29 replies to this topic

[MXTECH]

Hey Peeps in the spirt of sharing i have posted here my companys Virus Guard Version 2.0, This program will locate and erase USB Viruses on any drive you tell it to. If you have any ideas on how to improve it let me know and it mite make it into version 3 ;)

Sub Main()

        On Error Resume Next

        Console.Title = "STINGER SOFTWARE SYSTEMS - VIRUS GUARD 2.2 (Pre-Release Build)"

        Console.ForegroundColor = ConsoleColor.White

        Dim targetdrive As String = "c:\"

        Console.WriteLine("STINGER SOFTWARE SYSTEMS - VIRUS GUARD C-2008")

        Console.WriteLine("DESIGNED BY: Jared Woodruff")

Console.WriteLine("http://schoolsecurity.vipsudio.com/?page_id=80")

        Console.WriteLine("Version 2.2(Pre-Release Build) - 22/09/2008")

        Console.WriteLine("")

        Console.WriteLine("Please Wait, Virus Detection Engine Booting...")

        Console.WriteLine("Detecting Scanable Drives...")

        For Each drive As DriveInfo In My.Computer.FileSystem.Drives

            Console.WriteLine("Drive " & drive.Name & " Scannable? " & drive.IsReady)

            Dim drvset As String = drive.VolumeLabel

        Next

        Console.WriteLine("")

        Console.WriteLine("Enter a Drive to Scan: ")

        Console.WriteLine("Example= (C:\).")

        Console.Write("Drive=")

        targetdrive = Console.ReadLine()

        Console.WriteLine("")

        Console.WriteLine("Target Drive = " + targetdrive)

        Console.WriteLine("Starting USB Viral Process Removal Service....")

        'Deff 20/09/2008

        Dim Svcvirus As Boolean

        Dim Svcvirus2 As Boolean

        Dim Svcvirus3 As Boolean

        Dim Rcyvirus As Boolean

        Svcvirus = My.Computer.FileSystem.FileExists(targetdrive + "windows\system32\service.exe")

        Svcvirus2 = My.Computer.FileSystem.FileExists(targetdrive + "windows\service.exe")

        Svcvirus3 = My.Computer.FileSystem.FileExists(targetdrive + "service.exe")

        Rcyvirus = My.Computer.FileSystem.DirectoryExists(targetdrive + "recycler")

        'Deff 18/09/2008

        Dim sscvihost As Boolean

        Dim sscvihost2 As Boolean

        Dim blastclnnn As Boolean

        Dim waveautorun As Boolean

        Dim waveautorun2 As Boolean

        Dim printautorun As Boolean

        sscvihost = My.Computer.FileSystem.FileExists(targetdrive + "windows\SSCVIHOST.exe")

        sscvihost2 = My.Computer.FileSystem.FileExists(targetdrive + "windows\system32\SSCVIHOST.exe")

        blastclnnn = My.Computer.FileSystem.FileExists(targetdrive + "windows\system32\blastclnnn.exe")

        waveautorun = My.Computer.FileSystem.FileExists(targetdrive + "windows\system32\autorun.ini")

        waveautorun2 = My.Computer.FileSystem.FileExists(targetdrive + "windows\system32\settings.ini")

        printautorun = My.Computer.FileSystem.FileExists(targetdrive + "windows\tasks\at1.job")

        'Deff 15/09/2008

        Dim autoprotect As Boolean

        Dim winsurf78 As Boolean

        Dim Genautorun As Boolean

        Dim Genautorun2 As Boolean

        winsurf78 = My.Computer.FileSystem.DirectoryExists(targetdrive + "Autorun")

        autoprotect = My.Computer.FileSystem.DirectoryExists(targetdrive + "Autoprotect")

        Genautorun = My.Computer.FileSystem.FileExists(targetdrive + "Autorun.inf")

        Genautorun2 = My.Computer.FileSystem.FileExists(targetdrive + "Autorun.ini")



        'Killing Virus Processes thread

        Console.WriteLine("Starting Illegal Process Termination....")

        Dim Virus1() As Process

        Virus1 = Process.GetProcessesByName("DrvMonitor")

        For Each proc As Process In Virus1

            proc.Kill()

            Console.WriteLine("Terminated DrvMonitor Illegal Process")

        Next

        Dim Virus2() As Process

        Virus2 = Process.GetProcessesByName("sscvihost")

        For Each proc As Process In Virus2

            proc.Kill()

            Console.WriteLine("Terminated sscvihost Illegal Process")

        Next

        Dim Virus3() As Process

        Virus3 = Process.GetProcessesByName("blastclnnn")

        For Each proc As Process In Virus3

            proc.Kill()

            Console.WriteLine("Terminated Blastclnnn Illegal Process")

        Next

        Dim Virus4() As Process

        Virus4 = Process.GetProcessesByName("service")

        For Each proc As Process In Virus4

            proc.Kill()

            Console.WriteLine("Terminated Service Illegal Process")

        Next

        Console.WriteLine("Finished Illegal Process Termination.")

        On Error Resume Next



        'General Threat Files NON-Background runners

        Console.WriteLine("Starting Virus Host file Termination....")

        If Rcyvirus = True Then

            My.Computer.FileSystem.DeleteDirectory(targetdrive + "recycler", FileIO.UIOption.OnlyErrorDialogs, FileIO.RecycleOption.DeletePermanently)

            Console.WriteLine("Removed Virus Recycler @ " + DateAndTime.Now)

        End If

        If Svcvirus = True Then

            My.Computer.FileSystem.DeleteFile(targetdrive + "windows\system32\service.exe", FileIO.UIOption.OnlyErrorDialogs, FileIO.RecycleOption.DeletePermanently)

            Console.WriteLine("Removed Virus W32.Svcvirus.1 @ " + DateAndTime.Now)

        End If

        If Svcvirus2 = True Then

            My.Computer.FileSystem.DeleteFile(targetdrive + "windows\service.exe", FileIO.UIOption.OnlyErrorDialogs, FileIO.RecycleOption.DeletePermanently)

            Console.WriteLine("Removed Virus W32.Svcvirus.2 @ " + DateAndTime.Now)

        End If

        If Svcvirus3 = True Then

            My.Computer.FileSystem.DeleteFile(targetdrive + "service.exe", FileIO.UIOption.OnlyErrorDialogs, FileIO.RecycleOption.DeletePermanently)

            Console.WriteLine("Removed Virus W32.Svcvirus.3 @ " + DateAndTime.Now)

        End If


        If winsurf78 = True Then

            My.Computer.FileSystem.DeleteDirectory(targetdrive + "Autorun", FileIO.UIOption.OnlyErrorDialogs, FileIO.RecycleOption.DeletePermanently)

            Console.WriteLine("Removed Virus W32.Winsurf78.w @ " + DateAndTime.Now)

        End If


        If autoprotect = True Then

            My.Computer.FileSystem.DeleteDirectory(targetdrive + "Autoprotect", FileIO.UIOption.OnlyErrorDialogs, FileIO.RecycleOption.DeletePermanently)

            Console.WriteLine("Removed Virus W32.Winsurf78.w @ " + DateAndTime.Now)

        End If


        If Genautorun2 = True Then

            My.Computer.FileSystem.DeleteFile(targetdrive + "Autorun.ini", FileIO.UIOption.OnlyErrorDialogs, FileIO.RecycleOption.DeletePermanently)

            Console.WriteLine("Removed Virus W32.Autorun.w @ " + DateAndTime.Now)

        End If


        If Genautorun = True Then

            My.Computer.FileSystem.DeleteFile(targetdrive + "Autorun.inf", FileIO.UIOption.OnlyErrorDialogs, FileIO.RecycleOption.DeletePermanently)

            Console.WriteLine("Removed Virus W32.Autorun.w @ " + DateAndTime.Now)

        End If

        'New Deffs 18/09/2008

        If sscvihost = True Then

            My.Computer.FileSystem.DeleteFile(targetdrive + "windows\SSCVIHOST.exe", FileIO.UIOption.OnlyErrorDialogs, FileIO.RecycleOption.DeletePermanently)

            Console.WriteLine("Removed Virus W32.SSCVIHOST.w @ " + DateAndTime.Now)

        End If

        If sscvihost2 = True Then

            My.Computer.FileSystem.DeleteFile(targetdrive + "windows\system32\SSCVIHOST.exe", FileIO.UIOption.OnlyErrorDialogs, FileIO.RecycleOption.DeletePermanently)

            Console.WriteLine("Removed Virus W32.SSCVIHOST.w2 @ " + DateAndTime.Now)

        End If

        If blastclnnn = True Then

            My.Computer.FileSystem.DeleteFile(targetdrive + "windows\system32\blastclnnn.exe", FileIO.UIOption.OnlyErrorDialogs, FileIO.RecycleOption.DeletePermanently)

            Console.WriteLine("Removed Virus W32.blastclnnn.w @ " + DateAndTime.Now)

        End If

        If waveautorun = True Then

            My.Computer.FileSystem.DeleteFile(targetdrive + "windows\system32\autorun.ini", FileIO.UIOption.OnlyErrorDialogs, FileIO.RecycleOption.DeletePermanently)

            Console.WriteLine("Removed Virus W32.Autorun.w @ " + DateAndTime.Now)

        End If

        If waveautorun2 = True Then

            My.Computer.FileSystem.DeleteFile(targetdrive + "windows\system32\settings.ini", FileIO.UIOption.OnlyErrorDialogs, FileIO.RecycleOption.DeletePermanently)

            Console.WriteLine("Removed Virus W32.Autorun.b @ " + DateAndTime.Now)

        End If

        If printautorun = True Then

            My.Computer.FileSystem.DeleteFile(targetdrive + "windows\tasks\at1.job", FileIO.UIOption.OnlyErrorDialogs, FileIO.RecycleOption.DeletePermanently)

            Console.WriteLine("Removed Virus W32.printautorun.w @ " + DateAndTime.Now)

        End If


        Console.WriteLine("Finished Virus Host file Termination.")

        Console.WriteLine("")

        Console.WriteLine(targetdrive + " is secure, No USB Viruses Remaining on " + targetdrive)

        Console.WriteLine("")

        Console.WriteLine("STINGER SOFTWARE SYSTEMS 2008")

        Console.WriteLine("www.vipsudio.com")

        Console.WriteLine("")

        Console.WriteLine("Press Anykey to close.")



        Console.Read()

        'Terminate Program

        End



    End Sub

Enjoy People!

By Jared Woodruff
Stinger Software systems ceo
STINGER SOFTWARE SYSTEMS

[MeTh0Dz]

I'm sorry, but this is crap.

[chili5]

I don't really think it's that efficient at all. Like is it that efficient to use a If statement to delete every possible USB virus file?

[MeTh0Dz]

And it isn't even close to being one percent of all the known virii.

[chili5]

Not only that, any time a new virus comes out, or an old one is changed to try to prevent it being detected you would have to rewrite the entire program.

[mike.blankenship]

Hi MXTEC,

I think your program is a good start. All killer apps start somewhere :)
It might be a good idea to store your virus detect info in a text file
and read it in with your main program, then you would just update the definition
file and not your app.

mike

[MXTECH]

mike.blankenship said:

Hi MXTEC,

I think your program is a good start. All killer apps start somewhere :)
It might be a good idea to store your virus detect info in a text file
and read it in with your main program, then you would just update the definition
file and not your app.

mike

Hey dude, thanks :)
Yeah it was just a simple app i made cos at my work we use symantec and all the Viruses that this thing kills are all the Viruses symantec doesnt get.
In the case of USB Drive scaning it is useful in the sense that most people dont put "Autorun.ini" in their usb root path so if it just suddenly pop's up then this app will kill it, i was working with the Idea of textfile stuff but i wouldnt know how to sort the list like:
Virus name: exampleVirus
Virus Root: C:\win\etc
but how do you get something like that to work?
and if you put a usb drive into the computer is there some code i can do to make it scan automaticly?

i'm new to this stuff mainly my company specialises in Anti-Network misue stuff like Program killers and network monitoring tools.

Any help would be great for this hobbie project though :)

[MXTECH]

chili5 said:

Not only that, any time a new virus comes out, or an old one is changed to try to prevent it being detected you would have to rewrite the entire program.

Yeah it was just a simple app i made cos at my work we use symantec and all the Viruses that this thing kills are all the Viruses symantec doesnt get.
In the case of USB Drive scaning it is useful in the sense that most people dont put "Autorun.ini" in their usb root path so if it just suddenly pop's up then this app will kill it, i was working with the Idea of textfile stuff but i wouldnt know how to sort the list like:
Virus name: exampleVirus
Virus Root: C:\win\etc
but how do you get something like that to work?
and if you put a usb drive into the computer is there some code i can do to make it scan automaticly?

[Steve.L]

Uhh... So what's stopping a virus from simply terminating your program on launch?

Epic fail.

[Zai]

Think my apps for detecting virus : SmadAV (smadav.net)

Created with Pure API + VB

It's useful in my country, Indonesia :)

[MXTECH]

Steve.L said:

Uhh... So what's stopping a virus from simply terminating your program on launch?

Epic fail.

It has to know my Program name or PUID, so if someone went to that much trouble to counter my app... well they deserve it haha

[MXTECH]

Zai said:

Think my apps for detecting virus : SmadAV (smadav.net)

Created with Pure API + VB

It's useful in my country, Indonesia :)

Pinging smadav.net [202.67.15.186] with 32 bytes of data:

Reply from 202.67.15.186: bytes=32 time=2085ms TTL=47

Reply from 202.67.15.186: bytes=32 time=2178ms TTL=47

Reply from 202.67.15.186: bytes=32 time=2052ms TTL=47

Reply from 202.67.15.186: bytes=32 time=3081ms TTL=47


Ping statistics for 202.67.15.186:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 2052ms, Maximum = 3081ms, Average = 2349ms

Hmmmm i tried to see your site it wouldnt load in my browser haha man it takes so long for a ping