June 2007

Monthly Archive

Sat 30 Jun 2007

0rkut blocking Worm Removal tool /Fix

Posted by Sarath under General , Life , My Experiments
[115] Comments 

It was fun with a windows worm named Heap41a / win32.USBworm. I hadn’t been to M$ Windows for a couple of months. When I was surfing through web, I happended to hear about an interesting worm that affects orkut.com, Mozilla fireox and youtube.com :). I responded to this piece of news as oh..poor handicapped M$ windows !.

After two or three days one of my friends, Sidharth rang me and told that he was affected by a virus. He explained its features. It blocks orkut.com, youtube.com and mozilla fireox. It gives the message :

“Orkut IS BANNED, orkut is banned you fool The administrators didnt write this program guess who did?? r r MUHAHAHA!! “

Even though I’m a M$ Windows hater, I thought of fixing it for him since I’m always interested in this sort of hacking. I went through the web and learned about the worm.

It spreads through USB pendrives and removable storage devices. I found that there wasn’t any free fixing tool avaliable for remove the worm. There were some manual removal instructions.

Lets see what this worm does

It runs a exe file which is name MicrosoftPowerpoint.exe which is located in the USB disk. The autorun.inf runs this file when double clicked. Once this program is run you are infected. It hides all your hidden folders, runs the process in the memory, makes the worm to start with windows and pops those annoying messages. This worm doesn’t destroy any system files. It just infects other USB drives and spreads to new hosts.

Non-avaliability of a free removal tool urged me to write one of my own.

Before I write a fix I wanted to make my machine infected of the worm. and hence i was in need for the worm. I instructed sidharth to make zipped copy of the worm and he mailed to me. Cheers !

**********************************************************************************
Here is the fix for Orkut, Youtube, Fireox Blocker (Heap41a / win32.USBWorm)

This tool can be used to remove the Blocker worm as well as prevent the Worm further to get infected on the same machine.

Click here to download.

Usage Instructions:

1) Download the fix and run on infected machine.
2) It will ask for a re login.
3) After logging again run the fix again. The worm will be removed succesully.
4) Log to www.sarathlakshman.info and comment here :D

UPDATE: Here is an update howto remove worm from pen drive.
1. Remove the file autorun.inf
2. Re-insert the pendrive.
3. Format it

There is only a permanent method to avoid all sort of worms / viruses. -> Use Gnu/Linux operating system and rock your desktop !

 

Sun 24 Jun 2007

Rain update.

Posted by Sarath under General
1 Comment 

Rain is rocking here these days. As a result I had been a victim of last 48 hours power drop.

Here are some time pass dumps.

 

Sat 16 Jun 2007

Phoenix workshop @ MESCE

Posted by Sarath under General
1 Comment 

Phoenix box :)

Today, I had a trip to MES college of engineering, Kuttipuram. I was accompanied by Jawad, one of my seniors at school.

MES college looks very attractive having good infrastructure and facilities. I reached MES by 10. am and met C.K Raju sir. He is an amazing teacher as I heard from various students.

PHOENIX ( Physics with Homemade Equipment and Innovative Experiments) is an electronic gadget developed by scientist Dr. Ajith Kumar as a part of inter university accelerator program.
phoenix is really awesome. Phoenix is a low cost computer interfaced experiments system. Its never a propritory gadget - its 100% open and the software and hardware configuration are avalibale as free to modify and redistribute. The creator, Ajithkumar sir was there to conduct the workshop.

He illustrated various experiments that can be done using phoenix. Plotting the graph of AC was a simple job for Phoenix. Lots of other experiments like plotting graph of discharging capacitor, electromagnetic induction etc were illustrated. Also phoenix can be made into a standard alone electronic gadget if we reflash the ATmega16 micro-controller chip with a firmware wrote on C.
Phoenix is well documented and can be got from its website[http://www.nsc.res.in/~elab/phoenix/].
Even though I felt difficulty in grasping some of the things about phoenix not being an electronics freak in deep level, I could feel that it was just wonderful gadget.

I also met Shyam and Mahesh, two of the FreeSoftware enthusiasts at MES. We discussed about a couple of things and it was nice talking to them.

By 4.20 pm, We hurried to the railway station and learned that Indian Railways are always punctual :D !! Our train, Coimbatore - Canannnore Fast Passenger was 50 mins late. After long waits.. the train came. When I reached Mahe railway station, it was one more hour late.

Anyway.. Phoenix rocks.

 

Sun 10 Jun 2007

Smart Vaccation.

Posted by Sarath under FOSS World , General
Write a Comment.. 

Entrance examinations are over by now and I’m ranked 3838 in kerala engineering entrance examination.

A question is rolling around in by mind. Which college I should join for engineering? It’s a confusing question. Anyway I wish to join some college where I can continue with my hacks with more leverage. :)

Suggestions are invited :)

Its the time for real fun now.
The vaccation has started. I’m planning to join some interesting free software community projects and contribute.

It’s probably with python I’m starting with..