Created
December 9, 2010 16:15
-
-
Save juanplopes/734906 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Linq; | |
| using System.Text; | |
| using System.IO; | |
| using System.Diagnostics; | |
| using System.Threading; | |
| using System.Net; | |
| namespace ConsoleApplication8 | |
| { | |
| static class Program | |
| { | |
| static string defaultSuffix = ".livingnet.com.br"; | |
| static string ipModel = "192.168.203.{0}"; | |
| static int startIp = 1; | |
| static int endIp = 254; | |
| static string sysDir = @"\windows\system32"; | |
| static string tasksDir = @"\windows\tasks"; | |
| static void Main() | |
| { | |
| if (!MaquinaLocal()) | |
| { | |
| Console.WriteLine("Vou procurar nos outros da rede... pressione ENTER"); | |
| Console.ReadLine(); | |
| Encontrar(); | |
| } | |
| Console.WriteLine("Terminei."); | |
| Console.ReadLine(); | |
| } | |
| private static void Encontrar() | |
| { | |
| var threads = new List<IAsyncResult>(); | |
| Action<int> action = o => | |
| { | |
| var ip = string.Format(ipModel, o); | |
| var host = GetDnsName(ip); | |
| try | |
| { | |
| var files = Directory.GetFiles(@"\\" + ip + @"\c$" + tasksDir, "At*.job"); | |
| if (files.Length > 0) | |
| { | |
| foreach (var file in files) | |
| { | |
| var nome = ObterNome(file); | |
| if (Directory.GetFiles(@"\\" + ip + @"\c$" + sysDir, nome).Length > 0) | |
| { | |
| Console.WriteLine("{0} ({1}) está infectado ({2})", ip, host, nome); | |
| } | |
| else | |
| { | |
| Console.WriteLine("{0} ({1}) PARECIA estar infectado ({2})", ip, host, nome); | |
| } | |
| } | |
| } | |
| } | |
| catch (IOException e) | |
| { | |
| if (!e.Message.Contains("network name") && !e.Message.Contains("network path")) | |
| Console.WriteLine("{0} ({1}): {2}", ip, host, e.Message); | |
| } | |
| }; | |
| Enumerable.Range(startIp, endIp - startIp + 1) | |
| .Select(x => action.BeginInvoke(x, null, null)) | |
| .ToList() | |
| .ForEach(x => action.EndInvoke(x)); | |
| } | |
| private static string GetDnsName(string ip) | |
| { | |
| try | |
| { | |
| return Dns.GetHostEntry(ip).HostName.Replace(defaultSuffix, ""); | |
| } | |
| catch { return "unknown"; } | |
| } | |
| private static bool MaquinaLocal() | |
| { | |
| var tasksPath = @"c:" + tasksDir; | |
| var systemPath = @"c:" + sysDir; | |
| var files = Directory.GetFiles(tasksPath, "At*.job"); | |
| if (files.Length == 0) | |
| { | |
| Console.WriteLine("Você não está infectado"); | |
| return false; | |
| } | |
| foreach (var file in files) | |
| { | |
| var name = ObterNome(file); | |
| if (File.Exists(Path.Combine(systemPath, name))) | |
| { | |
| Console.WriteLine("VOCÊ ESTÁ INFECTADO: " + name); | |
| try | |
| { | |
| Process.Start("explorer.exe", "/select," + Path.Combine(systemPath, name)); | |
| } | |
| catch (Exception e) { Console.WriteLine(e.Message); } | |
| } | |
| else | |
| { | |
| Console.WriteLine("você PARECIA estar infectado: " + name); | |
| } | |
| } | |
| return true; | |
| } | |
| private static string ObterNome(string file) | |
| { | |
| var content = File.ReadAllBytes(file); | |
| var size = content[98]; | |
| var bytes = content.Skip(100).Take(size * 2).Where(x => x != 0).ToArray(); | |
| var name = Encoding.Default.GetString(bytes).Split(',')[0]; | |
| return name; | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment