Shaktimishra007′s Weblog

June 11, 2008

Remove Autorun From Partitions

Filed under: ViRuS SoLuTiOnS — Tags: — shaktimishra007 @ 3:12 pm

Do you have your partitions turned to autorun on its own ?? Have to right click and then open. Don’t think of formatting your system ………….. Here’s the fix ………….

To correct and solve this error, follow this steps:

Run Task Manager (Ctrl-Alt-Del or right click on Taskbar)

Stop wscript.exe process if available by highlighting the process name and clicking End Process.

Then terminate explorer.exe process.

In Task Manager, click on File -> New Task (Run…).

Type “cmd” (without quotes) into the Open text box and click OK.

Type the following command one by one followed by hitting Enter key:

del c:\autorun.* /f /s /q /a

del d:\autorun.* /f /s /q /a

del e:\autorun.* /f /s /q /a

c, d, e each represents drive letters on Windows system. If there are more drives or partitions available, continue to command by altering to other drive letter. Note that you must also clean the autorun files from USB flash drive or portable hard disk as the external drive may also be infected.

In Task Manager, click on File -> New Task (Run…).

Type “regedit” (without quotes) into the Open text box and click OK.

Navigate to the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Check if the value name and value data for the key is correct (the value data of userint.exe include the path which may be different than C drive, which is also valid, note also the comma which is also needed):

“Userinit”=”C:\WINDOWS\system32\userinit.exe,”

If the value is incorrent, modify it to the valid value data

Increase Your Bandwidth

Filed under: Tweaks — Tags: , , , — shaktimishra007 @ 3:10 pm

How To Increase your Bandwidth by 20%?

Maybe this nice info can be useful for you and all the people here!

How To Increase your Bandwidth by 20%?

A nice little tweak for Win XP Pro (not Home) and 2000
By default Windows uses 20% of your bandwidth for their own purposes (suspect for updates and interrogating your machine etc..) ! Get it back!!!!!

Here’s how to get it back:

Click Start–>Run–>type “gpedit.msc” (without the ” of course)

This opens the group policy editor. Then go to:

Local Computer Policy–>Computer Configuration–>Administrative Templates–>Network–>QOS Packet Scheduler–>Limit Reservable Bandwidth

Double click on Limit Reservable bandwidth. It will say it is not configured, but the truth is under the ‘Explain’ tab :

“By default, the Packet Scheduler limits the system to 20 percent of the bandwidth of a connection, but you can use this setting to override the default.”

So the trick is to ENABLE reservable bandwidth, then set it to ZERO. This will allow the system to reserve nothing, rather than the default 20%.

Works great on Windows XP Pro and Windows 2000.

It works great on my Win-XP Pro!

Multi Yahoo Messenger

Filed under: Tweaks — Tags: — shaktimishra007 @ 3:08 pm

1. open run

2.type “regedit” with out cotes and press enter

3.in the left coloum click on hkey_current_user

4.in that click on software

5.in that click on yahoo

6.in that click on pager

7.in that click on test

8.now on the right side right click on empty page now select new dword

9. name it as plural

10.right click on plural modify set that value to 1 click on option decimail click enter

ENJOY multi msg in your yahoo msg

Faster FireFox

Filed under: Tweaks — Tags: , , , , , — shaktimishra007 @ 3:07 pm

.Type “about:config” into the address bar and hit return. Scroll down and look for the following entries:

network.http.pipelining network.http.proxy.pipelining network.http.pipelining.maxrequests

Normally the browser will make one request to a web page at a time. When you enable pipelining it will make several at once, which really speeds up page loading.

2. Alter the entries as follows:

Set “network.http.pipelining” to “true”

Set “network.http.proxy.pipelining” to “true”

Set “network.http.pipelining.maxrequests” to some number like 30. This means it will make 30 requests at once.

3. Lastly right-click anywhere and select New-> Integer. Name it “nglayout.initialpaint.delay” and set its value to “0″. This value is the amount of time the browser waits before it acts on information it recieves.

If you’re using a broadband connection you’ll load pages MUCH faster now!

Mahsa / New Folder virus

Filed under: ViRuS SoLuTiOnS — Tags: , , , , , — shaktimishra007 @ 3:05 pm

Virus File
————
File Name: New Folder.exe  (inside all folders)
File Name: Top Pictures.exe  (shared documents)
File Name: Windows Explorer.exe (c:\windows\)

Icon:  Looks like a Folder
Type:  Application
Size:  104KB/112KB
FileVersion: 1.0.0.0
Internal Name: Mahsa
OriginalFileName: Mahsa.exe
Product Version: 1.00

Recognized by antivirus
—————————-
Trojan.Win32.VB.aol
Worm.P2P.Generic

Symptoms
————-
You wil find New Folder.exe inside every folders.
You cannot open system utilities like Task Manager, Regedit, Msconfig; it opens and suddenly closes.
You cannot open folders with names like antivirus, .exe, etc. it opens and suddenly closes.

Behind the Screen
———————
Creates a file: C:\windows\Windows Explorer.exe
Creates a file: C:\Documents and Settings\All Users\Documents\Top Pictures.exe
Creates New Folder.exe in every folder you open

ModifyRegValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Explorer
ModifyRegValue: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState\FullPath
ModifyRegValue: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt

Adds to the startup item
Path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Explorer
Value: C:\WINDOWS\Windows Explorer.exe

Solution
———-
Thank god it doesnt disables the command prompt ;)

END TASK::
1. Start>Run
taskkill /f /t /im “New Folder.exe”
2. Start>Run
taskkill /f /t /im “Windows Explorer.exe”
3. Start>Run
taskkill /f /t /im “Top Pictures.exe”
(if you get some error like windows cannot find taskkill,.. blah blah…, copy the file taskkill to your X:\windows\system32\ directory)

REGISTRIES::
1. Start>Run
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Explorer
2. Start>Run
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v HideFileExt /t REG_DWORD /d 0

DELETE FILES::
1. Start>Run>cmd
del /a /f C:\windows\Windows Explorer.exe
2. Start>Run>cmd
del /a /f C:\Documents and Settings\All Users\Documents\Top Pictures.exe
3. now the tough part…
do a search for file “New Folder.exe” in all drives and delete all of them..

Funny UST Scandal.avi.exe Virus

Filed under: ViRuS SoLuTiOnS — Tags: , , , , , , , — shaktimishra007 @ 3:03 pm

1. Enable Regedit, CMD, TaskManager.

2. Restart the comp in “Safe Mode with Command Prompt”

3. Type:
reg delete HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Runonce
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL /v CheckedValue /t REG_DWORD /d 1
reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” /v Shell /t REG_SZ /d Explorer.exe

4. Type:
del “%windir%\autorun.inf” /f /a
del “%windir%\smss.exe” /f /a
del “%windir%\killer.exe” /f /a
del “%windir%\Funny UST Scandal.exe” /f /a
del “C:\log” /f /a
del “C:\Documents and Settings\All Users\Start Menu\Programs\Startup\lsass.exe” /f /a

del “D:\autorun.inf” /f /a
del “D:\smss.exe” /f /a
del “D:\Funny UST Scandal.avi.exe” /f /a

*like this for all drives…

5. Type:
TASKMGR
If not working type:
reg delete **********

6. Type:
EXPLORER
If not working type:
reg delete **********

imgkulot virus

Filed under: ViRuS SoLuTiOnS — Tags: , , , , — shaktimishra007 @ 2:57 pm

It’s probably because you inserted an infected flashdrive in the machine.

Note: Be sure to insert your flashdrives before we begin!

Configure your machine to view hidden files:

Windows XP

  • Click Start.
  • Open My Computer..
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the “Hidden files and folders” heading select Show hidden files and folders.
  • Uncheck the Hide Protected Operating System Files Option.
  • Click Yes to confirm.
  • Click OK.

Open my computer and open the drive of your flashdrive (ie. E:\) After you have opened it, search for autorun.inf and any imgkulot.* files then delete all of them.

*= any extension

After that,

Click Start > Search > Click “All Files and Folders”.

Under look in: make sure it’s in “my computer”

Under “Advanced Options“, make sure the following are checked:

  • Search System Folders.
  • Search Hidden Files And Folders.
  • Search Subfolders.

Then into the search box, copy and paste these:

imgkulot.*

autorun.inf

Then, click Search after you copy and paste each of those. After that, delete all instances of those files.

empty your recycle bin.
______

Open notepad.
Copy and paste the text inside the Code Box below into Notepad
Choose File > Save As and under “Save as type”, choose “All Files“.
Type fix.reg in the File name and save it to your desktop.

Code:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“Userinit”=”C:\\WINDOWS\\system32\\userinit.exe,”

Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Close notepad. Make sure that all windows are closed.

Find the fix.reg file on your desktop.
Double click it.
It will then ask if you want the file merged to your registry.
Answer Yes.

Reboot.

Autorun Viruses …………

Filed under: ViRuS SoLuTiOnS — Tags: , , , , , , — shaktimishra007 @ 2:54 pm

Here are some examples of autorun viruses which rely on the autorun function of Windows to infect PC’s and flash drives.

Funny UST Scandal.avi.exe (latest one in the Philippines)
Autorun.vbs
win32.autorun.k
copy.exe
imgkulot
taga lipa are
autorun.vbs
recycler
FS6519.dll.vbs
strawberry from baguio
W32/Perlovga (copy.exe | host.exe)
VBS_RESULOWS.A (Hacked by Godzilla, Hacked by Moozilla)
Bha.dll.vbs
w32automa worm (Autorun.vbs)
Trojan.Win32.VB.atg | Win32/Dzan | Worm_vb.bnr (tel.xls.exe | mmc.exe)
W32/RJump.worm (RavMonE)
Worm.Win32.Delf.bf | W32.Fujacks (spoclsv.exe)
W32.Fujacks.BH (Fucker.vbs)
WORM_AGENT.PGV (soundmix.exe)
W32/Hakaglan.worm (RVHost.exe)
Trojan.Win32.VB.ayo [AVP] (Macromedia_Setup.exe)
Trojan.VBS.DeltreeY.b#1 (Destrukto!!! | destrukto.vbs)
etc.

To prevent these kinds of viruses on infecting your PC, you need to disable autorun function in your computer, unfortunately, just shutting down autoplay is not a fix. You might think that you could protect yourself from AutoRun by adding two (2) keys to your Registry (NoDriveAutoRun and NoDriveTypeAutoRun) but these keys can be overridden by some programs.

Solution is here:

1. Start Notepad [Start Menu-All Programs-Accessories-Notepad] or right-click any empty space in your desktop then select New-Text Document
2. Copy the following text. (note: Everything in between the square brackets should be in one line)

[b]REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@=”@SYS:DoesNotExist”

3. Save the file with a name (anything) like DisableAutoRun.reg (The extension .reg is the important part)
4. Double Click your newly created registry file. Choose yes or continue to the warning that will appear.

June 2, 2008

Orkut is banned you fool`,The administrators didnt write this program guess who did??/w32.USB Worm/USE INTERNET EXPLORER U DOPE”

Filed under: Uncategorized — shaktimishra007 @ 6:25 pm

Fed Up With This Virus Which Bans Orkut and other sites.It doesn’t even let u to Browse in Mozilla ……

Here’s The Trick ……..

First Of All We Have To End All THe Processes linked with the virus ……

1. Press CTRL+ALT+DEL and then go to the processes tab

2. Look for svchost.exe which has you username on the side and then press del and accept the confirmation message. You might find more then one process.

3. Go to My Computer n type C:\heap41a in the adress bar .(IT IS A HIDDEN FOLDER) Delete all the files there.

4.Now go to Start>Run>Type Regedit,Press enter.

5.Go to edit menu n then Find C:\heap41a. Delete all the entries u find n accept the confirmation msg.

NOW U R FREE FROM THE VIRUS N CAN BROWSE ORKUT …….

BUT Hmmmmm …… Some people say that they can’t view their hidden files after they remove this virus ……. Don’t worry actually the virus has tweaked with the registry n we need to correct it … Three more minutes to go ……

1. Go to Start>Run>Regedit.

2.Then Navigate to – HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

3. You Will Find DWORD “NoFolderOptions” in the right hand side,Edit its value to 0 or u can even delete it.

NOW U R ALMOST DONE BUT NOOW U HAV TO DELTE THE VIRUS FROM THE PEN DRIVE IF U HAV ONE.

U Must have ur hidden files to be visible(INCLUDING THE OPERATING SYSTEMS FILES AND EXTENSIONS).

Now u have to delete the autorun.inf file and all the files wth extension “.exe” .

So Now U R Done ………. Well i didn’t invent this,rather I learnt it from som1 else n shared it with you.Sharing Knowledge Helps u Gain More space in ur Brain Harddisk n U Can Put In Some More Knowledge in it. ;-) (GETTING VERY TECHIE ??? HUH ) OK Ok Now All ur problem i s solved n if hav any more problems … Fell free to ask me.I’ll try to Find a way out 4 u.

Mail Me If U Wanna Thank Me …… —– shaktimishra007@gmail.com

Theme: Banana Smoothie. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.