8.7.16

100m FM Receiver

I played with lot of transmitter circuits, jammed several radio stations, I almost killed my annoying radio neighbor Its not actually FM ie 88-108 Mhz .. Here we describe about a variety FM Receiver , We choose BC547 as heart of Receiver front end because

BC547

By at No comments:

6.7.16

Batch / Command Line Antivirus program


Batch Antivirus from notepad.

Its unbelievable that the company itself promoting viruses.

Let me explain the working of leading antivirus programs
  1. One License protect one computer , both hardware & software
  2. All antivirus (AV) programs, not intend to protect External storage devices like CD/DVD , flash drive, external HDD etc.
  3. The AV program collect all virus codes/ infected files inside it for evaluation
  4. If anyone connect his drive to a system , The Antivirus copy all virus into that drive, and infect another system
  5. The Victim buy's another antivirus
  6. and the story goes on... 
Its a rude marketing technique to kill the customer.

Its a fact that no codes, programs, virues can SELF-RUN, viruses are not automatic, something need to trigger them, there are so many loop holes inside windows operating system.

Virus injecting few start up codes into the Explorer.exe or winlogon.exe or svchost,  a few bytes may different from unaffected Explorer.exe, These codes are just a link to original virus file, and does not meant that explorer is infected. Worst situation is Every EXE file inside a pc injected with virus link code, only solution is find and delete the original virus file.

I'LL Explain some of them here:
  1. AUTORUN.INF
  2. FILE SHARING & SECURITY
  3. Start up Entries beyond MS-Config
  4. Autoplay
  5. Wscript.exe
  6. Svchost.exe
  7. wmvcore.dll 
1.Autorun.inf 



One of the most massive viruses spread through misuse of this file. Windows itself promoting this autorun.inf feature. I can say that 99.9% viruses uses autorun feature as a main tool to kill the customer. To Stop the virus activities u need to kill autorun feature.

some funny symptoms, wanna say;-

if u delete autorun, it'll re-appear again.
if u move autorun, it'll came back again.
if u diasable autorun in registry , it'll enable again.
Autorun appear in all drive, you can't do anything.at all.

Victim usually do: following things - start the pc, the startup will surely run, Next the victim surely open any of the drive of get a file, these are enough to trigger virus.



Just write these code on notepad and save it as anty.bat

reg delete "HKCR\*\shell\@=P=r=i=n=t=" /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /f /v "NoDriveTypeAutoRun" /d "000000FF"
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /f /v "NoDriveTypeAutoRun" /d "000000FF"
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /f /v "" /d "000000FF"
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /f /v "" /d "000000FF"
reg add "HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf" /f /v "" /d "@SYS:DoesNotExist"
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf" /f /v "" /d "@SYS:DoesNotExist"
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /f /v "NoAutorun" /d "-"
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /f /v "NoAutorun" /t REG_DWORD /d "00000001"
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /f /v "DisableRegistryTools" /t REG_DWORD /d "0"
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /f /v "DisableTaskMgr" /t REG_DWORD /d "0"

ftype fakefile=C:\\iLEAP\\e.exe "%%1"
assoc .inf=fakefile
assoc .pif=fakefile
assoc .scr=fakefile
assoc .com=fakefile
assoc .dll=fakefile
assoc .img=fakefile
assoc .dos=fakefile
assoc .manifest=fakefile
assoc .vba=fakefile
assoc .vbs=vbsfile
assoc .vbe=fakefile
assoc .v=vbsfile
assoc .6=vbsfile
assoc .`=vbsfile
assoc .1=batfile

for %%c in (c d e f g h i j k l m n o p) do (if exist %%c:\nul (title Locking %%c:
pootam\u.o "%%c:\autorun.inf" /S /D
md %%c:\autorun.inf &echo Hi > "\\?\%%c:\autorun.inf\siva." ))

0t\lin.k "%userprofile%\Desktop\Firefox" "F:\a\o\MFF31\FirefoxPortable.exe" "" "" "" "" "f:\a\y\ico\mz.ico"
xcopy "F:\A\Y\0P\PHOTO_PRINT.CMD" "C:\Documents and Settings\Administrator\SENDTO\" /s/c/y
xcopy "F:\A\Y\0P\VLCRC" "C:\Documents and Settings\Administrator\Application Data\vlc\" /s/c/y

:f:\n.o service start winvnc
start f:\a\y\rain\rm.o &exit
exit

What these code do...
  1. Kill all trails of autorun from registry
  2. associate suspicious file extension to NIL
  3. 'pootam\u.o' is my favorite program 'unlocker'. u can use ur favorite force file deleter program or just disable explorer.exe when you run the .bat
  4. the term \\?\%%c:\ is actually creating an UN-delete-able file, which cannot be modify or delet by user or any program or any codes. its permenant
At the End. If virus cannot create an "Autorun" file at drive start. Then the virus become useless junkie ;-)

rest is your imagiantion... pls post if any doubts.
By at No comments:
Subscribe to: Comments (Atom)