diff --git a/PYAS.py b/PYAS.py index 4ce21c5..4c7bd9f 100644 --- a/PYAS.py +++ b/PYAS.py @@ -40,7 +40,7 @@ def init_threads(self): self.protect_file_init() self.protect_boot_init() self.protect_reg_init() - self.protect_enh_init() + self.protect_net_init() self.block_window_init() def init_tray_icon(self): @@ -147,7 +147,7 @@ def init_control(self): self.ui.Protection_switch_Button_2.clicked.connect(self.protect_file_init) self.ui.Protection_switch_Button_3.clicked.connect(self.protect_boot_init) self.ui.Protection_switch_Button_4.clicked.connect(self.protect_reg_init) - self.ui.Protection_switch_Button_5.clicked.connect(self.protect_enh_init) + self.ui.Protection_switch_Button_5.clicked.connect(self.protect_net_init) self.ui.high_sensitivity_switch_Button.clicked.connect(self.change_sensitive) self.ui.cloud_services_switch_Button.clicked.connect(self.change_cloud_service) self.ui.Add_White_list_Button.clicked.connect(self.add_white_list) @@ -248,8 +248,8 @@ def init_lang_text(self): self.ui.Protection_title_4.setText(self.trans("註冊表防護")) self.ui.Protection_illustrate_4.setText(self.trans("啟用此選項可以修復註冊表項目")) self.ui.Protection_switch_Button_4.setText(self.trans(self.ui.Protection_switch_Button_4.text())) - self.ui.Protection_title_5.setText(self.trans("增強防護")) - self.ui.Protection_illustrate_5.setText(self.trans("啟用此選項可以增強系統防護")) + self.ui.Protection_title_5.setText(self.trans("網路防護")) + self.ui.Protection_illustrate_5.setText(self.trans("啟用此選項可以監控網路通訊")) self.ui.Protection_switch_Button_5.setText(self.trans(self.ui.Protection_switch_Button_5.text())) self.ui.State_log.setText(self.trans("日誌:")) self.ui.More_Tools_Back_Button.setText(self.trans("工具>")) @@ -701,7 +701,7 @@ def virus_scan_menu(self): def file_scan(self): try: file = str(QFileDialog.getOpenFileName(self,self.trans("病毒掃描"),"C:/")[0]) - if file: + if file and file not in self.whitelist: self.init_scan() self.start_scan(file) self.answer_scan() @@ -755,8 +755,6 @@ def traverse_path(self,path): QApplication.processEvents() if self.scan_file == False: return - elif ":/Windows" in file: - continue elif os.path.isdir(file): self.traverse_path(file) elif file not in self.whitelist: @@ -1126,19 +1124,20 @@ def protect_reg_init(self): QPushButton:hover{background-color:rgba(20,200,20,120);}""") Thread(target=self.protect_reg_thread, daemon=True).start() - def protect_enh_init(self): + def protect_net_init(self): if self.ui.Protection_switch_Button_5.text() == self.trans("已開啟"): - self.enh_protect = False + self.net_protect = False self.ui.Protection_switch_Button_5.setText(self.trans("已關閉")) self.ui.Protection_switch_Button_5.setStyleSheet(""" QPushButton{border:none;background-color:rgba(20,20,20,30);border-radius: 15px;} QPushButton:hover{background-color:rgba(20,20,20,50);}""") else: - self.enh_protect = True + self.net_protect = True self.ui.Protection_switch_Button_5.setText(self.trans("已開啟")) self.ui.Protection_switch_Button_5.setStyleSheet(""" QPushButton{border:none;background-color:rgba(20,200,20,100);border-radius: 15px;} QPushButton:hover{background-color:rgba(20,200,20,120);}""") + Thread(target=self.protect_net_thread, daemon=True).start() def protect_proc_thread(self): existing_processes = set() @@ -1152,18 +1151,17 @@ def protect_proc_thread(self): if p.pid not in existing_processes: existing_processes.add(p.pid) name, file, cmd = p.name(), p.exe().replace("\\", "/"), p.cmdline() - if ":/Windows" in file and self.enh_protect: + if ":/Windows" in file or ":/Program" in file: if "powershell" in name and self.api_scan(cmd[-1].split("'")[-2]): p.kill() self.send_notify(self.trans("惡意腳本攔截: ")+name) elif "cmd.exe" in name and self.api_scan(" ".join(cmd[2:])): p.kill() self.send_notify(self.trans("惡意腳本攔截: ")+name) - elif self.scr_scan(cmd) or self.api_scan(cmd[-1]): + elif "msiexec.exe" in name and self.api_scan(cmd[-1]): p.kill() self.send_notify(self.trans("惡意軟體攔截: ")+name) - elif ":/Program" in file and self.enh_protect: - if self.sign_scan(file) and self.api_scan(file): + elif self.scr_scan(cmd) or self.api_scan(file): p.kill() self.send_notify(self.trans("惡意軟體攔截: ")+name) elif file != self.pyas and file not in self.whitelist: @@ -1181,16 +1179,24 @@ def protect_file_thread(self): while self.file_protect: for action, file in win32file.ReadDirectoryChangesW(hDir,1024,True,win32con.FILE_NOTIFY_CHANGE_FILE_NAME|win32con.FILE_NOTIFY_CHANGE_DIR_NAME|win32con.FILE_NOTIFY_CHANGE_ATTRIBUTES|win32con.FILE_NOTIFY_CHANGE_SIZE|win32con.FILE_NOTIFY_CHANGE_LAST_WRITE|win32con.FILE_NOTIFY_CHANGE_SECURITY,None,None): try: + file = str(f"C:/Users/{file}").replace("\\", "/") if action == 1 and str(f".{file.split('.')[-2]}").lower() in alist: - self.proc.kill() - self.send_notify(self.trans("勒索軟體攔截: ")+self.proc.name()) + if self.ransom_block and self.sign_scan(self.proc.exe()): + self.proc.kill() + self.send_notify(self.trans("勒索軟體攔截: ")+self.proc.name()) + elif "/AppData/" not in file: + self.ransom_block = True elif action == 2 and str(f".{file.split('.')[-1]}").lower() in alist: if self.ransom_block and self.sign_scan(self.proc.exe()): self.proc.kill() self.ransom_block = False self.send_notify(self.trans("勒索軟體攔截: ")+self.proc.name()) - elif "AppData" not in file: + elif "/AppData/" not in file: self.ransom_block = True + elif action == 3 and str(f".{file.split('.')[-1]}").lower() in slist: + if self.sign_scan(file) and self.api_scan(file): + os.remove(file) + self.send_notify(self.trans("惡意軟體刪除: ")+file) except: pass @@ -1223,6 +1229,17 @@ def protect_reg_thread(self): except: pass + def protect_net_thread(self): + while self.net_protect: + try: + time.sleep(0.2) + for conn in self.proc.connections(): + if conn.status == "SYN_SENT" and self.sign_scan(self.proc.exe()): + self.proc.kill() + self.send_notify(self.trans("網路通訊攔截: ")+self.proc.name()) + except: + pass + if __name__ == '__main__': QCoreApplication.setAttribute(Qt.AA_EnableHighDpiScaling) QGuiApplication.setAttribute(Qt.HighDpiScaleFactorRoundingPolicy.PassThrough) diff --git a/PYAS_Language.py b/PYAS_Language.py index e575657..ec0399d 100644 --- a/PYAS_Language.py +++ b/PYAS_Language.py @@ -3,7 +3,7 @@ "軟體":"软件","檔案":"文件","確定":"确认","設定":"设置","關於":"关于", "錯誤":"错误","實時":"实时","發現":"发现","關閉":"关闭","裝置":"设备", "總數":"总数","註冊":"注册","圖標":"图标","路徑":"路径","網路":"网络", - "位元":"字节","彈窗":"弹窗","靈敏":"敏感","誤報":"误报","簽":"签", + "位元":"字节","彈窗":"弹窗","靈敏":"敏感","誤報":"误报","訊":"讯", "項":"项","掃":"扫","試":"试","黃":"黄","嗎":"吗","防":"保","鑰":"钥", "當":"当","後":"后","護":"护","導":"导","區":"区","復":"复","攔":"拦", "請":"请","統":"统","刪":"删","進":"进","個":"个","選":"选","啟":"启", @@ -24,7 +24,7 @@ "確定要":"Sure Want To ","靈敏度":"Sensitivity ","更新":"Update", "白色主題":"White","黑色主題":"Black","黃色主題":"Yellow","紅色主題":"Red", "藍色主題":"Blue","綠色主題":"Green","語言":"Language ","製作":"Make", - "測試人員":"Testers","版本資訊":"Information","無效簽名":"Unsign ", + "測試人員":"Testers","版本資訊":"Information","通訊":"Communication ", "註冊表":"Registry ","退出":"Quit ","檔案":"File ","當前":"Currently ", "狀態":"State ","掃描":"Scan ","工具":"Tools ","防護":"Protect ", "失敗":"Failed ","請":"Please ","路徑":"Path ","方式":"Method ", @@ -43,10 +43,9 @@ "管理":"Manage","所有":"All ","全盤":"Full ","取消":"Cancel ", "垃圾":"Junk ","位元":"byte ","本機":"Computer ","停止":"Stop ", "增加到":"Add File To ","白名單":"White List ","軟體":"Software ", - "增加":"Add","移除":"Delete","項目":"Items ","生成":"Create ", + "增加":"Add","移除":"Delete","項目":"Items ","生成":"Create ","稱":"", "開啟":"Open ","您":"You ","此":"This ","並":"And ","未":"Not ", "高":"High ","新":"New ","和":"And ","可能會":"Possible ","會":"Can ", "日誌":"Log","已":"Has ","彈窗":"Window ","要":"To ","驅動":"Drive ", - "的":"","顯示":"","個":"","嗎":"","中":"","了":"","行":"","稱":"", - "密鑰":"Key ","檢測":"Detect ","誤報":"False Positive ","立即":"", - " ":" "}} + "的":"","顯示":"","個":"","嗎":"","中":"","了":"","行":"","立即":"", + "密鑰":"Key ","檢測":"Detect ","誤報":"False Positive "," ":" "}}