🦠 Malware

The best tool to check and delete malwar in case the exe are crypted and Av can’t remove is  Anvir Task Manager

https://www.anvir.com

  • What is a Malware of virus ?

it ‘s a kind of programming file that have a bad affect to the target machin

  • Kind of malware ?

1 – Virus 

Corupt the machin and  make  the machin slow and change the real settings

to protect ouer self from a Virus you need to scanne your usb with Anti virus when you plug it to your machin

you need to Not download any file and execute before you  scanne it with AV and  test it in virtual machin

the file must not use multi proccess in proccess explorer , if the real file binded with virus you will see 2

proccess  the first one is the file  and second one is the virus , mean even if you see the real file executed in your

machin note that virus is  injected also( the Binder is a tool that fusion a real file  wih a virus )

you can also see the size of file before download if it is big than the real one note that is binded with virus

mean size of file + size of virus  and you can know that is fake

also you can compare real file Md5 with fake Md5 file , if they not same mean the file are edited

by binder or a Reverce ( Reaverce is  injecting a downlaod execut of malwar from direct link  and executed via cmd )

this reverce can be found in file exe or dll of your file or doc and any kind of file .

2 – Worm

his basic fearture is spreading to get max machin infected the ways of spread are lot

exemple : USB – Lan ( Local area network ) -P2P like torrent – Chat like chat bot , he auto past a direct link of a malware

from machin infected to all contact skype or facebook  or viber also SMS if target is android

if your usb  is infected and inside usb you have a shortcut from a worm you must know that  this shortcut try to

redirect you to click to the worm and your file in the same time mean the usb try to infect you

and after your machin be infected any new clean usb enter to it the worm try to past himself to the clean usb

and creat shortcut to make ready to infect others

note that shortcut is not olny method exist to infect with usb ,  the socond method is Autorun.ini

the auto run is a file inside the usb or cd that auto execute a exe without user click  this method are used

for windows xp , the windows 7 and upper microsoft stop this method .

other way are user is USB exploit without shorcut wihout autorun but a inject a worm via reverce

like BAD usb method and usb Ruber Ducky and other CVE

to protect your self you need to scanne the usb before plug it and update your windows to the last to 

fix this exploit CVE about usb ruber ducky you will see cmd pop up Vmwar goo to test before use unknow

device in same time use Proccess explore

3 –  Stealer

the basice feature is to get all your stored password Browser or Email or Chat or Files and send them to hacker to his

email or panel php or FTP  he dont corupt machin but steal  a sensitive Data

to protect your self from it you can try to discounnect from self to internet and try to run the stealer server

no data will sent to hacker the stealer  exit him self after get password and send to target not like worm and virus

the stealer not stay to a target machin his job to steal and send and kill himself

if you check the porccess you will see the file stay some time after that kill himself becose he end his job

if  before you execute the stealer server you cut the internet the stealer decrypt but he don’t send any data

after that kill his proccess

4 – Ransomwar

it is a bad method that hacker use to get money from trarget , the malware Encrypt all the file of  target and

ask money to Decrypt the target machin files

to portect from this attack you can go to Start menue > Accessories > system Restauration in windows

then switch it to a date before your machin was corupted

5 – Trojan

is a malware that use connection TCP or UDP to control a machin for bad things  , the RAT is a tool that

used to control a machin fore legale things but hacker use it for bad usage so the hacker use it to own a machin

without user knoledg , it make hacker spy and stay in machin and get password and see procceesss

and download files and lot of other feature , mean the hacker own the machin over connection

the weakness of the rat is the startup , you can stop it by delete from startup ( the startup make the trojan back eatch

time you turn on the machin )

the good tool used to delete Trojan from start up are a tool called Anvir task manager Free you can check all startup

and delete the  trojan  , the trojan use the connection without internet the trojan will never work , the trojan work

without internet if case the hacker is in your lan network in the malwar connection you will see that he try to connect

to the hacker machin 192.168.x.x this about lan and in case the hacker is outside the network the trojan connect to the

external hacker ip so most of hacker use VPN virtual private netowok or RDP Remote Desktop to protect his ip to be

tracked from the taget machin

6- Miner

some hacker want to win money so they use malwar  , all machin infected are Miner slave

the basic way that use this Miner is CPU you will see that taget have slow machin becose the  lot of CPU usage

are under Miner tool , some other way use ADS link to execut in lot of machin to get money from Ads

this link can be hidden or not

other way used , is to Auto past hacker wallet when the malwar detecte a btc wallet or any other wallet

the attack used when target machin try to send mone to other persone , the sender copy the wallet of reciver , in this

time the malwar copy the hacker wallet and replace with recived wallet without the sender know , after that the

sender send money to hacker , to protect your self from this attack you need to check the reciver wallet eatch time you

send money to any one , this attack can if your machin infected , even if your machin is not infected this attack can be

?? Yes if you use a rdp and in this rdp a malwar when you copy wallet in your clean machin the malwar in rdp detect it

and past hacker wallet from rdp that you open in your macin and past to you

Note this a basice information about the malwars and not all

Your like the Article Area ?