q8wars Posted June 9, 2009 Share Posted June 9, 2009 hello i need some help see lets go the virus make him self in 3 file %windir%\system\svchost.exe %windir%\system\rundll32.exe %windir%\system\winlogon.exe but if i do ProcessClose("svchost.exe") ProcessClose("rundll32.exe") ProcessClose("winlogon.exe") that make problem in pc now i use this code $proc = ProcessList("svchost.exe") for $p = 1 to $proc[0][0] MsgBox(0, "ProcID: " & $proc[$p][1],"ProcName: " & $proc[$p][0]) Next how i get ProcDir ????????? thanks for help Link to comment Share on other sites More sharing options...
Valuater Posted June 9, 2009 Share Posted June 9, 2009 Process Path by PID/Process Func _ProcessGetPath($pid) ;borrowed If IsString($pid) Then $pid = ProcessExists($pid) $Path = DllStructCreate("char[1000]") $dll = DllOpen("Kernel32.dll") $handle = DllCall($dll, "int", "OpenProcess", "dword", 0x0400 + 0x0010, "int", 0, "dword", $pid) $ret = DllCall("Psapi.dll", "long", "GetModuleFileNameEx", "long", $handle[0], "int", 0, "ptr", DllStructGetPtr($Path), "long", DllStructGetSize($Path)) $ret = DllCall($dll, "int", "CloseHandle", "hwnd", $handle[0]) DllClose($dll) Return DllStructGetData($Path, 1) EndFunc ;==>_ProcessGetPath 8) Link to comment Share on other sites More sharing options...
Developers Jos Posted June 9, 2009 Developers Share Posted June 9, 2009 Get a good AV program and use that to fix your mistake. Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now