Computer Viruses, Anti Virus Programs, Cleaners, Tools and News | Virus Removals Tools – Clean Computer Viruses, Trojans and Malware Easy
Why You should remove spyware, malware and viruses from your PC?
A computer virus is a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability. They are designed to allow a hacker remote access to a target computer system, to steal your data and other sensitive material and to send collected to their creator... Antivirus software is designed to detect and delete Viruses and malwares, as well as preventing them from ever being installed. Although if a for ex. Trojan horse has possibly been used by a hacker to access a computer system, it will be difficult to know what damage has been done and what other problems have been introduced. How to be 1000% safe? Don't go online, Don't install anything, Shut down your computer :)

TDL Tracking: Peer Pressure

Written by v2r on June 27, 2011 – 9:16 am -


[News from my colleagues in Russia, Aleksandr Matrosov and Eugene Rodionov.]

Recently, we had a stroke of luck: our TDL tracker picked up a brand new plugin for TDL4 kad.dll (Win32/Olmarik.AVA) which we haven’t seen previously. It took some time to find out what it is intended to do. After some preliminary analysis we discovered that it implements a particularly interesting network communication protocol which attracted our attention and made us dig deeper.

Kad.dll is intended to be injected into the 32-bit svchost.exe process. The main purpose of the module is to download and execute other malicious software on the infected system. Although there is nothing new in its functionality it differs drastically from cmd32.dll and cmd64.dll in the way it receives commands and additional modules. In contrast to other known plugins obtaining bot instructions from C&C servers listed in a configuration file, kad.dll relies on a P2P (Peer to Peer) network generated by other bots. It is the Kademilia Distributed Hash Table (DHT) P2P protocol which kad.dll implements in order to talk with peers over the network.

In contrast to a Client-Server architecture where there is a list of dedicated C&C (Command and Control) servers that the bots should talk to, in a P2P network all the peers are equivalent: that is. each node is a C&C server and a bot at the same time (this is explained in the following figure).

Figure 1

As there is no single point from which bots in a P2P bot network are coordinated , such botnets are much more resistant to takedowns than Client-Server botnets. Configuration information and payload are shared among all the nodes in the network, according to the specific implementation of the P2P protocol, and can be efficiently obtained by any peer node in the network. Individual bots join and leave the P2P network over time, but that doesn’t significantly influence the availability of the information stored in the network. And that makes takedown of the P2P botnet a challenging task. As long as a sufficient number of bots remain alive it is possible to maintain coordination and control of the bot network.

The Kad-protocol is a kind of DHT protocol where the information is stored as a (key, value) pair. The key is an MD4 hash of value which could be a file or a keyword (part of the file name) or a node ID. The resulting hash table is distributed between the peers.

Communication between peers is performed over the TCP and UDP protocols. TCP is used to transmit a file from one node to another, while UDP is used to search files and other peers in the P2P network.

The plugin stores the list of neighboring nodes in the nodes.dat file in TDL4’s hidden file system, which it also downloads from C&C.

File nodes.dat has the layout described by the following structures:

typedef struct _NODES_DAT_LAYOUT
{
 // Set to zero
 DWORD Reserved0;
// Set to 0x000002
DWORD Reserved1;

// Number of entries in the file
 DWORD NumEntries;
// Array of size NumEntries of NODES_DAT_PEER_INFO structures describing peers
 NODES_DAT_PEER_INFO PeerInfo[1];
} NODES_DAT_LAYOUT, * NODES_DAT_LAYOUT;

typedef struct _NODES_DAT_PEER_INFO
{
 // 128-bit peer identifier (MD4 of node ID)
 BYTE PeerId[16];
// IP address of the peer
DWORD PeerIp;
// Peer UDP port number
 WORD UdpPort;
 // Peer TCP port number
 WORD TcpPort;
} NODES_DAT_PEER_INFO, * NODES_DAT_PEER_INFO;

On the one hand, the file nodes.dat is used to maintain the bot’s contacts during system reboot as it is populated with the information on neighboring nodes. On the other hand, when the number of the bot’s contacts is very small (in this case, smaller than 10) then kad.dll downloads the file from C&C and a sufficient number of peers to contact is therefore guaranteed.

To be sure that the files downloaded from the P2P network are issued by the owner of the botnet, kad.dll verifies the digital signature appended to the files. Each file downloaded by the peer has the following layout:

Figure 2

As we can see from Figure 2 the last 132 bytes (1056 bits) of the file contain the file’s digital signature calculated with an RSA digital signature algorithm.

Eugene Rodionov, Malware Researcher
Aleksandr Matrosov, Senior Malware Researcher

There'll be more information in a revision of the authors' paper The Evolution of TDL: Conquering x64: I'll post another blog article when the revised version goes up on the ESET white papers page.

David Harley, Senior Research Fellow

 

read source...

 


Tags: , , , , , , , , , , , , , , , ,
Posted in Virus removal tools |

Remove Virus, Malware, Trojans - Computer virus Removal tools

Nothing can be worse than a malware infected PC. With its domination on how you browse and an irritating spray of websites that you never opened, malware can make regular browsing experience a nightmare. Not just that, spuriously it might pass on critical information as well. Thank God for antimalware programmers, browsing gets a little sane with anti malware. It catches such malicious programs, takes them off and revive the same browsing experience.

Computer Malware is a Real Problem

You never know what purpose a malware has been designed with until you catch it. Is it to track your usernames and passwords, to catch your browsing history, or your shopping habits? Depending on who makes them, the purpose of malware differs; yet collectively they remain a big threat. They operate in disguise and not only risk your personal information but consume processing power and bandwidth as well.

Common Sources of Catching a Malware

If you have been wondering how your PC got infected and why antimalware program become crucial for you, here are some pointers for you: Malicious sites: If you by mistake landed on sites that looked suspicious, there is a high possibility that you got a malware from there. Third party packages: If you keep trying unreliable third party software as a habit, chances are you have many malware running on your PC. Most of the malicious marketers club their malware with popular applications. Next time, you install an application, keep the anti-virus program active. Torrent downloads: While people may not accept, piracy is a common practice and thanks to torrents, malware programmers find a new outlet for spreading their programs. If you have downloaded files through torrents, especially through seeders not known for reliable downloads, you might have downloaded malware without even knowing about it. If your PC shows sign of being infected by malware, your best bet is to download a reliable anti malware program now and run it to catch the bad boys! Trust us, further you delay running anti malware programs, worse the situation gets.

Computer Viruses, Malwares, Trojans - Remove

Each year the particular problems via personal computer malware cost US corporations immeasureable dollars. These pricing is with missing efficiency, however everlasting loss in essential organization info. Perhaps, nearly all if not all attacks are avoidable with the appropriate comprehension, education and defense. Do not be another sufferer, take the actions today to make certain safety and recovery in the event the most detrimental need to take place.Initial, let’s realize personal computer malware. Usually the phrase malware is employed to explain all adware and spyware. Technically speaking, there are malware, rootkits, Trojan horses, viruses as well as spy ware. The actual strike approach may differ however they are almost all harmful.A virus is a plan that goes by itself and also illegal copies themselves. It could influence documents or perhaps the trunk field and will delete all your files. The particular “Melissa” and “I Really like You” viruses gained worldwide interest. Any rootkit or even Trojan viruses horse allows use of one’s body without you knowing. Usually they look just like a beneficial software application but in fact they may be again or snare doorways.A pc earthworm is a self-replicating computer program. That utilizes a network to deliver duplicates involving by itself with nodes. After on the method, viruses don’t need to put on an additional software and can run by themselves. Viruses create a rejection of service assault generating the system not used. In general, earthworms focus on the network and infections attack files.