How to disable Autorun for drives

Follow this procedure . . .
Goto Start > Run > “gpedit.msc”
Goto UserConfiguration > AdministrativeTemplates > Syatem
Select TurnOffAutoplay > Properties > Enabled > AllDrives

Windows File Protection “SFC /SCANNOW”

If your Windows files are corrupted/infected by any virus, the best way to restore them is by using Windows File Protection.
Open Start>Run>”cmd”>”sfc /scannow”
The windows file protection will start running.
It scans all protected system files and replaces incorrect versions with correct Microsoft versions.
It will ask you to insert your WindowsXP cd to replace the files.

* You can customize the drive for cd. Open Regedit and goto “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup”. Change “SourcePath” and “ServicePackSourcePath” to your drive letter.

Best way to kill SOUNDMIX.EXE

Its very difficult to kill the virus process Soundmix.exe
i found out that this process looks for the presence of a file named “C:\stop.txt”
Generally when you try to kill the virus process, it comes again and again.
Now, create a simple notepad in c:\ and rename it to “stop.txt”
And now, try killing the sounmix.exe
Hola! the process stops…
probably the virus developer used this in testing, but forgot to remove this..

Online Troubleshooting

Hello people,
i am going to start a new service :
Online Troubleshooting via Remote Access
Get your viruses removed, speed up your system, get all problem fixed.

This service will be available free of cost till April 28, 2009 (as an introductory service).

Currently Supporting:
Windows XP

Visit http://piyushlabs.wordpress.com/online-troubleshooting/
for more details.

Auto-status for BorgChat : BorgStatus

Borg Chat [link]  is one of the best chatting software on LAN network.

I have made a small tool for auto-status for Borg Chat.
It simply works with the help of commands “/?” that can be used from the main tab.
Programmed in AutoIt.
BorgStatus
+ Changes status to “away” or “available”
You just need to set your screensaver setting. Activate screensaver, say 5 mins, when the screen saver starts (which means you are not available), this tool will automatically set your BorgChat status to “away”.
When you resume working, screensaver stops, it will set the status to “available”.

+ Dota , CounterStrike
When you play warcraft or cs, this tool will automatically set your status to “busy”.

+ Working
No window. Just works from the tray icon.
No customizations provided.
If you need a customized (paid version) BorgStatus software or want me to make some software for your need, then mail me piyushlabs[at]gmail[dot]com

+ Cost
This trial version , free of cost

Download
http://piyushlabs.googlepages.com/BorgStatus.exe

Hunt and Delete Virus Files

This small utility is a continuation of HealPenDrive.
I have added a few more options.
The best one is: This will help you to delete , what i call, “pattern files”.
Like a virus exe file inside every folder with the name of parent folder name
Eg: ..\songs\songs.exe
One more option is to hunt n delete files based on its size.

Its completely a “batch” file.
I went throgh various samples of batch file over net and learnt to code such programs. Its nice
So you can open and check its contents.

*Many of you have complained about HealPenDrive to be detected as virus. The thing is, that software is built by AutoIt software, which cannot (as far as i know) be run in exe debuggers to know its exact working. Most of AutoIt files are being put up suspicious by antiviruses there have been many viruses found built on AutoIt.

Link to download:
HuntAndDelete.zip

After 6 month

Hmm… after 6 months of silence. i’m back in this new year…

Sorry, i wont be able to reply to u all. So many comments. My God!
Just TRY to fix the problem it yourself…
C’mon you can do it.

Its semester break and i’m chilling out at my home. (its 6 degree C, i miss Bangalore’s warm climate)…
I learnt a bit of DOS BATCH file programming… its nice
I’ve a new year present for you. I’ll post tomo.

I Got Placed

Hmm…

after some unsuccessful attempts at the companies at my campus…

i finally got placed in Wipro…

<phope i’ll climb up the stairs rapidly

: )

three nasty viruses in wild

First one=SVCHOST.EXE

It looks like Word File, (ref: my previous post).
The file name is *.scr , (ie screen saver file)
It hides your original word document and instead there a *.scr file is created which is of the same name of the word file.
For ex, you create a document Hello.doc and after you write on it and save it, the Hello.doc gets system hidden, and a file named Hello.scr is created which is having the same word icon.
In the administrator account, it makes such a change in registry that you will never be able to login to your account. When you click on your login name it logs in and suddenly logs out.
So, whenever opening word file, right click and check the options.
For virus file, it will be: open,run,run as,test,configure,etc
Once if you get the virus in limited user , never login to your admin. or else , as i said, it makes such a change in registry that you will nerver be able to login again.

Second=spoolsv.exe

the virus writer has done a quite much research on autorun property.
when you insert your pen drive, (if autorun is ON) , it asks for what to do, eg,
open using windows explorer, open using WMP, open using Nero, view photos using some s/w, etc.
but if it has this virus, it will say
“open using software provided on this device”
So, be careful.

After the virus is installed, i found no separte virus process, probably it injects some dlls
I am unable to find the solution yet.
its challenging… hmm…

Third=SHAHROKH.EXE

how come anyone misspell shahrukh khan. its so sad. : )
it creates AUTORUNS.EXE, and EXPLORER.EXE files.
the EXPLORER.EXE file is placed inside c:\windows\system32\ folder.
so, whenevre the comp starts , it doesnt load the genuine window’s EXPLORER.EXE but it runs the virus EXPLORER.EXE program.
This happens because in the “path” system32 directory has higher preference than windows directory…
now i think, y doesnt the windows’s EXPLORER.EXE is not placed in system32 folder.

My semester exams this month, so m going to hibernate, gud bye guys… be in touch.

Heal Antivirus Updated to 1.31

Now my antivirus scans for “Autorun.inf” file also.

(Most of the malwares use auorun.inf file’s properties to automaticallly install the virus whenever u double click the pendrive)
When u connect a pendrive with autorun.inf file, it automatically deletes that file and reports to the user. So u can freely double click your pen drives again.

It also fixes the double click problem on all drives, coz of existence of this “autorun.inf” file.

Scans all fixed and removable drives.

The option menu> checking and unchecking of Autorun.inf Guard is not working. i’ll soon fix that…

In the RegGuard,  i’ve also included the fix for registries for “scrfile” used by new SVCHOST, “Word-iconed” virus.

I started creating and came up with this all these versions software during nite before exam… my brain works faster during exams..  he he

Oh.. gotta study for tomo… cya guys…