unmoeglich, wegen mangels eingangdaten

compilation required

   as have already mentioned --

        the fact is obviuos

PROTOCOL 5:

         dismount core

             implementation  module <CRC32>

PROTOCOL 6:

              debug procedure

              registry: set key parameter from 15 till 21

              if exceeds, then begin with 1 till 13

              if begins with 13, then end

PROTOCOL 7:

installation of SMB

PROTOCOL 8:

violation on BIOS alteration, especially for ATAPI

* only for WINDOWS system environment (WSE)

** set on default or fail-safe

PROTOCOL 9:

Taskmanager -- the programs should be self-executable.

The program environment should self decide how to end 

programs. You should only know which programs

you have already used.

* how to control system processes -- see PROTOCOL 10.

PROTOCOL 10:

following system processes must never

be changed:

ctfmon.exe

csrss.exe

svchost.exe

to control and monitor processes --

use System Explorer

PROTOCOL 11:

on-demand program termination

if not responding -- end program,

using TaskManager

extensions -- .exe, .bin.

exclusions -- see PROTOCOL 10.

PROTOCOL 12

If bluescreen appears:

• check drivers compatibility
• autostart programs (≤9)
• make memory test

if still persistent -- see PROTOCOL 13

Protocol 13 -- "Pro memoria":

... if still persistent, than maybe "sality"

invasion.

CLAM should be installed as additional

virus scanner.

Everything should be closed -- all other instances of

AV or firewall. Internet connection should be disabled.

All running programs should be closed.

Execution -- under administrator privilages in save mode,

or vice versa -- in save mode under administrator privilages.

PROTOCOL 14 MOEBIUS ZEIT STREIFE

1:02   18:17
2:01   19:20
3:04   20:19
4:03   21:23
5:06   22:21
6:07   23:24
7:05   00:22
8:09   01:25

9:08   02:26

10:12  03:27
11:13  04:28
12:10  05:29
13:11  06:30
14:16  07:31
15:14  08:32
16:15  09:33
17:18  10:34
            11:35

PROTOCOL 15:

silikonjara -- how to detect

First of all you should deinstall AV and firewall.

Then you should input flash-device with very simple autorun.inf

file, which contains following lines:

[autorun]
shellexecute=SYS
action=close folder
USEAUTOPLAY=1

Then, wait for a while, and close it.

After that, open it again -- if there is any changes.

If there is no change, everythyng should be O'K.

If you see the following:

[autorun]
shellexecute=zamenelos\\\jksilikonjara.exe
action=Open folder to see files using Windows Explorer
USEAUTOPLAY=1
^ДФСКАлфклчкфочњкфочњклфЊјфњјфЊЉЧЛкјфЊЉФЊКФ
open=zamenelos\\\jksilikonjara.exe
icon=shell32.dll,4
shell\\\Install\\\command=zamenelos\\\jksilikonjara.exe
shell\\\open\\\command=zamenelos\\\jksilikonjara.exe
shell\\\explore\\\command=zamenelos\\\jksilikonjara.exe
Shell\\\open\\\command=zamenelos\\\jksilikonjara.exe
&КЋЧФАСЛЋФПЧЛфПЋњљлфЋЊЉкфоПЋгкљћгјњчфкпћњљфl?P?SALF?pfk?wpqkf?lqogkjf?WAPLDFP?WQgjfWOjK??RWLWfjwf?Q?

it means, that computer is already infected.

*corresponds to avir virus definitions=TR/Autorun.CE.46

**could implement itself in System Volume Information (SVI)

??: could create negative condensation effect

fail system file check

PROTOCOL 16:

what if silikonjara is found.

• debug with regedit --

everything associated with silikonjara (from

 left and wright) should be deleted from the registry

• install AVIR -- make scan
• check system files -- if changed or corrupted 

                               [maha]

PROTOCOL 17:

consequences of silikonjara and 

sality infection:

• file system desintegration
• computer boot failure
• may cause memorycard replacement
• may cause electric supplement for

the mainboard change

• eventually system installation again

   [something]

PROTOCOL 18:

BIOS and multidevice system.

Configuration depends on priority.

In any case should be set  on fail-safe

or default, asynchrone mode.

BIOS should allow system boot from CD-ROM.

PROTOCOL B-45

how to detect virus Cryptor,

Autorun.ini/in

there are special types of viruses,

among them are those mentioned

above. It's very difficult to detect them

inside WSE, because they are hidden.

For this you need Special Linux Disk (SLD),

which can be run at start up.

If Framebuffer doesn't allow you to creat

Linux Environment, than try CLAM.

PROTOCOL 19

what if WINDOWS XP doesn't start

try to install additional WINDOWS

PROFESSIONAL, instal CLAM, run

AV. At least you can copy all nessecary

files, documents, etc. Then, reinstal WINDOWS

XP and programs too. There is no need to hesitate.

^{_{PROTOCOL 20}}

^{_{Programs which control}}

^{_{Virtual Environment (VE)}}

^{_{VM (Windows Intrinsic)}}

^{_{JAVA VM (ORACLE)}}

^{_{Adobe Flashplayer}}

^_{Net_Frame}

^{_{Free Commander}}

PROTOCOL 21

we recommend the

following AV to be used:

AVIR

AVG

CLAM

AVAST

Special Linux Disk

(SLD)

PROTOCOL 22

compatibility

the following AV and Firewalls are compatible:

AVG & ZoneLabs

AVAST & Comodo

AVIR & Ashampu

PROTOCOL 23

-NET STABILITY-

(as spider waits for fly)

the idea is to represent the net as web

with radial and circular threads. The preference

remains for DHCP distribution and static IP.

Any IP change or DNS is a question for vulnarability.

Let's assume that DNS is radial distribution and IP is

circular distribution. DHCP is a spider, which controls the

local net. The fly is an imaginary threat, which should be as

 soon as possible detected and isolated. 

*very seldom word товарищ

Protocol J(M)PEG

endgueltig