Cyberphunkz Tech Blog » virus

How Does AntiVirus Work

Freak — Sat, 02 Apr 2011 03:32:52 +0000

The Antivirus is a Software that detect harmful Software’s or programs like Computer Virus, Computer Worms, Trojan Horses, Spyware, Ad-ware. Antivirus are one of the most important part of a computer and save us from many dangers every day. But the Question arises that how do they work?

The Antivirus Work in two main Ways:

Signature based detection
Checking for Suspicious Behavior

Signature Based Detection

The Signature Based Detection is the way in which the antivirus compare the content of the file to the dictionary of the viruses. This is a very effective way because it is able to identify all the viruses that are publicly known. The example of it is like this: If the file is like this 10101010 then the antivirus will compare it with dictionary, if it match’s the 10101010 in dictionary than it will be considered as virus. The effectiveness of this method depends on that the virus or Trojan is public if it is not that it may not be able to detect it. Some hacker uses Crypter software to hide the content of the file e.g 10101010 would become 12121212 now antivirus would not find it in Dictionary because it seems another file to dictionary but in reality the file would still be virus. To encounter with this problem Antivirus Dictionaries also include the entries to identify the Crypted Virus. For Example they would also keep 12121212 in Virus Signature and identify that as virus also.

Suspicious Behavior

This type include the antivirus running in the real time and observing the behaviour of the the files running. It sees that if the files are overwriting the data without users permission or notification. If this kind of behaviour is observed by the antivirus it will suddenly stop the program and ask the user about the reliability of the file. So User can choose the is it All right to let the program work or if it is a virus s(he) can stop it.

Point To Be Consider

As you have seen that normally the antivirus take the content or signature of a file or program to compare it with its database, now what if the database of an antivirus is not updated and if any new malware try to exploit your computer and your antivirus don’t identify it because it has no information about. So the new threat can easily bypass your antivirus and will cause a harm to your computer, this is called Zero-day threats.

Awareness among the user(s) is/are very important rather than antivirus software’s, you should teach your self on how to be safe on the jungle of web where every day, is the day of new threat.
You must be aware about the viruses and their effects and how they spread.
- Malware: Virus
Do not download and run the unknown programs from Internet.
You should know how to secure yourself from malware.
- Secure Your Self From Keylogger
You must know about the latest antivirus software for your operating system.
- 4 Antivirus For Android

So these are two main ways employed by the antivirus to detect the unwanted files. So now always when you run a scan you would know what is happening.

New IT Term of the week

Freak — Tue, 06 Apr 2010 13:31:06 +0000

Easter egg

Software easter eggs are secret screens, videos, graphics, or other type of message that has been buried in an application. Typically, easter eggs are used to display the credits for the development team or to display a humorous message. Easter eggs are intended to be fun and can be found in any type of software ? including games, word processing applications, and even operating systems. To see an easter egg, you often will need know a special procedure or sequence of keystrokes.

For example, follow these instructions to see a list of people who worked on the User Assistance feature of Microsoft Word 2000:

1. Open Microsoft Word2000

2. Press F1 or click the “Office Assistant” button

3. Under the “What would you like to do?”, type “Cast” (No quotes)

4. Click SEARCH

5. Click the MICROSOFT OFFICE 2000 USER ASSISTANCE STAFF topic

6. Click the graphic in the Microsoft Word Help screen

Easter eggs in computer games are quite common and may be funny scenes, hidden levels, or other extras gamers can discover while playing. One of the most popular easter eggs to unlock in video games is the “Dopefish”. This fun, fictional fish first appeared in Commander Keen: Secret of the Oracle (1991). Since that time it has made an appearance as an easter egg in numerous games. In many games you need to unlock a special level or perform a sequence of actions to find the hidden easter egg.

Easter eggs may also be found in movies, music albums, videos and other types of media.

VIRUS : Magazine ships Induc Delphi virus on cover CD ROM

Freak — Mon, 31 Aug 2009 20:06:58 +0000

According to German media reports, a popular computer magazine is on sale in the country containing a copy of the W32/Induc-A Delphi virus on its free cover CD ROM.

The 18/2009 edition of ComputerBild, one of Germany’s biggest computer magazines with an estimated readership of over 4 million people, carries an infected copy of TidyFavorites 4.1, a tool used to help you organise your browser’s list of favourite websites, on its cover CD.

Springer-Verlag, the publishers of ComputerBild, have reportedly contacted independent experts at AV-Test.org who have confirmed the infection.

ComputerBild has published a statement to its readers (in German), warning of the infection and providing a link to a clean, uninfected version of the program.

The good news is that W32/Induc-A appears to be a proof-of-concept virus and has no malicious payload other than spreading – nevertheless, no-one wants unauthorised hacker’s code running on their computer.

According to German media reports, a popular computer magazine is on sale in the country containing a copy of the W32/Induc-A Delphi virus on its free cover CD ROM.

Springer-Verlag, the publishers of ComputerBild, have reportedly contacted independent experts at AV-Test.org who have confirmed the infection.

ComputerBild has published a statement to its readers (in German), warning of the infection and providing a link to a clean, uninfected version of the program.

OH NO! MY SYSTEM’S INFECTED

Freak — Tue, 02 Jun 2009 18:45:52 +0000

Hope-fully this is not the case for the majority of you, but I know there will be a few people who are going to be infected. The only way you are really going to know if you are infected is diagnosing your computer properly. I recommend getting Lockdown 2000 for this. Install it on your system and run a full system scan on your machine.

After running Lockdown 2000, run your anti virus scanner just in case Lockdown missed anything. You may ask yourself why I suggest such redundancy? Computers are built on the principle of redundancy. One program will always compensate for the short-comings of the other. This should reveal most if not all Trojans currently residing on your machine. Until you are absolutely sure about not possessing any Trojans on your machine I suggest being alert of the happenings on your computer.

Run the firewall programs to block out intruders.

Monitor your system for unusual happenings (CD Rom opening for no reason)

Use the Netstat command to see what ports are being used if you get suspicious

The ultimate goal is not to be paranoid about the use of your computer. It’s about being smart about how you use your computer.

How to Remove Koobface / Facebook Virus

Freak — Mon, 04 May 2009 05:51:29 +0000

What is Koobface?

Koobface is a malicious executable program that is commonly installed without user consent or knowledge. Koobface can be installed by itself or bundled with other infections. Koobface will often display frequent advertisements for bogus products or programs. The presence of Koobface can cause sluggish system performance, system freezes and/or crashes. Eventual system failure and blue screen could also be caused by Koobface. Koobface is not known to replicate itself at the time of this publication.How do I remove Koobface?

This Koobface Removal guide provides two Koobface removal options, automatic Koobface scanner and manual removal. Please see our Koobface manual removal warning before proceeding with manual removal.
Automatic Koobface scanner download

Click here to download Automatic Remover

Manual Koobface removal directions

Warning! Manual Removal of Koobface is intended to be used by advanced users only.

Follow directions below for Koobface removal manually:
Find and Stop Koobface Virus Processes: ctrl+alt+del -> Processes

* fbtre6.exe
mstre6.exe

Find and Remove Koobface Virus registry values:

* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “c:\windows\mstre6.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “C:\Windows\fbtre6.exe”
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating

Find and Delete Koobface Virus Files:

* C:\\Windows\\fbtre6.exe
C:\\Windows\\fmark2.dat

How did I get Koobface?

Unfortunately it is very difficult to pinpoint the exact distribution point of Koobface. However, common delivery tactics of Koobface could be, but not limited to: trojans, browser exploits, pc ports or other vulnerable access points. We have seen reports of Koobface being distributed through fake media codec downloads as well.
Common symptoms of Koobface?

Possible attributes and symptoms of Koobface are listed below.

* Koobface may push advertisements for rogue security applications
* Koobface may cause frequent popup advertisements
* Koobface may cause sluggish system performance
* Koobface may cause slow PC processing
* Koobface may cause Blue Screen
* Koobface may cause high CPU usage

How do I prevent Koobface?

Once you have cleaned up Koobface, the main tip in order to prevent Koobface and future malicious programs from returning is to stay suspicious of new websites you have never visited. Chances are you were tricked into downloading Koobface when you thought it was something else.

More tips to prevent Koobface from returning:

* Update Windows often
* Update Windows Security Settings
* Turn on Firewall Protection
* Update Anti-Spyware Software Frequently

What is the purpose of Koobface?

The creators or authors of Koobface have one sole objective in mind, money. Almost all forms of malicious code nowadays, with Koobface being no exception, are created to make a buck. The creators or authors of Koobface know that if then can distribute “x” amount of downloads of Koobface then Koobface will generate “y” amount of revenue. In addition, many of these Malware authors have been doing this awhile so they have perfected their conversion rates and will continue to do so.

Who is behind Koobface?

It is difficult to say exactly who is behind Koobface. Certain hypothesis can be created for Koobface though. Chances are the creators or authors of Koobface are located (or at least their servers are) somewhere in either Eastern Europe or China. However, Malware has been retraced back to almost every country in the world so it really difficult to gauge this with any type of accuracy.

Mobile Phone Virus Hoax

Freak — Fri, 27 Mar 2009 13:58:46 +0000

Example

Subject: FW: URGENT message for mobile phone users!!!

URGENT message for mobile phone users!!!Please be careful and mindful! All mobile users pay attention if you receive a phone call and your mobile phone displays ( ACE ) on the screen don’t answer the call. END THE CALL IMMEDIATELY if you answer the call, your phone will be infected by a virus. This virus will erase all IMEI and IMSI information from both your phone and your SIM card, which will make your phone unable to connect with the telephone network.

You will have to buy a new phone. This information has been confirmed by both Motorola and Nokia. There are over 3 Million mobile phones being infected by this virus in USA now. you can also check this news in the CNN web site.

PLEASE FORWARD THIS PIECE OF INFORMATION TO ALL YOUR FRIENDS.
——————————————————————

All mobile users pay attention!!!!!!!!!

If you receive a phone call and your mobile phone displays(XALAN)on the screen don’t answer the call, END THE CALL IMMEDIATELY,if you answer the call,your phone will be infected by a virus. This virus WILL ERASE all IMEI and IMSI information from both your phone and your SIM card, which will make your phone unable to connect with the telephone network. You will have to buy a new phone. This information has been confirmed by both Motorola and Nokia. There are over 3 Million mobile phones being infected by this virus in all around the world now. You can also check this news in the CNN web site.

PLEASE FORWARD THIS PIECE OF INFORMATION TO ALL YOUR FRIENDS HAVING A MOBILE PHONE.

Variants of this hoax have been circulating since 1999. The information in the email is completely untrue and has certainly not been “confirmed by both Motorola and Nokia”. If a virus had really destroyed the mobile phones of 3 million US users it would be a major news story around the world. There is nothing on the CNN site about this virus nor does a search of Google News reveal any articles that confirm the story.

However, there are legitimate news articles about a real mobile phone virus that was discovered back in June 2004. This worm, dubbed “Cabir” is basically a “proof of concept” virus and does little damage. Vnunet.com reports that the first outbreak of this virus “in the wild” occurred in Singapore in early October. Although Cabir is virtually harmless, it does indicate that mobile phone virus attacks are possible and may become a significant threat in the future. News of Cabir may also be giving new life to this old mobile phone virus hoax.While mobile phone viruses are real, experts maintain that the potential threat of such viruses has been exaggerated.

In any case, the information included in these emails is false and the “warnings” should be deleted without forwarding. Any “virus warnings” received via a forwarded email should not be taken at face value. Always take the time to confirm the information at a reputable anti-virus website.