Professional Documents
Culture Documents
com/
(Most of the malwares use auorun.inf file’s properties to automaticallly install the virus
whenever u double click the pendrive)
When u connect a pendrive with autorun.inf file, it automatically deletes that file and
reports to the user. So u can freely double click your pen drives again.
It also fixes the double click problem on all drives, coz of existence of this
“autorun.inf” file.
The option menu> checking and unchecking of Autorun.inf Guard is not working. i’ll
soon fix that…
In the RegGuard, i’ve also included the fix for registries for “scrfile” used by new
SVCHOST, “Word-iconed” virus.
I started creating and came up with this all these versions software during nite before
exam… my brain works faster during exams.. he he
visit http://piyushlabs.wordpress.com/heal-antivirus/
• CTFMON.exe
• SMSS.exe
• SPOOLSV.exe
• SVCHOST.exe
The icon of these files are EXCTLY like Microsoft Windows MS Word type
• Icon : MS Word
• Type of File: Application
• Description: Microsoft Office Word
• Size : 55.0 KB (56,320 bytes)
• Size on disk: 56.0 KB (57,344 bytes)
• File version : 11.0.5604.0
• Copyright : Copyright © 1983-2003 Microsoft Corporation. All rights reserved.
• Language : Language Neutral
• etc
• HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
• Explorer.exe “C:\recycled\SVCHOST.exe”
If you try to end task one of the process, the other processes make such changes in your
system registry that u’ll be never again able to login to ur windows account. : ( [observed
by me at some cases, still got to work out] The comp logs off as soon as you click on
your account.
Discovered
I’ll work on this soon, didn’t find any occurrence from anywhere else on my blog yet.
So, i have used AutoIt software to make a very nice utility. It automatically finds the
removable drive letter ; )
So get updated with this new utility. And remove all the viruses from your pen drive.
I really like this virus. It creates a lot of files and make a lot of registry changes. Finding
the solution was really challenging. It is built with AutoIt , version unknown. Latest
update of kaspersky do not detect this virus, unless it is scanned thoroughly.
I wont say my heal is totally complete, but still some more work i’m supposed to do with
it, probably to fix some more registries that i still know what they do. Overall my heal
will end task the virus files and restore most of the registries.
This virus/trojan keeps complete look on the system, by taking snap shots every 30
seconds. Suppose u hav this virus for 30 days,just think how much space it will eat. lol
Like the recent coming viruses, even this virus makes exe file inside every folder with the
name of the parent folder. (BUT only in the removable drives, this is what i found). It
spreads via pen drives, leaving regsvr.exe, New Folder.exe, autorun.inf files in the root
directory of pen drive and other <folder named> files inside.
A few days back, aaronik told me that my heal for nhatquanglan has been marked as
Malware by BitDefender. i just couldn’t believe that. But it was true…
so guys u all can expect me to be regular here at piyushlabs from tomo… after a looong
gap. lot of msgs i hav received, and have to work on some new viruses.
Add comment 20 February, 2008
so guys u all can expect me to be regular here at piyushlabs from tomo… after a looong
gap. lot of msgs i hav received, and have to work on some new viruses.
i was called to fix the some problem on Sandeep sir’s comp. i found AVG installed, and
fully up to date. after serching for a few minutes , i found the problem: that was ust
scandal virus. i was amazed coz AVG had latest updates.
after uninstalling virus. the AVG suddenly poppd up and deleted the “Funny UST
Scandal.avi.exe” file. i said: ok, its doing it. but there was another exe file of the same
virus named “smss.exe”. surprisingly, it could not be detected. i thought may, let it be.
i came back to my comp. i have lot of viruses saved in my comp.. he he.. when i looked
into the properties of these two files, what i saw. both of them have SAME SIZE, SAME
MD5 HASH VALUES, only different names. What does it mean, AVG detects viruses
based on “virus name”???
Oh AVG users gonna kill me for this post. Plz i said this was just an observation by me.
May be i am wrong..
My Head is Spinning
i seriously stared my java-jdbc project after coming to hostel (from home). i spent almost
12 hours per day infront of my comp for 1 week. now it seems to be 75% complete. now,
m stuck , i dont know where coz i cannot think any more. we’re supposed to submit it
tomo, but no chance. and college starting from tomo. and m not alone at hostel now.
atleast the compsci guys have come. the mechies needs a few more days to enjoy… i
thought i’d finish my project and enjoy here, but : (
i spent one complete day to find out how to get the current date, and convert it to sql.date
type. a lot more hurdles still on the way till its completion.
now the another tough job is to write the documentation. oh, it su*.
Previous Posts
Blog Stats
• 90,694 hits so far
Calendar
May 2008
M T W T F S S
« Apr
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31
Downloads
Tools
HealAntiVirus
HealPenDrive
AntiDoteByMurtuza
Crackers
FolderLockPWCracker
PCSecurityPWCracker
Heals
Heal_SSVICHOSST
Heal_MS32DLL_Godzilla
Heal_Orkut_Muhuhaha
Heal_ntde1ect.com
Heal_nhatquanglan
Heal_Mahsa
Heal_regsvr
Heal_USTscandal_smss 1.bat 2.bat
Make a Donation
Donate
Comments
• Comment on nhatquanglan Virus by Atul23 May, 2008
• Comment on Mahsa virus by Mohsin Ali22 May, 2008
• Comment on Downloads by reddyjalla22 May, 2008
• Comment on Downloads by babu kumar22 May, 2008
• Comment on SSVICHOSST virus by reena22 May, 2008
• Comment on SAFELY REMOVE VIRUS FROM YOUR PEN DRIVE / HEAL
PEN DRIVE by kameshwararao22 May, 2008
• Comment on >> Report & Submit New Unknown Viruses by sanat jain22 May,
2008