Академический Документы
Профессиональный Документы
Культура Документы
Hunting Viruses
antivirus manually
) :P Happy learning
:P
mode, safe mode with command prompt, safe mode with networking
antivirus safe mode safe mode cmd networking ff safe mode security essential Update m avira network f Update antivirus boot f S f m (
f m
mm D S
Tracing Viruses
Folder options, Registry msconfig RUN > msconfig m ( ) task manager registry Hidden f f ) folder options f ) ( windows media player registry msconfig os file startup list ( ) editor, ( Task manager msconfig
folder options
registry Group policy > Remove Task manager apply,ok Run gpedit.msc
configuration > Administration templates > System > Ctrl+Alt+Del options Disabled
task manager
User configuration > Administration templates > System > task manager
> Windows Components > Windows explorer > Remove the folder options menu item from the tools menu T m end process
process
process
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru n HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
sidebar delete f system32 C:\ Windows\ System32\mgy.exe mgy.exe registry ( ) right click
folder options
show hidden files, folders and drives hide extensions for known file types extensions note exe love h Hide proctected os os options windows xp delete system file, read-only file E
files .
autorun.inf folder
windows 7 attribute
attrib s h r C:\Windows\System32\mgy.exe
cmd C:\Windows\System32\mgy.exe process shutdown :D ) taskmanager registry editor f kill manager, folder options, control panel, run virus taskmanager RUN> regedit HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System HKCU HKEY_CURRENT_USER m registry editor folder options safe mode registry task anti process linux boot cd
DisableTaskMgr
delete
restart logoff
m restart
registry
setting logoff
explorer.exe process
end process
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\
reg
delete
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\
Enable registry reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ System /v DisableRegistryTools /f Enable folder options reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ Explorer /v NoFolderOptions /f Enable cmd reg delete HKCU\Software\Policies\Microsoft\Windows\System /v DisableCMD /f Enable RUN reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies \ Explorer /v NoRun /f Enable Control Panel reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ Explorer /v NoControlPanel /f
HKEY_CURRENT_USER(HKCU) windows xp ntldr cd m boot mini xp ( xp ntldr, bootmgr ntldr : ) i386 m partition ( ntldr : ) ntldr is missing windows 7 registry computer group policy HKLM
HKCU
boot h linux
linux
dual
Defending Viruses
anti-virus memory stick exe autorun.inf double click xp Double click autorun.inf autorun Computer Configuration> Administrative Templates > Windows 7 autorun 7 autorun ) double click ( autorun autorun
autorun.inf
Components > AutoPlay Policies > Turn Off Autoplay all drives apply,ok
enabled
hidden file,
notepad [autorun] open=mgy.exe shellexecute=mgy.exe shell\Explore\command=mgy.exe shell\Open\command=mgy.exe shell=Explore mgy.exe f m f attrib s h r autorun.inf autorun.inf usb h usb disk security m cmd autorun.inf mgy.exe
autorun.inf autorun.inf
autorun windows 7 f
autorun
autorun
autorun autorun usb disk ) autorun.inf autorun.inf autorun.inf cmd autorun.inf exe exe usb disk security
security
autorun
autorun.inf
mkdir \\.\E:\autorun.inf\con\aux\nul attrib +s +h +r \\.\E:\autorun.inf\con\aux\nul cmd drive column F: autorun.inf E: : f f F:, G: \\.\E:\autorun.inf\con\aux\nul
rmdir \\.E:\autorun.inf /s /q attrib s h r Hidden, system, learning cmd commands :D autorun.inf autorun.inf D: m cmd m mm D: D: m D: autorun.inf Icon exe autorun.inf smadav drive lock
f :D
batch
@echo off rem start of code :start cls title USB defender program by backb0neb00t3r(MHU) echo To create autorun.inf on your drive, type 1 echo. echo To remove autoun.inf on your drive, type any key echo. set /p pass= echo Your choice# if %pass% equ 1 ( goto create ) else (
goto remove ) :create cls set /p create= echo To create autorun.inf folder, Type your drive letter ( eg. D:, E: ) # mkdir \\.\%create%\autorun.inf\con\aux\nul created by backb0neb00t3r(MHU) attrib +s +h +r %letter%\autorun.inf pause cls set /p decision= echo if you want to restart program, type start and if exit, type any key# if %decision% equ start ( goto start ) else ( msg * Bye Bye, Have a nice day! exit ) :remove cls set /p remove= echo To remove autorun.inf folder, Type your drive letter ( eg. D:, E: ) # rmdir \\.\%remove%\autorun.inf /s /q pause cls
set /p decision1= echo if you want to restart program, type start and if exit, type any key# if %decision1% equ start ( goto start ) else ( msg * Bye Bye, Have a nice day! exit ) rem end of code
Written by backb0neb00t3r(MHU)