ترول های طنزوقتی كسی بدونه چطور ویروس رو درست كرده خوب مسلماً میدونه كه چطور خنثی كنش.
قبل از آموزش ساخت آنتی ویروس باید این توضیحات رو بخونید:
این آنتی ویروس نیست بلكه یك نرم افزاره كه طبق دستورات داده شده برنامه رو پاك میكنه. مثلاً اول از همه برنامه رو از حافظه خارج میكنه (End task) و بعد از اون برنامه رو از Run رجیستری حذف میكنه و به همین صورت همه خرابكاری ها رو به حالت اولش بر میگردونه. مثلاً اگه تو رجیستری كلید NoClose رو با عدد 1 مقدار دهی كرده بود (1=Disable, 0=Enable) حالا برای درست كردنش، با عدد 0 مقدار دهی میكنه، همین.
Command Button و یك Label درون فرمتون قرار بدید و همچنین یك Module به برنامتون اضافه كنید. نام یكی از Command Button ها رو بزارید cmdClean و نام دیگری رو بزارید cmdExit و همچنین نام Label رو هم بزارید lblReport. حالا كدهای زیر رو تو فرمتون كپی كنید :
توجه : برای اینكه آنتی ویروس به طور صحیح عمل كنه، در قسمتی از كد فرم كه پر رنگ شده (Virus Title) باید عنوان پروژه ویروس رو وارد كنید. اگر عنوان پروژه ویروس رو چیزی وارد نكردید، به جای قسمت پر رنگ باید Project1 رو بذارید در غیر این صورت عنوان پروژه ویروس رو وارد كنید. برای اینكه بدونید عنوان پروژه ویروس چی بوده، پروژه ویروس رو باز كنید و از قسمت Project گزینه Project1 Properties رو انتخاب كنید (آخرین گزینه) و روی تب Make كلیك كنید. در قسمت Application رویروی گزینهی Title عنوان پروژه نوشته شده كه به صورت پیش فرض Project1 هست.
آموزش ساخت:
یك پروژه جدید باز كنید و دو تا Button روی فرم قرار بدید و همچنین یک Module به پروژه اضافه کنید و کد زیر رو در قسمت جنرال فرمتون کپی کنید :
Private Sub cmdClean_Click() cmdExit.Enabled = False On Error Resume Next Do Handle = FindWindow(vbNullString, "Virus Title") If Handle = 0 Then Exit Do Call SendMessage(Handle, &H10, 0&, 0&) Loop Until Handle = 0 Call RemoveFromRun("svchost") Call RemoveFromRun("krnl32 dllhost") Call RemoveFromRun("ctfmon") lblReport.Caption = "Removed from Startup." Start = Timer Do While Timer < Start + 1 DoEvents Loop Call Repair lblReport.Caption = "Repair Registry Problems." SetAttr WinDrive & "WINDOWSsystem", vbNormal SetAttr WinDrive & "WINDOWSsystem32", vbNormal SetAttr WinDrive & "WINDOWS", vbNormal SetAttr WinDrive & "Program Files", vbNormal SetAttr WinDrive & "Documents and Settings", vbNormal SetAttr WinDrive & "WINDOWSsystem32driverssvchost.exe", vbNormal SetAttr WinDrive & "WINDOWSsystem32driversdllhost.exe", vbNormal SetAttr WinDrive & "Documents and SettingsAll UsersApplication Dataservices.exe", vbNormal Start = Timer Do While Timer < Start + 2 DoEvents Loop Call KillAutoRun lblReport.Caption = "Deleting All Virus Files..." Start = Timer Do While Timer < Start + 2 DoEvents Loop Kill WinDrive & "WINDOWSsystem32driverssvchost.exe" Kill WinDrive & "WINDOWSsystem32driversdllhost.exe" Kill WinDrive & "Documents and SettingsAll UsersApplication Dataservices.exe" lblReport.Caption = "All Virus Deleted." cmdExit.Enabled = True RetVal = MsgBox("Your Windows need to Logoff. Do you want to Logoff your Windows?", vbYesNo + vbQuestion + vbDefaultButton1, "Resatrt") If RetVal = 6 Then Shell "Shutdown -l -t 0" End Sub Private Sub cmdExit_Click() End End Sub
حالا كدهای زیر رو تو Module1 كپی كنید :
Public Declare Function GetLogicalDriveStrings Lib "kernel32" Alias "GetLogicalDriveStringsA" (ByVal nBufferLength As Long, ByVal lpBuffer As String) As Long
Public Declare Function SwapMouseButton Lib "User32" (ByVal bSwap As Long) As Long
Public Declare Function GetWindowsDirectory Lib "kernel32" Alias "GetWindowsDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long
Public Declare Function FindWindow Lib "User32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Public Declare Function SendMessage Lib "User32" Alias "SendMessageA" (ByVal hWnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long
Public Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal HKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Public Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal HKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long
Public Declare Function RegDeleteValue Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal HKey As Long, ByVal lpValueName As String) As Long
Public Declare Function RegCloseKey Lib "advapi32.dll" (ByVal HKey As Long) As Long
Public Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal HKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Public Const HKEY_CLASSES_ROOT = &H80000000
Public Const HKEY_CURRENT_CONFIG = &H80000005
Public Const HKEY_USERS = &H80000003
Public Const HKEY_CURRENT_USER = &H80000001
Public Const HKEY_LOCAL_MACHINE = &H80000002
Public Const REG_SZ = 1
Public Const REG_DWORD = 4
Public Const REG_NONE = 0
Public Const REG_MULTI_SZ = 7
Public Const REG_EXPAND_SZ = 2
Public Const REG_BINARY = 3
Private Sub SaveString(ByVal HKey As Long, strPath As String, strValue As String, ByVal lngdata As Long, ByVal lngType As Long, ByVal lngLen As Long)
Dim keyhand As Long
Dim r As Long
r = RegCreateKey(HKey, strPath, keyhand)
r = RegSetValueEx(keyhand, strValue, 0, lngType, lngdata, CLng(lngLen))
r = RegCloseKey(keyhand)
End Sub
Public Sub RemoveFromRun(ProgramName As String)
Call DeleteValue("SoftwareMicrosoftWindowsCurrentVersionRun", ProgramName)
End Sub
Private Function DeleteValue(ByVal strPath As String, ByVal strValue As String)
Dim keyhand As Long
Dim r As Long
r = RegOpenKey(HKEY_LOCAL_MACHINE, strPath, keyhand)
r = RegDeleteValue(keyhand, strValue)
r = RegCloseKey(keyhand)
End Function
Public Function WinDrive() As String
Dim strDrive As String
strDrive = Space(500)
A = GetWindowsDirectory(strDrive, Len(strDrive))
strDrive = Left(strDrive, 3)
WinDrive = strDrive
End Function
Public Sub KillAutoRun()
Dim strDrive As String, strDrives As String
On Error Resume Next
strDrives = String(255, Chr$(0))
Ret& = GetLogicalDriveStrings(255, strDrives)
For I = 1 To 100
If Left$(strDrives, InStr(1, strDrives, Chr$(0))) = Chr$(0) Then Exit For
strDrive = Left$(strDrives, InStr(1, strDrives, Chr$(0)) - 1)
DoEvents
A = Dir(strDrive & "Autorun.inf", vbNormal + vbSystem + vbHidden)
If A = "Autorun.inf" Then SetAttr strDrive & "Autorun.inf", vbNormal
A = Dir(strDrive & "Autorun.exe", vbNormal + vbSystem + vbHidden)
If A = "Autorun.exe" Then SetAttr strDrive & "Autorun.exe", vbNormal
strDrives = Right$(strDrives, Len(strDrives) - InStr(1, strDrives, Chr$(0)))
Next
frmMain.lblReport.Caption = "Deleting All Autorun Files..."
Start = Timer
Do While Timer < Start + 2
DoEvents
Loop
strDrives = String(255, Chr$(0))
Ret& = GetLogicalDriveStrings(255, strDrives)
For I = 1 To 100
If Left$(strDrives, InStr(1, strDrives, Chr$(0))) = Chr$(0) Then Exit For
strDrive = Left$(strDrives, InStr(1, strDrives, Chr$(0)) - 1)
DoEvents
Kill strDrive & "Autorun.inf"
Kill strDrive & "Autorun.exe"
DoEvents
frmMain.lblReport.Caption = "Deleting : " & strDrive & "Autorun.inf"
Start = Timer
Do While Timer < Start + 0.5
DoEvents
Loop
strDrives = Right$(strDrives, Len(strDrives) - InStr(1, strDrives, Chr$(0)))
Next
End Sub
Public Sub Repair()
Call EnableShutdown
Call EnableTaskManager
Call EnableDisplayProperties
Call EnableSearch
Call EnableRegEdit
Call EnableMyComputerProperties
Call EnableRun
Call EnableAllPrograms
Call ShowDrive_C
Call EnableControlPanel
Call EnableFolderOption
Call ShowHiddenFiles
Call ShowSuperHiddenFiles
Call EnableAddRemove
Call SwapMouseButton(0)
End Sub
Private Sub EnableShutdown()
Call SaveString(HKEY_LOCAL_MACHINE, "SoftwareMicrosoftWindowsCurrentVersionpoliciesExplorer", "NoClose", 0, REG_DWORD, 4)
End Sub
Private Sub EnableTaskManager()
Call SaveString(HKEY_CURRENT_USER, "SOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem", "DisableTaskMgr", 0, REG_DWORD, 4)
End Sub
Private Sub EnableDisplayProperties()
Call SaveString(HKEY_CURRENT_USER, "SOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem", "NoDispCPL", 0, REG_DWORD, 4)
End Sub
Private Sub EnableSearch()
Call SaveString(HKEY_LOCAL_MACHINE, "SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer", "NoFind", 0, REG_DWORD, 4)
End Sub
Private Sub EnableRegEdit()
Call SaveString(HKEY_CURRENT_USER, "SOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem", "DisableRegistryTools", 0, REG_DWORD, 4)
End Sub
Private Sub EnableMyComputerProperties()
Call SaveString(HKEY_LOCAL_MACHINE, "SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer", "NoPropertiesMyComputer", 0, REG_DWORD, 4)
End Sub
Private Sub EnableRun()
Call SaveString(HKEY_LOCAL_MACHINE, "SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer", "NoRun", 0, REG_DWORD, 4)
End Sub
Private Sub EnableAllPrograms()
Call SaveString(HKEY_LOCAL_MACHINE, "SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer", "NoStartMenuMorePrograms", 0, REG_DWORD, 4)
End Sub
Private Sub ShowDrive_C()
Call SaveString(HKEY_LOCAL_MACHINE, "SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer", "NoDrives", 0, REG_DWORD, 4)
End Sub
Private Sub EnableControlPanel()
Call SaveString(HKEY_LOCAL_MACHINE, "SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer", "NoControlPanel", 0, REG_DWORD, 4)
End Sub
Private Sub EnableFolderOption()
Call SaveString(HKEY_LOCAL_MACHINE, "SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer", "NoFolderOptions", 0, REG_DWORD, 4)
End Sub
Private Sub ShowHiddenFiles()
Call SaveString(HKEY_LOCAL_MACHINE, "SOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenNOHIDDEN", "CheckedValue", 2, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "SOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL", "CheckedValue", 1, REG_DWORD, 4)
End Sub
Private Sub ShowSuperHiddenFiles()
Call SaveString(HKEY_LOCAL_MACHINE, "SOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderSuperHidden", "CheckedValue", 0, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "SOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderSuperHidden", "UncheckedValue", 1, REG_DWORD, 4)
End Sub
Private Sub EnableAddRemove()
Call SaveString(HKEY_LOCAL_MACHINE, "SoftwareMicrosoftWindowsCurrentVersionPoliciesUninstall", "NoAddRemovePrograms", 0, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "SoftwareMicrosoftWindowsCurrentVersionPoliciesUninstall", "NoAddFromCDorFloppy", 0, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "SoftwareMicrosoftWindowsCurrentVersionPoliciesUninstall", "NoAddFromInternet", 0, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "SoftwareMicrosoftWindowsCurrentVersionPoliciesUninstall", "NoAddFromNetwork", 0, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "SoftwareMicrosoftWindowsCurrentVersionPoliciesUninstall", "NoAddPage", 0, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "SoftwareMicrosoftWindowsCurrentVersionPoliciesUninstall", "NoRemovePage", 0, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "SoftwareMicrosoftWindowsCurrentVersionPoliciesUninstall", "NoServices", 0, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "SoftwareMicrosoftWindowsCurrentVersionPoliciesUninstall", "NoSetFolders", 0, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "SoftwareMicrosoftWindowsCurrentVersionPoliciesUninstall", "NoSupportInfo", 0, REG_DWORD, 4)
Call SaveString(HKEY_LOCAL_MACHINE, "SoftwareMicrosoftWindowsCurrentVersionPoliciesUninstall", "NoWindowsSetupPage", 0, REG_DWORD, 4)
End Sub
سپس دستورات را وارد کنید
برنامه ++T 
AVENT browser 
برنامهfreemake audio converter 
یه ویروس کوچولو
تبلت جدید Nvidia برای گیمرهای حرفهای