清除1465的程序

Author: 陶从田 Date: 1994-06-17

        #include <stdio.h>
        #include <dir.h>
        #include <dos.h>
        #include <sys\stat.h>
        #include <io.h>
        #include <string.h>
        FILE *fpi;
        main(int argc,char *argv[])
        {
        char fname[30],test[30];
        int k,n,done,mode,handle;
        unsigned char endbyte[20];
        struct ffblk ffp;
        if (argc!=2) {
        prinft("\n\n syntax:kill1465 FILENAME");
        exit(1);
        }
        done=findfirst(argv[1],&ffp,0);
        strcpy(test,argv[1]);
        if(test[0]=='\\'||test[1]==':')  {
        for(k=0;test[k]!=NULL;k++)
        for(n=0;test[k-n]!='\\'&&test[k-n]!=':';n++)
        test[k-n+1]=NULL;
        }
          else test[0]=NULL;
        while(!done)  {
        strcpy(fname,test);
        strcat(fname,ffp.ff_name);
        printf("\n\tScaning the file %s",fname);
        mode=ffp.ff_attrib;
        _chmod(fname,FA_RDONLY| FA_HIDDEN);
             fpi=fopen(fname,"rb+");
        if(fpi==NULL)  printf("\n\t Error to open the file.");
        else  {
        hadnle=fileno(fpi);
        fseek(fpi,-0x11,SEEK_END);
        fread(endbyte,17,1,fpi);
        if(strstr(enbyte,"L4Q0DGDIIB+GLO"))  {
        printf("\nFound virus 1465 in %s ,Running...!",fname);
        ffp.ff_fsize-=1465;
        if(strstr(fname,"COM"))  kill_com(ffp.ff_fsize);
        if(strstr(fname,"EXE"))  kill_exe(ffp.ff_fsize);
        chsize(handle,ffp.ff_fsize);
        printf("\n\n\t\t Clear !");
        }
        }
        fclose(fpi);
        _chmod(fname,1,mode);
        done=findnext(&ffp);
        }
        }/*main()*/
        
        kill_com(long length)
        {
        unsigned char lbyte[5];
        int i;
        fseek(fpi,(long)(length+5*256+32+4),0);
        fread(lbyte,5,1,fpi);
        for(i=5;i>0;i--) lbyte[5-i]^=i;
        fseek(fpi,0,0);
        fwrite(lbyte,5,1,fpi);
        }
        
        kill_exe(long length)
        {
        unsigned char lbytel[30],endbyte[30];
        long int i,k,temp;
        fseek(fpi,-0x95,SEEK_END);
        fread(endbyte,0xa,1,fpi);
        for(i=0;i<10;i++)  endbyte[i]^=(10-i);
        fseek(fpi,0,SEEK_SET);
        fread(lbyte,24,1,fpi);
        temp=(long)(length/512)+1;
        lbyte[5]=temp-lbyte[5]*256;
        k=length-(long)(temp-1)*512;
        lbyte[3]=k/256;
        lbyte[15]=(endbyte[1]*256+endbyte[0])/256;
        lbyte[14]=endbyte[1]*256+endbyte[0]-(long)lbyte[15]*256;
        lbyte[16]=endbyte[2];lbyte[17]=endbyte[3];
        lbyte[20]=endbyte[6];lbyte[21]=endbyte[7];
           lbyte[23]=(endbyte[9]*256+endbyte[8])/256;
        lbyte[22]=endbyte[9*256+endbyte[8]-lbyte[23]*256;
        fseek(fpi,0,0);
        fwrite(lbyte,24,1,fpi);
        }