Monday, February 5, 2007

Virus? No single chance!

Well, not many people are lucky enough to have something other than Windows at work. Really, just a few have that pleasure. I am among the unlucky ones. But not like the others who want to protect their comp with a huge security package (anti-virus + firewall + anti-spyware etc.), I wouldn't want any. Not because I'm not aware of the security risk, it's just that those things consume quite a lot of your system resources.
Right, just don't click on any suspicious link, and don't open any suspicious attachment, I'll be fine. That's what I used to think. It had been right. Until a few weeks ago. Heh, how funny it could be when you look at the processes in your task manager and see a winzip process running there, when the only thing you're using is WinRar? :P Anyway, nice try. The virus attacked some noob in my network and found a way to my computer. It didn't live long, though. A quick search took me to this page from McAfee and a quick manual delete wiped the virus out from my comp ;)
Anyway, yes, you might have guessed, the virus was not completely wiped out. Today while browsing some local folders, I saw the files again. The virus was not active, of course. But I would prefer wiping out all the infected files. Thus the following solution in Java:


import java.io.File;
import java.io.RandomAccessFile;
import java.security.MessageDigest;
import java.util.Hashtable;

public class Scanner {

private Hashtable hash;

public Scanner() {

hash = new Hashtable();
hash.put("WinZip_Tmp.exe", "165b15075a22b0825f286f8f2de8cf71");
hash.put("Temp.Htt", "ea7d7bd6eece99eb35daa1e5f1decd60");
hash.put("desktop.ini", "c06c6123a8d3723eeefe8ed813b0658d");

} // end constructor

public static String md5(File f) {

try {

MessageDigest md = MessageDigest.getInstance("MD5");
RandomAccessFile r = new RandomAccessFile(f, "r");
byte[] b = new byte[(int)r.length()];
md.update(b);
b = md.digest();
StringBuffer hexString = new StringBuffer();
for (int i = 0; i < b.length; i++)
hexString.append(Integer.toHexString((b[i] & 0xFF) | 0x100).substring(1));
return hexString.toString();

} catch (Exception e) {

return null;

} // end try catch

} // end md5

public void scan(File f) {

File[] files = f.listFiles();
if (files == null) return;
for (File file : files) {

if (file.isDirectory()) scan(file);
else {

String s = file.getName();
if (hash.containsKey(s) && hash.get(s).equals(md5(file))) {

if (file.delete())
System.out.println("Successfully deleted: " + file.getAbsolutePath());
else
System.out.println("Failed: " + file.getAbsolutePath());

} // end if

} // end if else

} // end for

} // end scan

public static void main(String[] args) {

String pathname = args.length > 0 ? args[0] : "./";
File f = new File(pathname);
Scanner s = new Scanner();
s.scan(f);

} // end main

} // end class

The code might be extendable to create a complete anti-virus engine. But you know, I'm too lazy. So if you're interested in completing the job, please do it and let me know ;)
And no, I'm not installing any anti-virus software on my comp. I wouldn't need one ;)

3 comments:

Chaosdreamer said...

I never bother with antivirus as I "think" I know what I am doing and like you find the additional resource required a real pain. But your post has got me thinking. I have a home wireless network (secured) and I share this with my girfriend who does have antivirus software. I never thought about a virus being passed on across my little home network. Maybe if I do get infected it will transmitted and picked up by my girlfriends pc, thus a possible solution to working with no antivirus software :P

Silkut said...

I thought exactly the same thing until my main PC got infected by some trojan. I'm playing with a VM as much as I can with suspicious file (like..some challenges.)

Noah said...

Thanks for shharing