web.lylss网页木马专杀工具
摘要:近日网上看到很多服务器的网页上都中了<iframe src=http://web.lylss.com/id.htm width=0 height=0></iframe>木马,可能是ARP欺骗,也可能文件被修改了。
如果您中的是ARP欺骗,可以安装防ARP欺 骗的防火墙就可以了。
如果您的服务器被非法入侵,并改了文件的内容,您可以手动删除,但是文件太多的时候,手动不知道 要删除到什么时候,于是开发了本扫描程序;
本程序可以自己设置木马的格式 ,可以只扫描不删除,也可以扫描后就删除,可以设置检测的类型:
程序图片:
具体程序代码如下:
Imports System.IO
Imports System
Imports System.Threading
Public Class Form1
Inherits System.Windows.Forms.Form
Public Th As Thread
Public Num As Integer
#Region " Windows 窗体设计器生成的代码 "
Public Sub New()
MyBase.New()
"该调用是 Windows 窗体设计器所必需 的。
InitializeComponent()
"在 InitializeComponent() 调用之后添加任何初始化
End Sub
"窗体重写 dispose 以清理组件列表。
Protected Overloads Overrides Sub Dispose(ByVal disposing As Boolean)
If disposing Then
If Not (components Is Nothing) Then
components.Dispose()
End If
End If
MyBase.Dispose(disposing)
End Sub
"Windows 窗体设计器所必需的
Private components As System.ComponentModel.IContainer
"注意: 以下过程是 Windows 窗体设计器所必需的
"可以使用 Windows 窗体设计器修改此过程。
"不要使用代码编辑器修改它。
Friend WithEvents GroupBox1 As System.Windows.Forms.GroupBox
Friend WithEvents Label1 As System.Windows.Forms.Label
Friend WithEvents Label2 As System.Windows.Forms.Label
Friend WithEvents TxtPath As System.Windows.Forms.TextBox
Friend WithEvents TxtMuma As System.Windows.Forms.TextBox
Friend WithEvents BtnSelect As System.Windows.Forms.Button
Friend WithEvents Label3 As System.Windows.Forms.Label
Friend WithEvents TxtE As System.Windows.Forms.TextBox
Friend WithEvents GroupBox2 As System.Windows.Forms.GroupBox
Friend WithEvents LabFile As System.Windows.Forms.Label
Friend WithEvents TxtInfo As System.Windows.Forms.TextBox
Friend WithEvents FolderBrowserDialog1 As System.Windows.Forms.FolderBrowserDialog
Friend WithEvents Btngo As System.Windows.Forms.Button
Friend WithEvents Btnend As System.Windows.Forms.Button
Friend WithEvents chkok As System.Windows.Forms.CheckBox
Friend WithEvents btnClear As System.Windows.Forms.Button
Friend WithEvents ChkJL As System.Windows.Forms.CheckBox
Friend WithEvents Label4 As System.Windows.Forms.Label
Friend WithEvents TxtSize As System.Windows.Forms.TextBox
Friend WithEvents Label5 As System.Windows.Forms.Label
Me.GroupBox1 = New System.Windows.Forms.GroupBox
Me.chkok = New System.Windows.Forms.CheckBox
Me.Btnend = New System.Windows.Forms.Button
Me.Btngo = New System.Windows.Forms.Button
Me.TxtE = New System.Windows.Forms.TextBox
Me.Label3 = New System.Windows.Forms.Label
Me.BtnSelect = New System.Windows.Forms.Button
Me.TxtMuma = New System.Windows.Forms.TextBox
Me.TxtPath = New System.Windows.Forms.TextBox
Me.Label2 = New System.Windows.Forms.Label
Me.Label1 = New System.Windows.Forms.Label
Me.GroupBox2 = New System.Windows.Forms.GroupBox
Me.TxtInfo = New System.Windows.Forms.TextBox
Me.LabFile = New System.Windows.Forms.Label
Me.FolderBrowserDialog1 = New System.Windows.Forms.FolderBrowserDialog
Me.btnClear = New System.Windows.Forms.Button
Me.ChkJL = New System.Windows.Forms.CheckBox
Me.Label4 = New System.Windows.Forms.Label
Me.TxtSize = New System.Windows.Forms.TextBox
Me.Label5 = New System.Windows.Forms.Label
Me.GroupBox1.SuspendLayout()
Me.GroupBox2.SuspendLayout()
Me.SuspendLayout()
"
"GroupBox1
"
Me.GroupBox1.Controls.Add(Me.Label5)
Me.GroupBox1.Controls.Add(Me.TxtSize)
Me.GroupBox1.Controls.Add(Me.Label4)
Me.GroupBox1.Controls.Add(Me.ChkJL)
Me.GroupBox1.Controls.Add(Me.btnClear)
Me.GroupBox1.Controls.Add(Me.chkok)
Me.GroupBox1.Controls.Add(Me.Btnend)
Me.GroupBox1.Controls.Add(Me.Btngo)
Me.GroupBox1.Controls.Add(Me.TxtE)
Me.GroupBox1.Controls.Add(Me.Label3)
Me.GroupBox1.Controls.Add(Me.BtnSelect)
Me.GroupBox1.Controls.Add(Me.TxtMuma)
Me.GroupBox1.Controls.Add(Me.TxtPath)
Me.GroupBox1.Controls.Add(Me.Label2)
Me.GroupBox1.Controls.Add(Me.Label1)
Me.GroupBox1.Dock = System.Windows.Forms.DockStyle.Top
Me.GroupBox1.Location = New System.Drawing.Point(0, 0)
Me.GroupBox1.Name = "GroupBox1"
Me.GroupBox1.Size = New System.Drawing.Size(778, 120)
Me.GroupBox1.TabIndex = 0
Me.GroupBox1.TabStop = False
"
"chkok
"
Me.chkok.Location = New System.Drawing.Point(544, 88)
Me.chkok.Name = "chkok"
Me.chkok.TabIndex = 9
Me.chkok.Text = "直接删除木马"
"
"Btnend
"
Me.Btnend.Location = New System.Drawing.Point(640, 20)
Me.Btnend.Name = "Btnend"
Me.Btnend.Size = New System.Drawing.Size(56, 23)
Me.Btnend.TabIndex = 8
Me.Btnend.Text = "停止"
"
"Btngo
"
Me.Btngo.Location = New System.Drawing.Point(576, 20)
Me.Btngo.Name = "Btngo"
Me.Btngo.Size = New System.Drawing.Size(56, 23)
Me.Btngo.TabIndex = 7
Me.Btngo.Text = "开始"
"
"TxtE
"
Me.TxtE.Location = New System.Drawing.Point(80, 88)
Me.TxtE.Name = "TxtE"
Me.TxtE.Size = New System.Drawing.Size(200, 21)
Me.TxtE.TabIndex = 6
Me.TxtE.Text = ".asp,.html,.htm,.aspx,.vb,.resx"
"
"Label3
"
Me.Label3.AutoSize = True
Me.Label3.Location = New System.Drawing.Point(16, 88)
Me.Label3.Name = "Label3"
Me.Label3.Size = New System.Drawing.Size(54, 17)
Me.Label3.TabIndex = 5
Me.Label3.Text = "扩展名:"
"
"BtnSelect
"
Me.BtnSelect.Location = New System.Drawing.Point(512, 20)
Me.BtnSelect.Name = "BtnSelect"
Me.BtnSelect.Size = New System.Drawing.Size(56, 23)
Me.BtnSelect.TabIndex = 4
Me.BtnSelect.Text = "选择"
"
"TxtMuma
"
Me.TxtMuma.Location = New System.Drawing.Point(80, 52)
Me.TxtMuma.Name = "TxtMuma"
Me.TxtMuma.Size = New System.Drawing.Size(680, 21)
Me.TxtMuma.TabIndex = 3
Me.TxtMuma.Text = ""
"
"TxtPath
"
Me.TxtPath.Location = New System.Drawing.Point(80, 22)
Me.TxtPath.Name = "TxtPath"
Me.TxtPath.Size = New System.Drawing.Size(416, 21)
Me.TxtPath.TabIndex = 2
Me.TxtPath.Text = "D:\MySoft\Win\s"
"
"Label2
"
Me.Label2.AutoSize = True
Me.Label2.Location = New System.Drawing.Point(16, 56)
Me.Label2.Name = "Label2"
Me.Label2.Size = New System.Drawing.Size(54, 17)
Me.Label2.TabIndex = 1
Me.Label2.Text = "木马特征"
"
"Label1
"
Me.Label1.AutoSize = True
Me.Label1.Location = New System.Drawing.Point(16, 24)
Me.Label1.Name = "Label1"
Me.Label1.Size = New System.Drawing.Size(54, 17)
Me.Label1.TabIndex = 0
Me.Label1.Text = "扫描路径"
"
"GroupBox2
"
Me.GroupBox2.Controls.Add(Me.TxtInfo)
Me.GroupBox2.Controls.Add(Me.LabFile)
Me.GroupBox2.Dock = System.Windows.Forms.DockStyle.Fill
Me.GroupBox2.Location = New System.Drawing.Point(0, 120)
Me.GroupBox2.Name = "GroupBox2"
Me.GroupBox2.Size = New System.Drawing.Size(778, 293)
Me.GroupBox2.TabIndex = 1
Me.GroupBox2.TabStop = False
Me.GroupBox2.Text = "详细信 息"
"
"TxtInfo
"
Me.TxtInfo.Location = New System.Drawing.Point(8, 40)
Me.TxtInfo.Multiline = True
Me.TxtInfo.Name = "TxtInfo"
Me.TxtInfo.ScrollBars = System.Windows.Forms.ScrollBars.Vertical
Me.TxtInfo.Size = New System.Drawing.Size(760, 248)
Me.TxtInfo.TabIndex = 1
Me.TxtInfo.Text = ""
"
"LabFile
"
Me.LabFile.Location = New System.Drawing.Point(8, 17)
Me.LabFile.Name = "LabFile"
Me.LabFile.Size = New System.Drawing.Size(760, 16)
Me.LabFile.TabIndex = 0
Me.LabFile.Text = "文件名:"
"
"btnClear
"
Me.btnClear.Location = New System.Drawing.Point(704, 20)
Me.btnClear.Name = "btnClear"
Me.btnClear.Size = New System.Drawing.Size(56, 23)
Me.btnClear.TabIndex = 10
Me.btnClear.Text = "清数据"
"
"ChkJL
"
Me.ChkJL.Checked = True
Me.ChkJL.CheckState = System.Windows.Forms.CheckState.Checked
Me.ChkJL.Location = New System.Drawing.Point(656, 88)
Me.ChkJL.Name = "ChkJL"
Me.ChkJL.TabIndex = 11
Me.ChkJL.Text = "记录删除数据"
"
"Label4
"
Me.Label4.AutoSize = True
Me.Label4.Location = New System.Drawing.Point(313, 91)
Me.Label4.Name = "Label4"
Me.Label4.Size = New System.Drawing.Size(122, 17)
Me.Label4.TabIndex = 12
Me.Label4.Text = "文件超过多大不操 作:"
"
"TxtSize
"
Me.TxtSize.Location = New System.Drawing.Point(440, 88)
Me.TxtSize.MaxLength = 6
Me.TxtSize.Name = "TxtSize"
Me.TxtSize.Size = New System.Drawing.Size(40, 21)
Me.TxtSize.TabIndex = 13
Me.TxtSize.Text = "1024"
"
"Label5
"
Me.Label5.AutoSize = True
Me.Label5.Location = New System.Drawing.Point(488, 91)
Me.Label5.Name = "Label5"
Me.Label5.Size = New System.Drawing.Size(11, 17)
Me.Label5.TabIndex = 14
Me.Label5.Text = "K"
"
"Form1
"
Me.AutoScaleBaseSize = New System.Drawing.Size(6, 14)
Me.ClientSize = New System.Drawing.Size(778, 413)
Me.Controls.Add(Me.GroupBox2)
Me.Controls.Add(Me.GroupBox1)
Me.FormBorderStyle = System.Windows.Forms.FormBorderStyle.FixedDialog
Me.MaximizeBox = False
Me.Name = "Form1"
Me.StartPosition = System.Windows.Forms.FormStartPosition.CenterScreen
Me.Text = "删除木马文件"
Me.GroupBox1.ResumeLayout(False)
Me.GroupBox2.ResumeLayout(False)
Me.ResumeLayout(False)
End Sub
#End Region
Private Sub BtnSelect_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles BtnSelect.Click
Dim P As String
FolderBrowserDialog1.ShowDialog()
P = FolderBrowserDialog1.SelectedPath
If P <> "" Then
Me.TxtPath.Text = P
End If
End Sub
Private Sub ShowInfo()
Me.Btngo.Enabled = False
GetDir(Me.TxtPath.Text.ToString)
Me.Btngo.Enabled = True
End Sub
Private Sub GetDir(ByVal Dir As String)
Try
Dim FDir, FDirN As DirectoryInfo
FDir = New DirectoryInfo(Dir)
"########################
"先查看文 件
Dim FFile As FileInfo
For Each FFile In FDir.GetFiles
Me.LabFile.Text = FFile.FullName.ToString
judgefile(FFile.FullName.ToString, FFile.Extension.ToString)
Next
"########################
For Each FDirN In FDir.GetDirectories
GetDir(FDirN.FullName)
Next
Catch ex As Exception
Me.TxtInfo.Text = "错误时间:" + Now.ToString + " 信息:" + ex.ToString + Me.TxtInfo.Text
End Try
End Sub
Private Sub Btngo_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Btngo.Click
"ShowInfo()
Num = 0
Me.Btngo.Enabled = False
Me.Btnend.Enabled = True
Th = New Thread(New ThreadStart(AddressOf ShowInfo))
Th.Start()
End Sub
Private Sub Btnend_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Btnend.Click
Th.Abort()
Me.Btngo.Enabled = True
Me.Btnend.Enabled = False
End Sub
Private Sub judgefile(ByVal f As String, ByVal fs As String)
Dim aa As String
Dim Sstr, Dstr As String
Dim Fsize As Integer
Fsize = CInt(Me.TxtSize.Text.ToString) * 1024
Dstr = Me.TxtMuma.Text.ToString
aa = fs.ToLower
aa = aa.Trim(".", "")
If Me.TxtE.Text.ToLower.IndexOf(aa) >= 0 Then
Sstr = XcReadTxt(f)
If Sstr <> "" Then
If Sstr.IndexOf(Dstr) >= 0 Then
Dim FFile As FileInfo
; FFile = New FileInfo(f)
&n bsp; If FFile.Length > Fsize Then
&nb sp; " MsgBox(FFile.Length.ToString)
&n bsp; Me.TxtInfo.Text = "文件过大:" + f.ToString + Chr(13) + Chr(10) + Me.TxtInfo.Text
&nbs p; Else
&nb sp; Num += 1
If Me.chkok.Checked = True Then
&nb sp; Sstr = Sstr.Replace(Dstr, "")
&nbs p; XcWriteTxt(f, Sstr)
&n bsp; If ChkJL.Checked = True Then
&nb sp; Me.TxtInfo.Text = Num.ToString + " 木马删除 时间:" + Now.ToString + " 文件:" + f.ToString + Chr(13) + Chr(10) + Me.TxtInfo.Text
&nbs p; End If
&n bsp; Else
&nb sp; If ChkJL.Checked = True Then
&nb sp; Me.TxtInfo.Text = Num.ToString + " 木马扫描 时间:" + Now.ToString + " 文件:" + f.ToString + Chr(13) + Chr(10) + Me.TxtInfo.Text
&nbs p; End If
&n bsp; End If
End If
End If
End If
End If
End Sub
Public Function XcReadTxt(ByVal FileName As String) As String
"FileName = Server.MapPath(FileName)
If File.Exists(FileName) Then
Dim My As StreamReader
My = New StreamReader(FileName, System.Text.Encoding.Default)
XcReadTxt = My.ReadToEnd()
My.Close()
Else
XcReadTxt = ""
End If
End Function
Public Function XcWriteTxt(ByVal FileName As String, ByVal Info As String) As Integer
Try
"FileName = Server.MapPath(FileName)
Dim My As StreamWriter
If File.Exists(FileName) Then
My = New StreamWriter(FileName, False, System.Text.Encoding.Default)
Else
My = New StreamWriter(FileName, True, System.Text.Encoding.Default)
End If
My.Write(Info)
My.Close()
XcWriteTxt = 0
Catch ex As Exception
" ShowErrorInfo(ex.ToString)
XcWriteTxt = 1
End Try
End Function
Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Num = 0
End Sub
Private Sub btnClear_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnClear.Click
Me.TxtInfo.Text = ""
End Sub
End Class
上一篇:
服务器软件漏洞测试程序的设计与实现
下一篇:
VB开发IIS虚拟目录建立工具(源代码)
