its a worm actually.
if u wanna delete this file pls do the following..
There is a trojan/virus (either the Win32/Pacex virus or the Win32/PSW.Agent.NDP trojan) that uses those two files. Here is how you can get rid of them:
1) Open up Task Manager (Ctrl-Alt-Del)
2) If wscript.exe is running, end it.
3) If explorer.exe is running, end it.
4) Open up “File | New Task (Run)” in the Task manager
5) Run cmd
6) Run the following command on all your drives by replacing c:\ with other drives in turn (note: if you have autorun.inf files that you think you need to backup, do so now
del c:\autorun.* /f /a /s /q
7) Go to your Windows\System32 directory by typing cd c:\windows\system32
8) Type dir /a avp*.*
9) If you see any files names avp0.dll or avpo.exe or avp0.exe, use the following commands to delete each of them:
attrib -r -s -h avpo.exe
del avpo.exe
10) Use the Task Manager’s Run command to fire up regedit
11) Navigate to HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run (as usual, take a backup of your registry before touching it!)
12) If there are any entries for avpo.exe, delete them.
13) Do a complete search of your registry for ntde1ect.com and delete any entries you find.
14) Restart your computer.
comment for further queries..
Saturday, October 20, 2007
Saturday, September 8, 2007
tsr programming
tsr-terminate and stay resident programming is a very excellent field where u can learn and explore a lot of intrsing stuff.
a best way to explore ur DOS kingdom..
these programs stay resident in ur memory once they are executd..and can be invoked any time wen u need using some hot keys..
This is achieved by capturing interrupts and adding our own ISRs(Interrupt Service Routines) in the IVT(Interrupt Vector Table)..
Each ISR is addressed by an Integer..There are totally 256 interrupts ranging from 0 to 255..
and v make our program resident using the keep() system call..defined under dos.h
TURBO C has the facility of caputring these interrupts and replacing our own ones..
some of the functions used are getvect(),setvect() ,enable(),disable()..,,etc..defined under "dos.h"
some of the interrupts are 8-timer
0x417-keyboard and many more..
TSR programming is really intrsting wen learnt thoroughly or even if v get a small essence of it..
All virus programs are essentially TSRs but its not the vice versa..
We can use these techniques to wirte out own anti virus programs taking care of our MBR(Master Boot Record) and even tackling file viruses..
I hav written a program which monitors ut MBR and notifies u wen any illegal access is done to tat..this is done by monitoring 0x413 or 0x414
I referred Writing TSRs Through C by Yashwant Kanetkar..
Post ur comments to know more about TSR Programming..
a best way to explore ur DOS kingdom..
these programs stay resident in ur memory once they are executd..and can be invoked any time wen u need using some hot keys..
This is achieved by capturing interrupts and adding our own ISRs(Interrupt Service Routines) in the IVT(Interrupt Vector Table)..
Each ISR is addressed by an Integer..There are totally 256 interrupts ranging from 0 to 255..
and v make our program resident using the keep() system call..defined under dos.h
TURBO C has the facility of caputring these interrupts and replacing our own ones..
some of the functions used are getvect(),setvect() ,enable(),disable()..,,etc..defined under "dos.h"
some of the interrupts are 8-timer
0x417-keyboard and many more..
TSR programming is really intrsting wen learnt thoroughly or even if v get a small essence of it..
All virus programs are essentially TSRs but its not the vice versa..
We can use these techniques to wirte out own anti virus programs taking care of our MBR(Master Boot Record) and even tackling file viruses..
I hav written a program which monitors ut MBR and notifies u wen any illegal access is done to tat..this is done by monitoring 0x413 or 0x414
I referred Writing TSRs Through C by Yashwant Kanetkar..
Post ur comments to know more about TSR Programming..
Tuesday, August 28, 2007
Packet Format Of an SMS
what does an sms packet contain and what all is there in its header?
to know visit the below url
http://www.edaboard.com/ftopic263628.html
to know visit the below url
http://www.edaboard.com/ftopic263628.html
Monday, August 6, 2007
a simple registry tweak
u hav an unknown application and u wanna open it with notepad by default without being asked..
how will u do that??
open an empty notepad file and save it as "filename.reg"...........i mean some file name with an .reg extension
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\*\shell]
[HKEY_CLASSES_ROOT\*\shell\open]
@="Open With Notepad"
[HKEY_CLASSES_ROOT\*\shell\open\command]
@="notepad.exe %1"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.]
"Application"="Notepad"
now double click it and give "run" or "ok" ,etc..
how will u do that??
open an empty notepad file and save it as "filename.reg"...........i mean some file name with an .reg extension
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\*\shell]
[HKEY_CLASSES_ROOT\*\shell\open]
@="Open With Notepad"
[HKEY_CLASSES_ROOT\*\shell\open\command]
@="notepad.exe %1"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.]
"Application"="Notepad"
now double click it and give "run" or "ok" ,etc..
this one wud b intrsting i guess..(mobile users)
in our mobile phones v use two types of batteries..lithium-ion and nickel-metal hydride batteries..
guess many wud b having this battery prob..may b not wit a nu mobile but as days pass on this warning "low battery" really troubles u..
so to know more about battery life in small and hand held devices pls visit
http://developersvoice.com/tips-tricks/cell-phone/
also u can find many secret codes for various mobiles in the above mentiond site..explore it>>>>>...........
guess many wud b having this battery prob..may b not wit a nu mobile but as days pass on this warning "low battery" really troubles u..
so to know more about battery life in small and hand held devices pls visit
http://developersvoice.com/tips-tricks/cell-phone/
also u can find many secret codes for various mobiles in the above mentiond site..explore it>>>>>...........
Wednesday, August 1, 2007
MMS Scandals - A small discussion
An extract from an article worth reading.
MMS scandals seem to have become a way of life. They are the essential spice added to the world of pornography paving way for more serious crimes and destroying innocent lives. Can we conclude that an MMS scandal is worse than rape?
wat do others say??i took this article from http://www.merinews.com/catFull.jsp?articleID=125792 ..A must read
MMS scandals seem to have become a way of life. They are the essential spice added to the world of pornography paving way for more serious crimes and destroying innocent lives. Can we conclude that an MMS scandal is worse than rape?
wat do others say??i took this article from http://www.merinews.com/catFull.jsp?articleID=125792 ..A must read
extract a *.exe to its corresponding *.c....is it possible??
ya it is possible to reconstruct the semantics and the control flow..
its a reverse engg process..done using a decompiler..
find it on http://www.backerstreet.com/rec/rec.htm
REC is a portable reverse engineering compiler, or decompiler.
It reads an executable file, and attempts to produce a C-like representation of the code and data used to build the executable file.
It is portable because it has been designed to read files produced for many different targets, and it has been compiled on several host systems.
RecStudio offers a modern user interface to REC's interactive mode.
A command line version is still available for Linux and Solaris hosts.
its a reverse engg process..done using a decompiler..
find it on http://www.backerstreet.com/rec/rec.htm
REC is a portable reverse engineering compiler, or decompiler.
It reads an executable file, and attempts to produce a C-like representation of the code and data used to build the executable file.
It is portable because it has been designed to read files produced for many different targets, and it has been compiled on several host systems.
RecStudio offers a modern user interface to REC's interactive mode.
A command line version is still available for Linux and Solaris hosts.
my first post..
Three passions have governed my life:
The longings for love, the search for knowledge,
And unbearable pity for the suffering of [humankind].
Love brings ecstasy and relieves loneliness.
In the union of love I have seen
In a mystic miniature the prefiguring vision
Of the heavens that saints and poets have imagined.
With equal passion I have sought knowledge.
I have wished to understand the hearts of [people].
I have wished to know why the stars shine.
Love and knowledge led upwards to the heavens,
But always pity brought me back to earth;
Cries of pain reverberated in my heart
Of children in famine, of victims tortured
And of old people left helpless.
I long to alleviate the evil, but I cannot,
And I too suffer.
This has been my life; I found it worth living.
The longings for love, the search for knowledge,
And unbearable pity for the suffering of [humankind].
Love brings ecstasy and relieves loneliness.
In the union of love I have seen
In a mystic miniature the prefiguring vision
Of the heavens that saints and poets have imagined.
With equal passion I have sought knowledge.
I have wished to understand the hearts of [people].
I have wished to know why the stars shine.
Love and knowledge led upwards to the heavens,
But always pity brought me back to earth;
Cries of pain reverberated in my heart
Of children in famine, of victims tortured
And of old people left helpless.
I long to alleviate the evil, but I cannot,
And I too suffer.
This has been my life; I found it worth living.
Subscribe to:
Posts (Atom)