服务器被人种了《叽哩瓜叽(jlguaji.exe)》又叫《软件精灵》,导致服务器内存和CPU大幅攀升,无法正常运行,而且还不能删除,网上也很少有资料。只能自己写程序来杀除。
(1)C++代码方式:
#include "stdafx.h"
#include <windows.h>
#include <tlhelp32.h>
BOOL FindAndKillProcessByName(LPCTSTR strProcessName)
{
if(NULL == strProcessName)
{
return FALSE;
}
HANDLE handle32Snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (INVALID_HANDLE_VALUE == handle32Snapshot)
{
return FALSE;
}
PROCESSENTRY32 pEntry;
pEntry.dwSize = sizeof( PROCESSENTRY32 );
int flag=Process32First(handle32Snapshot, &pEntry);
while(flag)
{
if (!_tcsicmp(pEntry.szExeFile, strProcessName))
{
HANDLE handLe = OpenProcess(PROCESS_TERMINATE , FALSE, pEntry.th32ProcessID);
BOOL bResult = TerminateProcess(handLe,0);
}
flag=Process32Next(handle32Snapshot, &pEntry);
}
CloseHandle(handle32Snapshot);
return FALSE;
}
int _tmain(int argc, _TCHAR* argv[])
{
//隐藏窗体
HWND hWnd = GetConsoleWindow();
if (hWnd != 0)
{
ShowWindow(hWnd, 0); // 0 = SW_HIDE
}
//杀死进程
while(true)
{
FindAndKillProcessByName(_T("jlguaji.exe"));
Sleep(1000000);
}
return 0;
}
(2)C#代码:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading;
using System.Runtime.InteropServices;
namespace ConsoleApplication1
{
class Program
{
static void Main(string[] args)
{
IntPtr hWnd = FindWindow(null, Console.Title );
if (hWnd != IntPtr.Zero)
{
ShowWindow(hWnd, 0); // 0 = SW_HIDE
}
while (true)
{
CloseProcess();
Thread.Sleep(1000000);
}
}
private static void CloseProcess()
{
System.Diagnostics.Process[] process = System.Diagnostics.Process.GetProcessesByName("jlguaji");
foreach (System.Diagnostics.Process p in process)
{
p.Kill();
}
}
[DllImport("user32.dll")]
static extern bool ShowWindow(IntPtr hWnd, int nCmdShow);
[DllImport("user32.dll")]
public static extern IntPtr FindWindow(string lpClassName, string lpWindowName);
}
}