β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ CARDING-BEGINERS- Stores
1) Searching for shops comes down to working with Google.
2) Purpose: to find a shop that will be sent to Rush.
3) Necessary characteristics of shops:
Shop should support payment by credit card;
π¦ The shop should send to an arbitrary address (separate from Billing adress).
Sorry forgot about the definitions.
Billing address - Billing adress - address of the card holder.
Shipping address - Shiping adress - delivery address, i.e. your address or drop
back to the shopping characteristics.
The shop should be sent to the country we need (for example, Russia, Ukraine, well, etc.).
Is there a delivery method to the country we need (it often happens that Russia is on the list of countries, but there is no way to deliver there).
These are the necessary characteristics. If you find a store in which all these rules will be followed, you can do it by driving. You say that it is difficult to find so much information. Yes, youβre right, but if youβll pretend to drive it when you go to the
online storeβs website , select a product, register (you just invent all the data), and then go to the payment in your way, looking and defining all the rules described above, you will quickly determine this shop suits you or not.
π¦ In Google, look for shops for example like this:
Google into the .com zone;
A request of type intext: online store & intext: electronic;
We check them according to the rules described above.
Well, sort of and thank you all for your attention.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ CARDING-BEGINERS- Stores
1) Searching for shops comes down to working with Google.
2) Purpose: to find a shop that will be sent to Rush.
3) Necessary characteristics of shops:
Shop should support payment by credit card;
π¦ The shop should send to an arbitrary address (separate from Billing adress).
Sorry forgot about the definitions.
Billing address - Billing adress - address of the card holder.
Shipping address - Shiping adress - delivery address, i.e. your address or drop
back to the shopping characteristics.
The shop should be sent to the country we need (for example, Russia, Ukraine, well, etc.).
Is there a delivery method to the country we need (it often happens that Russia is on the list of countries, but there is no way to deliver there).
These are the necessary characteristics. If you find a store in which all these rules will be followed, you can do it by driving. You say that it is difficult to find so much information. Yes, youβre right, but if youβll pretend to drive it when you go to the
online storeβs website , select a product, register (you just invent all the data), and then go to the payment in your way, looking and defining all the rules described above, you will quickly determine this shop suits you or not.
π¦ In Google, look for shops for example like this:
Google into the .com zone;
A request of type intext: online store & intext: electronic;
We check them according to the rules described above.
Well, sort of and thank you all for your attention.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦HOW INSTALL ALL TERMUX DEPENCIES ?
x11-repo Termux repo for x11 packages pkg install x11-repo
vnc server For graphical output pkg install tigervnc
openbox wm Openbox Window Manager pkg install openbox obconf
xsetroot Set color background for X pkg install xorg-xsetroot
xterm X terminal pkg install xterm
xcompmgr Composite manager or desktop effects pkg install xcompmgr
xfsettingsd The settings daemon, to set themes & icons pkg install xfce4-settings
polybar Easy and fast status bar pkg install polybar libnl
st Suckless/Simple terminal pkg install st
geany Graphical text editor pkg install geany
thunar File manager (optional) pkg install thunar
pcmanfm File manager pkg install pcmanfm
rofi An application launcher pkg install rofi
feh Simple image viewer pkg install feh
neofetch System info program pkg install neofetch
git VCS, for cloning repos pkg install git
wget Command line downloader pkg install wget
curl To transfer/get internet data pkg install curl
zsh A very good shell pkg install zsh
vim Command line text editor (! - hard to exit :D) pkg install vim
htop System monitor (optional) pkg install htop
elinks Command line web browser (optional) pkg install elinks
mutt Command line mail client (optional) pkg install mutt
mc Command line file manager (optional) pkg install mc
ranger Command line file manager (optional) pkg install ranger
cmus Command line music player (optional) pkg install cmus
cava Console-based audio visualizer (optional) pkg install cava
pulseaudio Sound system & audio server (optional) pkg install pulseaudio
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦HOW INSTALL ALL TERMUX DEPENCIES ?
x11-repo Termux repo for x11 packages pkg install x11-repo
vnc server For graphical output pkg install tigervnc
openbox wm Openbox Window Manager pkg install openbox obconf
xsetroot Set color background for X pkg install xorg-xsetroot
xterm X terminal pkg install xterm
xcompmgr Composite manager or desktop effects pkg install xcompmgr
xfsettingsd The settings daemon, to set themes & icons pkg install xfce4-settings
polybar Easy and fast status bar pkg install polybar libnl
st Suckless/Simple terminal pkg install st
geany Graphical text editor pkg install geany
thunar File manager (optional) pkg install thunar
pcmanfm File manager pkg install pcmanfm
rofi An application launcher pkg install rofi
feh Simple image viewer pkg install feh
neofetch System info program pkg install neofetch
git VCS, for cloning repos pkg install git
wget Command line downloader pkg install wget
curl To transfer/get internet data pkg install curl
zsh A very good shell pkg install zsh
vim Command line text editor (! - hard to exit :D) pkg install vim
htop System monitor (optional) pkg install htop
elinks Command line web browser (optional) pkg install elinks
mutt Command line mail client (optional) pkg install mutt
mc Command line file manager (optional) pkg install mc
ranger Command line file manager (optional) pkg install ranger
cmus Command line music player (optional) pkg install cmus
cava Console-based audio visualizer (optional) pkg install cava
pulseaudio Sound system & audio server (optional) pkg install pulseaudio
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ HACKING TIPS :
> Knowing yourself and knowing each other, hacking technology is no longer mysterious
π¦ππΌπ'π πππΈβπ :
> Nowadays, there are very few hacking softwares that are continuously updated. The most famous and the most widely circulated are the "Ahra QQ thieves". At present, most of the QQ stolen incidents are caused by this software. of.
> The conditions of use of the software are very simple, as long as you have a mailbox that supports smtp sending letters or a web space that supports asp scripts. Moreover, the Trojan can automatically divide the stolen QQ numbers into two types: pretty and non-beautiful numbers, and send them to different mailboxes, which is one of the reasons why "Ala QQ thief" is so popular. Next, let us first understand the working principle in order to find a countermeasure against it.
1) Select the hacking mode
Download "Ala QQ Thief", after decompression there are two files: alaqq.exe, Love Forever, Love Babysitter qq.asp. Among them, alaqq.exe is the configuration program of "Ahra QQ thief". Love forever, love nanny qq.asp is the file to be used when using the "website reception" mode. Before formal use, its parameters need to be set.
> "Mailbox receiving" configuration: run alaqq.exe, the program configuration interface appears. In the "Sending Mode Selection" option, select "Receive Mail" and fill in the email address in "Receive Mail" (it is recommended to use the default 163.com NetEase email of the program). Here, take the mailbox n12345@163.com (password n_12345) as an example to introduce the configuration in the "mailbox receiving" mode, and conduct the following tests. In addition, different email addresses can be filled in the "Inbox (Pretty)" and "Inbox (General)" to accept QQ Liang and ordinary QQ numbers. Then select the smtp server corresponding to your mailbox in the drop-down box of "Sending Server", here is smtp.163.com. Finally, fill in the account number, password and full name of the mailbox.
> After setting, we can test whether the content is correct, click the "test mailbox" button below, the program will appear mailbox test status. If all the tested items show success, you can complete the mailbox information configuration.
> "Website Receiving" configuration: In addition to selecting the "Mailbox Receiving" mode, we can also select the "Website Receiving" mode to allow the stolen QQ numbers to be automatically uploaded to the designated website space. Of course, before use, some preparation work is also needed.
> Use FTP software to upload the space that supports eternal love and nanny qq.asp to the ASP script, run alaqq.exe, and enter the URL address of the eternal love and nanny qq.asp in the "Asp interface address". Then, when the Trojan intercepts After the QQ number information, it will be saved in the qq.txt file in the same directory of the love eternal, love nanny qq.asp.
2) Set additional Trojan parameters
Next, we make advanced settings. If you check "Close QQ after running", once the other party runs the Trojan generated by "Ala QQ Thief", QQ will automatically shut down after 60 seconds. When the other party logs into QQ again, their QQ number and password will be intercepted by the Trojan And send it to the mailbox or website space of the pirate. In addition, if you want the trojan to be used in an Internet cafe environment, you need to check "Automatically Restore Restore Wizard" so that the trojan can still run after the system restarts. Except these two items, the others can be kept as default.
3) Stealing QQ number information
π¦ HACKING TIPS :
> Knowing yourself and knowing each other, hacking technology is no longer mysterious
π¦ππΌπ'π πππΈβπ :
> Nowadays, there are very few hacking softwares that are continuously updated. The most famous and the most widely circulated are the "Ahra QQ thieves". At present, most of the QQ stolen incidents are caused by this software. of.
> The conditions of use of the software are very simple, as long as you have a mailbox that supports smtp sending letters or a web space that supports asp scripts. Moreover, the Trojan can automatically divide the stolen QQ numbers into two types: pretty and non-beautiful numbers, and send them to different mailboxes, which is one of the reasons why "Ala QQ thief" is so popular. Next, let us first understand the working principle in order to find a countermeasure against it.
1) Select the hacking mode
Download "Ala QQ Thief", after decompression there are two files: alaqq.exe, Love Forever, Love Babysitter qq.asp. Among them, alaqq.exe is the configuration program of "Ahra QQ thief". Love forever, love nanny qq.asp is the file to be used when using the "website reception" mode. Before formal use, its parameters need to be set.
> "Mailbox receiving" configuration: run alaqq.exe, the program configuration interface appears. In the "Sending Mode Selection" option, select "Receive Mail" and fill in the email address in "Receive Mail" (it is recommended to use the default 163.com NetEase email of the program). Here, take the mailbox n12345@163.com (password n_12345) as an example to introduce the configuration in the "mailbox receiving" mode, and conduct the following tests. In addition, different email addresses can be filled in the "Inbox (Pretty)" and "Inbox (General)" to accept QQ Liang and ordinary QQ numbers. Then select the smtp server corresponding to your mailbox in the drop-down box of "Sending Server", here is smtp.163.com. Finally, fill in the account number, password and full name of the mailbox.
> After setting, we can test whether the content is correct, click the "test mailbox" button below, the program will appear mailbox test status. If all the tested items show success, you can complete the mailbox information configuration.
> "Website Receiving" configuration: In addition to selecting the "Mailbox Receiving" mode, we can also select the "Website Receiving" mode to allow the stolen QQ numbers to be automatically uploaded to the designated website space. Of course, before use, some preparation work is also needed.
> Use FTP software to upload the space that supports eternal love and nanny qq.asp to the ASP script, run alaqq.exe, and enter the URL address of the eternal love and nanny qq.asp in the "Asp interface address". Then, when the Trojan intercepts After the QQ number information, it will be saved in the qq.txt file in the same directory of the love eternal, love nanny qq.asp.
2) Set additional Trojan parameters
Next, we make advanced settings. If you check "Close QQ after running", once the other party runs the Trojan generated by "Ala QQ Thief", QQ will automatically shut down after 60 seconds. When the other party logs into QQ again, their QQ number and password will be intercepted by the Trojan And send it to the mailbox or website space of the pirate. In addition, if you want the trojan to be used in an Internet cafe environment, you need to check "Automatically Restore Restore Wizard" so that the trojan can still run after the system restarts. Except these two items, the others can be kept as default.
3) Stealing QQ number information
After configuring "Ala QQ Thief", click "Generate Trojan" in the program interface to generate a Trojan horse program that can steal QQ numbers. We can disguise the program as an image, a mini-game, or bundle it with other software for dissemination. When someone runs the corresponding file, the Trojan will be hidden in the system. When there is a QQ login in the system, the Trojan will start working, intercept the relevant number and password, and send the information to the mailbox or Website space.
4) Practise smart eyes, so that Trojans have nowhere to escape in the system
Now that we have understood the general process of "Ala QQ Thief", how can we find "Ala QQ Thief" from the system? In general, if you encounter the following situations, you should be careful.
Β·> automatically closes.
Β· It disappears after running a program.
Β· The anti-virus software closes automatically after running a program.
Β· The browser is automatically closed when accessing the antivirus software website.
Β· If the anti-virus software has a mail monitoring function, a warning box will appear for the program to send mail.
Β· A network firewall (such as Skynet firewall) is installed, and NTdhcp.exe accesses the network warning.
π¦If one or more of the above conditions occur, the system may have been infected with "Ala QQ Thief". Of course, it is not terrible to be infected with a Trojan. We can also remove it from the system.
1) Kill the Trojan manually. After discovering that the system is infected with "Ala QQ Thief", we can manually remove it. "Ala QQ Thief" will generate a file named NTdhcp.exe in the system32 folder in the system directory after running, and add the Trojan key value in the startup item of the registry so that it can run every time the system starts Trojan. The first thing we need to do is to run the "task manager" and end the Trojan process "NTdhcp.exe". Then open the "folder options" in the Explorer, select the "View" tab, and uncheck the "Hide protected operating system files" option. Then enter the system32 folder in the system directory and delete the NTdhcp.exe file. Finally, enter the registry to delete the NTdhcp.exe key value, which is located at HKEY_LOCAL_MACHINE
\ Software \ Microsoft \ Windows \ Currentversion \ Run.
2) Uninstall the Trojan. Uninstalling "Ala QQ Thief" is very simple. Just download the configuration program of "Ala QQ Thief" and click the "Uninstall Program" button after running to completely remove the Trojan from the system.
3) Take retreat as the advance and give the hackers a fatal blow
After being busy for a long time, I finally cleared the "Ahra QQ thief" in the system. So, should we give him a lesson in the face of hateful hackers?
1. Take advantage of loopholes and switch from defense to attack
The so-called "attack" here is not to directly invade the computer of the pirate. I believe this "technical work" is not suitable for everyone. Here is just to start from the loopholes that almost exist in the hacking software, so as to teach the hackers a lesson.
So what is this loophole?
From the previous analysis of "Ala QQ Thief", you can see that the configuration part filled in the email account and password for receiving QQ number information emails, and the email account and password are all stored in the Trojan horse program in plain text. Therefore, we can find the email account and password of the thief from the generated Trojan horse program. Furthermore, it is easy to control the mailboxes of the number thieves, so that the number thieves can't steal the chickens and can't turn back the rice.
Tip: The above vulnerability only exists in Trojan horses that send QQ number information by email. If you choose to use the website receiving method during the configuration of "Ala QQ Thief", the vulnerability does not exist.
2. Network sniffing, anti-robbing the hacker's mailbox
4) Practise smart eyes, so that Trojans have nowhere to escape in the system
Now that we have understood the general process of "Ala QQ Thief", how can we find "Ala QQ Thief" from the system? In general, if you encounter the following situations, you should be careful.
Β·> automatically closes.
Β· It disappears after running a program.
Β· The anti-virus software closes automatically after running a program.
Β· The browser is automatically closed when accessing the antivirus software website.
Β· If the anti-virus software has a mail monitoring function, a warning box will appear for the program to send mail.
Β· A network firewall (such as Skynet firewall) is installed, and NTdhcp.exe accesses the network warning.
π¦If one or more of the above conditions occur, the system may have been infected with "Ala QQ Thief". Of course, it is not terrible to be infected with a Trojan. We can also remove it from the system.
1) Kill the Trojan manually. After discovering that the system is infected with "Ala QQ Thief", we can manually remove it. "Ala QQ Thief" will generate a file named NTdhcp.exe in the system32 folder in the system directory after running, and add the Trojan key value in the startup item of the registry so that it can run every time the system starts Trojan. The first thing we need to do is to run the "task manager" and end the Trojan process "NTdhcp.exe". Then open the "folder options" in the Explorer, select the "View" tab, and uncheck the "Hide protected operating system files" option. Then enter the system32 folder in the system directory and delete the NTdhcp.exe file. Finally, enter the registry to delete the NTdhcp.exe key value, which is located at HKEY_LOCAL_MACHINE
\ Software \ Microsoft \ Windows \ Currentversion \ Run.
2) Uninstall the Trojan. Uninstalling "Ala QQ Thief" is very simple. Just download the configuration program of "Ala QQ Thief" and click the "Uninstall Program" button after running to completely remove the Trojan from the system.
3) Take retreat as the advance and give the hackers a fatal blow
After being busy for a long time, I finally cleared the "Ahra QQ thief" in the system. So, should we give him a lesson in the face of hateful hackers?
1. Take advantage of loopholes and switch from defense to attack
The so-called "attack" here is not to directly invade the computer of the pirate. I believe this "technical work" is not suitable for everyone. Here is just to start from the loopholes that almost exist in the hacking software, so as to teach the hackers a lesson.
So what is this loophole?
From the previous analysis of "Ala QQ Thief", you can see that the configuration part filled in the email account and password for receiving QQ number information emails, and the email account and password are all stored in the Trojan horse program in plain text. Therefore, we can find the email account and password of the thief from the generated Trojan horse program. Furthermore, it is easy to control the mailboxes of the number thieves, so that the number thieves can't steal the chickens and can't turn back the rice.
Tip: The above vulnerability only exists in Trojan horses that send QQ number information by email. If you choose to use the website receiving method during the configuration of "Ala QQ Thief", the vulnerability does not exist.
2. Network sniffing, anti-robbing the hacker's mailbox
When the Trojan intercepts the QQ number and password, it will send the information to the hacker's mailbox in the form of e-mail. We can start from here. The Trojan horse intercepts the network data packets during the email process. This intercepted The data package contains the account number and password of the hacker's mailbox. When intercepting data packets, we can use some network sniffing software. These sniffing software can easily intercept data packets and automatically filter out password information.
Β· X-sniff
x-sniff is a sniffer tool under the command line. Its sniffer ability is very powerful, especially suitable for sniffing password information in data packets.
Unzip the downloaded x-sniff into a directory, such as "c: \", then run "Command Prompt", enter the directory where x-sniff is located in the "Command Prompt", and then enter the command "xsiff." exe
-pass -hide -log
"pass.log" is enough (command meaning: run x-sniff in the background, filter out the password information from the data packet, and save the sniffed password information to the pass.log file in the same directory).
After setting the sniffer software, we can log in to QQ normally. At this point, the Trojan also started to run, but since we have run x-sniff, the information sent by the Trojan will be intercepted. After a while, go to the folder where x-sniff is located and open pass.log, you can find that x-sniff has successfully sniffed the account and password of the mailbox.
π¦Sinffer
1) Perhaps many friends have a sense of fear about what is on the command line, so we can use a graphical sniffer tool to sniff. For example, sinffer suitable for novices.
2) Before running sinffer, we need to install WinPcap driver, otherwise sinffer will not run normally.
3) Run sinffer. First, we need to specify a network card for sinffer.exe, click the network card icon on the toolbar, select the network card we use in the pop-up window, and click "OK" to complete the configuration. After confirming the above configuration, click the "Start" button in the sinffer toolbar, and the software will start sniffing.
4) Next, we log in to QQ normally. If the sniffing is successful, the captured data packet will appear in the interface of the sinffer. The password information of the email account is listed clearly.
After getting the email account and password of the thief, we can delete all the QQ number information emails or modify his email password to give the thief a lesson and let us rookie be just.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Β· X-sniff
x-sniff is a sniffer tool under the command line. Its sniffer ability is very powerful, especially suitable for sniffing password information in data packets.
Unzip the downloaded x-sniff into a directory, such as "c: \", then run "Command Prompt", enter the directory where x-sniff is located in the "Command Prompt", and then enter the command "xsiff." exe
-pass -hide -log
"pass.log" is enough (command meaning: run x-sniff in the background, filter out the password information from the data packet, and save the sniffed password information to the pass.log file in the same directory).
After setting the sniffer software, we can log in to QQ normally. At this point, the Trojan also started to run, but since we have run x-sniff, the information sent by the Trojan will be intercepted. After a while, go to the folder where x-sniff is located and open pass.log, you can find that x-sniff has successfully sniffed the account and password of the mailbox.
π¦Sinffer
1) Perhaps many friends have a sense of fear about what is on the command line, so we can use a graphical sniffer tool to sniff. For example, sinffer suitable for novices.
2) Before running sinffer, we need to install WinPcap driver, otherwise sinffer will not run normally.
3) Run sinffer. First, we need to specify a network card for sinffer.exe, click the network card icon on the toolbar, select the network card we use in the pop-up window, and click "OK" to complete the configuration. After confirming the above configuration, click the "Start" button in the sinffer toolbar, and the software will start sniffing.
4) Next, we log in to QQ normally. If the sniffing is successful, the captured data packet will appear in the interface of the sinffer. The password information of the email account is listed clearly.
After getting the email account and password of the thief, we can delete all the QQ number information emails or modify his email password to give the thief a lesson and let us rookie be just.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Dump Login Passwords From Current Linux Users :
T.me/UndercodeTesting
π¦πβπππΈπππππΈπππβ & βπβ :
We will use git to clone the mimipenguin repository, so first install git on the system if in case you donβt have it.
$ sudo apt install git #Debian/Ubuntu systems
$ sudo yum install git #RHEL/CentOS systems
$ sudo dnf install git #Fedora 22+
> Then clone the mimipenguin directory in your home folder (any where else) like this:
$ git clone https://github.com/huntergregal/mimipenguin.git
Once you have downloaded the directory, move into it and run mimipenguin as follows:
$ cd mimipenguin/
$ ./mimipenguin.sh
> Note: If you encounter the error below, use the sudo command like so:
Root required - You are dumping memory...
Even mimikatz requires administrator
Dump Login Passwords in Linux
Dump Login Passwords in Linux
π¦mimipenguin provides you the desktop environment along with the username and password.
Alternatively, run the Python script as follows:
$ sudo ./mimipenguin.py
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Dump Login Passwords From Current Linux Users :
T.me/UndercodeTesting
π¦πβπππΈπππππΈπππβ & βπβ :
We will use git to clone the mimipenguin repository, so first install git on the system if in case you donβt have it.
$ sudo apt install git #Debian/Ubuntu systems
$ sudo yum install git #RHEL/CentOS systems
$ sudo dnf install git #Fedora 22+
> Then clone the mimipenguin directory in your home folder (any where else) like this:
$ git clone https://github.com/huntergregal/mimipenguin.git
Once you have downloaded the directory, move into it and run mimipenguin as follows:
$ cd mimipenguin/
$ ./mimipenguin.sh
> Note: If you encounter the error below, use the sudo command like so:
Root required - You are dumping memory...
Even mimikatz requires administrator
Dump Login Passwords in Linux
Dump Login Passwords in Linux
π¦mimipenguin provides you the desktop environment along with the username and password.
Alternatively, run the Python script as follows:
$ sudo ./mimipenguin.py
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Virus classification and their characteristics
youtube.com/Undercode
π¦ππΌπ'π πππΈβπ :
To really identify the virus and kill the virus in time, we also need to have a more detailed understanding of the virus, and the more detailed the better!
Viruses are written separately by many scattered individuals or organizations, and there is no standard to measure and divide, so the classification of viruses can be roughly divided from multiple angles.
According to the target of infection, viruses can be divided into the following categories:
a. Guided virus
The target of this type of virus attack is the boot sector of the disk, so that the system can obtain priority execution rights during startup, so as to achieve the purpose of controlling the entire system. This type of virus infects the boot sector, so it causes losses It is relatively large, in general, it will cause the system to fail to start normally, but it is also easier to kill such viruses. Most antivirus software can kill such viruses, such as KV300 and KILL series.
b. File virus
Early such viruses generally infected executable files with extensions such as exe, com, etc., so that when you execute an executable file, the virus program was activated. Recently, some viruses have infected files with extensions of dll, ovl, sys, etc., because these files are usually the configuration and link files of a program, so the virus is automatically loaded by the quilt when executing a program. They are loaded by inserting whole paragraphs of virus code or scattered into the blank bytes of these files. For example, CIH virus splits itself into 9 segments and embeds them into the executable file of the PE structure. The number of sections has not increased, this is its hidden side.
c. Network viruses
This virus is the product of the rapid development of the Internet in recent years. The target of infection is no longer limited to a single mode and a single executable file, but more comprehensive and more hidden. Now some network viruses can infect almost all OFFICE files, such as WORD, EXCEL, e-mail, etc. The method of attack has also changed, from the original deletion and modification of files to file encryption and the stealing of user's useful information (such as hacking programs). The qualitative leap of transmission has also taken place. Network, such as e-mail, electronic advertising, etc.
d. Compound virus
It is classified as a "composite virus" because they have certain characteristics of both "boot" and "file" viruses. They can infect both the boot sector file of the disk and some executable files. If there is no comprehensive removal of this type of virus, the residual virus can recover itself and cause infection of boot sector files and executable files. Therefore, it is extremely difficult to check and kill such viruses. The antivirus software used must also have The function of killing two types of viruses.
The above is divided according to the objects infected by the virus. If divided according to the damage degree of the virus, we can divide the virus into the following types:
a, benign virus:
The reason why these viruses call them benign viruses is because the purpose of their invasion is not to damage your system, but just to play with it. Most of them are junior virus enthusiasts who want to test their level of developing virus programs. They don't want to damage your system, they just make some sounds, or show some prompts. There is no other harm besides occupying some hard disk space and CPU processing time. For example, some Trojan virus programs are also like this, just want to steal some communication information on your computer, such as passwords, IP addresses, etc., for use when needed.
b. Malignant virus
π¦Virus classification and their characteristics
youtube.com/Undercode
π¦ππΌπ'π πππΈβπ :
To really identify the virus and kill the virus in time, we also need to have a more detailed understanding of the virus, and the more detailed the better!
Viruses are written separately by many scattered individuals or organizations, and there is no standard to measure and divide, so the classification of viruses can be roughly divided from multiple angles.
According to the target of infection, viruses can be divided into the following categories:
a. Guided virus
The target of this type of virus attack is the boot sector of the disk, so that the system can obtain priority execution rights during startup, so as to achieve the purpose of controlling the entire system. This type of virus infects the boot sector, so it causes losses It is relatively large, in general, it will cause the system to fail to start normally, but it is also easier to kill such viruses. Most antivirus software can kill such viruses, such as KV300 and KILL series.
b. File virus
Early such viruses generally infected executable files with extensions such as exe, com, etc., so that when you execute an executable file, the virus program was activated. Recently, some viruses have infected files with extensions of dll, ovl, sys, etc., because these files are usually the configuration and link files of a program, so the virus is automatically loaded by the quilt when executing a program. They are loaded by inserting whole paragraphs of virus code or scattered into the blank bytes of these files. For example, CIH virus splits itself into 9 segments and embeds them into the executable file of the PE structure. The number of sections has not increased, this is its hidden side.
c. Network viruses
This virus is the product of the rapid development of the Internet in recent years. The target of infection is no longer limited to a single mode and a single executable file, but more comprehensive and more hidden. Now some network viruses can infect almost all OFFICE files, such as WORD, EXCEL, e-mail, etc. The method of attack has also changed, from the original deletion and modification of files to file encryption and the stealing of user's useful information (such as hacking programs). The qualitative leap of transmission has also taken place. Network, such as e-mail, electronic advertising, etc.
d. Compound virus
It is classified as a "composite virus" because they have certain characteristics of both "boot" and "file" viruses. They can infect both the boot sector file of the disk and some executable files. If there is no comprehensive removal of this type of virus, the residual virus can recover itself and cause infection of boot sector files and executable files. Therefore, it is extremely difficult to check and kill such viruses. The antivirus software used must also have The function of killing two types of viruses.
The above is divided according to the objects infected by the virus. If divided according to the damage degree of the virus, we can divide the virus into the following types:
a, benign virus:
The reason why these viruses call them benign viruses is because the purpose of their invasion is not to damage your system, but just to play with it. Most of them are junior virus enthusiasts who want to test their level of developing virus programs. They don't want to damage your system, they just make some sounds, or show some prompts. There is no other harm besides occupying some hard disk space and CPU processing time. For example, some Trojan virus programs are also like this, just want to steal some communication information on your computer, such as passwords, IP addresses, etc., for use when needed.
b. Malignant virus
We classify viruses that only interfere with software systems, steal information, modify system information, and do not cause serious consequences such as hardware damage and data loss, as "malignant viruses." After such viruses invade the system, except for normal use, There is no other loss. After the system is damaged, you only need to reinstall a part of the system file to restore it. Of course, you must kill these viruses and reinstall the system.
c. Very malignant virus
This type of virus is more damaged than the above type b virus. Generally, if you are infected with this type of virus, your system will completely crash, and it will not start normally at all. The useful data you keep in the hard disk may also vary It can't be obtained, the lighter is just deleting system files and applications.
d. Catastrophic virus
This type of virus can know the degree of damage it will bring to us from its name. This type of virus generally destroys the boot sector file of the disk, modifies the file allocation table and hard disk partition table, causing the system to not start at all. Sometimes It will even format or lock your hard drive, making you unable to use it. Once infected with this kind of virus, your system will be difficult to recover, and the data remaining on the hard disk will be difficult to obtain. The damage caused is very huge, so when should our evolution theory be the worst?
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
c. Very malignant virus
This type of virus is more damaged than the above type b virus. Generally, if you are infected with this type of virus, your system will completely crash, and it will not start normally at all. The useful data you keep in the hard disk may also vary It can't be obtained, the lighter is just deleting system files and applications.
d. Catastrophic virus
This type of virus can know the degree of damage it will bring to us from its name. This type of virus generally destroys the boot sector file of the disk, modifies the file allocation table and hard disk partition table, causing the system to not start at all. Sometimes It will even format or lock your hard drive, making you unable to use it. Once infected with this kind of virus, your system will be difficult to recover, and the data remaining on the hard disk will be difficult to obtain. The damage caused is very huge, so when should our evolution theory be the worst?
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦FIX YOUR PC INFECTED
1. Scanning method of anti-virus software
This is probably the first choice for most of our friends, and I am afraid that it is the only choice. Nowadays, there are more and more types of viruses, and the methods of concealment are becoming more and more clever. Virus software developers pose challenges.
2. Observation method
This method can only be accurately observed when you understand the symptoms of some virus outbreaks and where you usually live. When the hard disk is booting, it often crashes, the system boot time is long, the running speed is very slow, the hard disk cannot be accessed, and special sounds or prompts appear. When the above failures occur in the first point, we must first consider that It βs strange, but you ca nβt go all the way through. I did nβt talk about software and hardware failures, and those symptoms may also appear! We can observe from the following aspects for those caused by viruses:
a, memory observation
This method is generally used for viruses found under DOS. We can use the "mem / c / p" command under DOS to check the memory usage of each program, and find the memory occupied by viruses (generally not occupied separately, but attached Among other programs), the memory occupied by some viruses is also relatively hidden. You cannot find it with "mem / c / p", but you can see that there is less than 1k or a few K in the total basic memory of 640K.
b. Registry observation method
This kind of method is generally applicable to the so-called hacker programs that have recently appeared, such as Trojan horse programs. These viruses are generally modified or activated in the registry to achieve automatic startup or loading. Generally, they are implemented in the following places:
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion
Wait, for details, please refer to my other article-"Troubleshooting Trojans", where there will be a more detailed analysis of the possible registration areas.
c. System configuration file observation method
This type of method is also generally suitable for hacker programs. Such viruses are generally hidden in system.ini, wini.ini (Win9x / WinME) and the startup group. There is a "shell =" item in the system.ini file In the wini.ini file, there are "load =" and "run =" items. These viruses generally load their own programs in these items. Note that sometimes some original programs are modified. We can run the msconfig.exe program in Win9x / WinME to check one by one. For details, please refer to my article "Troubleshooting Trojan Horses".
d. Character string observation method
This method is mainly aimed at some special viruses. When these viruses invade, they will write corresponding feature codes. For example, CIH virus will write a string like "CIH" in the invaded file. Of course, we cannot easily find , We can use the hexadecimal code editor to edit the main system files (such as Explorer.exe). Of course, it is better to back up before editing, after all, it is the main system file.
e. Hard disk space observation method
Some viruses will not damage your system files, but only generate a hidden file. This file generally has little content, but it takes up a lot of hard disk space. Sometimes it is too large to allow your hard disk to run general programs, but you I ca nβt see it. At this time, we have to open the resource manager, and then set the properties of the content we view to a file that can view all the properties ...
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦FIX YOUR PC INFECTED
1. Scanning method of anti-virus software
This is probably the first choice for most of our friends, and I am afraid that it is the only choice. Nowadays, there are more and more types of viruses, and the methods of concealment are becoming more and more clever. Virus software developers pose challenges.
2. Observation method
This method can only be accurately observed when you understand the symptoms of some virus outbreaks and where you usually live. When the hard disk is booting, it often crashes, the system boot time is long, the running speed is very slow, the hard disk cannot be accessed, and special sounds or prompts appear. When the above failures occur in the first point, we must first consider that It βs strange, but you ca nβt go all the way through. I did nβt talk about software and hardware failures, and those symptoms may also appear! We can observe from the following aspects for those caused by viruses:
a, memory observation
This method is generally used for viruses found under DOS. We can use the "mem / c / p" command under DOS to check the memory usage of each program, and find the memory occupied by viruses (generally not occupied separately, but attached Among other programs), the memory occupied by some viruses is also relatively hidden. You cannot find it with "mem / c / p", but you can see that there is less than 1k or a few K in the total basic memory of 640K.
b. Registry observation method
This kind of method is generally applicable to the so-called hacker programs that have recently appeared, such as Trojan horse programs. These viruses are generally modified or activated in the registry to achieve automatic startup or loading. Generally, they are implemented in the following places:
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion
Wait, for details, please refer to my other article-"Troubleshooting Trojans", where there will be a more detailed analysis of the possible registration areas.
c. System configuration file observation method
This type of method is also generally suitable for hacker programs. Such viruses are generally hidden in system.ini, wini.ini (Win9x / WinME) and the startup group. There is a "shell =" item in the system.ini file In the wini.ini file, there are "load =" and "run =" items. These viruses generally load their own programs in these items. Note that sometimes some original programs are modified. We can run the msconfig.exe program in Win9x / WinME to check one by one. For details, please refer to my article "Troubleshooting Trojan Horses".
d. Character string observation method
This method is mainly aimed at some special viruses. When these viruses invade, they will write corresponding feature codes. For example, CIH virus will write a string like "CIH" in the invaded file. Of course, we cannot easily find , We can use the hexadecimal code editor to edit the main system files (such as Explorer.exe). Of course, it is better to back up before editing, after all, it is the main system file.
e. Hard disk space observation method
Some viruses will not damage your system files, but only generate a hidden file. This file generally has little content, but it takes up a lot of hard disk space. Sometimes it is too large to allow your hard disk to run general programs, but you I ca nβt see it. At this time, we have to open the resource manager, and then set the properties of the content we view to a file that can view all the properties ...
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β