标题清除1465的程序
栏目软件操作与技巧
作者陶从田
发布1994-06-17
#include <stdio.h>
#include <dir.h>
#include <dos.h>
#include <sys\stat.h>
#include <io.h>
#include <string.h>
FILE *fpi;
main(int argc,char *argv[])
{
char fname[30],test[30];
int k,n,done,mode,handle;
unsigned char endbyte[20];
struct ffblk ffp;
if (argc!=2) {
prinft("\n\n syntax:kill1465 FILENAME");
exit(1);
}
done=findfirst(argv[1],&ffp,0);
strcpy(test,argv[1]);
if(test[0]=='\\'||test[1]==':') {
for(k=0;test[k]!=NULL;k++)
for(n=0;test[k-n]!='\\'&&test[k-n]!=':';n++)
test[k-n+1]=NULL;
}
else test[0]=NULL;
while(!done) {
strcpy(fname,test);
strcat(fname,ffp.ff_name);
printf("\n\tScaning the file %s",fname);
mode=ffp.ff_attrib;
_chmod(fname,FA_RDONLY| FA_HIDDEN);
fpi=fopen(fname,"rb+");
if(fpi==NULL) printf("\n\t Error to open the file.");
else {
hadnle=fileno(fpi);
fseek(fpi,-0x11,SEEK_END);
fread(endbyte,17,1,fpi);
if(strstr(enbyte,"L4Q0DGDIIB+GLO")) {
printf("\nFound virus 1465 in %s ,Running...!",fname);
ffp.ff_fsize-=1465;
if(strstr(fname,"COM")) kill_com(ffp.ff_fsize);
if(strstr(fname,"EXE")) kill_exe(ffp.ff_fsize);
chsize(handle,ffp.ff_fsize);
printf("\n\n\t\t Clear !");
}
}
fclose(fpi);
_chmod(fname,1,mode);
done=findnext(&ffp);
}
}/*main()*/
kill_com(long length)
{
unsigned char lbyte[5];
int i;
fseek(fpi,(long)(length+5*256+32+4),0);
fread(lbyte,5,1,fpi);
for(i=5;i>0;i--) lbyte[5-i]^=i;
fseek(fpi,0,0);
fwrite(lbyte,5,1,fpi);
}
kill_exe(long length)
{
unsigned char lbytel[30],endbyte[30];
long int i,k,temp;
fseek(fpi,-0x95,SEEK_END);
fread(endbyte,0xa,1,fpi);
for(i=0;i<10;i++) endbyte[i]^=(10-i);
fseek(fpi,0,SEEK_SET);
fread(lbyte,24,1,fpi);
temp=(long)(length/512)+1;
lbyte[5]=temp-lbyte[5]*256;
k=length-(long)(temp-1)*512;
lbyte[3]=k/256;
lbyte[15]=(endbyte[1]*256+endbyte[0])/256;
lbyte[14]=endbyte[1]*256+endbyte[0]-(long)lbyte[15]*256;
lbyte[16]=endbyte[2];lbyte[17]=endbyte[3];
lbyte[20]=endbyte[6];lbyte[21]=endbyte[7];
lbyte[23]=(endbyte[9]*256+endbyte[8])/256;
lbyte[22]=endbyte[9*256+endbyte[8]-lbyte[23]*256;
fseek(fpi,0,0);
fwrite(lbyte,24,1,fpi);
}