How to protect yourself from skype resolvers

ow to setup proxy, only for Skype nothing else! This will altso prevent skype resolvers from resolving your skype. Insted of giving your IP, it gives the Proxy IP!

---

1.)
- Open your skype.
- Sign out.
- Click the menu item named "Tools" Then "Connection Options".





2.)
- Now as your in the "Connection" Tab, change "Automatic Proxy Detection" to "HTTPS".
- You now need a legit and good proxy, visit hidemyass.com
- Now try to find a proxy in your country, this will make you lag less!
- Copy the IP Address of the proxy, and paste it into the host input form, then find the port for it and paste it into the port input.



Now save, and restart your skype!
You might have to wait up to 24 hours before the changes will work.

How to password protect a folder without program

This is pretty easy if you know batch-language but to those who doesn't. You can make a folder hidden and only unlocked by password using cmd.


Windows Xp:

In windows xp you can only encrypt a folder.


- Make a folder and put your files in it.

- Right-click the folder and click Properties.

- Click the Sharing tab.

- Check the box Make this folder private

- Click Apply and then Ok.


Requirements :

- The hard drive must be formatted in NTFS and not FAT32 File System.
- The folder you're attempting to encrypt must be in your own personal folder. Example :

Code:

C:\Documents and Settings\Bob\

Windows Vista:

This is also encrypting but with password.

- Locate the folder you want to encrypt.

- Right-click on the folder's icon. Select the "General" tab and then "Advanced."

- Place a check in the check box next to "Encrypt contents to secure data."

Important: Backup your encryption certificate and key onto a CD or memory stick. You cannot open your encrypted folders without it.

Windows 7:

Note: Works same way as Windows vista but if you want to try using batch file read this:

This isn't really secure if someone who might want to see your folder knows batch-language, since he/she can look password by editing that batch file.


- Make a new txt document and paste this in it:

You must reply to this thread to see the hidden content/share.

- Save the file as name.bat
Double click .bat file and it makes you a new folder called Private ( or something else if you changed it ).
- Put everything you wish to hide into that folder
- Double click .bat file and it asks you do you want to lock it, if you didn't change the options, Y = yes, N = no
- Write Y, and folder is hidden and locked
- To unlock the folder double click the .bat file and type your password

Important: Don't delete your .bat file without unlocking the folder first, you would need to search it from harder way to find it again !

Now for the meanings of the colors:

This means you can change it what ever you want.
This is the password that you want to change to what you want.
This means the message is important

If you want to download softwares for this heres a few links :

- WinGuardPro
- Folder-Lock
- Winrar and 7-Zip and pack the folder and put password in it
- Truecrypt protects anything
- Mvoyager ( password protect a DVD )

How to remove a Infection

NOTE: All example directories used in this tutorial are from Windows 7, so if you have an earlier version of Windows you may have a different file path to the ones used in this tutorial. In this event, please use http://www.google.com to find the file path for your Operating System.

Table of Contents~

• How to check yourself for common infections.
• What safety cautions to take if an infection is found.
• What do I do if I think I'm infected?
• What NOT to do.
• Some important things you should know about computer security.
• My recommendations on security software.
• Conclusion.
  

--

How to Check Yourself For Common Infections

A)
Understanding the infection

The first thing you must understand is how viruses, trojans, adware, worms, etc. work. Generally, when you run a infected file, the first thing it will tend to do is create and drop other infected files in locations, such as:

• Temp folder: C:\Users\%USERPROFILE%\AppData\Local\Temp
• Windows folder: C:\Windows
• Drivers folder: C:\Windows\System32\Drivers
  

And more, these are just common directories but they can be custom (like for example, a Cybergate RAT infection may drop a file in the C:\Windows\System32\Adobe folder, as RAT's and other infections can drop files in custom directories).

This does NOT mean however that you should go deleting everything in those folders, no never EVER EVERRR delete files unless you're SURE they are malicious. Deleting a windows system file could and will likely result in a computer that doesn't even boot up or work properly.

Next, the infected file will attempt to execute the new file(s) it has dropped, these files generally create registry keys. Understanding the registry is a must when it comes to knowing how computers and infections work.

For instance, if a file wants to be ran for all users when your computer starts, it will create a registry key in the following registry directory:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

This means when any user starts the computer up and logs in, any file listed in this registry directory will be ran. However, in this registry (it looks similar but make note of the first folder it's in):

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

All files here only execute on startup for the currently signed in user, not any other users on the computer. So when checking your startup files, don't forget to check BOTH registries.

To get to the registry editor/explorer, please do the following:

Press the Windows key (next to the left alt) + R to bring up Run > type in "regedit" and hit enter.

NOTE: Again, please for the love of God don't go deleting registry keys unless you're absolutely certain without a shadow of a doubt that it's connected to a malicious file. Deleting legit and protected registry keys can result in having to re-install your operating system. Please always make backups before working in regedit, to make a backup follow these steps:

To make a backup of the registry:

• In regedit, click 'File' > 'Export'.
• Navigate to a suitable folder, MAKE sure 'All' is checked down the bottom left.
• Name it 'backup of registry.reg' and hit Save.
  

Lastly, files can do other things like inject themselves in to legit processes (which must run all the time) such as explorer.exe; or access your keyboard/disable your antivirus/alter your hosts file etc.

But we don't have time to get in to that. I just want to help you understand that infections usually spread, create registry keys, alter your system etc. and require a lot more than simply deleting one file. It's rare that an infection consists of just one file.

==
B)
So what signs should I look for?

If experiencing any of the following symptoms, you should assume you're infected:

• You cannot access specific websites, like antivirus websites, paypal, gaming sites etc.
• Antivirus is disabled, but not by you; or keeps warning you of attacks/infection.
• You're getting weird popups like "Server.exe has stopped working, press end to end the program".
• Fake antivirus scans keep popping up saying you're infected, prompting you to buy anti-virus software.
• Your online accounts are compromised/hacked.
• Your webcam turns on by itself, your mouse clicks by itself etc.
• Porn/advertisement websites pop up by themselves.
• You're seeing weird files pop up everywhere.
• Control panel, task manager, command prompt or regedit are disabled, and not by you.
• Your home page changes and you can't change it back.
  

If you notice any of these, or anything else suspicious, it may be cause for alarm.

--

What safety cautions to take if an infection is found

If you believe you have an infection, I'm afraid I have bad news.

Your personal information, details, passwords and banking credentials may be at risk.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation as soon as possible.

If you do not have access to a known clean computer, you will still need to change your passwords, and all other sensitive information, but only once your system is deemed clean.

--

What do I do if I think I'm infected?

First of all, if you have an antivirus, make sure it's up-to-date and then run a full system scan. Remove anything it finds. Next you could run these scans and remove anything they find:

MalwareBytes Anti-Malware 

Please download Malwarebytes' AntiMalware.

Double click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform Quick Scan, then click Scan.
  The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.

SuperAntiSpyware 

Download SuperAntiSpyware

• Load SuperAntiSpyware and click the Check for updates button.
• Once the update is finished click the Scan your computer button.
• Check Perform Complete Scan and then next.
• SuperAntiSpyware will now scan your computer and when its finished it will list all the infections it has found.
• Make sure that they all have a check next to them and press next.
• Click finish and you will be taken back to the main interface.
  

ESET Online Security Scanner 

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.

• Tick the box next to Yes, I accept the Terms of Use.
• Click Start
• When asked, allow the ActiveX control to install
• Click Start
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
• Click Scan
  Wait for the scan to finish. Remove anything it finds.

Combofix (DO NOT use this unless you have no choice and are at least moderately educated with computers) 

Please download Combofix from one of the following locations:

LINK 1
LINK 2

**IMPORTANT! Save Combofix to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, 
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If you used Combofix, please follow these instructions to remove it as it's a dangerous tool in the hands of a novice (Click to Hide)

• Click START then RUN
• Now type Combofix /u in the runbox and click OK

If running these don't completely solve your issues, the infection is either FUD (Fully UnDetectable) or too deep for your level of skill; in this case you should let a more experienced user have a look.

--

What NOT to do

This applies to anybody who has no experience removing viruses. Even if you're well versed in computing, you should be careful. It's always better safe than sorry.

First of all, DO NOT delete files, folders, registry keys, anything; until you're positive what you're deleting is malicious. How do you do that? Well here's some easy things to try:

• Search the file's name here, here, here, or here.
• If it's a process, search it here: http://www.processlibrary.com/directory/?files=
• Google it: http://www.google.com
• Upload the file to http://www.virustotal.com, http://www.threatexpert.com, or http://anubis.iseclab.org/?action=home
• Use a Virtual Machine to run the file in it and check out what it does
  

Secondly, if any pop ups come up saying you're infected and asking you to buy software to remove the infection, IGNORE THEM and DO NOT buy it. It's completely FAKE.

Instead, you likely have a Smitfraud infection so follow the steps in the spoiler.

Smitfraud fix instructions (Click to View)

Now, lastly, you're probably going to be on the lookout for tools/antiviruses that will help you remove the infection. But the reality is most of these tools are designed for experts and shouldn't be messed around with; because you'll probably end up having to re-install your operating system. Also, there's always the chance it's fake and actually infects you.

It's best you use the scans/tools I provided earlier on. Or seek help from an expert.

--

Some important things you should know about computer security

Here's some facts I think you should know:

• Most infections do not damage your computer, rather they use it to advertise/steal information/attack websites/spread the infection.
• A trojan is a file that attempts to appear like a legit Windows Process, but really is malicious.
• A rootkit/RAT/infostealer/keylogger are all spyware which are capable of capturing screenshots, webcam, keystrokes, saved passwords and gain access to files.
• Infections can use your hosts file, and DNS name servers to make it so visiting certain sites redirects you elsewhere (like from google to a bad site).
• Never fix a winsock line in HJT, as it can damage your internet connection.
• Only O2, O3, and O9 lines in HJT are definitely missing when it says (file missing), the rest can glitch.
• Deleting a registry key will NOT delete the file it's associated with.
• Capitalisation in file names or directories makes no difference in Windows.
• If an infection is FUD, scanning will make no difference. Only analysing the computer can help you now.
• More than one antivirus/firewall causes conflictions and can do more harm than good. Stick to just one.
  

--

My recommendations on security software

For good protection, I would advise you have each of the following:

1. Antivirus
2. Firewall
3. Antimalware
4. Antispyware

One of each will be a good amount without the risk of conflicts, as two or more AV's can conflict and do more harm than good. The following products I would advise to ANYBODY, but please use no more than one AV and firewall at a time:

Antiviruses:

• NOD32 (this one is free to try for 30 days but costs $40 US to buy).
• Avast! Home Edition (free).
• Avira Antivir (free).
• AVG Free (free).
  

Firewalls:

• Tallemu Online Armor (also free for 30 days but costs money for full version).
• Comodo (free).
• Zone Alarm (free).
  

Anti-malware programs (for scans only, no real-time protection):

• MalwareBytes AntiMalware.
• That's really only the best one but you can use online scans like ESET and Kaspersky.
  

Anti-Spyware programs:

• SuperAntiSpyware.
• Spybot Search & Destroy.
  

Other:

• Ad-aware (free anti-adware).
• Winpatrol (free program that monitors suspicious changes to your critial system resources, recommended by me)..
• CCleaner (run this often to clean your registry and other temporary files etc. Is free.).
• KeyScrambler (ultimate protection against keyloggers, costs money).
  

Credits to: N3w_2_H@Ck1n™
But remember, your best defense is simply being careful.

--

Conclusion

So in the end, the bottom line is unless you've had months of training, it's highly recommended you only use scans and the such to remove malware. Because any manual tools are almost always very dangerous for novices.

Also, remember, just deleting one file or registry key won't remove an infection.

How to make a Virtual Machine Box

What is VM Box?
VM Box is a Virtual Machine and it is basically another PC inside your own PC.
What's the use of it?
The use of a VM is so you can test if files are safe and not infected by a virus. You can also use them to see if your infected server works and you may not of wanted to test it on your own PC.
Anyway, Let the tutorial BEGIN!
Step 1) Go onto VM Box's Website which can be found Here
Step 2) Go down on the left hand side and select 'Downloads'

Step 3) Now select what operating system you are on and download it.

Step 4) Go ahead and download the VM Box file, Then drop it on your desktop.
Step 5) Setup everything and you should get this screen

Step 6) Now we need to obtain an Operating System. Let's put windows 7 on the VM, Be aware that a OS will be around 3GB+. The download for this Windows 7 And more is Here.
Step 7) Ok, We're almost there! Now select 'New' Then hit on 'Next'

Step 8) Now select name for your VM and select your OS Platform and whatever version of it you downloaded. Because I've downloaded Windows 7 for my VM Box, Im going to select that.

Step 9) Now you get a screen like this

Select / Drag how much RAM you want to be used up when running your VM, Im going to use 3GB or Ram because that's half of my laptop's ram.
Step 10) Now put the same options as here

Ignore the 'Use Existing Hard Drive' That was from my old VM.
Step 11) Select the first option on here then select 'Next'

Step 12) Now, This bit is up to you, You can either have Fixed Storage (Where you set an amount of GB you want to use on the VM) Or you can select Dynamic Storage (Where if the VM's HDD gets full, It creates more space) But for this tutorial, Im going to be using Dynamic Storage.

Step 13) Now find a place where you want everything for the VM to be stored, I suggest making a new folder.

Step 14) Now select the amount of space you want to be used up by your VM, Recommended is 25GB but you can ofcourse change it.

Step 15) Now select 'Next' and then 'Create'
Step 16) Now, Click on 'Start' then click 'Ok' For the options that come up.

Step 17) Now click on 'Next' when a first run wizard appears.
Step 18) Now you will see this

Where is says 'Host Drive D:' Click this

Step 19) Locate your .iso and select 'Next' then 'Start'
Step 20) You have succesfully setup your VM, Enjoy.

How To Remove Spyware

How To Remove Spyware

There are several ways to remove spyware from your computer. If you have knowledge of viruses, then you can easily understand most of these methods and how they are potentially beneficial to you.

Spyware can be detected in many of the same ways as a virus can. A scan of your computer can relieve many types of spyware and adware and help you to safely remove them from your computer.

The worst case scenario for the computer user that has a large amount of spyware and adware on their computer is to have to have their computer’s system reinstalled. In this case, it will take professional help, in many cases, to back up the data on the computer and then to fully reinstall the operating system for the unit.

But, that’s not the normal case and it’s not the first step for you to take, either. There are several other things that you should do first. There is much help out there but it takes a bit more help and knowledge to get you to the point of knowing what program is a potential benefit and which is likely not to be.

It's Gotten Bad

It’s important to realize that spyware is no longer something that happens to the other guy. You have to consider this a strong risk as you would a virus. You don’t have to make a mistake in downloading it to your computer to be a victim to it. It can just happen.

In that, there are countless products on the market that claim to be able to provide you with the very best resource for removing spyware and adware from your computer. Some are very much capable while others can even be spyware programs lurking themselves.

It will cost you. If you have no spyware protection on your computer right now, you’ll need to invest in it. That could be a decent amount of money to start with. But, if you let it go and have to have your computer’s operating system fully reinstalled, that will cost you even more.

Therefore, it makes sense to make decisions now to improve your system.

Three Steps To Removing Spyware

There are three main steps that you will have to fully understand to keep spyware and adware at bay. Without one of these components, you are at a potential risk for allowing it into your computer.

Step 1: Anti Spyware Programs

These programs provide you with the ability to clean up your system. They work much like a virus program in that they will remove anything hidden on your computer that could potentially be risky for you.

They also provide protection such as a firewall that will help to prevent further infestations of spyware on your computer after it has been successfully removed.

Step 2: Beware Of What’s Out There

You need to know which programs have the most potential for hurting you. There are many programs that are commonly used and have spyware or adware lurking in them. We’ll show you which ones are potential risky investments.

Step 3: Be Secure

There are specific security measures that you must put in place to provide protection against future invasions of spyware. These methods will offer you a strong protection against making mistakes or even allowing holes in your security system to put you at risk.

By explaining to you what options you have, you’ll have the ability to make the right decision about the right protection for spyware and adware for you.

There is no doubt that you should be careful when you aer online to avoid potentially problematic spyware or adware situations. Nevertheless, it will be very difficult to protect yourself 100% of the time. Yet, with a few simple measures, you can find be vigilant in defying the odds against spyware.

Finally, it is important to make mention of the fact that any type of education that you receive on spyware and adware should be communicated to the whole family, or at least anyone that uses your computer. Children can often be targets of spyware and adware. Remember that all it takes is a click of the mouse to download it.

How to Avoid JDB's

Steps To Avoid Infection:

1]Update Java.

Update Java to the latest version as most of the vulnerabilities in the previous versions are fixed in the new release.


2]Use Recognized Browser.

Use those Internet Browsers which has Branded Value Like:

• Mozilla Firefox.
• Google Chrome.
• Internet Explorer.
• Opera.
• Safari.

3]Turn-OFF Java:

I know this can be a disaster since you wont be able to enjoy the internet to full,but to be 100% safe you can use this method.

4]Don’t Trust Obscure Links.

5]Use Sandbox To Browse.

Passwords - How to keep yourself secure

1. Types of Passwords

There are three main types of passwords.


1.1 Strings of Character

At the most basic level, passwords are stings of characters, numbers and symbols. Access to a keyboard or keypad allows entry of these types of passwords. These passwords range from the simplest – such as the three digit codes used on some garage door openers – to the more complicated combinations of characters, numbers and symbols that are recommended for protecting highly confidential information.


1.2 Strings of Characters plus a token

The next level in passwords is to require a string of characters, numbers and symbols plus a token of some type. An example of this is the ATM, which requires a card - the token - plus a personal identification number or PIN. This is considered more secure, because if you lack either item, you are denied access.


1.3 Biometric Passwords

The third level in passwords is the biometric password. This is the use of non-reproducible biological features, such as fingerprints or facial features to allow access. An example of this is the retinal scan, in which the retina – which is the interior surface of the back of the eye – is photographed. The retina contains a unique pattern of blood vessels that are easily seen and this pattern is compared to a reference. Biometric passwords are the most sophisticated and are considered 'safer' but in reality a password that you 'carry' in your finger or eye is no safer than a strong password that you carry in your head, provided that the software that uses the password is correctly configured.

2. History of Passwords

Trivia in Password History:

In older versions of MS Excel and Word, passwords were stored as plain text in the document header information. View the header and you could read the password. This is valid for all versions older than Office 2000.

Windows once stored passwords as plain text in a hidden file. Forget your password? You could just delete the hidden file, and the password was erased.

Early on, Microsoft and Adobe both used passwords to mean that a file was password protected when opened with their applications. If you opened it with another application, such as Notepad, the password wasn't necessary.

Microsoft Access 2.0 databases could be opened as a text file easily by just renaming them with a “.txt” extension. Doing this allowed you to see the database data.

Adobe PDF files in versions 4.0 and older were printable and often viewable using Linux PDF
readers or Ghostview for Windows.

Wireless networks have a problem with encryption as the key for the encryption can be guessed once you collect enough encrypted data out of the air to find the patterns and guess the keys. With todays computing power in the normal home, the key can be cracked almost immediately to find the password.

Bluetooth security is considered very secure, once it is setup. The problem is that bluetooth transmits a unique, freshly generated, password between the devices to establish the connection and the password is sent as plain text. If that password is intercepted, all future transmissions for that session can be easily decoded.


Exercise:

Download a PDF file off the Internet and try opening it with other programs. How is the data viewable?

3. Build a Strong Password

The best passwords:
✔ cannot be found in a dictionary
✔ contain numbers, letters and those odd swear symbols on top of the numbers
✔ contain upper and lower case letters
✔ the longer the “stronger”

With a 2 letter password, and 26 letters in the alphabet, plus 10 numbers (ignoring symbols), there are 236 possible combinations (687,000,000 possibilities). Increase the password length to
8 characters, and there are 836 combinations (324,000,000,000,000,000,000,000,000,000,000 possibilities).

There are many password generators available on the internet, but these will generate a nearly impossible to remember password.

Try instead to use a seemingly random string of letters or numbers that you can easily recall. For example:
gandt3b! (goldilocks and the 3 bears!)

JJPL2c1d (john, jill, paul, lucy, 2 cats, 1 dog – the members of your household)


Exercises:

1. Create a strong password, that you could remember that scores well at the following web page: http://www.securitystats.com/tools/password.php

2. Look at the Web pages for three different banks and find out what type of password is needed to allow an account holder to access restricted information. Do the banks also offer recommendations that would lead users to create strong passwords?

4. Password Encryption

People don't usually discuss password encryption, because there seems to be no options to discuss – passwords are, by definition, encrypted. While this is usually true, encryption is not a simple yes or no proposition. The effectiveness of encryption, usually described as its strength, ranges from very weak to extremely robust.

At its weakest, we have passwords that have been simply encoded. This produces a password that is not readable directly, but, given the key, we could easily translate it using a computer, pen and paper, or a plastic decoder ring from a cereal box. An example of this is the ROT13 cypher. ROT13 replaces every letter in a text with the letter that is 13 places away from it in the alphabet. For example 'ABC' becomes 'NOP'.

Even when using algorithms that can more accurately be called encryption, the encryption is weak, if the key used to generate it is weak. Using ROT13 as an example, if you consider the 13 place differential to be the key, then ROT13 has an extremely weak key. ROT13 can be strengthened by using a different key. You could use ROT10, replacing each letter with the one ten places forward, or you could use ROT-2, replacing each letter with the one two places before it. You could strengthen it even more, by varying the differential, such as ROTpi, where the first letter is shifted 3 places; the second, 1 place; the third, 4 places; the fourth, 1 place; and so on, using pi (3.14159265...) to provide a constantly varying differential.

Because of these possible variations, when you are encrypting any type of information, you must be sure that you are using a reliable method of encryption and that the key – your contribution to the encryption – will provide you with a robust result.

You must also remember that a good system of encryption is useless without good passwords, just as good passwords are useless without good encryption.


Exercises:

1. Here is a list of fruits encoded using the ROT13 cypher. Try to decode them:

a) nccyr
b) benatr
c) yrzba
d) jngrezryba
e) gbzngb


2. Find a web page that will allow you to decode the ROT13 encoded words automatically.


3. There are many different systems that are called encryption, but the truth is that many of these are simple encoding methods. A true encryption requires a password, called a key, in order to be encoded or decoded. Of the following systems, which ones are true methods of encryption and which ones are simple codes?

a) Twofish
b) MIME
c) RSA
d) CAST
e) AES
f) BASE64
g) IDEA
h) TripleDES
i) ROT13
j) TLS

5.Password Cracking (Password Recovery)

Password cracking for illegal purposes is illegal. But if it is your password, then it's your information. Once you password protect something, and then forget your password, you are stuck. Hence password recovery.

Password cracking consists of a few basic techniques

“Looking around”: passwords are often taped to the bottom of keyboards, under mousepads, posted on personal bulletin boards.

Brute force: just keep trying passwords until one works

Automated dictionary attacks: these programs run through a series of possible dictionary words until one works as a password.

There are many programs available on the web to assist with password recovery on documents. However, newer versions of programs are becoming more and more secure, and therefore, more and more difficult to obtain passwords using the techniques above, or using password recovery software.


Exercise:

Identify three different programs that are used for developing documents (text, spreadsheets, archives) and also allow the use of passwords to limit access to these documents. Next, using the Internet, find instructions on how to recover lost passwords for these files.

6.Protection from Password Cracking

Here are some suggestions on how to keep your passwords from being cracked:

1. Use strong passwords that cannot be determined by a dictionary attack.

2. Don't post your passwords near your computer.

3.Limit wrong attempts to three tries, then lock the account. The password must then be reset. (This does not apply to documents or password protected zip files – they do not have lock out options.)

4.Change passwords regularly.

5. Use a variety of passwords for different computers. Does this mean that you need to create a unique password for everything? Absolutely not. Maintain a master password for things that don't matter to you (perhaps the account you were required to create for TheSIMS.com or for your account on the local newspaper). But use good passwords for anything that actually needs to be secure.


Exercise:

Create passwords and test them at here.

DDoS Attack [how they work]

Welcome to the world of DDoS attacks, I am sure you have seen these, herd of these, experienced these ect. Now I am going to take you into how they work.

First thing we are going to talk about is the "4 layer DDoS attack" which is the most common type of DDoS attack which is when many attackers hit a target at the same time. This is usually done with easy access tools such as the "Low Orbit Ion Cannon" or "Command Prompt"
this is just basically sending thousands of packets per second to a target, and flooding the server until it goes down.
This is a very weak kind of attack if using it by yourself, but with 100's or thousands of people all doing it at the same time it is very effective.


Next type of attack I will be discussing is the "Layer 7 DDoS Attack" this is more advanced, how this works is instead of just constantly sending packets to the server you send it an HTTP get request but if you just send part of it and not the other half, so the server is expecting the other half wich ties up most of the server this is also called the "Slowloris" attack, with this you can freeze a server up very quickly, the most famous person who uses these attacks is th3j35t3r who is said to be able to hold off sites with a 3g cellphone.



List of information on DDoS attacks:
http://www.youtube.com/watch?v=1EAnjZqXK9E
http://infosecisland.com/blogview/10394-...ained.html
http://www.prolexic.com/gad-north-americ...7QodgggAlQ
http://antivirus.about.com/od/whatisavir...ttacks.htm
http://www.youtube.com/watch?v=3bDX7uXm0V0

How to see/remove infections from CyberGate/Darkcomet Rat

how to see and remove infections(manually) from the three most popular RATs out there; Blackshades, Cybergate and Darkcomet. For the sake of this tutorial, I've infected myself
with a couple RATs, to see how it works.
Cybergate
For the RAT called Cybergate, we will be using the following settings:



So lets run the virus!

In the settings, you saw that I highlighted 3 things:
-The HKCU, this means the startup name. So when your slave reboots, the HKCU called (in this case) Windows Firewall will be executed again. This startup will be placed in msconfig. We can check this by going to: run and then open ''msconfig''.



Here we see that there is an unknown startup called Windows Firewall, and it runs svchost.exe on every boot of the computer. So an important tip here is, ALWAYS check your msconfig for unknown startups. What we are going to do now is, disabling the startup. But when we do this, it comes back on! This is the second thing that I highlighted, called:
-Persistence, this is an extra process in your task manager which is called explorer.exe in this case. This process will keep the startup alive, so what we need to do is kill that process! Simply go to task manager, and then search for that process. Be careful with what process you end tho, because people who try to RAT you will always try to make the process look legit as possible.


The one with the less KB is the fake one (The Cybergate one)
So disable this, and now you can remove Windows Firewall from the startup! What also a good tip is, that RATs always use the *32 as default behind the process, so this may also help finding the fake process.
So this was what we all can do about removing Cybergate infections, of course a Virusscanner will also do the same, but crypters bypass virusscanners, so doing this manually is better.

DarkComet
For the RAT Darkcomet, they released a good tool called Darkcomet Remover. You can use this tool to remove infections, download it here:
DarkComet Removal Tool - Download here

But we can also remove infections manually, which is in my opinion better.

The settings we will be using for Darkcomet:


So you see we have added persistence to the RAT, and the startup is called ''Startup Test'' in this case. Now after running the virus, the following appears in our MSCONFIG:


If we try to remove this startup, it will come back. Same story as CyberGate, there is a persistence process active. We must kill this process. The persistence process of Darkcomet is called:
-Msdcsc.exe*32, this process is quite obvious. As description it says: Remote Service Application:


Kill this process, and we can remove the Startup from Msconfig!
Darkcomet activates other processes as well, sometimes. The processes are called:
-hkmcd.exe
-persistence.exe
Kill these processes as well.

Blackshades
We will be using the following settings in the Blackshades RAT:


As you can see in the picture, we will be using a startup called: ''Startup Test BS'' and we have activated ''protect process'' this is in other words persistence.

So lets run the virus and then see what comes up in msconfig and task manager:


Again, we can't disable the startup, because there is another process active that keeps the startup alive. The startup is called smss.exe in this case. So lets end that process:


After ending that process, we can close the startup!

But what if a process can't be killed? This can be caused by many crypters. Some crypters will add persistence to the process, so when you try to kill that process it will say it can't end it!
Some useful tools for removing processes without limitations are:
-AVG PC tuneup 2013, download it here:
AVG PC TuneUP 2013 - Download here
-Unknown Logger Cure, when having the keylogger, you will also get a Unknown Cure, with that tool you can end any process.

So having these tools, just navigate to your process you want to kill, and simply end it!

Types of Malware

Introduction

Malware are programs or parts of programs that have a malicious ( Mal ) or unpleasant
effect on your computer security. This covers many different terms that you may have heard
before, such as Virus, Worm and Trojan and possibly a few that you haven't like
Rootkit, Logicbomb and Spyware. This lesson will introduce, define and explain each of
these subdivisions of malware, will give you examples, and will explain some of the
countermeasures that can be put into place to restrict the problems caused by malware.

Viruses

Viruses or virii are self-replicating pieces of software that attach
themselves to another program, or, in the case of 'macro viruses', to another file. The virus is
only run when the program or the file is run or opened. It is this which differentiates viruses from
worms. If the program or file is not accessed in any way, then the virus will not run and will not
copy itself further. There are a number of types of viruses, although, significantly, the most common form today is
the macro virus, and others, such as the boot sector virus are now only found 'in captivity'.

• Boot Sector Viruses -
  
  The boot sector virus was the first type of virus created. It hides itself in the executable
  code at the beginning of bootable disks. This meant that in order to infect a machine, you
  needed to boot from an infected floppy disk. A long time ago, ( 15 years or so ) booting
  from floppy was a relatively regular occurrence, meaning that such viruses were actually
  quite well spread by the time that people figured out what was happening. This virus ( and
  all other types ) should leave a signature which subsequent infection attempts detect, so
  as not to repeatedly infect the same target. It is this signature that allows other software
  ( such as Anti-Virus-software ) to detect the infection.
  

• The Executable File Virus -
  
  The Executable File virus attaches itself to files, such as .exe or .com files. Some viruses
  would specifically look for programs which were a part of the operating system, and thus
  were most likely to be run each time the computer was turned on, increasing their
  chances of successful propagation. There were a few ways of adding a virus to an
  executable file, some of which worked better than others. The simplest way ( and the least
  subtle ) was to overwrite the first part of the executable file with the virus code. This meant
  that the virus executed, but that the program would subsequently crash, leaving it quite
  obvious that there was an infection – especially if the file was an important system file.
  

• The Terminate and Stay Resident (TSR) Virus -
  
  TSR is a term from DOS where an application would load itself into memory, and then
  remain there in the background, allowing the computer to run as normal in the
  foreground. The more complex of these viruses would intercept system calls that would
  expose them and return false results - others would attach themselves to the 'dir'
  command, and then infect every application in the directory that was listed – a few even
  stopped ( or deleted ) Anti-Virus software installed onto the systems.
  

• The Polymorphic Virus -
  
  Early viruses were easy enough to detect. They had a certain signature to identify them,
  either within themselves as a method to prevent re-infection, or simply that they had a
  specific structure which it was possible to detect. Then along came the polymorphic virus.
  Poly – meaning multiple and morphic – meaning shape. These viruses change themselves
  each time they replicate, rearranging their code, changing encryption and generally
  making themselves look totally different. This created a huge problem, as instantly there
  were much smaller signatures that remained the same – some of the “better” viruses were
  reduced to a detection signature of a few bytes. The problem was increased with the
  release of a number of polymorphic kits into the virus writing community which allowed
  any virus to be recreated as a polymorph.
  

• The Macro Virus -
  
  The Macro Virus makes use of the built-in ability of a number of programs to execute
  code. Programs such as Word and Excel have limited, but very powerful, versions of the
  Visual Basic programming language. This allows for the automation of repetitive tasks, and
  the automatic configuration of specific settings. These macro languages are misused to
  attach viral code to documents which will automatically copy itself on to other
  documents, and propagate. Although Microsoft has turned off the feature by default now
  on new installations, it used to be that Outlook would automatically execute certain code
  attached to e-mails as soon as they were read. This meant that viruses were propagating
  very quickly by sending themselves to all of the e-mail addresses that were stored on the
  infected machine.
  

Worms

A worm is a program that, after it has been started, replicates without any need for
human intervention. It will propagate from host to host, taking advantage of an
unprotected service or services. It will traverse a network without the need for a user to
send an infected file or e-mail. Most of the large incidents in the press recently have been
worms rather than viruses.

Trojans and Spyware

Trojans are pieces of malware which masquerade as something either useful or
desirable in order to get you to run them. At this point they may well do something unpleasant
to your computer such as install a backdoor or rootkit, or - even worse - dial a
premium rate phone number that will cost you money.

Spyware is software that installs itself surreptitiously, often from websites that you might
visit. Once it is installed it will look for information that it considers valuable. This may be usage
statistics regarding your web surfing, or it might be your credit card number. Some pieces of
spyware blow their cover by rather irritatingly popping up advertisements all over your
desktop.

Rootkits and Backdoors

Rootkits and backdoors are pieces of malware that create methods to retain access
to a machine. They could range from the simple ( a program listening on a port ) to the very
complex ( programs which will hide processes in memory, modify log files, and listen to a
port ). Often a backdoor will be as simple as creating an additional user in a password file
which has super-user privileges, in the hope that it will be overlooked. This is because a
backdoor is designed to bypass the system's normal authentication. Both the Sobig and
MyDoom viruses install back doors as part of their payload.

Logicbombs and Timebombs

Logicbombs and Timebombs are programs which have no replication ability and no
ability to create an access method, but are applications or parts of applications that will
cause damage to data should they become active. They can be stand-alone, or part of
worms or viruses. Timebombs are programmed to release their payload at a certain time.
Logicbombs are programmed to release their payload when a certain event occurs.

The idea behind timebombs, however, is also a useful one. Timebomb programming is
used to allow you to download and try a program for a period of time – usually 30 days. At
the end of the trial period, the program ceases to function, unless a registration code is
provided. This is an example of non-malicious timebomb programming.

Conclusion

The information in this thread was received through an E-book I have had on my computer for a while. The E-book is called 'Hacker High school'. If you would like to see what the rest of the E-book has to offer, than feel free to download it below. If you liked this tutorial on malware, than please feel free to let me know below. All comments are appreciated, and I thank you for taking the time to read this!

Link to the E-Book

HOW DO I REMOVE THE VIRUS

WHAT IS IT: The virus is what we call Spyware that will actually tap into your System32 and log everything and anything you do on your PC, stealing critical system information/diagnostics, Email addresses, Passwords, Logins, and much more. The process is called Vcs6Core.exe(.) Vcs6Core.exe file can be used by hackers to compromise your computer. To prevent your computer's security and privacy from any risk, you are recommended to run a scan immediately on your computer to detect any spyware threats.

The Vcs6Core.exe file is a malicious file related to spyware. You can read the following information to learn more about the Vcs6Core.exe file and get detailed approach on how to detect and remove the Vcs6Core.exe file.

HOW DO I REMOVE THE VIRUS? The following tutorial is going to show you how to safely and effectively remove the spyware from your computer manually without virus protection or removal software.

Step 1: Find Vcs6Core.exe Path with Windows File Search Tool

1. Click Start > Search > select All files and folders > type "Vcs6Core.exe" in the "All or part of the file name" section.

2. Go to "Look in" > select "Local Hard Drives" or "My Computer" > click "Search" button > delete the file "Vcs6Core.exe".

You may also stay on the "In Folder" and note down the file path of "Vcs6Core.exe" on your clipboard, as the file path may be needed to delete Vcs6Core.exe in the following manual removal steps.

Step 2: Remove Vcs6Core.exe Processes with Windows Task Manager Press

Press CTRL+ALT+DEL or CTRL+SHIFT+ESC > tab Processes > list of "Image Name" > search "Vcs6Core.exe" process > select "Vcs6Core.exe" process > click "End Process" button.

Step 3: Check for and Delete Other Vcs6Core.exe Files

1. click Start > Run > type in cmd > press "OK" > type in "cd name_of_the_folder" in the emerged window > press Enter button.

2. Type in "dir /a" > press Enter button > find the file you're looking for > type in "del name_of_the_file".

Now that is the end of Phase 1 of the process in completely removing this virus, but there is also some follow up's you have to do in order to keep your PC nice and clean and running smoothly.

The following step involves going into your system Registry editor and removing the Registry entries manually. NOTE: Ace Utilities or any other Registry Clean-up utilities will most likely not remove them completely, so this involves a manual removal.

STEP 1: There are a couple ways to get into your Registry editor, the easiest way is just to open up your Command prompt (Cmd) and type in "regedit" and your registry editor should start running.

STEP 2:
Once you have regedit open you are going to want to do the following: Go to the top of the screen and Click "Edit" and then "Find" button.

All you are going to do is type the name of the virus or spyware which is "Vcs6Core"

This step may take a couple minutes to find depending on how many files are on your PC

STEP 3: Once you have found the file where it says Vcs6Core there should be a couple files in the folder or (Registry Entries) you are going to want to delete all the files that are in that folder.

A message will pop up with a warning, just ignore that and delete anyway. If you are afraid of this messing up your PC, please feel free to backup your Registry files before deleting or possibly create a System Restore point on your PC. I say this because sometimes a virus can spread into regular system32 files and you wouldn't even know it.

This may not apply to everyone, your AV's might have actually done the trick and removed the virus, I was just randomly searching around on my System files because I do a weekly sweep and stumbled upon this little bastard, and I am almost certain that it was in-fact from when "LLoyd" Defaced LF.

The following are some Known registry entries for Vcs6Core

Code:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@^PCMMRealtime
HKEY_CURRENT_USER\Software\PC MightyMax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94D5AF0F-E6EE-4A75-BE31-9C9C9A87AD45}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache "%UserProfile%\Desktop\flash_player_installer\flash_player_installer.exe"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter\"EnabledV8" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\"LowRiskFileTypes" = ".exe"

Removing your Mac of the Flashback Trojan

how to check your mac/remove the Flashback Troja

How you get it:
Basically it is a Java drive by, and usually it pretends to be a new version of flashplayer

What it does:
-Sends screenshots of your personal information to a remote server
-Avoids detection by hiding from your AV
-Then it will eventually download the Malware its self

How many are infected?
Its estimated that 600,000+ machines have been infected

Now to see if you have it is simple
Go to Terminal and enter these in one at a time:

Code:

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

defaults read /Applications/Safari.app/Contents/Info LSEnvironment  //Thats for Safari

defaults read /Applications/Firefox.app/Contents/Info LSEnvironment  //Thats for firefox

defaults read /Applications/Chrome.app/Contents/Info LSEnvironment
//Thats for Chrome

Now if it comes up: "The domain/default pair of (/Applications/Chrome.app/Contents/Info, LSEnvironment) does not exist"
Then you are clear
but if something comes up then you have the Trojan

To remove it, its simple
When these commands are run, make a note of the full file path that is output to the terminal window (it may be paired with the term "DYLD_INSERT_LIBRARIES"). For each of the commands that output a file path (and do not say the domain pair does not exist), copy the full file path section and the run the following command with the file path in place of FILEPATH in the command (copy and paste this command):

Code:

grep -a -o '__ldpath__[ -~]*' FILEPATH

Now you must ocate the files mentioned in the output of the above commands, and delete them. If you cannot locate them in the Finder, then for each first type "sudo rm" in the terminal followed by a single space, and then use your mouse cursor to select the full file path from the first command's output, and use Command-C followed by Command-V to copy and paste it back into the Terminal. Then press Enter to execute the command and remove this file.

Now you have more commands to run but then you will be safe!

Code:

sudo defaults delete /Applications/Safari.app/Contents/Info LSEnvironment

sudo chmod 644 /Applications/Safari.app/Contents/Info.plist

sudo defaults delete /Applications/Firefox.app/Contents/Info LSEnvironment

sudo chmod 644 /Applications/Firefox.app/Contents/Info.plist

defaults delete ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

launchctl unsetenv DYLD_INSERT_LIBRARIES

There you go your directories are back to default and you no longer have a trojan!

How to secure your Router

How to secure your Router

Before we start
THIS it NOT a way to secure your router:

---

Change the default password
Your router should ALWAYS have changed the password, a default password can cause you big troubles!

This is not a good password: abc123
But this is a good password: I2tX3ZPz2hMszg

If you don't know what you wanna change your password to, there is a great generator HERE

---

Disable Remote Management
"Remote Management" is a feature where your router can be administered remotely. In other words, it does so you can control your router anywhere on the internet.

While this setting (coupled with a very strong password) might make sense for a handful of people, for most folks there's absolutely no need to administer the router from anywhere but the local machines connected to it.
Make sure that remote management setting is off.

---

Turn off Logging

Ok, you just need to make sure its off, most routers dosen't even have this feature, and them who has it likely have it off by default.

Disable the logging, and no information will be kept on the router, or sent to any other machine.

---

Turn off Universal Plug and Play

Universal Plug and Play (Known as UPnP), is a technology tat alows software running on your machine to perform serices like port forwarding without your having to go in and configure the router manually.

It turns out that malware can also be UPnP aware, and can make all sorts of malicious changes to your router without your being involved or aware.

(Just so you know: UPnP is NOT releated to "Windows Plug and Play" hardware detection, it's just have a similar name)

---

Add a WPA Key

It's time for another password, this time to secure and encrypt your wireless connection.

First: Use WPA, preferably WPA2. DON'T use WEP. WEP encryption turns out to be easily crackable.

Second: Select a good, secure key/password, whatever you call it. Just use the same password generator as before which can be found HERE

Having a strong WPA password ensures that only machines you allow on your network an see your network, your traffic, and your router.

---

Don't Forget The Physical

All of your routers security settings can be reset in a flash if someone has physical access to the device. Almost all routers have a "reset to factory defaults" mechanism - typically by holding a reset button for a certain amount of time. If someone can walk up to your router and do that, then all the security settings you've just enabled may be instantly erased.

Only you can judge whether or not you need this extra level of physical security, but make sure to consider it.

---

Written by Arcus