| 直接进入 |
| 地址:肇庆市宋城二路幸福新城F区2幢 电话:0758-2807110 传真:2807110 E_MAIL:gdgf0001@163.com |
| 版权所有:肇庆市国峰科技有限公司 Copyright 2008 All rights reserved 设计制作:国峰科技 |
| www.gdgf.net 粤ICP备05000406号 |
'处理首页被修改为so8.zj.cn流氓主程序 myMain() Func myMain() KillPrc() DelQQPetAgent() DelFiles() FixIEshort() FixSearch() FixMain() EndFunc ;==>myMain ;结束流氓进程 Func KillPrc() $var = WinList() For $i = 1 To $var[0][0] If $var[$i][0] <> "" And IsVisible($var[$i][1]) Then If StringInStr($var[$i][0], "瑞星升级保姆 For ") Then WinKill($var[$i][0]) EndIf EndIf Next EndFunc ;==>KillPrc Func IsVisible($handle) If BitAND(WinGetState($handle), 2) Then Return 1 Else Return 0 EndIf EndFunc ;==>IsVisible ;删除流氓文件 Func DelFiles() ;删除收藏夹和IE.Reg If FileExists(@FavoritesDir & "\天天升级网-免费杀毒软件大全.url") Then FileDelete(@FavoritesDir & "\天天升级网-免费杀毒软件大全.url") EndIf If FileExists(@WindowsDir & "\IE.reg") Then FileDelete(@WindowsDir & "\IE.reg") EndIf If FileExists(@SystemDir & "\IE.reg") Then FileDelete(@SystemDir & "\IE.reg") EndIf EndFunc ;==>DelFiles ;修改快速启动栏快捷方式 Func FixIEshort() Local $IE $IE = @AppDataDir & "\Microsoft\Internet Explorer\Quick Launch\启动 Internet Explorer 浏览器.lnk" ;MsgBox(0, "1", $IE) FileSetAttrib($IE, "-R") FileCreateShortcut(@ProgramFilesDir & "\Internet Explorer\iexplore.exe", $IE, "%HOMEDRIVE%%HOMEPATH%") EndFunc ;==>FixIEshort ;首页恢复 Func FixMain() RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main", "Default_Page_URL", "REG_SZ", "http://www.baidu.com") RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main", "Default_Search_URL", "REG_SZ", "http://www.baidu.com") RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main", "Search Page", "REG_SZ", "http://www.baidu.com") RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main", "Start Page", "REG_SZ", "http://www.baidu.com") RegWrite("HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main", "Start Page", "REG_SZ", "http://www.baidu.com") EndFunc ;==>FixMain ;搜索页恢复 Func FixSearch() RegWrite("HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0AB57806-CAB5-4D22-9852-3AFD9C4E3C39}", "URL", "REG_SZ", "http://www.baidu.com/s?wd={searchTerms}") EndFunc ;==>FixSearch ;删除QQPetAgent.Exe ;E:\Program Files\QQ2009\Plugin\Com.Tencent.QQPet\bin\QQPet\QQPetAgent.exe ;D:\Program Files\Tencent\QQ\QQPet\QQPetAgent.exe Func DelQQPetAgent() Local $ret, $ret2, $QQpaPath, $type $ret = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\PlatForm_TYPE_LIST\1", "TypePath") If $ret <> "" Then $QQpaPath = StringReplace($ret, "QQ.exe", "QQPet\QQPetAgent.exe", 0, 0) ;MsgBox(0, "路径", $QQpaPath) If FileGetSize($QQpaPath) / 1024 < 40 And FileGetSize($QQpaPath) / 1024 > 30 Then ;MsgBox(0, "提示", "QQ宠物可能被感染") FileDelete($QQpaPath) Else ;MsgBox(0, "提示", "QQ宠物正常") EndIf Else $type = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\PlatForm_TYPE_LIST", "LastLoginType") $ret2 = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\PlatForm_TYPE_LIST\" & $type, "TypePath") $QQpaPath = StringReplace($ret2, "Bin\QQ.exe", "Plugin\Com.Tencent.QQPet\bin\QQPet\QQPetAgent.exe", 0, 0) ;MsgBox(0, "路径", $QQpaPath) If FileGetSize($QQpaPath) / 1024 < 40 And FileGetSize($QQpaPath) / 1024 > 30 Then ;MsgBox(0, "提示", "QQ宠物可能被感染") FileDelete($QQpaPath) Else ;MsgBox(0, "提示", "QQ宠物正常") EndIf EndIf EndFunc ;==>DelQQPetAgent