The specific analysis of the virus is seen in the "evil postman" variant u (ie "Love Back Door" Variety V) Analysis Report M. This virus is very disgusting to change all EXE files all of the disk to the ZMX suffix file and set its properties to system files and hide files. Many software can clear the virus, but repair the infected EXE file may be more troublesome. Below this Python program first calls the Windows cmd command, set the properties of the infected file back to the original property, and then use recursive to restore the suffix name of the infected file.
#Recover all infected .zmx fileimport oscount = 0 # Global Variable Os.system (R'ATtrib- * .zmx / s) # All infected files infected with the system files and the parameters in parentheses In fact, Windows's shell command is actually modified to modify the infection file attribute as a normal property cwd = os.getcwd () Get the current folder #core function is a recursive function, and all infected ZMX file suffixes will be returned. EXEDEF CORE (N_DIR): Global Count Print 'now IN' N_DIR OS.CHDIR (N_Dir) Li = OS.Listdir (n_dir) Lifile = [x for x in li ife '.zmx' in x] if len (lifile) ! = 0: Print Lifile for F in Lifile: Os.Rename (f, f.replace ('. Zmx')) Print 'File' F 'Is Cured SuccessFully!' Count = 1 LIDIR = [ x for x in li if os.path.isdir (x)] if len (limited) == 0: Return Print Lidir #just for debug for d in Lidir: core (n_dir '//' D)
IF __NAME__ == "__main__": Core (CWD) Print "CONGRATULATIONS !!" STR (Count) "Infected Files R Found IN" CWD 'and the r all success cremed !!!' Raw_Input ("Press Any Key To end program "# This statement can avoid the command line window automatically shut down
When the file is placed in a directory (such as a C-root directory), you can fix all viral infections in this directory. You can make a slight modification, first get the partition of the system, then run the above function from each partition root directory. It is worth noting that when the number of files is large, the program may be more time-consuming (for example, when I use the program to repair the infection file in my computer F, the program is running for two minutes. And the partition The number of documents is 69751, and the number of folders is 1216, and the size of the partition is 28.9g). The recursive algorithm of the program is not very satisfactory. In fact, you can use the shell command to solve the problem, save the following commands as a .bat file, or use the python's os.system () function to perform the following statement
