tricks Cleaning boot virus without antivirus
file services:
- C:\Windows\linkinfo.dll
- C:\Windows\System32\drivers\LsDrv118.sys
- C:\Windows\system32\drivers\nvmini.sys
- C:\Windows\System32\drivers\cdralw.sys
- C:\Windows\System32\drivers\riodrvs.sys
- C:\Windows\System32\drivers\DKIs6.sys
On Registry:
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\%file%]
- “DisplayName” = “NVIDIA Compatible Windows Miniport Driver”
- “ImagePath” = “%system%\drivers\%file%.sys”
-[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_%file%]
- “NextInstance” = 1
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_%file%\0000]
- “Service” = “%file%”
- “Legacy” = 1
- “ConfigFlags” = 0
- “Class” = “LegacyDriver”
- “ClassGUID” = “{8ECC055D-047F-11D1-A537-0000F8753ED1}”
- “DeviceDesc” = “%file%”
-[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_%file%\0000\Control]
- “NewlyCreated” = 0
- “ActiveService” = “%file%”
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\%file%
- “DisplayName” = “RioDrvs Usb Driver”
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\%file%
- DisplayName” = “RioDrvs Usb Driver”
NOTE:
%file% is one of the:
- Nvmini
- Cdralw
- RioDrvs
Location not Infected:
- \LOCAL SETTINGS\TEMP
- \QQ
- \Windows
- \Winnt
Some file maybe virus infected:
- launcher.exe - repair.exe - wow.exe
- wooolcfg.exe - woool.exe - ztconfig.exe
- patchupdate.exe - trojankiller.exe - xy2player.exe
- flyff.exe - xy2.exe - au_unins_web.exe
- cabal.exe - cabalmain9x.exe - cabalmain.exe
- meteor.exe - patcher.exe - mjonline.exe
- config.exe - zuonline.exe - userpic.exe
- main.exe - dk2.exe - autoupdate.exe
- dbfsupdate.exe - asktao.exe - sealspeed.exe
- xlqy2.exe - game.exe - wb-service.exe
- nbt-dragonraja2006.exe - dragonraja.exe - mhclient-connect.exe
- hs.exe - mts.exe - gc.exe
- zfs.exe - neuz.exe - maplestory.exe
- nsstarter.exe - nmcosrv.exe - ca.exe
- nmservice.exe - kartrider.exe - audition.exe
- zhengtu.exe
Process Cleansing of Virus:
- Disable Network Connetion
- Turn Off "System Restore"
- Log on with "Safe Mode “safe mode”
- Kill proccess virus on "Services.msc"
- Click [*Start] [Run]*.
- Write "services.msc", OK
- Search Virus proccess with name “NVIDIA Compatible Windows Miniport Driver” or
“RioDrvs Usb Driver”
- Click Action > Properties
- Click "Stop".
- On Startup Type select "Manual"
- Click "OK"
Delete Registry key:
copy paste this code in "Notepad"
[Version]
Signature=”$Chicago$”
Provider=Vaksincom Oyee
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1?” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1?” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1?” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1?” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1?”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1?” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0,
“Explorer.exe”
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM,
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden,
UncheckedValue,0×00010001,1
[del]
HKLM, Software\Microsoft\Internet Explorer\Main, Window Title
HKLM, SYSTEM\ControlSet001\Services\RioDrvs
HKLM, SYSTEM\ControlSet001\Services\cdralw
HKLM, SYSTEM\ControlSet001\Services\nvmini
HKLM, SYSTEM\CurrentControlSet\Services\RioDrvs
HKLM, SYSTEM\CurrentControlSet\Services\nvmini
HKLM, SYSTEM\CurrentControlSet\Services\cdralw
HKLM, SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RIODRVS
HKLM, SYSTEM\CurrentControlSet001\Enum\Root\LEGACY_RIODRVS
HKLM, SYSTEM\CurrentControlSet001\Enum\Root\LEGACY_nvmini
HKLM, SYSTEM\CurrentControlSet\Enum\Root\LEGACY_cdralw
HKLM, SYSTEM\CurrentControlSet001\Enum\Root\LEGACY_cdralw
HKLM, SYSTEM\CurrentControlSet001\Enum\Root\LEGACY_nvmini
- Save file name as = repair.inf
- Right-Click "repair.inf" -->> Click Instal
Delete file in directory:
- C:\Windows\linkinfo.dll
- C:\Windows\System32\drivers\lsDrv118.sys
- C:\Windows\system32\\drivers\nvmini.sys
- C:\Windows\System32\\drivers\cdralw.sys
- C:\Windows\System32\drivers\riodrvs.sys
- C:\Windows\System32\drivers\DKIs6.sys
Show Hidden and SuperHidden file:
- Open Windows Explorer
- Click menu “Tools” | Folder Option
- Click “View”
- and select “Show hidden files and folders”
- Uncheck “Hide protected operating system files (recommended)”
- Click “Apply”
- Click “Ok”
And delete file "Boot.exe" and "Autorun.inf" in Flaskdisk
To repair file infected download Avira on http://www.avira.com/
Install and Scan on "Safe Mode" (recommended)
Wednesday, 14 October 2009
Cleaning Boot.exe Virus
Wednesday, 7 October 2009
Networking Hardware
What is Networking Hardware?
Networking hardware includes all computers, peripherals, interface cards and other equipment needed to perform data-processing and communications within the network
This section provides information on the following components:
1. File Servers
2. Workstations
3. Network Interface Cards
4. Switches
5. Repeaters
6. Bridges
7. Routers
File Servers
A file server stands at the heart of most networks. It is a very fast computer with a large amount
of RAM and storage space, along with a fast network interface card. The network operating
system software resides on this computer, along with any software applications and data files
that need to be shared.
The file server controls the communication of information between the nodes on a network.
For example, it may be asked to send a word processor program to one workstation,
receive a database file from another workstation, and store an e-mail message during the same
time period. This requires a computer that can store a lot of information and share it very quickly. File
servers should have at least the following characteristics:
* 800 megahertz or faster microprocessor (Pentium 3 or 4, G4 or G5)
* A fast hard drive with at least 120 gigabytes of storage
* A RAID (Redundant Array of Inexpensive Disks) to preserve data after a disk casualty
* A tape back-up unit (i.e. DAT, JAZ, Zip, or CD-RW drive)
* Numerous expansion slots
* Fast network interface card
* At least of 512 MB of RAM
Workstations
All of the user computers connected to a network are called workstations. A typical workstation is
a computer that is configured with a network interface card, networking software, and the appropriate
cables. Workstations do not necessarily need floppy disk drives because files can be saved on the file
server. Almost any computer can serve as a network workstation.
Network Interface Cards
The network interface card (NIC) provides the physical connection between the network and the
computer workstation. Most NICs are internal, with the card fitting into an expansion slot inside the
computer. Some computers, such as Mac Classics, use external boxes which are attached to a serial port
or a SCSI port. Laptop computers can now be purchased with a network interface card built-in or with
network cards that slip into a PCMCIA slot.
Network interface cards are a major factor in determining the speed and performance of a network. It is a
good idea to use the fastest network card available for the type of workstation you are using.
The three most common network interface connections are Ethernet cards, LocalTalk connectors, and
Token Ring cards. According to a International Data Corporation study, Ethernet is the most popular,
followed by Token Ring and LocalTalk (Sant'Angelo, R. (1995). NetWare Unleashed, Indianapolis,
IN: Sams Publishing).
Ethernet Cards
Ethernet cards are usually purchased separately from a computer, although many computers (such as
the Macintosh) now include an option for a pre-installed Ethernet card. Ethernet cards contain connections
for either coaxial or twisted pair cables (or both) (See fig. 1). If it is designed for coaxial cable, the
connection will be BNC. If it is designed for twisted pair, it will have a RJ-45 connection. Some Ethernet
cards also contain an AUI connector. This can be used to attach coaxial, twisted pair, or fiber optics cable
to an Ethernet card. When this method is used there is always an external transceiver attached to
the workstation. (See the Cabling section for more information on connectors.)
1. Ethernet card.
LocalTalk Connectors
LocalTalk is Apple's built-in solution for networking Macintosh computers. It utilizes a special adapter box
and a cable that plugs into the printer port of a Macintosh (See fig. 2). A major disadvantage of LocalTalk
is that it is slow in comparison to Ethernet. Most Ethernet connections operate at 10 Mbps (Megabits
per second). In contrast, LocalTalk operates at only 230 Kbps (or .23 Mbps)
Token Ring Cards
Token Ring network cards look similar to Ethernet cards. One visible difference is the type of connector on
the back end of the card. Token Ring cards generally have a nine pin DIN type connector to attach the card
to the network cable.
Switch
A concentrator is a device that provides a central connection point for cables from workstations, servers,
and peripherals. In a star topology, twisted-pair wire is run from each workstation to a central
switch/hub. Most switches are active, that is they electrically amplify the signal as it moves from one device
to another. Switches no longer broadcast network packets as hubs did in the past, they memorize
addressing of computers and send the information to the correct location directly. Switches are:
* Usually configured with 8, 12, or 24 RJ-45 ports
* Often used in a star or star-wired ring topology
* Sold with specialized software for port management
* Also called hubs
* Usually installed in a standardized metal rack that also may store netmodems, bridges, or routers
Repeaters
Since a signal loses strength as it passes along a cable, it is often necessary to boost the signal with a
device called a repeater. The repeater electrically amplifies the signal it receives and rebroadcasts it.
Repeaters can be separate devices or they can be incorporated into a concentrator. They are used when
the total length of your network cable exceeds the standards set for the type of cable being used.
A good example of the use of repeaters would be in a local area network using a star topology with
unshielded twisted-pair cabling. The length limit for unshielded twisted-pair cable is 100 meters. The
most common configuration is for each workstation to be connected by twisted-pair cable to
a multi-port active concentrator. The concentrator amplifies all the signals that pass through it allowing for
the total length of cable on the network to exceed the 100 meter limit.
Bridges
A bridge is a device that allows you to segment a large network into two smaller, more efficient networks.
If you are adding to an older wiring scheme and want the new network to be up-to-date, a bridge can
connect the two.
A bridge monitors the information traffic on both sides of the network so that it can pass packets
of information to the correct location. Most bridges can "listen" to the network and automatically figure
out the address of each computer on both sides of the bridge. The bridge can inspect each message and,
if necessary, broadcast it on the other side of the network.
The bridge manages the traffic to maintain optimum performance on both sides of the network. You might say that the bridge is like a traffic cop at a busy intersection during rush hour. It keeps information flowing on both sides of the network, but it does not allow unnecessary traffic through. Bridges can be used to connect different types of cabling, or physical topologies. They must, however, be used between
networks with the same protocol.
Routers
A router translates information from one network to another; it is similar to a superintelligent bridge.
Routers select the best path to route a message, based on the destination address and origin. The router
can direct traffic to prevent head-on collisions, and is smart enough to know when to direct traffic along
back roads and shortcuts.
While bridges know the addresses of all computers on each side of the network, routers know the
addresses of computers, bridges, and other routers on the network. Routers can even "listen" to the
entire network to determine which sections are busiest -- they can then redirect data around those
sections until they clear up.
If you have a school LAN that you want to connect to the Internet, you will need to purchase a router. Inthis case, the router serves as the translator between the information on your LAN and the Internet. It
also determines the best route to send the data over the Internet. Routers can:
* Direct signal traffic efficiently
* Route messages between any two protocols
* Route messages between linear bus, star, and star-wired ring topologies
* Route messages across fiber optic, coaxial, and twisted-pair cabling
Speed up connection internet
to speed up your connection internet you can attempt this tricks:
1. Click RUN
2. Write GPEDIT.MSC, enter
3. Select Computer Configuration - Administrative template - click Network
4. Click Qos packet scheduler - Doubleclick on Limit Reservable Bandwith
5. Click ENABLED reservable bandwith and give the values 0 (0%)
6. After that click applay and OK
7. Restart your computer
Setting Router on Windows XP
to setting router on your windows xp
Requirement hardware :
1 PC - memory minimal 512 mb ( Recomended )
2 LAN Card
technical term in configuration:
- LAN in ; connfiguration for setting networking (LAN) internal
- LAN out ; configuration for setting IP from ISP (Modem) to internal networking
- ICS (Internet Connection Sharing)
Configuration:
- set 2 LAN Card on Windows XP
- change first LAN Card name as LAN in and second LAN Card as LAN out
- setting IP on LAN out with IP by ISP (isi IP, Subnet Mask, Gateway, 1st DNS, 2nd DNS)
Example setting LAN out:
IP : 192.168.1.2
Subnet Mask : 255.255.255.0
Gateway : 192.168.1.1
1st DNS : xxx.xxx.xxx.xxx
2nd DNS : xxx.xxx.xxx.xxx
- Activate Internet Connection Sharing (install if not found), and uncheck
Internet Connection Sharing on (Properties-Advances on seting LAN card)
- To setting IP LAN in, IP on Computer not same with another one
Example setting LAN in:
IP : 10.10.1.1
Subnet Mask : 255.0.0.0
Gateway : kosongkan
1st DNS : xxx.xxx.xxx.xxx
2nd DNS : xxx.xxx.xxx.xxx
Example setting Workstation1 :
IP : 10.10.1.2
Subnet Mask : 255.0.0.0
Gateway : 10.10.1.1
1st DNS : xxx.xxx.xxx.xxx
2nd DNS : xxx.xxx.xxx.xxx
Friday, 2 October 2009
Cleaning Mr. Coolface Virus
Cleaning Mr. Coolface virus without antivirus
"Mr. Coolface" virus detectedi W32/Smallworm.BZH, spread via Flash Disk. Smallworm.BZH will delete
file MP3, INF dan VBS, and create file duplicate with ico Windows Media Player.
step by step cleaning:
1. Disable networking from your computer
2. Turn Off "System Restore"
3 Kill process virus
4 Delete registry key with this script:
CODE:
[Version]
Signature="$Chicago$"
Provider=Vaksincom Oyee
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, "cmd.exe"
[del]
HKLM, SYSTEM\ControlSet001\Services\Mr_CoolFace
HKLM, SYSTEM\ControlSet002\Services\Mr_CoolFace
HKLM, SYSTEM\CurrentControlSet\Services\Mr_CoolFace
5 save file as Repair.inf
6 Right-Click Repair.inf
7 and Click Instal
Cleaning Tati Virus
in this part I will explain trikc to cleaning tati virus without antivirus
Location main file:
* C:\Windows
* C:\Documents and Settings\All Users\Start Menu\Programs\Startup
File Virus:
* icon = Folder
* type = Application
* size = 198 kb
* Extensions = EXE or SCR if in FlashDisk
and virus tati will be create registry value:
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bc849ac-6d5f-11dc-b18f-00016ccdd524}\Shell\AutoRun\command
Default = tati.exe
* HKEY_USERS\S-1-5-21-527237240-2052111302-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bc849ac-6d5f-11dc-b18f-00016ccdd524}\Shell\AutoRun\command
Default = tati.exe
Cleaning step Trojan:W32/Autorun.AQK
1. Disable “system restore”, if your OS Windows XP,use Safe Mode(recommendation)
2. Kill process tati.exe (ico Folder). you can download this tool
http://download.sysinternals.com/Files/ProcessExplorer.zip
3. Search and delete file Tati.exe in directory
>> C:\Windows
>> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
4. Search and delete file duplicate in tour flashdisk
5. Open [Windows Explorer]
6. Click menu Tools - Folder Options - View
7. On folder [Hidden files and folders], uncheck [Hide extensions for known file types] and
Hide protected operating system files (recommended)
# Click [Ok]
# To search file virus open Windows Explorer,then Right-Click your FlashDisk and Click “Search...”
# on column “All or part of the file name” write (*.SCR)
# Click “What size is it”, and select “Specify size (in KB)
# Select “at most” wrte it “198”
# Click “More Advanced option" and select
1 Searh system folders
2 Search hidden files and folders
3 Search subfolders
# and click commandl “Search” to start searching file
# Delete file :
ico = Folder
type = Application
Extensions = EXE or SCR
size = 198 kb
# To show all file hidden and super hidden
# Click menu Run write CMD and write ATTRIB –s –h /s /d -->> enter
Cleaning VBWorm.NEE Virus (Virus Tukul)
Cleaning VBWorm.NEE Virus or VirusTukul
1. Disable - Disable Network Connetion
2. Turn Off "System Restore"
3. Kill Proccess virus with ico "Media Player"
a. Spool32.exe
b. Winword.exe
4. Copy this Script to Notepad
Dim oWSH: Set oWSH = CreateObject("WScript.Shell")
on error resume Next
oWSH.Regwrite
"HKEY_LOCAL_MACHINE\Software\CLASSES\batfile\shell \open\command\
","""%1""%*"
oWSH.Regwrite
"HKEY_LOCAL_MACHINE\Software\CLASSES\comfile\shell \open\command\","""%1""
%*"
oWSH.Regwrite
"HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell \open\command\","""%1""
%*"
oWSH.Regwrite
"HKEY_LOCAL_MACHINE\Software\CLASSES\piffile\shell \open\command\","""%1""
%*"
oWSH.Regwrite
"HKEY_LOCAL_MACHINE\Software\CLASSES\scrfile\shell \open\command\","""%1""
/S"
oWSH.Regwrite
"HKEY_LOCAL_MACHINE\Software\CLASSES\regfile\shell \open\command\","regedit.exe
%1"
oWSH.Regwrite
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\S afeBoot\AlternateShell",
"cmd.exe"
oWSH.Regwrite
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\S afeBoot\AlternateShell",
"cmd.exe"
oWSH.Regwrite
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\S afeBoot\AlternateShell",
"cmd.exe"
oWSH.Regwrite
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contr ol\SafeBoot\AlternateShell","cmd.exe"oWSH.Regwrite
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Shell","Explorer.exe"
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\Run\Microsoft
Word")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Micros oft\Windows\CurrentVersion\
Run\PrinterCpl")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Polici es\Microsoft\Windows
NT\SystemRestore\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Polici es\Microsoft\Windows\Installer\DisableMSI")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Polici es\Microsoft\Windows\Installer\LimitSystemRestoreC heckpointing")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\Explorer\NoWinL eys")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\Explorer\NoCont rolPanel")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\Explorer\NoFold erOptions")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\Explorer\NoTray ContextMenu")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\Explorer\NoView ContextMenu")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\Explorer\NoCLos e")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\Explorer\Nofind ")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\Explorer\NoRun" )
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Micros oft\Windows\CurrentVersion\Policies\Explorer\Disab leMSI")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Micros oft\Windows\CurrentVersion\Policies\Explorer\NoClo se")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Micros oft\Windows\CurrentVersion\Policies\Explorer\NoFol derOptions")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Micros oft\Windows\CurrentVersion\Policies\Explorer\NoVie wContextMenu")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Micros oft\Windows\CurrentVersion\Policies\Explorer\NoWin Leys")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Micros oft\Windows\CurrentVersion\Policies\Explorer\NoDes ktop")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Micros oft\Windows\CurrentVersion\Policies\Explorer\NOLog off")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Micros oft\Windows\CurrentVersion\Policies\Explorer\NoWin Keys")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Micros oft\Windows\CurrentVersion\policies\Explorer\Run\" )
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Micros oft\Windows\CurrentVersion\Policies\System\Disable TaskMgr")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Micros oft\Windows\CurrentVersion\Policies\WinOldApp\")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\System\DisableT askMgr")
oWSH.RegDelete("HKEY_CURRENT_USER\SOFTWARE\Microso ft\Windows\CurrentVersion\policies\Explorer\Run\")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\System\DisableC MD")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\Explorer\NoWinK eys")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\Explorer\NoDesk top")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\Explorer\NoLogo ff")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\System\DisableR egistryTools")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\System\NoDispAp prearancePage")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\System\NoDispCp l")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\System\NoDispBa ckgroundPage")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\System\NoDispSe ttingsPage")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\Policies\
System\NoScrSavPage")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\Microso ft\Windows\CurrentVersion\
Policies\WinOldApp\")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Classe s\exefile\NeverShowExt")
oWSH.RegDelete("HKEY_CLASSES_ROOT\exefile\NeverSho wExt")
oWSH.RegDelete("HKEY_LOCAL_MACHINE\Software\Micros oft\Windows\CurrentVersion\Policies\Explorer\NoFol derOptions")
oWSH.RegDelete("HKEY_CURRENT_USER\Software\policie s\Microsoft\system\DisableCMD")
5. And safe file name as Repair.vbs
6. Run repair.vbs
7. After that LogOff your Computer
8. Show Hidden and SuperHidden file:
- Open Windows Explorer
- Click menu “Tools” | Folder Option
- Click “View”
- and select “Show hidden files and folders”
- Uncheck “Hide protected operating system files (recommended)”
- Click “Apply”
- Click “Ok”
9. Delete Main Virus:
· Size = 56 KB
· Extension = .DOC .EXE
· File Type = Application
· Ico = Media Player
10. Location:
C:\Windows\SPOOL32.exe
C:\WINDOWS\system32\winword.exe
C:\Documents and Settings\%user login%
· [System Process]BabII.doc .exe
· [System Process]Fileku.doc .exe
· [System Process]Jangan di buka .doc.exe
· [System Process]Tolong.doc .exe
· [System Process]data.doc .exe
· [System Process]Desposisi.doc .exe
· [System Process]Empat Mata.doc .exe
· [System Process]benci.doc .exe
· fileku.doc.exe
· SystemData.doc .exe
· SystemTolong.doc
· sYSTEMbENCI.doc.exe
· C:\Windows\config\system32.exe
· C:\WIndows\system32\ArekSuroboyo.html
Cleaning Donal Bebek Virus
Cleaning Donal Bebek Virus without antivirus
1. Disable Network Connecction
2. Turn Off "System Restore"
3. Kill virus process
4. Copy this code to Notepad or your text editor
[version]
signature="$chicago$"
provider=vaksincom oyee
[defaultinstall]
addreg=unhookregkey
delreg=del
[unhookregkey]
hklm, software\classes\batfile\shell\open\command,,,"""%1"" %*"
hklm, software\classes\comfile\shell\open\command,,,"""%1"" %*"
hklm, software\classes\exefile\shell\open\command,,,"""%1"" %*"
hklm, software\classes\piffile\shell\open\command,,,"""%1"" %*"
hklm, software\classes\regfile\shell\open\command,,,"regedit.exe "%1""
hklm, software\classes\scrfile\shell\open\command,,,"""%1"" %*"
hklm, software\microsoft\windows nt\currentversion\winlogon, shell,0, "explorer.exe"
hklm, system\controlset001\control\safeboot, alternateshell,0, "cmd.exe"
hklm, system\controlset002\control\safeboot, alternateshell,0, "cmd.exe"
hklm, system\currentcontrolset\control\safeboot, alternateshell,0, "cmd.exe"
hklm,software\microsoft\windows\currentversion\explorer\advanced\folder\superhidden, uncheckedvalue,0x00010001,1
hklm, software\microsoft\command processor, autorun,0,
hklm,software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\showall, checkedvalue, 0x00010001,1
hklm,software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\showall, defaultvalue, 0x00010001,2
hkcu, software\microsoft\command processor, autorun,0,
[del]
hkcu, software\microsoft\windows\currentversion\policies \system, disableregistrytools
hkcu, software\microsoft\windows\currentversion\policies \system, disabletaskmgr
hkcu, software\microsoft\windows\currentversion\policies \explorer, nofolderoptions
hkcu, software\microsoft\windows\currentversion\policies \explorer, nofind
hkcu, software\microsoft\windows\currentversion\policies \explorer, norun
hkcu, software\microsoft\windows\currentversion\policies \winoldapp
hklm, software\microsoft\windows nt\currentversion\image file execution options\payxx.exe
hkcu, software\microsoft\windows nt\currentversion\winlogon, shell
hklm, software\microsoft\windows\currentversion\explorer \advanced\folder\hidden\hidefileext
hklm, software\microsoft\windows\currentversion\explorer \advanced\folder\hidden\showfullpath
hklm,software\microsoft\windows\currentversion\explorer \advanced\folder\hidden\showfullpathaddress
hklm, software\microsoft\windows\currentversion\explorer \advanced\folder\hidden\superhidden
hkcu, software\microsoft\windows\currentversion\policies \explorer, nofolderoptions
hkcu, software\microsoft\windows\currentversion\policies \system, disableregistrytools
5. Save file name as = repair.inf
=> Right-Click repair.inf
=> Click install
6. Show Hidden and SuperHidden file:
- Open Windows Explorer
- Click menu “Tools” | Folder Option
- Click “View”
- and select “Show hidden files and folders”
- Uncheck “Hide protected operating system files (recommended)”
- Click “Apply”
- Click “Ok”
7. Search and delete file:
=> Size = 53 kb
=> Extension = exe
=> File Type = "application"
8. To optimal cleaning,install anti virus
Cleaning Hopeless Virus (Dloader.ERQB)
Cleaning Hopeless Virus or Dloader.ERQB
Characteristic
=> Icon = Folder
=> Size = 247 kb
=> Extension = *.exe
=> File Type “Application”
Effecting
* Can't access = Task Manager, Command Prompt dan Registry Editor
* HiddenWindows function = Run, Find, Folder Options dan Log Off
* Create link http://wewe.helo_iam_hopeles_.com on Internet Explorer
* Create duplicate file on all drive folder and sub-folder
Cleaning step:
1. Disable network connection
2. Turn Off "System Restore"
3. useing SAFE MODE
4. Kill virus process on C:\WINDOWS\system32\spool\idle.exe
5. Delete Registry, copy this script on Notepad or your Text Editor
[Version]
Signature="$Chicago$"
Provider=Vaksincom Oyee
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe ""%1"""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs, 0
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, "cmd.exe"
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoRun
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFind
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, StartMenuLogoff
HKLM, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKLM, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr
HKLM, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKLM, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoRun
HKLM, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFind
HKCU, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Repair
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Repair
6. Save file name as = Repair.inf , Right "repair.inf" and Click Install
7. Show Hidden and SuperHidden file:
- Open Windows Explorer
- Click menu “Tools” | Folder Option
- Click “View”
- and select “Show hidden files and folders”
- Uncheck “Hide protected operating system files (recommended)”
- Click “Apply”
- Click “Ok”
8. Search and delete file:
=> Size = 247 kb
=> Icon = Folder
=> Extension = *.exe
=> File Type “Application”
Cleaning Nadia Saphira Virus
cleaning nadia saphira virus without antivirus
1. Disable network connection
2. Turn Off ‘System Restore’
3. Kill virus process
=> C:\Documents and Settings\All User\Start Menu\Programs\Startup\lan.exe
=> C:\WINDOWS\system32\misconfig.exe
=> C:\WINDOWS\taskmgr.exe
4. Delete Registry Key, copy this code to Notepad or your text editor
[Version]
Signature=”$Chicago$”
Provider=Vaksincom Oyee
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKCR, batfile\shell\open\command,,,”"”%1?” %*”
HKCR, comfile\shell\open\command,,,”"”%1?” %*”
HKCR, exefile\shell\open\command,,,”"”%1?” %*”
HKCR, piffile\shell\open\command,,,”"”%1?” %*”
HKCR, lnkfile\shell\open\command,,,”"”%1?” %*”
HKCR, scrfile\shell\open\command,,,”"”%1?” %*”
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,
HKLM, SOFTWARE\Classes\exefile\DefaultIcon,,,”"%1?”
HKLM, SOFTWARE\Classes\exefile,,,”Application”
HKLM, SOFTWARE\Classes\exefile,infotip,0, “prop:FileDescription;Company;FileVersion;Create;Size”
HKLM, SOFTWARE\Classes\exefile,TileInfo,0, “prop:FileDescription;Company;FileVersion”
HKCU, Software\Microsoft\Command Processor, AutoRun,0,
HKLM, SOFTWARE\Microsoft\Command Processor, AutoRun,0,
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, CheckedValue, 0×00010001,1
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, DefaultValue, 0×00010001,2
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, nofind
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer, nofind
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sessmgr.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SPYXX.exe
5. Save file name as = repair.inf (save as = All files)
6. Right-Click "repair.inf" and select Install
7. Show Hidden and SuperHidden file:
- Open Windows Explorer
- Click menu “Tools” | Folder Option
- Click “View”
- and select “Show hidden files and folders”
- Uncheck “Hide protected operating system files (recommended)”
- Click “Apply”
- Click “Ok”
8. Search and delete file:
=> Icon = application/folder
=> Extension = *.exe OR *.ini
=> Size = 69 kb & 17 kb
Create a Password Reset Disk for computers that are part of a domain
step by step to Create a Password Reset Disk for computers that are part of a domain
To create a password reset disk for your local user account:
* Press CTRL+ALT+DELETE. The Windows Security dialog box appears.
* Click Change Password . The Change Password dialog box appears.
* In the Log on to box, click the local computer. For example,
click Computer (this computer) .
* Click Backup . The Forgotten Password Wizard starts
* On the "Welcome to the Forgotten Password Wizard" page, click Next .
* Insert a blank, formatted disk in drive A, and then click Next .
* In the Current user account password box, type your password,
and then click Next . The Forgotten Password Wizard creates the disk.
* When the progress bar reaches 100 percent complete, click Next ,
and then click Finish . The Forgotten Password Wizard quits and you
return to the Change Password dialog box.
* Remove, and then label the password reset disk. Store the disk in a safe place.
* In the Change Password dialog box, click Cancel .
* In the Windows Security dialog box, click Cancel.
If you forget your password, you can log on to the computer with a new password that you create by using the Password Reset Wizard and your password reset disk.
To gain access to your local user account on a computer that is a member of a domain, or has been disconnected from a domain:
* In the Welcome to Windows dialog box, press CTRL+ALT+DELETE.
* In the Log On to Windows dialog box, type an incorrect password
in the Password box, and then click OK .
* In the Logon Failed dialog box that appears, click Reset .
The Password Reset Wizard starts. The Password Reset Wizard lets you
create a new password for your local user account.
* On the "Welcome to the Password Reset Wizard" page, click Next .
* Insert the password reset disk in drive A, and then click Next .
* On the "Reset the User Account Password" page, type a new password in
the Type a new password box.
* Type the same password in the Type the password again to confirm box.
* In the Type a new password hint box, type a hint that will help you
remember the password if you forget it. NOTE : This hint is visible
to anyone who attempts to log on to the computer by using your user account.
* Click Next , and then click Finish . The Password Reset Wizard quits
and you return to the Log On to Windows dialog box. The password reset
disk is automatically updated with the new password information.
You do not have to create a new password reset disk.
* In the Log On to Windows dialog box, type your new password in the Password
box.
* In the Log on to box, click the local computer. For example,
click Computer(this computer) , and then click OK . You are logged
on to the local computer with your local account information.
Install the Netbeui Protocol on a Windows XP
This article describes how to install the NetBEUI protocol on a Windows XP-based computer. This may be useful because the NetBEUI protocol is not included in the list of installable protocols in Windows XP even though the files that are needed to install the protocol are included with the installation CD-ROM. It is important to note that the NetBEUI protocol is not supported on Windows XP.
The Netnbf.inf and Nbf.sys files are the files that are needed to install the NetBEUI protocol. To install the NetBEUI protocol:
* Click Start, click Control Panel, and then double-click Network Connections.
* Right-click the adapter you want to add NetBEUI to, and then click Properties.
* On the General tab, click Install.
* Click Protocol, and then click Add.
* Click Have Disk, insert your Windows XP CD-ROM, open the Valueadd\msft\net\netbeui folder, click the Netnbf.inf file, and then click Open.
* Click OK, and then click OK to complete the installation.
Trick and tips about Windows XP
Tips and Tricks about windows xp
1. It boasts how long it can stay up. Whereas previous versions of Windows were coy about how long they went between boots, XP is positively proud of its stamina. Go to the Command Prompt in the Accessories menu from the All Programs start button option, and then type 'systeminfo'. The computer will produce a lot of useful info, including the uptime. If you want to keep these, type 'systeminfo > info.txt'. This creates a file called info.txt you can look at later with Notepad. (Professional Edition only).
2. You can delete files immediately, without having them move to the Recycle Bin first. Go to the Start menu, select Run... and type 'gpedit.msc'; then select User Configuration, Administrative Templates, Windows Components, Windows Explorer and find the Do not move deleted files to the Recycle Bin setting. Set it. Poking around in gpedit will reveal a great many interface and system options, but take care -- some may stop your computer behaving as you wish. (Professional Edition only).
3. You can lock your XP workstation with two clicks of the mouse. Create a new shortcut on your desktop using a right mouse click, and enter 'rundll32.exe user32.dll,LockWorkStation' in the location field. Give the shortcut a name you like. That's it -- just double click on it and your computer will be locked. And if that's not easy enough, Windows key + L will do the same.
4. XP hides some system software you might want to remove, such as Windows Messenger, but you can tickle it and make it disgorge everything. Using Notepad or Edit, edit the text file /windows/inf/sysoc.inf, search for the word 'hide' and remove it. You can then go to the Add or Remove Programs in the Control Panel, select Add/Remove Windows Components and there will be your prey, exposed and vulnerable.
5. For those skilled in the art of DOS batch files, XP has a number of interesting new commands. These include 'eventcreate' and 'eventtriggers' for creating and watching system events, 'typeperf' for monitoring performance of various subsystems, and 'schtasks' for handling scheduled tasks. As usual, typing the command name followed by /? will give a list of options -- they're all far too baroque to go into here.
6. XP has IP version 6 support -- the next generation of IP. Unfortunately this is more than your ISP has, so you can only experiment with this on your LAN. Type 'ipv6 install' into Run... (it's OK, it won't ruin your existing network setup) and then 'ipv6 /?' at the command line to find out more. If you don't know what IPv6 is, don't worry and don't bother.
7. You can at last get rid of tasks on the computer from the command line by using 'taskkill /pid' and the task number, or just 'tskill' and the process number. Find that out by typing 'tasklist', which will also tell you a lot about what's going on in your system.
8. XP will treat Zip files like folders, which is nice if you've got a fast machine. On slower machines, you can make XP leave zip files well alone by typing 'regsvr32 /u zipfldr.dll' at the command line. If you change your mind later, you can put things back as they were by typing 'regsvr32 zipfldr.dll'.
9. XP has ClearType -- Microsoft's anti-aliasing font display technology -- but doesn't have it enabled by default. It's well worth trying, especially if you were there for DOS and all those years of staring at a screen have given you the eyes of an astigmatic bat. To enable ClearType, right click on the desktop, select Properties, Appearance, Effects, select ClearType from the second drop-down menu and enable the selection. Expect best results on laptop displays. If you want to use ClearType on the Welcome login screen as well, set the registry entry HKEY_USERS/.DEFAULT/Control Panel/Desktop/FontSmoothingType to 2.
10. You can use Remote Assistance to help a friend who's using network address translation (NAT) on a home network, but not automatically. Get your pal to email you a Remote Assistance invitation and edit the file. Under the RCTICKET attribute will be a NAT IP address, like 192.168.1.10. Replace this with your chum's real IP address -- they can find this out by going to www.whatismyip.com -- and get them to make sure that they've got port 3389 open on their firewall and forwarded to the errant computer.
11. You can run a program as a different user without logging out and back in again. Right click the icon, select Run As... and enter the user name and password you want to use. This only applies for that run. The trick is particularly useful if you need to have administrative permissions to install a program, which many require. Note that you can have some fun by running programs multiple times on the same system as different users, but this can have unforeseen effects.
12. Windows XP can be very insistent about you checking for auto updates, registering a Passport, using Windows Messenger and so on. After a while, the nagging goes away, but if you feel you might slip the bonds of sanity before that point, run Regedit, go to HKEY_CURRENT_USER/Software/Microsoft/Windows/Current Version/Explorer/Advanced and create a DWORD value called EnableBalloonTips with a value of 0.
13. You can start up without needing to enter a user name or password. Select Run... from the start menu and type 'control userpasswords2', which will open the user accounts application. On the Users tab, clear the box for Users Must Enter A User Name And Password To Use This Computer, and click on OK. An Automatically Log On dialog box will appear; enter the user name and password for the account you want to use.
14. Internet Explorer 6 will automatically delete temporary files, but only if you tell it to. Start the browser, select Tools / Internet Options... and Advanced, go down to the Security area and check the box to Empty Temporary Internet Files folder when browser is closed.
15. XP comes with a free Network Activity Light, just in case you can't see the LEDs twinkle on your network card. Right click on My Network Places on the desktop, then select Properties. Right click on the description for your LAN or dial-up connection, select Properties, then check the Show icon in notification area when connected box. You'll now see a tiny network icon on the right of your task bar that glimmers nicely during network traffic.
16. The Start Menu can be leisurely when it decides to appear, but you can speed things along by changing the registry entry HKEY_CURRENT_USER/Control Panel/Desktop/MenuShowDelay from the default 400 to something a little snappier. Like 0.
17. You can rename loads of files at once in Windows Explorer. Highlight a set of files in a window, then right click on one and rename it. All the other files will be renamed to that name, with individual numbers in brackets to distinguish them. Also, in a folder you can arrange icons in alphabetised groups by View, Arrange Icon By... Show In Groups.
18. Windows Media Player will display the cover art for albums as it plays the tracks -- if it found the picture on the Internet when you copied the tracks from the CD. If it didn't, or if you have lots of pre-WMP music files, you can put your own copy of the cover art in the same directory as the tracks. Just call it folder.jpg and Windows Media Player will pick it up and display it.
19. Windows key + Break brings up the System Properties dialogue box; Windows key + D brings up the desktop; Windows key + Tab moves through the taskbar buttons.
20. The next release of Windows XP, codenamed Longhorn, is due out late next year or early 2003 and won't be much to write home about. The next big release is codenamed Blackcomb and will be out in 2003/2004.
