hunting viruses (ျမန္မာလုိ စာအုပ္)
Post on 02-Jan-2016
109 views
TRANSCRIPT
01010101010101010101010101
01010010101010101010101010
10101010101010101010101010
10101010101010101010101010
10101010101010101010101010
10101010101010101010101010
10101010101010101010101010
10101010101010101010101010
10101010010101010101010101
01010101010101010101010101
01010101010101010101010101
01010011010101010101010101
01010101010101010101010101
01010101010101010101010101
01010101010101010101010101
01010101010101010101010110
Hunting Viruses
antivirus manually ါ ါ ါ ါ ါ ါ ါ ါ ( :P ) ါ ါ :P Happy learning
Saving data & scanning virus
ါ ါ ါ boot ါ . Linux ါ ါ :D antivirus ါ ါ ါ update scan ါ antivirus safe mode ါ post F8 ါ ါ ါ windows options safe mode, safe mode with command prompt, safe mode with networking
ါ f m m drivers ါ S f m m ( ) ါ ါ safe mode ါ ါ safe mode antivirus ါ ါ safe mode ါ safe mode ါ f m h mm m cmd boot ါ D S ါ ါ safe mode with networking network ါ ါ ff f networking Update ါ ါ safe mode ါ antivirus ါ safe mode ါ offline update safe mode ါ ( offline update Microsoft security essential avira ါ Updat f ါ www.okviruscleaner.com Update ါ ါ ) ါ ါ m removal ါ ါ ါ
Tracing Viruses ါ ါ ါ Folder options, Registry editor, Task manager ါ ( ါ msconfig ါ msconfig ါ RUN > msconfig ါ ါ ) ါ m ါ ါ ါ ( ) ါ( ါ ါ ါ windows media player ါ ) registry startup list ါ ( ါ msconfig ါ ) ါ ါ folder options f os file ါ ါ task manager ါ registry ါ Hidden f ါ f
folder options ါ ါ ါ task manager ါ task manager registry group policy ါ Group policy ါ registry ါ Run gpedit.msc ါ User configuration > Administration templates > System > Ctrl+Alt+Del options > Remove Task manager ါ Disabled apply,ok ါ
ါ task manager ါ registry editor ါ group policy ါ User configuration > Administration templates > System > Prevent access to registry editing tools ါ D ါ ါ task manager ါ folder options ါ ါ ါ User configuration > Administration templates > Windows Components > Windows explorer > Remove the folder options menu item from the tools menu ါ ါ ါ T m virus process end process ါ
process process ါ ါ ါ ါ process ါ ါ ါ ါ registry ါ Run > regedit registry editor ါ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ါ m ါ
ါ ါ ါ ါ ါ registry ါ ( ါ) sidebar ါ ါ right click delete ါ ါ ါ C:\ Windows\ System32\mgy.exe ါ ါ system32 mgy.exe ါ ါ f ါ
RUN> control folders ါ ါ folder options ါ ါ show hidden files, folders and drives ါ hide extensions for known file types hide protected operating system files ါ extensions ါ note.txt note ါ note.txt ါ E ါ ါ ါ hidden exe ါ ါ love ါ ါ love ါ ါ exe ါ love ါ ါ ါ h ါ ါ ါ Hide proctected os files ါ ါ autorun.inf os ါ ါ ါ . folder options ါ ါ ါ ါ windows xp delete ါ windows 7 ါ system file, read-only file attribute ါ ါ ါ attrib –s –h –r C:\Windows\System32\mgy.exe
cmd C:\Windows\System32\mgy.exe ါ ါ ါ process ါ shutdown ါ linux boot cd ါ :D ) ါ ါ ါ ါ ါ ါ ါ taskmanager ါ registry editor ါ ါ f ါ ါ ါ ါ process kill ါ ါ safe mode ါ ါ ါ ါ registry task manager, folder options, control panel, run ါ anti-virus ါ folder options ါ ါ ါ taskmanager ါ ါ RUN> regedit registry editor ါ ါ HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System HKCU HKEY_CURRENT_USER ါ m
DisableTaskMgr ါ delete ါ
ါ restart m ါ registry setting restart ါ ါ restart logoff ါ ါ ါ logoff explorer.exe process end process ါ ါ ါ reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ System /v DisableTaskMgr /t reg_dword /d 1 /f ါ cmd ါ ါ m ါ notepad
reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ System /v DisableTaskMgr /t reg_dword /d 1 /f .bat ါ batch file ါ ါ ါ m ါ ါ registry ါ ါ ါ ါ Enable registry reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ System /v DisableRegistryTools /f Enable folder options reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ Explorer /v NoFolderOptions /f Enable cmd reg delete HKCU\Software\Policies\Microsoft\Windows\System /v DisableCMD /f Enable RUN reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies \ Explorer /v NoRun /f Enable Control Panel reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ Explorer /v NoControlPanel /f
HKEY_CURRENT_USER(HKCU) ါ HKCU ါ ါ HKLM ါ ါ ါ ါ HKEY_LOCAL_MACHINE(HKLM) ါ ါ registry ါ group policy ါ group policy computer user ါ ါ ါ group policy ါ ါ ါ ါ windows 7 windows xp ါ ntldr ါ ntldr is missing ါ ါ ါ windows cd h ’ cd ါ ) ါ h ’ boot cd boot ါ Start mini windows xp ါ ါ m ါ ါ mini xp ါ ါ ါ ( ) ါ windows xp i386 ါ ါ partition ါ ntldr ntldr, bootmgr m ါ ( ntldr bootmgr ါ ါ ntldr : : ါ ါ ါ ) ါ
ါ linux dual boot linux h ’ ါ
Defending Viruses
anti-virus ါ ါ ါ memory stick ါ ါ ါ ါ autorun.inf exe ါ ါ ါ ါ autorun.inf ါ ါ autorun double click ါ ( autorun ါ 7 ါ xp autorun double click ါ 7 autorun ါ Double click ါ ါ autorun.inf ါ ါ ါ ) autorun ါ Computer Configuration> Administrative Templates > Windows
Components > AutoPlay Policies > Turn Off Autoplay ါ enabled all drives apply,ok ါ
extension hidden file, f ါ navigation pane ါ ါ
ါ autorun.inf ါ ါ ါ ါ autorun.inf notepad ါ ါ [autorun] open=mgy.exe shellexecute=mgy.exe shell\Explore\command=mgy.exe shell\Open\command=mgy.exe shell=Explore ါ ါ ါ autorun mgy.exe ါ mgy.exe ါ f ါ ါ ါ windows 7 autorun.inf ါ m f - f ါ ါ ါ cmd ါ ါ attrib –s –h –r autorun.inf autorun.inf h m - ါ ါ ါ ါ usb disk security ါ usb ါ ါ ါ autorun ါ ါ
ါ ါ autorun autorun ါ ါ ( ါ autorun ါ usb disk security ါ ) ါ usb disk security ါ ါ ါ ါ autorun ါ ါ ါ autorun.inf exe ါ ါ autorun.inf ါ ါ exe ါ ါ autorun.inf autorun.inf ါ ါ autorun.inf ါ cmd ါ mkdir \\.\E:\autorun.inf\con\aux\nul attrib +s +h +r \\.\E:\autorun.inf\con\aux\nul cmd ါ ါ ါ autorun.inf ါ \\.\E:\autorun.inf\con\aux\nul E: drive column ါ F: F:, G: : ါ f ါ ါ f ါ ါ
rmdir \\.E:\autorun.inf /s /q ါ ါ autorun.inf smadav - ါ drive lock ါ ါ autorun.inf ါ ါ ါ ါ ါ ါ ါ ါ Icon exe ါ ါ ါ ါ ါ ါ ါ ါ ါ cmd mm ါ m m ါ D: D: ါ D: ါ ါ attrib –s –h –r ါ ါ D: Hidden, system, - ါ m ါ ါ ါ learning cmd commands ါ :D autorun.inf ါ ါ autorun.inf
ါ batch ါ ါ f ါ :D
@echo off rem start of code :start cls title USB defender program by backb0neb00t3r(MHU) echo To create autorun.inf on your drive, type 1 echo. echo To remove autoun.inf on your drive, type any key echo. set /p pass= echo Your choice# if %pass% equ 1 ( goto create ) else (
goto remove ) :create cls set /p create= echo To create autorun.inf folder, Type your drive letter ( eg. D:, E: ) # mkdir \\.\%create%\autorun.inf\con\aux\nul created by backb0neb00t3r(MHU) attrib +s +h +r %letter%\autorun.inf pause cls set /p decision= echo if you want to restart program, type start and if exit, type any key# if %decision% equ start ( goto start ) else ( msg * Bye Bye, Have a nice day! exit ) :remove cls set /p remove= echo To remove autorun.inf folder, Type your drive letter ( eg. D:, E: ) # rmdir \\.\%remove%\autorun.inf /s /q pause cls
set /p decision1= echo if you want to restart program, type start and if exit, type any key# if %decision1% equ start ( goto start ) else ( msg * Bye Bye, Have a nice day! exit ) rem end of code Written by backb0neb00t3r(MHU)
Greetz to all MHUs