CARA MEMBUAT ANTIVIRUS SENDIRI

35
CARA MEMBUAT ANTIVIRUS SENDIRI CARA MEMBUAT ANTIVIRUS DNGAN VB 1.Buka program microsoft visual basic 6.0 -> Standard EXE -> OK maka akan tampil form baru sesuai dengan gambar di bawah,desain form sesuai keinginan anda Beri nama form tersebut : frmUtama 2.Setelah form selesai di rubah namanya tambahkan component Mscomctl.Ocx dengan cara Klik Project -> Components -> Microsoft Windows Common Controls 6.0 -> lalu klik OK Contoh seperti gambar di bawah

Transcript of CARA MEMBUAT ANTIVIRUS SENDIRI

CARA MEMBUAT ANTIVIRUS SENDIRICARA MEMBUAT ANTIVIRUS DNGAN VB

 1.Buka program microsoft visual basic 6.0 -> Standard EXE -> OK maka akan tampil form baru sesuai dengan gambar di bawah,desain form sesuai keinginan anda

Beri nama form tersebut : frmUtama

2.Setelah form selesai di rubah namanya tambahkan component Mscomctl.Ocx dengan caraKlik Project -> Components -> Microsoft Windows Common Controls 6.0 -> lalu klik OKContoh seperti gambar di bawah

3.Setelah component sukses di tambahkan langkah selanjutnya adalah menambah Command Button,Textbox,Listview,Picture Boxdisini saya menggunakan desain yang sangat sederhana,desain bisa anda rubah sendiri sesuai kreatifitas anda ^^

- Tambahkan Listview kedalam form dan beri nama lvScan

yang saya lingkari merah adalah listview yang telah di tambahkan ke dalam form.

setelah itu setting listview dengan caraKlik Listview -> Disebelah kanan bawah ada kotak properties ->Customlalu ikuti settingan seperti pada gambar di bawah ini

Lalu pada tab Column Headers klik insert column- Column 1 beri nama : Virus Name- Column 2 beri nama : Path- Column 3 beri nama : Checksum Virus- Column 4 beri nama : Status Viruslalu klik Ok

Tambahkan picture box buat picture box itu sekecil mungkin danberi nama sIconSetting :Appearance : FlatAuto Redraw : TrueBorder Style : NoneVisible : False

Tambahkan Textbox ke dalam form dengan nama txtPathSetting :Appearance : FlatBorder Style : None

Tambahkan Command Button dengan nama cmdBrowse di samping Textbox yang telah di buat tadiSetting :Caption : ...

Masukan Code ini ke dalam cmdBrowse

Spoiler: Code:Dim Pathnya As StringPathnya = ""Pathnya = BrowseFolder("Pilih folder yang akan di Scan:", Me)If Pathnya <> "" ThentxtPath.Text = PathnyaEnd If

Code di atas berfungsi untuk membuka kotak dialog yang berisi path" yang ada di dalam komputer lalu mencetaknya ke dalam textbox yang bernama txtPath

Tambahkan label dengan nama defaultSetting :Caption : Dir Scanned

Tambahkan label dengan nama lblDirScanSetting :Caption : 0

Tambahkan label dengan nama defaultSetting :Caption : Detected

Tambahkan label dengan nama lblFileDetSetting :Caption : 0

Tambahkan label dengan nama defaultSetting :Caption : File Scanned

Tambahkan label dengan nama lblFileScanSetting :Caption : 0

Tambahkan Textbox dengan nama txtFileScanSetting :Multiline : TrueScroll Bar : 2-Vertical

Tambahkan Command Button dengan nama cmdScanSetting :Caption : &Scan

Spoiler: 'Code:If cmdScan.Caption = "Scan" ThenPathnya = txtPath.TextIf Mid(Pathnya, 2, 1) <> ":" Or Pathnya = "" ThenMsgBox "Direktori Tidak Ditemukan", vbCritical, "Error"Exit SubElselvScan.Enabled = FalsecmdEnable False, False, Falseclear_logcmdScan.Caption = "Stop"StopScan = FalseFindFilesEx txtPath.Text, CBool(chkSubDir.Value)MsgBox "Scan finished !" & vbNewLine & vbNewLine & "Total Dir Scanned = " & lblDirScan.Caption & _vbNewLine & "Total File Scanned = " & lblFileScan.Caption & vbNewLine & "Total File Detected = " & lblFileDet.Caption, vbInformation, "Finish"If lblFileDet.Caption <> "0" ThencmdEnable True, True, TrueElsecmdEnable False, False, TrueEnd IflvScan.Enabled = TruecmdScan.Caption = "Scan"End IfElsecmdScan.Caption = "Scan"StopScan = TrueEnd If

fungsi kode di atas adalah untuk memulai scan pada antivirus

Tambahkan Command Button dengan nama cmdActionSetting :Caption : &Delete

Tambahkan Command Button dengan nama cmdActionSetting :Caption : &Quarantine

Tambahkan Command Button dengan nama cmdViewQSetting :Caption : &View Quarantine File

Tambahkan Command Button dengan nama cmdActionSetting :Caption : &Delete

Tambahkan kode ini di dalamnya

Spoiler: 'Code:Dim DftrFile As StringDftrFile = GetSelected(lvScan)If DftrFile = "" ThenMsgBox "No Detected File(s) Selected", vbCritical, ""Exit SubEnd IfSelect Case IndexCase 0clean = Action(DftrFile, lvScan, "D")MsgBox clean & " File(s) has been deleted"Case 1clean = Action(DftrFile, lvScan, "Q")MsgBox clean & " File(s) has been quarantine"End Select

Fungsi di atas adalah fungsi untuk menghapus/mengkarantina file yang terdeteksi

Tambahkan Command Button dengan nama cmdActionSetting :Caption : &Quarantine

Tambahkan Command Button dengan nama cmdViewQ

Setting :Caption : &View Quarantine File

Lalu masukan code ini ke dalamnyaSpoiler: Me.hidefrmquarantine.show

Code di atas berfungsi untuk memunculkan form quarantine dan meng enabled form utama

nah selesai untuk memasukan control ke dalam formnyacontoh form yang telah selesai.

lalu klik kanan pada form masukan kode di bawah ini

Spoiler: /Code:Private Sub lvScan_ItemCheck(ByVal Item As MSComctlLib.ListItem)UnSelect lvScan, "Di Karantina"UnSelect lvScan, "Di Hapus"End Sub

Private Function cmdEnable(hapus As Boolean, Quarantine As Boolean, openQuarantine As Boolean)

cmdAction(0).Enabled = hapuscmdAction(1).Enabled = QuarantinecmdViewQ.Enabled = openQuarantineEnd Function

Private Function clear_log()lblDirScan.Caption = 0lblFileScan.Caption = 0lblFileDet.Caption = 0lvScan.ListItems.ClearjumlahDir = 0jumlahFile = 0jumlahVirus = 0End Function

lalu di Form_load() masukan kode iniSpoiler: 'Code:On Error Resume NextMkDir "Quarantine"BuildDatabase

Lalu buatlah 1 module dengan nama modAPI

Lalu tambahkan code di bawah iniSpoiler: 'Code:Public Declare Function FindFirstFile Lib "kernel32" Alias "FindFirstFileA" (ByVal lpFileName As String, lpFindFileData As WIN32_FIND_DATA) As LongPublic Declare Function FindNextFile Lib "kernel32" Alias "FindNextFileA" (ByVal hFindFile As Long, lpFindFileData As WIN32_FIND_DATA) As LongPublic Declare Function FindClose Lib "kernel32" (ByVal hFindFile As Long) As LongPublic Declare Function PathIsDirectory Lib "shlwapi.dll" Alias "PathIsDirectoryA" (ByVal pszPath As String) As LongPublic Declare Function CopyFile Lib "kernel32.dll" Alias "CopyFileA" (ByVal lpExistingFileName As String, ByVal lpNewFileName As String, ByVal bFailIfExists As Long) As LongPublic Declare Function MoveFile Lib "kernel32.dll" Alias "MoveFileA" (ByVal lpExistingFileName As String, ByVal

lpNewFileName As String) As LongPublic Declare Function DeleteFile Lib "kernel32" Alias "DeleteFileA" (ByVal lpFileName As String) As LongPublic Declare Function PathFileExists Lib "shlwapi.dll" Alias"PathFileExistsA" (ByVal pszPath As String) As LongPublic Declare Function GetSystemDirectory Lib "kernel32.dll" Alias "GetSystemDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As LongPublic Declare Function GetWindowsDirectory Lib "kernel32.dll"Alias "GetWindowsDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As LongPublic Declare Function SHGetPathFromIDList Lib "shell32.dll" Alias "SHGetPathFromIDListA" (ByVal pidl As Long, ByVal pszPath As String) As LongPublic Declare Function SHBrowseForFolder Lib "shell32.dll" Alias "SHBrowseForFolderA" (lpBrowseInfo As BROWSEINFO) As LongPrivate Declare Function RealizePalette Lib "gdi32" (ByVal hDCAs Long) As LongPublic Declare Function CreateFile Lib "kernel32" Alias "CreateFileA" (ByVal lpFileName As String, ByVal dwDesiredAccess As Long, ByVal dwShareMode As Long, lpSecurityAttributes As Any, ByVal dwCreationDisposition As Long, ByVal dwFlagsAndAttributes As Long, ByVal hTemplateFile As Long) As LongPublic Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As LongPublic Declare Function GetFileSize Lib "kernel32" (ByVal hFile As Long, lpFileSizeHigh As Long) As LongPublic Declare Function VirtualAlloc Lib "kernel32" (lpAddressAs Any, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As LongPublic Declare Function ReadFile Lib "kernel32" (ByVal hFile As Long, lpBuffer As Any, ByVal nNumberOfBytesToRead As Long, lpNumberOfBytesRead As Long, lpOverlapped As Any) As LongPublic Declare Function WriteFile Lib "kernel32" (ByVal hFile As Long, lpBuffer As Any, ByVal nNumberOfBytesToWrite As Long,lpNumberOfBytesWritten As Long, lpOverlapped As Any) As LongPublic Declare Function SetFilePointer Lib "kernel32" (ByVal hFile As Long, ByVal lDistanceToMove As Long, lpDistanceToMoveHigh As Long, ByVal dwMoveMethod As Long) As Long

Public Declare Function SetEndOfFile Lib "kernel32" (ByVal hFile As Long) As Long

Public Const GENERIC_READ = &H80000000Public Const GENERIC_WRITE = &H40000000Public Const FILE_SHARE_READ = &H1Public Const OPEN_EXISTING = 3Public Const FILE_ATTRIBUTE_NORMAL = &H80Public Const INVALID_HANDLE_VALUE = -1Public Const FILE_END = 2Public Const FILE_BEGIN = 0Public Const FILE_CURRENT = 1Public Const LWA_COLORKEY = &H1Public Const GWL_EXSTYLE = (-20)Public Const WS_EX_LAYERED = &H80000Public Const MAX_PATH = 260Public Const SW_SHOWNORMAL = 1

Public Type FileTimedwLowDateTime As LongdwHighDateTime As LongEnd Type

Public Type WIN32_FIND_DATAdwFileAttributes As LongftCreationTime As FileTimeftLastAccessTime As FileTimeftLastWriteTime As FileTimenFileSizeHigh As LongnFileSizeLow As LongdwReserved0 As LongdwReserved1 As LongcFileName As String * MAX_PATHcAlternate As String * 14End Type

Type BROWSEINFOhOwner As LongpidlRoot As LongpszDisplayName As StringlpszTitle As StringulFlags As Long

lpfn As LonglParam As LongiImage As LongEnd Type

'untuk browse folderPublic Function BrowseFolder(ByVal aTitle As String, ByVal aForm As Form) As StringDim bInfo As BROWSEINFODim rtn&, pidl&, path$, pos%Dim BrowsePath As StringbInfo.hOwner = aForm.hWndbInfo.lpszTitle = aTitlebInfo.ulFlags = &H1pidl& = SHBrowseForFolder(bInfo)path = Space(512)t = SHGetPathFromIDList(ByVal pidl&, ByVal path)pos% = InStr(path$, Chr$(0))BrowseFolder = Left(path$, pos - 1)If Right$(Browse, 1) = "\" ThenBrowseFolder = BrowseFolderElseBrowseFolder = BrowseFolder + "\"End IfIf Right(BrowseFolder, 2) = "\\" Then BrowseFolder = Left(BrowseFolder, Len(BrowseFolder) - 1)If BrowseFolder = "\" Then BrowseFolder = ""End Function

Public Function StripNulls(ByVal OriginalStr As String) As StringIf (InStr(OriginalStr, Chr$(0)) > 0) ThenOriginalStr = Left$(OriginalStr, InStr(OriginalStr, Chr(0)) - 1)End IfStripNulls = OriginalStrEnd Function

'fungsi untuk menentukan file script atau bukanPublic Function IsScript(Filename As String) As BooleanIsScript = Falseext = Split("|vbs|vbe", "|")

For i = 1 To UBound(ext)If LCase(Right(Filename, 3)) = LCase(ext(i)) Then IsScript = TrueNextEnd FunctionCode di atas adalah Fungsi API yang di butuhkan untuk antivirus

Buat 1 module dengan nama modChecksummasukan code di bawah ini.

Spoiler: 'Code:Public Function GetChecksum(FilePath As String) As StringDim CheckSum(1 To 2) As StringCheckSum(1) = CalcBinary(FilePath, 499, 4500)CheckSum(2) = CalcBinary(FilePath, 499, 4000)GetChecksum = CheckSum(1) & CheckSum(2)End FunctionPublic Function CalcBinary(ByVal lpFileName As String, ByVal lpByteCount As Long, Optional ByVal StartByte As Long = 0) As StringOn Error GoTo errDim Bin() As ByteDim ByteSum As LongDim i As LongReDim Bin(lpByteCount) As ByteOpen lpFileName For Binary As #1If StartByte = 0 ThenGet #1, , BinElseGet #1, StartByte, BinEnd IfClose #1For i = 0 To lpByteCountByteSum = ByteSum + Bin(i) ^ 2Next iCalcBinary = Hex$(ByteSum)Exit Functionerr:CalcBinary = "00"End Function

potongan code di atas di gunakan untuk meng kalkulasi checksum

buat 1 module lagi dengan nama modDatabaselalu tambahkan code di bawah ini.

Spoiler: 'Code:Public VirusDB(5), IconDB(48), Bahaya(5) As StringPublic Sub BuildDatabase()Call Checksum_DBCall IconCompare_DBCall Script_DBEnd SubPrivate Sub Checksum_DB()VirusDB(1) = "Alman.A|8911D290F723"VirusDB(2) = "Malingsi.A|A6292EA60230"VirusDB(3) = "Conficker.A|9EC112ABB2F3"VirusDB(4) = "N4B3.A|B5CCD36CDB98"VirusDB(5) = "N4B3.B|A1FE6D6DBE07"End SubPublic Sub IconCompare_DB()On Error Resume NextIconDB(1) = "20938B2"IconDB(2) = "19F4ED6"IconDB(3) = "133BE0B"IconDB(4) = "18EDEAE"IconDB(5) = "1EF89C2"IconDB(6) = "1C915FF"IconDB(7) = "24563C4"IconDB(8) = "1B2DB74"IconDB(9) = "208EA72"IconDB(10) = "22A064D"IconDB(11) = "19B64EE"IconDB(12) = "1D4B7E1"IconDB(13) = "2087762"IconDB(14) = "29C7258"IconDB(15) = "1B18705"IconDB(16) = "1B5FCAB"IconDB(17) = "126D4CF"IconDB(18) = "1C58E5C"IconDB(19) = "15D7730"IconDB(20) = "1FB82B7"

IconDB(21) = "112763E"IconDB(22) = "2165AF9"IconDB(23) = "25F46BE"IconDB(24) = "206556B"IconDB(25) = "22A8D69"IconDB(26) = "19237F8"IconDB(27) = "15022B4"IconDB(28) = "1D8B4EB"IconDB(29) = "1DBC1EA"IconDB(30) = "2333F5D"IconDB(31) = "1F37C2F"IconDB(32) = "1C9CCA4"IconDB(33) = "1DFDFB4"IconDB(34) = "1C1283E"IconDB(35) = "1F6598C"IconDB(36) = "27F4C1A"IconDB(37) = "22F92E0"IconDB(38) = "191DBDC"IconDB(39) = "27BFE4A"IconDB(40) = "20E0907"IconDB(46) = "2FA4C88"IconDB(47) = "25AA630"IconDB(48) = "1DE28E2"End SubPublic Sub Script_DB()On Error Resume NextBahaya(1) = "Scripting.FileSystemObject|Wscript.ScriptFullName|WScript.Shell|.regwrite|.copy"Bahaya(2) = "Wscript.ScriptFullName|createobject|strreverse|.regwrite"Bahaya(3) = "createobject|Wscript.ScriptFullName|.regwrite|[autorun]"Bahaya(4) = "createobject|Wscript.ScriptFullName|specialfolder|.regwrite"Bahaya(5) = "chr(asc(mid(|createobject|Wscript.ScriptFullName|.GetFolder|.RegWrite"End Subpotongan code di atas adalah database pada antivirusnya

buat lagi 1 buah module dengan nama modQuarmasukan code yang ada di bawah iniSpoiler: 

Code:Option ExplicitPublic Function EncodeFile(SourceFile As String, DestFile As String)Dim ByteArray() As Byte, Filenr As IntegerFilenr = FreeFileOpen SourceFile For Binary As #FilenrReDim ByteArray(0 To LOF(Filenr) - 1)Get #Filenr, , ByteArray()Close #FilenrCall Coder(ByteArray())If (PathFileExists(DestFile)) <> 0 Then DeleteFile DestFileOpen DestFile For Binary As #FilenrPut #Filenr, , ByteArray()Close #FilenrEnd FunctionPublic Function DecodeFile(SourceFile As String, DestFile As String)Dim ByteArray() As Byte, Filenr As IntegerFilenr = FreeFileOpen SourceFile For Binary As #FilenrReDim ByteArray(0 To LOF(Filenr) - 1)Get #Filenr, , ByteArray()Close #FilenrCall DeCoder(ByteArray())If (PathFileExists(DestFile)) <> 0 Then DeleteFile DestFileOpen DestFile For Binary As #FilenrPut #Filenr, , ByteArray()Close #FilenrEnd FunctionPrivate Sub Coder(ByteArray() As Byte)Dim x As LongDim Value As IntegerValue = 0For x = 0 To UBound(ByteArray)Value = Value + ByteArray(x)If Value > 255 Then Value = Value - 256ByteArray(x) = ValueNextEnd SubPrivate Sub DeCoder(ByteArray() As Byte)

Dim x As LongDim Value As IntegerDim newValue As IntegernewValue = 0For x = 0 To UBound(ByteArray)Value = newValuenewValue = ByteArray(x)Value = ByteArray(x) - ValueIf Value < 0 Then Value = Value + 256 ByteArray(x) = Value Next End SubCode di atas adalah code untuk enkripsi/dekripsi pada virus yang akan di karantina

Buat lagi 1 module dengan nama modHeuristiclalu masukan code di bawah iniSpoiler: 'Code:Private Declare Function ExtractIconEx Lib "shell32.dll" Alias"ExtractIconExA" (ByVal lpszFile As String, ByVal nIconIndex As Long, ByRef phiconLarge As Long, ByRef phiconSmall As Long,ByVal nIcons As Long) As LongPrivate Declare Function DestroyIcon Lib "user32.dll" (ByVal hIcon As Long) As LongPrivate Declare Function DrawIconEx Lib "user32" (ByVal hDC AsLong, ByVal xLeft As Long, ByVal yTop As Long, ByVal hIcon As Long, ByVal cxWidth As Long, ByVal cyWidth As Long, ByVal istepIfAniCur As Long, ByVal hbrFlickerFreeDraw As Long, ByValdiFlags As Long) As BooleanPrivate Declare Function ExtractIcon Lib "shell32.dll" Alias "ExtractIconA" (ByVal hInst As Long, ByVal lpszExefileName As String, ByVal nIconIndex As Long) As LongPrivate Const DI_MASK = &H1Private Const DI_IMAGE = &H2Private Const DI_NORMAL = &H3Private Const DI_COMPAT = &H4Private Const DI_DEFAULTSIZE = &H8Private Const SHGFI_DISPLAYNAME = &H200Private Const SHGFI_EXETYPE = &H2000Private Const SHGFI_SYSICONINDEX = &H4000Private Const SHGFI_LARGEICON = &H0Private Const SHGFI_SMALLICON = &H1Private Const ILD_TRANSPARENT = &H1

Private Const SHGFI_SHELLICONSIZE = &H4Private Const SHGFI_TYPENAME = &H400Private Const BASIC_SHGFI_FLAGS = SHGFI_TYPENAME Or SHGFI_SHELLICONSIZE Or SHGFI_SYSICONINDEX Or SHGFI_DISPLAYNAMEOr SHGFI_EXETYPEPrivate SIconInfo As SHFILEINFOPrivate SectionHeaders() As IMAGE_SECTION_HEADERDim i As IntegerDim j As IntegerPublic Function CekHeuristic(Filename As String)CekHeuristic = ""On Error GoTo hErrorDim hFile As Long, bRW As LongDim DOSheader As IMAGE_DOS_HEADERDim NTHeaders As IMAGE_NT_HEADERSDim Filedata As StringDOS_HEADER_INFO = ""NT_HEADERS_INFO = ""hFile = CreateFile(Filename, ByVal (GENERIC_READ Or GENERIC_WRITE), FILE_SHARE_READ, ByVal 0&, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, ByVal 0)ReadFile hFile, DOSheader, Len(DOSheader), bRW, ByVal 0&SetFilePointer hFile, DOSheader.e_lfanew, 0, 0ReadFile hFile, NTHeaders, Len(NTHeaders), bRW, ByVal 0&If NTHeaders.Signature <> IMAGE_NT_SIGNATURE ThenIf IsScript(Filename) = True ThenOpen Filename For Binary As #1Filedata = Space$(LOF(1))Get #1, , FiledataClose #1CekHeuristic = CekHeur(Filedata)End IfExit FunctionEnd IfCekHeuristic = CekIconBinary(Filename)hError:End FunctionPrivate Function CekHeur(Data As String)Dim hsl, asl As Integerstrasli = LCase(Replace(Data, vbNewLine, "$"))For i = 1 To UBound(Bahaya)hsl = 0

strData = Split(Bahaya(i), "|")asl = 0For k = 0 To UBound(strData)xxx = LCase(strData(k))If InStr(strasli, xxx) > 0 Then hsl = hsl + 1asl = asl + 1NextIf hsl = asl ThenCekHeur = "Malicious-Script"Exit FunctionEnd IfNextCekHeur = ""End FunctionPrivate Function CekIconBinary(PathFile As String)Dim q As IntegerDim IconIDNow As StringCekIconBinary = ""IconIDNow = CalcIcon(PathFile)If IconIDNow = "" Then Exit FunctionFor q = 1 To UBound(IconDB)If IconDB(q) = IconIDNow ThenCekIconBinary = "Malicious-Icon"Exit FunctionEnd IfNext qEnd FunctionPrivate Function CalcBinary(ByVal lpFileName As String, ByVal lpByteCount As Long, Optional ByVal StartByte As Long = 0) As StringDim Bin() As ByteDim ByteSum As LongDim i As LongReDim Bin(lpByteCount) As ByteOpen lpFileName For Binary As #1If StartByte = 0 ThenGet #1, , BinElseGet #1, StartByte, BinEnd IfClose #1For i = 0 To lpByteCount

ByteSum = ByteSum + Bin(i) ^ 2Next iCalcBinary = Hex$(ByteSum)End FunctionPrivate Function CalcIcon(ByVal lpFileName As String) As StringDim PicPath As StringDim ByteSum As StringDim IconExist As LongDim hIcon As LongIconExist = ExtractIconEx(lpFileName, 0, ByVal 0&, hIcon, 1)If IconExist <= 0 Then IconExist = ExtractIconEx(lpFileName, 0, hIcon, ByVal 0&, 1) If IconExist <= 0 Then Exit Function End If frmUtama.sIcon.BackColor = vbWhite DrawIconEx frmUtama.sIcon.hDC, 0, 0, hIcon, 0, 0, 0, 0, DI_NORMAL DestroyIcon hIcon PicPath = Environ$("windir") & "\tmp.tmp" SavePicture frmUtama.sIcon.Image, PicPath ByteSum = CalcBinary(PicPath, FileLen(PicPath)) DeleteFile PicPath CalcIcon = ByteSum End FunctionFungsi di atas adalah fungsi untuk mengecek suatu file dengan metode heuristic icon + heuristic untuk virus VBS

Buat 1 module dengan nama modIconComparelalu masukan code di bawah iniSpoiler: 'Code:Option ExplicitPrivate Const SHGFI_DISPLAYNAME = &H200, SHGFI_EXETYPE = &H2000, SHGFI_SYSICONINDEX = &H4000, SHGFI_LARGEICON = &H0, SHGFI_SMALLICON = &H1, SHGFI_SHELLICONSIZE = &H4, SHGFI_TYPENAME = &H400, ILD_TRANSPARENT = &H1, BASIC_SHGFI_FLAGS = SHGFI_TYPENAME Or SHGFI_SHELLICONSIZE Or SHGFI_SYSICONINDEX Or SHGFI_DISPLAYNAME Or SHGFI_EXETYPEPublic Type SHFILEINFOhIcon As Long: iIcon As Long: dwAttributes As Long: szDisplayName As String * MAX_PATH: szTypeName As String * 80End TypePrivate Declare Function SHGetFileInfo Lib "shell32.dll" Alias"SHGetFileInfoA" (ByVal pszPath As String, ByVal dwFileAttributes As Long, psfi As SHFILEINFO, ByVal cbSizeFileInfo As Long, ByVal uFlags As Long) As LongPrivate Declare Function ImageList_Draw Lib "comctl32.dll"

(ByVal himl As Long, ByVal i As Long, ByVal hdcDest As Long, ByVal x As Long, ByVal y As Long, ByVal flags As Long) As LongPrivate shinfo As SHFILEINFO, sshinfo As SHFILEINFOPrivate Declare Function DrawIconEx Lib "user32.dll" (ByVal hDC As Long, ByVal xLeft As Long, ByVal yTop As Long, ByVal hIcon As Long, ByVal cxWidth As Long, ByVal cyWidth As Long, ByVal istepIfAniCur As Long, ByVal hbrFlickerFreeDraw As Long,ByVal diFlags As Long) As LongPrivate SIconInfo As SHFILEINFO

Public Enum IconRetrievericnLarge = 32ricnSmall = 16End Enum

Public Sub RetrieveIcon(fName As String, DC As PictureBox, icnSize As IconRetrieve)Dim hImgSmall, hImgLarge As LongDebug.Print fNameSelect Case icnSizeCase ricnSmallhImgSmall = SHGetFileInfo(fName$, 0&, shinfo, Len(shinfo), BASIC_SHGFI_FLAGS Or SHGFI_SMALLICON)Call ImageList_Draw(hImgSmall, shinfo.iIcon, DC.hDC, 0, 0, ILD_TRANSPARENT)Case ricnLargehImgLarge& = SHGetFileInfo(fName$, 0&, shinfo, Len(shinfo), BASIC_SHGFI_FLAGS Or SHGFI_LARGEICON)Call ImageList_Draw(hImgLarge, shinfo.iIcon, DC.hDC, 0, 0, ILD_TRANSPARENT)End SelectEnd SubPublic Function ExtractIcon(Filename As String, AddtoImageListAs ImageList, PictureBox As PictureBox, PixelsXY As IconRetrieve, iKey As String) As LongDim SmallIcon As LongDim NewImage As ListImageDim IconIndex As IntegerOn Error GoTo Load_New_IconIf iKey <> "Application" And iKey <> "Shortcut" ThenExtractIcon = AddtoImageList.ListImages(iKey).IndexExit Function

End IfLoad_New_Icon:On Error GoTo Reset_KeyRetrieveIcon Filename, PictureBox, PixelsXYIconIndex = AddtoImageList.ListImages.Count + 1Set NewImage = AddtoImageList.ListImages.Add(IconIndex, iKey, PictureBox.Image)ExtractIcon = IconIndexExit FunctionReset_Key:iKey = ""ResumeEnd FunctionPublic Sub GetLargeIcon(icPath$, pDisp As PictureBox)Dim hImgLrg&: hImgLrg = SHGetFileInfo(icPath$, 0&, SIconInfo, Len(SIconInfo), BASIC_SHGFI_FLAGS Or SHGFI_LARGEICON)ImageList_Draw hImgLrg, SIconInfo.iIcon, pDisp.hDC, 0, 0, ILD_TRANSPARENTEnd Subkode di atas di butuhkan untuk metode heuristic icon pada antivirus

Buat 1 module dengan nama modLVlalu masukan code di bawah iniSpoiler: 'Code:Public Function GetSelected(TheLV As ListView)Dim Sel As StringFor i = 1 To TheLV.ListItems.CountIf TheLV.ListItems.Item(i).Checked = True ThenSel = Sel & "|" & TheLV.ListItems.Item(i).SubItems(1)End IfNextGetSelected = SelEnd Function

Public Function SelectedAll(TheLV As ListView)For i = 1 To TheLV.ListItems.CountTheLV.ListItems.Item(i).Checked = TrueNextEnd Function

Public Function SelectedNone(TheLV As ListView)For i = 1 To TheLV.ListItems.CountTheLV.ListItems.Item(i).Checked = FalseNextEnd Function

Public Function GetIndex(TheLV As ListView, Data As String) AsIntegerFor i = 1 To TheLV.ListItems.CountIf TheLV.ListItems.Item(i).SubItems(1) = Data ThenGetIndex = iEnd IfNextEnd Function

Public Function UnSelect(TheLV As ListView, Data As String)For i = 1 To TheLV.ListItems.CountIf TheLV.ListItems.Item(i).SubItems(3) = Data ThenTheLV.ListItems.Item(i).Checked = FalseEnd IfNextEnd Function

Public Function AddDetect(TheLV As ListView, FilePath As String, VirData As String)With TheLVIf Left(VirData, 9) <> "Malicious" ThenSet lvItm = .ListItems.Add(, , Split(VirData, "|")(0), , frmUtama.ImgSmall.ListImages(1).Index)lvItm.SubItems(1) = FilePathlvItm.SubItems(2) = Split(VirData, "|")(1)lvItm.SubItems(3) = "Virus File"ElseSet lvItm = .ListItems.Add(, , VirData, , frmUtama.ImgSmall.ListImages(1).Index)lvItm.SubItems(1) = FilePathlvItm.SubItems(2) = GetChecksum(FilePath)lvItm.SubItems(3) = "Virus File"End IfEnd WithEnd Function

Code di atas berguna untuk dengatur Listview pada saat virus terdeteksi

Buat 1 module dengan nama modPElalu masukan code di bawah iniSpoiler: 'Code:Public Type IMAGE_DOS_HEADERe_magic As Integere_cblp As Integere_cp As Integere_crlc As Integere_cparhdr As Integere_minalloc As Integere_maxalloc As Integere_ss As Integere_sp As Integere_csum As Integere_ip As Integere_cs As Integere_lfarlc As Integere_ovno As Integere_res(1 To 4) As Integere_oemid As Integere_oeminfo As Integere_res2(1 To 10) As Integere_lfanew As LongEnd Type

Public Type IMAGE_SECTION_HEADERnameSec As String * 6PhisicalAddress As Integer

VirtualSize As LongVirtualAddress As LongSizeOfRawData As LongPointerToRawData As LongPointerToRelocations As LongPointerToLinenumbers As LongNumberOfRelocations As IntegerNumberOfLinenumbers As IntegerCharacteristics As Long

End Type

Public Type IMAGE_DATA_DIRECTORYVirtualAddress As Longsize As LongEnd Type

Public Type IMAGE_OPTIONAL_HEADERMagic As IntegerMajorLinkerVersion As ByteMinorLinkerVersion As ByteSizeOfCode As LongSizeOfInitializedData As LongSizeOfUninitializedData As LongAddressOfEntryPoint As LongBaseOfCode As LongBaseOfData As LongImageBase As LongSectionAlignment As LongFileAlignment As LongMajorOperatingSystemVersion As IntegerMinorOperatingSystemVersion As IntegerMajorImageVersion As IntegerMinorImageVersion As IntegerMajorSubsystemVersion As IntegerMinorSubsystemVersion As IntegerWin32VersionValue As LongSizeOfImage As LongSizeOfHeaders As LongCheckSum As LongSubsystem As IntegerDllCharacteristics As IntegerSizeOfStackReserve As LongSizeOfStackCommit As LongSizeOfHeapReserve As LongSizeOfHeapCommit As LongLoaderFlags As LongNumberOfRvaAndSizes As LongDataDirectory(0 To 15) As IMAGE_DATA_DIRECTORYEnd Type

Public Type IMAGE_FILE_HEADERMachine As IntegerNumberOfSections As IntegerTimeDateStamp As LongPointerToSymbolTable As LongNumberOfSymbols As LongSizeOfOptionalHeader As IntegerCharacteristics As IntegerEnd Type

Public Type IMAGE_NT_HEADERSSignature As LongFileHeader As IMAGE_FILE_HEADEROptionalHeader As IMAGE_OPTIONAL_HEADEREnd Type

Public Type IMAGE_EXPORT_DIRECTORYCharacteristics As LongTimeDateStamp As LongMajorVersion As IntegerMinorVersion As IntegerName As LongBase As LongNumberOfFunctions As LongNumberOfNames As LongAddressOfFunctions As LongAddressOfNames As LongAddressOfNameOrdinals As LongEnd Type

Public Type IMAGE_IMPORT_DESCRIPTOROriginalFirstThunk As LongTimeDateStamp As LongForwarderChain As LongName As LongFirstThunk As LongEnd Type

Public Type IMAGE_IMPORT_BY_NAMEHint As IntegerName As String * 255End Type

Public Const IMAGE_SIZEOF_SECTION_HEADER = 40Public Const IMAGE_DOS_SIGNATURE = &H5A4DPublic Const IMAGE_NT_SIGNATURE = &H4550Public Const IMAGE_ORDINAL_FLAG = &H80000000

Public Enum SECTION_CHARACTERISTICSIMAGE_SCN_LNK_NRELOC_OVFL = &H1000000 'Section contains extended relocations.IMAGE_SCN_MEM_DISCARDABLE = &H2000000 'Section can be discarded.IMAGE_SCN_MEM_NOT_CACHED = &H4000000 'Section is not cachable.IMAGE_SCN_MEM_NOT_PAGED = &H8000000 'Section is not pageable.IMAGE_SCN_MEM_SHARED = &H10000000 'Section is shareable.IMAGE_SCN_MEM_EXECUTE = &H20000000 'Section is executable.IMAGE_SCN_MEM_READ = &H40000000 'Section is readable.IMAGE_SCN_MEM_WRITE = &H80000000 'Section is writeable.End Enum

Public Enum IMAGE_DIRECTORYIMAGE_DIRECTORY_ENTRY_EXPORT = 0 ' Export DirectoryIMAGE_DIRECTORY_ENTRY_IMPORT = 1 ' Import DirectoryIMAGE_DIRECTORY_ENTRY_RESOURCE = 2 ' Resource DirectoryIMAGE_DIRECTORY_ENTRY_EXCEPTION = 3 ' Exception DirectoryIMAGE_DIRECTORY_ENTRY_SECURITY = 4 ' Security DirectoryIMAGE_DIRECTORY_ENTRY_BASERELOC = 5 ' Base Relocation TableIMAGE_DIRECTORY_ENTRY_DEBUG = 6 ' Debug DirectoryIMAGE_DIRECTORY_ENTRY_ARCHITECTURE = 7 ' Architecture SpecificDataIMAGE_DIRECTORY_ENTRY_GLOBALPTR = 8 ' RVA of GPIMAGE_DIRECTORY_ENTRY_TLS = 9 ' TLS DirectoryIMAGE_DIRECTORY_ENTRY_LOAD_CONFIG = 10 ' Load Configuration DirectoryIMAGE_DIRECTORY_ENTRY_BOUND_IMPORT = 11 ' Bound Import Directory in headersIMAGE_DIRECTORY_ENTRY_IAT = 12 ' Import Address TableIMAGE_DIRECTORY_ENTRY_DELAY_IMPORT = 13 ' Delay Load Import DescriptorsIMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR = 14 ' COM Runtime descriptorEnd Enumcode di atas berfungsi untuk pengecekan PE HEADER

buat 1 module dengan nama modScanninglalu tambahkan code di bawah iniSpoiler: 'Code:Public jumlahDir As Long, jumlahFile As Long, jumlahVirus As LongPublic StopScan As Boolean

Public Function CekVirus(FilePath As String) As StringCekVirus = ""For i = 1 To UBound(VirusDB)If GetChecksum(FilePath) = Split(VirusDB(i), "|")(1) ThenCekVirus = VirusDB(i)Exit FunctionEnd IfNextIf FileLen(FilePath) / 1024 <= 512 Then CekVirus = CekHeuristic(FilePath) End If End Function Public Sub FindFilesEx(ByVal lpFolderName As String, ByVal SubDirs As Boolean) Dim i As Long Dim hSearch As Long, WFD As WIN32_FIND_DATA Dim Result As Long, CurItem As String Dim tempDir() As String, dirCount As Long Dim RealPath As String, GetViri As String GetViri = "" dirCount = -1 ScanInfo = "Scan File" If Right$(lpFolderName, 1) = "\" Then RealPath = lpFolderName Else RealPath = lpFolderName & "\" End If hSearch= FindFirstFile(RealPath & "*", WFD) If Not hSearch = INVALID_HANDLE_VALUE Then Result = True Do While Result DoEvents If StopScan = True Then Exit Do CurItem = StripNulls(WFD.cFileName) If Not CurItem = "." And Not CurItem= ".." Then If PathIsDirectory(RealPath & CurItem) <> 0 ThenjumlahDir = jumlahDir + 1frmUtama.lblDirScan.Caption = jumlahDirIf SubDirs = True ThendirCount = dirCount + 1ReDim Preserve tempDir(dirCount) As StringtempDir(dirCount) = RealPath & CurItemEnd IfElsejumlahFile = jumlahFile + 1frmUtama.lblFileScan.Caption = jumlahFilefrmUtama.txtFileScan.Text = RealPath & CurItem

frmUtama.txtFileScan.SelStart = Len(frmUtama.txtFileScan.Text)If WFD.nFileSizeLow > 5120 Or WFD.nFileSizeHigh > 5120 ThenGetViri = CekVirus(RealPath & CurItem)If GetViri <> "" ThenAddDetect frmUtama.lvScan, RealPath & CurItem, GetVirijumlahVirus = jumlahVirus + 1frmUtama.lblFileDet.Caption = jumlahVirusEnd IfEnd IfEnd IfEnd IfResult = FindNextFile(hSearch, WFD)LoopFindClose hSearch

If SubDirs = True ThenIf dirCount <> -1 ThenFor i = 0 To dirCountFindFilesEx tempDir(i), TrueNext iEnd IfEnd IfEnd IfEnd SubCode di atas adalah code untuk scan file & folder pada antivirus

buat 1 module dengan nama modEtcmasukan code di bawah iniSpoiler: 'Code:Public Function Action(Data As String, TheLV As ListView, ModeAs String)Dim Filedata() As StringDim fName, tmp, Status As StringDim y As IntegerFiledata = Split(Data, "|")For i = 1 To UBound(Filedata)a = a + 1If Mode = "Q" ThenfName = GetFileName(Filedata(i))EncodeFile Filedata(i), AppPath & "Quarantine\" & Left$(fName,

Len(fName) - Len(GetExt(Filedata(i)))) & ".avq"AddQList TheLV, Filedata(i), Left$(fName, Len(fName) - Len(GetExt(Filedata(i)))) & ".avq"DeleteFile Filedata(i)Status = "Di Karantina"ElseIf Mode = "D" ThenDeleteFile Filedata(i)Status = "Di Hapus"End Ify = GetIndex(TheLV, Filedata(i))With TheLV.ListItems.Item(y).SubItems(3) = Status.Checked = False.SmallIcon = frmUtama.ImgSmall.ListImages(2).IndexEnd WithNextAction = aEnd Function

Public Function AddQList(TheLV As ListView, FilePath As String, Source As String)Dim Dat As StringDat = AppPath & "Quarantine\HN.dat"If PathFileExists(Dat) <> 0 ThenOpen Dat For Input As #1Input #1, isiClose #1DeleteFile DatElseisi = ""End Ifnamavir = TheLV.ListItems(GetIndex(TheLV, FilePath))If InStrRev(isi, Source, , vbTextCompare) = 0 ThenOpen Dat For Output As #2Print #2, isi & "|" & namavir & "?" & FilePath & "?" & SourceClose #2ElseOpen Dat For Output As #3Print #3, isiClose #3End IfEnd Function

Public Function GetFileName(PathFile As String) As StringDim i As LongDim DirString As LongFor i = 1 To Len(PathFile)If Mid$(PathFile, i, 1) = "\" Then DirString = iNext iGetFileName = Right$(PathFile, Len(PathFile) - DirString)End Function

Public Function GetExt(ByVal lpFileName As String)Dim sTemp As StringDim i As LongsTemp = GetFileName(lpFileName)If InStr(lpFileName, ".") ThenFor i = 0 To Len(sTemp) - 1If Mid$(sTemp, Len(sTemp) - i, 1) = "." ThenGetExt = Mid$(sTemp, Len(sTemp) - i, i)Exit FunctionEnd IfNext iEnd IfEnd FunctionCode di atas adalah kumpulan fungsi etc untuk scanning,karantina,delete

Ini adalah tampilan antivirus setelah di berikan module

sekarang tinggal cara membuat form quarantinenya,

caranya adalah sebagai berikut pada gambar berikut

setelah form baru sudah di buat,lalu rubah nama formnya menjadi frmQuarantine

Tambah 1 buah listview dengan nama lvQlalu setting listview tersebut sesuai dengan gambar di bawah ini,cara setting listview sudah tertera diatas.

Tambahkan 3 buah Command button dengan nama

- cmdDelete- cmdRestore- cmdRestore(1)

Tambahkan code di bawah ini ke dalam Command [ cmdDelete ]

Spoiler: 'Code:If lvQ.ListItems.Count = 0 Then Exit SubDim Data() As StringIf PathFileExists(Dat) <> 0 ThenOpen Dat For Input As #1Input #1, isiClose #1DeleteFile DatElseisi = ""End IfData = Split(isi, "|")For i = 1 To UBound(Data)namafile = lvQ.SelectedItem.SubItems(2)If namafile <> Split(Data(i), "?")(1) Thennyu = nyu & "|" & Data(i)End IfNextDeleteFile AppPath & "Quarantine\" & lvQ.SelectedItem.SubItems(1)Open Dat For Output As #2Print #2, nyuClose #2MsgBox "Success Deleting File !!!", vbInformation, ""UpdateQcode di atas berfungsi untuk menghapus file yang telah di karantina

Masukan code di bawah ini ke Command [ cmdRestore ]Spoiler: 'Code:If lvQ.ListItems.Count = 0 Then Exit Sub

Select Case IndexCase 0DecodeFile AppPath & "Quarantine\" & lvQ.SelectedItem.SubItems(1), lvQ.SelectedItem.SubItems(2)MsgBox "File Restored to " & Chr(34) & lvQ.SelectedItem.SubItems(2) & Chr(34) & " !!!", vbInformation, ""Case 1sTitle = "Select path:" & vbNewLine & "Select path to restore file."ThePath = BrowseFolder(sTitle, Me)If ThePath <> "" ThenDecodeFile AppPath & "Quarantine\" & lvQ.SelectedItem.SubItems(1), ThePath & GetFileName(lvQ.SelectedItem.SubItems(2))MsgBox "File Restored to " & Chr(34) & ThePath & GetFileName(lvQ.SelectedItem.SubItems(2)) & Chr(34) & " !!!", vbInformation, ""End IfEnd SelectFungsi code di atas berguna untuk me restore file kembali ke asalnya.

lalu pada Form_Load() tambahkan code di bawah ini.Spoiler: 'Code:frmUtama.Enabled = FalseDat = AppPath & "Quarantine\HN.dat"UpdateQ

Masukan code di bawah ini ke dalam frmQuarantine yang telah anda buat tadi.Spoiler: 'Code:Dim Dat As StringPrivate Sub UpdateQ()lvQ.ListItems.ClearDim Data() As StringIf PathFileExists(Dat) = 0 Then Exit SubOpen Dat For Input As #1Input #1, isiClose #1

Data = Split(isi, "|")For i = 1 To UBound(Data)With lvQ.ListItems.Add(, , Split(Data(i), "?")(0)).SubItems(1) = Split(Data(i), "?")(2).SubItems(2) = Split(Data(i), "?")(1)End WithNextMe.Caption = "Quarantine (" & lvQ.ListItems.Count & ")"End SubBerfungsi untuk memanggil data yang ada di folder karantina.

Hanya itu ilmu yang bisa saya bagikan. sekarang kita bukan hanya sebagai pemakai atau user sekrang kita sudah bisa mmembuat antivirus.

dan ini adalah Screenshot antivirus yang kita buat tadi saat melakukan scanning.