dxFastRun Update

2020-10-29 23:07:42 +08:00 · 2020-10-29 23:07:42 +08:00 · d61a46260c
commit d61a46260c
parent 6139b43cd7
4 changed files with 74 additions and 1 deletions
--- a/Infected_Removeable_Disk/767ac83224a31b257ed755871b06bf7d4afae2ca65015be69c7691df355d7c2e/767ac83224a31b257ed755871b06bf7d4afae2ca65015be69c7691df355d7c2e.zip
+++ b/Infected_Removeable_Disk/767ac83224a31b257ed755871b06bf7d4afae2ca65015be69c7691df355d7c2e/767ac83224a31b257ed755871b06bf7d4afae2ca65015be69c7691df355d7c2e.zip
--- a/Infected_Removeable_Disk/767ac83224a31b257ed755871b06bf7d4afae2ca65015be69c7691df355d7c2e/anti-dxFastRun.exe
+++ b/Infected_Removeable_Disk/767ac83224a31b257ed755871b06bf7d4afae2ca65015be69c7691df355d7c2e/anti-dxFastRun.exe
--- a/Infected_Removeable_Disk/767ac83224a31b257ed755871b06bf7d4afae2ca65015be69c7691df355d7c2e/anti-dxFastRun.py
+++ b/Infected_Removeable_Disk/767ac83224a31b257ed755871b06bf7d4afae2ca65015be69c7691df355d7c2e/anti-dxFastRun.py
@ -0,0 +1,70 @@
 import os,psutil,time,hashlib,win32con,win32api
 def search_files(path,tagfile):
    number=0
    fulldir_result=[]
    for ipath in os.listdir(path):
        fulldir = os.path.join(path,ipath) 
        if(os.path.isfile(fulldir)): 
            if(tagfile in os.path.split(fulldir)[1]): 
                fulldir_result.append(fulldir)
                number=number+1
    return fulldir_result
 def sha256(filname):
    with open(filname, "rb") as f:
        sha256obj = hashlib.sha256()
        sha256obj.update(f.read())
        hash_value = sha256obj.hexdigest()
        return hash_value
 disks_list=psutil.disk_partitions()
 print(disks_list)
 checked=[]
 while(True):
    for pid in psutil.pids():
        try:
            p=psutil.Process(pid)
            if os.path.basename(p.exe())=='dxFastRun.exe':
                p.kill()
                print("kill")
                os.remove(p.exe())
                print("delete")
        except:
            pass
    disk_list=psutil.disk_partitions()
    for i in range(0,len(disks_list)):
        try:
            disk_list.remove(disks_list[i])
        except:
            pass
    print(disk_list)
    for i in range(0,len(disk_list)):
        if(disk_list[i].device in checked):
            pass
        else:
            exe_list=search_files(disk_list[i].device,'.exe')
            print(exe_list)
            for i in range(0,len(exe_list)):
                sha=sha256(exe_list[i])
                print(sha)
                if(sha256(exe_list[i])=="767ac83224a31b257ed755871b06bf7d4afae2ca65015be69c7691df355d7c2e"):
                    print("found virus in disk")
                    os.remove(exe_list[i])
                    print("delete")
                    win32api.SetFileAttributes(exe_list[i].replace(".exe",""), win32con.FILE_ATTRIBUTE_NORMAL)
                    print("set dirs")
        checked.append(disk_list[i].device)
    for i in range(0,len(checked)):
        try:
            if(checked[i] in str(psutil.disk_partitions())):
                pass
            else:
                checked.remove(checked[i])
        except:
            checked=[]
    time.sleep(1)
--- a/README.md
+++ b/README.md
@ -1,4 +1,7 @@
 # Ghink Security
-#### Introduction
+### Introduction
 Ghink Security Lab's Virus and Special Killing Tools's warehouse.
 ### Others
 The password of Virus's Zipfile is "ghinksecurity".