Spiga

REMOVING AUTO PLAY OPTION

mynetsecurity

Removing auto play option from hard disk and folder

In the virus infected computer,double clicking the drive doesn't open it but some unwanted task begun,like, showing the property of the drive.This all happen because of the virus and they change the nature of the drive or folder.Also normal antivirus can't detect this.Follow the following steps to correct this defect:

1)In the folder options in Tool menu,Uncheck ‘Hide protected Operating system files’ and click ok.

2)Open drive by right click and explore (don’t double click) and delete the following. autorun.inf and MS32DLL.dll.vbs or MS32DLL.dll (use Shift+ Delete button for delete) Do it in all your drive include floppy drive.

3)Open folder ‘Windows’ (C:\WINDOWS) and delete MS32DLL.dll.vbs or MS32DLL.dll by using Shift + delete button .

4)Open registry by going to Start – Run and type regedit and hit ok and navigate to HKEY_LOCAL_MACHINE – software-Microsoft-Windows –Current Version- Run and delete the entry MS32DLL.

5)Open group policy editor by going to Start – Run and type gpedit.msc and click ok,and Go to User Configuration - Administrative Templates - System. Double Click on the entry ‘Turn Off Autoplay’ from the right pane. Now ‘Turn Off Autoplay Properties’ will display and from the pop up window select ‘Enabled’ and select ‘All drive’ from Turn off Autoplay on an click OK .

6)In the start up tab and uncheck MS32DLL and click ok and close system it with out restart.

7)Empty the recycle bin.

8)Restart the computer.

NEWFOLDER.EXE VIRUS


newfolder.exe virus-get rid of it
New Folder.exe is one of the virus,which can damage your files,computer.This virus disables your taskmanager,registry file,group policy editing,so,it become very difficult to work on the computer.It will create exes like the icon of folders. If this virus is running it will use more than 50 % of your processor and slowdown the computer.This also disables the folder options and hide the hidden files and folder.
How to delete this file
To delete this file download the antivirus ESET NOD32.You can download this from here
http://www.eset.com/download/index.php
Install this antivirus and remove the virus.After that type gpedit in the run window.In the user settings ,disable those features which are not working.Now taskmanager,regedit become to work.But,folder options are still not there.To enable this,go to registry by typing regedit in command prompt,and search for the key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
\Policies\Explorer
You will see:
NofolderOptions      REG_DWORD                   0*00000000(1)

Delete this key or set the value 0.


Now everything is OK.Never click to this folder type file again.

ROT13

ROT13 CODING
Rot13 is a coding method of the alphabet.As its name suggest,rotate the alphabet by thirteen place.


eg.
code: cypher

ab no
unpx hack


ROT13 has been described as the "Usenet equivalent of a magazine printing the answer to a quiz upside down".[1] ROT13 is a variation of the Caesar cipher, developed in ancient Rome.
ROT13 is its own inverse; that is, to undo ROT13, the same algorithm is applied, so the same action can be used for encoding and decoding. The algorithm provides no real cryptographic security and is not normally used for such. It is often cited as a canonical example of weak encryption. ROT13 has inspired a variety of letter and word games on-line, and is frequently mentioned in newsgroup conversations. Applying ROT13 to a piece of text merely requires examining its alphabetic characters and replacing each one by the letter 13 places further along in the alphabet, wrapping back to the beginning if necessary.[2] A becomes N, B becomes O, and so on up to M, which becomes Z, then the sequence reverses: N becomes A, O becomes B, and so on to Z, which becomes M. Only those letters which occur in the English alphabet are affected; numbers, symbols, whitespace, and all other characters are left unchanged. Because there are 26 letters in the English alphabet and 26 = 2 × 13, the ROT13 function is its own inverse:[2]
ROT13(ROT13(x)) = ROT26(x) = x for any text x. In other words, two successive applications of ROT13 restore the original text (in mathematics, this is sometimes called an involution; in cryptography, a reciprocal cipher).

DECODE .EXE FILE

mynetsecurity

VIEW .EXE CODE
First of all,let's understand what the exe file is.EXE is the common filename extension for denoting an executable file (a program) in the OpenVMS, DOS, Microsoft Windows, ReactOS, and OS/2 operating systems. Besides the executable program itself, many EXE files contain other components called resources, such as bitmaps and icons which the executable program may use for its graphical user interface.The DOS executable file format differs from the COM executable, which is limited to slightly less than 64 KB in size and since it lacks relocation information, can only contain one code segment. The DOS executable header contains such relocation information, which allows multiple segments to be loaded at arbitrary memory addresses, and support executables larger than 64 KB.

Decoding
When the EXE file is compiled,all the information about classes, variables,filenames etc. is lost .Compiling and Linking convert the codes into machine level language.So it is very difficult to get back the complete source code.However,using the Reverse Engineering tehnique we can get some information in the form of machine language.Also we can use the decoder software to do the task.Decoder like


1)disassem.exe

2)PE Explorer



can be used for this purpose. Disassem.exe is a fully functional win32program dissassembler.This software supports the portable executable file.
If you have the more knowledge,kindly send me the post,as I dont know much about this.

NESSUS

mynetsecurity.blogspot.comNessus Vulnerability Scanner
Nessus is one of the best scanner hacking/security tool.Nessus is the world-leader in active scanners, featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks.When Nessus is managed with Tenable's Security Center, an enterprise can perform full life-cycle vulnerability and configuration management. Organizations can communicate recommendations to the responsible parties, track remediations, and verify security patches and required configurations.
Some feature of Nessus:
1.Cost:Nessus is the best free network vulnerability scanner available, and the best to run on UNIX at any price. It is constantly updated, with more than 11,000 plugins for the free (but registration and EULA-acceptance required) feed.
2.Linux Platform:Key features include remote and local (authenticated) security checks, a client/server architecture with a GTK .
3.Graphical interface, and an embedded scripting language for writing your own plugins or understanding the existing ones. Nessus 3 is now closed source, but is still free-of-cost unless you want the very newest plugins.
How Nessus uses Nmap

Nessus is optimized to work with what we call "plugins". Plugins are implemented in such a way that it does not cost anything memory-wise to launch them -- the NASL interpreter is optimized in such a way that launching a plugin only uses several kilobytes. The operating system is not involved when a plugin is created, which makes the process execution fast and painless.However, since Nmap is an external application, Nessus calls it by launching a special plugin which actually executes the nmap binary, which is a costly operation. To make things worse, in the Nessus architecture each plugin is in charge of ONE host. This means that if you have configured Nessus to scan forty hosts at the time, then there will be forty instances of Nmap running in memory.If you are familiar with Nmap and want to use it for your scan, then run it from the command-line first, and save the results in 'greppable' output:

# nmap -n -sS -p1-65535 -oG nmap-results.txt 127.0.0.1/16

You can then import the results in Nessus directly (in the plugins preferences -> Nmap NASL Wrapper -> File containing Nmap results). This will prevent Nessus from re-scanning your network. You will need the nmap.nasl plugin.

To use Nmap from within Nessus:
Download and copy nmap.nasl to your plugins directory: # cp nmap.nasl /opt/nessus/lib/nessus/plugins/
Restart nessusd: # killall nessusd
# /opt/nessus/sbin/nessusd -D
Next time you connect to Nessus, your client should display a new port scanner (Nmap NASL Wrapper). If not, then it probably means that nmap is not in your $PATH when you are starting nessusd.


You can Download NESSUS By clicking here