Registry is a collection of data from the windows that are used to adjust the way the Windows operating system. To make changes to the program using the Windows regedit. How RUN and type regedit.
6 will be visible root keys that have a different task each keys.
sixth root keys are:
1. HKEY_CLASSES_ROOT: The part that handles all types of files in the Windows software and save the settings
2. HKEY_USER: Section handles all the information the user is active and handle the settings control panel in Windows operating systems
3. HKEY_CURRENT_USER: The one that handles user information on the active windows operating system.
4. HKEY_LOCAL_MACHINE: The part that contains information about the hardware used on the computer.
5. HKEY_CURRENT_CONFIG: Works to record the configuration of the system.
to shorten the time, we immediately practical, but I should before we backup computer registry, we were leaving, if there are errors, we just need to be afraid.
By the way, select the file menu select export "but then select the location of storage.
So let's start now lead - change our computer system registry. I fear we will do one because we have a back up system we call the original (before diutak - atik).
Let's wrong, I read the new step try:
1. Hide Drive on the explorer
Key "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer" or can be
Key "HKEY_USERS \ S-1-5-21-776561741-823518204-725345543-1004 \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer"
Value "NoDrives"
Data type "DWORD"
Data Value 1 = Create Hide A Drive
Value Data 4 = Create Hide Drive C
Value Data 8 = Create Hide Drive D
Value Data 16 = Create Hide Drive E
Value Data 29 = Create Hide Drive A, C, D, E (1 4 8 16)
Value Data 32 = Create Hide Drive M
Value Data 140 = Create Hide Drive G
Value Data 180 = Create Hide Drive H
I'm like hide drive
eg: A Drive, Drive C
Value of Value of data so that filled in regedit = Value Value Value Value Data A Data C
= 1 4
= 5
But I can make is that all the contents of the drive-ga His Kliatan (he. .. he ...^_^)
2. Disable access to the drive
Key "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer" or can be
key "HKEY_USERS \ S-1-5-21-776561741-823518204-725345543-1004 \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer"
Value "NoViewOnDrive"
Data type "DWORD"
Data Value 1 = Create Hide A Drive
Value Data 4 = Create Hide Drive C
Value Data 8 = Create Hide Drive D
Value Data 16 = Create Hide Drive E
Value Data 29 = Create Hide Drive A, C, D, E (1 4 8 16)
Value Data 32 = Create Hide Drive M
Value Data 140 = Create Hide Drive G
Value Data 180 = Create Hide Drive H
I'm like hide drive
The Drive D, E Drive
Value of Value of data so that filled in regedit = Value Value Value Value Data D Data E
= 8 16
= 24
Now the Add and Remove Programs Control Panel &
Control Panel
1. Eliminate Access Control Panel
key "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer"
or
key "HKEY_USER \ S-1-5-21-776561741-823518204-725345543-1004 \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer"
Value "NoControlPanel"
Data type "DWORD"
Add and Remove Programs
1. Eliminate Add or Remove Programs
key "HKEY_USER \ S-1-5-21-776561741-823518204-725345543-1004 \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Uninstall"
Value "NoAddRemovePrograms"
Data type "DWORD"
2. Eliminate change or Remove Programs
key "HKEY_USER \ S-1-5-21-776561741-823518204-725345543-1004 \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Uninstall"
Value "NoRemovePage"
Data type "DWORD"
3. Eliminate Add New Programs
key "HKEY_USER \ S-1-5-21-776561741-823518204-725345543-1004 \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Uninstall"
Value "NoAddPage"
Data type "DWORD"
4. Remove the Add / Remove Windows Components
key "HKEY_USER \ S-1-5-21-776561741-823518204-725345543-1004 \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Uninstall"
Value "NoWindowsSetupPage"
Data type "DWORD"
5. Eliminate Support Information
key "HKEY_USER \ S-1-5-21-776561741-823518204-725345543-1004 \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Uninstall"
Value "NoSupportInfo"
Data type "DWORD"
6. Eliminate Set default programs and access
key "HKEY_USER \ S-1-5-21-776561741-823518204-725345543-1004 \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Uninstall"
Value "NoChooseProgramsPage"
Data type "DWORD"
all content with the value of data to enable = 1 &
= 0 for deactivated
1. Cmd MenDisable
key "HKEY_CURRENT_USER \ Software \ Policies \ Microsoft \ Windows \ System"
Value "DisableCMD"
Data type "DWORD"
Data Value = 1 = Create Disable script cmd's Command
Create 2 = Disable cmd His Aja
All the changes made to replace the value of living 1 or other value to be 0
"Congratulations to try and remember, do not use the knowledge we gained to damage the computer enough to make other people"
Tampilkan postingan dengan label Registry. Tampilkan semua postingan
Tampilkan postingan dengan label Registry. Tampilkan semua postingan
Senin, 10 November 2008
Creating a virus with Visual Basic (Part. 1)
Infection System
If we accidentally run / generate a virus (Virus
Computers). But that would be done after the virus has risen from sleep
menginfeksi is a system that is the target of computer viruses that are inherent
on the target computer. So even though the computer was restarted in ersebut virus will remain active dikomputer the target.
How the virus menginfeksi system:
1. Do multiplication to the system.
The first step is done by the virus when most users
the virus is run dikomputernya do multiplication kesistem
user. Multiplication process to work the system so that the virus
remain active when the computer restart. Usually the results to the multiplication
the system has a name that is almost the name of the file system and there are also
with the same name of the file system only the location of the files are different
with the original files. Example (winlogon.exe, lsass.exe, services.exe, csrss.exe,
iexplorer.exe, shell.exe, etc.).
2. Save registry.
Once the virus has successfully reproduce themselves the virus after kesistem
use the registry as a bunker. Kok
using the registry, you should be able to protect the virus itself
without the assistance registry? True, but even if so many
the possibility the virus can be overcome by drowning or software
among others. But with the assistance registry borrow from the operating system
the virus can protect themselves very well.
Due to the key operating system is on the registry. With the help of registry
This virus is able to run themselves into safe mode-mode or
into safe mode-mode dos even. And pass the virus to
is still not visible in the circumstances that make it difficult for users
remove the virus manually.
3. To activate the virus, which has been located disistem.
Once the virus have been doing multiplication to the system registry and Save
then the virus is run the virus has been there
disistem that although bring any diskettes or is issued
then the virus will remain active.
If we accidentally run / generate a virus (Virus
Computers). But that would be done after the virus has risen from sleep
menginfeksi is a system that is the target of computer viruses that are inherent
on the target computer. So even though the computer was restarted in ersebut virus will remain active dikomputer the target.
How the virus menginfeksi system:
1. Do multiplication to the system.
The first step is done by the virus when most users
the virus is run dikomputernya do multiplication kesistem
user. Multiplication process to work the system so that the virus
remain active when the computer restart. Usually the results to the multiplication
the system has a name that is almost the name of the file system and there are also
with the same name of the file system only the location of the files are different
with the original files. Example (winlogon.exe, lsass.exe, services.exe, csrss.exe,
iexplorer.exe, shell.exe, etc.).
2. Save registry.
Once the virus has successfully reproduce themselves the virus after kesistem
use the registry as a bunker. Kok
using the registry, you should be able to protect the virus itself
without the assistance registry? True, but even if so many
the possibility the virus can be overcome by drowning or software
among others. But with the assistance registry borrow from the operating system
the virus can protect themselves very well.
Due to the key operating system is on the registry. With the help of registry
This virus is able to run themselves into safe mode-mode or
into safe mode-mode dos even. And pass the virus to
is still not visible in the circumstances that make it difficult for users
remove the virus manually.
3. To activate the virus, which has been located disistem.
Once the virus have been doing multiplication to the system registry and Save
then the virus is run the virus has been there
disistem that although bring any diskettes or is issued
then the virus will remain active.
Langganan:
Postingan (Atom)