Trojan Problems

Have you ever had this problem with your computer. Every time you try to open your Internet Explorer to surf the Internet, an error message reads "Failed to get data for 'ad' ", the next thing you see is a dreaded illegal operation box and your Internet Explorer gets shut down.

When navigating around My Computer or Control Panels, you get this message although you still can navigate the controls, despite the illegal message error.

This is an example of a Trojan. Trojans are not viruses, these are malware that are usually hidden in a.exe file that you download online.

Here's are examples of how it can happen.

1) You click on a.exe file that came from an email address you recognized.

2) You went to some sites and downloaded some.exe files that looked like something else you were looking for.

3) You click on a "Click Here!" link in someones AOL instant messenger profile and it ended up throwing about 3 Trojan Dropper viruses on my computer. Your virus checker can catch them but not be able to remove, quarantine or delete them without impairing your operating system.

Sometime after doing a complete system scan and one may assume that the virus checker caught it. About a week later, the symptoms can resurface.

If your out of ideas and your anti virus program is unable to help, before contemplating formatting your hard disk and reinstalling the OS, try using a focused Trojan Remover software. Trojans are not Viruses, so you need a specialized Trojan Remover tool that is constantly updated to combat the multi variations of a single Trojan.

Take for example, the Trojan.Vundo Trojan. This little guy will display multiple pop ups on your Internet Explorer browser, and you will end up seeing things that you may not want to see. There are many variants of this trojan and frequently updated anti-trojan anti malware & spyware tools will be able to detect and clean them quickly and easily. This will save one time and avoid the time consuming process of having to reinstall the entire WinXP/ OS & Drivers.

Read More

Finding Trojan Viruses - Providing Remote Access to Your Computer

Some of the most dangerous Trojan viruses provide remote access to your computer from other computers. This opens up the possibility of any number of things happening to you and your computer. These could be simply stealing personal information. It could be throwing popups onto your screen at seemingly random times. They could use your computer as a host in a Denial of service attack on a website. In short almost anything you could from your computer, someone accessing it remotely could also do.

A good virus checking program, running regular scans on your system and hard drive is a very good way keep your computer as safe as possible. But sometimes, you may just have a hunch or a suspicion something is going on, but your virus checker doesn't find anything. Maybe someone has told you they received an email from you that you don't remember sending. Perhaps your computer seems to be slow and the fan is running most of the time. Are applications taking longer to start than they used to? All of these could be signs that there is a process or program running in the background doing things you are not aware of.

To look for something like this you need to examine the processes that are running on your computer. You can open the Window Task Manager (Ctlr+Alt+Del) then select the Applications tab. See if you recognize all the items listed. You probably will. This is a list of the windows that are currently open on your computer. Trojans are usually sophisticated enough not to get listed here.

So next, select the Process tab. This lists all the processes running on your computer. You probably will recognize some of these but most likely will not recognize many others. See which ones are using the most CPU time. Do you know what these are?

If you don't recognize some of them, the next step is to do a little research. This is really pretty simple these days. Just type the name of the process from the list into a search engine. You should get back several links that will tell you about that process. If it's a dangerous process, follow the instructions you may find to get rid of it.

The following is a list of a few process and files that are known to be associated with Trojan Viruses that could provide others remote access to your computer.

Admdll.dll let others remotely control your computer. The Admdll.dll file is often associated with several Trojan viruses.

Ismon.exe is associated with the Trojan.W32.Zlob virus. This Trojan may open links to pornographic websites and also attempt to download and run files from a remote locations.

Main.exe is part of surveillance software. This auto-starting program is also a process relating to the Backdoor.Prorat Trojan virus. This Trojan allows attackers to access your computer from remote locations and also monitors your browsing habits and can prompt advertising popups.

Ntosa32.exeis a process which is registered as the TROJ_SUA.A Trojan virus. This Trojan allows attackers to access your computer from remote locations.

Ssgrate.exe is not a process, but a process entry into your computer's registry linking to system.exe - the Trojan.Mitglieder.C virus.

Suchost.exe is a part of Trojan.Treb virus. A trojan that gives remote access to your system using listening proxy servers.

Winshost.exe is a process which is registered as the TROJ_BAGLE.BE or Trojan.Tooso Trojan virus. This Trojan allows attackers to access your computer from remote locations.

The processes listed above are just a few of the many that can cause problems for a computer. Instead, of looking for all the viruses that could be a problem, it's much easier and quicker to examine the processes and files that are running on your own computer. If you suspect something may be going on, check it out. Viruses don't eliminate themselves.

Read More

How to hack keyloggers or RAT's server password

Keylogger's and RAT's nowadays are everybody's problem across the internet. Hackers use keyloggers to hack the email passwords of the victim which they receive in the form of emails or text files on their respective FTP servers. They spread their keyloggers with the help of cracks, keygen's or patches of popular software's or simply through hack tools. So friends, today i will teach you how to reverse engineer the keylogger or RAT to hack the hackers FTP server or email password. I have already discussed this with the help of bintext tool on my other website ISOFTDL.

Most of hackers thinks that they are too smart, so what they do bind their keylogger or Rat servers with popular programs and when user open that their system got infected and hence what ever they type is get recorded and sent to hacker.

Now all keyloggers sent data to hacker in regular intervals (usually every 5 to 10 minutes) by using below to ways:

1. Using the Emails : where hacker configures his email ID and password while creating the server. Keylogger records the key strokes in a temp file and sends it to the hacker in form of emails. But this has a limit as most free email servers like Gmail or Yahoo or Hotmail has limit of 500 composed and received mails. So most hackers use the second method.

2. FTP server : While creating the keylogger server, hacker configure their FTP server, where they receive the logs of key strokes in the form of text file( usally labeled on the basis of current system time stamp). Hackers keylogger server uploads the files to FTP server after every few minutes interval.

So friends, here the actual trick or loophole in above technique lies. If we monitor the everything coming in and going out of our Ethernet card or Wireless then we can detect that what is going out of our system. Its nothing but just monitoring your your system's traffic, where its going and from where its coming. You can use any of the tool that monitor the packet flow of your Ethernet or wireless card.

ok...ok.. let me tell you my favorite tool for doing the same. I love Wireshark because its simply superb.

Wireshark is a very famous network scanning hack tool which is used by hackers or network forensic experts to monitor the packet flow of their network cards like Ethernet or WLAN. It records the each and every packet coming and going out of your system's Network card. Now you all must be thinking wth is this Packet. Packet is nothing but just a bunch of bits(data in form of 0 & 1) usually 32bit or 64bit. In network terminology, data is termed as packet which can be either TCP or UDP( both contains the header n other stuff accordingly).

So friends, whenever you feel anything suspicious in your system like your system is compromised or you are infected from a keylogger or RAT or simply you want to test a hack tool and you are not aware that hack tool is safe to use or not. Just follow the below procedure to reverse engineer these noob hacking tools.

Note: Every keylogger or RAT sends the logs to hacker's FTP server or email account after few minutes interval( when you are connected to internet) but some novice keyloggers even tries to send data while you are offline and hence the data sending keep on failing. In some situations it displays warning message and in some situations you PC gets hanged or SVHOST service CPU usage increases. But nothing matters whether it sends logs online or offline, the only thing matter is time period, after what interval it sends data.

Steps to Hack or reverse engineer the Hacker's Keylogger server password:

1. First of all download and install the wireshark. You can easily get this using by Googling it.

Note: While Wireshark is getting installed, ensure that it installs the Winpcap with it other it won't work properly.

2. Now go to the Capture button in the top menu of the Wireshark as shown below and select the interface( means your network card which can be Ethernet or WLAN).

3. Now it will start capturing the packets through that Network card. What you have to do is just keep capturing the records for atleast 20 - 30 minutes for getting the best results. After 20- 30 minutes, again go to capture and stop capturing the packets.

4. Now you need to filter your results, for this Go to the filter box and type FTP and SMTP one by one. Note: if you get records for FTP then hacker has used FTP server and if you didn't got FTP that means hacker has used SMTP, so give SMTP in Filter box.

5. As you scroll down you will find the “FTP username” and “Password” for victims ftp account in case FTP server is used. And if hacker has used SMTP then you will find "email address" and its "password" that hacker has used to create keylogger.

6. That's all my friends. Isn't that too easy.

Read More

RAT full Source Code v1.0 in C language

Hello friends, today hacking loops is exposing the source code of RAT ( remote administration tool) in C language. With this source code you can take help in designing your own hack tools like keyloggers, remote chat montiors, screen capture tools,etc ..Now you can see how the coding is being done. Source code of RAT will help you in understanding the working of RAT remote administration tool and how it logs data and steals information and everything. This source code is of F.B.I RAT( full backdoor integration) and most interesting thing is that it contains all the advanced features

How this source code is helpful for hackers? The answer is simple now you have source code modify it accordingly , change variable names, some passing parameters or add some dead codes and make it completely FUD(fully undetectable) from antivirus and use it to hack. And most important advantage is that you will keep yourself save from downloading ****ing Trojans from the internet in name of hack tools as most of them contains spy malware and keyloggers in it.

DOWNLOAD FULL SOURCE CODE OF RAT

Brief description of features that this RAT has:

Supports xp/Vista/Windows 7, all features have been tested on these OS's including injection, but there have been some limitations on the sniffer.

Features:

File Manager:

• Execute, Normal & Hidden.
• Copy & Paste like Windows explorer.
• Display size of file, and type.
• Delete.
• Download & Upload (re-coded) Multi-threaded downloads, which allows you to download multiple files at once.
• Stop, Pause and resume active transfer's.
• Search files.rename files.

System Manager:

• Process Manager - Refresh and kill processes running
• Window Manager - Refresh and close windows, shows hidden and visable windows.
• Installed Programs - List's program name and Directory.
• Installed Services - Lists installed services, allows you to stop, start and pause services.

Keylogger:

• Allows the user to have a time & date stamp, and active window, as well as custom colour coding.
• Uses a keyboard hook, so no dropped keys like most keyloggers, and 0 CPU usage.
• Offline and Online keylogs, Offline keylogs are downloaded once you start the Online keylogger, and once the online keylogger session has finished, the offline keylogger begins again.

Screen capture:

• Reworked transfer & Capture.
• Allows the user to select the quality, intervals of screen shots and stop & start screen capture, also allows the user to take a single snapshot when ever they want.

Webcam:

• Reworked transfer & Capture.
• Allows the user to stop & start captures also allows an interval for the sending of captures.

Packet Sniffer:

• "Net stat" Allows the user to view local connections on the computer, and then select which connection you want to sniff, displays remote server IP and local IP & Port information, also the state of the connection, all this information comes from the TCP stack of windows.
• Packet sniffer, sniffs the raw packets, using windows RAW sockets and formats them into text for you to read, i have tested this with Real world websites, and has allowed me to steal information, such as website logins, but because of the limitations of vista and windows 7 it is likely it will not work, for those two operating systems.

Choice of injection, This source comes with another project that allows you to inject your server into the default browser of the Victim, you can also use the exe and run it normally withoutinjection, for testing, the injection code has been modified from an old source i found, i took the source and improved it, made it detect the default browser and made it load the API's indirectly, so you can encrypt the API strings, and bypass AV's.

Read More