logmein Posted June 16, 2009 Share Posted June 16, 2009 (edited) This is my antimalware program, database with over 3500 signatures, support online update!expandcollapse popup#include <GUIConstants.au3> #include <WindowsConstants.au3> #include <StaticConstants.au3> #include <ButtonConstants.au3> #include <GUIConstants.au3> #include <process.au3> #include <Date.au3> Opt("TrayMenuMode", 1) HotKeySet('{Esc}', 'terminate') ;================================================================= Dim $dbpath = @ScriptDir & '\Database.3db' Dim $read = FileRead($dbpath) Dim $url = 'http://vantimalware.do.am/database.3db' Dim $split2 = StringReplace($read, @CRLF, @TAB) Dim $split = StringSplit($split2, @TAB) Dim $backuppath = @ScriptDir & '\Backup\' Dim $size1 = '',$size2 = '',$terminate = False Dim $temp = @SystemDir & '\DatabaseBackupforURL.ini' ;================================================================= ConsoleWrite ('completed!') #Region ### START Koda GUI section ### Form=C:\Program Files\Forms\main.kxf $Form = GUICreate("MalwareKill v 1.0.0.0 db : 00001", 374, 142, -1, -1) $Label1 = GUICtrlCreateLabel("Choose a directory to scan :", 8, 8, 136, 17) $Input = GUICtrlCreateInput("", 8, 32, 334, 21) $browse = GUICtrlCreateButton("...", 344, 31, 27, 24, 0) GUICtrlSetCursor (-1, 0) $remove = GUICtrlCreateCheckbox("&Remove infected item(s)", 8, 64, 137, 17) $backup = GUICtrlCreateCheckbox("&Create backup", 8, 88, 97, 17) $scan = GUICtrlCreateButton("&Scan", 8, 112, 75, 25, 0) GUICtrlSetFont(-1, 10, 800, 0, "MS Sans Serif") GUICtrlSetCursor (-1, 0) $about = GUICtrlCreateButton("&About", 216, 112, 75, 25, 0) GUICtrlSetCursor (-1, 0) $exit = GUICtrlCreateButton("&Exit", 296, 112, 75, 25, 0) GUICtrlSetCursor (-1, 0) $vault = GUICtrlCreateLabel("[...]", 104, 90, 24, 17) GUICtrlSetFont(-1, 8, 800, 0, "MS Sans Serif") GUICtrlSetColor(-1, 0x0000FF) GUICtrlSetCursor (-1, 0) TraySetClick("9") $mOpen = TrayCreateItem("&Open Control Panel") $MenuItem9 = TrayCreateItem("") $mVault = TrayCreateItem("&Vaults") $MenuItem7 = TrayCreateItem("") $mCheck = TrayCreateItem("&Check for Updates") $MenuItem12 = TrayCreateItem("") $mExit = TrayCreateItem("&Exit") GUISetState(@SW_SHOW) #EndRegion ### END Koda GUI section ### While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE GUISetState (@SW_HIDE,$Form) Case $scan If GUICtrlRead ($Input) = '' Then MsgBox (16,'Error!','Please select a directory to scan.','',$Form) Else go (GUICtrlRead ($Input)) EndIf Case $exit Exit case $vault ShellExecute ($backuppath) EndSwitch $tmsg = TrayGetMsg () Switch $tmsg Case $mExit Exit Case $mOpen GUISetState (@SW_SHOW,$Form) case $mCheck _update () case $mvault ShellExecute ($backuppath) EndSwitch WEnd Func Go($parameter) If not FileExists ($parameter) Then MsgBox (32,'Error!','The selected directory not found!','',$Form) Return EndIf GUISetState (@SW_HIDE,$Form) ProgressOn ('Scanning... Press Esc to abort',$parameter,'....',-1,-1,18) $size1 = DriveSpaceTotal ($parameter) * 1024 * 1024 ConsoleWrite($size1 & $parameter) $timer = TimerInit() $terminate = False $fileCount = 0 $searchLocation = $parameter If StringRight($searchLocation, 1) = "\" Then $searchLocation = StringTrimRight($searchLocation, 1) $searchHandle = FileFindFirstFile($searchLocation & "\*.*") If ($searchHandle == -1) Then MsgBox(0, "Error", "The folder could not be opened.") Return EndIf ; Check if the folder was empty If (@error == 1) Then MsgBox(0, "Error", "The folder is empty") Return EndIf $answer = search($searchHandle, $searchLocation) If Not $answer Then Return FileClose($searchHandle) MsgBox (64,'Info','Done!','',$Form) ProgressOff () Return ;GUICtrlSetData($ScanningFileI, "Completed!") EndFunc;==>Go Func search($searchHandle, $searchLocation) $toReturn = "" $terminate = False $fileCount = 0 While (True) If $terminate = True Then $toReturn = '' ProgressOff () GUISetState (@SW_SHOW,$Form) ExitLoop EndIf $file = FileFindNextFile($searchHandle) If @error Then ExitLoop EndIf $toReturn = $toReturn & $searchLocation & "\" & $file ;ConsoleWrite ($toReturn) $fileCount += 1 $size2 += FileGetSize ($toReturn) ProgressSet (($size2 * 100)/$size1,FileGetShortName($toReturn,1)) _scanfile($toReturn) $toReturn = '' $md5 = '' $attrib = FileGetAttrib($searchLocation & "\" & $file) If StringInStr($attrib, "D") Then $search2 = FileFindFirstFile($searchLocation & "\" & $file & "\*.*") $toReturn = $toReturn & search($search2, $searchLocation & "\" & $file) EndIf WEnd Return $toReturn EndFunc;==>search Func _scanfile($parameter) Local $i = 0 If $terminate = true then $toReturn = '' ProgressOff () GUISetState (@SW_SHOW,$Form) Return EndIf Local $y = 0, $count = 0, $size = 0 If Not StringInStr(FileGetAttrib($parameter), 'D') Then $md5 = _MD5ForFile($parameter) ;ConsoleWrite ($md5 & @CRLF) Else Return EndIf For $i = 1 To $split[0] If $split[$i] = $md5 Then ;create backup If GUICtrlRead ($backup) = 1 Then FileCopy ($parameter,$backuppath & StringReplace(StringReplace(_NowCalc (),'/',' '),':',' ') & '.bku',9) FileWriteLine ($backuppath & StringReplace(StringReplace(_NowCalc (),'/',' '),':',' ') & '.bku','backup') EndIf ;remove infected file If GUICtrlRead ($remove) = 4 Then $msg1 = MsgBox (4+262144+16,'Malware found!','Location : ' & $parameter & @CRLF & 'Size : ' & Round(FileGetSize ($parameter)/1024,2) & ' kB' & @CRLF & 'Malware found : ' & $split[$i-1],'',$Form) If $msg1 = 6 Then _RunDOS ('DEL ' & '"' & $parameter & '" /F /Q') Else Return EndIf Else _RunDOS ('DEL ' & '"' & $parameter & '" /F /Q') EndIf EndIf Next ;EndIf $toReturn = '' $md5 = '' EndFunc;==>_scanfile Func Terminate() $terminate = True If @InetGetActive Then InetGet ('abort') EndIf EndFunc;==>Terminate Func _MD5ForFile($sFile) Local $a_hCall = DllCall("kernel32.dll", "hwnd", "CreateFileW", _ "wstr", $sFile, _ "dword", 0x80000000, _; GENERIC_READ "dword", 1, _; FILE_SHARE_READ "ptr", 0, _ "dword", 3, _; OPEN_EXISTING "dword", 0, _; SECURITY_ANONYMOUS "ptr", 0) If @error Or $a_hCall[0] = -1 Then Return SetError(1, 0, "") EndIf Local $hFile = $a_hCall[0] $a_hCall = DllCall("kernel32.dll", "ptr", "CreateFileMappingW", _ "hwnd", $hFile, _ "dword", 0, _; default security descriptor "dword", 2, _; PAGE_READONLY "dword", 0, _ "dword", 0, _ "ptr", 0) If @error Or Not $a_hCall[0] Then DllCall("kernel32.dll", "int", "CloseHandle", "hwnd", $hFile) Return SetError(2, 0, "") EndIf DllCall("kernel32.dll", "int", "CloseHandle", "hwnd", $hFile) Local $hFileMappingObject = $a_hCall[0] $a_hCall = DllCall("kernel32.dll", "ptr", "MapViewOfFile", _ "hwnd", $hFileMappingObject, _ "dword", 4, _; FILE_MAP_READ "dword", 0, _ "dword", 0, _ "dword", 0) If @error Or Not $a_hCall[0] Then DllCall("kernel32.dll", "int", "CloseHandle", "hwnd", $hFileMappingObject) Return SetError(3, 0, "") EndIf Local $pFile = $a_hCall[0] Local $iBufferSize = FileGetSize($sFile) Local $tMD5_CTX = DllStructCreate("dword i[2];" & _ "dword buf[4];" & _ "ubyte in[64];" & _ "ubyte digest[16]") DllCall("advapi32.dll", "none", "MD5Init", "ptr", DllStructGetPtr($tMD5_CTX)) If @error Then DllCall("kernel32.dll", "int", "UnmapViewOfFile", "ptr", $pFile) DllCall("kernel32.dll", "int", "CloseHandle", "hwnd", $hFileMappingObject) Return SetError(4, 0, "") EndIf DllCall("advapi32.dll", "none", "MD5Update", _ "ptr", DllStructGetPtr($tMD5_CTX), _ "ptr", $pFile, _ "dword", $iBufferSize) If @error Then DllCall("kernel32.dll", "int", "UnmapViewOfFile", "ptr", $pFile) DllCall("kernel32.dll", "int", "CloseHandle", "hwnd", $hFileMappingObject) Return SetError(5, 0, "") EndIf DllCall("advapi32.dll", "none", "MD5Final", "ptr", DllStructGetPtr($tMD5_CTX)) If @error Then DllCall("kernel32.dll", "int", "UnmapViewOfFile", "ptr", $pFile) DllCall("kernel32.dll", "int", "CloseHandle", "hwnd", $hFileMappingObject) Return SetError(6, 0, "") EndIf DllCall("kernel32.dll", "int", "UnmapViewOfFile", "ptr", $pFile) DllCall("kernel32.dll", "int", "CloseHandle", "hwnd", $hFileMappingObject) Local $sMD5 = Hex(DllStructGetData($tMD5_CTX, "digest")) Return SetError(0, 0, $sMD5) EndFunc;==>_MD5ForFile Func _update() If Not FileExists($dbpath) Then MsgBox(16, 'Error!', 'The malware database not found! Reinstall the program may fix the problem!', '', $Form) Exit EndIf FileCopy ($dbpath,$temp,9);back up ;bat dau lay phien ban ProgressOn ('Update Progress','Updating...','Initiazing...',-1,-1,18) $si = InetGetSize($Url) If @error Then MsgBox (16,'Error!','Could not update the database.Please check your network connection!','',$Form) ProgressOff () Return EndIf $currentsi = FileGetSize($dbpath) If $si >= $currentsi Then $msg1 = MsgBox(4 + 32 + 262144, 'Auto Update', 'A new database released. Do you want to download it now?', '', $Form) If $msg1 = 6 Then InetGet($Url, @TempDir & '\database.3db', 1, 1) While @InetGetActive Sleep (150) ProgressSet((@InetGetBytesRead * 100)/$si, 'Downloading... ' & Round(@InetGetBytesRead / 1000, 0) & ' kB/' & Round($si / 1000, 0) & ' kB') WEnd Sleep(5000) ProgressOff () If FileGetSize (@TempDir & '\database.3db') > FileGetSize ($dbpath) and FileGetSize (@TempDir & '\database.3db') = $si Then FileCopy (@TempDir & '\database.3db',$dbpath,9) Else MsgBox (32,'Error!','Database update progress failed!','',$Form) Return EndIf Else MsgBox(64, 'Info', 'You have the latest database version!', '', $Form) ProgressOff () Return EndIf Else MsgBox(64, 'Info', 'You have the latest database version!', '', $Form) ProgressOff () Return EndIf EndFunc;==>_updateDatabase : [download]Special Thanks to :- Prab- trancexx Edited July 21, 2009 by logmein [font=arial, helvetica, sans-serif][s]Total USB Security 3.0 Beta[/s] | [s]Malware Kill[/s] | Malware Scanner | Screen Hider | Locker | Matrix Generator[s]AUTO-SYNC 1.0 | MD5 Hash Generator | URL Checker | Tube Take [/s]| Random Text[/font] Link to comment Share on other sites More sharing options...
logmein Posted June 16, 2009 Author Share Posted June 16, 2009 no comment? [font=arial, helvetica, sans-serif][s]Total USB Security 3.0 Beta[/s] | [s]Malware Kill[/s] | Malware Scanner | Screen Hider | Locker | Matrix Generator[s]AUTO-SYNC 1.0 | MD5 Hash Generator | URL Checker | Tube Take [/s]| Random Text[/font] Link to comment Share on other sites More sharing options...
LittleCoderNthai Posted July 4, 2009 Share Posted July 4, 2009 Great!!!!!!!!! Tuyệt. Em cũng là Vietnamese nè. Cho em nick y! đi! Link to comment Share on other sites More sharing options...
dexto Posted July 5, 2009 Share Posted July 5, 2009 wow... thats a lot of work... Link to comment Share on other sites More sharing options...
trancexx Posted July 5, 2009 Share Posted July 5, 2009 @logmein; you are not obligated by anything to credit me for the code written by me and used by you. But if you do, please do it properly. If I wanted to be T, I wouldn't be t. ...nothing more. ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
dexto Posted July 5, 2009 Share Posted July 5, 2009 MD5 with DllCalls looks really appetizing... is that your code trancexx? Link to comment Share on other sites More sharing options...
trancexx Posted July 6, 2009 Share Posted July 6, 2009 Yes it is. Thanks for the correction logmein. ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
Info Posted July 7, 2009 Share Posted July 7, 2009 Amazing work! Keep it coming! Link to comment Share on other sites More sharing options...
euverve Posted July 21, 2009 Share Posted July 21, 2009 I think it needs this....case $browse $var = FileSelectFolder("Choose a folder.", "") if @error = 1 then ContinueLoop GUICtrlSetData($Input, $var) Link to comment Share on other sites More sharing options...
logmein Posted July 21, 2009 Author Share Posted July 21, 2009 Thanks about the comments. I will add it soon! :-) [font=arial, helvetica, sans-serif][s]Total USB Security 3.0 Beta[/s] | [s]Malware Kill[/s] | Malware Scanner | Screen Hider | Locker | Matrix Generator[s]AUTO-SYNC 1.0 | MD5 Hash Generator | URL Checker | Tube Take [/s]| Random Text[/font] Link to comment Share on other sites More sharing options...
sloppyprogrammer Posted July 21, 2009 Share Posted July 21, 2009 Very nice! [center]They say that there is only 10 kinds of people that understand binary code; those who do, and those who don't...[/center][center]Get it? :P[/center] Link to comment Share on other sites More sharing options...
logmein Posted July 22, 2009 Author Share Posted July 22, 2009 I think the database is too small. Who can help me improve it? [font=arial, helvetica, sans-serif][s]Total USB Security 3.0 Beta[/s] | [s]Malware Kill[/s] | Malware Scanner | Screen Hider | Locker | Matrix Generator[s]AUTO-SYNC 1.0 | MD5 Hash Generator | URL Checker | Tube Take [/s]| Random Text[/font] Link to comment Share on other sites More sharing options...
Jman Posted September 7, 2009 Share Posted September 7, 2009 (edited) I think the database is too small. Who can help me improve it?I would like to help, however what is the best editor for the .3db file.Sadly I found your database at: Malwarepatrol.netJust want to advise anyone to read the terms on there site before use of there db file. Edited September 16, 2009 by Jman Link to comment Share on other sites More sharing options...
neology Posted December 1, 2009 Share Posted December 1, 2009 i have more than 17K files' MD5 hashes known as malware..it is embed in my Neo Virus Remover database.. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now