β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to completely kill the computer drive virus? How to avoid the computer drive virus?
2οΈβ£ This kind of virus is not intended for downloaders, so how to avoid it.
Recognize disk drive viruses
3οΈβ£The disk drive virus is not a virus in the strict sense, because it is not for downloader purposes, it is generated under the jade Windows system directory, and the main file formats are only lsass.exe and smss.exe.
π¦How to completely kill the computer drive virus? How to avoid the computer drive virus?
The Trojan Trojan has recently become a hot topic in the security field. The author of the Trojan Trojan has been updated several times, and the infection rate and destructive power are gradually increasing. So how can we completely kill these viruses. This kind of virus is not intended for downloaders, so how to avoid it. Let's study together1οΈβ£ The gradual increasing trend of the computer Internet has led to the rapid development of computer viruses now. This is undoubtedly a great blow to our normal use of computers. The new computer disk machine virus that appeared in the past few years has made many users who use the computer have a headache, so how can we completely kill such viruses.
2οΈβ£ This kind of virus is not intended for downloaders, so how to avoid it.
Recognize disk drive viruses
3οΈβ£The disk drive virus is not a virus in the strict sense, because it is not for downloader purposes, it is generated under the jade Windows system directory, and the main file formats are only lsass.exe and smss.exe.
There are indeed many types of disk drive viruses. At present, more than 100 different forms have been mutated, which has led to the inability of system management tools to run.
π¦Main transmission routes :
The biggest threat of this kind of virus is actually to unpack the RAR file, and through the uncompressed file infection, we store the EXE in the device and then continue to spread
The biggest threat of this kind of virus is actually to unpack the RAR file, and through the uncompressed file infection, we store the EXE in the device and then continue to spread
At present, the main transmission methods of disk drive viruses are: U disk, malicious websites, the transmission of poisoning pathogens, and the spread of network ARP attacks.
π¦Ways to eliminate disk machine virus
>Try not to visit unfamiliar and malicious websites, and find out the reason when you find that the security software in the computer is not available.
> If you are in a host computer with a large number of LANs, you can use the APP protection function in the computer, for example, turn on-Tencent Computer Manager-Toolbox-APP firewall- or malwarebytes
tradition ways
> just be aware from malwares in disk drive
THIS TUTORIALS WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
>Try not to visit unfamiliar and malicious websites, and find out the reason when you find that the security software in the computer is not available.
> If you are in a host computer with a large number of LANs, you can use the APP protection function in the computer, for example, turn on-Tencent Computer Manager-Toolbox-APP firewall- or malwarebytes
tradition ways
> just be aware from malwares in disk drive
THIS TUTORIALS WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to use the system's own command to get manual antivirus
It is better to use your own tools to hang up the virus yourself than the installed software. That is to use the system's own command to get the manual antivirus. The specific steps are as follows:
1οΈβ£Before you start, remember to be prepared-use TaskList to back up the system process
2οΈβ£New viruses have learned to use processes to hide themselves, so we better back up the computer's process list when the system is normal. Of course, it is best to back up without running any programs when you first enter Windows. You can find the process that may be a virus by comparing the process list.
π¦At the command prompt, enter:
TaskList /fo:csv>g:zc.csv
The function of the above command is to output the current process list to the "zc.csv" file in csv format, g: is the disk you want to save to, you can open the file with Excel.
Second, when you do it yourself, you must be eye-catching-use FC to compare process list files
If you feel that your computer is abnormal, or you know that there is a recent virus, it is necessary to check it.
Enter the command prompt and enter the following commands:
TaskList /fo:csv>g:yc.csv
Generate a list of yc.csv files for the current process, then enter:
FC g: \ zccsv g: \ yc.csy
After you press Enter, you can see the difference between the front and back list files. Through comparison, it is found that the computer has an additional process named "Winion0n.exe" (here, this process is used as an example) that is not "Winionon.exe".
3οΈβ£ When making judgments, keep in mind that the evidence is solid-use Netstat to view open ports
How to judge whether such a suspicious process is a virus? According to the fact that most viruses (especially Trojan horses) will be connected via ports to spread viruses, you can check the port occupancy.
π¦At the command prompt, enter:
Netstat -ano
The meaning of the parameters is as follows:
a: Display all the port information to establish a connection with the host
n: Display the PID code of the open port process
o: Display address and port information in digital format
After you press Enter, you can see all the open ports and external connection processes. Here, a process with a PID of 1756 (this example) is the most suspicious. Its status is "ESTABLISHED". You can know that this process is " Winion0n" through the task manager. ".exe", by checking the network program running on this machine, you can judge that this is an illegal connection!
4οΈβ£The meaning of the connection parameters is as follows:
LISTENINC: indicates that it is in the listening state, that is, the port is open, waiting for connection, but has not been connected, only the service port of the TCP protocol can be in the LISTENINC state.
ESTABLISHED means to establish a connection.
Indicates that the two machines are communicating.
TIME-WAIT means to end the connection.
It means that the port has been accessed once, but the access is over. It is used to judge whether there is an external computer connected to the machine.
5οΈβ£When you start antivirus, you must be cruel-use NTSD to terminate the process
Although I know that "Winion0n.exe" is an illegal process, many virus processes cannot be terminated by the task manager. What should I do?
Enter the following commands at the command prompt:
ntsd βc qp 1756
After you press Enter, you can successfully end the virus process.
Tip: "1756" is the PID value of the process. If you don't know the ID of the process, open the task manager and click "View β Select Columns β Check the PID (process identifier)".
NTSD can forcibly terminate all processes except Sytem, ββSMSS.EXE, CSRSS.EXE.
π¦How to use the system's own command to get manual antivirus
Computer users are most afraid of some viruses. Although various anti-virus software is installed on our computers, they cannot resist the malicious intrusion of viruses. The following editors teach you how to use your own tools to hang the virus yourself. Come take a look#Malwares guide -
It is better to use your own tools to hang up the virus yourself than the installed software. That is to use the system's own command to get the manual antivirus. The specific steps are as follows:
1οΈβ£Before you start, remember to be prepared-use TaskList to back up the system process
2οΈβ£New viruses have learned to use processes to hide themselves, so we better back up the computer's process list when the system is normal. Of course, it is best to back up without running any programs when you first enter Windows. You can find the process that may be a virus by comparing the process list.
π¦At the command prompt, enter:
TaskList /fo:csv>g:zc.csv
The function of the above command is to output the current process list to the "zc.csv" file in csv format, g: is the disk you want to save to, you can open the file with Excel.
Second, when you do it yourself, you must be eye-catching-use FC to compare process list files
If you feel that your computer is abnormal, or you know that there is a recent virus, it is necessary to check it.
Enter the command prompt and enter the following commands:
TaskList /fo:csv>g:yc.csv
Generate a list of yc.csv files for the current process, then enter:
FC g: \ zccsv g: \ yc.csy
After you press Enter, you can see the difference between the front and back list files. Through comparison, it is found that the computer has an additional process named "Winion0n.exe" (here, this process is used as an example) that is not "Winionon.exe".
3οΈβ£ When making judgments, keep in mind that the evidence is solid-use Netstat to view open ports
How to judge whether such a suspicious process is a virus? According to the fact that most viruses (especially Trojan horses) will be connected via ports to spread viruses, you can check the port occupancy.
π¦At the command prompt, enter:
Netstat -ano
The meaning of the parameters is as follows:
a: Display all the port information to establish a connection with the host
n: Display the PID code of the open port process
o: Display address and port information in digital format
After you press Enter, you can see all the open ports and external connection processes. Here, a process with a PID of 1756 (this example) is the most suspicious. Its status is "ESTABLISHED". You can know that this process is " Winion0n" through the task manager. ".exe", by checking the network program running on this machine, you can judge that this is an illegal connection!
4οΈβ£The meaning of the connection parameters is as follows:
LISTENINC: indicates that it is in the listening state, that is, the port is open, waiting for connection, but has not been connected, only the service port of the TCP protocol can be in the LISTENINC state.
ESTABLISHED means to establish a connection.
Indicates that the two machines are communicating.
TIME-WAIT means to end the connection.
It means that the port has been accessed once, but the access is over. It is used to judge whether there is an external computer connected to the machine.
5οΈβ£When you start antivirus, you must be cruel-use NTSD to terminate the process
Although I know that "Winion0n.exe" is an illegal process, many virus processes cannot be terminated by the task manager. What should I do?
Enter the following commands at the command prompt:
ntsd βc qp 1756
After you press Enter, you can successfully end the virus process.
Tip: "1756" is the PID value of the process. If you don't know the ID of the process, open the task manager and click "View β Select Columns β Check the PID (process identifier)".
NTSD can forcibly terminate all processes except Sytem, ββSMSS.EXE, CSRSS.EXE.
6οΈβ£ after determining the virus, we must eliminate the roots-search out the original file of the virus
For the "Winion0n.exe" file that has been judged to be a virus file, search for "all local partitions" and "search system folders and hidden files and folders" to find the file's hiding place and delete it.
However, only the main file of the virus is deleted in this way. By looking at its attributes, it searches again according to its file creation date and size, finds its associates and deletes them.
If you are not sure which files are its relatives, search the Internet for virus information for help.
7οΈβ£ Be sure to clean the battlefield after removing the virus
Although manually repairing the registry deletes the virus files, the virus will leave garbage keys in the registry, and the garbage needs to be removed.
1. Use reg export backup to start automatically.
Since there are many self-starting keys, it is inconvenient to manually search for viruses when they are found.
Here use reg export+batch command to backup.
Start Notepad and enter the following command:
reg export HKLM\software\Microsoft\Windows\
CurrentVersion\Run fo:\hklmrun.reg
reg export HKCU\Software\Microsoft\Windows\
CurrentVersion\Policies\Explorer\Run f:\hklcu.reg
reg export HKLM\SOFTWARE\Microsoft\Windows\
CurrentVersion\Policies\Explorer\Run hklml.reg
Note: Only a few common key values ββββare listed here. For other key values, please refer to the above method.
Then save it as ziqidong.bat and run it at the command prompt, you can back up all the self-starting keys to the corresponding reg file, and then enter:
copy f:\*.reg ziqidong.txt
For the "Winion0n.exe" file that has been judged to be a virus file, search for "all local partitions" and "search system folders and hidden files and folders" to find the file's hiding place and delete it.
However, only the main file of the virus is deleted in this way. By looking at its attributes, it searches again according to its file creation date and size, finds its associates and deletes them.
If you are not sure which files are its relatives, search the Internet for virus information for help.
7οΈβ£ Be sure to clean the battlefield after removing the virus
Although manually repairing the registry deletes the virus files, the virus will leave garbage keys in the registry, and the garbage needs to be removed.
1. Use reg export backup to start automatically.
Since there are many self-starting keys, it is inconvenient to manually search for viruses when they are found.
Here use reg export+batch command to backup.
Start Notepad and enter the following command:
reg export HKLM\software\Microsoft\Windows\
CurrentVersion\Run fo:\hklmrun.reg
reg export HKCU\Software\Microsoft\Windows\
CurrentVersion\Policies\Explorer\Run f:\hklcu.reg
reg export HKLM\SOFTWARE\Microsoft\Windows\
CurrentVersion\Policies\Explorer\Run hklml.reg
Note: Only a few common key values ββββare listed here. For other key values, please refer to the above method.
Then save it as ziqidong.bat and run it at the command prompt, you can back up all the self-starting keys to the corresponding reg file, and then enter:
copy f:\*.reg ziqidong.txt
π¦The role of the command is to output all the backed up reg files to "ziqidong.txt", so that if a virus is found to add a self-starting item, the self-starting value is exported with the last time. Use the FC command introduced above to compare the two txt files before and after, Can quickly find new self-starting items.
1οΈβ£Use reg delete to delete the newly added self-starting key.
For example: through the above method in [HKER_CURRENT_USER\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run], find a "Logon" self-starting item, the startup program is "c:\windows\winlogon.exe", now enter the following command to delete the virus self-starting key value:
reg delete HKLM\software\Microssoft\Windows\
CurrentVersion\Run /f
2οΈβ£ Use reg import to restore the registry.
Reg de-lete delete is the entire RUN key value, now you can use the backup reg file to restore, enter the following command to quickly restore the registry: reg import f:\hklmrun.reg
3οΈβ£The above introduces several system commands for manual antivirus. In fact, as long as these commands are used well, we can basically kill most of the viruses. Of course, we must do backup work normally.
#Tip: The above operations can also be operated manually in the registry editor, but the REG command has the advantage that even if the registry editor is disabled by a virus, you can use the above commands to export/delete/import operations at a faster speed fast!
4οΈβ£bundled wooden mark-FIND
The above introduces the use of system commands to kill and kill general viruses, and the following introduces a "FIND" command to detect bundled Trojans.
It is believed that many networms have encountered bundled wooden knives. These "wolves with sheepskins" are often hiding behind pictures, FLASH, and even music files.
When we opened these files, although what was displayed in the current window was indeed a picture (or playing FLASH), the abominable Trojan was already quietly running in the background.
#Forexample, recently I received a super girl wallpaper from my friends from QQ, but when I opened the picture, I found that the picture had been opened with the "Picture and Fax Viewer", but the hard disk indicator kept flashing.
Obviously, when I open the picture, there are unknown programs running in the background.
Now use the FIND command to check whether the picture is bundled with a Trojan, and type:
FIND /c /I "This program" g:\chaonv.jpe.exe where:
g:\chaonv.jpe.exe indicates the file to be detected
The prompt returned by the FIND command is "___G:CHAONV.EXE: 2", which indicates that "G:, CHAONV.EXE" does indeed bundle other files.
Because of the detection of the FIND command: if it is an EXE file, the return value should be "1" under normal circumstances; if it is an unexecutable file, the return value should be "0" under normal circumstances, and other results should be noted.
π¦Tip: In fact, many bundled Trojans use Windows' default "hide file extensions of known types" to confuse us, such as "chaonv.jpe.exe" in this example, because this file uses the icon of the JPG file, it is fooled.
Open "My Computer", click "Tools β Folder Options", "Click" and "View", remove the check mark in front of "Hide file extensions of known types" to see the true face of "Wolf".
#Summary
Finally, let's summarize the process of manual poisoning:
Use TSKLIST to back up the process list β find the virus through the FC comparison file β use NETSTAT to determine the process β use FIND to terminate the process β search to find the virus and delete it β use the REG command to repair the registry.
In this way, from discovering viruses, deleting viruses, and repairing the registry, have you completed the entire manual virus detection and antivirus process, have you learned? For more exciting tutorials, please pay attention to Script House!
FULL MALWARE GUIDE WRITTEN BY UNDERCODE
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
1οΈβ£Use reg delete to delete the newly added self-starting key.
For example: through the above method in [HKER_CURRENT_USER\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run], find a "Logon" self-starting item, the startup program is "c:\windows\winlogon.exe", now enter the following command to delete the virus self-starting key value:
reg delete HKLM\software\Microssoft\Windows\
CurrentVersion\Run /f
2οΈβ£ Use reg import to restore the registry.
Reg de-lete delete is the entire RUN key value, now you can use the backup reg file to restore, enter the following command to quickly restore the registry: reg import f:\hklmrun.reg
3οΈβ£The above introduces several system commands for manual antivirus. In fact, as long as these commands are used well, we can basically kill most of the viruses. Of course, we must do backup work normally.
#Tip: The above operations can also be operated manually in the registry editor, but the REG command has the advantage that even if the registry editor is disabled by a virus, you can use the above commands to export/delete/import operations at a faster speed fast!
4οΈβ£bundled wooden mark-FIND
The above introduces the use of system commands to kill and kill general viruses, and the following introduces a "FIND" command to detect bundled Trojans.
It is believed that many networms have encountered bundled wooden knives. These "wolves with sheepskins" are often hiding behind pictures, FLASH, and even music files.
When we opened these files, although what was displayed in the current window was indeed a picture (or playing FLASH), the abominable Trojan was already quietly running in the background.
#Forexample, recently I received a super girl wallpaper from my friends from QQ, but when I opened the picture, I found that the picture had been opened with the "Picture and Fax Viewer", but the hard disk indicator kept flashing.
Obviously, when I open the picture, there are unknown programs running in the background.
Now use the FIND command to check whether the picture is bundled with a Trojan, and type:
FIND /c /I "This program" g:\chaonv.jpe.exe where:
g:\chaonv.jpe.exe indicates the file to be detected
The prompt returned by the FIND command is "___G:CHAONV.EXE: 2", which indicates that "G:, CHAONV.EXE" does indeed bundle other files.
Because of the detection of the FIND command: if it is an EXE file, the return value should be "1" under normal circumstances; if it is an unexecutable file, the return value should be "0" under normal circumstances, and other results should be noted.
π¦Tip: In fact, many bundled Trojans use Windows' default "hide file extensions of known types" to confuse us, such as "chaonv.jpe.exe" in this example, because this file uses the icon of the JPG file, it is fooled.
Open "My Computer", click "Tools β Folder Options", "Click" and "View", remove the check mark in front of "Hide file extensions of known types" to see the true face of "Wolf".
#Summary
Finally, let's summarize the process of manual poisoning:
Use TSKLIST to back up the process list β find the virus through the FC comparison file β use NETSTAT to determine the process β use FIND to terminate the process β search to find the virus and delete it β use the REG command to repair the registry.
In this way, from discovering viruses, deleting viruses, and repairing the registry, have you completed the entire manual virus detection and antivirus process, have you learned? For more exciting tutorials, please pay attention to Script House!
FULL MALWARE GUIDE WRITTEN BY UNDERCODE
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
UNDERCODE SECURITY
β β β ο½ππ»βΊπ«Δπ¬πβ β β β π¦A stealthy Python based backdoor that uses Gmail as a command and control server Termux-Linux πΈπ½π
π
π°π»π»πΈπ
π°π
πΈπΎπ½ & π
π
π½ : 1οΈβ£ git clone https://github.com/byt3bl33d3r/gcat.git 2οΈβ£cd gcat 3οΈβ£Once you've deployed the backdoor on a coupleβ¦
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦HACK WIFI VIA LINUX GOOD 2020 SCRIPT :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£sudo apt-get update && apt-get install git
2οΈβ£sudo git clone https://github.com/ankit0183/Wifi-Hacking
3οΈβ£cd Wifi-Hacking/
4οΈβ£sudo python3 Wifi-Hacking.py
π¦FEATURES :
1)Start monitor mode
2)Stop monitor mode
3)Scan Networks
4)Getting Handshake
5)Create wordlist
6)Install Wireless tools
7)WPS Networks attacks
8)Scan for WPS Networks
9)Crack Handshake with rockyou.txt
10)Crack Handshake with wordlist
11)Crack Handshake without wordlist
β git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦HACK WIFI VIA LINUX GOOD 2020 SCRIPT :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£sudo apt-get update && apt-get install git
2οΈβ£sudo git clone https://github.com/ankit0183/Wifi-Hacking
3οΈβ£cd Wifi-Hacking/
4οΈβ£sudo python3 Wifi-Hacking.py
π¦FEATURES :
1)Start monitor mode
2)Stop monitor mode
3)Scan Networks
4)Getting Handshake
5)Create wordlist
6)Install Wireless tools
7)WPS Networks attacks
8)Scan for WPS Networks
9)Crack Handshake with rockyou.txt
10)Crack Handshake with wordlist
11)Crack Handshake without wordlist
β git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - ankit0183/Wifi-Hacking: Cyber Security Tool For Hacking Wireless Connections Using Built-In Kali Tools. Supports All Securitiesβ¦
Cyber Security Tool For Hacking Wireless Connections Using Built-In Kali Tools. Supports All Securities (WEP, WPS, WPA, WPA2/TKIP/IES) - ankit0183/Wifi-Hacking
π¦ GUYS JOIN OUR FACEBOOK GROUPS :
- fb.com/groups/UndercodeTesting (private- no adds )
- fb.com/groups/UndercodeCommunity ( ADDS ALLOWED- YOUTUBE- GOOD LINK- - SELLING NOT ALLOWED E N J O Y )
- fb.com/groups/UndercodeTesting (private- no adds )
- fb.com/groups/UndercodeCommunity ( ADDS ALLOWED- YOUTUBE- GOOD LINK- - SELLING NOT ALLOWED E N J O Y )