Yahoo Messenger 9 from Yahoo.com
Yahoo Messenger 9 full from rapidshare.com
Monday, November 26, 2007
Saturday, November 24, 2007
Wednesday, November 21, 2007
Yahoo Messenger 9 Ad Remover
Note : Use it at your own risk and scan the file with your anti-virus
download yahoo messenger 9 AdRemover
VIRUS SCAN RESULT OF yahoo messenger 9 AdRemover
---------------------------------------------------------
AntiVirus Version LastUpdate Result
download yahoo messenger 9 AdRemoverVIRUS SCAN RESULT OF yahoo messenger 9 AdRemover
---------------------------------------------------------
AntiVirus Version LastUpdate Result
| AhnLab-V3 | 2007.11.21.1 | 2007.11.21 | Win-Trojan/Xema.variant |
| AntiVir | 7.6.0.34 | 2007.11.21 | - |
| Authentium | 4.93.8 | 2007.11.21 | - |
| Avast | 4.7.1074.0 | 2007.11.20 | Win32:Patched-T |
| AVG | 7.5.0.503 | 2007.11.21 | - |
| BitDefender | 7.2 | 2007.11.21 | - |
| CAT-QuickHeal | 9.00 | 2007.11.20 | - |
| ClamAV | 0.91.2 | 2007.11.21 | - |
| DrWeb | 4.44.0.09170 | 2007.11.21 | - |
| eSafe | 7.0.15.0 | 2007.11.14 | - |
| eTrust-Vet | 31.3.5313 | 2007.11.21 | - |
| Ewido | 4.0 | 2007.11.20 | - |
| FileAdvisor | 1 | 2007.11.21 | - |
| Fortinet | 3.14.0.0 | 2007.11.21 | - |
| F-Prot | 4.4.2.54 | 2007.11.21 | - |
| F-Secure | 6.70.13030.0 | 2007.11.21 | - |
| Ikarus | T3.1.1.12 | 2007.11.21 | Trojan.HackTool.Patch.A |
| Kaspersky | 7.0.0.125 | 2007.11.21 | - |
| McAfee | 5167 | 2007.11.20 | - |
| Microsoft | 1.3007 | 2007.11.21 | HackTool:Win32/Patch.A |
| NOD32v2 | 2674 | 2007.11.21 | - |
| Norman | 5.80.02 | 2007.11.20 | - |
| Panda | 9.0.0.4 | 2007.11.21 | - |
| Prevx1 | V2 | 2007.11.21 | - |
| Rising | 20.19.20.00 | 2007.11.21 | - |
| Sophos | 4.23.0 | 2007.11.21 | Troj/Patch-F |
| Sunbelt | 2.2.907.0 | 2007.11.21 | - |
| Symantec | 10 | 2007.11.21 | - |
| TheHacker | 6.2.9.135 | 2007.11.20 | - |
| VBA32 | 3.12.2.5 | 2007.11.20 | - |
| VirusBuster | 4.3.26:9 | 2007.11.21 | - |
| Webwasher-Gateway | 6.0.1 | 2007.11.21 | - |
Firefox bug
A common firefox bug
save page, save picture functions are not working or download window is not working.
it because of corrupted file downloads.rdf, usually this problem is raise when in proper shutdown is occurs.
I had this problem for almost one week now. I have tried almost anything that I can think of: clean install, messing around settings in Options, removing themes and extensions. None of which have worked
The solution is simple erase the corrupted file “ downloads.rdf ”, the file path
C:\Documents and Settings\”YourUserName”\Application Data\Mozilla\Firefox\Profiles\”xxxx”\
Monday, November 19, 2007
Virus W32/RJump.worm - Ravmon.exe
Device Virus, Ravmon.exe
i created this article bcoz of my friends computer infected by this virus
W32/Rjump.worm is a worm written using the Python scripting language and was converted into a windows portable executable file using the Py2Exe tool. It attempts to spread by coping itself to mapped and removable storage drives and also opens a backdoor on an infected system.
this virus block some administrative windows functions like
block taskmanager
block regedit.exe
disable folder option
disable command prompt
disable run, etc
if you found these problems in your pc , it because of ravmon.exe - Virus W32/RJump.worm
this is not a dangers virus, but it also crate a log file that contains the port number on which its backdoor component listens.
Characteristics of W32/RJump.worm - Ravmon.exe
---------------------------------------------------
it creates a copy of itself into the windows system directory
%Windir%\RAVMON.EXE
RavMonLog ( log file)
Create a registry update on
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
"RavAV" = "%Windir%\RAVMON.EXE"
create a copy of files in all drives
autorun.inf --used to autorun the worm when the drive is accessed
msvcr71.dll -- Clean Microsoft Visual Studio dll file
ravmon.exe -- copy of the worm
The contents of the autorun.inf are as follows:
[AutoRun]
open=RavMonE.exe e
shellexecute=RavMonE.exe e
shell\Auto\command=RavMonE.exe e
shell=Auto
Reseting to default setting by these Registry values
to enable task manager
Hive: HKEY_CURRENT_USER
Key: Software\Microsoft\Windows\CurrentVersion\Policies\System
Name: DisableTaskMgr
Type: REG_DWORD
Value: 1=Enable
to enable regedit.exe
Start -> Run -> gpedit.msc -> User Configuration -> Administrative Templates -> System -> Prevent access to registry editing tools -> Right Click Properties -> Disabled
to enable Folder Otion
User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer]
System Key:
Explorer]
Value Name: NoFolderOptions
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = show options, 1 = hide options) [
to enable run
Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ Policies\Explorer
Create a DWORD value for each Run function that will be disabled.
Modify/Create the Value Name [DisableLocalMachineRun] according to the Value Data listed below.
Data Type: REG_DWORD [Dword Value] // Value Name: DisableLocalMachineRun
Data Type: REG_DWORD [Dword Value] // Value Name: DisableLocalMachineRunOnce
Data Type: REG_DWORD [Dword Value] // Value Name: DisableCurrentUserRun
Data Type: REG_DWORD [Dword Value] // Value Name: DisableCurrentUserRunOnce
Setting for Value Data: [0 = Disabled / 1 = Enabled]
Stop the virus
---------------------
* stop the service having the path %path% ravmon.exe
* stop the ravmon.exe from task manger
* delete ravmon.exe from the pc
* remove the startup registry value from HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, (don't delete the path only * * delete the ravmon.exe regisry value)
* delete files autorun.inf and ravmon.exe from all drive
i created this article bcoz of my friends computer infected by this virus
W32/Rjump.worm is a worm written using the Python scripting language and was converted into a windows portable executable file using the Py2Exe tool. It attempts to spread by coping itself to mapped and removable storage drives and also opens a backdoor on an infected system.
this virus block some administrative windows functions like
block taskmanager
block regedit.exe
disable folder option
disable command prompt
disable run, etc
if you found these problems in your pc , it because of ravmon.exe - Virus W32/RJump.worm
this is not a dangers virus, but it also crate a log file that contains the port number on which its backdoor component listens.
Characteristics of W32/RJump.worm - Ravmon.exe
---------------------------------------------------
it creates a copy of itself into the windows system directory
%Windir%\RAVMON.EXE
RavMonLog ( log file)
Create a registry update on
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
"RavAV" = "%Windir%\RAVMON.EXE"
create a copy of files in all drives
autorun.inf --used to autorun the worm when the drive is accessed
msvcr71.dll -- Clean Microsoft Visual Studio dll file
ravmon.exe -- copy of the worm
The contents of the autorun.inf are as follows:
[AutoRun]
open=RavMonE.exe e
shellexecute=RavMonE.exe e
shell\Auto\command=RavMonE.exe e
shell=Auto
Reseting to default setting by these Registry values
to enable task manager
Hive: HKEY_CURRENT_USER
Key: Software\Microsoft\Windows\CurrentVersion\Policies\System
Name: DisableTaskMgr
Type: REG_DWORD
Value: 1=Enable
to enable regedit.exe
Start -> Run -> gpedit.msc -> User Configuration -> Administrative Templates -> System -> Prevent access to registry editing tools -> Right Click Properties -> Disabled
to enable Folder Otion
User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer]
System Key:
Explorer]
Value Name: NoFolderOptions
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = show options, 1 = hide options) [
to enable run
Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ Policies\Explorer
Create a DWORD value for each Run function that will be disabled.
Modify/Create the Value Name [DisableLocalMachineRun] according to the Value Data listed below.
Data Type: REG_DWORD [Dword Value] // Value Name: DisableLocalMachineRun
Data Type: REG_DWORD [Dword Value] // Value Name: DisableLocalMachineRunOnce
Data Type: REG_DWORD [Dword Value] // Value Name: DisableCurrentUserRun
Data Type: REG_DWORD [Dword Value] // Value Name: DisableCurrentUserRunOnce
Setting for Value Data: [0 = Disabled / 1 = Enabled]
Stop the virus
---------------------
* stop the service having the path %path% ravmon.exe
* stop the ravmon.exe from task manger
* delete ravmon.exe from the pc
* remove the startup registry value from HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, (don't delete the path only * * delete the ravmon.exe regisry value)
* delete files autorun.inf and ravmon.exe from all drive
Monday, November 12, 2007
Internet Error codes
Error Codes : Meaning
400 : This is bad request error, First check you may be typing wrong URL name and server could not understand your request.
401 : You are trying to open any unauthorized access site or page. Check your username and password if you are trying to open any webpage.
402 : Payment Required Error
403 : You are trying to open any forbidden page and you are blocked by that domain.
404 : Here you are trying to open the webpage that was removed or re-named, also check the URL spelling.
408 : This is time out error. you should send the request with in time that the server set for you.
400 : This is bad request error, First check you may be typing wrong URL name and server could not understand your request.
401 : You are trying to open any unauthorized access site or page. Check your username and password if you are trying to open any webpage.
402 : Payment Required Error
403 : You are trying to open any forbidden page and you are blocked by that domain.
404 : Here you are trying to open the webpage that was removed or re-named, also check the URL spelling.
408 : This is time out error. you should send the request with in time that the server set for you.
Automate the DIR Command
prompt using open Run option
Click Start and open Run option then type cmd to open command prompt, here type
set dircmd=/w/o/p
then press Enter, now every time thereafter that you type
dir
the /w/o/p switches will be automatically applied and now need to type every time. If your are interested to use single switch like /w you can use it
set dircmd=/w
and press Enter.
and same if you wants to undo these switches then you can very easily by typing
dir /-switch
For example, if you wanted to do a directory with only the /w switch, you could enter
dir /-p/-o
When you exit the Command prompt window, however, the Dircmd setting returns to its default settings.
Monday, November 5, 2007
Minimum processes list for windows XP Pro
The Computer with Fresh Windows XP contain only 13 processes.
Email Virus - Top rated I Worm
Win32.Netsky
Win32:Netsky the top rated email worm in last 2 month, mail with a attachment file .pif .
if u run the attachment file, u will get a message like "The file could not be opened". and the virus make a copy of itself in pc, named 'service.exe' .Win32:Netsky Mail details
Message header (chosen at random from the list below)
Approved
Hello
Hi
Important
My details
Re: Approved
Re: Hello
Re: Hi
Re: Important
Re: My details
Re: Request
Re: Thanks you!
Re: Your details
Re: Your document
Re: Your information
Request
Thank you!
Your details
Your document
Your information
subject (chosen at random from the list below) :
fake
hello
hi
information
read it immediately
something for you
stolen
unknown
warning
Attachment File name (chosen at random from the list below) :
aboutyou
attachment
bill
concert
creditcard
details
dinner
disco
doc
document
final
found
friend
information
jokes
location
mail2
mails
me
message
misc
msg
nomoney
note
object
part2
party
posting
product
ps
ranking
release
shower
story
stuff
swimmingpool
talk
textfile
topseller
website
Delete Win32:Netsky
to delete the virus, goto control panel -> administrative tools -> Services
and find the service with executable path "%Windir%\services.exe -serv"
stop the service disable it, and remove the file from your hard disk.
the virus will create a registry update on the path
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]delete the key from registry, for that run regedit.exe ( click on start -> run and type regedit)
"EastAV"="%windir%\EastAV.exe"
goto the path
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] and remove only the key "EastAv"
or you can download 'Win32:Netsky' fix tools from http://www.kaspersky.com
Download Free Virus Fix
Subscribe to:
Posts (Atom)