Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Categories

VB Trojans

135

Comments

  • lavey666uklavey666uk Member Posts: 9
    [b][red]This message was edited by lavey666uk at 2004-4-7 5:32:46[/red][/b][hr]
    you can find out the ip of the host with an api and then build a notify mechanism..
    also .. you will need to consider firewalls !

    my advice.. search the vb section of pscode.com for specifc things.. ie; retrieve ip.
    email notification.

    There are also some really nice code samples out there for reverse connection :D


  • markblue777markblue777 Member Posts: 184
    : [b][red]This message was edited by lavey666uk at 2004-4-7 5:32:46[/red][/b][hr]
    : you can find out the ip of the host with an api and then build a notify mechanism..
    : also .. you will need to consider firewalls !
    :
    : my advice.. search the vb section of pscode.com for specifc things.. ie; retrieve ip.
    : email notification.
    :
    : There are also some really nice code samples out there for reverse connection :D
    :
    :
    Wot is a recerse connection does it mean it will tell me the ip of the victim in a email or something
    and do u have any code fo retrieving ip address
    from
    mark

  • didanididani Member Posts: 99
    : : : : : : : : I've got an interesting tutorial that show's the basics of vb trojans, if anyone is interested post and let me know.
    : : : : : : : :
    : : : : : : : :
    : : : : : : : :
    : : : : : : : :
    : : : : : : : : C:Dos
    : : : : : : : : C:Dos Run
    : : : : : : : : Run Dos Run
    : : : : : : : :
    : : : : : : : hi i have 3 questions really first one is
    : : : : : : : wot does this virus do i have made it but wot does it do
    : : : : : : : second question is
    : : : : : : : i have never compiled a project before does it just mean do standard package and deploment or do u do somthing different so u dont have to install it
    : : : : : : : and last question is do i compile them seperatly or together and also one more question how do u use it do i send one part to a target machine or wot
    : : : : : : : please help
    : : : : : : : thanks from
    : : : : : : : mark
    : : : : : : :
    : : : : : : Hi m8, here's the answers:
    : : : : : : 1. It is not a virus. It is a trojan... The difference? A trojan does not spread itself, a victim has to open it. What it does: It grants you the ability to send the user a message, open his cd-tray or shut his computer down.
    : : : : : : The compiling is most easy:
    : : : : : : File --> Make project1.exe --> Choose the desktop for location and tadaa... There appears the program on the desktop
    : : : : : : The compiling should be done seperately, indeed. Compile the server part, and send this to the victim, and compile the client part, and use this as a tool to control the victim. Once you have compiled the server, you should make sure the victim opens it, or else you will not be able to control his pc...
    : : : : : :
    : : : : : : Hope this helps...
    : : : : : :
    : : : : : : EtHeO out...
    : : : : : :
    : : : : :
    : : : : :
    : : : : : didani is absolutly right, this is a very basic program ment only to give you the knowhow to design a better one your self.
    : : : : :
    : : : : : for those of you that have it, check out the registry api's you can add a simple bit of code that when the program executes it will right the reg key in so that it runs on start up, getting into it even more you can add more winsock controls or array them and then give yourself the ability to download files off of the victim or to transfer files yourself to the victem and then execute shells to load the newly tranfered programs, and for the truly dedicated programmers you can make it so that it will spawn copys of itself(this will most likly require the trojan to download an exe of itself or to have one extra one included under a different name - that does not however make it a virus as it does not infect any files it only does what you tell it to do..
    : : : : :
    : : : : : on a side note the one that I finaly developed (not quite finished yet) funny enough is detected as a virus by mcaffe.
    : : : : :
    : : : : : hope that helps everyone looking into it.
    : : : : :
    : : : : : just remember the source in the tut really does nothing important at all you will need to expand apon it greatly to do anything worth while.
    : : : : : [blue]
    : : : : : C:Dos
    : : : : : C:Dos Run
    : : : : : Run Dos Run
    : : : : : [/blue]
    : : : : :
    : : : : hi i am new to vb so i need as much help as i can get soz if the questions where stupid sorry bout that but wot is the vb code for the reg key or where could i find it out
    : : : : from
    : : : : mark
    : : : :
    : : :
    : : :
    : : : don't worry about it, your not going to know unless you ask right. as for the reg code, I'll try to dig it up and post it, or your can try to search for "registry API's" on google or on some vb programming site.
    : : : [blue]
    : : : C:Dos
    : : : C:Dos Run
    : : : Run Dos Run
    : : : [/blue]
    : : :
    : : thanks mate i will for it as weell and could u look aswell please then if any of us find sumthing post it on here ok thaks
    : : from
    : : mark
    :
    : Hi all i managed to find sum code all u do is put it in a module
    : here it is
    : [blue]
    : Enum RegHive
    : HKEY_CLASSES_ROOT = &H80000000
    : HK_CR = &H80000000
    : HKEY_CURRENT_USER = &H80000001
    : HK_CU = &H80000001
    : HKEY_LOCAL_MACHINE = &H80000002
    : HK_LM = &H80000002
    : HKEY_USERS = &H80000003
    : HK_US = &H80000003
    : HKEY_CURRENT_CONFIG = &H80000005
    : HK_CC = &H80000005
    : HKEY_DYN_DATA = &H80000006
    : HK_DD = &H80000006
    : End Enum
    :
    : Enum RegType
    : REG_SZ = 1 'Unicode nul terminated string
    : REG_BINARY = 3 'Free form binary
    : REG_DWORD = 4 '32-bit number
    : End Enum
    :
    : Public Const ERROR_SUCCESS = 0&
    : Public Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
    : Public Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
    : Public Declare Function RegDeleteKey Lib "advapi32.dll" Alias "RegDeleteKeyA" (ByVal hKey As Long, ByVal lpSubKey As String) As Long
    : Public Declare Function RegDeleteValue Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal hKey As Long, ByVal lpValueName As String) As Long
    : Public Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
    : Public Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Any, lpcbData As Long) As Long
    : Public Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long
    : Public Declare Function RegEnumKey Lib "advapi32.dll" Alias "RegEnumKeyA" (ByVal hKey As Long, ByVal dwIndex As Long, ByVal lpName As String, ByVal cbName As Long) As Long
    :
    : Public Function DelRegValue(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String)
    : Dim hCurKey As Long
    : Dim lRegResult As Long
    : lRegResult = RegOpenKey(hKey, strPath, hCurKey)
    : lRegResult = RegDeleteValue(hCurKey, strValue)
    : lRegResult = RegCloseKey(hCurKey)
    : End Function
    :
    : Public Function DelRegKey(ByVal hKey As RegHive, ByVal strPath As String) As Long
    : Dim lRegResult As Long
    : lRegResult = RegDeleteKey(hKey, strPath)
    : DelRegKey = lRegResult
    : End Function
    :
    : Public Function CreateRegKey(hKey As RegHive, strPath As String)
    : Dim hCurKey As Long
    : Dim lRegResult As Long
    : lRegResult = RegCreateKey(hKey, strPath, hCurKey)
    : If lRegResult <> ERROR_SUCCESS Then
    : 'there is a problem
    : End If
    : lRegResult = RegCloseKey(hCurKey)
    : End Function
    : Public Function GetRegString(hKey As RegHive, strPath As String, strValue As String, Optional Default As String) As String
    : Dim hCurKey As Long
    : Dim lResult As Long
    : Dim lValueType As Long
    : Dim strBuffer As String
    : Dim lDataBufferSize As Long
    : Dim intZeroPos As Integer
    : Dim lRegResult As Long
    : 'Set up default value
    : If Not IsEmpty(Default) Then
    : GetRegString = Default
    : Else
    : GetRegString = ""
    : End If
    : lRegResult = RegOpenKey(hKey, strPath, hCurKey)
    : lRegResult = RegQueryValueEx(hCurKey, strValue, 0&, lValueType, ByVal 0&, lDataBufferSize)
    : If lRegResult = ERROR_SUCCESS Then
    : If lValueType = REG_SZ Then
    : strBuffer = String(lDataBufferSize, " ")
    : lResult = RegQueryValueEx(hCurKey, strValue, 0&, 0&, ByVal strBuffer, lDataBufferSize)
    : intZeroPos = InStr(strBuffer, Chr$(0))
    : If intZeroPos > 0 Then
    : GetRegString = Left$(strBuffer, intZeroPos - 1)
    : Else
    : GetRegString = strBuffer
    : End If
    : End If
    : Else
    : 'there is a problem
    : End If
    : lRegResult = RegCloseKey(hCurKey)
    : End Function
    :
    : Public Function SaveRegString(hKey As RegHive, strPath As String, strValue As String, strData As String)
    : Dim hCurKey As Long
    : Dim lRegResult As Long
    : lRegResult = RegCreateKey(hKey, strPath, hCurKey)
    : lRegResult = RegSetValueEx(hCurKey, strValue, 0, REG_SZ, ByVal strData, Len(strData))
    : If lRegResult <> ERROR_SUCCESS Then
    : 'there is a problem
    : End If
    : lRegResult = RegCloseKey(hCurKey)
    : End Function
    :
    : Public Function GetRegLong(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String, Optional Default As Long) As Long
    : Dim lRegResult As Long
    : Dim lValueType As Long
    : Dim lBuffer As Long
    : Dim lDataBufferSize As Long
    : Dim hCurKey As Long
    : 'Set up default value
    : If Not IsEmpty(Default) Then
    : GetRegLong = Default
    : Else
    : GetRegLong = 0
    : End If
    : lRegResult = RegOpenKey(hKey, strPath, hCurKey)
    : lDataBufferSize = 4 '4 bytes = 32 bits = long
    : lRegResult = RegQueryValueEx(hCurKey, strValue, 0&, lValueType, lBuffer, lDataBufferSize)
    : If lRegResult = ERROR_SUCCESS Then
    : If lValueType = REG_DWORD Then
    : GetRegLong = lBuffer
    : End If
    : Else
    : 'there is a problem
    : End If
    : lRegResult = RegCloseKey(hCurKey)
    : End Function
    :
    : Public Function SaveRegLong(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String, ByVal lData As Long)
    : Dim hCurKey As Long
    : Dim lRegResult As Long
    : lRegResult = RegCreateKey(hKey, strPath, hCurKey)
    : lRegResult = RegSetValueEx(hCurKey, strValue, 0&, REG_DWORD, lData, 4)
    : If lRegResult <> ERROR_SUCCESS Then
    : 'there is a problem
    : End If
    : lRegResult = RegCloseKey(hCurKey)
    : End Function
    :
    : Public Function GetRegByte(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValueName As String, Optional Default As Variant) As Variant
    : Dim lValueType As Long
    : Dim byBuffer() As Byte
    : Dim lDataBufferSize As Long
    : Dim lRegResult As Long
    : Dim hCurKey As Long
    : If Not IsEmpty(Default) Then
    : If VarType(Default) = vbArray + vbByte Then
    : GetRegByte = Default
    : Else
    : GetRegByte = 0
    : End If
    : Else
    : GetRegByte = 0
    : End If
    : lRegResult = RegOpenKey(hKey, strPath, hCurKey)
    : lRegResult = RegQueryValueEx(hCurKey, strValueName, 0&, lValueType, ByVal 0&, lDataBufferSize)
    : If lRegResult = ERROR_SUCCESS Then
    : If lValueType = REG_BINARY Then
    : ReDim byBuffer(lDataBufferSize - 1) As Byte
    : lRegResult = RegQueryValueEx(hCurKey, strValueName, 0&, lValueType, byBuffer(0), lDataBufferSize)
    : GetRegByte = byBuffer
    : End If
    : Else
    : 'there is a problem
    : End If
    : lRegResult = RegCloseKey(hCurKey)
    : End Function
    :
    : Public Function SaveRegByte(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValueName As String, byData() As Byte)
    : Dim lRegResult As Long
    : Dim hCurKey As Long
    : lRegResult = RegCreateKey(hKey, strPath, hCurKey)
    : lRegResult = RegSetValueEx(hCurKey, strValueName, 0&, REG_BINARY, byData(0), UBound(byData()) + 1)
    : lRegResult = RegCloseKey(hCurKey)
    : End Function
    :
    : Public Function CopyRegByte(ByVal From_hKey As RegHive, ByVal From_strPath As String, _
    : ByVal From_strKeyName As String, ByVal To_strPath As String, _
    : Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String)
    :
    : If To_hKey = 0 Then
    : To_hKey = From_hKey
    : Else
    : To_hKey = To_hKey
    : End If
    : If To_strKeyName = "" Then
    : To_strKeyName = From_strKeyName
    : Else
    : To_strKeyName = To_strKeyName
    : End If
    :
    : Dim mybytes As Variant
    : mybytes = GetRegByte(From_hKey, From_strPath, From_strKeyName)
    : thelen = UBound(mybytes)
    : Dim x() As Byte
    : ReDim x(thelen)
    : For i = 0 To UBound(mybytes)
    : x(i) = mybytes(i)
    : Next i
    : rslt = SaveRegByte(To_hKey, To_strPath, To_strKeyName, x)
    : End Function
    :
    : Public Function CopyRegString(ByVal From_hKey As RegHive, ByVal From_strPath As String, _
    : ByVal From_strKeyName As String, ByVal To_strPath As String, _
    : Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String)
    :
    : If To_hKey = 0 Then
    : To_hKey = From_hKey
    : Else
    : To_hKey = To_hKey
    : End If
    : If To_strKeyName = "" Then
    : To_strKeyName = From_strKeyName
    : Else
    : To_strKeyName = To_strKeyName
    : End If
    :
    : Dim mystring As String
    : mystring = GetRegString(From_hKey, From_strPath, From_strKeyName)
    : rslt = SaveRegString(To_hKey, To_strPath, To_strKeyName, mystring)
    :
    : End Function
    :
    : Public Function CopyRegLong(ByVal hKey As RegHive, ByVal From_strPath As String, _
    : ByVal From_strKeyName As String, ByVal To_strPath As String, _
    : Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String)
    :
    : If To_hKey = 0 Then
    : To_hKey = From_hKey
    : Else
    : To_hKey = To_hKey
    : End If
    : If To_strKeyName = "" Then
    : To_strKeyName = From_strKeyName
    : Else
    : To_strKeyName = To_strKeyName
    : End If
    :
    : Dim mylong As Long
    : mylong = GetRegLong(From_hKey, From_strPath, From_strKeyName)
    : rslt = SaveRegLong(To_hKey, To_strPath, To_strKeyName, mylong)
    :
    : End Function
    : Public Function GetRegSubKeyList(ByVal hKey As RegHive, ByVal strPath As String)
    : On Error Resume Next
    : Dim lResult As Long, lKeyValue As Long, lDataTypeValue As Long, lValueLength As Long
    : Dim sValue As String, td As Double, i As Long, Ret As Boolean, tmprst()
    : Do Until Ret = True
    : lResult = RegOpenKey(hKey, strPath, lKeyValue)
    : sValue = Space$(2048)
    : lValueLength = Len(sValue)
    : lResult = RegEnumKey(lKeyValue, i, sValue, lValueLength)
    : If (lResult = 0) And (Err.Number = 0) Then
    : ReDim Preserve tmprst(i)
    : tmprst(i) = Left$(sValue, InStr(sValue, Chr(0)) - 1)
    : Else
    : Ret = True
    : End If
    : lResult = RegCloseKey(lKeyValue)
    : i = i + 1
    : Loop
    : GetRegSubKeyList = tmprst
    : End Function
    : [/blue]
    : and also when i send the trojan to do it's work how do i no the victims ip or if i send it to a person through msn can i find out then but i really dont want to do that cos they no where they get the virus from so really all i want is to no how i get the users ip
    : from
    : mark
    :
    :
    :
    hey m8, thanx for the code. Anywayz, read my tutorial on IP adresses. You'll find it in this messageboard.
    EtHeO out...

  • didanididani Member Posts: 99
    : [b][red]This message was edited by lavey666uk at 2004-4-7 5:32:46[/red][/b][hr]
    : you can find out the ip of the host with an api and then build a notify mechanism..
    : also .. you will need to consider firewalls !
    :
    : my advice.. search the vb section of pscode.com for specifc things.. ie; retrieve ip.
    : email notification.
    :
    : There are also some really nice code samples out there for reverse connection :D

    I couldn't reply to mark's message, so I post my reply here. A reverse connection is the victims computer to seek a connection with yours. That way, you will always know whether the victim is online and running your trojan.
    Email notification is the trojan sending an email to you, every time it is online.
    EtHeO out...

  • markblue777markblue777 Member Posts: 184
    thanks for ur info on how to find the ip in msn and that. but wot peice of reg api code do i use as i dont really want them to no that i have given it to them i want it to be like sent in an email or downloaded then it sends me an email with there ip and any other info like if it is running or not and also is there a way to intergrate the trojan with an exsiting prog like a small game i have downloaded can i add it to the game small game
    thanks
    from
    mark please help

  • lavey666uklavey666uk Member Posts: 9
    mark... u need a program called a binder .. do a google search there are loadsa good ones out there...

    : thanks for ur info on how to find the ip in msn and that. but wot peice of reg api code do i use as i dont really want them to no that i have given it to them i want it to be like sent in an email or downloaded then it sends me an email with there ip and any other info like if it is running or not and also is there a way to intergrate the trojan with an exsiting prog like a small game i have downloaded can i add it to the game small game
    : thanks
    : from
    : mark please help
    :
    :

  • markblue777markblue777 Member Posts: 184
    thanks for ur info but i really need to no the code for the reg api thing that lets me no wot the ip of the victims pc is and when the trojan is running help would be greate full please help or is there any code that does it
    please help
    from
    mark
    ps i have searched for binders but cant find any (strange as it seem's)
  • didanididani Member Posts: 99
    : thanks for ur info but i really need to no the code for the reg api thing that lets me no wot the ip of the victims pc is and when the trojan is running help would be greate full please help or is there any code that does it
    : please help
    : from
    : mark
    : ps i have searched for binders but cant find any (strange as it seem's)
    :
    Binding tools:
    Silk Rope, Saran Wrap, EliteWrap
    search google for these tools, download them, and use them to bind your trojan to the program people would want to download
    EtHeO out...

  • markblue777markblue777 Member Posts: 184
    : : thanks for ur info but i really need to no the code for the reg api thing that lets me no wot the ip of the victims pc is and when the trojan is running help would be greate full please help or is there any code that does it
    : : please help
    : : from
    : : mark
    : : ps i have searched for binders but cant find any (strange as it seem's)
    : :
    : Binding tools:
    : Silk Rope, Saran Wrap, EliteWrap
    : search google for these tools, download them, and use them to bind your trojan to the program people would want to download
    right i have sent to trojan to sum 1 and tryped his ip in but it is taking foever to connect to him it just says connecting the when i click send message a runtime error displays which is '40006' and the comment says
    wrong protocol or connection state for the request transaction or request is this due to it trying to connect still or is a a general run time error
    HE HAS NO FIREWALL
    please help asap thanks
  • lavey666uklavey666uk Member Posts: 9
    [b][red]This message was edited by lavey666uk at 2004-4-7 14:10:28[/red][/b][hr]
    mark.. just a pointer for you..

    Always test your trojan b4 sending it to someone.. I run a spare box to test this kinda stuff on.. now seeing as you built this in vb u can control the test (for reg writes, etc)....


    anyway.. back to your question.. wrong protocol/state means u you dont have a conection.
Sign In or Register to comment.