http://piyushlabs.wordpress.

com/

Heal Antivirus Updated to 1.31

Now my antivirus scans for “Autorun.inf” file also.

(Most of the malwares use auorun.inf file’s properties to automaticallly install the virus
whenever u double click the pendrive)
When u connect a pendrive with autorun.inf file, it automatically deletes that file and
reports to the user. So u can freely double click your pen drives again.

It also fixes the double click problem on all drives, coz of existence of this
“autorun.inf” file.

Scans all fixed and removable drives.

The option menu> checking and unchecking of Autorun.inf Guard is not working. i’ll
soon fix that…

In the RegGuard, i’ve also included the fix for registries for “scrfile” used by new
SVCHOST, “Word-iconed” virus.

I started creating and came up with this all these versions software during nite before
exam… my brain works faster during exams.. he he

Oh.. gotta study for tomo… cya guys…

Add comment 22 April, 2008

Heal AntiVirus 1.1 uploaded

Hi guys

i have created a small antivirus tool which guards the regitries

And fixes corrupted registries

visit http://piyushlabs.wordpress.com/heal-antivirus/

Add comment 19 April, 2008

New Virus Attack : (MS Word Icon)
SVCHOST SPOOLSV
Discovered a new virus that resides in c:\Recycled

• CTFMON.exe
• SMSS.exe
• SPOOLSV.exe
• SVCHOST.exe

The icon of these files are EXCTLY like Microsoft Windows MS Word type

• Icon : MS Word
• Type of File: Application
• Description: Microsoft Office Word
• Size : 55.0 KB (56,320 bytes)
• Size on disk: 56.0 KB (57,344 bytes)
• File version : 11.0.5604.0
• Copyright : Copyright © 1983-2003 Microsoft Corporation. All rights reserved.
• Language : Language Neutral
• etc

It adds to the startup at

• HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
• Explorer.exe “C:\recycled\SVCHOST.exe”

If you try to end task one of the process, the other processes make such changes in your
system registry that u’ll be never again able to login to ur windows account. : ( [observed
by me at some cases, still got to work out] The comp logs off as soon as you click on
your account.

• coz of changes to HKLM\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Winlogon\Userinit

Discovered

• Place : rvce, bangalore

• Dated : April 2, 2008
• was present much earlier than this date

I’ll work on this soon, didn’t find any occurrence from anywhere else on my blog yet.

Kaspersky do not detect this virus yet, as on 15 april 2008.

2 comments 15 April, 2008

Heal Pen Drive updated

I have been working for a few days to make my Heal for Pen Drive , a little more
interactive.

So, i have used AutoIt software to make a very nice utility. It automatically finds the
removable drive letter ; )

So get updated with this new utility. And remove all the viruses from your pen drive.

14 comments 1 April, 2008

regsvr.exe / rundll.exe / ‘Microsoft CorpAration’ virus

details & heal uploaded
It has been quite many days. People have been reporting about this new virus. Thanks to
Muthu Kumar, who sent me the virus file for find out the heal.

I really like this virus. It creates a lot of files and make a lot of registry changes. Finding
the solution was really challenging. It is built with AutoIt , version unknown. Latest
update of kaspersky do not detect this virus, unless it is scanned thoroughly.

not-a-virus:Monitor.Win32.007SpySoft.q -> rundll.exe

Worm.Win32.AutoIt.s -> regsvr.exe
The “Microsoft Corparation” tag is really confusing. Mind it, its Corp’a'ration, not
Corp’o'ration … he he

I wont say my heal is totally complete, but still some more work i’m supposed to do with
it, probably to fix some more registries that i still know what they do. Overall my heal
will end task the virus files and restore most of the registries.

This virus/trojan keeps complete look on the system, by taking snap shots every 30
seconds. Suppose u hav this virus for 30 days,just think how much space it will eat. lol

Like the recent coming viruses, even this virus makes exe file inside every folder with the
name of the parent folder. (BUT only in the removable drives, this is what i found). It
spreads via pen drives, leaving regsvr.exe, New Folder.exe, autorun.inf files in the root
directory of pen drive and other <folder named> files inside.

So here is the solution…

6 comments 26 March, 2008

One of my heals marked as Malware by Bitdefender

What sadness….

A few days back, aaronik told me that my heal for nhatquanglan has been marked as
Malware by BitDefender. i just couldn’t believe that. But it was true…

its really sad, u creat a solution for some malware,

and after sometime ur software only is marked as malware.

my program doesn’t even add itself to the startup, nor it replicates..

i dont know why, it has been marked as malware.
if this is the case then probably, my other heals will also be marked as malwares and i
might lose interest in making heals…

6 comments 25 February, 2008

JAVA-JDBC project over

at last yesterday i completed my java project. documentations still left. the project is all
about the management of cd’s, billing, etc at a CD shop. sooo many time i started the
project from scratch, n every time i used to understand new concept, i have never come
across… it was a good experience.

so guys u all can expect me to be regular here at piyushlabs from tomo… after a looong
gap. lot of msgs i hav received, and have to work on some new viruses.
Add comment 20 February, 2008

JAVA-JDBC project over

at last yesterday i completed my java project. documentations still left. the project is all
about the management of cd’s, billing, etc at a CD shop. sooo many time i started the
project from scratch, n every time i used to understand new concept, i have never come
across… it was a good experience.

so guys u all can expect me to be regular here at piyushlabs from tomo… after a looong
gap. lot of msgs i hav received, and have to work on some new viruses.

Add comment 20 February, 2008

Truth about AVG

i was supposed to post this 1 month back

i was called to fix the some problem on Sandeep sir’s comp. i found AVG installed, and
fully up to date. after serching for a few minutes , i found the problem: that was ust
scandal virus. i was amazed coz AVG had latest updates.

after uninstalling virus. the AVG suddenly poppd up and deleted the “Funny UST
Scandal.avi.exe” file. i said: ok, its doing it. but there was another exe file of the same
virus named “smss.exe”. surprisingly, it could not be detected. i thought may, let it be.

i came back to my comp. i have lot of viruses saved in my comp.. he he.. when i looked
into the properties of these two files, what i saw. both of them have SAME SIZE, SAME
MD5 HASH VALUES, only different names. What does it mean, AVG detects viruses
based on “virus name”???

Oh AVG users gonna kill me for this post. Plz i said this was just an observation by me.
May be i am wrong..

7 comments 3 February, 2008

My Head is Spinning
i seriously stared my java-jdbc project after coming to hostel (from home). i spent almost
12 hours per day infront of my comp for 1 week. now it seems to be 75% complete. now,
m stuck , i dont know where coz i cannot think any more. we’re supposed to submit it
tomo, but no chance. and college starting from tomo. and m not alone at hostel now.
atleast the compsci guys have come. the mechies needs a few more days to enjoy… i
thought i’d finish my project and enjoy here, but : (
i spent one complete day to find out how to get the current date, and convert it to sql.date
type. a lot more hurdles still on the way till its completion.

now the another tough job is to write the documentation. oh, it su*.

Add comment 3 February, 2008

Previous Posts

Blog Stats
• 90,694 hits so far

Calendar
May 2008
M T W T F S S
« Apr
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31

Downloads
Tools
HealAntiVirus
HealPenDrive
AntiDoteByMurtuza

Crackers
FolderLockPWCracker
PCSecurityPWCracker

Heals
Heal_SSVICHOSST
Heal_MS32DLL_Godzilla
Heal_Orkut_Muhuhaha
Heal_ntde1ect.com
Heal_nhatquanglan
Heal_Mahsa
Heal_regsvr
Heal_USTscandal_smss 1.bat 2.bat

Make a Donation
Donate

Comments
• Comment on nhatquanglan Virus by Atul23 May, 2008
• Comment on Mahsa virus by Mohsin Ali22 May, 2008
• Comment on Downloads by reddyjalla22 May, 2008
• Comment on Downloads by babu kumar22 May, 2008
• Comment on SSVICHOSST virus by reena22 May, 2008
• Comment on SAFELY REMOVE VIRUS FROM YOUR PEN DRIVE / HEAL
PEN DRIVE by kameshwararao22 May, 2008
• Comment on >> Report & Submit New Unknown Viruses by sanat jain22 May,
2008