Stopping From the sourse

Discussion in 'other security issues & news' started by krypton_harsh, May 6, 2008.

Thread Status:
Not open for further replies.
  1. krypton_harsh

    krypton_harsh Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    84
    Just got an idea of checking how actually ppl release diffrent variants of virus...
    and i just got an article of that

    it says.. for ex. a common virus called autoit.XX can easily be created using ready virus creating softwares like virus maker 2008 pro.
    this virus have same features but just a lil diffrences.....
    and there are almost more than 200 variants....the count has reached to variant .a to .mc.... isn't it a good idea to check and find the common pattern of these virus and stop them even before release..... like all of them do create minor registry changes to cause system changes like.....

    example of registry changes :

    1. Adding a Virus.exe along with the shell login in the registry in the pattern that it loads along with the explorer

    HKLM>SOFTWARE>MICROSOFT>WINDOWSNT>WINLOGON>
    shell= explorer.exe, c:\windows\virus.exe

    hence virus also gets loaded along iwth explorer


    2. creating a registry in polices of various location of policies of HKLM AND HKU AND HKLU etc.

    nofolderoptions=1

    3. Changing registry entry to disable setting the option of seeing the system files which are hidden,

    HKLM>SOFTWARE>MICROSOFT>WINDOWS>EXPLORER>ADVANCED>HIDDEN>SHOWALL>

    hidden --> 0, as earlier hidden --> 1

    ---------------------------------
    why not a update is made to monitor changes to these kind of changes in registry, which may lead to almost stopping any further variant creation og autoit.XX scripts.....which have same and common pattern of working.... and change set of settings...

    please have a thought and reply.....

    i just gave an example of 1 such virus intelligence stopping....

    keep posting
     
  2. techie007

    techie007 Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    125
    Location:
    Ontario, Canada
    This is how most, if not all, anti-virus engines detect most "variants" already. At least it's ONE way they detect them.
     
  3. krypton_harsh

    krypton_harsh Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    84
    But i had been suffering with this virus named AUTOIT.Xx
    where i have 2 wait for each update to come to remove the variant ( new )
    and manual steps are the same as mentioned above.... as the registry cahnge in all the variants....
     
Loading...
Thread Status:
Not open for further replies.