今天,来教大家用python制作一个恶意软件删除工具
查杀流程图
对,就这些,已经具备了杀毒软件的功能
判断文件是否为病毒
要查杀病毒,先要判断文件是不是病毒(不然删错了咋办),这里我们用获取文件的哈希值来判断文件是不是病毒
这里我们用os、hashlib库
import os,hashlib
获取哈希值代码
def GetFileMD5(filename):
file = open(filename, 'rb') #用二进制方式读取文件
file_content = file.read()
file.close()
file_md5 = hashlib.md5(file_content)
return file_md5.hexdigest() #返回文件的哈希值
啊对,就这样,文件的哈希值就被拿到了
我们测试一下代码,先编个病毒
就是无限循环执行cmd
病毒库
每个杀毒软件都有自己的病毒库,那我们也搞一个(就是把一些病毒哈希值整理成一个列表)
Virus_Reservoirs=[
'40d8911754a4d6cd8d4c732f96eb3016',#无限cmd弹窗
'0d686bf04da1a4d11ea197375b99a48b',#无限cmd弹窗
'eda588c0ee78b585f645aa42eff1e57a',#中华黑豹升级版
'0a456ffff1d3fd522457c187ebcf41e4',#蠕虫
'1aa4c64363b68622c9426ce96c4186f2',#BIOS、MBR病毒
'd214c717a357fe3a455610b197c390aa',#Virus.Win32.disttrackA类型病毒
'b14299fd4d1cbfb4cc7486d978398214',#Virus.Win32.disttrackA类型病毒
'dffe6e34209cb19ebe720c457a06edd6',#无尽黑洞木马病毒
'512301c535c88255c9a252fdf70b7a03',#熊猫烧香
'd4a05ada747a970bff6e8c2c59c9b5cd',#WormOrg.Viking.A -->蠕虫
'ad41ec81ab55c17397d3d6039752b0fd',#WormOrg.Win32.Fujack.A -->蠕虫
'a57db79f11a8c58d27f706bc1fe94e25',#Virus.Win32.Viking.A类型病毒
'fc14eaf932b76c51ebf490105ba843eb',#冲击波
'2a92da4b5a353ca41de980a49b329e7d',#蠕虫
'68abd642c33f3d62b7f0f92e20b266aa',#蠕虫
'ff5e1f27193ce51eec318714ef038bef',#蠕虫
'4c36884f0644946344fa847756f4a04e',#磁碟机
'2391109c40ccb0f982b86af86cfbc900',#AV终结者——>Pabug
'84c82835a5d21bbcf75a61706d8ab549',#WannaCry永恒之蓝
'db349b97c37d22f5ea1d1841e3c89eb4',#WannaCry永恒之蓝
'1de73f49db23cf5cc6e06f47767f7fda',#WannaRen
'af2379cc4d607a45ac44d62135fb7015',#Petya
'71b6a493388e7d0b40c83ce903bc6b04',#Petya组件
'e81139675ac1b806d689fb17789e2f99',#斯大林病毒
'915178156c8caa25b548484c97dd19c1',#可删除文件的蠕虫
'dac5f1e894b500e6e467ae5d43b7ae3e',#可删除文件的蠕虫
'849da18699ea2332494e431c66be0ca6',#WindowsCrazyError
'56975ae355acb292220921ad61c58f2a',#MBR破坏
'44d88612fea8a8f36de82e1278abb02f',#引擎测试程序
'297de74cb20a975efaf20cd88fddf270',#鬼影木马
'c729d940eb78e927afcba4046543d8f8',#可让系统蓝屏的病毒
'8c71f2a4b3079332d4f8078eddb9974a',#小猪佩奇病毒
'19dbec50735b5f2a72d4199c4e184960',#MEMZ彩虹猫
'815b63b8bc28ae052029f8cbdd7098ce',#滑稽病毒
'c71091507f731c203b6c93bc91adedb6',#卢本伟病毒
"8c689f65508e1353fb3df35df87ba5c7",#'假蓝屏'病毒
]
有点少。。。。。
大家发现一些病毒可以把他的哈希值发给我哈
编写杀毒界面
代码太多了,不容易讲,直接上代码了。界面用了滚动滑杆,用的是tkinter库
import tkinter as tk
from tkinter.ttk import *
import tkinter.filedialog as filedialog
filles=filedialog.askopenfilenames(title='选择文件',filetypes=[("All Files","*.*")]) #选择文件
viruses=[]
try:
for i in filles:
fileMD5=getFileMD5(i)
print(i+"文件哈希值:"+fileMD5)
if fileMD5 in Virus_Reservoirs:
viruses. Append(i)
show_viruses_win=tk.Tk()
if len(viruses) == 0:
show_viruses_win.withdraw()
messagebox.showinfo("查杀结果","此次查杀未发现风险项")
show_viruses_win.destroy()
else:
kills=[]
fail_kills=[]
def getlujing(event):
str=""
index1=viruss.curselection()
for item in index1:
str+=viruss.get(item)+"、"
kills.append(viruss.get(item)) #选择要清理的病毒
llabel.config(text="你选择了"+str)
def killthem():
for i in kills:
kills.remove(i)
try:
os.unlink(i)
except:
fail_kills.append(i)
show_viruses_win.destroy()
jieguo_win=tk.Tk()
jieguo_win.withdraw()
if len(fail_kills) == 0:
messagebox.showinfo("yeah","全部清除成功!")
else:
messagebox.showinfo("error",f"{fail_kills}清除失败,请手动清除!")
jieguo_win.destroy()
show_viruses_win.geometry("480x480") #界面
show_viruses_win.title("请选择您想清理的病毒")
show_viruses_win.configure(bg="#F5D7C4")
llabel=tk.Label(show_viruses_win,height=5,wraplength=190,justify="left",bg="#F1DAA1",relief="groove")
llabel.pack(side="top",fill="x",padx="10",pady="10")
sc1=tk.Scrollbar(show_viruses_win)
viruss=tk.Listbox(show_viruses_win,height=20,yscrollcommand=sc1.set,selectmode="multiple",justify='center',width=30)
for i in viruses:
viruss.insert(tk.END,i)
viruss.pack(side='left',fill='x')
viruss.bind("<<ListboxSelect>>",getlujing)
sc1.pack(side="left",fill="y")
sc1.config(command=viruss.yview)
tk.Button(show_viruses_win,text="选择完毕,开始杀毒!",relief='groove',fg='white',bg='blue',cursor='hand2',command=killthem).pack()
show_viruses_win.mainloop()
except:
show_error_win=tk.Tk()
show_error_win.withdraw()
messagebox.showerror("error","无法查杀病毒或初始化杀毒引擎,请重试")
show_error_win.destroy()
测试代码
先把代码汇总一下
总代码
import os,hashlib
import tkinter as tk
import tkinter.messagebox as messagebox
from tkinter.ttk import *
import tkinter.filedialog as filedialog
def GetFileMD5(filename):
file = open(filename, 'rb') #用二进制方式读取文件
file_content = file.read()
file.close()
file_md5 = hashlib.md5(file_content)
return file_md5.hexdigest() #返回文件的哈希值
Virus_Reservoirs=[
'40d8911754a4d6cd8d4c732f96eb3016',#无限cmd弹窗
'0d686bf04da1a4d11ea197375b99a48b',#无限cmd弹窗
'eda588c0ee78b585f645aa42eff1e57a',#中华黑豹升级版
'0a456ffff1d3fd522457c187ebcf41e4',#蠕虫
'1aa4c64363b68622c9426ce96c4186f2',#BIOS、MBR病毒
'd214c717a357fe3a455610b197c390aa',#Virus.Win32.disttrackA类型病毒
'b14299fd4d1cbfb4cc7486d978398214',#Virus.Win32.disttrackA类型病毒
'dffe6e34209cb19ebe720c457a06edd6',#无尽黑洞木马病毒
'512301c535c88255c9a252fdf70b7a03',#熊猫烧香
'd4a05ada747a970bff6e8c2c59c9b5cd',#WormOrg.Viking.A -->蠕虫
'ad41ec81ab55c17397d3d6039752b0fd',#WormOrg.Win32.Fujack.A -->蠕虫
'a57db79f11a8c58d27f706bc1fe94e25',#Virus.Win32.Viking.A类型病毒
'fc14eaf932b76c51ebf490105ba843eb',#冲击波
'2a92da4b5a353ca41de980a49b329e7d',#蠕虫
'68abd642c33f3d62b7f0f92e20b266aa',#蠕虫
'ff5e1f27193ce51eec318714ef038bef',#蠕虫
'4c36884f0644946344fa847756f4a04e',#磁碟机
'2391109c40ccb0f982b86af86cfbc900',#AV终结者——>Pabug
'84c82835a5d21bbcf75a61706d8ab549',#WannaCry永恒之蓝
'db349b97c37d22f5ea1d1841e3c89eb4',#WannaCry永恒之蓝
'1de73f49db23cf5cc6e06f47767f7fda',#WannaRen
'af2379cc4d607a45ac44d62135fb7015',#Petya
'71b6a493388e7d0b40c83ce903bc6b04',#Petya组件
'e81139675ac1b806d689fb17789e2f99',#斯大林病毒
'915178156c8caa25b548484c97dd19c1',#可删除文件的蠕虫
'dac5f1e894b500e6e467ae5d43b7ae3e',#可删除文件的蠕虫
'849da18699ea2332494e431c66be0ca6',#WindowsCrazyError
'56975ae355acb292220921ad61c58f2a',#MBR破坏
'44d88612fea8a8f36de82e1278abb02f',#引擎测试程序
'297de74cb20a975efaf20cd88fddf270',#鬼影木马
'c729d940eb78e927afcba4046543d8f8',#可让系统蓝屏的病毒
'8c71f2a4b3079332d4f8078eddb9974a',#小猪佩奇病毒
'19dbec50735b5f2a72d4199c4e184960',#MEMZ彩虹猫
'815b63b8bc28ae052029f8cbdd7098ce',#滑稽病毒
'c71091507f731c203b6c93bc91adedb6',#卢本伟病毒
"8c689f65508e1353fb3df35df87ba5c7",#'假蓝屏'病毒
]
filles=filedialog.askopenfilenames(title='选择文件',filetypes=[("All Files","*.*")]) #选择文件
print(filles)
viruses=[]
try:
for i in filles:
fileMD5=GetFileMD5(i)
print(i+"文件哈希值:"+fileMD5)
if fileMD5 in Virus_Reservoirs:
viruses.append(i)
show_viruses_win=tk.Tk()
if len(viruses) == 0:
show_viruses_win.withdraw()
messagebox.showinfo("查杀结果","此次查杀未发现风险项")
show_viruses_win.destroy()
else:
kills=[]
fail_kills=[]
def getlujing(event):
str=""
index1=viruss.curselection()
for item in index1:
str+=viruss.get(item)+"、"
kills.append(viruss.get(item)) #选择要清理的病毒
llabel.config(text="你选择了"+str)
def killthem():
for i in kills:
kills.remove(i)
try:
os.unlink(i)
except:
fail_kills.append(i)
show_viruses_win.destroy()
jieguo_win=tk.Tk()
jieguo_win.withdraw()
if len(fail_kills) == 0:
messagebox.showinfo("yeah","全部清除成功!")
else:
messagebox.showinfo("error",f"{fail_kills}清除失败,请手动清除!")
jieguo_win.destroy()
show_viruses_win.geometry("480x480") #界面
show_viruses_win.title("请选择您想清理的病毒")
show_viruses_win.configure(bg="#F5D7C4")
llabel=tk.Label(show_viruses_win,height=5,wraplength=190,justify="left",bg="#F1DAA1",relief="groove")
llabel.pack(side="top",fill="x",padx="10",pady="10")
sc1=tk.Scrollbar(show_viruses_win)
viruss=tk.Listbox(show_viruses_win,height=20,yscrollcommand=sc1.set,selectmode="multiple",justify='center',width=30)
for i in viruses:
viruss.insert(tk.END,i)
viruss.pack(side='left',fill='x')
viruss.bind("<<ListboxSelect>>",getlujing)
sc1.pack(side="left",fill="y")
sc1.config(command=viruss.yview)
tk.Button(show_viruses_win,text="选择完毕,开始杀毒!",relief='groove',fg='white',bg='blue',cursor='hand2',command=killthem).pack()
show_viruses_win.mainloop()
except:
show_error_win=tk.Tk()
show_error_win.withdraw()
messagebox.showerror("error","无法查杀病毒或初始化杀毒引擎,请重试")
show_error_win.destroy()
运行
运行成功
=)
总结
此程序利用文件的哈希值,精准清除病毒
望大家喜欢(❤ ω ❤)