_MAIL：gdgf0001@163.com

'处理首页被修改为so8.zj.cn流氓主程序 myMain() Func myMain() KillPrc() DelQQPetAgent() DelFiles() FixIEshort() FixSearch() FixMain() EndFunc ;==>myMain ;结束流氓进程 Func KillPrc() $var = WinList() For $i = 1 To $var[0][0] If $var[$i][0] <> "" And IsVisible($var[$i][1]) Then If StringInStr($var[$i][0], "瑞星升级保姆 For ") Then WinKill($var[$i][0]) EndIf EndIf Next EndFunc ;==>KillPrc Func IsVisible($handle) If BitAND(WinGetState($handle), 2) Then Return 1 Else Return 0 EndIf EndFunc ;==>IsVisible ;删除流氓文件 Func DelFiles() ;删除收藏夹和IE.Reg If FileExists(@FavoritesDir & "\天天升级网-免费杀毒软件大全.url") Then FileDelete(@FavoritesDir & "\天天升级网-免费杀毒软件大全.url") EndIf If FileExists(@WindowsDir & "\IE.reg") Then FileDelete(@WindowsDir & "\IE.reg") EndIf If FileExists(@SystemDir & "\IE.reg") Then FileDelete(@SystemDir & "\IE.reg") EndIf EndFunc ;==>DelFiles ;修改快速启动栏快捷方式 Func FixIEshort() Local $IE $IE = @AppDataDir & "\Microsoft\Internet Explorer\Quick Launch\启动 Internet Explorer 浏览器.lnk" ;MsgBox(0, "1", $IE) FileSetAttrib($IE, "-R") FileCreateShortcut(@ProgramFilesDir & "\Internet Explorer\iexplore.exe", $IE, "%HOMEDRIVE%%HOMEPATH%") EndFunc ;==>FixIEshort ;首页恢复 Func FixMain() RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main", "Default_Page_URL", "REG_SZ", "http://www.baidu.com") RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main", "Default_Search_URL", "REG_SZ", "http://www.baidu.com") RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main", "Search Page", "REG_SZ", "http://www.baidu.com") RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main", "Start Page", "REG_SZ", "http://www.baidu.com") RegWrite("HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main", "Start Page", "REG_SZ", "http://www.baidu.com") EndFunc ;==>FixMain ;搜索页恢复 Func FixSearch() RegWrite("HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0AB57806-CAB5-4D22-9852-3AFD9C4E3C39}", "URL", "REG_SZ", "http://www.baidu.com/s?wd={searchTerms}") EndFunc ;==>FixSearch ;删除QQPetAgent.Exe ;E:\Program Files\QQ2009\Plugin\Com.Tencent.QQPet\bin\QQPet\QQPetAgent.exe ;D:\Program Files\Tencent\QQ\QQPet\QQPetAgent.exe Func DelQQPetAgent() Local $ret, $ret2, $QQpaPath, $type $ret = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\PlatForm_TYPE_LIST\1", "TypePath") If $ret <> "" Then $QQpaPath = StringReplace($ret, "QQ.exe", "QQPet\QQPetAgent.exe", 0, 0) ;MsgBox(0, "路径", $QQpaPath) If FileGetSize($QQpaPath) / 1024 < 40 And FileGetSize($QQpaPath) / 1024 > 30 Then ;MsgBox(0, "提示", "QQ宠物可能被感染") FileDelete($QQpaPath) Else ;MsgBox(0, "提示", "QQ宠物正常") EndIf Else $type = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\PlatForm_TYPE_LIST", "LastLoginType") $ret2 = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\PlatForm_TYPE_LIST\" & $type, "TypePath") $QQpaPath = StringReplace($ret2, "Bin\QQ.exe", "Plugin\Com.Tencent.QQPet\bin\QQPet\QQPetAgent.exe", 0, 0) ;MsgBox(0, "路径", $QQpaPath) If FileGetSize($QQpaPath) / 1024 < 40 And FileGetSize($QQpaPath) / 1024 > 30 Then ;MsgBox(0, "提示", "QQ宠物可能被感染") FileDelete($QQpaPath) Else ;MsgBox(0, "提示", "QQ宠物正常") EndIf EndIf EndFunc ;==>DelQQPetAgent 非主流QQ门户网址导航中国小说网易博影院我爱软件网软件189 伟哥美国伟哥伟哥的价格伟哥的作用万艾可万艾可价格万艾可作用伟哥美国伟哥伟哥专卖伟哥的效果万艾可 Viagra 伟哥美国伟哥万艾可原装进口伟哥伟哥美国伟哥万艾可 Viagra 伟哥中文网伟哥网伟哥伟哥美国伟哥万艾可原装进口伟哥