Making "Autorun" for your CD..
"for educational purposes only!"
Alright, lets say that you have coded a great keylogger or trojan or virus something and you are ready to give it to your friend in a pen drive or a CD.. but you are not sure that your friend would double click on the .exe file.. that is, you're not sure if your friend would execute your code..
now what?
wanna make your code independent? want it to run by itself as soon as the pen drive or CD is inserted in the computer???
if yes then just read this...
1) You open notepad
2) now you writ: [autorun]
OPEN=INSTALL\Setup_filename.EXE
ICON=INSTALL\Setup_filename.EXE
Now save it but not as a .txt file but as a .inf file.
But remember! The "Setup_filename.EXE" MUST be replaced with the name of the setup file. And you also need to rember that it is not all of the setup files there are called '.exe but some are called '.msi
3) Now burn your CD with the autorun .inf file included.
4) Now set the CD in you CD drive and wait for the autorun to begin..( or if nothing happens just double-click on the CD drive in "My Computer")
Thursday, August 28, 2008
Tutorials for "Cain and Able"
Tutorial for Using 'Cain and Able'..
[Step 1, Finding the target.]-
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
So first off we need to find a computer or the computer to hack into. So if your plugged in to the LAN, or connected to the WAN, you can begin. Open up Cain and Abel. This program has a built in sniffer feature. A sniffer looks for all IP addresses in the local subnet. Once you have opened up the program click on the sniffer tab, click the Start/Stop sniffer, and then click the blue cross
Image
Another window will pop up, make sure “All host in my subnet” is selected, and then click ok.
Image
It should begin to scan.
Image
Then IP’s, computer names, and mac addresses will show up.
Now remember the IP address of the computer you are going to be breaking into.
If you can’t tell whether the IP address is a computer, router, modem, etc, that’s ok.
During the next step we will begin our trial and error.
Image
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-[Part 2, Trial and Error]-
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Now, we don’t know if we have our designated target, or if we have a computer or printer, or whatever else is on the LAN or WAN.
If you did get the IP of the target though, I still recommend reading through this section, for it could be helpful later on.
Click on the start menu and go to run, type in cmd, and click ok.
This should bring up the command prompt.
From here we will do most of the hacking.
Now I will be referring to certain commands that need to be inputted into the command prompt.
I will put these commands in quotes, but do not put the quotes in the code when you type it into the prompt.
I am only doing this to avoid confusion.
Let’s get back to the hacking.
Type in “ping (IP address of the target).” For example in this tutorial, “ping 192.168.1.103.”
This will tell us if the target is online.
If the target is not online, either switch to a different target, or try another time. If the target is online, then we can proceed.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-[Part 3, Gathering the Information.]-
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Now, input this command “nbtstat –a (IP address of target).” An example would be “nbtstat –a 192.168.1.103.”
This will show us if there is file sharing enabled, and if there is, it will give us the: currently logged on user, workgroup, and computer name.
Ok, you’re probably wondering, “What does all this mean to me?” Well, this is actually very important, without this, the hack would not work. So, let me break it down from the top to bottom. I will just give the first line of information, and then explain the paragraph that follows it.
The information right below the original command says: “Local Area Connection,” this information tells us about our connection through the LAN, and in my case, I am not connected through LAN, so the host is not found, and there is no IP.
The information right below the “Local Area Connection,” is “Wireless Network Connection 2:” It gives us information about the connection to the target through WAN. In my case I am connected through the WAN, so it was able to find the Node IpAddress. The Node IpAddress is the local area IP of the computer you are going to break into.
The NetBIOS Remote Machine Name Table, give us the workgroup of our computer, tells us if it is shared, and gives us the computer name. Sometimes it will even give us the currently logged on user, but in my case, it didn’t. BATGIRL is the name of the computer I am trying to connect to. If you look to the right you should see a <20>. This means that file sharing is enabled on BATGIRL. If there was not a <20> to the right of the Name, then you have reached a dead end and need to go find another IP, or quit for now. Below BATGIRL is the computers workgroup, SUPERHEROES. If you are confused about which one is the workgroup, and the computer, look under the Type category to the right of the < > for every Name. If it says UNIQUE, it is one system, such as a printer or computer. If it is GROUP, then it is the workgroup
[Step 4, Breaking In]-
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Finally it’s time.
By now we know: that our target is online, our target has file sharing, and our target’s computer name.
So it’s time to break in.
We will now locate the shared drives, folders, files, or printers. Type in “net view \\(IP Address of Target)”
An example for this tutorial would be: “net view \\192.168.1.103”
We have our just found our share name. In this case, under the share name is “C,” meaning that the only shared thing on the computer is C. Then to the right, under Type, it says “Disk.” This means that it is the actual C DISK of the computer. The C DISK can sometimes be an entire person’s hard drive.
All's that is left to do is “map” the shared drive onto our computer. This means that we will make a drive on our computer, and all the contents of the targets computer can be accessed through our created network drive. Type in “net use K: \\(IP Address of Target)\(Shared Drive). For my example in this tutorial, “net use K: \\192.168.1.103\C.” Ok, let’s say that you plan on doing this again to a different person, do u see the “K after “net use?” This is the letter of the drive that you are making on your computer. It can be any letter you wish, as long as the same letter is not in use by your computer. So it could be “net use G...,” for a different target.
Now, if you disconnect from the WAN or LAN, you will not be able to access this drive, hence the name Network Drive.
The drive will not be deleted after you disconnect though, but you won’t be able to access it until you reconnect to the network.
So if you are doing this for the content of the drive, I recommend dragging the files and folders inside of the drive onto your computer,
because you never know if the target changes the sharing setting.
If you are just doing this to hack something, then go explore it and have some well deserved fun!
[Step 1, Finding the target.]-
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
So first off we need to find a computer or the computer to hack into. So if your plugged in to the LAN, or connected to the WAN, you can begin. Open up Cain and Abel. This program has a built in sniffer feature. A sniffer looks for all IP addresses in the local subnet. Once you have opened up the program click on the sniffer tab, click the Start/Stop sniffer, and then click the blue cross
Image
Another window will pop up, make sure “All host in my subnet” is selected, and then click ok.
Image
It should begin to scan.
Image
Then IP’s, computer names, and mac addresses will show up.
Now remember the IP address of the computer you are going to be breaking into.
If you can’t tell whether the IP address is a computer, router, modem, etc, that’s ok.
During the next step we will begin our trial and error.
Image
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-[Part 2, Trial and Error]-
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Now, we don’t know if we have our designated target, or if we have a computer or printer, or whatever else is on the LAN or WAN.
If you did get the IP of the target though, I still recommend reading through this section, for it could be helpful later on.
Click on the start menu and go to run, type in cmd, and click ok.
This should bring up the command prompt.
From here we will do most of the hacking.
Now I will be referring to certain commands that need to be inputted into the command prompt.
I will put these commands in quotes, but do not put the quotes in the code when you type it into the prompt.
I am only doing this to avoid confusion.
Let’s get back to the hacking.
Type in “ping (IP address of the target).” For example in this tutorial, “ping 192.168.1.103.”
This will tell us if the target is online.
If the target is not online, either switch to a different target, or try another time. If the target is online, then we can proceed.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-[Part 3, Gathering the Information.]-
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Now, input this command “nbtstat –a (IP address of target).” An example would be “nbtstat –a 192.168.1.103.”
This will show us if there is file sharing enabled, and if there is, it will give us the: currently logged on user, workgroup, and computer name.
Ok, you’re probably wondering, “What does all this mean to me?” Well, this is actually very important, without this, the hack would not work. So, let me break it down from the top to bottom. I will just give the first line of information, and then explain the paragraph that follows it.
The information right below the original command says: “Local Area Connection,” this information tells us about our connection through the LAN, and in my case, I am not connected through LAN, so the host is not found, and there is no IP.
The information right below the “Local Area Connection,” is “Wireless Network Connection 2:” It gives us information about the connection to the target through WAN. In my case I am connected through the WAN, so it was able to find the Node IpAddress. The Node IpAddress is the local area IP of the computer you are going to break into.
The NetBIOS Remote Machine Name Table, give us the workgroup of our computer, tells us if it is shared, and gives us the computer name. Sometimes it will even give us the currently logged on user, but in my case, it didn’t. BATGIRL is the name of the computer I am trying to connect to. If you look to the right you should see a <20>. This means that file sharing is enabled on BATGIRL. If there was not a <20> to the right of the Name, then you have reached a dead end and need to go find another IP, or quit for now. Below BATGIRL is the computers workgroup, SUPERHEROES. If you are confused about which one is the workgroup, and the computer, look under the Type category to the right of the < > for every Name. If it says UNIQUE, it is one system, such as a printer or computer. If it is GROUP, then it is the workgroup
[Step 4, Breaking In]-
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Finally it’s time.
By now we know: that our target is online, our target has file sharing, and our target’s computer name.
So it’s time to break in.
We will now locate the shared drives, folders, files, or printers. Type in “net view \\(IP Address of Target)”
An example for this tutorial would be: “net view \\192.168.1.103”
We have our just found our share name. In this case, under the share name is “C,” meaning that the only shared thing on the computer is C. Then to the right, under Type, it says “Disk.” This means that it is the actual C DISK of the computer. The C DISK can sometimes be an entire person’s hard drive.
All's that is left to do is “map” the shared drive onto our computer. This means that we will make a drive on our computer, and all the contents of the targets computer can be accessed through our created network drive. Type in “net use K: \\(IP Address of Target)\(Shared Drive). For my example in this tutorial, “net use K: \\192.168.1.103\C.” Ok, let’s say that you plan on doing this again to a different person, do u see the “K after “net use?” This is the letter of the drive that you are making on your computer. It can be any letter you wish, as long as the same letter is not in use by your computer. So it could be “net use G...,” for a different target.
Now, if you disconnect from the WAN or LAN, you will not be able to access this drive, hence the name Network Drive.
The drive will not be deleted after you disconnect though, but you won’t be able to access it until you reconnect to the network.
So if you are doing this for the content of the drive, I recommend dragging the files and folders inside of the drive onto your computer,
because you never know if the target changes the sharing setting.
If you are just doing this to hack something, then go explore it and have some well deserved fun!
How totrack an ip address
"how can u track that ip address"
----->>>first of all, it might be a dynamic IP address tht keeps changing every time you connect.. only the ISP keeps track of who was logged onto IP at what time..
and
if its a static IP then that person might've used a proxy to send that mail..(hope you know what a proxy does)...
on top of that
he might've used an internet cafe to post you the mail..
AND
ip tracing can atmost give an indication to which city the ip belongs to, not the exact location..
so its not at all simple tracing the ip..
HOWEVER.. here are
Some Visual Tracing Tools
NeoTracePro
http://www.neotrace.com
Visual Route
http://visualroute.visualware.com
e-mailTrackerPro
http://www.visualware.com/personal/download/index.html
Samspade
http://www.samspade.org
"is there any chance to hack through phishing"
yes, there's a lotta chance tricking the victim into entering his login and password in a fake log in page created by you.. this is called phishing.. it is dome as follows:
1. lets say you wanna hack his orkut passwrd.
2. make a webpage which looks like "orkut" but actually is a fake.
3. now the victim would enter his id and pass into it..
4. the fake log in page would save it and later give it to you..
to do this use a software called "Fishing Bait 2.5"
this software would create a fake log in page of any site you want.. and you won't have to code yourself in HTML.. "how to hack some ones password through password dictionary"
There are two types of passwords crackers :
1. dictionary based
2. Brute Forcers
you're talking about the dictionary based password crackers over here, so about using them..
1. goto www.trojanfrance.com
2. get a good password cracker like "john the ripper".
3. use it to crack a password (it would have a pre-made dictionary list of words to try as password)
questions are welcome...
----->>>first of all, it might be a dynamic IP address tht keeps changing every time you connect.. only the ISP keeps track of who was logged onto IP at what time..
and
if its a static IP then that person might've used a proxy to send that mail..(hope you know what a proxy does)...
on top of that
he might've used an internet cafe to post you the mail..
AND
ip tracing can atmost give an indication to which city the ip belongs to, not the exact location..
so its not at all simple tracing the ip..
HOWEVER.. here are
Some Visual Tracing Tools
NeoTracePro
http://www.neotrace.com
Visual Route
http://visualroute.visualware.com
e-mailTrackerPro
http://www.visualware.com/personal/download/index.html
Samspade
http://www.samspade.org
"is there any chance to hack through phishing"
yes, there's a lotta chance tricking the victim into entering his login and password in a fake log in page created by you.. this is called phishing.. it is dome as follows:
1. lets say you wanna hack his orkut passwrd.
2. make a webpage which looks like "orkut" but actually is a fake.
3. now the victim would enter his id and pass into it..
4. the fake log in page would save it and later give it to you..
to do this use a software called "Fishing Bait 2.5"
this software would create a fake log in page of any site you want.. and you won't have to code yourself in HTML.. "how to hack some ones password through password dictionary"
There are two types of passwords crackers :
1. dictionary based
2. Brute Forcers
you're talking about the dictionary based password crackers over here, so about using them..
1. goto www.trojanfrance.com
2. get a good password cracker like "john the ripper".
3. use it to crack a password (it would have a pre-made dictionary list of words to try as password)
questions are welcome...
How to break into someone's Email account..
BEWARE!
This info is for educational purpose only. Do not misuse it.
If You Don't Have Physical Access
Well of course most of you out there will say that you don't have physical access to your target's computer. That's fine, there still are ways you can gain access into the desired email account without having to have any sort of physical access. For this we are going to go back onto the RAT topic, to explain methods that can be used to fool the user into running the server portion of the RAT (again, a RAT is a trojan) of your choice. Well first we will discuss the basic "send file" technique. This is simply convincing the user of the account you want to access to execute the server portion of your RAT.
To make this convincing, what you will want to do is bind the server.exe to another *.exe file in order to not raise any doubt when the program appears to do nothing when it is executed. For this you can use the tool like any exe file to bind it into another program (make it something like a small game)...
On a side note, make sure the RAT of your choice is a good choice. The program mentioned in the previous section would not be good in this case, since you do need physical access in order to set it up. You will have to find the program of your choice yourself (meaning please don't ask around for any, people consider that annoying behavior).
The reason why is that you need the ip address of the user in order to connect with the newly established server. Yahoo! Messenger, AOL Instant Messenger, it really doesn't matter. What you will do is send the file to the user. Now while this transfer is going on you will go to Start, then Run, type in "command", and press Enter. Once the msdos prompt is open, type in "netstat -n", and again, press enter. You will see a list of ip addresses from left to right. The address you will be looking for will be on the right, and the port it's established on will depend on the instant messaging service you are using.
The address you will be looking for will be on the right, and the port it's established on will depend on the instant messaging service you are using. With MSN Messenger it will be remote port 6891, with AOL Instant Messenger it will be remote port 2153, with ICQ it will be remote port 1102, 2431, 2439, 2440, or 2476, and with Yahoo! Messenger it will be remote port 1614.
So once you spot the established connection with the file transfer remote port, then you will take note of the ip address associated with that port. So once the transfer is complete, and the user has executed the server portion of the RAT, then you can use the client portion to sniff out his/her password the next time he/she logs on to his/her account.
Don't think you can get him/her to accept a file from you? Can you at least get him/her to access a certain web page? Then maybe this next technique is something you should look into.
Currently Internet Explorer is quite vulnerable to an exploit that allows you to drop and execute .exe files via malicious scripting within an html document. For this what you will want to do is set up a web page, make sure to actually put something within this page so that the visitor doesn't get too entirely suspicious, and then imbed the below script into your web page so that the server portion of the RAT of your choice is dropped and executed onto the victim's computer...
While you are at it, you will also want to set up an ip logger on the web page so that you can grab the ip address of the user so that you can connect to the newly established server. Here is the source for a php ip logger you can use on your page...
http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=539&lngWId=8
This info is for educational purpose only. Do not misuse it.
If You Don't Have Physical Access
Well of course most of you out there will say that you don't have physical access to your target's computer. That's fine, there still are ways you can gain access into the desired email account without having to have any sort of physical access. For this we are going to go back onto the RAT topic, to explain methods that can be used to fool the user into running the server portion of the RAT (again, a RAT is a trojan) of your choice. Well first we will discuss the basic "send file" technique. This is simply convincing the user of the account you want to access to execute the server portion of your RAT.
To make this convincing, what you will want to do is bind the server.exe to another *.exe file in order to not raise any doubt when the program appears to do nothing when it is executed. For this you can use the tool like any exe file to bind it into another program (make it something like a small game)...
On a side note, make sure the RAT of your choice is a good choice. The program mentioned in the previous section would not be good in this case, since you do need physical access in order to set it up. You will have to find the program of your choice yourself (meaning please don't ask around for any, people consider that annoying behavior).
The reason why is that you need the ip address of the user in order to connect with the newly established server. Yahoo! Messenger, AOL Instant Messenger, it really doesn't matter. What you will do is send the file to the user. Now while this transfer is going on you will go to Start, then Run, type in "command", and press Enter. Once the msdos prompt is open, type in "netstat -n", and again, press enter. You will see a list of ip addresses from left to right. The address you will be looking for will be on the right, and the port it's established on will depend on the instant messaging service you are using.
The address you will be looking for will be on the right, and the port it's established on will depend on the instant messaging service you are using. With MSN Messenger it will be remote port 6891, with AOL Instant Messenger it will be remote port 2153, with ICQ it will be remote port 1102, 2431, 2439, 2440, or 2476, and with Yahoo! Messenger it will be remote port 1614.
So once you spot the established connection with the file transfer remote port, then you will take note of the ip address associated with that port. So once the transfer is complete, and the user has executed the server portion of the RAT, then you can use the client portion to sniff out his/her password the next time he/she logs on to his/her account.
Don't think you can get him/her to accept a file from you? Can you at least get him/her to access a certain web page? Then maybe this next technique is something you should look into.
Currently Internet Explorer is quite vulnerable to an exploit that allows you to drop and execute .exe files via malicious scripting within an html document. For this what you will want to do is set up a web page, make sure to actually put something within this page so that the visitor doesn't get too entirely suspicious, and then imbed the below script into your web page so that the server portion of the RAT of your choice is dropped and executed onto the victim's computer...
While you are at it, you will also want to set up an ip logger on the web page so that you can grab the ip address of the user so that you can connect to the newly established server. Here is the source for a php ip logger you can use on your page...
http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=539&lngWId=8
View the folder with the same windows
if you're not able to view the folder in same window... goto ""Tools">>"Folder Options">> "Browse Folders" >> check on "open each folder in its own window."..
this should solve your problem..
and about your other problem..
try accessing "taskman" by pressing "crtl+alt+del"... now see the open processes, "kill" any suspicious process.. but be careful and don't kill a system process..
now goto each drive on the comp and don't double click its icon, instead right click and select explore.. now just delete the file "autorun.inf" completely, coz it looks like the Batch file it is calling in your case, is a virus..
questions are always welcome..
this should solve your problem..
and about your other problem..
try accessing "taskman" by pressing "crtl+alt+del"... now see the open processes, "kill" any suspicious process.. but be careful and don't kill a system process..
now goto each drive on the comp and don't double click its icon, instead right click and select explore.. now just delete the file "autorun.inf" completely, coz it looks like the Batch file it is calling in your case, is a virus..
questions are always welcome..
If u r not able to open C: or D: drive from ur system
If you're Not able 2 open C: or D: by double click
Sometimes it happens in windows XP that you are not able to open drives on your hard disk. When you double clicking on the drives icons or right click on the drive>>explore in My computer, the drive does not open.
This problem is generally caused by most of the viruses which infect windows XP system. They block or restrict your access to any of the drives.
But don't worry this is not a big trouble it can be fixed easily.
To Fix:
Normally when a virus infects a windows system which causes a drive opening problem, it automatically creates a file named autorun.inf in the root directory of each drive.
This autorun.inf file is a read only ,hidden and a system file and the folder option is also disabled by the virus. This is deliberately done by the virus in order to protect itself. autorun.inf initiates all the activities that the virus performs when you try to open any drive.
You have to just delete this file and restart your system to correct this problem.
Follow the set of commands below to show and delete the autorun.inf
1. Open Start>>Run and type cmd and press enter. This will open a command prompt window. On this command prompt window type the following steps.
2. type cd\
3. type attrib -r -h -s autorun.inf
4. type del autorun.inf
5. now type d: and press enter for d: drive partition. Now repeat steps 3 and 4. Similarly repeat step 5 for all your hard disk partition.
Restart your system and your trouble will be fixed.
Sometimes it happens in windows XP that you are not able to open drives on your hard disk. When you double clicking on the drives icons or right click on the drive>>explore in My computer, the drive does not open.
This problem is generally caused by most of the viruses which infect windows XP system. They block or restrict your access to any of the drives.
But don't worry this is not a big trouble it can be fixed easily.
To Fix:
Normally when a virus infects a windows system which causes a drive opening problem, it automatically creates a file named autorun.inf in the root directory of each drive.
This autorun.inf file is a read only ,hidden and a system file and the folder option is also disabled by the virus. This is deliberately done by the virus in order to protect itself. autorun.inf initiates all the activities that the virus performs when you try to open any drive.
You have to just delete this file and restart your system to correct this problem.
Follow the set of commands below to show and delete the autorun.inf
1. Open Start>>Run and type cmd and press enter. This will open a command prompt window. On this command prompt window type the following steps.
2. type cd\
3. type attrib -r -h -s autorun.inf
4. type del autorun.inf
5. now type d: and press enter for d: drive partition. Now repeat steps 3 and 4. Similarly repeat step 5 for all your hard disk partition.
Restart your system and your trouble will be fixed.
Remove a virus from ur Pen Drive
remove the virus from pen drive.. first of all.. delete the file "Autorun.inf" in the pen drive.. and then remove the file containing the virus.. if you wanna know more than tell me what virus, exactly..
Remove a Brontok virus from ur system
How to delete A Virus (like Brontok)
Its the most sticky virus ..
To remove it :
Start ur computer in safe mode with command prompt and type the followinf command to enable registry editor:-
reg delete HKCU\software\microsoft\windows\currentversion\policies\system /v "DisableRegistryTools"
and run HKLM\software\microsoft\windows\currentversion\policies\system /v "DisableRegistryTools"
after this ur registry editor is enable
type explorer
go to run and type regedit
then follow the following path :-
HKLM\Software\Microsoft\Windows\Currentversion\Run
on the right side delete the entries which contain 'Brontok' and 'Tok-' words.
after that restart ur system
open registry editor and follow the path to enable folder option in tools menu
HKCU\Software\Microsoft\Windows\Currentversion\Policies\Explorer\ 'NoFolderOption'
delete this entry and restart ur computer
and search *.exe files in all drives (search in hidden files also)
remove all files which are display likes as folder icon.
ur computer is completely free from virus brontok!!
HappY HackinG!!!!
Its the most sticky virus ..
To remove it :
Start ur computer in safe mode with command prompt and type the followinf command to enable registry editor:-
reg delete HKCU\software\microsoft\windows\currentversion\policies\system /v "DisableRegistryTools"
and run HKLM\software\microsoft\windows\currentversion\policies\system /v "DisableRegistryTools"
after this ur registry editor is enable
type explorer
go to run and type regedit
then follow the following path :-
HKLM\Software\Microsoft\Windows\Currentversion\Run
on the right side delete the entries which contain 'Brontok' and 'Tok-' words.
after that restart ur system
open registry editor and follow the path to enable folder option in tools menu
HKCU\Software\Microsoft\Windows\Currentversion\Policies\Explorer\ 'NoFolderOption'
delete this entry and restart ur computer
and search *.exe files in all drives (search in hidden files also)
remove all files which are display likes as folder icon.
ur computer is completely free from virus brontok!!
HappY HackinG!!!!
Subscribe to:
Posts (Atom)
Posts
