Home | Spyware List | Search Spyware | Bookmark | Link to us
spyware removal instructions
> Spyware Encyclopedia Page 95 > Next Generation Virus Construktion Kit

Next Generation Virus Construktion Kit removal

Spyware Next Generation Virus Construktion Kit Information
Name: Next Generation Virus Construktion Kit
Category: Virus Creator
Date: 2002-03-24
Author: SnakeByte
Dangerous: Yes
Next Generation Virus Construktion Kit belongs to Virus Creator spyware category.
It's presense means that your computer is infected with malicious software and is insecure.
Next Generation Virus Construktion Kit description by SnakeByte:
Vendor: ´generates Win32 PE Infectors. All created viruses are completely different in structure & opcode. This makes it impossible to catch all variants with one or more scanstrings.´ As you´ll see here, it took a long time till I finished this thing ;( This is because i´ve to study, see my girlfriend & to work.. and sometimes i just need some spare time to get drunk =) But at the moment i try to release a newer version every week. If it says i fixed a bug in a routine, this means i had an error in a generated virus & fixed the bug inside the creation module of the specific routine. Until now, all versions are BETA !!! Keep this in mind please At the moment I generate as many viruses as possible & try to fix all bugs. Just when I find no more in a big amount of generated viruses, I´ll add new options. The most bugs i´m fixing at the moment are created by malplaced trashcode, or just appear very seldom, & are therefore hard to detect.. but I will get ´em =) *Version 0.25 - 18-05-2001 Removed the SEH part & put Antidebugging & Anti Bait together Fixed 2 bugs in the find any file routine Fixed a bug inside the encryption routine And got another on inside the infestation routine. ... two inside the Api Find Routine Slowly i got the impression, someone is sneeking every night into my room & adding newer bugs :P *Version 0.24 - 11-05-2001 I found a lot this time, don´t know wheter it´s good, because i found the bugs, or bad, because this means all releases before just suck.. :P Fixed 3 bugs in the find any file routines, 2 bugs in the encryption routines, 2 bugs in the api search routine. And one bug each in the api found, anti soft ice check & anti bait check routines. Never give me asm code in the night & inquire me to debug it please =) *Version 0.23 - 07-05-2001 Fixed a bug in the Delta Handle routine Fixed a bug in the movRegisterValue routine Fixed malplaced comments *Version 0.22 MTX#3 Release - 19-02-2001 Just minor changes, I got no time at the moment :( University means lots of work... *Version 0.21 - 31-01-2001 Removed some really stupid bugs from the encryption routine & made it more variable. I also added an SEH anti debugging trick & included some trash code to make it more variable. *Version 0.20 - 16-01-2001 I added encryption ( even if it´s not completely random ), but just simple algorithms, nothing with a key, but XOR & SUB/ADD will follow soon =) Hope I can do this until friday, so I can give out a 1st beta to some ppl. Every opcode except the ones in the crypt routines are random, so no simple scanstring made to be choosen. But the ones inside the crypt routine will be made variable too. *Version 0.14 - 08-01-2001 Ok, there are round about 99% of the opcodes random ( they made to be overwrited by another ), the few others are either "ret"s ( which i´ll overwrite tomorrow ) or an instruction, with at least one random parameter ( register / offset / constant ), so there are maybe 20 Bytes static, but these are always at a different place & in a different order, so I think they´ll not make a reliable scanstring... ;) But I´ll remove them too... But 1st I wanna add some other viral tricks ( anti-debugging, anti-bait, encryption ) which the person might select to include. ( This will also change the behavior of the viruses ) *Version 0.13 - 25-12-2000 Ok, now 3/4 are completely random, will continue with the rest... *Version 0.12 - 18-12-2000 The output is now ok, & understandable ;) I added a lot of comments & formatted them. Got not much time at the moment to work on the engine itself, because I still got to find some x-mas presents and i got more work at university. So I just worked over 1/4 of the current engine to make it more variable, but until now, I found at least one overwritement for every opcode & structure inside the 3 modules. *Version 0.10 - 13-13-2000 The Kit works stable ! All generated Viruses work, infect the current and ( if choosen ) the windows & system directory. I´ll now read some poly tutors & papers to improve the randomness of it, & made some improvements of the really crappy output-design ;) *Version 0.02 - 11-12-2000 Most generated viruses work ! ( so I hope I can finish this basis of the kit this week ) I found out that the Digital Hackers´ Alliance Randomized Encryption Generator [DREG] which was created by Gothmog/DHA also tried to create viruses this way. Due to the fact that all samples from him get detected, I will try to give my best to avoid this ;) I´ll steal a look at his VCK & hope to learn from his output. ( heh, Gothmog, if you´re still around, give me a call.. :P ) *Version 0.00 - 20-11-2000 Generates simple Win32 Viruses NOP is the only trash instruction lot´s of bugs ;(
This Virus Creator is also known as:
Constructor.Win32.NGVCK.023 - named by Kaspersky.
Constructor.Win32.NGVCK.024 - named by Kaspersky.
Constructor.Win32.NGVCK.032 - named by Kaspersky.
Constructor.Win32.NGVCK.033 - named by Kaspersky.
Constructor.Win32.NGVCK.035 - named by Kaspersky.
Constructor.Win32.NGVCK.036 - named by Kaspersky.
Constructor.Win32.NGVCK.038 - named by Kaspersky.
Constructor.Win32.NGVCK.039 - named by Kaspersky.
Constructor.Win32.NGVCK.040 - named by Kaspersky.
Constructor.Win32.NGVCK.042 - named by Kaspersky.
Constructor.Win32.NGVCK.043 - named by Kaspersky.
Constructor.Win32.NGVCK.044 - named by Kaspersky.
Constructor.Win32.NGVCK.045 - named by Kaspersky.
NGVCK.Kit - named by McAfee.
security risk or a "backdoor" program - named by F-Prot.
Virus Constructor - named by Panda.
Win32.NGVCK.23 - named by Computer Associates.
Win32.NGVCK.24 - named by Computer Associates.
Win32.NGVCK.25 - named by Computer Associates.
Win32.NGVCK.26 - named by Computer Associates.
Win32.NGVCK.27 - named by Computer Associates.
Win32.NGVCK.28 - named by Computer Associates.
Win32.NGVCK.29 - named by Computer Associates.
Win32.NGVCK.30 - named by Computer Associates.
Win32.NGVCK.31 - named by Computer Associates.
Win32.NGVCK.32 - named by Computer Associates.
Win32.NGVCK.33 - named by Computer Associates.
Win32.NGVCK.35 - named by Computer Associates.
Win32.NGVCK.36 - named by Computer Associates.
Win32.NGVCK.38 - named by Computer Associates.
Win32.NGVCK.39 - named by Computer Associates.
Win32.NGVCK.40 - named by Computer Associates.
Win32.NGVCK.42 - named by Computer Associates.
Win32.NGVCK.43 - named by Computer Associates.
Win32.NGVCK.44 - named by Computer Associates.

>> Delete Next Generation Virus Construktion Kit automatically - Download Spyware Doctor

Next Generation Virus Construktion Kit Removal Instructions
Kill the following processes
ngvck.exe
Remove the following files
faq.txt, history.txt, index.html, ngvck.exe, ngvck.html.

Bookmark Next Generation Virus Construktion Kit page

 Previous Spyware: Remove Next Generation of Windows 98 Blues Screen (2) Next Spyware: Remove Nexus 5.6
© 2005-2008 www.spywaredb.com All rights reserved. webmaster@spywaredb.com