WCRY 绝对防御代码

/ 0评 / 0

插入了锁,让病毒永远没法解锁,病毒就算残留也干不了什么.
WCRYSLAP

/*
   Code to prevent WCRY ransomware on an unpatched host, registers
   the mutex used by the payload to prevent an infection from being
   run on the host. Innoculates the host by registering the
   same mutex. This wont stop your host being infected with the
   worm and used to infect other hosts but it will stop the
   ransomware component from being executed on a vulnerable host -
   stopping the payload.
   Compile with cl.exe /MT WCRYSLAP.cpp
    -- Hacker Fantastic (www.myhackerhouse.com)
*/
#include <stdio.h>
#include <stdlib.h>
#include <string>
#include <tchar.h>
#include <Windows.h>
#include <Winuser.h>
#include <strsafe.h>
#pragma comment(lib, "user32")
int _tmain(int argc, _TCHAR* argv[])
{
	HWND hWnd = GetConsoleWindow();// comment for NT4
	HANDLE hMutexoneInstance = CreateMutex(NULL,TRUE,"Global\MsWinZonesCacheCounterMutexA0");
	if(GetLastError()== ERROR_ALREADY_EXISTS){
		printf("This machine is infected with WCRY worm already
");
		while(1){
			Sleep(10000);
		}
	}
	printf("WCRY Worm innoculation - minimize but do not close this task");
	ShowWindow(hWnd, SW_HIDE);
	while(1){
		Sleep(10000);
	}
	return 0;
}

 

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注