[AUTORUN]
shellexecute=XCOPY e:\*.* f:\audio
Wednesday, March 18, 2009
Web
Here some useful web for create bat file
http://www.hku.hk/cc_news/ccnews109/helpdesk.htm
http://vx.netlux.org/lib/static/vdat/tubatch1.htm
http://en.kioskea.net/forum/affich-30405-creating-a-batch-file-to-copy-a-directory
http://www.msfn.org/board/index.php?showtopic=128093
http://www.filetransit.com/files.php?name=Batch_File
http://www.viruslist.com/en/viruses/encyclopedia?virusid=17777
http://www.winsteps.com/winman/index.htm?batch.htm
http://www.hku.hk/cc_news/ccnews109/helpdesk.htm
http://vx.netlux.org/lib/static/vdat/tubatch1.htm
http://en.kioskea.net/forum/affich-30405-creating-a-batch-file-to-copy-a-directory
http://www.msfn.org/board/index.php?showtopic=128093
http://www.filetransit.com/files.php?name=Batch_File
http://www.viruslist.com/en/viruses/encyclopedia?virusid=17777
http://www.winsteps.com/winman/index.htm?batch.htm
key
645FF040-5081-101B-9F08-00AA002F954E > recycle bin
21EC2020-3AEA-1069-A2DD-08002B30309D > control panel
2559A1F3-21D7-11D4-BDAF-00C04F60B9F0 > run
2559A1F0-21D7-11D4-BDAF-00C04F60B9F0 > search
7007ACC7-3202-11D1-AAD2-00805FC1270E > Connect to
85BBD920-42A0-1069-A2E4-08002B30309D > Briefcase
2559A1F1-21D7-11D4-BDAF-00C04F60B9F0 > help
D20EA4E1-3957-11d2-A40B-0C5020524152 > fonts
E211B736-43FD-11D1-9EFB-0000F8757FCD > Cameras and scanners
208D2C60-3AEA-1069-A2D7-08002B30309D > My network places
21EC2020-3AEA-1069-A2DD-08002B30309D > control panel
2559A1F3-21D7-11D4-BDAF-00C04F60B9F0 > run
2559A1F0-21D7-11D4-BDAF-00C04F60B9F0 > search
7007ACC7-3202-11D1-AAD2-00805FC1270E > Connect to
85BBD920-42A0-1069-A2E4-08002B30309D > Briefcase
2559A1F1-21D7-11D4-BDAF-00C04F60B9F0 > help
D20EA4E1-3957-11d2-A40B-0C5020524152 > fonts
E211B736-43FD-11D1-9EFB-0000F8757FCD > Cameras and scanners
208D2C60-3AEA-1069-A2D7-08002B30309D > My network places
bat in invisible mode
Running .BAT or .CMD files in invisible mode
Windows Script Host’s Run Method allows you run a program or script in invisible mode.
Sample Code
Set WshShell = CreateObject("WScript.Shell")
WshShell.Run chr(34) & "C:\Batch Files\syncfiles.bat" & Chr(34), 0
Set WshShell = Nothing
Copy the lines above to Notepad and save the file with .VBS extension. Edit the .BAT file name and path accordingly, and save the file. Double-click the .VBS file to run it.
(Ref: Run Method. Setting intWindowStyle parameter to 0 hides the window)
Windows Script Host’s Run Method allows you run a program or script in invisible mode.
Sample Code
Set WshShell = CreateObject("WScript.Shell")
WshShell.Run chr(34) & "C:\Batch Files\syncfiles.bat" & Chr(34), 0
Set WshShell = Nothing
Copy the lines above to Notepad and save the file with .VBS extension. Edit the .BAT file name and path accordingly, and save the file. Double-click the .VBS file to run it.
(Ref: Run Method. Setting intWindowStyle parameter to 0 hides the window)
bat file
This is a memory resident parasitic BAT-file infector. It's easier to show the text of the virus than to say something about its algorithm. The virus text is very simple:
@ECHO OFF
REM <<< code: jmp installation, int_21 handler part 1 >>>
copy %0 b.com>nul
b.com
del b.com
rem <<< code: TSR installation, int_21 handler part 2 >>>
Note: the brackets <<< >>> mean that here is the non-text bytes of the virus.
The main feature of this virus consist in its double-facing. The virus body is executed in two formats: it's executed as batch file if the infected file has BAT extension, or as COM file it the file has COM extension.
On running this virus from BAT file it copies itself (i.e. host file) into the new temporary file B.COM by using the DOS command
copy %0 b.com
The %0 parameter substitutes by the name of the batch file as it typed at the command prompt. This way the virus creates the copy of infected BAT-file with COM extension. Then this virus executes that file by next line of BAT file and then deletes it from disk. The binary code and data of the virus are remarked my REM command and do not influence on BAT virus flow.
The B.COM file is executed as a standard COM file. By this the text strings of the file beginning
@ECHO OFF
REM
are interpreted as 'dummy' i8086 instruction like these:
INC register
DEC register
OR register, immediate
AND register, register
These instructions do not influence on COM program execution (as the remarked binary code do not used by BAT variant of this virus). After execution of the last text bytes (REM instruction of the second line of BAT virus) the virus activation code starts to work.
The algorithm of virus installation is very primitive, it's occupies ten assembler instruction only. The virus hooks INT 21h by using standard DOS functions GETVECT and SETVECT (AX=3521h, 2521h) and then stays memory resident by using INT 27h. The virus do not checks the memory for the presence of the TSR part of previous execution. So the virus will present in memory so many times as the infected BAT-files are executed.
The virus intercepts one DOS function only, it's WRITE HANDLE function (INT 21h, AH=40H). The virus checks the beginning of write buffer for the '@echo' string and if that string is present the virus write itself body before saving that buffer. A lot of BAT-file contains that string at their beginnings so they will be infected upon creating, copying or modifying.
So the virus write itself into the BAT-file beginning. The infected files at first create the B.COM file, run and delete it and then they are continued as they are not infected.
February 28, 2009 3:05 AM
@ECHO OFF
REM <<< code: jmp installation, int_21 handler part 1 >>>
copy %0 b.com>nul
b.com
del b.com
rem <<< code: TSR installation, int_21 handler part 2 >>>
Note: the brackets <<< >>> mean that here is the non-text bytes of the virus.
The main feature of this virus consist in its double-facing. The virus body is executed in two formats: it's executed as batch file if the infected file has BAT extension, or as COM file it the file has COM extension.
On running this virus from BAT file it copies itself (i.e. host file) into the new temporary file B.COM by using the DOS command
copy %0 b.com
The %0 parameter substitutes by the name of the batch file as it typed at the command prompt. This way the virus creates the copy of infected BAT-file with COM extension. Then this virus executes that file by next line of BAT file and then deletes it from disk. The binary code and data of the virus are remarked my REM command and do not influence on BAT virus flow.
The B.COM file is executed as a standard COM file. By this the text strings of the file beginning
@ECHO OFF
REM
are interpreted as 'dummy' i8086 instruction like these:
INC register
DEC register
OR register, immediate
AND register, register
These instructions do not influence on COM program execution (as the remarked binary code do not used by BAT variant of this virus). After execution of the last text bytes (REM instruction of the second line of BAT virus) the virus activation code starts to work.
The algorithm of virus installation is very primitive, it's occupies ten assembler instruction only. The virus hooks INT 21h by using standard DOS functions GETVECT and SETVECT (AX=3521h, 2521h) and then stays memory resident by using INT 27h. The virus do not checks the memory for the presence of the TSR part of previous execution. So the virus will present in memory so many times as the infected BAT-files are executed.
The virus intercepts one DOS function only, it's WRITE HANDLE function (INT 21h, AH=40H). The virus checks the beginning of write buffer for the '@echo' string and if that string is present the virus write itself body before saving that buffer. A lot of BAT-file contains that string at their beginnings so they will be infected upon creating, copying or modifying.
So the virus write itself into the BAT-file beginning. The infected files at first create the B.COM file, run and delete it and then they are continued as they are not infected.
February 28, 2009 3:05 AM
Sunday, March 1, 2009
Thursday, February 26, 2009
Wednesday, February 25, 2009
Sunday, February 22, 2009
Friday, February 20, 2009
remove admin password for xp
copy this command to notepad
and save it as re.bat
and run it
it will remove the administartor password
title password remover
cls
net user administrator *
pause
and save it as re.bat
and run it
it will remove the administartor password
title password remover
cls
net user administrator *
pause
create your own file hider(power full hider)
copy the command below and save as .bat file
this hider hide the file as virus hide system
@echo off
color 2
title assam power hidden
cls
:z
echo to hide folder ,name the folder as secret
echo type hide to hide the folder
echo type show to show the folder
set /p a=enter:
if %a%==hide ATTRIB +s +h secret
if %a%==show ATTRIB -s -h secret
pause
goto z
this hider hide the file as virus hide system
@echo off
color 2
title assam power hidden
cls
:z
echo to hide folder ,name the folder as secret
echo type hide to hide the folder
echo type show to show the folder
set /p a=enter:
if %a%==hide ATTRIB +s +h secret
if %a%==show ATTRIB -s -h secret
pause
goto z
How To: Change Your Ip In Less Then 1 Minute
1. Click on "Start" in the bottom left hand corner of screen
2. Click on "Run"
3. Type in "command" and hit ok
You should now be at an MSDOS prompt screen.
4. Type "ipconfig /release" just like that, and hit "enter"
5. Type "exit" and leave the prompt
6. Right-click on "Network Places" or "My Network Places" on your desktop.
7. Click on "properties"
You should now be on a screen with something titled "Local Area Connection", or something close to that, and, if you have a network hooked up, all of your other networks.
8. Right click on "Local Area Connection" and click "properties"
9. Double-click on the "Internet Protocol (TCP/IP)" from the list under the "General" tab
10. Click on "Use the following IP address" under the "General" tab
11. Create an IP address (It doesn't matter what it is. I just type 1 and 2 until i fill the area up).
12. Press "Tab" and it should automatically fill in the "Subnet Mask" section with default numbers.
13. Hit the "Ok" button here
14. Hit the "Ok" button again
You should now be back to the "Local Area Connection" screen.
15. Right-click back on "Local Area Connection" and go to properties again.
16. Go back to the "TCP/IP" settings
17. This time, select "Obtain an IP address automatically"
tongue.gif 18. Hit "Ok"
19. Hit "Ok" again
20. You now have a new IP address
With a little practice, you can easily get this process down to 15 seconds.
P.S:
This only changes your dynamic IP address, not your ISP/IP address. If you plan on hacking a website with this trick be extremely careful, because if they try a little, they can trace it back
2. Click on "Run"
3. Type in "command" and hit ok
You should now be at an MSDOS prompt screen.
4. Type "ipconfig /release" just like that, and hit "enter"
5. Type "exit" and leave the prompt
6. Right-click on "Network Places" or "My Network Places" on your desktop.
7. Click on "properties"
You should now be on a screen with something titled "Local Area Connection", or something close to that, and, if you have a network hooked up, all of your other networks.
8. Right click on "Local Area Connection" and click "properties"
9. Double-click on the "Internet Protocol (TCP/IP)" from the list under the "General" tab
10. Click on "Use the following IP address" under the "General" tab
11. Create an IP address (It doesn't matter what it is. I just type 1 and 2 until i fill the area up).
12. Press "Tab" and it should automatically fill in the "Subnet Mask" section with default numbers.
13. Hit the "Ok" button here
14. Hit the "Ok" button again
You should now be back to the "Local Area Connection" screen.
15. Right-click back on "Local Area Connection" and go to properties again.
16. Go back to the "TCP/IP" settings
17. This time, select "Obtain an IP address automatically"
tongue.gif 18. Hit "Ok"
19. Hit "Ok" again
20. You now have a new IP address
With a little practice, you can easily get this process down to 15 seconds.
P.S:
This only changes your dynamic IP address, not your ISP/IP address. If you plan on hacking a website with this trick be extremely careful, because if they try a little, they can trace it back
Subscribe to:
Posts (Atom)