TO:死水
那是系统文件
刚才用delphi做了一个清除该程序的例子,在delphi7+win2K下运行通过
program Project1;
{$APPTYPE CONSOLE}
uses
SysUtils,windows,Registry;
var
hCurrentWindow: HWnd;
szText: array[0..254] of char;
Reg: TRegistry;
begin
hCurrentWindow := GetWindow(GetTopWindow(0), GW_HWNDFIRST);
while hCurrentWindow <> 0do
begin
if GetWindowText(hCurrentWindow, @szText, 255) > 0 then
begin
//windowstext为'OICQ 密码记录器3'
if pos('OICQ 密码',StrPas(@szText))<>0 then
PostMessage(hCurrentWindow,$0010{wm_Close},0,0);
end;
hCurrentWindow := GetWindow(hCurrentWindow, GW_HWNDNEXT);
end;
//清除注册表
Reg := TRegistry.Create;
Reg.RootKey := HKEY_LOCAL_MACHINE;
if Reg.OpenKey('/SOFTWARE/Microsoft/Windows/CurrentVersion/Run', false) then
begin
Reg.DeleteValue('Scanreg');
Reg.DeleteKey('Scanreg');
Reg.CloseKey;
end;
(看了金山的说明才知还改了这些地方!)
Reg.RootKey := HKEY_CLASSES_ROOT;
if Reg.OpenKey('/comfile/shell/open/command', false) then
begin
Reg.WriteString('','"%1" %*');
Reg.CloseKey;
end;
if Reg.OpenKey('/exefile/shell/open/command', false) then
begin
Reg.WriteString('','"%1" %*');
Reg.CloseKey;
end;
Reg.Free;
fillchar(szText,255,#0);
GetSystemDirectory(szText,length(szText));
DeleteFile(pchar(StrPas(szText)+'/Internets.exe'));
DeleteFile(pchar(StrPas(szText)+'/svh0st.exe'));
DeleteFile(pchar(StrPas(szText)+'/Scanregw.exe'));
end.