Sunday, June 22, 2008
HackCleaner
This great little freebie does an excellent job cleaning out many different kinds of junk from your PC, including cookies, many kinds of temporary files, Internet toolbars (called Browser Helper Objects, or BHOs), and unnecessary DLLs. It even includes a tool that will free up system RAM by moving data from RAM to a page file on your hard disk, to increase performance.The program also includes a nice security tool as well. It will automatically block any BHOs from being installed on your PC--a good thing, because some are spyware or malicious software.Download HackCleaner.
How viruses spoof the from-address in emails
You have effective anti-virus software, so your computer is clean,
You send an email to Fred,
Now your email address is in Fred's address book in his email software,
Fred does not have effective anti-virus software, and his computer has a virus,
The virus on Fred's computer scans his address book for all of the email addresses on it,
The virus sends email to every address on Fred's address book,
The virus emails do not say they are from Fred!, The virus pics another addresses from Fred's address book and puts it in the 'From field' in the outgoing email. The virus may combine the name from one address and the domain from another, creating a 'from address' that does not exist.
These emails are received by other computers, which detect the virus (because they have good anti virus software) and reject the email,
When the receiving computer rejects the viruses email it sends an 'Undeliverable' to the sender e.g. something like 'Subject: /Delivery Notification: Delivery has failed'.
But! the 'Undeliverable' note goes to the spoofed from address (not to Fred) e.g. the 'Undeliverable' note could be sent to you.
Often there is no trace of Fred's real address in the virus email or the 'Undeliverable' note, so you can not tell who's infected computer is sending these emails.
The solution: Make sure you have good anti-virus software and tell everyone you know to do the same.
You send an email to Fred,
Now your email address is in Fred's address book in his email software,
Fred does not have effective anti-virus software, and his computer has a virus,
The virus on Fred's computer scans his address book for all of the email addresses on it,
The virus sends email to every address on Fred's address book,
The virus emails do not say they are from Fred!, The virus pics another addresses from Fred's address book and puts it in the 'From field' in the outgoing email. The virus may combine the name from one address and the domain from another, creating a 'from address' that does not exist.
These emails are received by other computers, which detect the virus (because they have good anti virus software) and reject the email,
When the receiving computer rejects the viruses email it sends an 'Undeliverable' to the sender e.g. something like 'Subject: /Delivery Notification: Delivery has failed'.
But! the 'Undeliverable' note goes to the spoofed from address (not to Fred) e.g. the 'Undeliverable' note could be sent to you.
Often there is no trace of Fred's real address in the virus email or the 'Undeliverable' note, so you can not tell who's infected computer is sending these emails.
The solution: Make sure you have good anti-virus software and tell everyone you know to do the same.
Prevent Virus Attacks
You must run quality security software on your computers to protect your work and private data from viruses, spy ware, and other security threats. When it comes to security, there is no substitute for quality. See below our recommended quality solutions. If any of the following is difficult for you, get an IT Expert to do it for you. You must do the following or risk all of your work/data being compromised (think of it as locking your front door):
Get good anti virus software e.g. one of the below.Recommended anti virus software:- AVG - Our most recommended anti virus software.- Norton Anti virus- McAffee Anti Virus- Sophos Anti VirusBe sure to regularly update your 'virus definitions' e.g. once per week
Install a quality FirewallThere are many firewalls available, some good, some bad. Our recommendation is the FREE zone alarm. They provide a paid version with extra tools (of course), but we think the free firewall-only option is fine. Its getting harder on their site to see the free one (so look carefully!). At time of writing, go here, scroll down and click the free option. If the above link doesn't work, start looking from the Zone Alarm front page.
Install an anti-spy ware applicationThere are many available, some good, some bad. Our recommendation is the FREE: Spybot - Search & Destroy. Download here, and find Spybot info here.
Email Attachments: BEWARE OF ATTACHMENTS. Do not open email attachments you are not expecting. Viruses come with some very nasty messages to trick you into opening the attachment e.g. "Your email account has been canceled, see attachment for details". Even worse, the virus looks like it comes from an email address you recognize e.g. from admin@yourDomain.com (where 'your domain' is the domain name that you use). Virus attachments can have the following 'file extension': .exe, .pif. If you receive a .zip attachment and open it - make sure it doesn't contain a file with one of those extensions. Do not open attachments you haven't requested, even if they appear to be from people you know.
Get good anti virus software e.g. one of the below.Recommended anti virus software:- AVG - Our most recommended anti virus software.- Norton Anti virus- McAffee Anti Virus- Sophos Anti VirusBe sure to regularly update your 'virus definitions' e.g. once per week
Install a quality FirewallThere are many firewalls available, some good, some bad. Our recommendation is the FREE zone alarm. They provide a paid version with extra tools (of course), but we think the free firewall-only option is fine. Its getting harder on their site to see the free one (so look carefully!). At time of writing, go here, scroll down and click the free option. If the above link doesn't work, start looking from the Zone Alarm front page.
Install an anti-spy ware applicationThere are many available, some good, some bad. Our recommendation is the FREE: Spybot - Search & Destroy. Download here, and find Spybot info here.
Email Attachments: BEWARE OF ATTACHMENTS. Do not open email attachments you are not expecting. Viruses come with some very nasty messages to trick you into opening the attachment e.g. "Your email account has been canceled, see attachment for details". Even worse, the virus looks like it comes from an email address you recognize e.g. from admin@yourDomain.com (where 'your domain' is the domain name that you use). Virus attachments can have the following 'file extension': .exe, .pif. If you receive a .zip attachment and open it - make sure it doesn't contain a file with one of those extensions. Do not open attachments you haven't requested, even if they appear to be from people you know.
DELETING REGISTRY KEYS FROM COMMAND LINE
There are two ways to delete a key from the Registry from the Command line. At the Windows Command line:RegEdit /l location of System.dat /R location of User.dat /D Registry key to deleteYou cannot be in Windows at the time you use this switch.Or you can create a reg file as such:REGEDIT4[-HKEY_LOCAL_MACHINE\the key you want to delete]Note the negative sign just behind the[Then at the Command line type:1. RegEdit C:\Windows\(name of the regfile).
Finding IP adress of the mail sender
Yahoo !Log into your Yahoo! mail with your username and password.Click on Inbox or whichever folder you have stored your mail.Open the mail.If you do not see the headers above the mail message, your headers are not displayed . To display the headers,Click on Options on the top-right cornerIn the Mail Options page, click on General PreferencesScroll down to Messages where you have the Headers optionMake sure that Show all headers on incoming messages is selectedClick on the Save buttonGo back to the mails and open that mail.You should see similar headers like this:Yahoo! headers : Daniel.Look for Received: from followed by the IP address between square brackets [ ]. Here, it is 202.65.138.109.That is be the IP address of the sender!GmailWhen you receive an email, you receive more than just the message. The email comes with headers that carry important information that can tell where the email was sent from and possibly who sent it. For that, you would need to find the IP address of the sender. The tutorial below can help you find the IP address of the sender.Log into your Gmail account with your username and password.Open the mail.To display the headers,Click on More options corresponding to that thread. You should get a bunch of links. Click on Show original You should get headers like this:Gmail headers : DanielLook for Received: from followed by a few hostnames and an IP address between square brackets. In this case, it is 65.119.112.245. That is be the IP address of the sender!!NOTE:=This will not work if the sender uses anonymous proxy servers.HotmailLog into your Hotmail account with your username and password.Click on the Mail tab on the top.Open the mail.If you do not see the headers above the mail message, your headers are not displayed . To display the headers,Click on Options on the top-right cornerIn the Mail Options page, click on Mail Display SettingsIn Message Headers, make sure Advanced option is checked.Click on Ok buttonGo back to the mails and open that mail.If you find a header with X-Originating-IP: followed by an IP address, that is the sender's IP addressHotmail headers : Delano ,In this case the IP address of the sender is [68.34.60.59]. This is be the IP address of the sender.If you find a header with Received: from followed by a Gmail proxy like thisHotmail headers : DelanoLook for Received: from followed by IP address within square brackets[]. In this case, the IP address of the sender is [69.140.7.58].Or else if you have headers like thisHotmail headers : DelanoLook for Received: from followed by IP address within square brackets[].In this case, the IP address of the sender is [61.83.145.129] .If you have multiple Received: from headers, eliminate the ones that have proxy.anyknownserver.com.
Folder option missing in Widows XP
After a virus attack in one of my client machines, the folder options from the windows explorer was missing and we were unable to show all the files including the hidden ones. So here’s what I did to restore it back:Go to Run –>gpedit.mscUser Configuration –> Administrative Templates –> Windows Components –> Windows ExplorerEnable and then Disable “Removes Folder Options menu from Tools menu”Close all windows explorer windows and then open again.. most probably your folder options is back
Deleting undeletable file(s)
Open a Command Prompt window and leave it open.Close all open programs.Click Start, Run and enter TASKMGR.EXEGo to the Processes tab and End Process on Explorer.exe.Leave Task Manager open.Go back to the Command Prompt window and change to the directory the AVI (or other undeletable file) is located in.At the command prompt type DEL where is the file you wish to delete.Go back to Task Manager, click File, New Task and enter EXPLORER.EXE to restart the GUI shell.Close Task Manager.Or you can try thisOpen Notepad.exeClick File>Save As..>locate the folder where ur undeletable file isChoose 'All files' from the file type boxclick once on the file u wanna delete so its name appears in the 'filename' boxput a " at the start and end of the filename(the filename should have the extension of the undeletable file so it will overwrite it)click save,It should ask u to overwrite the existing file, choose yes and u can delete it as normalHere's a manual way of doing it. I'll take this off once you put into your first post zain.1. Start2. Run3. Type: command4. To move into a directory type: cd c:\*** (The stars stand for your folder)5. If you cannot access the folder because it has spaces for example Program Files or Kazaa Lite folder you have to do the following. instead of typing in the full folder name only take the first 6 letters then put a ~ and then 1 without spaces. Example: cd c:\progra~1\kazaal~16. Once your in the folder the non-deletable file it in type in dir - a list will come up with everything inside.7. Now to delete the file type in del ***.bmp, txt, jpg, avi, etc... And if the file name has spaces you would use the special 1st 6 letters followed by a ~ and a 1 rule. Example: if your file name was bad file.bmp you would type once in the specific folder thorugh command, del badfil~1.bmp and your file should be gone. Make sure to type in the correct extension.
Use system restore without loading windows
What if your system begin to malfunction at the middle of the road while you were playing with computer.. and what if you are not able to load windows.. then only alternative is to use system restore.. but.. how will you load system restore without loading windows..If you have enabled System Restore, you can use it when you fails to boot into Windows.How to do:Restart your computer.Press F8 before the Windows Logo displays. (Keep pressing F8 from the starting itself)Then the Windows Boot Menu displays.Select Safemode With Command Prompt and hit Enter.Windows loads to Command Prompt.Then type the following:%systemroot%\system32\restore\rstrui.exe and hit Enter.That loads the System Restore window. Continue as usual restoration.
How to remove the virus " Orkut is Banned
How to remove the virus " Orkut is Banned , You Fool. The administrators didnt write this program..guess who??Muhahahah .. "
Trying to open orkut on your PC ?? Is your PC giving you a popup message " Orkut is banned you fool , the administrators didn't write the program .. guess who ?? Muhahahah ... " . Irritiated by this ?? Some of my reader has got this problem and he sent me a message asking for help . Here is the solution :
About the virus :
The name of the virus is W32/AHKHeap , It basically creates a folder with the name heap41a in C drive that will be disguised as system folder with hidden attributes enabled and copies all its contents in that heap41a folder.The running process that is responsible for this is svchost.exe and it will be spawned under user name.The virus will even make a entry into your registry so that it can run every time the system is started . This spreads mostly through pen drives .
How to get Rid of this :
Most of the antivirus leave this virus unnoticed . I personally tried 3-4 antivirus on this . None of them detected it. So you have to remove it manually .
Go to your task manager by pressing ctrl + alt + del .In that go to processes tab .
In that look for svchost.exe . You might find more than one of them . In that look for those who have user name as your login name of computer and end those processes .
Now open My ComputerIn the address bar, type C:\heap41a and hit enter. It is a hidden folder, and is not visible by default.Delete all the files in this folder .
Now go to Start –> Run and type Regedit , Go to the menu Edit –> FindType “heap41a” here and press enter. You will get something like this “[winlogon] C:\heap41a\svchost.exe C:\heap(some number)\std.txt”Select that and Press DEL. It will ask “Are you sure you want to delete this value”, click Yes. Now close the registry editor and you are done .
Precaution :
Before inserting any kinda pen drive in your pc , just delte the autorun.inf file in it and delete any .exe files that exist in it
Trying to open orkut on your PC ?? Is your PC giving you a popup message " Orkut is banned you fool , the administrators didn't write the program .. guess who ?? Muhahahah ... " . Irritiated by this ?? Some of my reader has got this problem and he sent me a message asking for help . Here is the solution :
About the virus :
The name of the virus is W32/AHKHeap , It basically creates a folder with the name heap41a in C drive that will be disguised as system folder with hidden attributes enabled and copies all its contents in that heap41a folder.The running process that is responsible for this is svchost.exe and it will be spawned under user name.The virus will even make a entry into your registry so that it can run every time the system is started . This spreads mostly through pen drives .
How to get Rid of this :
Most of the antivirus leave this virus unnoticed . I personally tried 3-4 antivirus on this . None of them detected it. So you have to remove it manually .
Go to your task manager by pressing ctrl + alt + del .In that go to processes tab .
In that look for svchost.exe . You might find more than one of them . In that look for those who have user name as your login name of computer and end those processes .
Now open My ComputerIn the address bar, type C:\heap41a and hit enter. It is a hidden folder, and is not visible by default.Delete all the files in this folder .
Now go to Start –> Run and type Regedit , Go to the menu Edit –> FindType “heap41a” here and press enter. You will get something like this “[winlogon] C:\heap41a\svchost.exe C:\heap(some number)\std.txt”Select that and Press DEL. It will ask “Are you sure you want to delete this value”, click Yes. Now close the registry editor and you are done .
Precaution :
Before inserting any kinda pen drive in your pc , just delte the autorun.inf file in it and delete any .exe files that exist in it
How to test your firewall
The firewall is our gateway to the Internet. It is a piece of software or hardware that manages Internet connections to and from your computer. It monitors the applications that try to initiate connection with your computer from the Internet, and it controls which programs are allowed to use the Internet.
Nowadays, Internet users are exposed to several kinds of Internet threats, such as software vulnerabilities, automated worms, viruses and random Internet attackers. Properly configured personal firewalls are the first line of defense to answer these threats.But how do you test your personal firewall? Security researchers have developed small, non-destructive, leak testers, that deliberately attempt to test different firewall capabilities. The idea behind them is simple: if the test can bypass your computer’s security, then so can a hacker.
There are many leak-testing programs available. Each one designed to test a particular flaw and each using a particular technique to bypass a firewall’s standard protection mechanisms. We’ve compiled a list of tools we believe will be of value to both home users and advance users.
PCFlank Leaktest - PCFlank Leaktest is a small utility that tests any firewall’s ability to protect against unauthorized or illegal transmissions of data from a user’s computer that is connected to the Internet. It uses a special technique to impersonate another program, which your firewall has been set to trust.
Breakout - Breakout sends to the IE’s or Firefox’s address bar the URL to launch, via the ‘SendMessage’ Windows API. No code is injected. Usually very hard to detect by firewalls. If the test is a success, this means that your firewall does not check for the ‘messages’ sent to your applications windows.
DNSTester - Starting from Windows 2000, a Windows service DNS client is running and handles all DNS requests. Thus, all DNS requests coming from various applications will be transmitted to the DNS client which will, itself, do the DNS request. This feature can be used to transmit data to a remote computer by crafting a special DNS request without the firewalls notice it. DNStester uses this kind of DNS recursive request to bypass your firewall.
MBTest - MBtest send packets directly to the network interface to try to bypass firewall. To do this, it sends differents kind of packet of different size/protocoles/type. If the test is a success, this means that your firewall is stuck in high level network and doesn’t check low level.
Atelier Web Firewall Tester - AWFT probes the protection provided by your Personal Firewall software using six different tests. Each test uses a different technique for gaining access to the outside world. Techniques are differently rated, according to their sophistication, and your Personal Firewall is doing a great job if is able to score 10 points in total.
ZABypass - Originaly was developed to bypass old versions of ZoneAlarm, but it may work against many other firewalls today. It uses a special technique called Direct Data Exchange to transfer data between Internet Explorer and the Internet.
FireHole - FireHole attempts to launch the default web browser, inject its own DLL and try to establish a connection to the Internet.
Thermite - Thermite injects it’s code into the target process directly, by creating an additional malicious thread within that process. If the test is a success, this means that your firewall is vulnerable to process injection.
Leak tests are designed to help identify security flaws and provide the invaluable function of informing the user whether or not their firewall is providing adequate protection. Unfortunately, malware programs are evolving rapidly. Many of such programs (will) have very advanced techniques to conceal their malicious activities so that they easily bypass firewalls and other protection mechanisms.
Nowadays, Internet users are exposed to several kinds of Internet threats, such as software vulnerabilities, automated worms, viruses and random Internet attackers. Properly configured personal firewalls are the first line of defense to answer these threats.But how do you test your personal firewall? Security researchers have developed small, non-destructive, leak testers, that deliberately attempt to test different firewall capabilities. The idea behind them is simple: if the test can bypass your computer’s security, then so can a hacker.
There are many leak-testing programs available. Each one designed to test a particular flaw and each using a particular technique to bypass a firewall’s standard protection mechanisms. We’ve compiled a list of tools we believe will be of value to both home users and advance users.
PCFlank Leaktest - PCFlank Leaktest is a small utility that tests any firewall’s ability to protect against unauthorized or illegal transmissions of data from a user’s computer that is connected to the Internet. It uses a special technique to impersonate another program, which your firewall has been set to trust.
Breakout - Breakout sends to the IE’s or Firefox’s address bar the URL to launch, via the ‘SendMessage’ Windows API. No code is injected. Usually very hard to detect by firewalls. If the test is a success, this means that your firewall does not check for the ‘messages’ sent to your applications windows.
DNSTester - Starting from Windows 2000, a Windows service DNS client is running and handles all DNS requests. Thus, all DNS requests coming from various applications will be transmitted to the DNS client which will, itself, do the DNS request. This feature can be used to transmit data to a remote computer by crafting a special DNS request without the firewalls notice it. DNStester uses this kind of DNS recursive request to bypass your firewall.
MBTest - MBtest send packets directly to the network interface to try to bypass firewall. To do this, it sends differents kind of packet of different size/protocoles/type. If the test is a success, this means that your firewall is stuck in high level network and doesn’t check low level.
Atelier Web Firewall Tester - AWFT probes the protection provided by your Personal Firewall software using six different tests. Each test uses a different technique for gaining access to the outside world. Techniques are differently rated, according to their sophistication, and your Personal Firewall is doing a great job if is able to score 10 points in total.
ZABypass - Originaly was developed to bypass old versions of ZoneAlarm, but it may work against many other firewalls today. It uses a special technique called Direct Data Exchange to transfer data between Internet Explorer and the Internet.
FireHole - FireHole attempts to launch the default web browser, inject its own DLL and try to establish a connection to the Internet.
Thermite - Thermite injects it’s code into the target process directly, by creating an additional malicious thread within that process. If the test is a success, this means that your firewall is vulnerable to process injection.
Leak tests are designed to help identify security flaws and provide the invaluable function of informing the user whether or not their firewall is providing adequate protection. Unfortunately, malware programs are evolving rapidly. Many of such programs (will) have very advanced techniques to conceal their malicious activities so that they easily bypass firewalls and other protection mechanisms.
Batch file to exe converter (windows inbuilt software)
Do you no that u already hav a batch/vbs to exe converter on ur comp?thats if u hav windows lolololFollow these stepsStep 1Navigate to C:\Windows\System32 and locate the file named IEXPRESS.EXEStep 2Double Click to launch IEXPRESS.EXEStep 3You will be presented with the initial welcome screen and be given two choices. Select “Create new Self Extraction Directive file.” Click Next.Step 4 Next you will be presented with the Package Purpose screen. For our purposes select “Extract Files and run an installation command” and click the Next button.Step 5 You will be presented with the Package Title screen, which will give you the opportunity to give your project a name. If you are so inclined give it a meaningful name. If like me you are never going to come back to this, name it whatever you want.Step 6You will next be presented with the Confirmation Prompt Screen. We would like the batch file to just be extracted and run so just choose “No Prompt” and click the Next Button.Step 7 You are presented with the License Agreement window. If you don’t want your users to have to answer a prompt select “Do not display a license.”Step 8 The Packaged Files window is where you will select your batch file (or .vbs). Click the Add button and browse to your desired file. Then click next.Step 9 Here you are presented with a window titled Install Program to Launch. Use the drop down control next to “Install Program and choose the only option that will be present, the .bat or .vbs file that you chose in the previous window.Step 10The Show Window screen is next. I didn’t want my users to be prompted in any way so I chose Hidden. Click Next.Step 11No Finished Message for my users. Select “No message” and choose Next.Step 12The Package Name and Options window is where the new .exe specified. Type in a path or browse to the folder you would like your .exe in, type a name in the file name box and click save. Also check the box that says “Hide File Extraction Progress Animation from User.” If you’re worried about long file names go ahead and click the other box as well.Step 13Since we really aren’t installing anything we probably want to tell the Configure Restart window to not restart. So choose the option that says “No restart” and hit Next.Step 14This window is where you have a chance to save all of the options you have chosen into a project file so that if necessary you may later return and make modifications. I have no need to retain the file, but if you would like to be able to come back to it, by all means choose “Save Self Extraction Directive (SED) file” and tell it where to put it. As always, click Next.Step 15Here’s where you’re new .exe is born, on the Create Package screen. Explore to the directory you told it to put the file in, click Next and then watch your little .exe’s first moments as it pops into the big digital world.Step 16You’re done! Click finish and go try it out. Pin it directly to the start menu. Point a shortcut to it and pin that to the start menu. Most importantly, script it and see how slick it is.
How to Detect a Hacker Attack
Most computer vulnerabilities can be exploited in a variety of ways. Hacker attacks may use a single specific exploit, several exploits at the same time, a misconfiguration in one of the system components or even a backdoor from an earlier attack.
Due to this, detecting hacker attacks is not an easy task, especially for an inexperienced user. This article gives a few basic guidelines to help you figure out either if your machine is under attack or if the security of your system has been compromised. Keep in mind just like with viruses, there is no 100% guarantee you will detect a hacker attack this way. However, there's a good chance that if your system has been hacked, it will display one or more of the following behaviours.
Windows machines:
Suspiciously high outgoing network traffic. If you are on a dial-up account or using ADSL and notice an unusually high volume of outgoing network (traffic especially when you computer is idle or not necessarily uploading data), then it is possible that your computer has been compromised. Your computer may be being used either to send spam or by a network worm which is replicating and sending copies of itself. For cable connections, this is less relevant - it is quite common to have the same amount of outgoing traffic as incoming traffic even if you are doing nothing more than browsing sites or downloading data from the Internet.
Increased disk activity or suspicious looking files in the root directories of any drives. After hacking into a system, many hackers run a massive scan for any interesting documents or files containing passwords or logins for bank or epayment accounts such as PayPal. Similarly, some worms search the disk for files containing email addresses to use for propagation. If you notice major disk activity even when the system is idle in conjunction with suspiciously named files in common folders, this may be an indication of a system hack or malware infection.
Large number of packets which come from a single address being stopped by a personal firewall. After locating a target (eg. a company's IP range or a pool of home cable users) hackers usually run automated probing tools which try to use various exploits to break into the system. If you run a personal firewall (a fundamental element in protecting against hacker attacks) and notice an unusually high number of stopped packets coming from the same address then this is a good indication that your machine is under attack. The good news is that if your personal firewall is reporting these attacks, you are probably safe. However, depending on how many services you expose to the Internet, the personal firewall may fail to protect you against an attack directed at a specific FTP service running on your system which has been made accessible to all. In this case, the solution is to block the offending IP temporarily until the connection attempts stop. Many personal firewalls and IDSs have such a feature built in.
Your resident antivirus suddenly starts reporting that backdoors or trojans have been detected, even if you have not done anything out of the ordinary. Although hacker attacks can be complex and innovative, many rely on known trojans or backdoors to gain full access to a compromised system. If the resident component of your antivirus is detecting and reporting such malware, this may be an indication that your system can be accessed from outside.
Unix machines:
Suspiciously named files in the /tmp folder. Many exploits in the Unix world rely on creating temporary files in the /tmp standard folder which are not always deleted after the system hack. The same is true for some worms known to infect Unix systems; they recompile themselves in the /tmp folder and use it as 'home'.
Modified system binaries such as 'login', 'telnet', 'ftp', 'finger' or more complex daemons, 'sshd', 'ftpd' and the like. After breaking into a system, a hacker usually attempts to secure access by planting a backdoor in one of the daemons with direct access from the Internet, or by modifying standard system utilities which are used to connect to other systems. The modified binaries are usually part of a rootkit and generally, are 'stealthed' against direct simple inspection. In all cases, it is a good idea to maintain a database of checksums for every system utility and periodically verify them with the system offline, in single user mode.
Modified /etc/passwd, /etc/shadow, or other system files in the /etc folder. Sometimes hacker attacks may add a new user in /etc/passwd which can be remotely logged in a later date. Look for any suspicious usernames in the password file and monitor all additions, especially on a multi-user system.
Suspicious services added to /etc/services. Opening a backdoor in a Unix system is sometimes a matter of adding two text lines. This is accomplished by modifying /etc/services as well as /etc/ined.conf. Closely monitor these two files for any additions which may indicate a backdoor bound to an unused or suspicious port.
Due to this, detecting hacker attacks is not an easy task, especially for an inexperienced user. This article gives a few basic guidelines to help you figure out either if your machine is under attack or if the security of your system has been compromised. Keep in mind just like with viruses, there is no 100% guarantee you will detect a hacker attack this way. However, there's a good chance that if your system has been hacked, it will display one or more of the following behaviours.
Windows machines:
Suspiciously high outgoing network traffic. If you are on a dial-up account or using ADSL and notice an unusually high volume of outgoing network (traffic especially when you computer is idle or not necessarily uploading data), then it is possible that your computer has been compromised. Your computer may be being used either to send spam or by a network worm which is replicating and sending copies of itself. For cable connections, this is less relevant - it is quite common to have the same amount of outgoing traffic as incoming traffic even if you are doing nothing more than browsing sites or downloading data from the Internet.
Increased disk activity or suspicious looking files in the root directories of any drives. After hacking into a system, many hackers run a massive scan for any interesting documents or files containing passwords or logins for bank or epayment accounts such as PayPal. Similarly, some worms search the disk for files containing email addresses to use for propagation. If you notice major disk activity even when the system is idle in conjunction with suspiciously named files in common folders, this may be an indication of a system hack or malware infection.
Large number of packets which come from a single address being stopped by a personal firewall. After locating a target (eg. a company's IP range or a pool of home cable users) hackers usually run automated probing tools which try to use various exploits to break into the system. If you run a personal firewall (a fundamental element in protecting against hacker attacks) and notice an unusually high number of stopped packets coming from the same address then this is a good indication that your machine is under attack. The good news is that if your personal firewall is reporting these attacks, you are probably safe. However, depending on how many services you expose to the Internet, the personal firewall may fail to protect you against an attack directed at a specific FTP service running on your system which has been made accessible to all. In this case, the solution is to block the offending IP temporarily until the connection attempts stop. Many personal firewalls and IDSs have such a feature built in.
Your resident antivirus suddenly starts reporting that backdoors or trojans have been detected, even if you have not done anything out of the ordinary. Although hacker attacks can be complex and innovative, many rely on known trojans or backdoors to gain full access to a compromised system. If the resident component of your antivirus is detecting and reporting such malware, this may be an indication that your system can be accessed from outside.
Unix machines:
Suspiciously named files in the /tmp folder. Many exploits in the Unix world rely on creating temporary files in the /tmp standard folder which are not always deleted after the system hack. The same is true for some worms known to infect Unix systems; they recompile themselves in the /tmp folder and use it as 'home'.
Modified system binaries such as 'login', 'telnet', 'ftp', 'finger' or more complex daemons, 'sshd', 'ftpd' and the like. After breaking into a system, a hacker usually attempts to secure access by planting a backdoor in one of the daemons with direct access from the Internet, or by modifying standard system utilities which are used to connect to other systems. The modified binaries are usually part of a rootkit and generally, are 'stealthed' against direct simple inspection. In all cases, it is a good idea to maintain a database of checksums for every system utility and periodically verify them with the system offline, in single user mode.
Modified /etc/passwd, /etc/shadow, or other system files in the /etc folder. Sometimes hacker attacks may add a new user in /etc/passwd which can be remotely logged in a later date. Look for any suspicious usernames in the password file and monitor all additions, especially on a multi-user system.
Suspicious services added to /etc/services. Opening a backdoor in a Unix system is sometimes a matter of adding two text lines. This is accomplished by modifying /etc/services as well as /etc/ined.conf. Closely monitor these two files for any additions which may indicate a backdoor bound to an unused or suspicious port.
Change the Password of the administrator from user mode
Hey I discovered a new idea. It was actually mistakenly discoverted when I was doing Netstat on DOS.You can change the password of any user from your account. Below is process to do this:
Open Run command from Start-->Run
Type Net user [username] *
DOS like window will pop up type your password there and you are done...
Note: remember that there is the star symbol after the username.. and avoid the brackets too... You will not see the input information while changing passwordIt works try it But do u have all the privileges of the computer. I mean not limited mode
Open Run command from Start-->Run
Type Net user [username] *
DOS like window will pop up type your password there and you are done...
Note: remember that there is the star symbol after the username.. and avoid the brackets too... You will not see the input information while changing passwordIt works try it But do u have all the privileges of the computer. I mean not limited mode
Security Features to Help Keep Your PCs Safer
1. Windows DefenderYou or your employees may get tricked into downloading spyware to your business’s PCs through e-mail messages or from “spoof” Web sites. (Spyware refers to an array of software that can be installed on a PC inadvertently, or without the user’s consent.) Windows Defender, shown below, helps protect your PCs against security threats caused by spyware.
Windows Defender does three key things to protect your PCs from spyware:
• It scans for spyware on your PC and presents you with options for ignoring, allowing, or deleting any potential threats it has quarantined.• It monitors the common entry points for spyware on your PC in real time.• It stays current on what the latest spyware threats are so it can scan for them.
Because Windows Defender takes advantage of many of the Windows Vista platform enhancements, including improved caching technology, scans run quickly. And most of the work is done in the background without requiring your intervention or attention. Windows Defender will only alert you to serious issues that require immediate action. You will stay busy and productive with the confidence that your PCs have enhanced protection while you work.
Note: Windows Vista does not include real-time virus protection. The features discussed in this article complement antivirus software but are not a substitute for third-party antivirus software.
2. User Account Control
In Microsoft Windows XP, a user must be an “administrator” to accomplish certain day-to-day tasks like changing power settings on a portable computer or installing and updating software. One of the purposes of requiring administrator privileges is to help protect PCs from harmful downloads of malicious software - or malware. Malware refers to unwanted software including worms, viruses, adware, and spyware that could delete or steal files and information from the PC.
While this scenario keeps your PCs safer, it also limits productivity because each time a standard user needs to change a basic setting or install software, the user has to locate someone with administrator privileges to help.
Windows Vista Ultimate changes all this by offering User Account Control (UAC), a feature that makes it easier to use a PC with standard user privileges. You can create separate accounts for yourself and your employees and easily set up security parameters on each account to control which Web sites and programs each user can access and install-all without additional IT support. In addition, even when you use an administrator account, you will still benefit from increased security. Most programs run with standard user permissions by default, even when you are logged in as an administrator, which limits potential damage from malware.
3. Internet Explorer 7
To help protect against cyber attacks, businesses need a higher level of protection when employees use the Web. That is why the Internet Explorer 7 browser, included with Windows Vista Ultimate, features a number of security enhancements such as stronger safeguarding of personal data and protection against malware.
A key feature of Internet Explorer 7 is the Microsoft Phishing Filter designed to keep confidential data safer. Shown below, the Phishing Filter helps protect you from attacks that occur when you enter sensitive data, such as credit card numbers, into a Web site form that looks legitimate, but is actually designed to steal confidential information.
The Phishing Filter helps protect your business by:
• Comparing the sites you visit to addresses of reported legitimate sites• Analysing the sites you visit for phishing characteristics• Sending the addresses of the sites you visit to an online service that keeps a database of known phishing sites
If a site you visit has been confirmed as a phishing site, you will be warned of its threat level and automatically redirected to a safer page. The online database of known phishing sites is an opt-in service. If desired (though not recommended), the Phishing Filter can be deactivated with a single click. Used in combination with Windows Defender, Internet Explorer 7 helps keep your PCs and data safe.
Maintain PC security
PC Security must be your first priority. Your personal computer is a common target for intruders and other malicious users because they want to access personal data such as bank account information, credit card numbers or any important data they could find.
Intruders not only steal your financial information, they could also use your computer resources – such as hard disk, processor and internet connection to attack other users. This way, law enforcement will find it difficult to solve where the attacks are coming from.
To prevent possible identity theft or computer hijack, follow these eight steps in maintaining PC security:
1. Anti-Virus Programs – These programs search and assess the contents of each computer file then removes or destroys “virus signatures”, which are known to be harmful to your computer.
2. Patch up your System – This process involves fixing the operating system and restoring different functions of your computer. Most computer vendors offer patches that are designed to fix bugs in their products. This process is repeated until the patch fixes the problem completely.
3. Email Attachment Precautions – Most unsolicited items, such as exploding packages or letter bombs, can be sent through your e-mail. Take extra precaution in opening emails to prevent any harm your computer may receive.
4. Firewall Programs – Install and use a firewall program. These programs act as a guard to your computer when looking at network traffic received from or destined for other computers. The firewall program determines if certain traffic should be allowed to continue to its destination or stopped. These programs keep the unwanted out and permit only “healthy” traffic to enter and leave your computer.
5. Data Backups – It is important that back up your data in your computer’s hard disk, external hard disk drives or any removable media. This ensures each important data will not be harmed when computer problems arise.
6. Strong Passwords – It is important to mix up several numbers, symbols and letters to strengthen password safety. An ideal length of password is around eight or more letters, numbers or symbols.
7. Download and Installation – Be careful in accepting or downloading any material online to prevent virus attacks and computer hijacks.
8. Hardware Firewall – Hardware firewall, which works similarly to firewall programs, stands between your personal computer and the Internet.
Although these steps may seem simple, remember that maintaining computer safety is a continuous process. You cannot perform these tasks once and let your computer be. Get back to each of these steps regularly and check if you need program updates.
Keeping your computer secure is in your hands. Outsmart computer hijackers by reinforcing computer safety precautions.
Windows Defender does three key things to protect your PCs from spyware:
• It scans for spyware on your PC and presents you with options for ignoring, allowing, or deleting any potential threats it has quarantined.• It monitors the common entry points for spyware on your PC in real time.• It stays current on what the latest spyware threats are so it can scan for them.
Because Windows Defender takes advantage of many of the Windows Vista platform enhancements, including improved caching technology, scans run quickly. And most of the work is done in the background without requiring your intervention or attention. Windows Defender will only alert you to serious issues that require immediate action. You will stay busy and productive with the confidence that your PCs have enhanced protection while you work.
Note: Windows Vista does not include real-time virus protection. The features discussed in this article complement antivirus software but are not a substitute for third-party antivirus software.
2. User Account Control
In Microsoft Windows XP, a user must be an “administrator” to accomplish certain day-to-day tasks like changing power settings on a portable computer or installing and updating software. One of the purposes of requiring administrator privileges is to help protect PCs from harmful downloads of malicious software - or malware. Malware refers to unwanted software including worms, viruses, adware, and spyware that could delete or steal files and information from the PC.
While this scenario keeps your PCs safer, it also limits productivity because each time a standard user needs to change a basic setting or install software, the user has to locate someone with administrator privileges to help.
Windows Vista Ultimate changes all this by offering User Account Control (UAC), a feature that makes it easier to use a PC with standard user privileges. You can create separate accounts for yourself and your employees and easily set up security parameters on each account to control which Web sites and programs each user can access and install-all without additional IT support. In addition, even when you use an administrator account, you will still benefit from increased security. Most programs run with standard user permissions by default, even when you are logged in as an administrator, which limits potential damage from malware.
3. Internet Explorer 7
To help protect against cyber attacks, businesses need a higher level of protection when employees use the Web. That is why the Internet Explorer 7 browser, included with Windows Vista Ultimate, features a number of security enhancements such as stronger safeguarding of personal data and protection against malware.
A key feature of Internet Explorer 7 is the Microsoft Phishing Filter designed to keep confidential data safer. Shown below, the Phishing Filter helps protect you from attacks that occur when you enter sensitive data, such as credit card numbers, into a Web site form that looks legitimate, but is actually designed to steal confidential information.
The Phishing Filter helps protect your business by:
• Comparing the sites you visit to addresses of reported legitimate sites• Analysing the sites you visit for phishing characteristics• Sending the addresses of the sites you visit to an online service that keeps a database of known phishing sites
If a site you visit has been confirmed as a phishing site, you will be warned of its threat level and automatically redirected to a safer page. The online database of known phishing sites is an opt-in service. If desired (though not recommended), the Phishing Filter can be deactivated with a single click. Used in combination with Windows Defender, Internet Explorer 7 helps keep your PCs and data safe.
Maintain PC security
PC Security must be your first priority. Your personal computer is a common target for intruders and other malicious users because they want to access personal data such as bank account information, credit card numbers or any important data they could find.
Intruders not only steal your financial information, they could also use your computer resources – such as hard disk, processor and internet connection to attack other users. This way, law enforcement will find it difficult to solve where the attacks are coming from.
To prevent possible identity theft or computer hijack, follow these eight steps in maintaining PC security:
1. Anti-Virus Programs – These programs search and assess the contents of each computer file then removes or destroys “virus signatures”, which are known to be harmful to your computer.
2. Patch up your System – This process involves fixing the operating system and restoring different functions of your computer. Most computer vendors offer patches that are designed to fix bugs in their products. This process is repeated until the patch fixes the problem completely.
3. Email Attachment Precautions – Most unsolicited items, such as exploding packages or letter bombs, can be sent through your e-mail. Take extra precaution in opening emails to prevent any harm your computer may receive.
4. Firewall Programs – Install and use a firewall program. These programs act as a guard to your computer when looking at network traffic received from or destined for other computers. The firewall program determines if certain traffic should be allowed to continue to its destination or stopped. These programs keep the unwanted out and permit only “healthy” traffic to enter and leave your computer.
5. Data Backups – It is important that back up your data in your computer’s hard disk, external hard disk drives or any removable media. This ensures each important data will not be harmed when computer problems arise.
6. Strong Passwords – It is important to mix up several numbers, symbols and letters to strengthen password safety. An ideal length of password is around eight or more letters, numbers or symbols.
7. Download and Installation – Be careful in accepting or downloading any material online to prevent virus attacks and computer hijacks.
8. Hardware Firewall – Hardware firewall, which works similarly to firewall programs, stands between your personal computer and the Internet.
Although these steps may seem simple, remember that maintaining computer safety is a continuous process. You cannot perform these tasks once and let your computer be. Get back to each of these steps regularly and check if you need program updates.
Keeping your computer secure is in your hands. Outsmart computer hijackers by reinforcing computer safety precautions.
Remove Brontok virus by urself
Start ur computer in safe mode with command prompt and type the followinf command to enable registry editor:-reg delete HKCU\software\microsoft\windows\currentversion\policies\system /v "DisableRegistryTools"and run HKLM\software\microsoft\windows\currentversion\policies\system /v "DisableRegistryTools"after this ur registry editor is enable type explorergo to run and type regeditthen follow the following path :-HKLM\Software\Microsoft\Windows\Currentversion\Runon the right side delete the entries which contain 'Brontok' and 'Tok-' words.after that restart ur systemopen registry editor and follow the path to enable folder option in tools menuHKCU\Software\Microsoft\Windows\Currentversion\Policies\Explorer\ 'NoFolderOption'delete this entry and restart ur computerand search *.exe files in all drives (search in hidden files also)remove all files which are display likes as folder icon.ur computer is completely free from virus brontok
Task Manager or Registry Editor Disabled?
Enabling Task Manager *you must have administrative access in your PC to do this.
Method 1
Click Start, Run and type this command exactly as given below: (better - Copy and paste)
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t
Method 2
Click Start, Run and type Regedit.exe
Navigate to the following branch:
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies\ System
· n the right-pane, delete the value named DisableTaskMgr
· Close Regedit.exe
Method 3: Using Group Policy Editor - for Windows XP Professional
Click Start, Run, type gpedit.msc and click OK.
Navigate to this branch:
User Configuration / Administrative Templates / System / Ctrl+Alt+Delete Options / Remove Task Manager
Double-click the Remove Task Manager option.
Set the policy to Not Configured.
Enabling Registry Editor *Administrative access to PC requiredFrom a command prompt click START RUN and in the run box type CMD and press Enter.Copy the following codesREG DELETE HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryToolsIf the above code fails then tryREG DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryToolsif you don't know how to copy in DOS then just copy those above codes in RUN command and go....
Method 1
Click Start, Run and type this command exactly as given below: (better - Copy and paste)
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t
Method 2
Click Start, Run and type Regedit.exe
Navigate to the following branch:
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies\ System
· n the right-pane, delete the value named DisableTaskMgr
· Close Regedit.exe
Method 3: Using Group Policy Editor - for Windows XP Professional
Click Start, Run, type gpedit.msc and click OK.
Navigate to this branch:
User Configuration / Administrative Templates / System / Ctrl+Alt+Delete Options / Remove Task Manager
Double-click the Remove Task Manager option.
Set the policy to Not Configured.
Enabling Registry Editor *Administrative access to PC requiredFrom a command prompt click START RUN and in the run box type CMD and press Enter.Copy the following codesREG DELETE HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryToolsIf the above code fails then tryREG DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryToolsif you don't know how to copy in DOS then just copy those above codes in RUN command and go....
Places Where Viruses and Trojan Hide
1. START-UP FOLDER.
WINDOWS opens every item in the Start Menu's Start Up folder. This folder is prominent in the Programs folder of the Start Menu.Notice that I did not say that WINDOWS "runs" every program that is represented in the Start Up folder. It means "opens every item." There's an important difference.Programs represented in the Start Up folder will run, of course. But you can have shortcuts in the Start Up folder that represent documents, not programs.For example, if you put a MICROSOFT Word document in the Start Up folder, Word will run and automatically open that document at bootup; if you put a WAV file there, your audio software will play the music at bootup, and if you put a Web-page Favourites there, Internet Explorer (or your own choice of a browser) will run and open that Web page for you when the computer starts up. (The examples cited here could just as easily be shortcuts to a WAV file or a Word document, and so on.)2. REGISTRY.
WINDOWS executes all instructions in the "Run" section of the WINDOWS Registry. Items in the "Run" section (and in other parts of the Registry listed below) can be programs or files that programs open (documents), as explained in No. 1 above.3. REGISTRY.
WINDOWS executes all instructions in the "RunServices" section of the Registry.4. REGISTRY.
WINDOWS executes all instructions in the "RunOnce" part of the Registry.5. REGISTRY.
WINDOWS executes instructions in the "RunServicesOnce" section of the Registry. (WINDOWS uses the two "RunOnce" sections to run programs a single time only, usually on the next bootup after a program installation.)[/b][/color]6. REGISTRY.
WINDOWS executes instructions in the HKEY_CLASSES_ROOTexefileshellopencommand "%1" %* section of the Registry. Any command imbedded here will open when any exe file is executed.Other possibles:[HKEY_CLASSES_ROOTexefileshellopencommand] =""%1" %*"[HKEY_CLASSES_ROOTcomfileshellopencommand] =""%1" %*"[HKEY_CLASSES_ROOTbatfileshellopencommand] =""%1" %*"[HKEY_CLASSES_ROOThtafileShellOpenCommand] =""%1" %*"[HKEY_CLASSES_ROOTpiffileshellopencommand] =""%1" %*"[HKEY_LOCAL_MACHINESoftwareCLASSESbatfileshellopenc ommand] =""%1"%*"[HKEY_LOCAL_MACHINESoftwareCLASSEScomfileshellopenc ommand] =""%1"%*"[HKEY_LOCAL_MACHINESoftwareCLASSESexefileshellopenc ommand] =""%1" %*"[HKEY_LOCAL_MACHINESoftwareCLASSEShtafileShellOpenC ommand] =""%1"%*"[HKEY_LOCAL_MACHINESoftwareCLASSESpiffileshellopenc ommand] =""%1" %*"If keys don't have the ""%1" %*" value as shown, and are changed to something like ""somefilename.exe %1" %*" than they are automatically invoking the specified file.7. BATCH FILE.
WINDOWS executes all instructions in the Winstart batch file, located in the WINDOWS folder. (This file is unknown to nearly all WINDOWS users and most W*NDOW$ experts, and might not exist on your system. You can easily create it, however. Note that some versions of W*NDOW$ call the WINDOWS folder the "WinNT" folder.) The full filename is WINSTART.BAT.8. INITIALIZATION FILE.
WINDOWS executes instructions in the "RUN=" line in the WIN.INI file, located in the WINDOWS (or WinNT) folder.9. INITIALIZATION FILE.
WINDOWS executes instructions in the "LOAD=" line in the WIN.INI file, located in the WINDOWS (or WinNT) folder.It also runs things in shell= in System.ini or c:WINDOWS system.ini:[boot] shell=explorer.exe C:W*NDOW$filenameThe file name following explorer.exe will start whenever WINDOWS starts.As with Win.ini, file names might be preceeded by considerable space on such a line, to reduce the chance that they will be seen. Normally, the full path of the file will be included in this entry. If not, check the WINDOWS directory10. RELAUNCHING.
WINDOWS reruns programs that were running when WINDOWS shut down. WINDOWS cannot do this with most non-MICROSOFT programs, but it will do it easily with Internet Explorer and with WINDOWS Explorer, the file-and-folder manager built into WINDOWS. If you have Internet Explorer open when you shut WINDOWS down, WINDOWS will reopen IE with the same page open when you boot up again. (If this does not happen on your WINDOWS PC, someone has turned that feature off. Use Tweak UI, the free MICROSOFT WINDOWS user interface manager, to reactivate "Remember Explorer settings," or whatever it is called in your version of WINDOWS.)11. TASK SCHEDULER.
WINDOWS executes autorun instructions in the WINDOWS Task Scheduler (or any other scheduler that supplements or replaces the Task Scheduler). The Task Scheduler is an official part of all WINDOWS versions except the first version of WINDOWS 95, but is included in WINDOWS 95 if the MICROSOFT Plus Pack was installed.12. SECONDARY INSTRUCTIONS.
Programs that WINDOWS launches at startup are free to launch separate programs on their own. Technically, these are not programs that WINDOWS launches, but they are often indistinguishable from ordinary auto-running programs if they are launched right after their "parent" programs run.13.C:EXPLORER.EXE METHOD.C:Explorer.exeWINDOWS loads explorer.exe (typically located in the WINDOWS directory)during the boot process. However, if c:explorer.exe exists, it will be executed instead of the WINDOWS explorer.exe. If c:explorer.exe is corrupt, the user will effectively be locked out of their system after they reboot.If c:explorer.exe is a trojan, it will be executed. Unlike all other autostart methods, there is no need for any file or registry changes - the file just simply has to be named c:explorer.exe14. ADDITIONAL METHODS.Additional autostart methods. The first two are used by Trojan SubSeven 2.2.HKEY_LOCAL_MACHINESoftwareMICROSOFTActive SetupInstalled ComponentsHKEY_LOCAL_MACHINESoftwareMICROSOFTWINDOWSCurrentv ersionexplorerUsershell foldersIcq Inet[HKEY_CURRENT_USERSoftwareMirabilisICQAgentAppstest]"Path"="test.exe""Startup"="c:test""Parameters"="""Enable"="Yes"[HKEY_CURRENT_USERSoftwareMirabilisICQAgentApps]This key specifies that all applications will be executed if ICQNET Detects an Internet Connection.[HKEY_LOCAL_MACHINESoftwareCLASSESShellScrap] ="Scrap object""NeverShowExt"=""This key changes your file's specified extension.
WINDOWS opens every item in the Start Menu's Start Up folder. This folder is prominent in the Programs folder of the Start Menu.Notice that I did not say that WINDOWS "runs" every program that is represented in the Start Up folder. It means "opens every item." There's an important difference.Programs represented in the Start Up folder will run, of course. But you can have shortcuts in the Start Up folder that represent documents, not programs.For example, if you put a MICROSOFT Word document in the Start Up folder, Word will run and automatically open that document at bootup; if you put a WAV file there, your audio software will play the music at bootup, and if you put a Web-page Favourites there, Internet Explorer (or your own choice of a browser) will run and open that Web page for you when the computer starts up. (The examples cited here could just as easily be shortcuts to a WAV file or a Word document, and so on.)2. REGISTRY.
WINDOWS executes all instructions in the "Run" section of the WINDOWS Registry. Items in the "Run" section (and in other parts of the Registry listed below) can be programs or files that programs open (documents), as explained in No. 1 above.3. REGISTRY.
WINDOWS executes all instructions in the "RunServices" section of the Registry.4. REGISTRY.
WINDOWS executes all instructions in the "RunOnce" part of the Registry.5. REGISTRY.
WINDOWS executes instructions in the "RunServicesOnce" section of the Registry. (WINDOWS uses the two "RunOnce" sections to run programs a single time only, usually on the next bootup after a program installation.)[/b][/color]6. REGISTRY.
WINDOWS executes instructions in the HKEY_CLASSES_ROOTexefileshellopencommand "%1" %* section of the Registry. Any command imbedded here will open when any exe file is executed.Other possibles:[HKEY_CLASSES_ROOTexefileshellopencommand] =""%1" %*"[HKEY_CLASSES_ROOTcomfileshellopencommand] =""%1" %*"[HKEY_CLASSES_ROOTbatfileshellopencommand] =""%1" %*"[HKEY_CLASSES_ROOThtafileShellOpenCommand] =""%1" %*"[HKEY_CLASSES_ROOTpiffileshellopencommand] =""%1" %*"[HKEY_LOCAL_MACHINESoftwareCLASSESbatfileshellopenc ommand] =""%1"%*"[HKEY_LOCAL_MACHINESoftwareCLASSEScomfileshellopenc ommand] =""%1"%*"[HKEY_LOCAL_MACHINESoftwareCLASSESexefileshellopenc ommand] =""%1" %*"[HKEY_LOCAL_MACHINESoftwareCLASSEShtafileShellOpenC ommand] =""%1"%*"[HKEY_LOCAL_MACHINESoftwareCLASSESpiffileshellopenc ommand] =""%1" %*"If keys don't have the ""%1" %*" value as shown, and are changed to something like ""somefilename.exe %1" %*" than they are automatically invoking the specified file.7. BATCH FILE.
WINDOWS executes all instructions in the Winstart batch file, located in the WINDOWS folder. (This file is unknown to nearly all WINDOWS users and most W*NDOW$ experts, and might not exist on your system. You can easily create it, however. Note that some versions of W*NDOW$ call the WINDOWS folder the "WinNT" folder.) The full filename is WINSTART.BAT.8. INITIALIZATION FILE.
WINDOWS executes instructions in the "RUN=" line in the WIN.INI file, located in the WINDOWS (or WinNT) folder.9. INITIALIZATION FILE.
WINDOWS executes instructions in the "LOAD=" line in the WIN.INI file, located in the WINDOWS (or WinNT) folder.It also runs things in shell= in System.ini or c:WINDOWS system.ini:[boot] shell=explorer.exe C:W*NDOW$filenameThe file name following explorer.exe will start whenever WINDOWS starts.As with Win.ini, file names might be preceeded by considerable space on such a line, to reduce the chance that they will be seen. Normally, the full path of the file will be included in this entry. If not, check the WINDOWS directory10. RELAUNCHING.
WINDOWS reruns programs that were running when WINDOWS shut down. WINDOWS cannot do this with most non-MICROSOFT programs, but it will do it easily with Internet Explorer and with WINDOWS Explorer, the file-and-folder manager built into WINDOWS. If you have Internet Explorer open when you shut WINDOWS down, WINDOWS will reopen IE with the same page open when you boot up again. (If this does not happen on your WINDOWS PC, someone has turned that feature off. Use Tweak UI, the free MICROSOFT WINDOWS user interface manager, to reactivate "Remember Explorer settings," or whatever it is called in your version of WINDOWS.)11. TASK SCHEDULER.
WINDOWS executes autorun instructions in the WINDOWS Task Scheduler (or any other scheduler that supplements or replaces the Task Scheduler). The Task Scheduler is an official part of all WINDOWS versions except the first version of WINDOWS 95, but is included in WINDOWS 95 if the MICROSOFT Plus Pack was installed.12. SECONDARY INSTRUCTIONS.
Programs that WINDOWS launches at startup are free to launch separate programs on their own. Technically, these are not programs that WINDOWS launches, but they are often indistinguishable from ordinary auto-running programs if they are launched right after their "parent" programs run.13.C:EXPLORER.EXE METHOD.C:Explorer.exeWINDOWS loads explorer.exe (typically located in the WINDOWS directory)during the boot process. However, if c:explorer.exe exists, it will be executed instead of the WINDOWS explorer.exe. If c:explorer.exe is corrupt, the user will effectively be locked out of their system after they reboot.If c:explorer.exe is a trojan, it will be executed. Unlike all other autostart methods, there is no need for any file or registry changes - the file just simply has to be named c:explorer.exe14. ADDITIONAL METHODS.Additional autostart methods. The first two are used by Trojan SubSeven 2.2.HKEY_LOCAL_MACHINESoftwareMICROSOFTActive SetupInstalled ComponentsHKEY_LOCAL_MACHINESoftwareMICROSOFTWINDOWSCurrentv ersionexplorerUsershell foldersIcq Inet[HKEY_CURRENT_USERSoftwareMirabilisICQAgentAppstest]"Path"="test.exe""Startup"="c:test""Parameters"="""Enable"="Yes"[HKEY_CURRENT_USERSoftwareMirabilisICQAgentApps]This key specifies that all applications will be executed if ICQNET Detects an Internet Connection.[HKEY_LOCAL_MACHINESoftwareCLASSESShellScrap] ="Scrap object""NeverShowExt"=""This key changes your file's specified extension.
Make Annoying Internet Popups !!!
Hi friends....today, I'll tell you guys how to construct annoying internet popups.Just follow the steps given below....1. Open Notepad. This is achieved from Start->Programs->Accessories->Notepad.2. Now type in the following in a notepad file:start iexplore.exe http://google.com3. Save the file with .bat extension.(For example: game.bat .This is the most important step to be noted)4. The above file will produce only one popup with Internet Explorer opening http://google.com.5. You can increase the number of popups by copying the code mant times as:start iexplore.exe http://google.comstart iexplore.exe http://google.comstart iexplore.exe http://google.comstart iexplore.exe http://google.comNow this will open four popups. You can change Google to Yahoo or any other site.Even browser can be changed from IE to Firefox by using Firefox.exe instead of iexplore.exe.So friends enjoy this trick...Enjoy HaCkInG......
HACK: Shutdown someone's pc over msn...
1) Right click on desk top, and then go New, then Shortcut.2) Then in the "type location of the item" you want to type:%windir%\system32\shutdown.exe -s -t 120 -c "This is a virus"You can change "this is a virus" to anything you would like that's just the message that will appear.The 120 you typed in can also be change at will, this is simply the amount of time they receive in till there computer will shutdown.Once the code has been entered as you have seen above click next.My advice would be to rename it something like.... wicked game, hardcore porn. Depends on the victims age and sex. But make sure you call it something good or the victim won't bother clicking on it.After you have given it a name click on finish.You should now have an icon on your desktop that is called "wicked game" or whatever name you gave it.It is also advised you change the icon to something different.3) Change name and icon.4) Now to send it to some one you need to make a compressed file.This can be done by right clicking on the desktop, New, Compressed file (zipped)Then another folder should appear on your desktop click on this and drag your shutdown virus into the zipped folder.5) Once your shutdown virus is in your compressed folder rename it.Make sure to give it a similar name as to the file inside it like "Great Game.zip"Don't forget to add the .zip at the end.WARNING! Make sure when you rename the compressed folder to add .zip at the end it is very important.Now feel free to send it to anyone you...... dislike greatly.As a safe guard I will tell you how to stop the shutdown count down. Just encase you ever click it your self LOLOk go to start, run, type cmd, then in cmd type: shutdown -a
XP REGISTRY CONT...
Easy Text Size Change in Help & IE Tip:I mentioned a way that you can change the size of the text that is display in the Help file and in Internet Explorer. As it turns out if you have a "wheel mouse," there is an even easier way to change the text size. In Internet Explorer or when viewing a Help file, simply hold the ctrl key while you spin the mouse wheel up to increase text size, or down to decrease text size.Java VM: Java applets run in Internet Explorer 6 (a component of Windows XP) just as they run in older versions of Internet Explorer. The Java VM is not installed as part of the typical installation, but is installed on demand when a user encounters a page that uses a Java Applet. For more information see the Microsoft Technologies for Java Web site.--------------------------------------------------------------------------------Windows XP Shutdown and Power Off Tip:On some computers, by default, Windows XP doesn't power off the computer when you tell it to shut down. However, if your computer is relatively new, it can probably by shut completely off by WinXP. To configure your computer for this behavior, simply open the Control Panel, open Performance and Maintenance, then Power Options. On the APM tab, check next to "Enable Advanced Power Management support," then click OK. The next time you choose "Shut Down" from the Start Menu, your computer should shut down completely and then power off.Customize Explorer Toolbar Tip:--------------------------------------------------------------------------------Customize Explorer Toolbar Tip:In Windows Explorer, you can customize the toolbar to make Explorer even more handy. The Toolbar is the bar of icons directly underneath the menu bar. It contains icons for going back, up one level, displaying folders or search, etc. You can right-click an open area of this Toolbar and choose Customize to change the order of these icons, and even to add new icons to it. For instance, I like to add the Map Drive and Disconnect buttons. In Windows XP, you may have to unlock the Taskbar before you can make changes in Windows Explorer.Lock the Taskba - If you find that your Windows XP Taskbar keeps being changed, or moved to one side or the top of your screen, and you didn't mean to have it do that, this tip is for you. Once you have your Task Bar arranged the way you like it, in the right location on the screen, and with all the right toolbars and icons, you can lock it, so that it won't get changed accidentally. To lock the Taskbar, simply right click it and choose Properties. In the window that appears, check the box (click) next to "Lock the Taskbar." Now you won't accidentally bump the mouse and have your Task bar end up on another side of the screen. --------------------------------------------------------------------------------Check Personal Firewall Status Tip:In the previous tip, I mention how to turn on Windows XP's Personal Firewall feature. But once you turn it on, your connection looks just the same as it did before. How can you check the status of the connection and the firewall? Simply open Control Panel from the Start Menu, open Internet and Network Connections, then Network Connections. By default the view is of large icons. Click the View Menu, and choose "details" in order to reveal several more columns of information about the connections that your computer has. Check the Status column to see if your connection is currently connected, and whether or not it is "firewalled." You can even drag the column headings around (I like to slide the Status column right next to the Name column. You can even remove entire columns by right-clicking the column heading and unchecking it.Where does Window's Product Id get stored Tip:By RaymondThere are two places at least where ProductId gets stored. To see the first place, open Registry by going to START-RUN and entering REGEDIT and Navigate to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion]. In right pane, look for key by the name "ProductId". This is your Windows Product Id. Alternatively you can navigate to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion] and still find same field with the name ProductId. --------------------------------------------------------------------------------You can Keep Your Favorite Programs on Top of the Start Menu tip: Do you have a favorite program that you frequently use? Elevate its priority on the Start menu by putting it at the top of the list. This ensures that the program will remain on the Start menu and cannot be bumped by other programs, even if you use the others more frequently.Right-click the link to your favorite program on the Start menu and select Pin to Start Menu.Your program will be moved permanently to the top part of the list, just below your browser and e-mail programs. --------------------------------------------------------------------------------Having problems with Outlook Express ? Does it ask for password everytime you connect tip: If this is problem for you. Sometimes no matter what you do, Outlook Express forgets your password and asks you to enter it again each and every time you connect to your mail server.I have a solution that may work for you. Open Registry by going to START-RUN and entering REGEDIT and Navigate to HKEY_CURRRENT USER\Software\Microsoft and look for "Protected Storage System Provider". There is a good chance that you will see this folder. If you have it. Simply delete it. More than likely, you have solved your problem.--------------------------------------------------------------------------------How to avoid autoplay of CD ? Way I like best tip.Hey this time no registry trick even though there are ways in registry to do it. In earlier operating systems only those CD that had autorun.inf file in their root directory were able to execute on its own but with advent of WINDOWS XP it has become possible with just about anything. Well sometimes it is good but there are other times when you want to avoid this part of automation. What would I do. Simply press SHIFT key when you enter a CD in your CD drive. It won't Auto play. For those of you, who do want a registry hack. Here it is: Open Registry and navigate to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] and look for key "NoDriveTypeAutoRun" and set its value to 185 (decimal). This would stop autoplay.--------------------------------------------------------------------------------This tip to speed up the Start Menu in Windows XP.Did you know you can customize the speed of the Start Menu by editing a Registry Key. * Click Start, and then click Run.* Type Regedit in the box, and then click OK.* Expand the menu in the left panel and select the HKEY_CURRENT_USER\Control Panel\Desktop folder.* Scroll down in the right panel and double click on the MenuShowDelay file.* In the Value Data box, change to default value for the menu speed from 400 to a lesser number, such as 1.*Click OK. Caution: Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you may want to back up any valued data on your computer. --------------------------------------------------------------------------------Customizing Windows Explorer Context menu (right click menu in windows explorer) Ever wondered how does the right click menu (which is actually a context menu) work ? For example, when I right click in windows explorer, I see an option which says "open command window here". Do You know why I see this ? Well I see this because I have following entries in my registry.[HKEY_CLASSES_ROOT\Drive\shell\cmd]@="Open Command Window Here" [HKEY_CLASSES_ROOT\Drive\shell\cmd\command]@="C:\WINDOWS\System32\cmd.exe /k cd "%1""If You have never used a tweaking utility and have newly installed Windows XP, You would not see this option. You would have to navigate to [[HKEY_CLASSES_ROOT\Drive] go and create two subkeys ("cmd" and within that "command" and would have to put the text "Open Command Window Here" without quotes in default string value of "cmd" key and the text "C:\WINDOWS\System32\cmd.exe /k CD"%1"" without quotes in default string value of command key). After this You need to REBOOT for these changes to take effect.Trick is in adding similar entries for other applications as well even though its much harder to come with ideas about what to put in the context menu!!!! .
HACK XP VIA REGISTRY
XP Tricks and Tips:Display Your Quick Launch ToolbarTip: Is your Quick Launch toolbar missing from the taskbar?To display your familiar Quick Launch toolbar:Right-click an empty area on the taskbar, click Toolbars, and then click Quick Launch. Easy as that your Quick Launch bar appears. To add items to your Quick Launch toolbar, click the icon for the program you want to add, and drag it to the Quick Launch portion of the taskbar. --------------------------------------------------------------------------------How to remove recycle bin from your desktop Tip:Open Regedit by going to START - RUN and type Regedit and hit enter. Then you should navigate to following entry in registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E} and delete it. This action should remove recycle bin from your desktop. --------------------------------------------------------------------------------How to stop new programs installed balloon from coming up tip:Right click on START button and select properties. Click on Customize and go to Advanced tab and deselect check box saying "Highlight newly installed programs". This would help you stop this annoying feature from popping up every now and then.--------------------------------------------------------------------------------Unlock Toolbars to Customize Them Tip: The new Windows XP now features locking toolbars, and you can adjust them. You may customize a lot of the Windows XP features such as the Taskbar, Start Menu, and even toolbar icons in Internet Explorer and Outlook Express. Remember your right-click:* Right-click on a toolbar, and then click Lock the Toolbars to remove the check mark.* Right-click on the toolbar again, and then click Customize. You may add or remove toolbar buttons, change text options and icon options. When you've got the toolbar customized, click Close. Now right-click on the toolbar and then click Lock the Toolbars to lock them in place. com--------------------------------------------------------------------------------Want to remove shared documents folder from My Computer window tip: Some don't like my shared documents folder option. If you are one of that, here is a trick to remove it.Open registry editor by going to START-RUN and entering regedit. Once in registry, navigate to key HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ My Computer \ NameSpace \ DelegateFolders You must see a sub-key named {59031a47-3f72-44a7-89c5-5595fe6b30ee}. If you delete this key, you have effectively removed the my shared documents folder.----------------------------------------------------------------------------------------------------------------------------------------------------------------How to improve on shutdown time ? Close apps automatically & quickly at shutdown tip:Open Registry by going to START-RUN and typing REGEDIT. Navigate to HKEY_CURRENT_USER\CONTROL PANEL\DESKTOP and look for AutoEndTasks. On my computer default value is 0. Change it to 1. Thats all. Further more you can reduce the time it takes for Windows to issue kill directive to all active/hung applications. In doing this only constraint that you should make sure exists is that HungAppTimeout is greater than WaitToKillAppTimeout. Change the values of WaitToKillAppTimeout to say 3500 (since default value for HungAppTimeout 5000 and for WaitToKillAppTimeout is 20000)--------------------------------------------------------------------------------Are you missing icons Tip:Are you missing icons? You may be wondering where all the icons from your desktop are in Windows XP? Well if you're like me, you like to have at least My Computer, My Network Places, and My Documents on the your desktop. You need to: * Right-click on the desktop, and then click Properties.* Click the Desktop tab and then click on Customize Desktop.* Put a check mark in the box next to My Document, My Computer, My Network Places, or Internet Explorer, to add those familiar icons to your desktop. Easy yes! --------------------------------------------------------------------------------How to login as administrator if you don't see it available tip:Unless and until you have run into issues and fixing XP (underwhich case you have to go to Safe Mode to login as Administrator), you can get to administrator screen by simply pressing CTRL+ALT+DELETE twice at the main screen.--------------------------------------------------------------------------------Speedup boot up sequence by defragmenting all key boot files tip:Open Registry by going to START-RUN and typing REGEDIT. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction. In right hand panel look for Enable. Right click on it and set it 'Y' for enable. This is the way I have it set on my computer. This will help speedup boot time.Use a Shortcut to Local Area Network Connection Information:--------------------------------------------------------------------------------Use a Shortcut to Local Area Network Connection Information Tip:Here's something new in Windows XP, instead of using the command line program and typing ipconfig to get local area network information, you can try using the following shortcut:* Click on Start, point to Connect to, and then click Show All Connections.* Right–click the connection you want information about, and then click Status.* In the connection Properties dialog box, click the Support tab.* For more information, click on the Advanced tab. To automatically enable the status monitor each time the connection is active, in the connection Properties dialog box, select the Show icon in taskbar notification area when connected check box.--------------------------------------------------------------------------------Do you know you can have Virtual Desktops (like in Linux) with PowerToys ?If you have powertoys installed on Windows XP Its available for free at Microsoft download webpage. It is very easy to enable Microsoft Virtual Desktop Feature. Simply right click on the Start Panel Bar also called TaskBar, Click on Tool Bar and select Desktop manager. You would see a set of 5 icons placed on the right portion of the TAskBar. Click on number 1 to 4 to go to any of the desktops. Now you have have four different Active Desktops.IMPORTANT NOTE: You may see a little degradation in performance. --------------------------------------------------------------------------------Customize Internet. Explorer Title bar tip:This tip won't make your computer any faster but may help personalize your computer experience. Open Registry by going to START-RUN and typing REGEDIT. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Internet. Explorer\Main. In right hand panel look for string "Window Title" and change its value to whatever custom text you want to see. --------------------------------------------------------------------------------adding content to Right click credit : ashwin C1Once done, you will be able to right click any file or folder and use the Browse for Folder dialog to choose the location you want to move or copy your file or folder to, without having to go to the destination path.First we will add the copy and move options to the right click menu of all FILES.CLICK Start>Run, type REGEDIT and click OK to open up the registry editor and make your way to this key:HKEY_CLASSES_ROOT->*->shellex->ContextMenuHandlersRight click the ContextMenuHandlers key and choose New>Key.Name the new key “Copy To� (without the quotes).Repeat the above and create another new key named Move To.You should now have two new subkeys under the ContextMenuHandlers key:HKEY_CLASSES_ROOT->*->shellex->ContextMenuHandlers\Copy ToHKEY_CLASSES_ROOT->*->shellex->ContextMenuHandlers\Move ToSelect the Copy To key and in the right hand pane, double click “Default�Enter this clsid value as the value data:{C2FBB630-2971-11d1-A18C-00C04FD75D13}Next , select the Move To key and in the right hand pane set the default value to:{C2FBB631-2971-11d1-A18C-00C04FD75D13}This now takes care of the Copy and Move options for the right click context menu of all your files.Now all that is left is to add the same options to the right click menu of all your folders.The procedure will be the same as for files but at a different key:HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHan dlersRight click ContextMenuHandlers and create a new key named Copy To.Right click it again and create another new key named Move To.left click on the right hand pane, add the same default values as you did for Files:For Copy To:{C2FBB630-2971-11d1-A18C-00C04FD75D13}For the Move To:{C2FBB631-2971-11d1-A18C-00C04FD75D13}Exit the registry and you are done.Now when you right click on a file or folder, you should see two new options: Copy to Folder and Move to Folder
CONQUER XP PROBLEMS...
1) When i try to access my task manager(Ctr+Alt+Del)...it displays message'task manger has been disabled by ur administrator'..., and also i cant access my registry too..!!what may have caused this problem....is it becos of some VIRUS...????how can i repair this without re installing...?? any particular software??
1: Close the IE browser. Log out messenger / Remove Internet Cable.2: To enable RegeditClick Start, Run and type this command exactly as given below: (better - Copy and paste)REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f3: To enable task manager : (To kill the process we need to enable task manager)Click Start, Run and type this command exactly as given below: (better - Copy and paste)REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f4: Now we need to change the default page of IE though regedit.Start>Run>RegeditFrom the below locations in Regedit chage your default home page to google.com or other.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MainHKEY_ LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MainHKEY_USERS\Default\Software\Microsoft\Internet Explorer\MainJust replace the attacker site with google.com or set it to blank page.5: Now we need to kill the process from back end. Press Ctrl + Alt + DelKill the process svhost32.exe . ( may be more than one process is running.. check properly)6: Delete svhost32.exe , svhost.exe files from Windows/ & temp/ directories. Or just search for svhost in your comp.. delete those files.7: Go to regedit search for svhost and delete all the results you get.Start menu > Run > Regedit >8: Restart the computer. That’s it now you are virus free.it works !!
2)I don't have IIS( Internet Information Services) windows componet on my system
As far as I know one can't have IIS running on XP Home. I think u will have to upgrade it to XP Prof. in proff That's simple get the Win XP CD, go to control panel-->add/remove programs and then to add/remove windows components. There u will find the option for adding IIS, just check the checkbox and follow the instructions. You r done!!
3) Folder Option Vanished
IF U WANT UR FILES THT WERE HIDDEN U CAN TYPE *.* IN SEARCH AND ALSO TICK THE OPTION "INCLUDE HIDDEN FILES".NOW SEARCH IN THE DRIVE IN WHICH U STORED UR FILES, U WILL GET UR FILES BUT TO GET BACK THE OPTION U EITHER HAVE TO REINSTALL WINDOWS OR REPAIR IT. well this is as far as i know..
4) My volume icon is not showing in taskbar, Yet It's Enable From Control Panel > Sound And devices
Assuming that you have tried the basic steps i am directly trying with the most possible solutions. This issue most commmonly occurs because the settings are not saved. Also there might be some startup program which is diabling the Systray.exe from loading up.Try this...1) Re-enable the volume icon by disabling and then enabling Place volume icon in the taskbar in the Sound and Audio applet.2) Then copy the following text which is in red into a notepad file and then save it as "fix.reg". Please make sure that there is no .txt extension after that.Windows Registry Editor Version 5.00[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]"NoSaveSettings"=dword:00000000[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"SystemTray"="SysTray.Exe"3) Merge the file to the registry by simply double clicking on it.4) RebootThis should definitely work. Please reply back with the status.Cheers:shared frm internet (bond)
5)Whenever i try d'loading stuff from the net, the download starts and the comp just restarts. due to dis i have to install d'load managers wich i hate. help needed anyone. i have win xp!
If the computer just restarts itself, it cud possibly be an application crash..check the Dr.watson log for details..START-RUN- drwtsn32.check the path for the log here... open the log and check which application is causing the crash.turn of automatic reboot,cos you wud miss it if there is a BSOD being generated.or may be u could try this one outGo to Start>Run--Type 'services.msc', hit ENTERScroll down to a service called Remote Procedure Call, right click, go to properties, there will be a tab named Recover Action, change it to 'Take No Action' if it's not already selected. Your problem should be solved for the time being. Also look for all network related srvices DNS, TCP-IP and also Windows Firewall/ICS service if you're on LAN/WAN, see that all of these are set to Automatic or Manual. Reply to me with results
6)I accidentally deleted the Show Desktop icon which sits normally on the bottom left hand corner of the Taskbar. How do I restore the icon?
Click Start, Run and type the following command:regsvr32 /n /i:U shell32.dllThe Show Desktop icon file should be available now.orClick Start, Run, and type Notepad.exe. Copy the following contents to Notepad.[Shell]Command=2IconFile=explorer.exe,3[Taskbar]Command=ToggleDesktopSave the file as - : Show Desktop.scf. Now, drag the file to the Quick Launch Toolbar. (Notepad might automatically append a .txt extension to the file name. Remove this extension if present.)
1: Close the IE browser. Log out messenger / Remove Internet Cable.2: To enable RegeditClick Start, Run and type this command exactly as given below: (better - Copy and paste)REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f3: To enable task manager : (To kill the process we need to enable task manager)Click Start, Run and type this command exactly as given below: (better - Copy and paste)REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f4: Now we need to change the default page of IE though regedit.Start>Run>RegeditFrom the below locations in Regedit chage your default home page to google.com or other.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MainHKEY_ LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MainHKEY_USERS\Default\Software\Microsoft\Internet Explorer\MainJust replace the attacker site with google.com or set it to blank page.5: Now we need to kill the process from back end. Press Ctrl + Alt + DelKill the process svhost32.exe . ( may be more than one process is running.. check properly)6: Delete svhost32.exe , svhost.exe files from Windows/ & temp/ directories. Or just search for svhost in your comp.. delete those files.7: Go to regedit search for svhost and delete all the results you get.Start menu > Run > Regedit >8: Restart the computer. That’s it now you are virus free.it works !!
2)I don't have IIS( Internet Information Services) windows componet on my system
As far as I know one can't have IIS running on XP Home. I think u will have to upgrade it to XP Prof. in proff That's simple get the Win XP CD, go to control panel-->add/remove programs and then to add/remove windows components. There u will find the option for adding IIS, just check the checkbox and follow the instructions. You r done!!
3) Folder Option Vanished
IF U WANT UR FILES THT WERE HIDDEN U CAN TYPE *.* IN SEARCH AND ALSO TICK THE OPTION "INCLUDE HIDDEN FILES".NOW SEARCH IN THE DRIVE IN WHICH U STORED UR FILES, U WILL GET UR FILES BUT TO GET BACK THE OPTION U EITHER HAVE TO REINSTALL WINDOWS OR REPAIR IT. well this is as far as i know..
4) My volume icon is not showing in taskbar, Yet It's Enable From Control Panel > Sound And devices
Assuming that you have tried the basic steps i am directly trying with the most possible solutions. This issue most commmonly occurs because the settings are not saved. Also there might be some startup program which is diabling the Systray.exe from loading up.Try this...1) Re-enable the volume icon by disabling and then enabling Place volume icon in the taskbar in the Sound and Audio applet.2) Then copy the following text which is in red into a notepad file and then save it as "fix.reg". Please make sure that there is no .txt extension after that.Windows Registry Editor Version 5.00[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]"NoSaveSettings"=dword:00000000[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"SystemTray"="SysTray.Exe"3) Merge the file to the registry by simply double clicking on it.4) RebootThis should definitely work. Please reply back with the status.Cheers:shared frm internet (bond)
5)Whenever i try d'loading stuff from the net, the download starts and the comp just restarts. due to dis i have to install d'load managers wich i hate. help needed anyone. i have win xp!
If the computer just restarts itself, it cud possibly be an application crash..check the Dr.watson log for details..START-RUN- drwtsn32.check the path for the log here... open the log and check which application is causing the crash.turn of automatic reboot,cos you wud miss it if there is a BSOD being generated.or may be u could try this one outGo to Start>Run--Type 'services.msc', hit ENTERScroll down to a service called Remote Procedure Call, right click, go to properties, there will be a tab named Recover Action, change it to 'Take No Action' if it's not already selected. Your problem should be solved for the time being. Also look for all network related srvices DNS, TCP-IP and also Windows Firewall/ICS service if you're on LAN/WAN, see that all of these are set to Automatic or Manual. Reply to me with results
6)I accidentally deleted the Show Desktop icon which sits normally on the bottom left hand corner of the Taskbar. How do I restore the icon?
Click Start, Run and type the following command:regsvr32 /n /i:U shell32.dllThe Show Desktop icon file should be available now.orClick Start, Run, and type Notepad.exe. Copy the following contents to Notepad.[Shell]Command=2IconFile=explorer.exe,3[Taskbar]Command=ToggleDesktopSave the file as - : Show Desktop.scf. Now, drag the file to the Quick Launch Toolbar. (Notepad might automatically append a .txt extension to the file name. Remove this extension if present.)
Clear Google Search History and Clear Yahoo Search History Tools
Clear Google Search History and Clear Yahoo Search History Tools
The computer is a great means of accessing whatever information needed through the internet. When a person surfs the internet, the URLs of all the visited sites are stored in a cache folder. Though it is possible to clear the history of sites visited by clearing the browser history, it is only with the help of good internet eraser software that it is possible to completely get rid of these files. This is because all visited sites and personal information you reveal on the internet is stored in a hidden file. Moreover, by clearing the browser history of the computer, it only makes these ‘deleted’ URLs end up in some hidden files of the computer. It is only with the help of an internet eraser software program that it is possible to erase all encrypted information found in the computer. There is basically not much required or needed for a person to install an internet eraser in the computer. In fact, it is important for the person who has a habit of surfing the internet regularly to have an internet eraser software installed in the computer. There are many sites on the internet that offer internet eraser software programs to be installed in your computer. You just have to visit these sites, download the internet eraser software in the computer and the software gets to work immediately. The importance of an internet eraser software lies in the fact that when you browse the internet, you may come across unwanted or wrong information. Sometimes, you may also be wrongly accused of something because of the presence of this illicit or illegal information in your computer. This is why it is better to have an internet eraser software installed in the computer as it immediately rids the computer of any unwanted and illegal information. It is not necessary for you to have all the URLs you visit erased with the internet eraser software. Most internet eraser software come with the provision of deleting each IE address one at a time. There may be some URLs that are used the most and should be left in the computer to save you time of retyping the URL when using them. So with the help of an internet eraser software program, it is possible to erase unwanted and dangerous URLs individually. One of the main reasons you have to have an internet eraser software installed is so that there is no identity theft. There are many identity thieves on the internet who gain access to your personal information and use it without your information to commit fraud and theft. They can use this personal information to gain access to companies and banks managed by you, and use whatever funds and information found here wrongly. With an internet eraser software installed the speed of the computer is greatly increased. This is because the internet eraser software program erases unwanted files and folders from the computer with which it is possible to recover lots of valuable hard disk space from the computer to be used in any other applications
The computer is a great means of accessing whatever information needed through the internet. When a person surfs the internet, the URLs of all the visited sites are stored in a cache folder. Though it is possible to clear the history of sites visited by clearing the browser history, it is only with the help of good internet eraser software that it is possible to completely get rid of these files. This is because all visited sites and personal information you reveal on the internet is stored in a hidden file. Moreover, by clearing the browser history of the computer, it only makes these ‘deleted’ URLs end up in some hidden files of the computer. It is only with the help of an internet eraser software program that it is possible to erase all encrypted information found in the computer. There is basically not much required or needed for a person to install an internet eraser in the computer. In fact, it is important for the person who has a habit of surfing the internet regularly to have an internet eraser software installed in the computer. There are many sites on the internet that offer internet eraser software programs to be installed in your computer. You just have to visit these sites, download the internet eraser software in the computer and the software gets to work immediately. The importance of an internet eraser software lies in the fact that when you browse the internet, you may come across unwanted or wrong information. Sometimes, you may also be wrongly accused of something because of the presence of this illicit or illegal information in your computer. This is why it is better to have an internet eraser software installed in the computer as it immediately rids the computer of any unwanted and illegal information. It is not necessary for you to have all the URLs you visit erased with the internet eraser software. Most internet eraser software come with the provision of deleting each IE address one at a time. There may be some URLs that are used the most and should be left in the computer to save you time of retyping the URL when using them. So with the help of an internet eraser software program, it is possible to erase unwanted and dangerous URLs individually. One of the main reasons you have to have an internet eraser software installed is so that there is no identity theft. There are many identity thieves on the internet who gain access to your personal information and use it without your information to commit fraud and theft. They can use this personal information to gain access to companies and banks managed by you, and use whatever funds and information found here wrongly. With an internet eraser software installed the speed of the computer is greatly increased. This is because the internet eraser software program erases unwanted files and folders from the computer with which it is possible to recover lots of valuable hard disk space from the computer to be used in any other applications
IP Communications
What Is IP Communications?
With its long history and deployment to every corner of the globe, Internet Protocol (IP) is increasingly viewed as more than just a way to transport data, but also as a tool that simplifies and streamlines a wide range of business applications. Telephony is the most obvious example, with voice over IP (VoIP) and IP telephony becoming increasingly popular with large corporations to consumers alike. Understanding the terms is a first step toward learning the potential of this technology:
· Voice over IP (VoIP) refers to a way to carry phone calls over an IP data network, whether on the Internet or an organization's own internal network. One of the primary attractions of VoIP is its ability to help companies reduce expenses because telephone calls travel over the data network rather than the phone company's network.
· IP telephony encompasses the full suite of telephony services enabled by VoIP, including the interconnection of phones for actual communications; related services such as billing and dialing plans; and basic features such as conferencing, transfer, forward, and hold. These services might previously have been provided by a private branch exchange (PBX).
· IP Communications evolves the concept another step to include business applications that enhance communications to enable applications such as unified messaging, integrated contact centers, and rich-media conferencing that combines voice, data, and video.
· Unified communications takes IP communications a step further by using such technologies as Session Initiation Protocol (SIP) and presence along with mobility solutions to unify and simply all forms of communications, independent of location, time, or device. Users can reach one another at any time based on their preferences, and can communicate through any media using whichever device they prefer. Unified communications brings together multiple phones and devices, along with multiple networks (fixed, Internet, cable, satellite, mobile) to enable geographical independence, facilitate the integration of communications with business processes, streamline operations, and improve productivity and profitability.
Public Internet phone calling uses the Internet for connecting phone calls, especially for consumers. But most businesses are using IP telephony across their own managed private networks because it allows them to better handle security and service quality. Using their own networks, companies have more control in ensuring that voice quality is as good as, if not better than, the services they would have previously experienced with their traditional phone system.
With its long history and deployment to every corner of the globe, Internet Protocol (IP) is increasingly viewed as more than just a way to transport data, but also as a tool that simplifies and streamlines a wide range of business applications. Telephony is the most obvious example, with voice over IP (VoIP) and IP telephony becoming increasingly popular with large corporations to consumers alike. Understanding the terms is a first step toward learning the potential of this technology:
· Voice over IP (VoIP) refers to a way to carry phone calls over an IP data network, whether on the Internet or an organization's own internal network. One of the primary attractions of VoIP is its ability to help companies reduce expenses because telephone calls travel over the data network rather than the phone company's network.
· IP telephony encompasses the full suite of telephony services enabled by VoIP, including the interconnection of phones for actual communications; related services such as billing and dialing plans; and basic features such as conferencing, transfer, forward, and hold. These services might previously have been provided by a private branch exchange (PBX).
· IP Communications evolves the concept another step to include business applications that enhance communications to enable applications such as unified messaging, integrated contact centers, and rich-media conferencing that combines voice, data, and video.
· Unified communications takes IP communications a step further by using such technologies as Session Initiation Protocol (SIP) and presence along with mobility solutions to unify and simply all forms of communications, independent of location, time, or device. Users can reach one another at any time based on their preferences, and can communicate through any media using whichever device they prefer. Unified communications brings together multiple phones and devices, along with multiple networks (fixed, Internet, cable, satellite, mobile) to enable geographical independence, facilitate the integration of communications with business processes, streamline operations, and improve productivity and profitability.
Public Internet phone calling uses the Internet for connecting phone calls, especially for consumers. But most businesses are using IP telephony across their own managed private networks because it allows them to better handle security and service quality. Using their own networks, companies have more control in ensuring that voice quality is as good as, if not better than, the services they would have previously experienced with their traditional phone system.
Subscribe to:
Posts (Atom)