There are indeed many types of disk drive viruses. At present, more than 100 different forms have been mutated, which has led to the inability of system management tools to run.

🦑Main transmission routes :

The biggest threat of this kind of virus is actually to unpack the RAR file, and through the uncompressed file infection, we store the EXE in the device and then continue to spread

🦑Ways to eliminate disk machine virus

>Try not to visit unfamiliar and malicious websites, and find out the reason when you find that the security software in the computer is not available.

> If you are in a host computer with a large number of LANs, you can use the APP protection function in the computer, for example, turn on-Tencent Computer Manager-Toolbox-APP firewall- or malwarebytes

tradition ways

> just be aware from malwares in disk drive

THIS TUTORIALS WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to use the system's own command to get manual antivirus

Computer users are most afraid of some viruses. Although various anti-virus software is installed on our computers, they cannot resist the malicious intrusion of viruses. The following editors teach you how to use your own tools to hang the virus yourself. Come take a look

#Malwares guide -

It is better to use your own tools to hang up the virus yourself than the installed software. That is to use the system's own command to get the manual antivirus. The specific steps are as follows:

1️⃣Before you start, remember to be prepared-use TaskList to back up the system process

2️⃣New viruses have learned to use processes to hide themselves, so we better back up the computer's process list when the system is normal. Of course, it is best to back up without running any programs when you first enter Windows. You can find the process that may be a virus by comparing the process list.

🦑At the command prompt, enter:

TaskList /fo:csv>g:zc.csv

The function of the above command is to output the current process list to the "zc.csv" file in csv format, g: is the disk you want to save to, you can open the file with Excel.

Second, when you do it yourself, you must be eye-catching-use FC to compare process list files

If you feel that your computer is abnormal, or you know that there is a recent virus, it is necessary to check it.

Enter the command prompt and enter the following commands:

TaskList /fo:csv>g:yc.csv

Generate a list of yc.csv files for the current process, then enter:

FC g: \ zccsv g: \ yc.csy

After you press Enter, you can see the difference between the front and back list files. Through comparison, it is found that the computer has an additional process named "Winion0n.exe" (here, this process is used as an example) that is not "Winionon.exe".

3️⃣ When making judgments, keep in mind that the evidence is solid-use Netstat to view open ports

How to judge whether such a suspicious process is a virus? According to the fact that most viruses (especially Trojan horses) will be connected via ports to spread viruses, you can check the port occupancy.

🦑At the command prompt, enter:

Netstat -ano

The meaning of the parameters is as follows:

a: Display all the port information to establish a connection with the host

n: Display the PID code of the open port process

o: Display address and port information in digital format

After you press Enter, you can see all the open ports and external connection processes. Here, a process with a PID of 1756 (this example) is the most suspicious. Its status is "ESTABLISHED". You can know that this process is " Winion0n" through the task manager. ".exe", by checking the network program running on this machine, you can judge that this is an illegal connection!

4️⃣The meaning of the connection parameters is as follows:

LISTENINC: indicates that it is in the listening state, that is, the port is open, waiting for connection, but has not been connected, only the service port of the TCP protocol can be in the LISTENINC state.

ESTABLISHED means to establish a connection.

Indicates that the two machines are communicating.

TIME-WAIT means to end the connection.

It means that the port has been accessed once, but the access is over. It is used to judge whether there is an external computer connected to the machine.

5️⃣When you start antivirus, you must be cruel-use NTSD to terminate the process

Although I know that "Winion0n.exe" is an illegal process, many virus processes cannot be terminated by the task manager. What should I do?

Enter the following commands at the command prompt:

ntsd –c qp 1756

After you press Enter, you can successfully end the virus process.

Tip: "1756" is the PID value of the process. If you don't know the ID of the process, open the task manager and click "View → Select Columns → Check the PID (process identifier)".

NTSD can forcibly terminate all processes except Sytem, ​​SMSS.EXE, CSRSS.EXE.

6️⃣ after determining the virus, we must eliminate the roots-search out the original file of the virus

For the "Winion0n.exe" file that has been judged to be a virus file, search for "all local partitions" and "search system folders and hidden files and folders" to find the file's hiding place and delete it.

However, only the main file of the virus is deleted in this way. By looking at its attributes, it searches again according to its file creation date and size, finds its associates and deletes them.

If you are not sure which files are its relatives, search the Internet for virus information for help.

7️⃣ Be sure to clean the battlefield after removing the virus

Although manually repairing the registry deletes the virus files, the virus will leave garbage keys in the registry, and the garbage needs to be removed.

1. Use reg export backup to start automatically.

Since there are many self-starting keys, it is inconvenient to manually search for viruses when they are found.

Here use reg export+batch command to backup.

Start Notepad and enter the following command:

reg export HKLM\software\Microsoft\Windows\

CurrentVersion\Run fo:\hklmrun.reg

reg export HKCU\Software\Microsoft\Windows\

CurrentVersion\Policies\Explorer\Run f:\hklcu.reg

reg export HKLM\SOFTWARE\Microsoft\Windows\

CurrentVersion\Policies\Explorer\Run hklml.reg

Note: Only a few common key values ​​​​are listed here. For other key values, please refer to the above method.

Then save it as ziqidong.bat and run it at the command prompt, you can back up all the self-starting keys to the corresponding reg file, and then enter:

copy f:\*.reg ziqidong.txt

🦑The role of the command is to output all the backed up reg files to "ziqidong.txt", so that if a virus is found to add a self-starting item, the self-starting value is exported with the last time. Use the FC command introduced above to compare the two txt files before and after, Can quickly find new self-starting items.

1️⃣Use reg delete to delete the newly added self-starting key.

For example: through the above method in [HKER_CURRENT_USER\SOFTWARE\Microsoft\

Windows\CurrentVersion\Run], find a "Logon" self-starting item, the startup program is "c:\windows\winlogon.exe", now enter the following command to delete the virus self-starting key value:

reg delete HKLM\software\Microssoft\Windows\

CurrentVersion\Run /f

2️⃣ Use reg import to restore the registry.

Reg de-lete delete is the entire RUN key value, now you can use the backup reg file to restore, enter the following command to quickly restore the registry: reg import f:\hklmrun.reg

3️⃣The above introduces several system commands for manual antivirus. In fact, as long as these commands are used well, we can basically kill most of the viruses. Of course, we must do backup work normally.

#Tip: The above operations can also be operated manually in the registry editor, but the REG command has the advantage that even if the registry editor is disabled by a virus, you can use the above commands to export/delete/import operations at a faster speed fast!

4️⃣bundled wooden mark-FIND

The above introduces the use of system commands to kill and kill general viruses, and the following introduces a "FIND" command to detect bundled Trojans.

It is believed that many networms have encountered bundled wooden knives. These "wolves with sheepskins" are often hiding behind pictures, FLASH, and even music files.

When we opened these files, although what was displayed in the current window was indeed a picture (or playing FLASH), the abominable Trojan was already quietly running in the background.

#Forexample, recently I received a super girl wallpaper from my friends from QQ, but when I opened the picture, I found that the picture had been opened with the "Picture and Fax Viewer", but the hard disk indicator kept flashing.

Obviously, when I open the picture, there are unknown programs running in the background.

Now use the FIND command to check whether the picture is bundled with a Trojan, and type:

FIND /c /I "This program" g:\chaonv.jpe.exe where:

g:\chaonv.jpe.exe indicates the file to be detected

The prompt returned by the FIND command is "___G:CHAONV.EXE: 2", which indicates that "G:, CHAONV.EXE" does indeed bundle other files.

Because of the detection of the FIND command: if it is an EXE file, the return value should be "1" under normal circumstances; if it is an unexecutable file, the return value should be "0" under normal circumstances, and other results should be noted.

🦑Tip: In fact, many bundled Trojans use Windows' default "hide file extensions of known types" to confuse us, such as "chaonv.jpe.exe" in this example, because this file uses the icon of the JPG file, it is fooled.

Open "My Computer", click "Tools → Folder Options", "Click" and "View", remove the check mark in front of "Hide file extensions of known types" to see the true face of "Wolf".

#Summary

Finally, let's summarize the process of manual poisoning:

Use TSKLIST to back up the process list → find the virus through the FC comparison file → use NETSTAT to determine the process → use FIND to terminate the process → search to find the virus and delete it → use the REG command to repair the registry.

In this way, from discovering viruses, deleting viruses, and repairing the registry, have you completed the entire manual virus detection and antivirus process, have you learned? For more exciting tutorials, please pay attention to Script House!


FULL MALWARE GUIDE WRITTEN BY UNDERCODE

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

MALWARE & DRIVES MALWARE GUIDES BY UNDERCODE

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑HACK WIFI VIA LINUX GOOD 2020 SCRIPT :

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :


1️⃣sudo apt-get update && apt-get install git

2️⃣sudo git clone https://github.com/ankit0183/Wifi-Hacking

3️⃣cd Wifi-Hacking/

4️⃣sudo python3 Wifi-Hacking.py

🦑FEATURES :

1)Start monitor mode

2)Stop monitor mode

3)Scan Networks

4)Getting Handshake

5)Create wordlist

6)Install Wireless tools

7)WPS Networks attacks

8)Scan for WPS Networks

9)Crack Handshake with rockyou.txt

10)Crack Handshake with wordlist

11)Crack Handshake without wordlist

✅git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 GUYS JOIN OUR FACEBOOK GROUPS :

- fb.com/groups/UndercodeTesting (private- no adds )

- fb.com/groups/UndercodeCommunity ( ADDS ALLOWED- YOUTUBE- GOOD LINK- - SELLING NOT ALLOWED E N J O Y )

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to get NordVPN for free- from NORDVPN.COM OFFICIAL
There are two ways to access some form of NordVPN for free or at a too-good-to-be-true discount, and both are a bad deal:

1️⃣#NordVPN crack
If you’re here, chances are you’ve been looking for a NordVPN crack. Well, before you go ahead and download it, check out what our security analysts found inside some of these “cracked” copies of NordVPN:

1) Root access viruses/malware: Reputable websites don’t host stolen, cracked copies of NordVPN or other software if they can help it. Instead, you’ll be downloading a file from some anonymous mirror or server, or from a link someone gave you on a forum. This is the perfect way to deliver a virus.
Once you’re downloading a file from random online sources, there’s very little that’ll help you (click here to learn about different hacking methods). Even antivirus software can’t identify 100% of viruses (especially if the hacker wrote their own unique virus). If antiviruses recognize the threat, you may be reassured by the file hoster: “It’s just a false positive because of how the crack works, don’t worry, it’s not a virus.” Sure. You know what they say – there’s a sucker born every minute! Malware can be very damaging to your system – click here to find out about the different types.

2) Adware: If you’re lucky, you’ll download some adware instead of a virus. Instead of stealing your identity, they’ll simply fill your computer with ads. Some adware injects ads into your browser and every site you visit, while other adware programs can inject ads into your entire device. Imagine getting annoying pop-ups on your desktop! These types of programs also usually slow down your computer.

3) Random software: This find was actually a puzzling one for our security analysts. They found some cracked NordVPN downloads that sent them clean versions of other programs when they were downloaded. One NordVPN crack download actually sent them Adobe Flash Player

2️⃣Stolen NordVPN accounts for sale

That’s what you’re buying – but what’s the problem?

1) You don’t know how long the account will work. You aren’t forming a new subscription, you’re simply intruding upon someone else’s already-active subscription. If you paid the hacker for a 3-year subscription and find that there are only 2 years and 3 months left, tough luck – the hacker already has your money. Go ahead and ask for a refund. We’ll wait.

2) You can lose the account at any time. When you pay for the account, all you get are its current username and password. Most vendors will warn you that you shouldn’t change these. That’s because if you do, you’ll also make it impossible for the actual owner to connect. They will then be able to restore access to their account by contacting customer support, changing their password and rendering your purchase useless. You are completely at their mercy. The account is yours to use only as long as the real owner doesn’t change the password.

3) You won’t be able to use as many devices on it. Each NordVPN account supports up to six devices, but things can get crowded when there’s more than one user on an account.

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑HACK GMAIL/INSTAGRAM BRUTEFORCE
> PHISHING ALSO IN ONE TOOL :

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣git clone https://github.com/xHak9x/Hak9Tools.git

2️⃣cd Hak9Tools

3️⃣chmod +x hak9tools.sh

4️⃣./hak9tools.sh

5️⃣CHOOSE OPTIONS VIA NUMBERS EASY AND SIMPLE

🦑SUPPORT :

Kali Linux
Cyborg
Parrot
BackTrack
Backbox

✅Git POPULAR sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Stone River eLearning - Common PHP Errors You Will Encounter —165 MB—New

https://www.oreilly.com/library/view/common-php-errors/100000006A0493/

https://mega.nz/#F!398GSSrB!v-W8sDYajQ85QS2ZQvKiuQ

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑from few days Multi-stage APT attack uses C2 function to reduce Cobalt Strike
#UndercodeNews

1️⃣Multi-stage APT attack uses C2 function to reduce Cobalt Strike

2️⃣On June 10, we found a malicious Word document disguised as a resume, which used template injection to delete a Net Loader. This is a part of what we think is an APT attack. In the final stage, the threat actor uses Cobalt Strike's C2 feature to download the final payload and perform C2 communication.

3️⃣The attack was particularly smart because of its evasion skills. As we observe, there is an intentional delay in executing the payload from the malicious Word macro. In addition, by hiding the shell code in a harmless JavaScript and loading it without touching the disk, APT can further prevent security detection.

@UndercodeNews
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑from few days Multi-stage APT attack uses C2 function to reduce Cobalt Strike
#UndercodeNews

1️⃣Multi-stage APT attack uses C2 function to reduce Cobalt Strike

2️⃣On June 10, we found a malicious Word document disguised as a resume, which used template injection to delete a Net Loader. This is a part of what we think is an APT attack. In the final stage, the threat actor uses Cobalt Strike's C2 feature to download the final payload and perform C2 communication.

3️⃣The attack was particularly smart because of its evasion skills. As we observe, there is an intentional delay in executing the payload from the malicious Word macro. In addition, by hiding the shell code in a harmless JavaScript and loading it without touching the disk, APT can further prevent security detection.

@UndercodeNews
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Cloud Security 2020 Topic Resources :

* [Cloud Security Resources from AWS](https://aws.amazon.com/security/security-resources)

* [Penetration Testing in Microsoft Azure](https://docs.microsoft.com/en-us/azure/security/azure-security-pen-testing)

* [Penetration Testing in AWS](https://aws.amazon.com/security/penetration-testing)

* [Penetration Testing in Google Cloud Platform](https://cloud.google.com/security/overview)

* [Google Cloud Security Center](https://cloud.google.com/security)

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁