Latest Entries »

You wanna know how to turn the PC on in 10 seconds (may vary) Alright here’s what u have to do….

Click on the start button then press R it will take u to Run well go to run
and type Regedit
press enter
this will open Registry Editor
now look for the key


now there find the Key Called
“Startup Delay”
Double Click On It
Now where its Base
Click Decimal
Now its Default Value Is 4800000 (75300:hexadecimal)
Change The Value To 40000
here u go u have done it
now close the Registry Editor and Restart Your Computer

Note: This is not my own post…surfed and found out from somewhere!

To pop a banner which can contain any message you want to display just before a user is going to log on, go to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinLogon Now create a new string Value in the right pane named LegalNoticeCaption and enter the value that you want to see in the Menu Bar. Now create yet another new string value and name it: LegalNoticeText. Modify it and insert the message you want to display each time Windows boots. This can be effectively used to display the company’s private policy each time the user logs on to his NT box. It’s .reg file would be: REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon] “LegalNoticeCaption”=”Caption here.”

Infection methods of trojan virus

The groups of viruses listed above can be sub-divided according to the technique a virus uses to infect objects.

File Viruses

File viruses use the following infection methods:

  • Overwriting
  • Parasitic
  • Companion
  • Links
  • Object modules (OBJ)
  • Compiling libraries (LIB)
  • Application source code

Overwriting :- This is the simplest infection method: the virus replaces the code of the infected file with its own, erasing the original code. The file is rendered useless and cannot be restored. These viruses are easily detected because the operating system and affected applications will cease to function shortly after infection.
Parasitic:- Parasitic viruses modify the code of the infected file. The infected file remains partially or fully functional.
Parasitic viruses are grouped according to the section of the file they write their code to:

  • Prepending: the malicious code is written to the beginning of the file
  • Appending: the malicious code is written to the end of the file
  • Inserting: the malicious code is inserted in the middle of the file

Inserting file viruses use a variety of methods to write code to the middle of a file: they either move parts of the original file to the end or copy their own code to empty sections of the target file. These are sometimes called cavity viruses.
Prepending viruses:- Prepending viruses write their code to target files in two ways. In the first scenario, the virus moves the code from the beginning of the target file to the end and writes its own code to this space. In the second scenario the virus adds the code of the target file to its own code.
In both cases, every time the infected file is launched, the virus code is executed first. In order to maintain application integrity, the virus may clean the infected file, re-launch it, wait for the file to execute, and once this process is over, the virus will copy itself again to the beginning of the file. Some viruses use temp files to store clean versions of infected files. Some viruses will restore the application code in memory, and reset necessary addresses in the body, thus duplicating the work of the operating system.
Appending viruses:- Most viruses fall into this category. Appending viruses write themselves to the end of the infected files. However, these viruses usually modify the files (change the entry point in the file header) to ensure that the commands contained in the virus code are executed before infected object commands.
Inserting viruses Virus writers use a variety of methods to inject viruses into the middle of a file. The simplest methods are moving part of the file code to the end of the file or pushing the original code aside to create a space for the virus.
Inserting viruses include so-called cavity viruses; these write their code to sections of files that are known to be empty.. For instance, cavity viruses can copy themselves to the unused part of exe file headers, to the gaps between exe file sections, or to text areas of popular compilers. Some cavity viruses will only infect files where a certain block contains a certain byte; the chosen block will be overwritten with the virus code.
Finally, some inserting viruses are badly written and simply overwrite sections of code which are essential for the infected file to function. This causes the file to be irrevocably corrupted.
Entry point obscuring viruses – EPOs There is a small group of parasitic viruses which includes both appending and inserting viruses which do not modify the entry point address in the headers of exe files. EPO viruses write the routine pointing to the virus body to the middle of the infected file. The virus code is then executed only if the routine containing the virus executable is called. If this routine is rarely used, (i.e. a rare error notification) an EPO virus can remain dormant for a long time.

Virus writers need to choose the entry point carefully: a badly chosen entry point can either corrupt the host file or cause the virus to remain dormant long enough for the infected file to be deleted.
Virus writers use different methods to find useful entry points:

  • Searching for frames and overwriting them with infected starting points
  • Disassembling the host file code
  • Or changing the addresses of importing functions

Companion viruses :-Companion viruses do not modify the host file. Instead they create a duplicate file containing the virus. When the infected file is launched the copy containing the virus will be executed first.
This category includes viruses that re-name the host file, record the new name for future reference and then overwrite the original file. For instance, a virus might rename notepad.exe as notepad.exd and write its own code to the file under the original name. Each time the user of the victim machine launches notepad.exe, the virus code will be executed, with the original Notepad file, notepad.exd, being run afterwards.
There are other types of companion viruses which use original infection techniques or exploit vulnerabilities in specific operating systems. For instance, Path-companion viruses place their copies in the Windows system directory, exploiting the fact that this directory is first in the PATH list; the system will start from this directory when launching Windows. Many contemporary worms and Trojans use such autorun techniques.
Other infection techniques Some viruses do not use executable files to infect a computer, but simply copy themselves to a range of folders in the hope that sooner or later they will be launched by the user. Some virus writers give their viruses such as install.exe or winstart.bat in order to persuade the user to launch the file containing the virus.
Other viruses copy themselves to compressed files in formats such as ARJ, ZIP and RAR, while still others write the command to launch an infected file to a BAT-file.
Link viruses also do not modify host files. However, they force the operating system to execute the virus code by modifying the appropriate fields in the file system.

Both the Remote Desktop Connection option and the Terminal Services in Windows Server work on Remote Desktop Protocol only.

The Remote Desktop Connection option allows a single user to connect to his / her desktop remotely by terminal services. When the user is connecting to his / her desktop by Remote Desktop Connection, he/she will be able to view exactly like sitting in front of the computer. Remote Desktop Connection allows only one user to connect to only one terminal services session. When a user is connected, others in front of the computer cannot see what the user is operating.

The Terminal Services in Windows Server 2003 allows multiple users connect to multiple terminal services sessions concurrently. Because it’s also depends on Remote Desktop Protocol, users may use the Windows XP Remote Desktop Connection client to connect to their terminal services sessions.

As the result, from the inside view, the Remote Desktop Connection in Windows XP and Terminal Services in Windows Server 2003 are really same thing. We can even say Remote Desktop Connection support in Windows XP is exactly a simplified version of Terminal Services in Windows Server 2003 that only allows one single user’s session.