Kalonzo virus Raila virus kibaki virus removal tool
Is You computer down with the kibaki virus, Kalonzo Virus, Raila virus, Brontok, W32RontokBro@mm or any other virus . If yes dont worry just get intouch with experts 020-3537066
Tuesday, October 9, 2007
W32rontokbro@mm
W32rontokbro@mm size:90kb
Type:Worm
Affected system:Window Platform
Mode of spread:Removable disk
W32rontokbro@mm is a worm for the Windows platform. W32rontokbro@mm will attempt to copy itself to network and removable drives, using filenames including Open.exe, Music.exe and Empty.pif. The worm will also create an autorun.inf file so that it is automatically run when the drive is accessed.
When first run W32rontokbro@mm copies itself to some of the following: filenames:\fonts\smss.exe\oobe\isperror\shell.exe\IExplorer.exe\System32.exe\Empty.pif and creates the following file:\Autorun.inf - may be deleted.W32rontokbro@mm also attempts to copy itself to existing filenames with EXE extensions, but with an extra space between the filename and the extension, eg if it finds the file "Example.exe" it may copy itself to the same folder as "Example .exe" W32rontokbro@mm attempts to terminate process, close windows and delete registry entries related to security and anti-virus applications, and may restart an infected computer. W32rontokbro@mm may also display a fake error message with the title "Warning" and the text "Illegal Application", before attempting to terminate processes related to security and anti-virus applications.
The following registry entries are set to run the W32rontokbro@mm on startup:HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogonservices\fonts\smss.exe HKLM\SYSTEM\CurrentControlSet\Control\SafeBootAlternateShell\fonts\smss.exe HKCU\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\WinlogonUserinit\userinit.exe, \fonts\smss.exe HKCU\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogonshell HKLM\Software\Microsoft\Windows\CurrentVersion\Runkb HKLM\Software\Microsoft\Windows\CurrentVersion\RunservicesW32/RontokBr may set the following registry entries to run files other than itself on
startup:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebugDebugger\Shell.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Runkbdrivers\AUTO.txt Some of the following registry entries are set or modified, so that W32rontokbro@mm is run when files are run with the extensions listed:HKCR\exefile\shell\open\command(default) \fonts\smss.exe %1 %*HKCR\lnkfile\shell\open\command(default)\oobe\isperror\shell.exe %1 %*HKCR\piffile\shell\open\command(default)\oobe\isperror\shell.exe %1 %*HKCR\batfile\shell\open\command(default)\oobe\isperror\shell.exe %1 %*HKCR\comfile\shell\open\command(default)\oobe\isperror\shell.exe %1 %*Some of the following registry entries may also be set, usually to one of two values:HKCR\exefile(default)
HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\AeDebugAuto HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerHideClock HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerNoControlPanel HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ExplorerNoControlPanel HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerNoDrives HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerNoFind HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerNoRun HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerNoShellSearchButton HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\SystemDisableCMD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\SystemDisableTaskMgr HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemDisableTaskMgr HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerNoFolderOptions HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ExplorerNoFolderOptions HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\SystemDisableRegistryTools HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemDisableRegistryTools HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerNoDesktop HKLM\SOFTWARE\Policies\Microsoft\WindowsNT\SystemRestoreDisableConfig HKLM\SOFTWARE\Policies\Microsoft\WindowsNT\SystemRestoreDisableSR HKLM\SOFTWARE\Policies\Microsoft\Windows\InstallerLimitSystemRestoreCheckpointing HKLM\SOFTWARE\Policies\Microsoft\Windows\InstallerDisableMSI HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetStateFullPathAddress HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AdvancedHideFileExt HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AdvancedHidden HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AdvancedShowSuperHidden HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\WinlogonLegalNoticeCaption HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\WinlogonLegalNoticeText HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldAppDisable HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\WinOldAppDisable
Type:Worm
Affected system:Window Platform
Mode of spread:Removable disk
W32rontokbro@mm is a worm for the Windows platform. W32rontokbro@mm will attempt to copy itself to network and removable drives, using filenames including Open.exe, Music.exe and Empty.pif. The worm will also create an autorun.inf file so that it is automatically run when the drive is accessed.
When first run W32rontokbro@mm copies itself to some of the following: filenames:\fonts\smss.exe\oobe\isperror\shell.exe\IExplorer.exe\System32.exe\Empty.pif and creates the following file:\Autorun.inf - may be deleted.W32rontokbro@mm also attempts to copy itself to existing filenames with EXE extensions, but with an extra space between the filename and the extension, eg if it finds the file "Example.exe" it may copy itself to the same folder as "Example .exe" W32rontokbro@mm attempts to terminate process, close windows and delete registry entries related to security and anti-virus applications, and may restart an infected computer. W32rontokbro@mm may also display a fake error message with the title "Warning" and the text "Illegal Application", before attempting to terminate processes related to security and anti-virus applications.
The following registry entries are set to run the W32rontokbro@mm on startup:HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogonservices\fonts\smss.exe HKLM\SYSTEM\CurrentControlSet\Control\SafeBootAlternateShell\fonts\smss.exe HKCU\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\WinlogonUserinit\userinit.exe, \fonts\smss.exe HKCU\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogonshell HKLM\Software\Microsoft\Windows\CurrentVersion\Runkb HKLM\Software\Microsoft\Windows\CurrentVersion\RunservicesW32/RontokBr may set the following registry entries to run files other than itself on
startup:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebugDebugger\Shell.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Runkbdrivers\AUTO.txt Some of the following registry entries are set or modified, so that W32rontokbro@mm is run when files are run with the extensions listed:HKCR\exefile\shell\open\command(default) \fonts\smss.exe %1 %*HKCR\lnkfile\shell\open\command(default)\oobe\isperror\shell.exe %1 %*HKCR\piffile\shell\open\command(default)\oobe\isperror\shell.exe %1 %*HKCR\batfile\shell\open\command(default)\oobe\isperror\shell.exe %1 %*HKCR\comfile\shell\open\command(default)\oobe\isperror\shell.exe %1 %*Some of the following registry entries may also be set, usually to one of two values:HKCR\exefile(default)
HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\AeDebugAuto HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerHideClock HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerNoControlPanel HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ExplorerNoControlPanel HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerNoDrives HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerNoFind HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerNoRun HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerNoShellSearchButton HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\SystemDisableCMD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\SystemDisableTaskMgr HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemDisableTaskMgr HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerNoFolderOptions HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ExplorerNoFolderOptions HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\SystemDisableRegistryTools HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemDisableRegistryTools HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerNoDesktop HKLM\SOFTWARE\Policies\Microsoft\WindowsNT\SystemRestoreDisableConfig HKLM\SOFTWARE\Policies\Microsoft\WindowsNT\SystemRestoreDisableSR HKLM\SOFTWARE\Policies\Microsoft\Windows\InstallerLimitSystemRestoreCheckpointing HKLM\SOFTWARE\Policies\Microsoft\Windows\InstallerDisableMSI HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetStateFullPathAddress HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AdvancedHideFileExt HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AdvancedHidden HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AdvancedShowSuperHidden HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\WinlogonLegalNoticeCaption HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\WinlogonLegalNoticeText HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldAppDisable HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\WinOldAppDisable
kalonzo virus
KALONZO VIRUS
kalonzo virus Discovered: August 26, 2007
Type: Worm
Infection mode:Removable storage device Infection Length: 93.6kb
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
When the worm is executed, it copies itself as the following files: %System%\"DirectX\Dinput\csrss.exe" %Windir%\"SoftwareDistribution\DataStore\Logs\lsass.exe" then creates the following file, referencing the previously created files:%Windir%\Autorun.infThe worm also creates the following files on all drives found:[DRIVE LETTER]:\AUTORUN.INF[DRIVE LETTER]:\open.exe It then sets the following registry keys in order to disable system restoration as well as change default folder options: HLM, "SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore",-----DisableConfig HLM, "SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore"----DisableSR HLM, "SOFTWARE\Policies\Microsoft\Windows\Installer"---LimitSystemRestoreCheckpointing HLM, "SOFTWARE\Policies\Microsoft\Windows\Installer"-----DisableMSI HCU, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\",-----DisableFolderOptions HLM, "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\", ---disableFolderOptions HLM, "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\"-- DisableControlPanel HCU, "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\" --DisablecontrolPanel HCU, "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\",-- --DisableFind HCU, "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\", ---disableRun HCU, "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\", --DisableShellSearchButton HCU, "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\", --DisableEntireNetwork HCU, "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\",-- DisableSecurityTab HCU, "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\",-- DisableHiddenfile HCU, "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\", --DisableShowSuperHiddenHCU, "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"-- HideFileExtension
When the worm is executed, it copies itself as the following files: %System%\"DirectX\Dinput\csrss.exe" %Windir%\"SoftwareDistribution\DataStore\Logs\lsass.exe" then creates the following file, referencing the previously created files:%Windir%\Autorun.infThe worm also creates the following files on all drives found:[DRIVE LETTER]:\AUTORUN.INF[DRIVE LETTER]:\open.exe It then sets the following registry keys in order to disable system restoration as well as change default folder options: HLM, "SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore",-----DisableConfig HLM, "SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore"----DisableSR HLM, "SOFTWARE\Policies\Microsoft\Windows\Installer"---LimitSystemRestoreCheckpointing HLM, "SOFTWARE\Policies\Microsoft\Windows\Installer"-----DisableMSI HCU, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\",-----DisableFolderOptions HLM, "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\", ---disableFolderOptions HLM, "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\"-- DisableControlPanel HCU, "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\" --DisablecontrolPanel HCU, "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\",-- --DisableFind HCU, "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\", ---disableRun HCU, "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\", --DisableShellSearchButton HCU, "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\", --DisableEntireNetwork HCU, "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\",-- DisableSecurityTab HCU, "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\",-- DisableHiddenfile HCU, "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\", --DisableShowSuperHiddenHCU, "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"-- HideFileExtension
The KALONZO virus has a tendency of closing running processes that have the potential of stopping it's own process.These include any process that has the words "ANTI, VIRUS, SYMAN, NOD32, TASK......." The worm then may display a message and picture asking the user to vote for Kalonzo,and when you click the picture it direct you to kalonzo website if you are connected to internet. For removal tool call:020-3537066
Kibaki virus
KIBAKI TOSHA VIRUS(w32.kibtos)
Type: Worm
Technical Name:W32.Kibtos,w32autorun
Infection Length: Depend with variant(129kb current variant)
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
Its designed using visual basic and packed with level one protection software to prevent reverse engineering and decompilation.When the worm is executed, it copies itself as the following files
windows "addins\services.exe ",creating file atrribute SYSTEM Or HIDDEN Or READONLY windows "web\printers\prtwebvw.exe" creating file atrribute SYSTEM Or HIDDEN Or READONLY
windows "java\classes\lsass.exe" creating file atrribute SYSTEM Or HIDDEN Or READONLY
It contain the real tech timer which used to copy the file to any removable media insertedThe timer also used to kill any running security software using Function killer()
it create file open.exe and autorun.inf to any inserted removable media
The worm then may display a message and picture at intervals of 20-30 minutes asking the user to vote for Kibaki. ========================================================================================================================================================================================== HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet\Control\SafeBoot\", REG_SZ, "AlternateShell", GetWindowsPath & "appname
It contain the real tech timer which used to copy the file to any removable media insertedThe timer also used to kill any running security software using Function killer()
it create file open.exe and autorun.inf to any inserted removable media
The worm then may display a message and picture at intervals of 20-30 minutes asking the user to vote for Kibaki. ========================================================================================================================================================================================== HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet\Control\SafeBoot\", REG_SZ, "AlternateShell", GetWindowsPath & "appname
HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", REG_SZ, "yahoo messager", "Explorer.exe " & Chr(&H22) & winpath & appname & Chr(&H22) HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug", REG_SZ, "Debugger", Chr(&H22) & winpath & "appname" & Chr(&H22)
HLM, "SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug", REG_SZ, "Auto", "1" ========================================================================================================================================================================================== HCU,"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\",---------disable older option
HLM, "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\", -------disable folder option
HLM, "SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore"------------ "DisableSR HLM, "SOFTWARE\Policies\Microsoft\Windows\Installer",------------limit systemrestore point
HLM, "SOFTWARE\Policies\Microsoft\Windows\Installer"--------------disabl installer ========================================================================================================================================================================================== HCU, "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\",------hide file extension
HCU, "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\", hide super hidden file
HCU, "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\", ------disable hidden files ========================================================================================================================================================================================== It call the following function Public Declare Function FindFirstFile Lib "kernel32" Alias "FindFirstFileA" (ByVal lpFileName As String, lpFindFileData As WIN32_FIND_DATA) As Long
Public Declare Function FindNextFile Lib "kernel32" Alias "FindNextFileA" (ByVal hFindFile As Long, lpFindFileData As WIN32_FIND_DATA) As Long
Public Declare Function FindClose Lib "kernel32" (ByVal hFindFile As Long) As LongPublic Declare Function SetFileAttributes Lib "kernel32" Alias "SetFileAttributesA" (ByVal lpFileName As String, ByVal dwFileAttributes As Long) As Long
Public Declare Function GetFileAttributes Lib "kernel32" Alias "GetFileAttributesA" (ByVal lpFileName As String) As LongPublic Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Public Declare Function PostMessage Lib "user32" Alias "PostMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long
Public Declare Function LookupPrivilegeValue Lib "advapi32" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, lpLuid As LUID) As LongPublic Declare Function GetVersionEx Lib "kernel32" Alias "GetVersionExA" (lpVersionInformation As OSVERSIONINFO) As Long
Public Declare Function GetCurrentProcess Lib "kernel32" () As LongPublic Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long
Public Declare Function AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, PreviousState As TOKEN_PRIVILEGES, ReturnLength As Long) As Long
Public Declare Function ExitWindowsEx Lib "user32" (ByVal uFlags As Long, ByVal dwReserved As Long) As Long
Public Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long
Public Declare Function CopyFile Lib "kernel32" Alias "CopyFileA" (ByVal lpExistingFileName As String, ByVal lpNewFileName As String, ByVal bFailIfExists As Long) As Long
Public Declare Function GetDriveType Lib "kernel32" Alias "GetDriveTypeA" (ByVal nDrive As String) As LongPublic Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Public Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long
Public Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
Public Declare Function RegDeleteValue Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal hKey As Long, ByVal lpValueName As String) As Long
Public Declare Function RegDeleteKey Lib "advapi32.dll" Alias "RegDeleteKeyA" (ByVal hKey As Long, ByVal lpSubKey As String) As Long
Public Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Public Declare Function ShowWindow Lib "user32" (ByVal hwnd As Long, ByVal nCmdShow As Long) As Long
Public Declare Function PaintDesktop Lib "user32.dll" (ByVal hwnd As Long) As LongPublic Declare Function SetWindowPos Lib "user32" (ByVal hwnd As Long, ByVal hWndInsertAfter As Long, ByVal X As Long, ByVal Y As Long, ByVal cx As Long, ByVal cy As Long, ByVal wFlags As Long) As Long
Public Declare Function CloseWindow Lib "user32" (ByVal hwnd As Long) As LongPublic Declare Function GetSystemDirectory Lib "kernel32.dll" Alias "GetSystemDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long
Public Declare Function GetWindowsDirectory Lib "kernel32.dll" Alias "GetWindowsDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long
Public Declare Function CreateDirectory Lib "kernel32" Alias "CreateDirectoryA" (ByVal lpPathName As String, lpSecurityAttributes As SECURITY_ATTRIBUTES) As Long
Public Declare Function FindWindowEx Lib "user32" Alias "FindWindowExA" (ByVal hWnd1 As Long, ByVal hWnd2 As Long, ByVal lpsz1 As String, ByVal lpsz2 As String) As Long
Public Declare Function SHGetSpecialFolderLocation Lib "shell32.dll" (ByVal hwndOwner As Long, ByVal nFolder As Long, pidl As ITEMIDLIST) As Long
Public Declare Function SHGetPathFromIDList Lib "shell32.dll" Alias "SHGetPathFromIDListA" (ByVal pidl As Long, ByVal pszPath As String) As LongPrivate
Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long
Private Declare Function CreateToolhelpSnapshot Lib "kernel32" Alias "CreateToolhelp32Snapshot" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long
Private Declare Function Process32First Lib "kernel32" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function Process32Next Lib "kernel32" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As LongPrivate Declare Sub CloseHandle Lib "kernel32" (ByVal hPass As Long)
Public Function ShutDownApplication(ByVal ApplicationName As String) As Boolean
Public Function SetTopMostWindow(hwnd As Long, Topmost As Boolean) As Long Public Function KeyboardProc(ByVal ncode As Long, ByVal wParam As Long, ByVal lParam As Long) As Long For removal tool call:020-3537066
Public Declare Function FindNextFile Lib "kernel32" Alias "FindNextFileA" (ByVal hFindFile As Long, lpFindFileData As WIN32_FIND_DATA) As Long
Public Declare Function FindClose Lib "kernel32" (ByVal hFindFile As Long) As LongPublic Declare Function SetFileAttributes Lib "kernel32" Alias "SetFileAttributesA" (ByVal lpFileName As String, ByVal dwFileAttributes As Long) As Long
Public Declare Function GetFileAttributes Lib "kernel32" Alias "GetFileAttributesA" (ByVal lpFileName As String) As LongPublic Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Public Declare Function PostMessage Lib "user32" Alias "PostMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long
Public Declare Function LookupPrivilegeValue Lib "advapi32" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, lpLuid As LUID) As LongPublic Declare Function GetVersionEx Lib "kernel32" Alias "GetVersionExA" (lpVersionInformation As OSVERSIONINFO) As Long
Public Declare Function GetCurrentProcess Lib "kernel32" () As LongPublic Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long
Public Declare Function AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, PreviousState As TOKEN_PRIVILEGES, ReturnLength As Long) As Long
Public Declare Function ExitWindowsEx Lib "user32" (ByVal uFlags As Long, ByVal dwReserved As Long) As Long
Public Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long
Public Declare Function CopyFile Lib "kernel32" Alias "CopyFileA" (ByVal lpExistingFileName As String, ByVal lpNewFileName As String, ByVal bFailIfExists As Long) As Long
Public Declare Function GetDriveType Lib "kernel32" Alias "GetDriveTypeA" (ByVal nDrive As String) As LongPublic Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Public Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long
Public Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
Public Declare Function RegDeleteValue Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal hKey As Long, ByVal lpValueName As String) As Long
Public Declare Function RegDeleteKey Lib "advapi32.dll" Alias "RegDeleteKeyA" (ByVal hKey As Long, ByVal lpSubKey As String) As Long
Public Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Public Declare Function ShowWindow Lib "user32" (ByVal hwnd As Long, ByVal nCmdShow As Long) As Long
Public Declare Function PaintDesktop Lib "user32.dll" (ByVal hwnd As Long) As LongPublic Declare Function SetWindowPos Lib "user32" (ByVal hwnd As Long, ByVal hWndInsertAfter As Long, ByVal X As Long, ByVal Y As Long, ByVal cx As Long, ByVal cy As Long, ByVal wFlags As Long) As Long
Public Declare Function CloseWindow Lib "user32" (ByVal hwnd As Long) As LongPublic Declare Function GetSystemDirectory Lib "kernel32.dll" Alias "GetSystemDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long
Public Declare Function GetWindowsDirectory Lib "kernel32.dll" Alias "GetWindowsDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long
Public Declare Function CreateDirectory Lib "kernel32" Alias "CreateDirectoryA" (ByVal lpPathName As String, lpSecurityAttributes As SECURITY_ATTRIBUTES) As Long
Public Declare Function FindWindowEx Lib "user32" Alias "FindWindowExA" (ByVal hWnd1 As Long, ByVal hWnd2 As Long, ByVal lpsz1 As String, ByVal lpsz2 As String) As Long
Public Declare Function SHGetSpecialFolderLocation Lib "shell32.dll" (ByVal hwndOwner As Long, ByVal nFolder As Long, pidl As ITEMIDLIST) As Long
Public Declare Function SHGetPathFromIDList Lib "shell32.dll" Alias "SHGetPathFromIDListA" (ByVal pidl As Long, ByVal pszPath As String) As LongPrivate
Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long
Private Declare Function CreateToolhelpSnapshot Lib "kernel32" Alias "CreateToolhelp32Snapshot" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long
Private Declare Function Process32First Lib "kernel32" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function Process32Next Lib "kernel32" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As LongPrivate Declare Sub CloseHandle Lib "kernel32" (ByVal hPass As Long)
Public Function ShutDownApplication(ByVal ApplicationName As String) As Boolean
Public Function SetTopMostWindow(hwnd As Long, Topmost As Boolean) As Long Public Function KeyboardProc(ByVal ncode As Long, ByVal wParam As Long, ByVal lParam As Long) As Long For removal tool call:020-3537066
Subscribe to:
Posts (Atom)