'VB Trojans' Thread RSS Feed

VB Trojans

Thu, 16 Oct 2003 17:30:30 -0700

I've got an interesting tutorial that show's the basics of vb trojans, if anyone is interested post and let me know.

C:\Dos
C:\Dos Run
Run Dos Run

Re: VB Trojans

Mon, 20 Oct 2003 02:22:47 -0700

: I've got an interesting tutorial that show's the basics of vb trojans, if anyone is interested post and let me know.
:
:
:
:
: C:\Dos
: C:\Dos Run
: Run Dos Run
:
please mail it to me, so i can spread it on the evil mailing list
if you want to join, please mail me at didaniman@hotmail.com
EtHeO out...

Re: VB Trojans

Tue, 09 Dec 2003 00:52:06 -0700

hi...

i'm interested in knowing all about how VB Trojans work...
you can post the material here itself,
or you can post it to me at junior_jj@rediffmail.com
if you like...
:)

Re: VB Trojans

Tue, 09 Dec 2003 12:10:57 -0700

: hi...
:
: i'm interested in knowing all about how VB Trojans work...
: you can post the material here itself,
: or you can post it to me at junior_jj@rediffmail.com
: if you like...
: :)
:
:

I'm actually working on a better version then the tut shows you adding some functionality like screenshots and file transfers and what not. I'll send you a copy of the source when I finish.

Hope this helps.

C:\Dos
C:\Dos Run
Run Dos Run

Re: VB Trojans

Sat, 17 Jan 2004 13:03:14 -0700

hi, i am very interested in the tutorial someone plz send it 2 verochkal@aol.com thank you

Re: VB Trojans

Tue, 20 Jan 2004 13:59:09 -0700

: I've got an interesting tutorial that show's the basics of vb trojans, if anyone is interested post and let me know.
:
:
:
:
: C:\Dos
: C:\Dos Run
: Run Dos Run
:

Hey, i'm cool

----- if you're not too busy

Greets...
Richard

Re: VB Trojans

Wed, 21 Jan 2004 01:30:11 -0700

Plz send me also a copy of the source when u finish.
specialistonline@yahoo.com

: : hi...
: :
: : i'm interested in knowing all about how VB Trojans work...
: : you can post the material here itself,
: : or you can post it to me at junior_jj@rediffmail.com
: : if you like...
: : :)
: :
: :
:
: I'm actually working on a better version then the tut shows you adding some functionality like screenshots and file transfers and what not. I'll send you a copy of the source when I finish.
:
: Hope this helps.
:
: C:\Dos
: C:\Dos Run
: Run Dos Run
:
:
:

Re: VB Trojans

Wed, 21 Jan 2004 12:27:46 -0700

send it 2 me 2 plz if u can at verochkal@aol.com

Re: VB Trojans

Wed, 21 Jan 2004 16:32:54 -0700

: Plz send me also a copy of the source when u finish.
: specialistonline@yahoo.com
:
: : : hi...
: : :
: : : i'm interested in knowing all about how VB Trojans work...
: : : you can post the material here itself,
: : : or you can post it to me at junior_jj@rediffmail.com
: : : if you like...
: : : :)
: : :
: : :
: :
: : I'm actually working on a better version then the tut shows you adding some functionality like screenshots and file transfers and what not. I'll send you a copy of the source when I finish.
: :
: : Hope this helps.
: :
: : C:\Dos
: : C:\Dos Run
: : Run Dos Run
: :
: :
: :
:
:

for those of you waiting for the finished product, it is close to being complete, however I havn't had the time to work on it for a couple of months now, but I will try to finish it soon and get it out to you.

C:\Dos
C:\Dos Run
Run Dos Run

Re: VB Trojans

Tue, 02 Mar 2004 15:24:14 -0700

this is a pucka little tut.. exactly the intro to winsock i needed..

THX !!!!

Re: VB Trojans

Thu, 11 Mar 2004 15:26:47 -0700

Re: VB Trojans

Fri, 19 Mar 2004 06:53:28 -0700

: : hi...
: :
: : i'm interested in knowing all about how VB Trojans work...
: : you can post the material here itself,
: : or you can post it to me at junior_jj@rediffmail.com
: : if you like...
: : :)
: :
: :
: hi, i'm interested in knowing how they work too,
: send me an email erat_pi@hotmail.com
:
hi, i'm interested in knowing how they work too,
could you please send me the file please my email is markblue777@yahoo.com

Re: VB Trojans

Thu, 25 Mar 2004 00:41:21 -0700

could i pleaze have a copy 2 at pinicleoflife@hotmail.com thanks

wot does it do

Tue, 06 Apr 2004 07:18:15 -0700

: I've got an interesting tutorial that show's the basics of vb trojans, if anyone is interested post and let me know.
:
:
:
:
: C:\Dos
: C:\Dos Run
: Run Dos Run
:
hi i have 3 questions really first one is
wot does this virus do i have made it but wot does it do
second question is
i have never compiled a project before does it just mean do standard package and deploment or do u do somthing different so u dont have to install it
and last question is do i compile them seperatly or together and also one more question how do u use it do i send one part to a target machine or wot
please help
thanks from
mark

Re: wot does it do

Tue, 06 Apr 2004 12:16:23 -0700

: : I've got an interesting tutorial that show's the basics of vb trojans, if anyone is interested post and let me know.
: :
: :
: :
: :
: : C:\Dos
: : C:\Dos Run
: : Run Dos Run
: :
: hi i have 3 questions really first one is
: wot does this virus do i have made it but wot does it do
: second question is
: i have never compiled a project before does it just mean do standard package and deploment or do u do somthing different so u dont have to install it
: and last question is do i compile them seperatly or together and also one more question how do u use it do i send one part to a target machine or wot
: please help
: thanks from
: mark
:
Hi m8, here's the answers:
1. It is not a virus. It is a trojan... The difference? A trojan does not spread itself, a victim has to open it. What it does: It grants you the ability to send the user a message, open his cd-tray or shut his computer down.
The compiling is most easy:
File --> Make project1.exe --> Choose the desktop for location and tadaa... There appears the program on the desktop
The compiling should be done seperately, indeed. Compile the server part, and send this to the victim, and compile the client part, and use this as a tool to control the victim. Once you have compiled the server, you should make sure the victim opens it, or else you will not be able to control his pc...

Hope this helps...

EtHeO out...

Re: wot does it do

Tue, 06 Apr 2004 13:13:59 -0700

: : : I've got an interesting tutorial that show's the basics of vb trojans, if anyone is interested post and let me know.
: : :
: : :
: : :
: : :
: : : C:\Dos
: : : C:\Dos Run
: : : Run Dos Run
: : :
: : hi i have 3 questions really first one is
: : wot does this virus do i have made it but wot does it do
: : second question is
: : i have never compiled a project before does it just mean do standard package and deploment or do u do somthing different so u dont have to install it
: : and last question is do i compile them seperatly or together and also one more question how do u use it do i send one part to a target machine or wot
: : please help
: : thanks from
: : mark
: :
: Hi m8, here's the answers:
: 1. It is not a virus. It is a trojan... The difference? A trojan does not spread itself, a victim has to open it. What it does: It grants you the ability to send the user a message, open his cd-tray or shut his computer down.
: The compiling is most easy:
: File --> Make project1.exe --> Choose the desktop for location and tadaa... There appears the program on the desktop
: The compiling should be done seperately, indeed. Compile the server part, and send this to the victim, and compile the client part, and use this as a tool to control the victim. Once you have compiled the server, you should make sure the victim opens it, or else you will not be able to control his pc...
:
: Hope this helps...
:
: EtHeO out...
:

didani is absolutly right, this is a very basic program ment only to give you the knowhow to design a better one your self.

for those of you that have it, check out the registry api's you can add a simple bit of code that when the program executes it will right the reg key in so that it runs on start up, getting into it even more you can add more winsock controls or array them and then give yourself the ability to download files off of the victim or to transfer files yourself to the victem and then execute shells to load the newly tranfered programs, and for the truly dedicated programmers you can make it so that it will spawn copys of itself(this will most likly require the trojan to download an exe of itself or to have one extra one included under a different name - that does not however make it a virus as it does not infect any files it only does what you tell it to do..

on a side note the one that I finaly developed (not quite finished yet) funny enough is detected as a virus by mcaffe.

hope that helps everyone looking into it.

just remember the source in the tut really does nothing important at all you will need to expand apon it greatly to do anything worth while.

C:\Dos
C:\Dos Run
Run Dos Run

Re: wot does it do

Tue, 06 Apr 2004 15:39:29 -0700

: : : : I've got an interesting tutorial that show's the basics of vb trojans, if anyone is interested post and let me know.
: : : :
: : : :
: : : :
: : : :
: : : : C:\Dos
: : : : C:\Dos Run
: : : : Run Dos Run
: : : :
: : : hi i have 3 questions really first one is
: : : wot does this virus do i have made it but wot does it do
: : : second question is
: : : i have never compiled a project before does it just mean do standard package and deploment or do u do somthing different so u dont have to install it
: : : and last question is do i compile them seperatly or together and also one more question how do u use it do i send one part to a target machine or wot
: : : please help
: : : thanks from
: : : mark
: : :
: : Hi m8, here's the answers:
: : 1. It is not a virus. It is a trojan... The difference? A trojan does not spread itself, a victim has to open it. What it does: It grants you the ability to send the user a message, open his cd-tray or shut his computer down.
: : The compiling is most easy:
: : File --> Make project1.exe --> Choose the desktop for location and tadaa... There appears the program on the desktop
: : The compiling should be done seperately, indeed. Compile the server part, and send this to the victim, and compile the client part, and use this as a tool to control the victim. Once you have compiled the server, you should make sure the victim opens it, or else you will not be able to control his pc...
: :
: : Hope this helps...
: :
: : EtHeO out...
: :
:
:
: didani is absolutly right, this is a very basic program ment only to give you the knowhow to design a better one your self.
:
: for those of you that have it, check out the registry api's you can add a simple bit of code that when the program executes it will right the reg key in so that it runs on start up, getting into it even more you can add more winsock controls or array them and then give yourself the ability to download files off of the victim or to transfer files yourself to the victem and then execute shells to load the newly tranfered programs, and for the truly dedicated programmers you can make it so that it will spawn copys of itself(this will most likly require the trojan to download an exe of itself or to have one extra one included under a different name - that does not however make it a virus as it does not infect any files it only does what you tell it to do..
:
: on a side note the one that I finaly developed (not quite finished yet) funny enough is detected as a virus by mcaffe.
:
: hope that helps everyone looking into it.
:
: just remember the source in the tut really does nothing important at all you will need to expand apon it greatly to do anything worth while.
:
: C:\Dos
: C:\Dos Run
: Run Dos Run
:
:
hi i am new to vb so i need as much help as i can get soz if the questions where stupid sorry bout that but wot is the vb code for the reg key or where could i find it out
from
mark

Re: wot does it do

Tue, 06 Apr 2004 16:36:38 -0700

: : : : : I've got an interesting tutorial that show's the basics of vb trojans, if anyone is interested post and let me know.
: : : : :
: : : : :
: : : : :
: : : : :
: : : : : C:\Dos
: : : : : C:\Dos Run
: : : : : Run Dos Run
: : : : :
: : : : hi i have 3 questions really first one is
: : : : wot does this virus do i have made it but wot does it do
: : : : second question is
: : : : i have never compiled a project before does it just mean do standard package and deploment or do u do somthing different so u dont have to install it
: : : : and last question is do i compile them seperatly or together and also one more question how do u use it do i send one part to a target machine or wot
: : : : please help
: : : : thanks from
: : : : mark
: : : :
: : : Hi m8, here's the answers:
: : : 1. It is not a virus. It is a trojan... The difference? A trojan does not spread itself, a victim has to open it. What it does: It grants you the ability to send the user a message, open his cd-tray or shut his computer down.
: : : The compiling is most easy:
: : : File --> Make project1.exe --> Choose the desktop for location and tadaa... There appears the program on the desktop
: : : The compiling should be done seperately, indeed. Compile the server part, and send this to the victim, and compile the client part, and use this as a tool to control the victim. Once you have compiled the server, you should make sure the victim opens it, or else you will not be able to control his pc...
: : :
: : : Hope this helps...
: : :
: : : EtHeO out...
: : :
: :
: :
: : didani is absolutly right, this is a very basic program ment only to give you the knowhow to design a better one your self.
: :
: : for those of you that have it, check out the registry api's you can add a simple bit of code that when the program executes it will right the reg key in so that it runs on start up, getting into it even more you can add more winsock controls or array them and then give yourself the ability to download files off of the victim or to transfer files yourself to the victem and then execute shells to load the newly tranfered programs, and for the truly dedicated programmers you can make it so that it will spawn copys of itself(this will most likly require the trojan to download an exe of itself or to have one extra one included under a different name - that does not however make it a virus as it does not infect any files it only does what you tell it to do..
: :
: : on a side note the one that I finaly developed (not quite finished yet) funny enough is detected as a virus by mcaffe.
: :
: : hope that helps everyone looking into it.
: :
: : just remember the source in the tut really does nothing important at all you will need to expand apon it greatly to do anything worth while.
: :
: : C:\Dos
: : C:\Dos Run
: : Run Dos Run
: :
: :
: hi i am new to vb so i need as much help as i can get soz if the questions where stupid sorry bout that but wot is the vb code for the reg key or where could i find it out
: from
: mark
:

don't worry about it, your not going to know unless you ask right. as for the reg code, I'll try to dig it up and post it, or your can try to search for "registry API's" on google or on some vb programming site.

C:\Dos
C:\Dos Run
Run Dos Run

Re: wot does it do

Wed, 07 Apr 2004 01:10:41 -0700

: : : : : : I've got an interesting tutorial that show's the basics of vb trojans, if anyone is interested post and let me know.
: : : : : :
: : : : : :
: : : : : :
: : : : : :
: : : : : : C:\Dos
: : : : : : C:\Dos Run
: : : : : : Run Dos Run
: : : : : :
: : : : : hi i have 3 questions really first one is
: : : : : wot does this virus do i have made it but wot does it do
: : : : : second question is
: : : : : i have never compiled a project before does it just mean do standard package and deploment or do u do somthing different so u dont have to install it
: : : : : and last question is do i compile them seperatly or together and also one more question how do u use it do i send one part to a target machine or wot
: : : : : please help
: : : : : thanks from
: : : : : mark
: : : : :
: : : : Hi m8, here's the answers:
: : : : 1. It is not a virus. It is a trojan... The difference? A trojan does not spread itself, a victim has to open it. What it does: It grants you the ability to send the user a message, open his cd-tray or shut his computer down.
: : : : The compiling is most easy:
: : : : File --> Make project1.exe --> Choose the desktop for location and tadaa... There appears the program on the desktop
: : : : The compiling should be done seperately, indeed. Compile the server part, and send this to the victim, and compile the client part, and use this as a tool to control the victim. Once you have compiled the server, you should make sure the victim opens it, or else you will not be able to control his pc...
: : : :
: : : : Hope this helps...
: : : :
: : : : EtHeO out...
: : : :
: : :
: : :
: : : didani is absolutly right, this is a very basic program ment only to give you the knowhow to design a better one your self.
: : :
: : : for those of you that have it, check out the registry api's you can add a simple bit of code that when the program executes it will right the reg key in so that it runs on start up, getting into it even more you can add more winsock controls or array them and then give yourself the ability to download files off of the victim or to transfer files yourself to the victem and then execute shells to load the newly tranfered programs, and for the truly dedicated programmers you can make it so that it will spawn copys of itself(this will most likly require the trojan to download an exe of itself or to have one extra one included under a different name - that does not however make it a virus as it does not infect any files it only does what you tell it to do..
: : :
: : : on a side note the one that I finaly developed (not quite finished yet) funny enough is detected as a virus by mcaffe.
: : :
: : : hope that helps everyone looking into it.
: : :
: : : just remember the source in the tut really does nothing important at all you will need to expand apon it greatly to do anything worth while.
: : :
: : : C:\Dos
: : : C:\Dos Run
: : : Run Dos Run
: : :
: : :
: : hi i am new to vb so i need as much help as i can get soz if the questions where stupid sorry bout that but wot is the vb code for the reg key or where could i find it out
: : from
: : mark
: :
:
:
: don't worry about it, your not going to know unless you ask right. as for the reg code, I'll try to dig it up and post it, or your can try to search for "registry API's" on google or on some vb programming site.
:
: C:\Dos
: C:\Dos Run
: Run Dos Run
:
:
thanks mate i will for it as weell and could u look aswell please then if any of us find sumthing post it on here ok thaks
from
mark

Re: wot does it do

Wed, 07 Apr 2004 01:29:57 -0700

: : : : : : : I've got an interesting tutorial that show's the basics of vb trojans, if anyone is interested post and let me know.
: : : : : : :
: : : : : : :
: : : : : : :
: : : : : : :
: : : : : : : C:\Dos
: : : : : : : C:\Dos Run
: : : : : : : Run Dos Run
: : : : : : :
: : : : : : hi i have 3 questions really first one is
: : : : : : wot does this virus do i have made it but wot does it do
: : : : : : second question is
: : : : : : i have never compiled a project before does it just mean do standard package and deploment or do u do somthing different so u dont have to install it
: : : : : : and last question is do i compile them seperatly or together and also one more question how do u use it do i send one part to a target machine or wot
: : : : : : please help
: : : : : : thanks from
: : : : : : mark
: : : : : :
: : : : : Hi m8, here's the answers:
: : : : : 1. It is not a virus. It is a trojan... The difference? A trojan does not spread itself, a victim has to open it. What it does: It grants you the ability to send the user a message, open his cd-tray or shut his computer down.
: : : : : The compiling is most easy:
: : : : : File --> Make project1.exe --> Choose the desktop for location and tadaa... There appears the program on the desktop
: : : : : The compiling should be done seperately, indeed. Compile the server part, and send this to the victim, and compile the client part, and use this as a tool to control the victim. Once you have compiled the server, you should make sure the victim opens it, or else you will not be able to control his pc...
: : : : :
: : : : : Hope this helps...
: : : : :
: : : : : EtHeO out...
: : : : :
: : : :
: : : :
: : : : didani is absolutly right, this is a very basic program ment only to give you the knowhow to design a better one your self.
: : : :
: : : : for those of you that have it, check out the registry api's you can add a simple bit of code that when the program executes it will right the reg key in so that it runs on start up, getting into it even more you can add more winsock controls or array them and then give yourself the ability to download files off of the victim or to transfer files yourself to the victem and then execute shells to load the newly tranfered programs, and for the truly dedicated programmers you can make it so that it will spawn copys of itself(this will most likly require the trojan to download an exe of itself or to have one extra one included under a different name - that does not however make it a virus as it does not infect any files it only does what you tell it to do..
: : : :
: : : : on a side note the one that I finaly developed (not quite finished yet) funny enough is detected as a virus by mcaffe.
: : : :
: : : : hope that helps everyone looking into it.
: : : :
: : : : just remember the source in the tut really does nothing important at all you will need to expand apon it greatly to do anything worth while.
: : : :
: : : : C:\Dos
: : : : C:\Dos Run
: : : : Run Dos Run
: : : :
: : : :
: : : hi i am new to vb so i need as much help as i can get soz if the questions where stupid sorry bout that but wot is the vb code for the reg key or where could i find it out
: : : from
: : : mark
: : :
: :
: :
: : don't worry about it, your not going to know unless you ask right. as for the reg code, I'll try to dig it up and post it, or your can try to search for "registry API's" on google or on some vb programming site.
: :
: : C:\Dos
: : C:\Dos Run
: : Run Dos Run
: :
: :
: thanks mate i will for it as weell and could u look aswell please then if any of us find sumthing post it on here ok thaks
: from
: mark

Hi all i managed to find sum code all u do is put it in a module
here it is

Enum RegHive
HKEY_CLASSES_ROOT = &H80000000
HK_CR = &H80000000
HKEY_CURRENT_USER = &H80000001
HK_CU = &H80000001
HKEY_LOCAL_MACHINE = &H80000002
HK_LM = &H80000002
HKEY_USERS = &H80000003
HK_US = &H80000003
HKEY_CURRENT_CONFIG = &H80000005
HK_CC = &H80000005
HKEY_DYN_DATA = &H80000006
HK_DD = &H80000006
End Enum

Enum RegType
REG_SZ = 1 'Unicode nul terminated string
REG_BINARY = 3 'Free form binary
REG_DWORD = 4 '32-bit number
End Enum

Public Const ERROR_SUCCESS = 0&
Public Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
Public Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Public Declare Function RegDeleteKey Lib "advapi32.dll" Alias "RegDeleteKeyA" (ByVal hKey As Long, ByVal lpSubKey As String) As Long
Public Declare Function RegDeleteValue Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal hKey As Long, ByVal lpValueName As String) As Long
Public Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Public Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Any, lpcbData As Long) As Long
Public Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long
Public Declare Function RegEnumKey Lib "advapi32.dll" Alias "RegEnumKeyA" (ByVal hKey As Long, ByVal dwIndex As Long, ByVal lpName As String, ByVal cbName As Long) As Long

Public Function DelRegValue(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String)
Dim hCurKey As Long
Dim lRegResult As Long
lRegResult = RegOpenKey(hKey, strPath, hCurKey)
lRegResult = RegDeleteValue(hCurKey, strValue)
lRegResult = RegCloseKey(hCurKey)
End Function

Public Function DelRegKey(ByVal hKey As RegHive, ByVal strPath As String) As Long
Dim lRegResult As Long
lRegResult = RegDeleteKey(hKey, strPath)
DelRegKey = lRegResult
End Function

Public Function CreateRegKey(hKey As RegHive, strPath As String)
Dim hCurKey As Long
Dim lRegResult As Long
lRegResult = RegCreateKey(hKey, strPath, hCurKey)
If lRegResult <> ERROR_SUCCESS Then
'there is a problem
End If
lRegResult = RegCloseKey(hCurKey)
End Function
Public Function GetRegString(hKey As RegHive, strPath As String, strValue As String, Optional Default As String) As String
Dim hCurKey As Long
Dim lResult As Long
Dim lValueType As Long
Dim strBuffer As String
Dim lDataBufferSize As Long
Dim intZeroPos As Integer
Dim lRegResult As Long
'Set up default value
If Not IsEmpty(Default) Then
GetRegString = Default
Else
GetRegString = ""
End If
lRegResult = RegOpenKey(hKey, strPath, hCurKey)
lRegResult = RegQueryValueEx(hCurKey, strValue, 0&, lValueType, ByVal 0&, lDataBufferSize)
If lRegResult = ERROR_SUCCESS Then
If lValueType = REG_SZ Then
strBuffer = String(lDataBufferSize, " ")
lResult = RegQueryValueEx(hCurKey, strValue, 0&, 0&, ByVal strBuffer, lDataBufferSize)
intZeroPos = InStr(strBuffer, Chr$(0))
If intZeroPos > 0 Then
GetRegString = Left$(strBuffer, intZeroPos - 1)
Else
GetRegString = strBuffer
End If
End If
Else
'there is a problem
End If
lRegResult = RegCloseKey(hCurKey)
End Function

Public Function SaveRegString(hKey As RegHive, strPath As String, strValue As String, strData As String)
Dim hCurKey As Long
Dim lRegResult As Long
lRegResult = RegCreateKey(hKey, strPath, hCurKey)
lRegResult = RegSetValueEx(hCurKey, strValue, 0, REG_SZ, ByVal strData, Len(strData))
If lRegResult <> ERROR_SUCCESS Then
'there is a problem
End If
lRegResult = RegCloseKey(hCurKey)
End Function

Public Function GetRegLong(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String, Optional Default As Long) As Long
Dim lRegResult As Long
Dim lValueType As Long
Dim lBuffer As Long
Dim lDataBufferSize As Long
Dim hCurKey As Long
'Set up default value
If Not IsEmpty(Default) Then
GetRegLong = Default
Else
GetRegLong = 0
End If
lRegResult = RegOpenKey(hKey, strPath, hCurKey)
lDataBufferSize = 4 '4 bytes = 32 bits = long
lRegResult = RegQueryValueEx(hCurKey, strValue, 0&, lValueType, lBuffer, lDataBufferSize)
If lRegResult = ERROR_SUCCESS Then
If lValueType = REG_DWORD Then
GetRegLong = lBuffer
End If
Else
'there is a problem
End If
lRegResult = RegCloseKey(hCurKey)
End Function

Public Function SaveRegLong(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String, ByVal lData As Long)
Dim hCurKey As Long
Dim lRegResult As Long
lRegResult = RegCreateKey(hKey, strPath, hCurKey)
lRegResult = RegSetValueEx(hCurKey, strValue, 0&, REG_DWORD, lData, 4)
If lRegResult <> ERROR_SUCCESS Then
'there is a problem
End If
lRegResult = RegCloseKey(hCurKey)
End Function

Public Function GetRegByte(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValueName As String, Optional Default As Variant) As Variant
Dim lValueType As Long
Dim byBuffer() As Byte
Dim lDataBufferSize As Long
Dim lRegResult As Long
Dim hCurKey As Long
If Not IsEmpty(Default) Then
If VarType(Default) = vbArray + vbByte Then
GetRegByte = Default
Else
GetRegByte = 0
End If
Else
GetRegByte = 0
End If
lRegResult = RegOpenKey(hKey, strPath, hCurKey)
lRegResult = RegQueryValueEx(hCurKey, strValueName, 0&, lValueType, ByVal 0&, lDataBufferSize)
If lRegResult = ERROR_SUCCESS Then
If lValueType = REG_BINARY Then
ReDim byBuffer(lDataBufferSize - 1) As Byte
lRegResult = RegQueryValueEx(hCurKey, strValueName, 0&, lValueType, byBuffer(0), lDataBufferSize)
GetRegByte = byBuffer
End If
Else
'there is a problem
End If
lRegResult = RegCloseKey(hCurKey)
End Function

Public Function SaveRegByte(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValueName As String, byData() As Byte)
Dim lRegResult As Long
Dim hCurKey As Long
lRegResult = RegCreateKey(hKey, strPath, hCurKey)
lRegResult = RegSetValueEx(hCurKey, strValueName, 0&, REG_BINARY, byData(0), UBound(byData()) + 1)
lRegResult = RegCloseKey(hCurKey)
End Function

Public Function CopyRegByte(ByVal From_hKey As RegHive, ByVal From_strPath As String, _
ByVal From_strKeyName As String, ByVal To_strPath As String, _
Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String)

If To_hKey = 0 Then
To_hKey = From_hKey
Else
To_hKey = To_hKey
End If
If To_strKeyName = "" Then
To_strKeyName = From_strKeyName
Else
To_strKeyName = To_strKeyName
End If

Dim mybytes As Variant
mybytes = GetRegByte(From_hKey, From_strPath, From_strKeyName)
thelen = UBound(mybytes)
Dim x() As Byte
ReDim x(thelen)
For i = 0 To UBound(mybytes)
x(i) = mybytes(i)
Next i
rslt = SaveRegByte(To_hKey, To_strPath, To_strKeyName, x)
End Function

Public Function CopyRegString(ByVal From_hKey As RegHive, ByVal From_strPath As String, _
ByVal From_strKeyName As String, ByVal To_strPath As String, _
Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String)

If To_hKey = 0 Then
To_hKey = From_hKey
Else
To_hKey = To_hKey
End If
If To_strKeyName = "" Then
To_strKeyName = From_strKeyName
Else
To_strKeyName = To_strKeyName
End If

Dim mystring As String
mystring = GetRegString(From_hKey, From_strPath, From_strKeyName)
rslt = SaveRegString(To_hKey, To_strPath, To_strKeyName, mystring)

End Function

Public Function CopyRegLong(ByVal hKey As RegHive, ByVal From_strPath As String, _
ByVal From_strKeyName As String, ByVal To_strPath As String, _
Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String)

If To_hKey = 0 Then
To_hKey = From_hKey
Else
To_hKey = To_hKey
End If
If To_strKeyName = "" Then
To_strKeyName = From_strKeyName
Else
To_strKeyName = To_strKeyName
End If

Dim mylong As Long
mylong = GetRegLong(From_hKey, From_strPath, From_strKeyName)
rslt = SaveRegLong(To_hKey, To_strPath, To_strKeyName, mylong)

End Function
Public Function GetRegSubKeyList(ByVal hKey As RegHive, ByVal strPath As String)
On Error Resume Next
Dim lResult As Long, lKeyValue As Long, lDataTypeValue As Long, lValueLength As Long
Dim sValue As String, td As Double, i As Long, Ret As Boolean, tmprst()
Do Until Ret = True
lResult = RegOpenKey(hKey, strPath, lKeyValue)
sValue = Space$(2048)
lValueLength = Len(sValue)
lResult = RegEnumKey(lKeyValue, i, sValue, lValueLength)
If (lResult = 0) And (Err.Number = 0) Then
ReDim Preserve tmprst(i)
tmprst(i) = Left$(sValue, InStr(sValue, Chr(0)) - 1)
Else
Ret = True
End If
lResult = RegCloseKey(lKeyValue)
i = i + 1
Loop
GetRegSubKeyList = tmprst
End Function

and also when i send the trojan to do it's work how do i no the victims ip or if i send it to a person through msn can i find out then but i really dont want to do that cos they no where they get the virus from so really all i want is to no how i get the users ip
from
mark

Re: wot does it do

Wed, 07 Apr 2004 05:19:17 -0700

: : : : : : : : I've got an interesting tutorial that show's the basics of vb trojans, if anyone is interested post and let me know.
: : : : : : : :
: : : : : : : :
: : : : : : : :
: : : : : : : :
: : : : : : : : C:\Dos
: : : : : : : : C:\Dos Run
: : : : : : : : Run Dos Run
: : : : : : : :
: : : : : : : hi i have 3 questions really first one is
: : : : : : : wot does this virus do i have made it but wot does it do
: : : : : : : second question is
: : : : : : : i have never compiled a project before does it just mean do standard package and deploment or do u do somthing different so u dont have to install it
: : : : : : : and last question is do i compile them seperatly or together and also one more question how do u use it do i send one part to a target machine or wot
: : : : : : : please help
: : : : : : : thanks from
: : : : : : : mark
: : : : : : :
: : : : : : Hi m8, here's the answers:
: : : : : : 1. It is not a virus. It is a trojan... The difference? A trojan does not spread itself, a victim has to open it. What it does: It grants you the ability to send the user a message, open his cd-tray or shut his computer down.
: : : : : : The compiling is most easy:
: : : : : : File --> Make project1.exe --> Choose the desktop for location and tadaa... There appears the program on the desktop
: : : : : : The compiling should be done seperately, indeed. Compile the server part, and send this to the victim, and compile the client part, and use this as a tool to control the victim. Once you have compiled the server, you should make sure the victim opens it, or else you will not be able to control his pc...
: : : : : :
: : : : : : Hope this helps...
: : : : : :
: : : : : : EtHeO out...
: : : : : :
: : : : :
: : : : :
: : : : : didani is absolutly right, this is a very basic program ment only to give you the knowhow to design a better one your self.
: : : : :
: : : : : for those of you that have it, check out the registry api's you can add a simple bit of code that when the program executes it will right the reg key in so that it runs on start up, getting into it even more you can add more winsock controls or array them and then give yourself the ability to download files off of the victim or to transfer files yourself to the victem and then execute shells to load the newly tranfered programs, and for the truly dedicated programmers you can make it so that it will spawn copys of itself(this will most likly require the trojan to download an exe of itself or to have one extra one included under a different name - that does not however make it a virus as it does not infect any files it only does what you tell it to do..
: : : : :
: : : : : on a side note the one that I finaly developed (not quite finished yet) funny enough is detected as a virus by mcaffe.
: : : : :
: : : : : hope that helps everyone looking into it.
: : : : :
: : : : : just remember the source in the tut really does nothing important at all you will need to expand apon it greatly to do anything worth while.
: : : : :
: : : : : C:\Dos
: : : : : C:\Dos Run
: : : : : Run Dos Run
: : : : :
: : : : :
: : : : hi i am new to vb so i need as much help as i can get soz if the questions where stupid sorry bout that but wot is the vb code for the reg key or where could i find it out
: : : : from
: : : : mark
: : : :
: : :
: : :
: : : don't worry about it, your not going to know unless you ask right. as for the reg code, I'll try to dig it up and post it, or your can try to search for "registry API's" on google or on some vb programming site.
: : :
: : : C:\Dos
: : : C:\Dos Run
: : : Run Dos Run
: : :
: : :
: : thanks mate i will for it as weell and could u look aswell please then if any of us find sumthing post it on here ok thaks
: : from
: : mark
:
: Hi all i managed to find sum code all u do is put it in a module
: here it is
:
: Enum RegHive
: HKEY_CLASSES_ROOT = &H80000000
: HK_CR = &H80000000
: HKEY_CURRENT_USER = &H80000001
: HK_CU = &H80000001
: HKEY_LOCAL_MACHINE = &H80000002
: HK_LM = &H80000002
: HKEY_USERS = &H80000003
: HK_US = &H80000003
: HKEY_CURRENT_CONFIG = &H80000005
: HK_CC = &H80000005
: HKEY_DYN_DATA = &H80000006
: HK_DD = &H80000006
: End Enum
:
: Enum RegType
: REG_SZ = 1 'Unicode nul terminated string
: REG_BINARY = 3 'Free form binary
: REG_DWORD = 4 '32-bit number
: End Enum
:
: Public Const ERROR_SUCCESS = 0&
: Public Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
: Public Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
: Public Declare Function RegDeleteKey Lib "advapi32.dll" Alias "RegDeleteKeyA" (ByVal hKey As Long, ByVal lpSubKey As String) As Long
: Public Declare Function RegDeleteValue Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal hKey As Long, ByVal lpValueName As String) As Long
: Public Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
: Public Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Any, lpcbData As Long) As Long
: Public Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long
: Public Declare Function RegEnumKey Lib "advapi32.dll" Alias "RegEnumKeyA" (ByVal hKey As Long, ByVal dwIndex As Long, ByVal lpName As String, ByVal cbName As Long) As Long
:
: Public Function DelRegValue(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String)
: Dim hCurKey As Long
: Dim lRegResult As Long
: lRegResult = RegOpenKey(hKey, strPath, hCurKey)
: lRegResult = RegDeleteValue(hCurKey, strValue)
: lRegResult = RegCloseKey(hCurKey)
: End Function
:
: Public Function DelRegKey(ByVal hKey As RegHive, ByVal strPath As String) As Long
: Dim lRegResult As Long
: lRegResult = RegDeleteKey(hKey, strPath)
: DelRegKey = lRegResult
: End Function
:
: Public Function CreateRegKey(hKey As RegHive, strPath As String)
: Dim hCurKey As Long
: Dim lRegResult As Long
: lRegResult = RegCreateKey(hKey, strPath, hCurKey)
: If lRegResult <> ERROR_SUCCESS Then
: 'there is a problem
: End If
: lRegResult = RegCloseKey(hCurKey)
: End Function
: Public Function GetRegString(hKey As RegHive, strPath As String, strValue As String, Optional Default As String) As String
: Dim hCurKey As Long
: Dim lResult As Long
: Dim lValueType As Long
: Dim strBuffer As String
: Dim lDataBufferSize As Long
: Dim intZeroPos As Integer
: Dim lRegResult As Long
: 'Set up default value
: If Not IsEmpty(Default) Then
: GetRegString = Default
: Else
: GetRegString = ""
: End If
: lRegResult = RegOpenKey(hKey, strPath, hCurKey)
: lRegResult = RegQueryValueEx(hCurKey, strValue, 0&, lValueType, ByVal 0&, lDataBufferSize)
: If lRegResult = ERROR_SUCCESS Then
: If lValueType = REG_SZ Then
: strBuffer = String(lDataBufferSize, " ")
: lResult = RegQueryValueEx(hCurKey, strValue, 0&, 0&, ByVal strBuffer, lDataBufferSize)
: intZeroPos = InStr(strBuffer, Chr$(0))
: If intZeroPos > 0 Then
: GetRegString = Left$(strBuffer, intZeroPos - 1)
: Else
: GetRegString = strBuffer
: End If
: End If
: Else
: 'there is a problem
: End If
: lRegResult = RegCloseKey(hCurKey)
: End Function
:
: Public Function SaveRegString(hKey As RegHive, strPath As String, strValue As String, strData As String)
: Dim hCurKey As Long
: Dim lRegResult As Long
: lRegResult = RegCreateKey(hKey, strPath, hCurKey)
: lRegResult = RegSetValueEx(hCurKey, strValue, 0, REG_SZ, ByVal strData, Len(strData))
: If lRegResult <> ERROR_SUCCESS Then
: 'there is a problem
: End If
: lRegResult = RegCloseKey(hCurKey)
: End Function
:
: Public Function GetRegLong(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String, Optional Default As Long) As Long
: Dim lRegResult As Long
: Dim lValueType As Long
: Dim lBuffer As Long
: Dim lDataBufferSize As Long
: Dim hCurKey As Long
: 'Set up default value
: If Not IsEmpty(Default) Then
: GetRegLong = Default
: Else
: GetRegLong = 0
: End If
: lRegResult = RegOpenKey(hKey, strPath, hCurKey)
: lDataBufferSize = 4 '4 bytes = 32 bits = long
: lRegResult = RegQueryValueEx(hCurKey, strValue, 0&, lValueType, lBuffer, lDataBufferSize)
: If lRegResult = ERROR_SUCCESS Then
: If lValueType = REG_DWORD Then
: GetRegLong = lBuffer
: End If
: Else
: 'there is a problem
: End If
: lRegResult = RegCloseKey(hCurKey)
: End Function
:
: Public Function SaveRegLong(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String, ByVal lData As Long)
: Dim hCurKey As Long
: Dim lRegResult As Long
: lRegResult = RegCreateKey(hKey, strPath, hCurKey)
: lRegResult = RegSetValueEx(hCurKey, strValue, 0&, REG_DWORD, lData, 4)
: If lRegResult <> ERROR_SUCCESS Then
: 'there is a problem
: End If
: lRegResult = RegCloseKey(hCurKey)
: End Function
:
: Public Function GetRegByte(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValueName As String, Optional Default As Variant) As Variant
: Dim lValueType As Long
: Dim byBuffer() As Byte
: Dim lDataBufferSize As Long
: Dim lRegResult As Long
: Dim hCurKey As Long
: If Not IsEmpty(Default) Then
: If VarType(Default) = vbArray + vbByte Then
: GetRegByte = Default
: Else
: GetRegByte = 0
: End If
: Else
: GetRegByte = 0
: End If
: lRegResult = RegOpenKey(hKey, strPath, hCurKey)
: lRegResult = RegQueryValueEx(hCurKey, strValueName, 0&, lValueType, ByVal 0&, lDataBufferSize)
: If lRegResult = ERROR_SUCCESS Then
: If lValueType = REG_BINARY Then
: ReDim byBuffer(lDataBufferSize - 1) As Byte
: lRegResult = RegQueryValueEx(hCurKey, strValueName, 0&, lValueType, byBuffer(0), lDataBufferSize)
: GetRegByte = byBuffer
: End If
: Else
: 'there is a problem
: End If
: lRegResult = RegCloseKey(hCurKey)
: End Function
:
: Public Function SaveRegByte(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValueName As String, byData() As Byte)
: Dim lRegResult As Long
: Dim hCurKey As Long
: lRegResult = RegCreateKey(hKey, strPath, hCurKey)
: lRegResult = RegSetValueEx(hCurKey, strValueName, 0&, REG_BINARY, byData(0), UBound(byData()) + 1)
: lRegResult = RegCloseKey(hCurKey)
: End Function
:
: Public Function CopyRegByte(ByVal From_hKey As RegHive, ByVal From_strPath As String, _
: ByVal From_strKeyName As String, ByVal To_strPath As String, _
: Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String)
:
: If To_hKey = 0 Then
: To_hKey = From_hKey
: Else
: To_hKey = To_hKey
: End If
: If To_strKeyName = "" Then
: To_strKeyName = From_strKeyName
: Else
: To_strKeyName = To_strKeyName
: End If
:
: Dim mybytes As Variant
: mybytes = GetRegByte(From_hKey, From_strPath, From_strKeyName)
: thelen = UBound(mybytes)
: Dim x() As Byte
: ReDim x(thelen)
: For i = 0 To UBound(mybytes)
: x(i) = mybytes(i)
: Next i
: rslt = SaveRegByte(To_hKey, To_strPath, To_strKeyName, x)
: End Function
:
: Public Function CopyRegString(ByVal From_hKey As RegHive, ByVal From_strPath As String, _
: ByVal From_strKeyName As String, ByVal To_strPath As String, _
: Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String)
:
: If To_hKey = 0 Then
: To_hKey = From_hKey
: Else
: To_hKey = To_hKey
: End If
: If To_strKeyName = "" Then
: To_strKeyName = From_strKeyName
: Else
: To_strKeyName = To_strKeyName
: End If
:
: Dim mystring As String
: mystring = GetRegString(From_hKey, From_strPath, From_strKeyName)
: rslt = SaveRegString(To_hKey, To_strPath, To_strKeyName, mystring)
:
: End Function
:
: Public Function CopyRegLong(ByVal hKey As RegHive, ByVal From_strPath As String, _
: ByVal From_strKeyName As String, ByVal To_strPath As String, _
: Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String)
:
: If To_hKey = 0 Then
: To_hKey = From_hKey
: Else
: To_hKey = To_hKey
: End If
: If To_strKeyName = "" Then
: To_strKeyName = From_strKeyName
: Else
: To_strKeyName = To_strKeyName
: End If
:
: Dim mylong As Long
: mylong = GetRegLong(From_hKey, From_strPath, From_strKeyName)
: rslt = SaveRegLong(To_hKey, To_strPath, To_strKeyName, mylong)
:
: End Function
: Public Function GetRegSubKeyList(ByVal hKey As RegHive, ByVal strPath As String)
: On Error Resume Next
: Dim lResult As Long, lKeyValue As Long, lDataTypeValue As Long, lValueLength As Long
: Dim sValue As String, td As Double, i As Long, Ret As Boolean, tmprst()
: Do Until Ret = True
: lResult = RegOpenKey(hKey, strPath, lKeyValue)
: sValue = Space$(2048)
: lValueLength = Len(sValue)
: lResult = RegEnumKey(lKeyValue, i, sValue, lValueLength)
: If (lResult = 0) And (Err.Number = 0) Then
: ReDim Preserve tmprst(i)
: tmprst(i) = Left$(sValue, InStr(sValue, Chr(0)) - 1)
: Else
: Ret = True
: End If
: lResult = RegCloseKey(lKeyValue)
: i = i + 1
: Loop
: GetRegSubKeyList = tmprst
: End Function
:
: and also when i send the trojan to do it's work how do i no the victims ip or if i send it to a person through msn can i find out then but i really dont want to do that cos they no where they get the virus from so really all i want is to no how i get the users ip
: from
: mark
:
:
:

I'm not sure if a simple ping will detect the open port on the victim or not, I'm not that familier with how a ping works on the reciving side, you could always have it listen on a certain port and responsed back, then do a sweep on that port, only problem is dynamic IP's - one other option would be to have the program check the IP every so often and send it some where so you can retrive it later.

C:\Dos
C:\Dos Run
Run Dos Run

Re: wot does it do

Wed, 07 Apr 2004 05:30:42 -0700

This message was edited by lavey666uk at 2004-4-7 5:32:46

you can find out the ip of the host with an api and then build a notify mechanism..
also .. you will need to consider firewalls !

my advice.. search the vb section of pscode.com for specifc things.. ie; retrieve ip.
email notification.

There are also some really nice code samples out there for reverse connection :D

Re: wot does it do

Wed, 07 Apr 2004 07:13:09 -0700

: This message was edited by lavey666uk at 2004-4-7 5:32:46

: you can find out the ip of the host with an api and then build a notify mechanism..
: also .. you will need to consider firewalls !
:
: my advice.. search the vb section of pscode.com for specifc things.. ie; retrieve ip.
: email notification.
:
: There are also some really nice code samples out there for reverse connection :D
:
:
Wot is a recerse connection does it mean it will tell me the ip of the victim in a email or something
and do u have any code fo retrieving ip address
from
mark

Re: wot does it do

Wed, 07 Apr 2004 09:51:36 -0700

: : : : : : : : I've got an interesting tutorial that show's the basics of vb trojans, if anyone is interested post and let me know.
: : : : : : : :
: : : : : : : :
: : : : : : : :
: : : : : : : :
: : : : : : : : C:\Dos
: : : : : : : : C:\Dos Run
: : : : : : : : Run Dos Run
: : : : : : : :
: : : : : : : hi i have 3 questions really first one is
: : : : : : : wot does this virus do i have made it but wot does it do
: : : : : : : second question is
: : : : : : : i have never compiled a project before does it just mean do standard package and deploment or do u do somthing different so u dont have to install it
: : : : : : : and last question is do i compile them seperatly or together and also one more question how do u use it do i send one part to a target machine or wot
: : : : : : : please help
: : : : : : : thanks from
: : : : : : : mark
: : : : : : :
: : : : : : Hi m8, here's the answers:
: : : : : : 1. It is not a virus. It is a trojan... The difference? A trojan does not spread itself, a victim has to open it. What it does: It grants you the ability to send the user a message, open his cd-tray or shut his computer down.
: : : : : : The compiling is most easy:
: : : : : : File --> Make project1.exe --> Choose the desktop for location and tadaa... There appears the program on the desktop
: : : : : : The compiling should be done seperately, indeed. Compile the server part, and send this to the victim, and compile the client part, and use this as a tool to control the victim. Once you have compiled the server, you should make sure the victim opens it, or else you will not be able to control his pc...
: : : : : :
: : : : : : Hope this helps...
: : : : : :
: : : : : : EtHeO out...
: : : : : :
: : : : :
: : : : :
: : : : : didani is absolutly right, this is a very basic program ment only to give you the knowhow to design a better one your self.
: : : : :
: : : : : for those of you that have it, check out the registry api's you can add a simple bit of code that when the program executes it will right the reg key in so that it runs on start up, getting into it even more you can add more winsock controls or array them and then give yourself the ability to download files off of the victim or to transfer files yourself to the victem and then execute shells to load the newly tranfered programs, and for the truly dedicated programmers you can make it so that it will spawn copys of itself(this will most likly require the trojan to download an exe of itself or to have one extra one included under a different name - that does not however make it a virus as it does not infect any files it only does what you tell it to do..
: : : : :
: : : : : on a side note the one that I finaly developed (not quite finished yet) funny enough is detected as a virus by mcaffe.
: : : : :
: : : : : hope that helps everyone looking into it.
: : : : :
: : : : : just remember the source in the tut really does nothing important at all you will need to expand apon it greatly to do anything worth while.
: : : : :
: : : : : C:\Dos
: : : : : C:\Dos Run
: : : : : Run Dos Run
: : : : :
: : : : :
: : : : hi i am new to vb so i need as much help as i can get soz if the questions where stupid sorry bout that but wot is the vb code for the reg key or where could i find it out
: : : : from
: : : : mark
: : : :
: : :
: : :
: : : don't worry about it, your not going to know unless you ask right. as for the reg code, I'll try to dig it up and post it, or your can try to search for "registry API's" on google or on some vb programming site.
: : :
: : : C:\Dos
: : : C:\Dos Run
: : : Run Dos Run
: : :
: : :
: : thanks mate i will for it as weell and could u look aswell please then if any of us find sumthing post it on here ok thaks
: : from
: : mark
:
: Hi all i managed to find sum code all u do is put it in a module
: here it is
:
: Enum RegHive
: HKEY_CLASSES_ROOT = &H80000000
: HK_CR = &H80000000
: HKEY_CURRENT_USER = &H80000001
: HK_CU = &H80000001
: HKEY_LOCAL_MACHINE = &H80000002
: HK_LM = &H80000002
: HKEY_USERS = &H80000003
: HK_US = &H80000003
: HKEY_CURRENT_CONFIG = &H80000005
: HK_CC = &H80000005
: HKEY_DYN_DATA = &H80000006
: HK_DD = &H80000006
: End Enum
:
: Enum RegType
: REG_SZ = 1 'Unicode nul terminated string
: REG_BINARY = 3 'Free form binary
: REG_DWORD = 4 '32-bit number
: End Enum
:
: Public Const ERROR_SUCCESS = 0&
: Public Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
: Public Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
: Public Declare Function RegDeleteKey Lib "advapi32.dll" Alias "RegDeleteKeyA" (ByVal hKey As Long, ByVal lpSubKey As String) As Long
: Public Declare Function RegDeleteValue Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal hKey As Long, ByVal lpValueName As String) As Long
: Public Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
: Public Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Any, lpcbData As Long) As Long
: Public Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long
: Public Declare Function RegEnumKey Lib "advapi32.dll" Alias "RegEnumKeyA" (ByVal hKey As Long, ByVal dwIndex As Long, ByVal lpName As String, ByVal cbName As Long) As Long
:
: Public Function DelRegValue(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String)
: Dim hCurKey As Long
: Dim lRegResult As Long
: lRegResult = RegOpenKey(hKey, strPath, hCurKey)
: lRegResult = RegDeleteValue(hCurKey, strValue)
: lRegResult = RegCloseKey(hCurKey)
: End Function
:
: Public Function DelRegKey(ByVal hKey As RegHive, ByVal strPath As String) As Long
: Dim lRegResult As Long
: lRegResult = RegDeleteKey(hKey, strPath)
: DelRegKey = lRegResult
: End Function
:
: Public Function CreateRegKey(hKey As RegHive, strPath As String)
: Dim hCurKey As Long
: Dim lRegResult As Long
: lRegResult = RegCreateKey(hKey, strPath, hCurKey)
: If lRegResult <> ERROR_SUCCESS Then
: 'there is a problem
: End If
: lRegResult = RegCloseKey(hCurKey)
: End Function
: Public Function GetRegString(hKey As RegHive, strPath As String, strValue As String, Optional Default As String) As String
: Dim hCurKey As Long
: Dim lResult As Long
: Dim lValueType As Long
: Dim strBuffer As String
: Dim lDataBufferSize As Long
: Dim intZeroPos As Integer
: Dim lRegResult As Long
: 'Set up default value
: If Not IsEmpty(Default) Then
: GetRegString = Default
: Else
: GetRegString = ""
: End If
: lRegResult = RegOpenKey(hKey, strPath, hCurKey)
: lRegResult = RegQueryValueEx(hCurKey, strValue, 0&, lValueType, ByVal 0&, lDataBufferSize)
: If lRegResult = ERROR_SUCCESS Then
: If lValueType = REG_SZ Then
: strBuffer = String(lDataBufferSize, " ")
: lResult = RegQueryValueEx(hCurKey, strValue, 0&, 0&, ByVal strBuffer, lDataBufferSize)
: intZeroPos = InStr(strBuffer, Chr$(0))
: If intZeroPos > 0 Then
: GetRegString = Left$(strBuffer, intZeroPos - 1)
: Else
: GetRegString = strBuffer
: End If
: End If
: Else
: 'there is a problem
: End If
: lRegResult = RegCloseKey(hCurKey)
: End Function
:
: Public Function SaveRegString(hKey As RegHive, strPath As String, strValue As String, strData As String)
: Dim hCurKey As Long
: Dim lRegResult As Long
: lRegResult = RegCreateKey(hKey, strPath, hCurKey)
: lRegResult = RegSetValueEx(hCurKey, strValue, 0, REG_SZ, ByVal strData, Len(strData))
: If lRegResult <> ERROR_SUCCESS Then
: 'there is a problem
: End If
: lRegResult = RegCloseKey(hCurKey)
: End Function
:
: Public Function GetRegLong(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String, Optional Default As Long) As Long
: Dim lRegResult As Long
: Dim lValueType As Long
: Dim lBuffer As Long
: Dim lDataBufferSize As Long
: Dim hCurKey As Long
: 'Set up default value
: If Not IsEmpty(Default) Then
: GetRegLong = Default
: Else
: GetRegLong = 0
: End If
: lRegResult = RegOpenKey(hKey, strPath, hCurKey)
: lDataBufferSize = 4 '4 bytes = 32 bits = long
: lRegResult = RegQueryValueEx(hCurKey, strValue, 0&, lValueType, lBuffer, lDataBufferSize)
: If lRegResult = ERROR_SUCCESS Then
: If lValueType = REG_DWORD Then
: GetRegLong = lBuffer
: End If
: Else
: 'there is a problem
: End If
: lRegResult = RegCloseKey(hCurKey)
: End Function
:
: Public Function SaveRegLong(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValue As String, ByVal lData As Long)
: Dim hCurKey As Long
: Dim lRegResult As Long
: lRegResult = RegCreateKey(hKey, strPath, hCurKey)
: lRegResult = RegSetValueEx(hCurKey, strValue, 0&, REG_DWORD, lData, 4)
: If lRegResult <> ERROR_SUCCESS Then
: 'there is a problem
: End If
: lRegResult = RegCloseKey(hCurKey)
: End Function
:
: Public Function GetRegByte(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValueName As String, Optional Default As Variant) As Variant
: Dim lValueType As Long
: Dim byBuffer() As Byte
: Dim lDataBufferSize As Long
: Dim lRegResult As Long
: Dim hCurKey As Long
: If Not IsEmpty(Default) Then
: If VarType(Default) = vbArray + vbByte Then
: GetRegByte = Default
: Else
: GetRegByte = 0
: End If
: Else
: GetRegByte = 0
: End If
: lRegResult = RegOpenKey(hKey, strPath, hCurKey)
: lRegResult = RegQueryValueEx(hCurKey, strValueName, 0&, lValueType, ByVal 0&, lDataBufferSize)
: If lRegResult = ERROR_SUCCESS Then
: If lValueType = REG_BINARY Then
: ReDim byBuffer(lDataBufferSize - 1) As Byte
: lRegResult = RegQueryValueEx(hCurKey, strValueName, 0&, lValueType, byBuffer(0), lDataBufferSize)
: GetRegByte = byBuffer
: End If
: Else
: 'there is a problem
: End If
: lRegResult = RegCloseKey(hCurKey)
: End Function
:
: Public Function SaveRegByte(ByVal hKey As RegHive, ByVal strPath As String, ByVal strValueName As String, byData() As Byte)
: Dim lRegResult As Long
: Dim hCurKey As Long
: lRegResult = RegCreateKey(hKey, strPath, hCurKey)
: lRegResult = RegSetValueEx(hCurKey, strValueName, 0&, REG_BINARY, byData(0), UBound(byData()) + 1)
: lRegResult = RegCloseKey(hCurKey)
: End Function
:
: Public Function CopyRegByte(ByVal From_hKey As RegHive, ByVal From_strPath As String, _
: ByVal From_strKeyName As String, ByVal To_strPath As String, _
: Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String)
:
: If To_hKey = 0 Then
: To_hKey = From_hKey
: Else
: To_hKey = To_hKey
: End If
: If To_strKeyName = "" Then
: To_strKeyName = From_strKeyName
: Else
: To_strKeyName = To_strKeyName
: End If
:
: Dim mybytes As Variant
: mybytes = GetRegByte(From_hKey, From_strPath, From_strKeyName)
: thelen = UBound(mybytes)
: Dim x() As Byte
: ReDim x(thelen)
: For i = 0 To UBound(mybytes)
: x(i) = mybytes(i)
: Next i
: rslt = SaveRegByte(To_hKey, To_strPath, To_strKeyName, x)
: End Function
:
: Public Function CopyRegString(ByVal From_hKey As RegHive, ByVal From_strPath As String, _
: ByVal From_strKeyName As String, ByVal To_strPath As String, _
: Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String)
:
: If To_hKey = 0 Then
: To_hKey = From_hKey
: Else
: To_hKey = To_hKey
: End If
: If To_strKeyName = "" Then
: To_strKeyName = From_strKeyName
: Else
: To_strKeyName = To_strKeyName
: End If
:
: Dim mystring As String
: mystring = GetRegString(From_hKey, From_strPath, From_strKeyName)
: rslt = SaveRegString(To_hKey, To_strPath, To_strKeyName, mystring)
:
: End Function
:
: Public Function CopyRegLong(ByVal hKey As RegHive, ByVal From_strPath As String, _
: ByVal From_strKeyName As String, ByVal To_strPath As String, _
: Optional ByVal To_hKey As RegHive, Optional ByVal To_strKeyName As String)
:
: If To_hKey = 0 Then
: To_hKey = From_hKey
: Else
: To_hKey = To_hKey
: End If
: If To_strKeyName = "" Then
: To_strKeyName = From_strKeyName
: Else
: To_strKeyName = To_strKeyName
: End If
:
: Dim mylong As Long
: mylong = GetRegLong(From_hKey, From_strPath, From_strKeyName)
: rslt = SaveRegLong(To_hKey, To_strPath, To_strKeyName, mylong)
:
: End Function
: Public Function GetRegSubKeyList(ByVal hKey As RegHive, ByVal strPath As String)
: On Error Resume Next
: Dim lResult As Long, lKeyValue As Long, lDataTypeValue As Long, lValueLength As Long
: Dim sValue As String, td As Double, i As Long, Ret As Boolean, tmprst()
: Do Until Ret = True
: lResult = RegOpenKey(hKey, strPath, lKeyValue)
: sValue = Space$(2048)
: lValueLength = Len(sValue)
: lResult = RegEnumKey(lKeyValue, i, sValue, lValueLength)
: If (lResult = 0) And (Err.Number = 0) Then
: ReDim Preserve tmprst(i)
: tmprst(i) = Left$(sValue, InStr(sValue, Chr(0)) - 1)
: Else
: Ret = True
: End If
: lResult = RegCloseKey(lKeyValue)
: i = i + 1
: Loop
: GetRegSubKeyList = tmprst
: End Function
:
: and also when i send the trojan to do it's work how do i no the victims ip or if i send it to a person through msn can i find out then but i really dont want to do that cos they no where they get the virus from so really all i want is to no how i get the users ip
: from
: mark
:
:
:
hey m8, thanx for the code. Anywayz, read my tutorial on IP adresses. You'll find it in this messageboard.
EtHeO out...

Re: wot does it do

Wed, 07 Apr 2004 09:57:08 -0700

: This message was edited by lavey666uk at 2004-4-7 5:32:46

: you can find out the ip of the host with an api and then build a notify mechanism..
: also .. you will need to consider firewalls !
:
: my advice.. search the vb section of pscode.com for specifc things.. ie; retrieve ip.
: email notification.
:
: There are also some really nice code samples out there for reverse connection :D

I couldn't reply to mark's message, so I post my reply here. A reverse connection is the victims computer to seek a connection with yours. That way, you will always know whether the victim is online and running your trojan.
Email notification is the trojan sending an email to you, every time it is online.
EtHeO out...

ip and combineing to another prog help

Wed, 07 Apr 2004 11:01:43 -0700

thanks for ur info on how to find the ip in msn and that. but wot peice of reg api code do i use as i dont really want them to no that i have given it to them i want it to be like sent in an email or downloaded then it sends me an email with there ip and any other info like if it is running or not and also is there a way to intergrate the trojan with an exsiting prog like a small game i have downloaded can i add it to the game small game
thanks
from
mark please help

Re: ip and combineing to another prog help

Wed, 07 Apr 2004 11:15:16 -0700

mark... u need a program called a binder .. do a google search there are loadsa good ones out there...

: thanks for ur info on how to find the ip in msn and that. but wot peice of reg api code do i use as i dont really want them to no that i have given it to them i want it to be like sent in an email or downloaded then it sends me an email with there ip and any other info like if it is running or not and also is there a way to intergrate the trojan with an exsiting prog like a small game i have downloaded can i add it to the game small game
: thanks
: from
: mark please help
:
:

i need sum more info plz

Wed, 07 Apr 2004 12:53:43 -0700

thanks for ur info but i really need to no the code for the reg api thing that lets me no wot the ip of the victims pc is and when the trojan is running help would be greate full please help or is there any code that does it
please help
from
mark
ps i have searched for binders but cant find any (strange as it seem's)

Re: i need sum more info plz

Wed, 07 Apr 2004 13:19:48 -0700

: thanks for ur info but i really need to no the code for the reg api thing that lets me no wot the ip of the victims pc is and when the trojan is running help would be greate full please help or is there any code that does it
: please help
: from
: mark
: ps i have searched for binders but cant find any (strange as it seem's)
:
Binding tools:
Silk Rope, Saran Wrap, EliteWrap
search google for these tools, download them, and use them to bind your trojan to the program people would want to download
EtHeO out...

Re: i need sum more info plz ASAP

Wed, 07 Apr 2004 13:55:21 -0700

: : thanks for ur info but i really need to no the code for the reg api thing that lets me no wot the ip of the victims pc is and when the trojan is running help would be greate full please help or is there any code that does it
: : please help
: : from
: : mark
: : ps i have searched for binders but cant find any (strange as it seem's)
: :
: Binding tools:
: Silk Rope, Saran Wrap, EliteWrap
: search google for these tools, download them, and use them to bind your trojan to the program people would want to download
right i have sent to trojan to sum 1 and tryped his ip in but it is taking foever to connect to him it just says connecting the when i click send message a runtime error displays which is '40006' and the comment says
wrong protocol or connection state for the request transaction or request is this due to it trying to connect still or is a a general run time error
HE HAS NO FIREWALL
please help asap thanks

Re: i need sum more info plz ASAP

Wed, 07 Apr 2004 14:07:20 -0700

This message was edited by lavey666uk at 2004-4-7 14:10:28

mark.. just a pointer for you..

Always test your trojan b4 sending it to someone.. I run a spare box to test this kinda stuff on.. now seeing as you built this in vb u can control the test (for reg writes, etc)....

anyway.. back to your question.. wrong protocol/state means u you dont have a conection.

Re: i need sum more info plz ASAP

Wed, 07 Apr 2004 14:14:33 -0700

: This message was edited by lavey666uk at 2004-4-7 14:10:28

: mark.. just a pointer for you..
:
: Always test your trojan b4 sending it to someone.. I run a spare box to test this kinda stuff on.. now seeing as you built this in vb u can control the test (for reg writes, etc)....
:
:
: anyway.. back to your question.. wrong protocol/state means u you dont have a conection.
:
will this trojan do anything bad to me or do i need the client and thats the only way to control
i have a filewall as well do i need to accept it in there as well

Re: i need sum more info plz

Wed, 07 Apr 2004 14:17:52 -0700

hi thanks for telling me to test it it has cum up with an error (dont no y i did not think bout it) the error is run time error '424' object requied wot do i need to add to get it to work
please help asap thanks
from
mark

Re: i need sum more info plz ASAP

Wed, 07 Apr 2004 14:18:30 -0700

: : This message was edited by lavey666uk at 2004-4-7 14:10:28

: : mark.. just a pointer for you..
: :
: : Always test your trojan b4 sending it to someone.. I run a spare box to test this kinda stuff on.. now seeing as you built this in vb u can control the test (for reg writes, etc)....
: :
: :
: : anyway.. back to your question.. wrong protocol/state means u you dont have a conection.
: :
: will this trojan do anything bad to me or do i need the client and thats the only way to control
: i have a filewall as well do i need to accept it in there as well
:
:

the trojan will only do what you tell it to do, if you have a firewall you will probably have to open up that port to get through, as for you connection problem, either you are not requesting to connect to the same port that is listening on the other side, or the other side is not listening at all, no code to listen - or not running.

C:\Dos
C:\Dos Run
Run Dos Run

Problems i had

Wed, 07 Apr 2004 15:15:49 -0700

Hi i have fixed all the problems i have had and everything works when i test it but when i try it on me mate who has opened it and everything it takes forever to connect it just say connecting all the time y is this and is theree a way to make it go faster i(note i have note been connected to an outside computer as of yet
from
mark

Re: Problems i had

Wed, 07 Apr 2004 15:49:51 -0700

: Hi i have fixed all the problems i have had and everything works when i test it but when i try it on me mate who has opened it and everything it takes forever to connect it just say connecting all the time y is this and is theree a way to make it go faster i(note i have note been connected to an outside computer as of yet
: from
: mark
:
Right and also even if the server is not running it still tries to connect is there a way to stop this so it only tries to connect when the server is running or wot can i do as i can run the app on my pc and it works fine i send it to me mate so i can test it and it just say connecting could it be due to him being on a network and the other 2 pc's have firewalls on them or wot please help

Re: Problems i had

Thu, 08 Apr 2004 03:56:11 -0700

: : Hi i have fixed all the problems i have had and everything works when i test it but when i try it on me mate who has opened it and everything it takes forever to connect it just say connecting all the time y is this and is theree a way to make it go faster i(note i have note been connected to an outside computer as of yet
: : from
: : mark
: :
: Right and also even if the server is not running it still tries to connect is there a way to stop this so it only tries to connect when the server is running or wot can i do as i can run the app on my pc and it works fine i send it to me mate so i can test it and it just say connecting could it be due to him being on a network and the other 2 pc's have firewalls on them or wot please help
:
A firewall is a problem. But only if it is between your computer and his. In other words, is his computer directly connected to the internet, or is a firewalled computer inbetween? If so, try to get the firewall to forward all the ports. And try port 80 instead.
The other question is impossible. To know if the server is alive, you could ping it, but that would just check if the computer is alive, or connect to the specific port, and that takes ages, as you said. It is however possible to stop trying after, say, 10 seconds.
What could be a problem, too, is the computer being behind another computer. Then you would have to run the server on the computer inbetween, or get the computer in between to forward the communication between the computers.
EtHeO out...

Re: i need sum more info plz ASAP

Thu, 08 Apr 2004 04:11:26 -0700

: : : thanks for ur info but i really need to no the code for the reg api thing that lets me no wot the ip of the victims pc is and when the trojan is running help would be greate full please help or is there any code that does it
: : : please help
: : : from
: : : mark
: : : ps i have searched for binders but cant find any (strange as it seem's)
: : :
: : Binding tools:
: : Silk Rope, Saran Wrap, EliteWrap
: : search google for these tools, download them, and use them to bind your trojan to the program people would want to download
: right i have sent to trojan to sum 1 and tryped his ip in but it is taking foever to connect to him it just says connecting the when i click send message a runtime error displays which is '40006' and the comment says
: wrong protocol or connection state for the request transaction or request is this due to it trying to connect still or is a a general run time error
: HE HAS NO FIREWALL
: please help asap thanks
:
Is the internet connection routed over another PC? Do you have a firewall? In that case (If even one yes) you should set up the computers to forward the ports, or it won't work.
EtHeO out...

Re: VB Trojans

Wed, 14 Jul 2004 08:48:02 -0700

: I've got an interesting tutorial that show's the basics of vb trojans, if anyone is interested post and let me know.
:
:
:
:
: C:\Dos
: C:\Dos Run
: Run Dos Run
:

im interested

Re: VB Trojans

Fri, 16 Jul 2004 04:33:32 -0700

: : I've got an interesting tutorial that show's the basics of vb trojans, if anyone is interested post and let me know.
: :
: :
: :
: :
: : C:\Dos
: : C:\Dos Run
: : Run Dos Run
: :
:
: im interested
:
yo mate send it to me please send it to markblue777@yahoo.com in a zipped file thx
from
mark

Re: VB Trojans

Wed, 27 Oct 2004 14:01:10 -0700

This message was edited by TheOneandOnly at 2004-10-27 14:1:36

: I've got an interesting tutorial that show's the basics of vb trojans, if anyone is interested post and let me know.
:
:
:
:
: C:\Dos
: C:\Dos Run
: Run Dos Run
:
can you send me the tut i have a few issues to work out

Flippy_the_bear@hotmail.com

The One and Only

Re: VB Trojans

Sat, 23 May 2009 08:12:48 -0700

Send It Over Thanks levendis@live.com.au

Thank You