python

关注公众号 jb51net

关闭
首页 > 脚本专栏 > python > Python监控进程是否有病毒

使用Python实现监控进程是否有病毒

作者:白客小李666

这篇文章主要为大家详细介绍了如何使用Python实现监控进程是否有病毒,文中的示例代码讲解详细,感兴趣的小伙伴可以跟随小编一起学习一下

程序流程图

实现监控进程

导包

这里,我们需要用一个特别的库,叫做psutil

import psutil

处理进程信息

然后我们创建一个列表,里面存储进程的信息

processes = []
for process in psutil.process_iter():
    try:
        process_info = process.as_dict(attrs=['pid', 'name', 'username', 'cpu_percent', 'memory_info','exe'])
        processes.append(process_info)
    except:
        pass

有兴趣的读者可以读取一下processes这个列表,里面很乱,其中记录了系统中的每一个进程的信息,并把每一组信息弄成一个字典

这里以svchost.exe为例

然后我们就可以看到这个程序的信息了

检测文件是否是病毒

杀毒引擎就不过多介绍了,请大家参考:使用Python制作一个恶意软件删除工具

这里也可以连一下360杀毒引擎

import requests
import xml.etree.ElementTree as xmlet
def clouds_scan_Engine(file):
    """接入360云扫描引擎"""
    try:
        with open(file, "rb") as f:
            text = str(hashlib.md5(f.read()).hexdigest())
        strBody = f'-------------------------------7d83e2d7a141e\r\nContent-Disposition: form-data; name="md5s"\r\n\r\n{text}\r\n-------------------------------7d83e2d7a141e\r\nContent-Disposition: form-data; name="format"\r\n\r\nXML\r\n-------------------------------7d83e2d7a141e\r\nContent-Disposition: form-data; name="product"\r\n\r\n360zip\r\n-------------------------------7d83e2d7a141e\r\nContent-Disposition: form-data; name="combo"\r\n\r\n360zip_main\r\n-------------------------------7d83e2d7a141e\r\nContent-Disposition: form-data; name="v"\r\n\r\n2\r\n-------------------------------7d83e2d7a141e\r\nContent-Disposition: form-data; name="osver"\r\n\r\n5.1\r\n-------------------------------7d83e2d7a141e\r\nContent-Disposition: form-data; name="vk"\r\n\r\na03bc211\r\n-------------------------------7d83e2d7a141e\r\nContent-Disposition: form-data; name="mid"\r\n\r\n8a40d9eff408a78fe9ec10a0e7e60f62\r\n-------------------------------7d83e2d7a141e--'
        response = requests.post('http://qup.f.360.cn/file_health_info.php', data=strBody, timeout=3)
        if response.status_code == 200:
            level = float(xmlet.fromstring(response.text).find('.//e_level').text)
            if level > 50: #判断是否是病毒
                return "Virus"
            elif level <= 10:
                return "Safe"
            return "Unknown"
        return f"Error: {response.status_code}"
    except Exception as e:
        return f"Error: {e}"

这里就用PYAS的密钥了,我没密钥,连不上

报毒

杀毒引擎和监控文件进程的程序都弄好了,那怎么报毒呢

messagebox?不太现实,如果你正工作呢中间给你来个弹窗,不吓人吗

所以这里我们用plyer的右下角弹窗,这个库我自认为稳定一点,因为当时我用win10toast打包不成功(咋整都不行)。

导包

from plyer import notification

弹窗

def notifier(message):
    notification.notify(title="Anti Virus",message=message,app_icon = None,timeout = 3)
                         #标题             #信息                   #图标        #显示的时间 

弹出来了(要是弹不出来重启电脑再试一次基本就行了)

总代码

#! python3.9.0
# -*- coding:ANSI -*-
#作者:白客小李666
#创建日期:2024-2-14
#版本号:V1.0
import os
import time
import hashlib
import subprocess
import psutil
import requests
import xml.etree.ElementTree as xmlet
import tkinter.messagebox as messagebox
from plyer import notification
import win32file, win32con
 
def notifier(message):
    notification.notify(title="PF Anti Virus",message=message,app_icon = None,timeout = 3)
def clouds_scan_Engine(file):
    """接入360云扫描引擎"""
    try:
        with open(file, "rb") as f:
            text = str(hashlib.md5(f.read()).hexdigest())
        strBody = f'-------------------------------7d83e2d7a141e\r\nContent-Disposition: form-data; name="md5s"\r\n\r\n{text}\r\n-------------------------------7d83e2d7a141e\r\nContent-Disposition: form-data; name="format"\r\n\r\nXML\r\n-------------------------------7d83e2d7a141e\r\nContent-Disposition: form-data; name="product"\r\n\r\n360zip\r\n-------------------------------7d83e2d7a141e\r\nContent-Disposition: form-data; name="combo"\r\n\r\n360zip_main\r\n-------------------------------7d83e2d7a141e\r\nContent-Disposition: form-data; name="v"\r\n\r\n2\r\n-------------------------------7d83e2d7a141e\r\nContent-Disposition: form-data; name="osver"\r\n\r\n5.1\r\n-------------------------------7d83e2d7a141e\r\nContent-Disposition: form-data; name="vk"\r\n\r\na03bc211\r\n-------------------------------7d83e2d7a141e\r\nContent-Disposition: form-data; name="mid"\r\n\r\n8a40d9eff408a78fe9ec10a0e7e60f62\r\n-------------------------------7d83e2d7a141e--'
        response = requests.post('http://qup.f.360.cn/file_health_info.php', data=strBody, timeout=3)
        if response.status_code == 200:
            level = float(xmlet.fromstring(response.text).find('.//e_level').text)
            if level > 50: #判断是否是病毒
                return "Virus"
            elif level <= 10:
                return "Safe"
            return "Unknown"
        return f"Error: {response.status_code}"
    except Exception as e:
        return f"Error: {e}"
Virus_Reservoirs=[
                 '40d8911754a4d6cd8d4c732f96eb3016',#无限cmd弹窗
                 '13a46d4fd98cac46bc95fc1ca6dd8c56',#无限cmd弹窗
                 '0d686bf04da1a4d11ea197375b99a48b',#无限cmd弹窗
                 'eda588c0ee78b585f645aa42eff1e57a',#中华黑豹升级版
                 '19dbec50735b5f2a72d4199c4e184960',#MEMZ彩虹猫
                 '815b63b8bc28ae052029f8cbdd7098ce',#滑稽病毒
                 'c71091507f731c203b6c93bc91adedb6',#卢本伟病毒
                 '0a456ffff1d3fd522457c187ebcf41e4',#蠕虫
                 '1aa4c64363b68622c9426ce96c4186f2',#BIOS、MBR病毒
                 'd214c717a357fe3a455610b197c390aa',#Virus.Win32.disttrackA类型病毒
                 'b14299fd4d1cbfb4cc7486d978398214',#Virus.Win32.disttrackA类型病毒
                 'dffe6e34209cb19ebe720c457a06edd6',#无尽黑洞木马病毒
                 '512301c535c88255c9a252fdf70b7a03',#熊猫烧香
                 'd4a05ada747a970bff6e8c2c59c9b5cd',#WormOrg.Viking.A -->蠕虫
                 'ad41ec81ab55c17397d3d6039752b0fd',#WormOrg.Win32.Fujack.A  -->蠕虫
                 'a57db79f11a8c58d27f706bc1fe94e25',#Virus.Win32.Viking.A类型病毒
                 'fc14eaf932b76c51ebf490105ba843eb',#冲击波
                 '2a92da4b5a353ca41de980a49b329e7d',#蠕虫
                 '68abd642c33f3d62b7f0f92e20b266aa',#蠕虫
                 'ff5e1f27193ce51eec318714ef038bef',#蠕虫
                 '4c36884f0644946344fa847756f4a04e',#磁碟机
                 '2391109c40ccb0f982b86af86cfbc900',#AV终结者——>Pabug
                 '915178156c8caa25b548484c97dd19c1',#可删除文件的蠕虫
                 'dac5f1e894b500e6e467ae5d43b7ae3e',#可删除文件的蠕虫
                 '84c82835a5d21bbcf75a61706d8ab549',#WannaCry永恒之蓝
                 'db349b97c37d22f5ea1d1841e3c89eb4',#WannaCry永恒之蓝
                 '1de73f49db23cf5cc6e06f47767f7fda',#WannaRen
                 'af2379cc4d607a45ac44d62135fb7015',#Petya
                 '71b6a493388e7d0b40c83ce903bc6b04',#Petya组件
                 'e81139675ac1b806d689fb17789e2f99',#斯大林病毒
                 '849da18699ea2332494e431c66be0ca6',#WindowsCrazyError
                 '56975ae355acb292220921ad61c58f2a',#MBR破坏
                 '44d88612fea8a8f36de82e1278abb02f',#引擎测试程序
                 '297de74cb20a975efaf20cd88fddf270',#鬼影木马
                 'c729d940eb78e927afcba4046543d8f8',#可让系统蓝屏的病毒
                 '8c71f2a4b3079332d4f8078eddb9974a',#小猪佩奇病毒
                 "8c689f65508e1353fb3df35df87ba5c7",#'假蓝屏'病毒
                 'f84765b1eb6fc25f1ac48b9d3a53b255', 
                 'dabe78f82700ccf74e0d2bfefb49dd1c', 
                 'd067a550d2a3489e0f6f75bb8e20a6f8',
                 '4544bb3a1f838959ef72b511873f1908', 
                 '8c13bb49dfaf8f0daa42b404d5227f29', 
                 '6e964d9effc5d3e888db037fb1a0f6d5', 
                 'dd51b7493ba47c2a8ad831214640c86e', 
                 'ceeea2aa492f9665a581d9878b6ca560', 
                 'cb0a6cf97767ba655f517ac009226e8a', 
                 '262e179b3432d3bcf8d82783efea7941', 
                 '9d73825b2d64701e2f6c854523aa6130',
                 'a85810a9b80fe17d668259c01c1603e5', 
                 '84e5ccdfbdfd9d92456c890e6d8641d4', 
                 '97cda21c64590b5c7145582da1f3bdcc', 
                 '17b3dae40d5084b0c04faf09b40d1188',
                 '1a57f3e87c8f0da948aac575ec3b0bf6',
                 '1a014f843176d194a6ecfafc872c00cb',
                 'e5215927d2a1f245f752d34c1c281a66', 
                 '0a2e0ab41ec0adc7b5cc6da2b6f71796', 
                 '07c39cc37fc5a625d037e47c2de67140',
                 'fe7d53cf0d0767b6a1a5063f104bd95a',
                 '23b09b6230c63d21c035d716f74c2b4f', 
                 '53b00ae9be4847348be142d94b857998',
                 '523983e00238f69d0d44687d85b5ff7e',
                 'c207d67faa4433dacdda40a3a98e740b',
                  '1c21f88d33bdb8570c813a57382c1069',
                  '942e52b69f0452ac604df829e4d8b2a7', 
                  '0d6d8ece825ac156ec7331111721e6a0',
                '0067366016a1a7feb93cf8befeb1a5f8',
                '041019de368b2b914be10149421be2a5', 
                '332f9ec09fede19ed545c19e661d4e89']
 
class anti_viruses:
     global Virus_Reservoirs,clouds_scan_Engine,notifier
     def anti_virus1():
        """实时扫描进程"""
        def getFileMD5(file):
            f_ob=open(file,"rb")
            f_content=f_ob.read()
            f_ob.close()
            file_md5=hashlib.md5(f_content)
            return file_md5.hexdigest()
        processes = []
        for process in psutil.process_iter():
            try:
                process_info = process.as_dict(attrs=['pid', 'name', 'username', 'cpu_percent', 'memory_info','exe'])
                processes.append(process_info)
            except:
                pass
        tasks_dir=[]
        for i in processes:
            tasks_dir.append(i['exe'])
        for i in tasks_dir:
            try:
                fileMD5=getFileMD5(i)
                try:
                    file_info=clouds_scan_Engine(i)
                    if fileMD5 in Virus_Reservoirs or file_info == 'Virus':
                        n=os.path.basename(i)
                        subprocess.call(f"taskkill /f /im {n}", creationflags=0x08000000)
                        try:
                            os.unlink(i)
                            notifier(f"发现病毒{n},已处理")
                        except:
                            notifier(f"发现病毒{n},处理失败,请立刻查杀病毒!")
                except:
                    print(i+"文件哈希值:"+fileMD5)
                    if fileMD5 in Virus_Reservoirs :
                        n=os.path.basename(i)
                        subprocess.call(f"taskkill /f /im {n}", creationflags=0x08000000)
                        try:
                            os.unlink(i)
                            notifier(f"发现病毒{n},已处理")
                        except:
                            notifier(f"发现病毒{n},处理失败,请立刻查杀病毒!")
            except:
                pass
            
 
 
if __name__ =='__main__':                   
    while True:
        try:
            anti_viruses.anti_virus1()
            time.sleep(0.5)#休息0.5秒,防止内存占用率过高导致程序跑不起来
        except Exception as e:
            messagebox.showerror("error",f"Task Monitor stops working!\nerror code:{e}")

测试

这里不方便上病毒,我就把处理文件程序弄上来了,充当一下病毒(稳重的病毒库里没有他)

python处理文件程序v1.1

这样,此程序就可以投入使用了!让我们的电脑更安全

到此这篇关于使用Python实现监控进程是否有病毒的文章就介绍到这了,更多相关Python监控进程是否有病毒内容请搜索脚本之家以前的文章或继续浏览下面的相关文章希望大家以后多多支持脚本之家!

您可能感兴趣的文章:
阅读全文