Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Imports System
- Imports System.ComponentModel
- Imports System.Diagnostics
- Imports System.Drawing
- Imports System.IO
- Imports System.Runtime.CompilerServices
- Imports System.Security.Cryptography
- Imports System.Text
- Imports Microsoft.VisualBasic
- Imports Microsoft.VisualBasic.CompilerServices
- Imports System.Windows.Forms
- Imports System.Net
- Imports System.Data
- Imports System.Collections.Generic
- Imports System.Threading
- Public Class Form1
- #Region "Values"
- Dim ipv4Stats As System.Net.NetworkInformation.IPv4InterfaceStatistics
- Dim netstats As System.Net.NetworkInformation.NetworkInterface
- Private DrivesList As List(Of String)
- Public WM_DEVICECHANGE As Integer = &H219
- Shared files As Integer
- Shared progr As Integer
- Shared scanbox As String
- Shared cc As Integer
- Shared infected As Integer
- Shared filePath As String
- Shared fileStream As FileStream
- Shared streamWriter As StreamWriter
- Shared P As String
- Shared F As String
- Shared par As String
- Shared array As String()
- Shared filesarr As String()
- Shared workiscompleted As Boolean = False
- Shared Scan As Integer
- #End Region
- #Region "Bools"
- Public ScanOnPlugIn As Boolean
- Public DelAutorun As Boolean
- #End Region
- Public Enum ScanType
- PathScan = 0
- FileScan = 1
- Binaries = 2
- RemScan = 3
- End Enum
- #Region "HexTypes"
- Dim KeyboardHook As String() = {"48 6F 6F 6B 43 61 6C 6C 62 61 63 6B", "47 65 74 41 73 79 6E 63 4B 65 79 53 74 61 74 65"}
- Dim Rats As String() = {"44 61 72 6B 63 6F 6D 65 74", "43 79 62 65 72 47 61 74 65", "42 6C 61 63 6B 73 68 61 64 65 73", "4A 53 70 79", "4E 61 6E 6F 43 6F 72 65", "6C 65 67 61 63 79 4C 69 6E 6B", "49 6D 6D 69 6E 65 6E 74 20 4D 6F 6E 69 74 6F 72"}
- #End Region
- Public WithEvents ScanThread As BackgroundWorker
- Public Enum WM_DEVICECHANGE_WParams As Integer
- DeviceInserted = &H8000
- DeviceRemoved = &H8004
- End Enum
- Public Sub WriteToLog(ByVal msg As String)
- If Not System.IO.Directory.Exists(Application.StartupPath & "\Log\") Then
- System.IO.Directory.CreateDirectory(Application.StartupPath & "\Log\")
- End If
- Try
- Dim fs As FileStream = New FileStream(Application.StartupPath & "\Log\Log.txt", FileMode.OpenOrCreate, FileAccess.ReadWrite)
- Dim s As StreamWriter = New StreamWriter(fs)
- s.Close()
- fs.Close()
- Dim fs1 As FileStream = New FileStream(Application.StartupPath & "\Log\Log.txt", FileMode.Append, FileAccess.Write)
- Dim s1 As StreamWriter = New StreamWriter(fs1)
- s1.Write(msg & vbCrLf)
- s1.Close()
- fs1.Close()
- Catch exception1 As Exception
- ProjectData.SetProjectError(exception1)
- Dim ex As Exception = exception1
- ProjectData.ClearProjectError()
- End Try
- End Sub
- Protected Overrides Sub WndProc(ByRef w As System.Windows.Forms.Message)
- If w.Msg = WM_DEVICECHANGE Then
- Select Case w.WParam
- Case WM_DEVICECHANGE_WParams.DeviceInserted
- For Each Drive As DriveInfo In DriveInfo.GetDrives()
- If Drive.IsReady AndAlso Not DrivesList.Contains(Drive.Name) Then
- If DelAutorun = True Then
- If IsAutorunExists(Drive.Name) Then
- DeleteAutorun(Drive.Name)
- Else
- End If
- End If
- If ScanOnPlugIn = True Then
- RemovableScan(Drive.Name)
- Else
- Exit Sub
- End If
- End If
- Next
- Case WM_DEVICECHANGE_WParams.DeviceRemoved
- DrivesList = New List(Of String)
- For Each Drive As DriveInfo In DriveInfo.GetDrives()
- If Drive.IsReady Then _
- DrivesList.Add(Drive.Name)
- Next
- End Select
- End If
- MyBase.WndProc(w)
- End Sub
- Private Sub TabControl1_DrawItem(sender As System.Object, e As System.Windows.Forms.DrawItemEventArgs) Handles TabControl1.DrawItem
- Dim g As Graphics = e.Graphics
- Dim _TextBrush As Brush
- Dim _TabPage As TabPage = TabControl1.TabPages(e.Index)
- Dim _TabBounds As Rectangle = TabControl1.GetTabRect(e.Index)
- If (e.State = DrawItemState.Selected) Then
- _TextBrush = New SolidBrush(Color.Red)
- g.FillRectangle(Brushes.Transparent, e.Bounds)
- Else
- _TextBrush = New System.Drawing.SolidBrush(e.ForeColor)
- e.DrawBackground()
- End If
- Dim _TabFont As New Font("Arial", 10.0, FontStyle.Bold, GraphicsUnit.Pixel)
- Dim _StringFlags As New StringFormat()
- _StringFlags.Alignment = StringAlignment.Center
- _StringFlags.LineAlignment = StringAlignment.Center
- g.DrawString(_TabPage.Text, _TabFont, _TextBrush, _TabBounds, New StringFormat(_StringFlags))
- End Sub
- #Region "Removal"
- Public Function RemoveThreat(ByVal threat As String, ByVal RemoveAfterReboot As Boolean)
- If RemoveAfterReboot = False Then
- If IsProcessRunning(threat) Then
- For Each proc As Process In Process.GetProcessesByName(threat)
- proc.Kill()
- Next
- Else
- File.Delete(threat)
- End If
- Else
- End If
- End Function
- #End Region
- #Region "ScanStuff"
- Public Function GetMD5(ByVal Path As String) As String
- Dim buff As StringBuilder = New StringBuilder
- Dim f As FileStream = New FileStream(Path, FileMode.Open, FileAccess.Read, FileShare.Read, 8192)
- f = New FileStream(Path, FileMode.Open, FileAccess.Read, FileShare.Read, 8192)
- Try
- Dim md5 As MD5CryptoServiceProvider = New MD5CryptoServiceProvider
- md5.ComputeHash(f)
- Dim hash As Byte() = md5.Hash
- Dim hashByte As Byte
- For Each hashByte In hash
- buff.Append(String.Format("{0:X2}", hashByte))
- Next
- Catch ex As Exception
- End Try
- Return buff.ToString
- f.Flush()
- f.Close()
- End Function
- Sub ScanBinaries(ByVal exe As String, ByVal param As String)
- files = Directory.GetFiles(exe, param, SearchOption.AllDirectories).Count()
- total.Text = files
- filesarr = Directory.GetFiles(exe, param, SearchOption.AllDirectories)
- For Each File As String In filesarr
- cc = cc + 1
- progr = (cc / files) * 100
- bar.Value = progr
- For Each rat As String In Rats
- If ReturnHex(File).Contains(rat) Then
- infected += 1
- Dim lvi = New ListViewItem(File)
- lvi.SubItems.Add(HexToString(rat))
- lvi.SubItems.Add(GetMD5(File))
- lvi.SubItems.Add(IsProcessRunning(File))
- Results.ListView1.Items.Add(lvi)
- infect.Text = infected
- End If
- Next
- For Each KeyHook As String In KeyboardHook
- If ReturnHex(File).Contains(KeyHook) Then
- infected += 1
- Dim lvi = New ListViewItem(File)
- lvi.SubItems.Add(HexToString(KeyHook))
- lvi.SubItems.Add(GetMD5(File))
- lvi.SubItems.Add(IsProcessRunning(File))
- Results.ListView1.Items.Add(lvi)
- infect.Text = infected
- End If
- Next
- If workiscompleted = True Then
- Exit For
- End If
- If progr = 100 Then
- MessageBox.Show("Scan Completed", "Information", MessageBoxButtons.OK, MessageBoxIcon.Information)
- Results.ShowDialog()
- End If
- Next
- End Sub
- Public Function ReturnHex(ByVal File As String) As String
- Return String.Join(" ", IO.File.ReadAllBytes(File).Select(Function(b) b.ToString("X2")))
- End Function
- Public Function HexToString(ByVal hextext As String) As String
- Dim Y As Long
- Dim num As String
- Dim value As String
- For Y = 1 To Len(hextext) Step 3
- num = Mid(hextext, Y, 2)
- value = value & Chr(Val("&h" & num))
- Next Y
- HexToString = value
- End Function
- Public Sub DeleteAutorun(ByVal path As String)
- Try
- File.Delete(path & "\Autorun.inf")
- Catch ex As Exception
- MessageBox.Show(ex.InnerException, "Error", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
- End Try
- End Sub
- Sub PathScan(ByVal Path As String, ByVal param As String, ByVal searchOptions As SearchOption)
- scanbox = IO.File.ReadAllText("viruslist.txt")
- files = Directory.GetFiles(Path, param, searchOptions).Count()
- total.Text = files
- array = scanbox.Split("!")
- filesarr = Directory.GetFiles(Path, param, searchOptions)
- For Each File As String In filesarr
- cc = cc + 1
- progr = (cc / files) * 100
- bar.Value = progr
- For Each line As String In array
- If line.Contains(GetMD5(File.ToString)) Then
- infected += 1
- Dim lvi = New ListViewItem(File)
- lvi.SubItems.Add(line.Substring(0, line.IndexOf("@")))
- lvi.SubItems.Add(GetMD5(File))
- lvi.SubItems.Add(IsProcessRunning(File))
- Results.ListView1.Items.Add(lvi)
- infect.Text = infected
- Else
- End If
- Next
- now.Text = File
- If workiscompleted = True Then
- Exit For
- End If
- Next
- If progr = 100 Then
- MessageBox.Show("Scan Completed", "Information", MessageBoxButtons.OK, MessageBoxIcon.Information)
- Results.ShowDialog()
- End If
- End Sub
- Public Function IsAutorunExists(ByVal path As String) As Boolean
- If File.Exists(path & "\Autorun.inf") Then
- Return True
- Else
- Return False
- End If
- End Function
- Sub FileScan(ByVal file As String)
- scanbox = IO.File.ReadAllText("viruslist.txt")
- files = 1
- total.Text = files
- array = scanbox.Split("!")
- cc = cc + 1
- progr = (cc / files) * 100
- bar.Value = progr
- For Each line As String In array
- If line.Contains(GetMD5(file.ToString)) Then
- infected += 1
- Dim lvi = New ListViewItem(file)
- lvi.SubItems.Add(line.Substring(0, line.IndexOf("@")))
- lvi.SubItems.Add(GetMD5(file))
- lvi.SubItems.Add(IsProcessRunning(file))
- Results.ListView1.Items.Add(lvi)
- infect.Text = infected
- Else
- End If
- Next
- now.Text = file
- End Sub
- Public Function IsPathEmpty(ByVal path As String) As Boolean
- If Directory.GetFiles(path, "*.*", SearchOption.AllDirectories).Count() <> 0 Then
- Return False
- Else
- Return True
- End If
- End Function
- Public Function IsProcessRunning(ByVal fullpath As String) As Boolean
- For Each p As Process In Process.GetProcesses
- Try
- If p.MainModule.FileName = fullpath Then
- Return True
- End If
- Catch
- End Try
- Next
- Return False
- End Function
- Public Sub RemovableScan(ByVal path As String)
- P = path
- par = "*.*"
- If IsPathEmpty(P) = True Then
- Exit Sub
- Else
- ScanThread = New BackgroundWorker
- ScanThread.WorkerReportsProgress = True
- ScanThread.WorkerSupportsCancellation = True
- Scan = ScanType.RemScan
- ScanThread.RunWorkerAsync()
- TabControl1.SelectTab(TabPage4)
- End If
- End Sub
- Public Sub ScanPath(ByVal param As String)
- fbd.ShowDialog()
- P = fbd.SelectedPath.ToString
- par = param
- If IsPathEmpty(P) = True Then
- MessageBox.Show("Selected path is empty. Make sure this is correct folder path.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
- Else
- ScanThread = New BackgroundWorker
- ScanThread.WorkerReportsProgress = True
- ScanThread.WorkerSupportsCancellation = True
- Scan = ScanType.PathScan
- ScanThread.RunWorkerAsync()
- TabControl1.SelectTab(TabPage4)
- End If
- End Sub
- Public Sub ScanFile()
- ofd.ShowDialog()
- F = ofd.FileName
- ScanThread = New BackgroundWorker
- ScanThread.WorkerReportsProgress = True
- ScanThread.WorkerSupportsCancellation = True
- Scan = ScanType.FileScan
- ScanThread.RunWorkerAsync()
- TabControl1.SelectTab(TabPage4)
- End Sub
- Private Sub BackgroundWorker1_RunWorkerCompleted(ByVal sender As System.Object, ByVal e As System.ComponentModel.RunWorkerCompletedEventArgs) Handles ScanThread.RunWorkerCompleted
- ScanThread.Dispose()
- workiscompleted = False
- ResetInterface()
- End Sub
- Private Sub ScanThread_DoWork(ByVal sender As Object, ByVal e As DoWorkEventArgs) Handles ScanThread.DoWork
- Select Case Scan
- Case 0
- PathScan(P, par, SearchOption.AllDirectories)
- Case 1
- FileScan(F)
- Case 2
- ScanBinaries(P, par)
- Case 3
- RemovableScan(P)
- End Select
- End Sub
- #End Region
- #Region "OtherStuff"
- Public Sub ResetInterface()
- bar.Value = 0
- progr = 0
- files = 0
- infected = 0
- cc = 0
- scanbox = vbEmpty
- 'System.Array.Clear(array, 0, array.Length)
- 'System.Array.Clear(filesarr, 0, filesarr.Length)
- total.Text = ""
- infect.Text = ""
- now.Text = ""
- Scan = vbNull
- End Sub
- Public Sub StopProc()
- ScanThread.CancelAsync()
- workiscompleted = True
- Label1.Text = "Scan is in progress..."
- ResetInterface()
- TabControl1.SelectedTab.Hide()
- End Sub
- #End Region
- Private Sub Button1_Click(sender As System.Object, e As System.EventArgs) Handles Button1.Click
- ScanPath("*.*")
- End Sub
- Private Sub Form1_Load(sender As System.Object, e As System.EventArgs) Handles MyBase.Load
- Windows.Forms.Control.CheckForIllegalCrossThreadCalls = False
- End Sub
- Private Sub sop_Click(sender As System.Object, e As System.EventArgs) Handles sop.Click
- StopProc()
- End Sub
- Private Sub Button2_Click(sender As System.Object, e As System.EventArgs) Handles Button2.Click
- ScanFile()
- End Sub
- Private Sub Button3_Click(sender As System.Object, e As System.EventArgs) Handles Button3.Click
- BinariesScan("*.*")
- End Sub
- Sub BinariesScan(ByVal param As String)
- fbd.ShowDialog()
- P = fbd.SelectedPath.ToString
- par = param
- If IsPathEmpty(P) = True Then
- MessageBox.Show("Selected path is empty. Make sure this is correct folder path.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
- Else
- ScanThread = New BackgroundWorker
- ScanThread.WorkerReportsProgress = True
- ScanThread.WorkerSupportsCancellation = True
- Scan = ScanType.Binaries
- ScanThread.RunWorkerAsync()
- TabControl1.SelectTab(TabPage4)
- End If
- End Sub
- End Class
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement