Wednesday, 5 February 2014

Remediate VBS malware



I have developed a small tool that will aid you to remove VBS malware (and unhide your files) from a machine, external drive (USB eg.) or in a network. I created the tool some months ago when I saw quite a lot of these doing the rounds.

The tool is simple and pretty much self-explanatory:


Remediate VBS Worm 8.0.0
















Instructions on using Rem-VBSworm

You should run the script in the following sequence, at least on a normal machine:
Plug in your infected USB (if any) and choose A (wait), then B (wait) and afterwards C.
After these steps, perform a full scan with your installed antivirus product or perform an online scan.

Instructions in other languages are also available, namely Dutch, French, German and Polish:
Security Tool Spotlight: Rem-VBSworm (Deutsch)
Remediate VBS Worm (français)
VBS malware verwijderen (Nederlands)
Infekcje z mediów przenośnych (Polski)

Some tips and tricks:


  • Using option A, the tool will attempt to clean the infection. It will also fix any registry changes made by the malware. (for example it will re-enable Task Manager should it be disabled).
  • ! When you use option B, be sure to type only the letter of your USB drive!
    So if you have a USB drive named G:\, you should only type G
    This option will eradicate any related malware on the USB drive, as well as unhide your files (make them visible again).
  • With option C you can download Panda USB Vaccine to prevent any other autorun malware entering your computer.
  • With option D you have the possibility to disable or re-enable the Windows Script Host (WSH), to prevent any malware abusing it. 
  • I advise to end the script with Q as to ensure proper logfile closing. A logfile will open automatically, but is also created by default on the C:\ drive. (C:\Rem-VBS.log)
  • When the tool is running, do not use the machine for anything else.
    (it takes about 30 seconds to run)
  • If VBS malware is found, it will be automatically removed and a copy will be placed at C:\Rem-VBSqt.
  • Accidentally used an option and want to exit the script? Use CTRL + C to stop it.


You can use this to remedy the following malware:

  • Bladabindi‬
  • Excedow
  • Jenxcus
  • Houdini/Dinihu
  • Autorun worms
  • Any other VBS (VBScript) or VBE malware
  • Any other malware that abuses the WSH (Windows Script Host)


Download

Download on BleepingComputer:
Rem-VBSworm 8.0.0 Download






File integrity check:

MD5: 4c37021f17e02fb9fdb7db3287906bd5
SHA1: 7fef4a43f70262710127051778e0a50ec7a94e64

Mirror:
Rem-VBSworm (ZIP file)



Changelog:

07/06/2016 - version 8.0.0:
FIXED: issue when executing from drive other than system drive (option A)
IMPROVED: detection of malicious scheduled tasks (option A)
IMPROVED: detection of certain autorun/VBS worms


11/03/2016 - version 7.0.0:
ADDED: detection of malicious scheduled tasks (option A)
ADDED: malware detected on USB now copied to quarantine (option B)
ADDED: usage information on top of the tool
FIXED: issue launching download of Panda USB Vaccine (option C)
IMPROVED: autorun.inf vaccination on NTFS formatted drives (option B)
IMPROVED: error handling
IMPROVED: log output (should be final now)

23/12/2015 - version 6.0.0:
ADDED: logging of USB device ID
CHANGED: Panda USB vaccine download (now on BleepingComputer)
IMPROVED: log output is now completely streamlined and cleaned
IMPROVED: disabling of WSH on Windows XP (option D)
IMPROVED: scanning time (option A)
IMPROVED: detection of certain autorun/VBS worms

21/10/2015 - version 5.0.0:
ADDED: logging of installed antivirus
ADDED: detection of malicious shortcut links in startup folders
ADDED: malicious VBS files now automatically copied to quarantine for research purposes (on C:\Rem-VBSqt)
IMPROVED: handling of files, resulting in a false positive rate of almost zero
IMPROVED: detection of certain malware variants using autorun to spread or hide files
(Fanny worm, Andromeda/Gamarue malware)
IMPROVED: minor code cleanup, minor log output cleanup - greater visibility

21/04/2015 - version 4.0.0.:
ADDED: removal of AutoIT autorun worms
ADDED: version number (in main window and log)
ADDED: option D will now allow you to disable or re-enable the WSH
FIXED: false negative
IMPROVED: option B will now detect if you try to execute on system drive
IMPROVED: log output is cleaned and more streamlined

03/03/2015  - versio 3.0.0.:
ADDED: more information about attached drives & system
ADDED: root contents of removable drive will now be listed
FIXED: false positive
IMPROVED: general improvements

23/04/2014 - version 2.0.0:
First public version
ADDED: detections & disinfections will now be logged
ADDED: all attached drives are now listed
FIXED: False positive on unrelated files
FIXED: Issue with Read-Only files
IMPROVED: Registry fixes
IMPROVED: Scanning time
IMPROVED: Disinfection mechanism for USB-drives

10/12/2013 - version 1.0.0:
Private use only
CREATION



Conclusion

In regards to autorun worms, you should follow these precautions:

  • Install all your Windows Updates.
  • Disable autorun. This should already be done by Windows Update, but if not you can use:
    • Panda USB Vaccine, download from CNET
    • Follow the steps in this Microsoft article (also for companies)
  • Don't simply insert a USB-drive in your machine without knowing who it is from. Found a USB-drive at your parking lot? Yeah, don't even think about it. You might want to read:
    Criminals push malware by 'losing' USB sticks in parking lots
  • You can install and run Script Defender along your antivirus/antimalware product:
    Script Defender by AnalogX
    This will effectively block the execution of malicious scripts like VBS, VBE, HTA, ...
  • If you aren't planning on ever using VBscripts at all, or you are not working on a company laptop (which may use scripts!), you can also simply disable the Windows Script Host. You can use option D in my tool.
  • For companies, take a look at this as well:
    Command line process auditing
  • Last but not least, install an Antivirus and update it regularly.

By at No comments:
Labels:forex, iqoption, pubg Hacked , , , , , , , , , , , , , , ,

KeeperRL and OpenIG

Two interesting projects I recently came across:

1. KeeperRL:



Description from the author:

KeeperRL is a Dungeon Keeper and Dwarf Fortress inspired dungeon simulator built on top of roguelike mechanics. My vision is that you are a Sauron-like character, searching for ultimate knowledge of destruction. What makes the game different from other RTS is that you can, and are encouraged to, control your main character and lead your minions to an open war. The characters use equipment, scrolls, potions, spells, and other things you would expect in a roguelike. Combat is turn-based and very tactical. The whole world is procedurally generated, and there is adventure mode too.
See a video of the (still in ASCII graphics) action here and the GPL licensed code here. Latest development release can be downloaded here (Win&Linux).

2. OpenIG:



A real classic is being reimplemented as OpenIG (follow the development blog here). Interestingly the original developers have granted the rights to all the game's data to be freely (as in beer I assume) distributed with the new Java based engine.
Time to jump into the 4X games again ;)

By at No comments:
Labels:forex, iqoption, pubg Hacked , ,

Tuesday, 4 February 2014

AUD/USD 4th February 2014 Monthly Report

AUD/USD Primary & Monthly cycles

1st Quarter Support @ 87.01 and expectation it is rising back towards the 50% levels...

That means a swing as high as .9335 by the end of MARCH or sooner, and then a continuation up towards .9440 sometime in the 2nd Quarter.

Or....

A slow rise up into the end of March, and then a continuation down from around .9092 & down into the 2014 lows .8560, as part of the Primary break & extend pattern


By at No comments:

Monday, 3 February 2014

DevCorner: Multiple new platforms for Torque2D MIT

I tend to focus a bit on the 3D side of things, but the recently open-sourced Torque2D (note the "2") engine is pretty cool too:



And in fact it got a whole lot better in the last couple of weeks with it being ported to Linux, Android and your browser (through Mozilla's emscripten).

So if you are thinking about developing an open-source 2D game targeting multiple platforms, Torque2D has just became a serious contender.
By at No comments:
Labels:forex, iqoption, pubg Hacked , , , ,

Sunday, 2 February 2014

How to Increase Thumbnail Resolution on Blogger

When we add a widget on Blogger, the thumbnails will maintain a default size of 72 x 72px which might not look good if we try to make them larger using only CSS. However, with a bit of JavaScript we'll be able to replace the thumbnail with the same image of higher resolution and this way, larger images will no longer appear blurry.

So this tutorial will show you how to increase the thumbnail resolution size of the popular posts Blogger widget, even though we can apply this trick on any of the blog widgets.


Changing the Thumbnail Size for the Popular Posts Widget

Step 1. First, let's add the Popular posts gadget by going to "Layout" > click on the "Add a gadget" link and select "Popular Posts" from the popup window.

adding popular posts gadget

Step 2. Next, go to "Template" > click on the "Edit HTML" button > click anywhere inside the code area to open the Blogger search box using the CTRL + F keys.

edit blogger template html

Step 3. Type or paste the following tag inside the search box then hit Enter to find it:
</head>
After you found the </head> tag, add this CSS above it:
<style type='text/css'>
.PopularPosts .item-thumbnail a {
clip: auto;
display: block;
height: 130px;
margin: 0 0px 5px;
overflow: hidden;
width: 210px;
border: 2px solid #EEEEEE;
border-radius: 20px;
}
.PopularPosts .item-thumbnail img {
position: relative;
top: -30px;
transition:all .2s linear;
 -o-transition:all .5s linear;
-moz-transition:all .2s linear;
-webkit-transition:all .2s linear;
}
.PopularPosts .item-thumbnail img:hover{
opacity:.6;
filter:alpha(opacity=60)
}
.PopularPosts .widget-content ul li {
background: #F9F9F9;
border: 2px solid #EEEEEE;
border-radius: 10px;
box-shadow: 0 4px 10px #EEEEEE;
color: #555555;
padding: 10px;
margin-bottom: 5px;
}
.PopularPosts .item-title {
clear: both
font: 14px Cambria,Georgia, sans-serif;
color: #2288BB;
font-weight: bold;
text-transform: uppercase;
text-align: center;
}
.PopularPosts .item-snippet {
display: none;
}
.widget .widget-item-control a img {
height: 18px;
width: 18px;
}
</style>
Step 4. Now search for this tag:
</body>
And just above it, add this script:
<script type='text/javascript'>                  
function changeThumbSize(id,size){
var blogGadget = document.getElementById(id);
var replacement = blogGadget.innerHTML;
blogGadget.innerHTML = replacement.replace(/w72-h72-p-k-no-nu/g,"s"+size+"-c");
var thumbnails = blogGadget.getElementsByTagName("img");
for(var i=0;i&lt;thumbnails.length;i++){
thumbnails[i].width = size;
thumbnails[i].height = size;
}
}
changeThumbSize("PopularPosts1",210);                  
</script>
Highlighted in red is the widget ID for the Popular Posts gadget. To change the thumbnail size for any of your blog widgets, find the gadget/widget ID and then add a line below this part:
changeThumbSize("PopularPosts1",210);
changeThumbSize("widget-ID-HERE",210);
Then replace widget-ID-HERE text with the ID of that widget/gadget.

Note: you won't see the changes if the widget has a class selector - for this you may need to change class with id and replace the dot ".>" symbol with "#" in the CSS code.

If you don't know how to find the id of a particular widget, please check out this tutorial on How to Use Firebug to Design a Blogger blog.

Step 5. Finally, press the "Save Template" to save the changes and this is how you can increase thumbnail resolution on Blogger. Enjoy!
By at No comments:
Labels:forex, iqoption, pubg Hacked , , , , ,
Subscribe to: Posts (Atom)