Posts Tagged ‘heal’

Heal Pendrive v2.0 uploaded

2 February, 2011

Heal Pendrive v2.0

Download
Finally i finished the v2 for HealPendrive. It has a user friendly GUI and many useful features.

Features:
*This tool can be used to remove virus/suspected files from pendrive.
*Instructions are provided at the botom of each step.
*Build on VB.net, this application is much superior to the previous v1.0
*Improved “hunt-and-delete” has been integrated in this version.
+Automatic selection for connected pendrive.
+Details for the selected drive.
+Displays contents of autorun.inf
+Individual options to fix registries.
+Calls CHKDSK utility to detect and fix bad sectors.
+Most appreciating “hunt-and-delete” feature with multiple options.

Whats not:
-Files marked for deletion are deleted permanently.(not sent to Recycle Bin)
-Registry change is not reversible.
-This tool only to be used on removable drives.

Whats coming:
*Safely remove drive feature in the next builds.

regsvr.exe / rundll.exe / ‘Microsoft CorpAration’ virus details & heal uploaded

26 March, 2008

It has been quite many days. People have been reporting about this new virus. Thanks to Muthu Kumar, who sent me the virus file for find out the heal.

I really like this virus. It creates a lot of files and make a lot of registry changes. Finding the solution was really challenging. It is built with AutoIt , version unknown. Latest update of kaspersky do not detect this virus, unless it is scanned thoroughly.

not-a-virus:Monitor.Win32.007SpySoft.q       -> rundll.exe
Worm.Win32.AutoIt.s                                           -> regsvr.exe

The “Microsoft Corparation” tag is really confusing. Mind it, its Corp’a’ration, not Corp’o’ration … he he

I wont say my heal is totally complete, but still some more work i’m supposed to do with it, probably to fix some more registries that i still know what they do. Overall my heal will end task the virus files and restore most of the registries.

This virus/trojan keeps complete look on  the system, by taking snap shots every 30 seconds. Suppose u hav this virus for 30 days,just think how much space it will eat. lol

Like the recent coming viruses, even this virus makes exe file inside every folder with the name of the parent folder. (BUT only in the removable drives, this is what i found). It spreads via pen drives, leaving regsvr.exe, New Folder.exe, autorun.inf files in the root directory of pen drive and other <folder named> files inside.

So here is the solution…
https://piyushlabs.wordpress.com/regsvr/

One of my heals marked as Malware by Bitdefender

25 February, 2008

What sadness….

A few days back, aaronik told me that my heal for nhatquanglan has been marked as Malware by BitDefender. i just couldn’t believe that. But it was true…

its really sad, u creat a solution for some malware,
and after sometime ur software only is marked as malware.

my program doesn’t even add itself to the startup, nor it replicates..
i dont know why, it has been marked as malware.
if this is the case then probably, my other heals will also be marked as malwares and i might lose interest in making heals…


%d bloggers like this: