In this tutorial, I’m gonna show you, how to crack any type of CD Protection,
using W32Dasm, and HIEW.
OK, let’s start:
First of all, you have to run the damn game you want to crack, without the CD.
The game, doesn’t work of course, (Please, don’t panic) BUT a window pops up, telling you an
error message.
This error message will help you to crack the game so, you’ve got to remember it.
For example: Please insert the - CD, or: You need the CD to play the - . ( -, is the
game you want to crack). Anyway, if you can’t remember it,
write it, in a little piece of paper.
Now, run Win32Dasm, and on the toolbar, press the first little button on the left, OR, go to
Disassembler ->Open file to Disassemble. A menu will pop up. Select
the exe which you want to crack. The disassemble, will take few minutes so, I suggest you, to go
for shitting.
OK, it finished its process.
Now, in your screen, there is a strange text, and we can’t understand anything of course. Don’t
worry, the only thing we have to do, ( If you want, you can change the font), is to click on the
String Data References, the button next to the print button (Strn.REF).
You can see a window which is called String Data Items. Scroll down, and try to
find the game’s error message. When you’ll find it, double click on it, and then,
close the window, to go back to the Win32Dasm text.
As you can see you are somewhere in the CD check routine. This is the message’s
place. Now comes the interesting and difficult part, so, be careful.
We don’t know what all these shits mean, BUT we must know the @ offset of
every call and jump command.
Write down, every call and jump @ offset number. (You have to be sure, that the
OPBAR change its used color to green). You need the number behind the @offset without the h.
Let’s go to HIEW, now.
HIEW:
To move up and down, use the cursor keys. Start HIEW. exe.
In the HIEW directory, there is a list of exes and programs. Go to the directory, which you saved
the game’s exe, we want to crack, and click on the exe. Click F4,
and then, a menu will pop up, with 3 words. Text, Hex, and Decode. Click on
Decode, and now, we can understand the list of numbers.
Click F5, and you can now enter the number, we wrote down, in Win32Dasm. Type it, and you
will be placed at the number’s place. The cursor is placed on a command.
Before I’ll continue, I want to explain you something. For example, if the command where our
cursor is placed on, is E92BF9BF74, means that it is 5 bytes.
Every 2 numbers, are one byte: E9-2B-F9-BF-74 = 90-90-90-90-90. 10 letters, mean, 5 bytes.
OK, if you understood it, you can continue.
Press F3, which means edit, and now you can edit these ten numbers.
Type five times, the number 90. For every byte, 90. Now click on F10 to exit.
We cracked the CD protection of the - . Congratulations.
Showing posts with label Remove Virus. Show all posts
Showing posts with label Remove Virus. Show all posts
Monday, July 27, 2009
Sunday, July 19, 2009
History Of Viruses
part 1
Like any other field in computer science, viruses have evolved -a great deal indeed- over the years. In the series of press releases which start today, we will look at the origins and evolution of malicious code since it first appeared up to the present.
Going back to the origin of viruses, it was in 1949 that Mathematician John Von Neumann described self-replicating programs which could resemble computer viruses as they are known today. However, it was not until the 60s that we find the predecessor of current viruses. In that decade, a group of programmers developed a game called Core Wars, which could reproduce every time it was run, and even saturate the memory of other players’ computers. The creators of this peculiar game also created the first antivirus, an application named Reeper, which could destroy copies created by Core Wars.
However, it was only in 1983 that one of these programmers announced the existence of Core Wars, which was described the following year in a prestigious scientific magazine: this was actually the starting point of what we call computer viruses today.
At that time, a still young MS-DOS was starting to become the preeminent operating system worldwide. This was a system with great prospects, but still many deficiencies as well, which arose from software developments and the lack of many hardware elements known today. Even like this, this new operating system became the target of a virus in 1986: Brain, a malicious code created in Pakistan which infected boot sectors of disks so that their contents could not be accessed. That year also saw the birth of the first Trojan: an application called PC-Write.
Shortly after, virus writers realized that infecting files could be even more harmful to systems. In 1987, a virus called Suriv-02 appeared, which infected COM files and opened the door to the infamous viruses Jerusalem or Viernes 13. However, the worst was still to come: 1988 set the date when the “Morris worm” appeared, infecting 6,000 computers.
From that date up to 1995 the types of malicious codes that are known today started being developed: the first macro viruses appeared, polymorphic viruses … Some of these even triggered epidemics, such as MichaelAngelo. However, there was an event that changed the virus scenario worldwide: the massive use of the Internet and e-mail. Little by little, viruses started adapting to this new situation until the appearance, in 1999, of Melissa, the first malicious code to cause a worldwide epidemic, opening a new era for computer viruses.
part 2
This second installment of ‘The evolution of viruses’ will look at how malicious code used to spread before use of the Internet and e-mail became as commonplace as it is today, and the main objectives of the creators of those earlier viruses.
Until the worldwide web and e-mail were adopted as a standard means of communication the world over, the main mediums through which viruses spread were floppy disks, removable drives, CDs, etc., containing files that were already infected or with the virus code in an executable boot sector.
When a virus entered a system it could go memory resident, infecting other files as they were opened, or it could start to reproduce immediately, also infecting other files on the system. The virus code could also be triggered by a certain event, for example when the system clock reached a certain date or time. In this case, the virus creator would calculate the time necessary for the virus to spread and then set a date –often with some particular significance- for the virus to activate. In this way, the virus would have an incubation period during which it didn’t visibly affect computers, but just spread from one system to another waiting for ‘D-day’ to launch its payload. This incubation period would be vital to the virus successfully infecting as many computers as possible.
One classic example of a destructive virus that lay low before releasing its payload was CIH, also known as Chernobyl. The most damaging version of this malicious code activated on April 26, when it would try to overwrite the flash-BIOS, the memory which includes the code needed to control PC devices. This virus, which first appeared in June 1998, had a serious impact for over two years and still continues to infect computers today.
Because of the way in which they propagate, these viruses spread very slowly, especially in comparison to the speed of today’s malicious code. Towards the end of the Eighties, for example, the Friday 13th (or Jerusalem) virus needed a long time to actually spread and continued to infect computers for some years. In contrast, experts reckon that in January 2003, SQLSlammer took just ten minutes to cause global communication problems across the Internet.
Notoriety versus stealth
For the most part, in the past, the activation of a malicious code triggered a series of on screen messages or images, or caused sounds to be emitted to catch the user’s attention. Such was the case with the Ping Pong virus, which displayed a ball bouncing from one side of the screen to another. This kind of elaborate display was used by the creator of the virus to gain as much notoriety as possible. Nowadays however, the opposite is the norm, with virus authors trying to make malicious code as discreet as possible, infecting users’ systems without them noticing that anything is amiss.
pat 3
This third installment of ‘The evolution of viruses’ will look at how the Internet and e-mail changed the propagation techniques used by computer viruses.
Internet and e-mail revolutionized communications. However, as expected, virus creators didn’t take long to realize that along with this new means of communication, an excellent way of spreading their creations far and wide had also dawned. Therefore, they quickly changed their aim from infecting a few computers while drawing as much attention to themselves as possible, to damaging as many computers as possible, as quickly as possible. This change in strategy resulted in the first global virus epidemic, which was caused by the Melissa worm.
With the appearance of Melissa, the economic impact of a virus started to become an issue. As a result, users -above all companies- started to become seriously concerned about the consequences of viruses on the security of their computers. This is how users discovered antivirus programs, which started to be installed widely. However, this also brought about a new challenge for virus writers, how to slip past this protection and how to persuade users to run infected files.
The answer to which of these virus strategies was the most effective came in the form of a new worm: Love Letter, which used a simple but effective ruse that could be considered an early type of social engineering. This strategy involves inserting false messages that trick users into thinking that the message includes anything, except a virus. This worm’s bait was simple; it led users to believe that they had received a love letter.
This technique is still the most widely used. However, it is closely followed by another tactic that has been the center of attention lately: exploiting vulnerabilities in commonly used software. This strategy offers a range of possibilities depending on the security hole exploited. The first malicious code to use this method –and quite successfully- were the BubbleBoy and Kakworm worms. These worms exploited a vulnerability in Internet Explorer by inserting HTML code in the body of the e-mail message, which allowed them to run automatically, without needing the user to do a thing.
Vulnerabilities allow many different types of actions to be carried out. For example, they allow viruses to be dropped on computers directly from the Internet -such as the Blaster worm-. In fact, the effects of the virus depend on the vulnerability that the virus author tries to exploit.
part 4
In the early days of computers, there were relatively few PCs likely to contain “sensitive” information, such as credit card numbers or other financial data, and these were generally limited to large companies that had already incorporated computers into working processes.
In any event, information stored in computers was not likely to be compromised, unless the computer was connected to a network through which the information could be transmitted. Of course, there were exceptions to this and there were cases in which hackers perpetrated frauds using data stored in IT systems. However, this was achieved through typical hacking activities, with no viruses involved.
The advent of the Internet however caused virus creators to change their objectives, and, from that moment on, they tried to infect as many computers as possible in the shortest time. Also, the introduction of Internet services -like e-banking or online shopping- brought in another change. Some virus creators started writing malicious codes not to infect computers, but, to steal confidential data associated to those services. Evidently, to achieve this, they needed viruses that could infect many computers silently.
Their malicious labor was finally rewarded with the appearance, in 1986, of a new breed of malicious code generically called “Trojan Horse”, or simply “Trojan”. This first Trojan was called PC-Write and tried to pass itself off as the shareware version of a text processor. When run, the Trojan displayed a functional text processor on screen. The problem was that, while the user wrote, PC-Write deleted and corrupted files on the computers’ hard disk.
After PC-Write, this type of malicious code evolved very quickly to reach the stage of present-day Trojans. Today, many of the people who design Trojans to steal data cannot be considered virus writers but simply thieves who, instead of using blowtorches or dynamite have turned to viruses to commit their crimes. Ldpinch.W or the Bancos or Tolger families of Trojans are examples of this
part 5
Even though none of them can be left aside, some particular fields of computer science have played a more determinant role than others with regard to the evolution of viruses. One of the most influential fields has been the development of programming languages.
These languages are basically a means of communication with computers in order to tell them what to do. Even though each of them has its own specific development and formulation rules, computers in fact understand only one language called "machine code".
Programming languages act as an interpreter between the programmer and the computer. Obviously, the more directly you can communicate with the computer, the better it will understand you, and more complex actions you can ask it to perform.
According to this, programming languages can be divided into "low and high level" languages, depending on whether their syntax is more understandable for programmers or for computers. A "high level" language uses expressions that are easily understandable for most programmers, but not so much for computers. Visual Basic and C are good examples of this type of language.
On the contrary, expressions used by "low level" languages are closer to machine code, but are very difficult to understand for someone who has not been involved in the programming process. One of the most powerful, most widely used examples of this type of language is "assembler".
In order to explain the use of programming languages through virus history, it is necessary to refer to hardware evolution. It is not difficult to understand that an old 8-bit processor does not have the power of modern 64-bit processors, and this of course, has had an impact on the programming languages used.
In this and the next installments of this series, we will look at the different programming languages used by virus creators through computer history:
- Virus antecessors: Core Wars
As was already explained in the first chapter of this series, a group of programs called Core Wars, developed by engineers at an important telecommunications company, are considered the antecessors of current-day viruses. Computer science was still in the early stages and programming languages had hardly developed. For this reason, authors of these proto-viruses used a language that was almost equal to machine code to program them.
Curiously enough, it seems that one of the Core Wars programmers was Robert Thomas Morris, whose son programmed -years later- the "Morris worm". This malicious code became extraordinarily famous since it managed to infect 6,000 computers, an impressive figure for 1988.
- The new gurus of the 8-bits and the assembler language.
The names Altair, IMSAI and Apple in USA and Sinclair, Atari and Commodore in Europe, bring memories of times gone by, when a new generation of computer enthusiasts "fought" to establish their place in the programming world. To be the best, programmers needed to have profound knowledge of machine code and assembler, as interpreters of high-level languages used too much run time. BASIC, for example, was a relatively easy to learn language which allowed users to develop programs simply and quickly. It had however, many limitations.
This caused the appearance of two groups of programmers: those who used assembler and those who turned to high-level languages (BASIC and PASCAL, mainly).
Computer aficionados of the time enjoyed themselves more by programming useful software than malware. However, 1981 saw the birth of what can be considered the first 8-bit virus. Its name was "Elk Cloner", and was programmed in machine code. This virus could infect Apple II systems and displayed a message when it infected a computer.
part 6
Computer viruses evolve in much the same way as in other areas of IT. Two of the most important factors in understanding how viruses have reached their current level are the development of programming languages and the appearance of increasingly powerful hardware.
In 1981, almost at the same time as Elk Kloner (the first virus for 8-bit processors) made its appearance, a new operating system was growing in popularity. Its full name was Microsoft Disk Operating System, although computer buffs throughout the world would soon refer to it simply as DOS.
DOS viruses
The development of MS DOS systems occurred in parallel to the appearance of new, more powerful hardware. Personal computers were gradually establishing themselves as tools that people could use in their everyday lives, and the result was that the number of PCs users grew substantially. Perhaps inevitably, more users also started creating viruses. Gradually, we witnessed the appearance of the first viruses and Trojans for DOS, written in assembler language and demonstrating a degree of skill on the part of their authors.
Far less programmers know assembler language than are familiar with high-level languages that are far easier to learn. Malicious code written in Fortran, Basic, Cobol, C or Pascal soon began to appear. The last two languages, which are well established and very powerful, are the most widely used, particularly in their TurboC and Turbo Pascal versions. This ultimately led to the appearance of “virus families”: that is, viruses that are followed by a vast number of related viruses which are slightly modified forms of the original code.
Other users took the less ‘artistic’ approach of creating destructive viruses that did not require any great knowledge of programming. As a result, batch processing file viruses or BAT viruses began to appear.
Win16 viruses
The development of 16-bit processors led to a new era in computing. The first consequence was the birth of Windows, which, at the time, was just an application to make it easier to handle DOS using a graphic interface.
The structure of Windows 3.xx files is rather difficult to understand, and the assembler language code is very complicated, as a result of which few programmers initially attempted to develop viruses for this platform. But this problem was soon solved thanks to the development of programming tools for high-level languages, above all Visual Basic. This application is so effective that many virus creators adopted it as their ‘daily working tool’. This meant that writing a virus had become a very straightforward task, and viruses soon appeared in their hundreds. This development was accompanied by the appearance of the first Trojans able to steal passwords. As a result, more than 500 variants of the AOL Trojan family -designed to steal personal information from infected computers- were identified.
part 7
This seventh edition on the history of computer viruses will look at how the development of Windows and Visual Basic has influenced the evolution of viruses, as with the development of these, worldwide epidemics also evolved such as the first one caused by Melissa in 1999.
While Windows changed from being an application designed to make DOS easier to manage to a 32-bit platform and operating system in its own right, virus creators went back to using assembler as the main language for programming viruses.
Versions 5 and 6 of Visual Basic (VB) were developed, making it the preferred tool, along with Borland Delphi (the Pascal development for the Windows environment), for Trojan and worm writers. Then, Visual C, a powerful environment developed in C for Windows, was adopted for creating viruses, Trojans and worms. This last type of malware gained unusual strength, taking over almost all other types of viruses. Even though the characteristics of worms have changed over time, they all have the same objective: to spread to as many computers as possible, as quickly as possible.
With time, Visual Basic became extremely popular and Microsoft implemented part of the functionality of this language as an interpreter capable of running script files with a similar syntax.
At the same time as the Win32 platform was implemented, the first script viruses also appeared: malware inside a simple text file. These demonstrated that not only executable files (.EXE and .COM files) could carry viruses. As already seen with BAT viruses, there are also other means of propagation, proving the saying "anything that can be executed directly or through a interpreter can contain malware." To be specific, the first viruses that infected the macros included in Microsoft Office emerged. As a result, Word, Excel, Access and PowerPoint become ways of spreading ‘lethal weapons’, which destroyed information when the user simply opened a document.
Melissa and self-executing worms
The powerful script interpreters in Microsoft Office allowed virus authors to arm their creations with the characteristics of worms. A clear example is Melissa, a Word macro virus with the characteristics of a worm that infects Word 97 and 2000 documents. This worm automatically sends itself out as an attachment to an e-mail message to the first 50 contacts in the Outlook address book on the affected computer. This technique, which has unfortunately become very popular nowadays, was first used in this virus which, in 1999, caused one of the largest epidemics in computer history in just a few days. In fact, companies like Microsoft, Intel or Lucent Technologies had to block their connections to the Internet due to the actions of Melissa.
The technique started by Melissa was developed in 1999 by viruses like VBS/Freelink, which unlike its predecessor sent itself out to all the contacts in the address book on the infected PC. This started a new wave of worms capable of sending themselves out to all the contacts in the Outlook address book on the infected computer. Of these, the worm that most stands out from the rest is VBS/LoveLetter, more commonly known as ‘I love You’, which emerged in May 2000 and caused an epidemic that caused damage estimated at 10,000 million euros. In order to get the user’s attention and help it to spread, this worm sent itself out in an e-mail message with the subject ‘ILOVEYOU’ and an attached file called ‘LOVE-LETTER-FOR-YOU.TXT.VBS’. When the user opened this attachment, the computer was infected.
As well as Melissa, in 1999 another type of virus emerged that also marked a milestone in virus history. In November of that year, VBS/BubbleBoy appeared, a new type of Internet worm written in VB Script. VBS/BubbleBoy was automatically run without the user needing to click on an attached file, as it exploited a vulnerability in Internet Explorer 5 to automatically run when the message was opened or viewed. This worm was followed in 2000 by JS/Kak.Worm, which spread by hiding behind Java Script in the auto-signature in Microsoft Outlook Express, allowing it to infect computers without the user needing to run an attached file. These were the first samples of a series of worms, which were joined later on by worms capable of attacking computers when the user is browsing the Internet.
Like any other field in computer science, viruses have evolved -a great deal indeed- over the years. In the series of press releases which start today, we will look at the origins and evolution of malicious code since it first appeared up to the present.
Going back to the origin of viruses, it was in 1949 that Mathematician John Von Neumann described self-replicating programs which could resemble computer viruses as they are known today. However, it was not until the 60s that we find the predecessor of current viruses. In that decade, a group of programmers developed a game called Core Wars, which could reproduce every time it was run, and even saturate the memory of other players’ computers. The creators of this peculiar game also created the first antivirus, an application named Reeper, which could destroy copies created by Core Wars.
However, it was only in 1983 that one of these programmers announced the existence of Core Wars, which was described the following year in a prestigious scientific magazine: this was actually the starting point of what we call computer viruses today.
At that time, a still young MS-DOS was starting to become the preeminent operating system worldwide. This was a system with great prospects, but still many deficiencies as well, which arose from software developments and the lack of many hardware elements known today. Even like this, this new operating system became the target of a virus in 1986: Brain, a malicious code created in Pakistan which infected boot sectors of disks so that their contents could not be accessed. That year also saw the birth of the first Trojan: an application called PC-Write.
Shortly after, virus writers realized that infecting files could be even more harmful to systems. In 1987, a virus called Suriv-02 appeared, which infected COM files and opened the door to the infamous viruses Jerusalem or Viernes 13. However, the worst was still to come: 1988 set the date when the “Morris worm” appeared, infecting 6,000 computers.
From that date up to 1995 the types of malicious codes that are known today started being developed: the first macro viruses appeared, polymorphic viruses … Some of these even triggered epidemics, such as MichaelAngelo. However, there was an event that changed the virus scenario worldwide: the massive use of the Internet and e-mail. Little by little, viruses started adapting to this new situation until the appearance, in 1999, of Melissa, the first malicious code to cause a worldwide epidemic, opening a new era for computer viruses.
part 2
This second installment of ‘The evolution of viruses’ will look at how malicious code used to spread before use of the Internet and e-mail became as commonplace as it is today, and the main objectives of the creators of those earlier viruses.
Until the worldwide web and e-mail were adopted as a standard means of communication the world over, the main mediums through which viruses spread were floppy disks, removable drives, CDs, etc., containing files that were already infected or with the virus code in an executable boot sector.
When a virus entered a system it could go memory resident, infecting other files as they were opened, or it could start to reproduce immediately, also infecting other files on the system. The virus code could also be triggered by a certain event, for example when the system clock reached a certain date or time. In this case, the virus creator would calculate the time necessary for the virus to spread and then set a date –often with some particular significance- for the virus to activate. In this way, the virus would have an incubation period during which it didn’t visibly affect computers, but just spread from one system to another waiting for ‘D-day’ to launch its payload. This incubation period would be vital to the virus successfully infecting as many computers as possible.
One classic example of a destructive virus that lay low before releasing its payload was CIH, also known as Chernobyl. The most damaging version of this malicious code activated on April 26, when it would try to overwrite the flash-BIOS, the memory which includes the code needed to control PC devices. This virus, which first appeared in June 1998, had a serious impact for over two years and still continues to infect computers today.
Because of the way in which they propagate, these viruses spread very slowly, especially in comparison to the speed of today’s malicious code. Towards the end of the Eighties, for example, the Friday 13th (or Jerusalem) virus needed a long time to actually spread and continued to infect computers for some years. In contrast, experts reckon that in January 2003, SQLSlammer took just ten minutes to cause global communication problems across the Internet.
Notoriety versus stealth
For the most part, in the past, the activation of a malicious code triggered a series of on screen messages or images, or caused sounds to be emitted to catch the user’s attention. Such was the case with the Ping Pong virus, which displayed a ball bouncing from one side of the screen to another. This kind of elaborate display was used by the creator of the virus to gain as much notoriety as possible. Nowadays however, the opposite is the norm, with virus authors trying to make malicious code as discreet as possible, infecting users’ systems without them noticing that anything is amiss.
pat 3
This third installment of ‘The evolution of viruses’ will look at how the Internet and e-mail changed the propagation techniques used by computer viruses.
Internet and e-mail revolutionized communications. However, as expected, virus creators didn’t take long to realize that along with this new means of communication, an excellent way of spreading their creations far and wide had also dawned. Therefore, they quickly changed their aim from infecting a few computers while drawing as much attention to themselves as possible, to damaging as many computers as possible, as quickly as possible. This change in strategy resulted in the first global virus epidemic, which was caused by the Melissa worm.
With the appearance of Melissa, the economic impact of a virus started to become an issue. As a result, users -above all companies- started to become seriously concerned about the consequences of viruses on the security of their computers. This is how users discovered antivirus programs, which started to be installed widely. However, this also brought about a new challenge for virus writers, how to slip past this protection and how to persuade users to run infected files.
The answer to which of these virus strategies was the most effective came in the form of a new worm: Love Letter, which used a simple but effective ruse that could be considered an early type of social engineering. This strategy involves inserting false messages that trick users into thinking that the message includes anything, except a virus. This worm’s bait was simple; it led users to believe that they had received a love letter.
This technique is still the most widely used. However, it is closely followed by another tactic that has been the center of attention lately: exploiting vulnerabilities in commonly used software. This strategy offers a range of possibilities depending on the security hole exploited. The first malicious code to use this method –and quite successfully- were the BubbleBoy and Kakworm worms. These worms exploited a vulnerability in Internet Explorer by inserting HTML code in the body of the e-mail message, which allowed them to run automatically, without needing the user to do a thing.
Vulnerabilities allow many different types of actions to be carried out. For example, they allow viruses to be dropped on computers directly from the Internet -such as the Blaster worm-. In fact, the effects of the virus depend on the vulnerability that the virus author tries to exploit.
part 4
In the early days of computers, there were relatively few PCs likely to contain “sensitive” information, such as credit card numbers or other financial data, and these were generally limited to large companies that had already incorporated computers into working processes.
In any event, information stored in computers was not likely to be compromised, unless the computer was connected to a network through which the information could be transmitted. Of course, there were exceptions to this and there were cases in which hackers perpetrated frauds using data stored in IT systems. However, this was achieved through typical hacking activities, with no viruses involved.
The advent of the Internet however caused virus creators to change their objectives, and, from that moment on, they tried to infect as many computers as possible in the shortest time. Also, the introduction of Internet services -like e-banking or online shopping- brought in another change. Some virus creators started writing malicious codes not to infect computers, but, to steal confidential data associated to those services. Evidently, to achieve this, they needed viruses that could infect many computers silently.
Their malicious labor was finally rewarded with the appearance, in 1986, of a new breed of malicious code generically called “Trojan Horse”, or simply “Trojan”. This first Trojan was called PC-Write and tried to pass itself off as the shareware version of a text processor. When run, the Trojan displayed a functional text processor on screen. The problem was that, while the user wrote, PC-Write deleted and corrupted files on the computers’ hard disk.
After PC-Write, this type of malicious code evolved very quickly to reach the stage of present-day Trojans. Today, many of the people who design Trojans to steal data cannot be considered virus writers but simply thieves who, instead of using blowtorches or dynamite have turned to viruses to commit their crimes. Ldpinch.W or the Bancos or Tolger families of Trojans are examples of this
part 5
Even though none of them can be left aside, some particular fields of computer science have played a more determinant role than others with regard to the evolution of viruses. One of the most influential fields has been the development of programming languages.
These languages are basically a means of communication with computers in order to tell them what to do. Even though each of them has its own specific development and formulation rules, computers in fact understand only one language called "machine code".
Programming languages act as an interpreter between the programmer and the computer. Obviously, the more directly you can communicate with the computer, the better it will understand you, and more complex actions you can ask it to perform.
According to this, programming languages can be divided into "low and high level" languages, depending on whether their syntax is more understandable for programmers or for computers. A "high level" language uses expressions that are easily understandable for most programmers, but not so much for computers. Visual Basic and C are good examples of this type of language.
On the contrary, expressions used by "low level" languages are closer to machine code, but are very difficult to understand for someone who has not been involved in the programming process. One of the most powerful, most widely used examples of this type of language is "assembler".
In order to explain the use of programming languages through virus history, it is necessary to refer to hardware evolution. It is not difficult to understand that an old 8-bit processor does not have the power of modern 64-bit processors, and this of course, has had an impact on the programming languages used.
In this and the next installments of this series, we will look at the different programming languages used by virus creators through computer history:
- Virus antecessors: Core Wars
As was already explained in the first chapter of this series, a group of programs called Core Wars, developed by engineers at an important telecommunications company, are considered the antecessors of current-day viruses. Computer science was still in the early stages and programming languages had hardly developed. For this reason, authors of these proto-viruses used a language that was almost equal to machine code to program them.
Curiously enough, it seems that one of the Core Wars programmers was Robert Thomas Morris, whose son programmed -years later- the "Morris worm". This malicious code became extraordinarily famous since it managed to infect 6,000 computers, an impressive figure for 1988.
- The new gurus of the 8-bits and the assembler language.
The names Altair, IMSAI and Apple in USA and Sinclair, Atari and Commodore in Europe, bring memories of times gone by, when a new generation of computer enthusiasts "fought" to establish their place in the programming world. To be the best, programmers needed to have profound knowledge of machine code and assembler, as interpreters of high-level languages used too much run time. BASIC, for example, was a relatively easy to learn language which allowed users to develop programs simply and quickly. It had however, many limitations.
This caused the appearance of two groups of programmers: those who used assembler and those who turned to high-level languages (BASIC and PASCAL, mainly).
Computer aficionados of the time enjoyed themselves more by programming useful software than malware. However, 1981 saw the birth of what can be considered the first 8-bit virus. Its name was "Elk Cloner", and was programmed in machine code. This virus could infect Apple II systems and displayed a message when it infected a computer.
part 6
Computer viruses evolve in much the same way as in other areas of IT. Two of the most important factors in understanding how viruses have reached their current level are the development of programming languages and the appearance of increasingly powerful hardware.
In 1981, almost at the same time as Elk Kloner (the first virus for 8-bit processors) made its appearance, a new operating system was growing in popularity. Its full name was Microsoft Disk Operating System, although computer buffs throughout the world would soon refer to it simply as DOS.
DOS viruses
The development of MS DOS systems occurred in parallel to the appearance of new, more powerful hardware. Personal computers were gradually establishing themselves as tools that people could use in their everyday lives, and the result was that the number of PCs users grew substantially. Perhaps inevitably, more users also started creating viruses. Gradually, we witnessed the appearance of the first viruses and Trojans for DOS, written in assembler language and demonstrating a degree of skill on the part of their authors.
Far less programmers know assembler language than are familiar with high-level languages that are far easier to learn. Malicious code written in Fortran, Basic, Cobol, C or Pascal soon began to appear. The last two languages, which are well established and very powerful, are the most widely used, particularly in their TurboC and Turbo Pascal versions. This ultimately led to the appearance of “virus families”: that is, viruses that are followed by a vast number of related viruses which are slightly modified forms of the original code.
Other users took the less ‘artistic’ approach of creating destructive viruses that did not require any great knowledge of programming. As a result, batch processing file viruses or BAT viruses began to appear.
Win16 viruses
The development of 16-bit processors led to a new era in computing. The first consequence was the birth of Windows, which, at the time, was just an application to make it easier to handle DOS using a graphic interface.
The structure of Windows 3.xx files is rather difficult to understand, and the assembler language code is very complicated, as a result of which few programmers initially attempted to develop viruses for this platform. But this problem was soon solved thanks to the development of programming tools for high-level languages, above all Visual Basic. This application is so effective that many virus creators adopted it as their ‘daily working tool’. This meant that writing a virus had become a very straightforward task, and viruses soon appeared in their hundreds. This development was accompanied by the appearance of the first Trojans able to steal passwords. As a result, more than 500 variants of the AOL Trojan family -designed to steal personal information from infected computers- were identified.
part 7
This seventh edition on the history of computer viruses will look at how the development of Windows and Visual Basic has influenced the evolution of viruses, as with the development of these, worldwide epidemics also evolved such as the first one caused by Melissa in 1999.
While Windows changed from being an application designed to make DOS easier to manage to a 32-bit platform and operating system in its own right, virus creators went back to using assembler as the main language for programming viruses.
Versions 5 and 6 of Visual Basic (VB) were developed, making it the preferred tool, along with Borland Delphi (the Pascal development for the Windows environment), for Trojan and worm writers. Then, Visual C, a powerful environment developed in C for Windows, was adopted for creating viruses, Trojans and worms. This last type of malware gained unusual strength, taking over almost all other types of viruses. Even though the characteristics of worms have changed over time, they all have the same objective: to spread to as many computers as possible, as quickly as possible.
With time, Visual Basic became extremely popular and Microsoft implemented part of the functionality of this language as an interpreter capable of running script files with a similar syntax.
At the same time as the Win32 platform was implemented, the first script viruses also appeared: malware inside a simple text file. These demonstrated that not only executable files (.EXE and .COM files) could carry viruses. As already seen with BAT viruses, there are also other means of propagation, proving the saying "anything that can be executed directly or through a interpreter can contain malware." To be specific, the first viruses that infected the macros included in Microsoft Office emerged. As a result, Word, Excel, Access and PowerPoint become ways of spreading ‘lethal weapons’, which destroyed information when the user simply opened a document.
Melissa and self-executing worms
The powerful script interpreters in Microsoft Office allowed virus authors to arm their creations with the characteristics of worms. A clear example is Melissa, a Word macro virus with the characteristics of a worm that infects Word 97 and 2000 documents. This worm automatically sends itself out as an attachment to an e-mail message to the first 50 contacts in the Outlook address book on the affected computer. This technique, which has unfortunately become very popular nowadays, was first used in this virus which, in 1999, caused one of the largest epidemics in computer history in just a few days. In fact, companies like Microsoft, Intel or Lucent Technologies had to block their connections to the Internet due to the actions of Melissa.
The technique started by Melissa was developed in 1999 by viruses like VBS/Freelink, which unlike its predecessor sent itself out to all the contacts in the address book on the infected PC. This started a new wave of worms capable of sending themselves out to all the contacts in the Outlook address book on the infected computer. Of these, the worm that most stands out from the rest is VBS/LoveLetter, more commonly known as ‘I love You’, which emerged in May 2000 and caused an epidemic that caused damage estimated at 10,000 million euros. In order to get the user’s attention and help it to spread, this worm sent itself out in an e-mail message with the subject ‘ILOVEYOU’ and an attached file called ‘LOVE-LETTER-FOR-YOU.TXT.VBS’. When the user opened this attachment, the computer was infected.
As well as Melissa, in 1999 another type of virus emerged that also marked a milestone in virus history. In November of that year, VBS/BubbleBoy appeared, a new type of Internet worm written in VB Script. VBS/BubbleBoy was automatically run without the user needing to click on an attached file, as it exploited a vulnerability in Internet Explorer 5 to automatically run when the message was opened or viewed. This worm was followed in 2000 by JS/Kak.Worm, which spread by hiding behind Java Script in the auto-signature in Microsoft Outlook Express, allowing it to infect computers without the user needing to run an attached file. These were the first samples of a series of worms, which were joined later on by worms capable of attacking computers when the user is browsing the Internet.
Thursday, June 11, 2009
How to enable Control panel
How to enable Control panel
start---->run--> (type the command gpedit.msc) it show the group policy edit than go
to local computer policy---->user configuration---->administrative templets---->control panel
---->prohibit access to the control panel-->click on the not configured and the apply and ok then onece refresh. and then open the control panel.
start---->run--> (type the command gpedit.msc) it show the group policy edit than go
to local computer policy---->user configuration---->administrative templets---->control panel
---->prohibit access to the control panel-->click on the not configured and the apply and ok then onece refresh. and then open the control panel.
Sunday, April 19, 2009
Make A Autorun File For your CD
Make A Autorun File For your CD
If you wanna make a autorun file for that CD you are ready to burn just read this...
1) You open notepad
2) now you writ: [autorun]
OPEN=INSTALL\Setup_filename.EXE
ICON=INSTALL\Setup_filename.EXE
Now save it but not as a .txt file but as a .inf file.
But remember! The "Setup_filename.EXE" MUST be replaced with the name of the setup file. And you also need to rember that it is not all of the setup files there are called '.exe but some are called '.msi
3) Now burn your CD with the autorun .inf file included.
4) Now set the CD in you CD drive and wait for the autorun to begin or if nothing happens just double-click on the CD drive in "This Computer"
If you wanna make a autorun file for that CD you are ready to burn just read this...
1) You open notepad
2) now you writ: [autorun]
OPEN=INSTALL\Setup_filename.EXE
ICON=INSTALL\Setup_filename.EXE
Now save it but not as a .txt file but as a .inf file.
But remember! The "Setup_filename.EXE" MUST be replaced with the name of the setup file. And you also need to rember that it is not all of the setup files there are called '.exe but some are called '.msi
3) Now burn your CD with the autorun .inf file included.
4) Now set the CD in you CD drive and wait for the autorun to begin or if nothing happens just double-click on the CD drive in "This Computer"
Remove Linux From Your Pc Safely
Remove Linux From Your Pc Safely, ...and restoring your MBR
First of all you need to know where your Linux OS is installed to. that is what drive it is currently living on. Bear in mind that Linux formats the drive as HFS rather than Fat/Fat32 or NTFS. ( These are the file systems used by various Operating Systems).
So HFS Partitions are not seen by windows, so its hidden.
To remove the partitions of Linux in WindowsXP go to your 'Control panel' > Admistrative Tools > Computer Managment
Open 'Disk Management' and you will see your Linux drives recognised as 'Unknown Partition' plus the status of the drive. Bearing in mind you know what partition and disk you installed to it will be easier to recognise as the drive/partition where you had installed it to.
Once you have identifed the drives, 'right-Click' on the drive/partiton and select 'Delete Logical Drive'
Once you have followed this through, you will now have free space.
This next part is very important. Once you have formatted the drive, re format it as your required file system type. either Fat32 or NTFS. Now the important part is coming up !
Fixing your Master Boot Record to make Windows Bootable again.
Have a Windows Boot disk with all the basic DOS Commands loaded on to the disk. A standard Windows 98/Me Boot Disk will work too.
Type in the DOS command :
e.g, from your C:\
fdisk /mbr
Or use your Windows XP run the recovery console, pick which xp install you would like to boot in to (usually you will pick #1)
then type: fixmbr. Answer Y to the dialoge.
Your master boot record will now be restored and Windows XP will be bootable once again. Your System will be restored with your original boot loader that you got with Windows XP.
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
First of all you need to know where your Linux OS is installed to. that is what drive it is currently living on. Bear in mind that Linux formats the drive as HFS rather than Fat/Fat32 or NTFS. ( These are the file systems used by various Operating Systems).
So HFS Partitions are not seen by windows, so its hidden.
To remove the partitions of Linux in WindowsXP go to your 'Control panel' > Admistrative Tools > Computer Managment
Open 'Disk Management' and you will see your Linux drives recognised as 'Unknown Partition' plus the status of the drive. Bearing in mind you know what partition and disk you installed to it will be easier to recognise as the drive/partition where you had installed it to.
Once you have identifed the drives, 'right-Click' on the drive/partiton and select 'Delete Logical Drive'
Once you have followed this through, you will now have free space.
This next part is very important. Once you have formatted the drive, re format it as your required file system type. either Fat32 or NTFS. Now the important part is coming up !
Fixing your Master Boot Record to make Windows Bootable again.
Have a Windows Boot disk with all the basic DOS Commands loaded on to the disk. A standard Windows 98/Me Boot Disk will work too.
Type in the DOS command :
e.g, from your C:\
fdisk /mbr
Or use your Windows XP run the recovery console, pick which xp install you would like to boot in to (usually you will pick #1)
then type: fixmbr. Answer Y to the dialoge.
Your master boot record will now be restored and Windows XP will be bootable once again. Your System will be restored with your original boot loader that you got with Windows XP.
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
How to Increase Internet Speed
Windows uses 20% of your bandwidth Here's how to Get it back
A nice little tweak for XP. Microsoft reserve 20% of your available bandwidth for their own purposes (suspect for updates and interrogating your machine etc..)
Here's how to get it back:
Click Start-->Run-->type "gpedit.msc" without the "
This opens the group policy editor. Then go to:
Local Computer Policy-->Computer Configuration-->Administrative Templates-->Network-->QOS Packet Scheduler-->Limit Reservable Bandwidth
Double click on Limit Reservable bandwidth. It will say it is not configured, but the truth is under the 'Explain' tab :
"By default, the Packet Scheduler limits the system to 20 percent of the bandwidth of a connection, but you can use this setting to override the default."
So the trick is to ENABLE reservable bandwidth, then set it to ZERO.
This will allow the system to reserve nothing, rather than the default 20%.
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
A nice little tweak for XP. Microsoft reserve 20% of your available bandwidth for their own purposes (suspect for updates and interrogating your machine etc..)
Here's how to get it back:
Click Start-->Run-->type "gpedit.msc" without the "
This opens the group policy editor. Then go to:
Local Computer Policy-->Computer Configuration-->Administrative Templates-->Network-->QOS Packet Scheduler-->Limit Reservable Bandwidth
Double click on Limit Reservable bandwidth. It will say it is not configured, but the truth is under the 'Explain' tab :
"By default, the Packet Scheduler limits the system to 20 percent of the bandwidth of a connection, but you can use this setting to override the default."
So the trick is to ENABLE reservable bandwidth, then set it to ZERO.
This will allow the system to reserve nothing, rather than the default 20%.
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
User's guide to avoiding virus infections
User's guide to avoiding virus infections Keeping an eye out for viruses
Computer viruses are everywhere! This guide will show you how to stay alert and how to avoid getting infections on your computer. Having an updated virus scanner is only a small part of this, there are many ways that you can prevent having viruses other than a virus scanner, as it will not always save you.
Types of viruses
There are many type of viruses. Typical viruses are simply programs or scripts that will do various damage to your computer, such as corrupting files, copying itself into files, slowly deleting all your hard drive etc. This depends on the virus. Most viruses also mail themselves to other people in the address book. This way they spread really fast and appear at others' inboxes as too many people still fall for these. Most viruses will try to convince you to open the attachment, but I have never got one that tricked me. In fact, I found myself emailing people just to make sure they really did send me something. It does not hurt to be safe.
Worms
Worms are different type of viruses, but the same idea, but they are usually designed to copy themselves a lot over a network and usually try to eat up as much bandwidth as possible by sending commands to servers to try to get in. The code red worm is a good example of this. This worm breaks in a security hole in Microsoft IIS (Internet Information Server) in which is a badly coded http server that, despite the security risks, a lot of people use it. When the worm successfully gets in, it will try to go into other servers from there. When IceTeks was run on a dedicated server at my house, there was about 10 or so attempts per day, but because we ran Apache, the attempts did not do anything but waste bandwidth and not much as I had it fixed a special way. Some worms such as the SQL slammer will simply send themselves over and over so many times that they will clog up networks, and sometimes all of the internet. Worms usually affect servers more than home users, but again, this depends on what worm it is. It is suspected that most worms are efforts from the RIAA to try to stop piracy, so they try to clog up networks that could contain files. Unfortunately, the RIAA have the authority to do these damages and even if caught, nothing can be done.
Trojans
Trojans are another type of virus. They are simply like a server in which enables hackers to get into and control the computer. A trojan such as Subseven can enable a hacker to do various things such as control the mouse, eject the cd-rom drive, delete/download/upload files and much more.
MBR virues
Boot sector viruses are another type, they are similar to file viruses, but instead they go in the boot sector and can cause serious damage when the computer is booted, some can easily format your drive simply by booting your computer. These are hard to remove.
Most viruses have various characteristics. For example, a worm can also be a trojan and also infect the boot sector. It all depends on how the virus is written and what it is designed to do. That's why there are not really strong structured categories, as they can easily mix one in the other.
Know the potentially dangerous files
Like any other files, viruses must be opened in order to do something. Most viruses come through e-mail as an attachment. Some will make it look like it's someone you know, and it will try to convince you to open an attachment. Never open attachments at any cost! Some viruses will infect files in programs, so opening a program will actually open the virus, maybe the same one, or another part of it.
All files have what is called an extension; This is the 3 last letters after the last period. For example, setup.exe has a file extension of .exe.
Extensions to watch out for are .exe .com .bat .scr .pif .vbs and others, but these are the most seen. .exe .com .bat .pif and .scr are valid extensions for executables. A virus writer will simply rename it to one of these and it will work the same way. .pif is a shortcut to an ms-dos program and will have the ms dos icon, but will still execute whatever code is in it, so an .exe can be renamed to .pif and be run the same way. .bat is a batch file, which can contain instructions to do various file activities, but again, a .exe can be renamed to .bat and it will execute it! .vbs is a visual basic script. For some reason, Microsoft provides this scripting language along with the scripting host to make it more convenient to design and write viruses quickly and easily, I've never seen another use for this scripting language other than for writing viruses. There are programs that are written with that language, but it is compiled into an exe. Exe is the usual extension for programs, you would not have a software CD install a bunch of vbs files all over!
Bottom line is, if you don't know what a file is just don't open it. Some viruses will sometimes be named a way as to mask the real file extension to make it look like a harmless file such as a image file. This is easily noticed, but can still be missed. Simply don't open unexpected files.
If you get something that appears like something legit, just ask the person it came from if they sent it. Most viruses use a friend's address to make it look like it comes from them. The virus does this by using the person's address when sending itself to the address book contacts.
Downloads
Email is not the only way to get viruses; P2P (file sharing programs such as kazaa, winmx, direct connect etc) is also another way to get viruses.
When downloading programs, the main thing to watch out for is the file size. If you are downloading a program that you expect to be rather large such as a game, don't grab a file that is 10KB, since it's most likely a virus. However, I've been caught with a virus even with large files, so file size is not the only thing to watch, as an exe is still valid even if junk is added at the end, so a 64KB virus will still function even if it is turned into 650MB.
Icons are something to look for too, fortunately, virus writers don't take time to put icons. If your download should be a setup file, you should see the icon of a setup file. If it's just the blank icon that typical plain or corrupted exes have, don't open it.
Another thing to do, which should be obvious, is to scan the file for viruses using updated virus definitions. But don't rely on only your virus scanner, as they are not perfect, and if the virus has not been reported to them yet, they won't know to create a definition for it!
Changing settings to stay safe
If you do open a virus, you want to avoid it going to all your friends. The simplest thing to do is to NOT use the windows address book. It is easy for viruses to get through and Microsoft is not doing anything about it. Just don't use it. Put them in spreadsheet or even better write them down somewhere. Don't use the address book.
Another "feature" to avoid is the auto preview. Some viruses can attempt to open themselves just by opening the email. There are security holes in Microsoft mail programs that allow this. In Microsoft Outlook, click on the view menu and remove auto preview. You need to do this for every folder, but the inbox is most important. In Outlook Express, click on the view menu and go to layout. In the dialog box, you will see a check box for show preview pane. Uncheck it and click ok.
Another thing you should change, especially if you download a lot, is the option that allows you to view the file extension. In Win98, go in any folder, click on view then folder options and choose the view tab and where it says hide file extension for known types, uncheck it. In win2k, it is the same process, but instead, go in the control panel and open the folder options icon.
Avoiding server worms
Some viruses, mostly worms, can exploit through servers and affect other servers from servers that have been infected. A good example is the SQL slammer. This was a worm that affected SQL servers run by Microsoft IIS and Microsoft SQL Server. Once the worm gets in, that particular server starts trying to find more exploitable driving internet connections to a halt in the process. Servers running Apache were unaffected by that, except for the many hits to try to get in. IceTeks received about 100 hits per day when it was run on a dedicated home server. Most hits came from major ISPs and other big websites that had no clue they were still affected.
The simple solution to avoid these types of viruses is to NOT use Microsoft based server software for your server, especially if it is a public server. The operating system is also crucial, but the actual server software is much more. Apache, which is free, is much more secure than Microsoft based server programs such as IIS. IIS may be easier to understand and administer, but it saves a lot of hassle to learn how to use Apache. IIS has a large number of vulnerabilities, such as the ability to gain access to cmd.exe and basically delete the whole drive by doing a ../ request in the address bar. These don't require viruses, but simply commands, but there are worms written to automatically make these commands. The code red does this.
Removing a virus
The best way to do this is to do a clean install. However, depending on how bad the virus is, a simple clean install won't remove it. So to be extra sure, you'll want to do a low level format. This is especially true of you got a boot sector virus, as even repartitioning and formatting won't quite remove it, but sometimes you can get away with an fdisk /mbr, but not all the time. here are various removal tools for viruses, it is good to use them and see if they work, but proceeding with the clean install is recommended. You never know if the virus is completely removed by deleting files you suspect are infected. Some viruses such as the Bugbear will close anti virus programs and other programs to make it hard and annoying to figure out what to do. A clean install is the best way to ensure that it's gone for good.
Viruses are out there, don't be one of the many infected ones! Stay alert and stay safe! Don't open unexpected files, regularly update your virus definitions and scan downloaded files!
I hope this article was useful for you!.
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
Computer viruses are everywhere! This guide will show you how to stay alert and how to avoid getting infections on your computer. Having an updated virus scanner is only a small part of this, there are many ways that you can prevent having viruses other than a virus scanner, as it will not always save you.
Types of viruses
There are many type of viruses. Typical viruses are simply programs or scripts that will do various damage to your computer, such as corrupting files, copying itself into files, slowly deleting all your hard drive etc. This depends on the virus. Most viruses also mail themselves to other people in the address book. This way they spread really fast and appear at others' inboxes as too many people still fall for these. Most viruses will try to convince you to open the attachment, but I have never got one that tricked me. In fact, I found myself emailing people just to make sure they really did send me something. It does not hurt to be safe.
Worms
Worms are different type of viruses, but the same idea, but they are usually designed to copy themselves a lot over a network and usually try to eat up as much bandwidth as possible by sending commands to servers to try to get in. The code red worm is a good example of this. This worm breaks in a security hole in Microsoft IIS (Internet Information Server) in which is a badly coded http server that, despite the security risks, a lot of people use it. When the worm successfully gets in, it will try to go into other servers from there. When IceTeks was run on a dedicated server at my house, there was about 10 or so attempts per day, but because we ran Apache, the attempts did not do anything but waste bandwidth and not much as I had it fixed a special way. Some worms such as the SQL slammer will simply send themselves over and over so many times that they will clog up networks, and sometimes all of the internet. Worms usually affect servers more than home users, but again, this depends on what worm it is. It is suspected that most worms are efforts from the RIAA to try to stop piracy, so they try to clog up networks that could contain files. Unfortunately, the RIAA have the authority to do these damages and even if caught, nothing can be done.
Trojans
Trojans are another type of virus. They are simply like a server in which enables hackers to get into and control the computer. A trojan such as Subseven can enable a hacker to do various things such as control the mouse, eject the cd-rom drive, delete/download/upload files and much more.
MBR virues
Boot sector viruses are another type, they are similar to file viruses, but instead they go in the boot sector and can cause serious damage when the computer is booted, some can easily format your drive simply by booting your computer. These are hard to remove.
Most viruses have various characteristics. For example, a worm can also be a trojan and also infect the boot sector. It all depends on how the virus is written and what it is designed to do. That's why there are not really strong structured categories, as they can easily mix one in the other.
Know the potentially dangerous files
Like any other files, viruses must be opened in order to do something. Most viruses come through e-mail as an attachment. Some will make it look like it's someone you know, and it will try to convince you to open an attachment. Never open attachments at any cost! Some viruses will infect files in programs, so opening a program will actually open the virus, maybe the same one, or another part of it.
All files have what is called an extension; This is the 3 last letters after the last period. For example, setup.exe has a file extension of .exe.
Extensions to watch out for are .exe .com .bat .scr .pif .vbs and others, but these are the most seen. .exe .com .bat .pif and .scr are valid extensions for executables. A virus writer will simply rename it to one of these and it will work the same way. .pif is a shortcut to an ms-dos program and will have the ms dos icon, but will still execute whatever code is in it, so an .exe can be renamed to .pif and be run the same way. .bat is a batch file, which can contain instructions to do various file activities, but again, a .exe can be renamed to .bat and it will execute it! .vbs is a visual basic script. For some reason, Microsoft provides this scripting language along with the scripting host to make it more convenient to design and write viruses quickly and easily, I've never seen another use for this scripting language other than for writing viruses. There are programs that are written with that language, but it is compiled into an exe. Exe is the usual extension for programs, you would not have a software CD install a bunch of vbs files all over!
Bottom line is, if you don't know what a file is just don't open it. Some viruses will sometimes be named a way as to mask the real file extension to make it look like a harmless file such as a image file. This is easily noticed, but can still be missed. Simply don't open unexpected files.
If you get something that appears like something legit, just ask the person it came from if they sent it. Most viruses use a friend's address to make it look like it comes from them. The virus does this by using the person's address when sending itself to the address book contacts.
Downloads
Email is not the only way to get viruses; P2P (file sharing programs such as kazaa, winmx, direct connect etc) is also another way to get viruses.
When downloading programs, the main thing to watch out for is the file size. If you are downloading a program that you expect to be rather large such as a game, don't grab a file that is 10KB, since it's most likely a virus. However, I've been caught with a virus even with large files, so file size is not the only thing to watch, as an exe is still valid even if junk is added at the end, so a 64KB virus will still function even if it is turned into 650MB.
Icons are something to look for too, fortunately, virus writers don't take time to put icons. If your download should be a setup file, you should see the icon of a setup file. If it's just the blank icon that typical plain or corrupted exes have, don't open it.
Another thing to do, which should be obvious, is to scan the file for viruses using updated virus definitions. But don't rely on only your virus scanner, as they are not perfect, and if the virus has not been reported to them yet, they won't know to create a definition for it!
Changing settings to stay safe
If you do open a virus, you want to avoid it going to all your friends. The simplest thing to do is to NOT use the windows address book. It is easy for viruses to get through and Microsoft is not doing anything about it. Just don't use it. Put them in spreadsheet or even better write them down somewhere. Don't use the address book.
Another "feature" to avoid is the auto preview. Some viruses can attempt to open themselves just by opening the email. There are security holes in Microsoft mail programs that allow this. In Microsoft Outlook, click on the view menu and remove auto preview. You need to do this for every folder, but the inbox is most important. In Outlook Express, click on the view menu and go to layout. In the dialog box, you will see a check box for show preview pane. Uncheck it and click ok.
Another thing you should change, especially if you download a lot, is the option that allows you to view the file extension. In Win98, go in any folder, click on view then folder options and choose the view tab and where it says hide file extension for known types, uncheck it. In win2k, it is the same process, but instead, go in the control panel and open the folder options icon.
Avoiding server worms
Some viruses, mostly worms, can exploit through servers and affect other servers from servers that have been infected. A good example is the SQL slammer. This was a worm that affected SQL servers run by Microsoft IIS and Microsoft SQL Server. Once the worm gets in, that particular server starts trying to find more exploitable driving internet connections to a halt in the process. Servers running Apache were unaffected by that, except for the many hits to try to get in. IceTeks received about 100 hits per day when it was run on a dedicated home server. Most hits came from major ISPs and other big websites that had no clue they were still affected.
The simple solution to avoid these types of viruses is to NOT use Microsoft based server software for your server, especially if it is a public server. The operating system is also crucial, but the actual server software is much more. Apache, which is free, is much more secure than Microsoft based server programs such as IIS. IIS may be easier to understand and administer, but it saves a lot of hassle to learn how to use Apache. IIS has a large number of vulnerabilities, such as the ability to gain access to cmd.exe and basically delete the whole drive by doing a ../ request in the address bar. These don't require viruses, but simply commands, but there are worms written to automatically make these commands. The code red does this.
Removing a virus
The best way to do this is to do a clean install. However, depending on how bad the virus is, a simple clean install won't remove it. So to be extra sure, you'll want to do a low level format. This is especially true of you got a boot sector virus, as even repartitioning and formatting won't quite remove it, but sometimes you can get away with an fdisk /mbr, but not all the time. here are various removal tools for viruses, it is good to use them and see if they work, but proceeding with the clean install is recommended. You never know if the virus is completely removed by deleting files you suspect are infected. Some viruses such as the Bugbear will close anti virus programs and other programs to make it hard and annoying to figure out what to do. A clean install is the best way to ensure that it's gone for good.
Viruses are out there, don't be one of the many infected ones! Stay alert and stay safe! Don't open unexpected files, regularly update your virus definitions and scan downloaded files!
I hope this article was useful for you!.
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
How to create a Bootable Windows XP SP1 CD
How to create a Bootable Windows XP SP1 CD (Nero):
Step 1
Create 3 folders - C:\WINXPSP1, C:\SP1106 and C:\XPBOOT
Step 2
Copy the entire Windows XP CD into folder C:\WINXPSP1
Step 3
You will have to download the SP1 Update, which is 133MB.
Rename the Service Pack file to XP-SP1.EXE
Extract the Service Pack from the Run Dialog using the command:
C:\XP-SP1.EXE -U -X:C:\SP1106
Step 4
Open Start/Run... and type the command:
C:\SP1106\update\update.exe -s:C:\WINXPSP1
Click OK
Folder C:\WINXPSP1 contains: Windows XP SP1
How to Create a Windows XP SP1 CD Bootable
Step 1
Download xpboot.zip
Code:
Code:
http://thro.port5.com/xpboot.zip
( no download manager !! )
Extract xpboot.zip file (xpboot.bin) in to the folder C:\XPBOOT
Step 2
Start Nero - Burning Rom.
Select File > New... from the menu.
1.) Select CD-ROM (Boot)
2.) Select Image file from Source of boot image data
3.) Set Kind of emulation: to No Emulation
4.) Set Load segment of sectors (hex!): to 07C0
5.) Set Number of loaded sectors: to 4
6.) Press the Browse... button
Step 3
Select All Files (*.*) from File of type:
Locate boot.bin in the folder C:\XPBOOT
Step 4
Click ISO tab
Set File-/Directory length to ISO Level 1 (Max. of 11 = 8 + 3 chars)
Set Format to Mode 1
Set Character Set to ISO 9660
Check all Relax ISO Restrictions
Step 5
Click Label Tab
Select ISO9660 from the drop down box.
Enter the Volume Label as WB2PFRE_EN
Enter the System Identifier as WB2PFRE_EN
Enter the Volume Set as WB2PFRE_EN
Enter the Publisher as MICROSOFT CORPORATION
Enter the Data Preparer as MICROSOFT CORPORATION
Enter the Application as WB2PFRE_EN
* For Windows XP Professional OEM substitute WB2PFRE_EN with WXPOEM_EN
* For Windows XP Home OEM substitute WB2PFRE_EN with WXHOEM_EN
Step 6
Click Burn tab
Check Write
Check Finalize CD (No further writing possible!)
Set Write Method to Disk-At-Once
Press New button
Step 7
Locate the folder C:\WINXPSP1
Select everything in the folder and drag it to the ISO compilation panel.
Click the Write CD Dialog button.
Press Write
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
Step 1
Create 3 folders - C:\WINXPSP1, C:\SP1106 and C:\XPBOOT
Step 2
Copy the entire Windows XP CD into folder C:\WINXPSP1
Step 3
You will have to download the SP1 Update, which is 133MB.
Rename the Service Pack file to XP-SP1.EXE
Extract the Service Pack from the Run Dialog using the command:
C:\XP-SP1.EXE -U -X:C:\SP1106
Step 4
Open Start/Run... and type the command:
C:\SP1106\update\update.exe -s:C:\WINXPSP1
Click OK
Folder C:\WINXPSP1 contains: Windows XP SP1
How to Create a Windows XP SP1 CD Bootable
Step 1
Download xpboot.zip
Code:
Code:
http://thro.port5.com/xpboot.zip
( no download manager !! )
Extract xpboot.zip file (xpboot.bin) in to the folder C:\XPBOOT
Step 2
Start Nero - Burning Rom.
Select File > New... from the menu.
1.) Select CD-ROM (Boot)
2.) Select Image file from Source of boot image data
3.) Set Kind of emulation: to No Emulation
4.) Set Load segment of sectors (hex!): to 07C0
5.) Set Number of loaded sectors: to 4
6.) Press the Browse... button
Step 3
Select All Files (*.*) from File of type:
Locate boot.bin in the folder C:\XPBOOT
Step 4
Click ISO tab
Set File-/Directory length to ISO Level 1 (Max. of 11 = 8 + 3 chars)
Set Format to Mode 1
Set Character Set to ISO 9660
Check all Relax ISO Restrictions
Step 5
Click Label Tab
Select ISO9660 from the drop down box.
Enter the Volume Label as WB2PFRE_EN
Enter the System Identifier as WB2PFRE_EN
Enter the Volume Set as WB2PFRE_EN
Enter the Publisher as MICROSOFT CORPORATION
Enter the Data Preparer as MICROSOFT CORPORATION
Enter the Application as WB2PFRE_EN
* For Windows XP Professional OEM substitute WB2PFRE_EN with WXPOEM_EN
* For Windows XP Home OEM substitute WB2PFRE_EN with WXHOEM_EN
Step 6
Click Burn tab
Check Write
Check Finalize CD (No further writing possible!)
Set Write Method to Disk-At-Once
Press New button
Step 7
Locate the folder C:\WINXPSP1
Select everything in the folder and drag it to the ISO compilation panel.
Click the Write CD Dialog button.
Press Write
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
How to delete auto run virus
How to delete auto run virus
1. Go to Start -->Run, Then type cmd
2.type cd\
3. type attrib -s -h auto run.* press enter
4. open your C drive and delete auto run.txt file
5. follow the 3 & 4 steps for remaining drives
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
1. Go to Start -->Run, Then type cmd
2.type cd\
3. type attrib -s -h auto run.* press enter
4. open your C drive and delete auto run.txt file
5. follow the 3 & 4 steps for remaining drives
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
How to see hidden files
How to see hidden files
Due to some viruses we not able to see hidden files
to solve this problem follow the below steps
1. Go to Start --> Run, then type regedit
2. Navigate to the registry folder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
3. Find a key called CheckedValue.
4. Double Click CheckedValue key and modify it to 1. This is to show all the hidden files.
Now you should be able to view all the hidden files, and also to alter its status from folder options.
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
Due to some viruses we not able to see hidden files
to solve this problem follow the below steps
1. Go to Start --> Run, then type regedit
2. Navigate to the registry folder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
3. Find a key called CheckedValue.
4. Double Click CheckedValue key and modify it to 1. This is to show all the hidden files.
Now you should be able to view all the hidden files, and also to alter its status from folder options.
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
Hide your folders in a different ways
Hide your folders in a different ways
1)Right Click on the desktop.Make a new folder
2)Now rename the folder with a space(U have to hold ALT key and type 0160).
3)Now u have a folder with out a name.
4)Right click on the folder>properties>customize. Click on change icon.
5)Scroll a bit, u should find some empty spaces, Click on any one of them.click ok
Thats it, now u can store ur personal data without any 3rd party tools.
U can also hide ur folder by dis method:-
open Start>Run>CMD
now type attrib +s +h C:/name of d folder u want to hide
Now even in the folder option Show all Hide folders is slected still u will get dis folder hide...
And to unhide type same command just put "-" instead of "+"
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
1)Right Click on the desktop.Make a new folder
2)Now rename the folder with a space(U have to hold ALT key and type 0160).
3)Now u have a folder with out a name.
4)Right click on the folder>properties>customize. Click on change icon.
5)Scroll a bit, u should find some empty spaces, Click on any one of them.click ok
Thats it, now u can store ur personal data without any 3rd party tools.
U can also hide ur folder by dis method:-
open Start>Run>CMD
now type attrib +s +h C:/name of d folder u want to hide
Now even in the folder option Show all Hide folders is slected still u will get dis folder hide...
And to unhide type same command just put "-" instead of "+"
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
extend or reset trial period of Softwares
How to extend or reset trial period of Softwares
Method 1
Reinstall the program. This is the easiest method, but highly likely that it won’t work mostly on current modern software, as the expiry check algorithm getting sophisticated by keeping the expiry information on started using date and days allowed for try use plus days left in the trial in the registry or in a randomly named file.
Method 2
Adjusting the clock (date and time) of your computer system before starting installation of trial software to future data, or adjusting the clock to past date after expired trial period. Again, this method most likely won’t work.
Method 3
Use a application installation monitoring software or uninstaller software such as Norton Cleansweep, Your Uninstaller! 2006 and Advanced Uninstaller PRO 2006 to keep track and monitor every changes to the system during installation, and then uninstall and revert the shareware completely to remove all traces of trial expiry data.
Method 4
Backup the registry before installation of software, and restore the registry after trial period passed. Only works on those shareware that store protection information in registry, and you will lose some important registry changes by Windows or other applications. Alternatively, use Regmon to monitor registry activity in real-time to identify possible candidates for trial expiry reg keys, and then delete those keys.
Method 5
Reinstall windows, and you can be sure that you can use all trial demo shareware again, as all dummy registry entries and dummy files that store trial information are wiped off.
Method 6
Find a crack, with the help of cracks search engine such as Astalavista. But this is not extending the trial period of software.
Method 7
Search with various search engines such as Google and Yahoo! for application-specific known workarounds.
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
Method 1
Reinstall the program. This is the easiest method, but highly likely that it won’t work mostly on current modern software, as the expiry check algorithm getting sophisticated by keeping the expiry information on started using date and days allowed for try use plus days left in the trial in the registry or in a randomly named file.
Method 2
Adjusting the clock (date and time) of your computer system before starting installation of trial software to future data, or adjusting the clock to past date after expired trial period. Again, this method most likely won’t work.
Method 3
Use a application installation monitoring software or uninstaller software such as Norton Cleansweep, Your Uninstaller! 2006 and Advanced Uninstaller PRO 2006 to keep track and monitor every changes to the system during installation, and then uninstall and revert the shareware completely to remove all traces of trial expiry data.
Method 4
Backup the registry before installation of software, and restore the registry after trial period passed. Only works on those shareware that store protection information in registry, and you will lose some important registry changes by Windows or other applications. Alternatively, use Regmon to monitor registry activity in real-time to identify possible candidates for trial expiry reg keys, and then delete those keys.
Method 5
Reinstall windows, and you can be sure that you can use all trial demo shareware again, as all dummy registry entries and dummy files that store trial information are wiped off.
Method 6
Find a crack, with the help of cracks search engine such as Astalavista. But this is not extending the trial period of software.
Method 7
Search with various search engines such as Google and Yahoo! for application-specific known workarounds.
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
How to Enable Task Manager
Enabling task manage
1)Click Start, Run and type Regedit.exe
* Navigate to the following branch:
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies\ System
* In the right-pane, delete the value named DisableTaskMgr
* Close Regedit.exe
02) * Click Start, Run, type gpedit.msc and click OK.
* Navigate to this branch:
User Configuration / Administrative Templates / System / Ctrl+Alt+Delete Options / Remove Task Manager
* Double-click the Remove Task Manager option.
* Set the policy to Not Configured.
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
1)Click Start, Run and type Regedit.exe
* Navigate to the following branch:
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies\ System
* In the right-pane, delete the value named DisableTaskMgr
* Close Regedit.exe
02) * Click Start, Run, type gpedit.msc and click OK.
* Navigate to this branch:
User Configuration / Administrative Templates / System / Ctrl+Alt+Delete Options / Remove Task Manager
* Double-click the Remove Task Manager option.
* Set the policy to Not Configured.
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
UST Scandal avi.exe Virus
How to remove Funny UST Scandal avi.Exe Virus
Funny UST Virus Activities:
First of all this virus is not funny at all, either it may put yourself in state of embarrassment when it sends some senseless message to your friends in your yahoo messenger buddies.
It creates following files:
Killer.exe in c:\windows\
lsass.exe in c:\documents and settings\all users\start menu\programs\startup
xmss.exe in the root drive of all partitions and also in c:\windows
autorun.inf in all the partitions.
the main file Funny UST Scandal.avi.exe in all the partitions and
Funny UST Scandal.exe in c:\Windows.
Not only this, it also creates the following entries:
HKLM\Software\Microsoft\WindowNT\CurrentVersion\Winlogon\shell HKCU\Software\Microsoft\windows\Currentversion\Run\Runonce
You will find all these or some of these files if your system is infected by this virus.
Fix:
1. Firstly you need to end process running by the virus, for this download process explorer.
killer.exe ,b.lsass.exe ,c.smss.exe
Note: close all those processes that have the same icon of Funny UST Sandal.avi.exe
2. Open Start >> Run and type “cmd” (without quotes) and press enter.
3. Above command will open up command prompt, type “cd\” (without quotes)
4. Type “attrib -h -s smss.exe” (without quotes)
5. Type “attrib -h -s autorun.inf” (without quotes)
6. Repeat step 4 and 5 for all the drives through command prompt (on the root folder)
7. Now open all your drives one by one by typing C: ,D: and so on in the address bar at the top, delete smss.exe,autorun.inf,Funny UST Scandal.avi.exe
8. Open command prompt again by following step 2.
9. Type “cd c:\windows” (without quotes)
10. Type “attrib -h -s smss.exe” (without quotes)and press enter. Type “delete smss.exe” and press enter also type “delete lsass.exe” and press enter.
11. Now Open Start >> Run and type regedit and press enter.
12. Locate these paths one by one in the registry.
HKLM\Software\Microsoft\WindowNT\CurrentVersion\Winlogon\shell
HKCU\Software\Microsoft\windows\Currentversion\Run\Runonce
At these paths, locate the keys which have values as (killer.exe) and (c:\windows\smss.exe). Delete these registry keys.
Done!
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
Funny UST Virus Activities:
First of all this virus is not funny at all, either it may put yourself in state of embarrassment when it sends some senseless message to your friends in your yahoo messenger buddies.
It creates following files:
Killer.exe in c:\windows\
lsass.exe in c:\documents and settings\all users\start menu\programs\startup
xmss.exe in the root drive of all partitions and also in c:\windows
autorun.inf in all the partitions.
the main file Funny UST Scandal.avi.exe in all the partitions and
Funny UST Scandal.exe in c:\Windows.
Not only this, it also creates the following entries:
HKLM\Software\Microsoft\WindowNT\CurrentVersion\Winlogon\shell HKCU\Software\Microsoft\windows\Currentversion\Run\Runonce
You will find all these or some of these files if your system is infected by this virus.
Fix:
1. Firstly you need to end process running by the virus, for this download process explorer.
killer.exe ,b.lsass.exe ,c.smss.exe
Note: close all those processes that have the same icon of Funny UST Sandal.avi.exe
2. Open Start >> Run and type “cmd” (without quotes) and press enter.
3. Above command will open up command prompt, type “cd\” (without quotes)
4. Type “attrib -h -s smss.exe” (without quotes)
5. Type “attrib -h -s autorun.inf” (without quotes)
6. Repeat step 4 and 5 for all the drives through command prompt (on the root folder)
7. Now open all your drives one by one by typing C: ,D: and so on in the address bar at the top, delete smss.exe,autorun.inf,Funny UST Scandal.avi.exe
8. Open command prompt again by following step 2.
9. Type “cd c:\windows” (without quotes)
10. Type “attrib -h -s smss.exe” (without quotes)and press enter. Type “delete smss.exe” and press enter also type “delete lsass.exe” and press enter.
11. Now Open Start >> Run and type regedit and press enter.
12. Locate these paths one by one in the registry.
HKLM\Software\Microsoft\WindowNT\CurrentVersion\Winlogon\shell
HKCU\Software\Microsoft\windows\Currentversion\Run\Runonce
At these paths, locate the keys which have values as (killer.exe) and (c:\windows\smss.exe). Delete these registry keys.
Done!
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
W32.hitapop Virus
How to remove W32.Hitapop virus
Trouble:
It is basically a worm / virus also called hitapop virus/worm. It embeds itself with the userinit action at the startup of the computer and runs certain malicious code as soon as a user logs into the system. This causes downloading of virus like contents and damages to computer software
Fix:
Follow the procedure below:
1. Go to Start > Run, type regedit in the in the Run dialogue box and press enter. This will open the registry editor. To be able to open registry editor you need to have administrator rights, if you don’t have administrator rights, see this post. Even then if the registry editor is not opening,
2. Once you have opened the Registry editor, navigate to the location HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
3. At this path there is a key called userinit. The key is usually set to a value which tells what is to be executed at every time a user logs in. If your computer is infected with some virus, then the value should be something like “Userinit” = “C:\WINDOWS\System32\userinit.exe,rundll32.exe %System%\winsys16_[RANDOM DIGITS].dll start” Note down the above [RANDOM DIGITS] on a piece of paper, we will use it in step 8 to remove virus files.
4. Change it to a value “Userinit” = “C:\WINDOWS\System32\userinit.exe“
5. Exit Registry editor.
6. Go to Start > Run , type cmd and press enter, this will open a command prompt window.
7. On command prompt, type ” attrib -s -r -h c:\windows\system32\winsys16_[RANDOM DIGITS].dll” and press enter. Note that this random number is the number you get in step 3 above.
8.Now type Type “Del c:\windows\system32\winsys16_[RANDOM DIGITS].dll” and press enter. This is also the same random number as in step 3.
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
Trouble:
It is basically a worm / virus also called hitapop virus/worm. It embeds itself with the userinit action at the startup of the computer and runs certain malicious code as soon as a user logs into the system. This causes downloading of virus like contents and damages to computer software
Fix:
Follow the procedure below:
1. Go to Start > Run, type regedit in the in the Run dialogue box and press enter. This will open the registry editor. To be able to open registry editor you need to have administrator rights, if you don’t have administrator rights, see this post. Even then if the registry editor is not opening,
2. Once you have opened the Registry editor, navigate to the location HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
3. At this path there is a key called userinit. The key is usually set to a value which tells what is to be executed at every time a user logs in. If your computer is infected with some virus, then the value should be something like “Userinit” = “C:\WINDOWS\System32\userinit.exe,rundll32.exe %System%\winsys16_[RANDOM DIGITS].dll start” Note down the above [RANDOM DIGITS] on a piece of paper, we will use it in step 8 to remove virus files.
4. Change it to a value “Userinit” = “C:\WINDOWS\System32\userinit.exe“
5. Exit Registry editor.
6. Go to Start > Run , type cmd and press enter, this will open a command prompt window.
7. On command prompt, type ” attrib -s -r -h c:\windows\system32\winsys16_[RANDOM DIGITS].dll” and press enter. Note that this random number is the number you get in step 3 above.
8.Now type Type “Del c:\windows\system32\winsys16_[RANDOM DIGITS].dll” and press enter. This is also the same random number as in step 3.
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
ntdetec1.exe Virus
How to remove ntdetec1.exe virus
Trouble:
Most Common Symptoms Of Ntdetect1.exe Virus are:
1. Task Manager doesn’t open or it is blocked.
2. Regedit or registry editing has been disabled.
3. Folder Options are not visible under File Menu >> Tools
Let us see how we can delete ntdetect1.exe virus.
Fix:
NTdetec1.exe executes itself with the following name list process.
\ntdetec1\ntdetec1.exe
\ntdetec1\cmrss.exe
\ntdetec1\run.exe
\ntdetec1\shell32.exe
Removal Procedure For Ntdetec1.exe
1. Open Start >> Run and type cmd and press enter.
2. Type the following commands :
taskkill /im cmrss.exe
taskkill /im ntdetec1.exe
taskkill /im shell32.exe
Note: Make sure you are in the operating system drive at your command prompt
run the following command.
attrib ntdetec1 -s -h /s /d
3. Locate the folder ntdetec1 in your operating system root directory and delete it permanently.
But you will need to delete the registry key associated with the virus (if it is present). For this go to Start > Run. Type regedit in run window and press enter. This will open registry editor. Locate the key as shown below and delete it.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\ Run\"winlogon" = "C:\ntdetec1\run.exe"
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
Trouble:
Most Common Symptoms Of Ntdetect1.exe Virus are:
1. Task Manager doesn’t open or it is blocked.
2. Regedit or registry editing has been disabled.
3. Folder Options are not visible under File Menu >> Tools
Let us see how we can delete ntdetect1.exe virus.
Fix:
NTdetec1.exe executes itself with the following name list process.
\ntdetec1\ntdetec1.exe
\ntdetec1\cmrss.exe
\ntdetec1\run.exe
\ntdetec1\shell32.exe
Removal Procedure For Ntdetec1.exe
1. Open Start >> Run and type cmd and press enter.
2. Type the following commands :
taskkill /im cmrss.exe
taskkill /im ntdetec1.exe
taskkill /im shell32.exe
Note: Make sure you are in the operating system drive at your command prompt
run the following command.
attrib ntdetec1 -s -h /s /d
3. Locate the folder ntdetec1 in your operating system root directory and delete it permanently.
But you will need to delete the registry key associated with the virus (if it is present). For this go to Start > Run. Type regedit in run window and press enter. This will open registry editor. Locate the key as shown below and delete it.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\ Run\"winlogon" = "C:\ntdetec1\run.exe"
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
newfolder.exe virus
How to remove Newfolder.exe virus
Trouble:
New Folder.exe virus disables task manager, disables registry editor, disables folder options, and disables run option from start menu. Virus creates exe files like the icon of folders with the same name as the name of the folder, it also consumes more than 50 % of your processor usage so slows down your computer.
Fix:
In order to remove the newfolder.exe virus you can use two types of tools, again there is a manual procedure also but the tools mentioned below are much better:
Tools to remove Newfolder.exe virus
1. Newfolder virus removal tool by Muhammad Abdullah. Download
2. Newfolder Virus removal tool by Albin. Download
Both of these are executable files, download any one of them and run the file by double-clicking on it, it will clean the virus.
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
Trouble:
New Folder.exe virus disables task manager, disables registry editor, disables folder options, and disables run option from start menu. Virus creates exe files like the icon of folders with the same name as the name of the folder, it also consumes more than 50 % of your processor usage so slows down your computer.
Fix:
In order to remove the newfolder.exe virus you can use two types of tools, again there is a manual procedure also but the tools mentioned below are much better:
Tools to remove Newfolder.exe virus
1. Newfolder virus removal tool by Muhammad Abdullah. Download
2. Newfolder Virus removal tool by Albin. Download
Both of these are executable files, download any one of them and run the file by double-clicking on it, it will clean the virus.
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
How to Enable Regedit
Go to Run --> type gpedit.msc --->User Configuration ---> Administrative Templates --> system ----> double click on "" prevent access to registry editing tools ""
Either it may be 'Enabled' or 'Not Configured'...
if it is in Not Configured state just turn it to Disabled state..
If it is in enabled state turn it to Not Configured/Disable state....
Apply ... Ok
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
Either it may be 'Enabled' or 'Not Configured'...
if it is in Not Configured state just turn it to Disabled state..
If it is in enabled state turn it to Not Configured/Disable state....
Apply ... Ok
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
Monday, April 6, 2009
Virus Information
Viruses have been a thorn in the side of PC users since the late 1980's. The first computer virus was discovered in 1981 and was believed to have been spawned at Texas A&M. It is hard to estimate the number of viruses in the wild because new viruses are being created constantly. It is safe to say there are thousands of viruses currently active. Prior to the popularity of the Internet most viruses were spread on floppy disks.
Virus Types
There are many different types of viruses. As new tools are developed to combat viruses, virus writers come up with new ways to spread their creations. Some of the most common virus types are:
Basic - A basic virus is software created to attack computers via email or the Internet. Once a machine is infected it begins to infect other machines across the Internet. It may also attach itself to files stored on the computer's hard drive.
Trojan Horse - A trojan horse allows the creator to access your PC and steal data or use your PC for other activities. This is done by opening a 'back door' on your computer which the virus creator knows how to access. Trojan horses may or may not attach themselves to files on your hard drive.
Worm - A worm is similar to a basic virus in that it infects computers across a network or the Internet. Where worms differ is their ability to constantly spread. Worms can infect a computer without the user receiving an email or browsing the Internet. The best protection against worms is a firewall.
Combination - Beginning in the summer of 2003 viruses started to appear with all the characteristics of the above virus types. The 'SoBig' virus infected 1 out of every 2 emails sent at its height.
Worms and combination are currently the most rampant viruses on the
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
Virus Types
There are many different types of viruses. As new tools are developed to combat viruses, virus writers come up with new ways to spread their creations. Some of the most common virus types are:
Basic - A basic virus is software created to attack computers via email or the Internet. Once a machine is infected it begins to infect other machines across the Internet. It may also attach itself to files stored on the computer's hard drive.
Trojan Horse - A trojan horse allows the creator to access your PC and steal data or use your PC for other activities. This is done by opening a 'back door' on your computer which the virus creator knows how to access. Trojan horses may or may not attach themselves to files on your hard drive.
Worm - A worm is similar to a basic virus in that it infects computers across a network or the Internet. Where worms differ is their ability to constantly spread. Worms can infect a computer without the user receiving an email or browsing the Internet. The best protection against worms is a firewall.
Combination - Beginning in the summer of 2003 viruses started to appear with all the characteristics of the above virus types. The 'SoBig' virus infected 1 out of every 2 emails sent at its height.
Worms and combination are currently the most rampant viruses on the
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
Wednesday, April 1, 2009
Computer Problems and Solutions
21 Tips for increasing XP performance.
1] Your Pc Must have 256MB RAM , 512 MB Cache , Intel Pentium 4 Processor, 40 GB HDD. These are the minimum requirements.
2] If you see a 'virtual memory low' message then increase its virtual memory. To increase virtual memory,
Go to My Computer->Properties->Advanced->Performance Settings->Advanced->Virtual Memory->Change->Select the appropriate drive->Custom size->set appropriate level(our it is 600(min.) & 700(max.)->Ok.
3] Increase 'Visual Performance'. Go to My Computer->Properties->Advanced->Performance Settings->Visual Settings->Custom->Select only the following options.
a)Slide taskbar buttons.
b)Smooth edges of screen fonts.
c)Smooth-scroll list boxes.
d)Use a background image for each folder type.
e)Use visual style on windows and buttons.
4] Don't keep unwanted/extra fonts. To remove extra fonts, Go to Start->Settings->Control Panel->Fonts.
5] Your Desktop Wallpaper & Screensaver consume a large amount of disk space. Select the 'None' option for both wallpapers & Screensavers.
6] Avoid keeping DEMO Games.
7] Uninstall the unwanted Softwares.
8] Use Registry Cleaner to keep your registry clean(without errors).
9] Try to keep Music and pictures files in the folder specified by windows itself.
10]Use Hybernating Option for Quick windows start. To active Hybernating follow the following steps.
Desktop->Properties->Screensaver->Power->Hybernating->Enable Hybernating->Ok.
11] Keep your Dektop clean with unwanted icons.
12] Use Intel Application Accelerator to speed up your disk access,
13] Memory management (at least 512MB RAM Required). This allow XP to keep data in Memory instead of paging section of RAM.
Go to->Start->Run->regedit->HKEY_LOCAL_MACHINE->SYSTEM->CurrentControlSet->Control->Session Manager->Memory Management->Double click it->DisablePageingExecutive->Double Clik it->Set value to 1.
14] Disable Yahoo Messenger, Google Talk, and other unwanted programs from startup. (You can use registry editior
16] For Windows XP, You must use NTFS partition. FAT partition is less supportive for Windows XP.
17] In BIOS, Select first booting device as your HDD.
18] Setting Priority High for a particular program.
Open Task Manager->Processes->Select the desired Program->Right Click->Set Priority->High->Ok.
This Priority set if for current session. Once you restart your system then its priority will again be Normal.
19] Keep deleting your Temporary Internet Files in regular intervals.
Go to Windows Drive (c: or d:)->Select the User->Local Settings->Temporary Internet Files
20] Empty your browser's cache in regular intervals.
21] Avoid keeping Movies in your PC.
To disable the stupid feature in WinXP which tries to send a report to microsoft every time a program crashes you will have to do this:
*************************************************************************
Open Control Panel
Click on Preformance and Maintenance.
Click on System.
Then click on the Advanced tab
Click on the error reporting button on the bottom of the windows.
Select Disable error reporting.
Click OK
Click OK
*************************************************************************
Windows Xp: Speed Up Your, Speed Up Your Network and Internet Access
I have a dial up connection and it improve my speeds about 25% in surfing the internet. give it a try. Im IT , only do it if you feel comfortable with changing registry.
Increasing network browsing speed
Does your computer slow down when you browse your local area network and connect to other computers that are sharing data? One of the most common causes of this slowdown is a feature of Windows Explorer that looks for scheduled tasks on remote computers. This effort can take some time on some computers and can really slow down your browsing. The window with which you are browsing the network may appear to freeze momentarily, as the system is waiting for a response from the remote computer.
Windows XP: Speeding Disk Access
Although this problem is a complex one, the solution is very simple. Instead of having to wait for the remote scheduled tasks, which is useless information to anyone who is not a system administrator remotely configuring scheduled tasks, you can disable this feature.
In order to do this, you will have to change the System Registry and delete a reference to a key so that this feature will not be loaded. To do this, follow these steps:
1. Open up the Registry Editor by clicking the Start Menu and selecting Run. Then type regedit in the text box and click the OK button.
2. Once the Registry Editor has loaded, expand the HKEY_LOCAL_MACHINE key.
3. Next, expand Software and then Microsoft.
4. Locate Windows and expand that as well.
5. You will want to be editing the main system files, so expand CurrentVersion.
6. Because this feature is a feature of the Windows component known as Explorer, expand the Explorer key.
7. Next, you will want to modify the remote computer settings, so expand the RemoteComputer key and then expand the NameSpace key to show all of the features that are enabled when you browse to a remote computer.
8. In the NameSpace folder you will find two entries. One is "{2227A280-3AEA-1069-A2DE-08002B30309D}" which tells Explorer to show printers shared on the remote machine. The other, "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}," tells Explorer to show remote scheduled tasks. This is the one that you should delete. This can be done by right-clicking the name of the key and selecting Delete.
Tip:
If you have no use for viewing remote shared printers and are really only interested in shared files, consider deleting the printers key, "{2227A280-3AEA-1069-A2DE-08002B30309D}", as well. This will also boost your browsing speed.
Once you have deleted the key, you just need to restart and the changes will be in effect. Now your network computer browsing will be without needless delays.
Want To Download Torrent File By Using Google
Simple way...just type:
*ur file name* filetype:torrent
You must not write ( * ) when you search....
Eksample:
ANTIVIRUS KASPERSKY filetype:torrent
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
1] Your Pc Must have 256MB RAM , 512 MB Cache , Intel Pentium 4 Processor, 40 GB HDD. These are the minimum requirements.
2] If you see a 'virtual memory low' message then increase its virtual memory. To increase virtual memory,
Go to My Computer->Properties->Advanced->Performance Settings->Advanced->Virtual Memory->Change->Select the appropriate drive->Custom size->set appropriate level(our it is 600(min.) & 700(max.)->Ok.
3] Increase 'Visual Performance'. Go to My Computer->Properties->Advanced->Performance Settings->Visual Settings->Custom->Select only the following options.
a)Slide taskbar buttons.
b)Smooth edges of screen fonts.
c)Smooth-scroll list boxes.
d)Use a background image for each folder type.
e)Use visual style on windows and buttons.
4] Don't keep unwanted/extra fonts. To remove extra fonts, Go to Start->Settings->Control Panel->Fonts.
5] Your Desktop Wallpaper & Screensaver consume a large amount of disk space. Select the 'None' option for both wallpapers & Screensavers.
6] Avoid keeping DEMO Games.
7] Uninstall the unwanted Softwares.
8] Use Registry Cleaner to keep your registry clean(without errors).
9] Try to keep Music and pictures files in the folder specified by windows itself.
10]Use Hybernating Option for Quick windows start. To active Hybernating follow the following steps.
Desktop->Properties->Screensaver->Power->Hybernating->Enable Hybernating->Ok.
11] Keep your Dektop clean with unwanted icons.
12] Use Intel Application Accelerator to speed up your disk access,
13] Memory management (at least 512MB RAM Required). This allow XP to keep data in Memory instead of paging section of RAM.
Go to->Start->Run->regedit->HKEY_LOCAL_MACHINE->SYSTEM->CurrentControlSet->Control->Session Manager->Memory Management->Double click it->DisablePageingExecutive->Double Clik it->Set value to 1.
14] Disable Yahoo Messenger, Google Talk, and other unwanted programs from startup. (You can use registry editior
16] For Windows XP, You must use NTFS partition. FAT partition is less supportive for Windows XP.
17] In BIOS, Select first booting device as your HDD.
18] Setting Priority High for a particular program.
Open Task Manager->Processes->Select the desired Program->Right Click->Set Priority->High->Ok.
This Priority set if for current session. Once you restart your system then its priority will again be Normal.
19] Keep deleting your Temporary Internet Files in regular intervals.
Go to Windows Drive (c: or d:)->Select the User->Local Settings->Temporary Internet Files
20] Empty your browser's cache in regular intervals.
21] Avoid keeping Movies in your PC.
To disable the stupid feature in WinXP which tries to send a report to microsoft every time a program crashes you will have to do this:
*************************************************************************
Open Control Panel
Click on Preformance and Maintenance.
Click on System.
Then click on the Advanced tab
Click on the error reporting button on the bottom of the windows.
Select Disable error reporting.
Click OK
Click OK
*************************************************************************
Windows Xp: Speed Up Your, Speed Up Your Network and Internet Access
I have a dial up connection and it improve my speeds about 25% in surfing the internet. give it a try. Im IT , only do it if you feel comfortable with changing registry.
Increasing network browsing speed
Does your computer slow down when you browse your local area network and connect to other computers that are sharing data? One of the most common causes of this slowdown is a feature of Windows Explorer that looks for scheduled tasks on remote computers. This effort can take some time on some computers and can really slow down your browsing. The window with which you are browsing the network may appear to freeze momentarily, as the system is waiting for a response from the remote computer.
Windows XP: Speeding Disk Access
Although this problem is a complex one, the solution is very simple. Instead of having to wait for the remote scheduled tasks, which is useless information to anyone who is not a system administrator remotely configuring scheduled tasks, you can disable this feature.
In order to do this, you will have to change the System Registry and delete a reference to a key so that this feature will not be loaded. To do this, follow these steps:
1. Open up the Registry Editor by clicking the Start Menu and selecting Run. Then type regedit in the text box and click the OK button.
2. Once the Registry Editor has loaded, expand the HKEY_LOCAL_MACHINE key.
3. Next, expand Software and then Microsoft.
4. Locate Windows and expand that as well.
5. You will want to be editing the main system files, so expand CurrentVersion.
6. Because this feature is a feature of the Windows component known as Explorer, expand the Explorer key.
7. Next, you will want to modify the remote computer settings, so expand the RemoteComputer key and then expand the NameSpace key to show all of the features that are enabled when you browse to a remote computer.
8. In the NameSpace folder you will find two entries. One is "{2227A280-3AEA-1069-A2DE-08002B30309D}" which tells Explorer to show printers shared on the remote machine. The other, "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}," tells Explorer to show remote scheduled tasks. This is the one that you should delete. This can be done by right-clicking the name of the key and selecting Delete.
Tip:
If you have no use for viewing remote shared printers and are really only interested in shared files, consider deleting the printers key, "{2227A280-3AEA-1069-A2DE-08002B30309D}", as well. This will also boost your browsing speed.
Once you have deleted the key, you just need to restart and the changes will be in effect. Now your network computer browsing will be without needless delays.
Want To Download Torrent File By Using Google
Simple way...just type:
*ur file name* filetype:torrent
You must not write ( * ) when you search....
Eksample:
ANTIVIRUS KASPERSKY filetype:torrent
SRC="http://bdv.bidvertiser.com/BidVertiser.dbm?pid=243097%26bid=593335"
type="text/javascript">
Subscribe to:
Posts (Atom)