插入了锁,让病毒永远没法解锁,病毒就算残留也干不了什么.
WCRYSLAP
/*
Code to prevent WCRY ransomware on an unpatched host, registers
the mutex used by the payload to prevent an infection from being
run on the host. Innoculates the host by registering the
same mutex. This wont stop your host being infected with the
worm and used to infect other hosts but it will stop the
ransomware component from being executed on a vulnerable host -
stopping the payload.
Compile with cl.exe /MT WCRYSLAP.cpp
-- Hacker Fantastic (www.myhackerhouse.com)
*/
#include <stdio.h>
#include <stdlib.h>
#include <string>
#include <tchar.h>
#include <Windows.h>
#include <Winuser.h>
#include <strsafe.h>
#pragma comment(lib, "user32")
int _tmain(int argc, _TCHAR* argv[])
{
HWND hWnd = GetConsoleWindow();// comment for NT4
HANDLE hMutexoneInstance = CreateMutex(NULL,TRUE,"Global\MsWinZonesCacheCounterMutexA0");
if(GetLastError()== ERROR_ALREADY_EXISTS){
printf("This machine is infected with WCRY worm already
");
while(1){
Sleep(10000);
}
}
printf("WCRY Worm innoculation - minimize but do not close this task");
ShowWindow(hWnd, SW_HIDE);
while(1){
Sleep(10000);
}
return 0;
}