Tips And Info Computers: August 2008

Friday, August 22, 2008

Trojan Ports

TCP 1 Breach.2001, SocketsDeTroie.230, SocketsDeTroie.250
TCP 28 Amanda.200
TCP 31 MastersParadise.920
TCP 68 Subseven.100
TCP 142 NetTaxi.180
TCP 146 Infector.141, Intruder.100, Intruder.100
TCP 171 ATrojan.200
TCP 285 WCTrojan.100
TCP 286 WCTrojan.100
TCP 334 Backage.310
TCP 370 NeuroticKat.120, NeuroticKat.130
TCP 413 Coma.109
TCP 420 Breach.450
TCP 555 Id2001.100, PhaseZero.100, StealthSpy.100
TCP 623 Rtb666.160
TCP 660 Zaratustra.100
TCP 661 Noknok.800, Noknok.820
TCP 666 BackConstruction.210, BackConstruction.250, Bla.100, Bla.200, Bla.400, Bla.503, Cain.150, Dimbus.100, Noknok.820, Ripper.100, SatansBackdoor.100, SatansBackdoor.101, SatansBackdoor.102, Unicorn.100, Unicorn.101, Unicorn.110
TCP 667 SniperNet.210, Snipernet.220
TCP 668 Unicorn.101, Unicorn.110
TCP 680 Rtb666.160
TCP 777 Tiny.100, Undetected.230, Undetected.300, Undetected.310, Undetected.320, Undetected.330, Undetected.331, Undetected.332
TCP 785 NetworkTerrorist.100
TCP 800 NeuroticKitten.010
TCP 831 NeuroticKat.100, NeuroticKat.120, NeuroticKat.130
TCP 901 NetDevil.130, NetDevil.140
TCP 1000 DerSpaeher.200
TCP 1001 Silencer.100
TCP 1008 AutoSpy.100
TCP 1010 DerSpaeher.200
TCP 1015 Doly.150
TCP 1111 TPort.100
TCP 1130 Noknok.800, Noknok.820
TCP 1207 SoftWAR.100
TCP 1243 Subseven.100, SubSeven.110, SubSeven.180, SubSeven.190, Subseven.200
TCP 1245 VoodooDoll.006
TCP 1269 Matrix.130
TCP 1480 RemoteHack.130
TCP 1568 RemoteHack.100, RemoteHack.110
TCP 1600 DirectConnection.100
TCP 1601 DirectConnection.100
TCP 1602 DirectConnection.100
TCP 1634 NetCrack.100
TCP 1784 Snid.120, Snid.212
TCP 1999 TransmissionScout.100, TransmissionScout.110
TCP 2000 ATrojan.200, InsaneNetwork.400
TCP 2001 DIRT.220, TrojanCow.100
TCP 2003 TransmissionScout.100, TransmissionScout.110
TCP 2023 RipperPro.100
TCP 2040 InfernoUploader.100
TCP 2115 Bugs.100
TCP 2140 DeepThroat.100, DeepThroat.200, DeepThroat.310
TCP 2332 SilentSpy.202
TCP 2589 Dagger.140
TCP 2600 DigitalRootbeer.100
TCP 2989 Rat.200
TCP 3128 MastersParadise.970
TCP 3129 MastersParadise.920, MastersParadise.970
TCP 3150 DeepThroat.100, DeepThroat.200, DeepThroat.310, MiniBacklash.110
TCP 3215 BlackStar.100, Ghost.230
TCP 3333 Daodan.123
TCP 3410 OptixPro.100, OptixPro.110
TCP 3456 Force.155, TerrorTrojan.100
TCP 3505 AutoSpy.130, AutoSpy.140
TCP 3586 Snid.120, Snid.212
TCP 3700 PortalOfDoom.100
TCP 3723 Mantis.100
TCP 3800 Eclypse.100
TCP 3996 RemoteAnything.364
TCP 4000 SkyDance.220, SkyDance.229
TCP 4201 Wartrojan.160, Wartrojan.200
TCP 4225 SilentSpy.202
TCP 4321 Bobo.100
TCP 4444 AlexTrojan.200, Crackdown.100
TCP 4488 EventHorizon.100
TCP 4523 Celine.100
TCP 4545 InternalRevise.100, RemoteRevise.150
TCP 4567 FileNail.100
TCP 4666 Mneah.100
TCP 4950 ICQTrojan.100
TCP 5005 Aladino.060
TCP 5025 Keylogger.WMRemote.100
TCP 5031 NetMetro.104
TCP 5032 NetMetro.104
TCP 5033 NetMetro.104
TCP 5050 RoxRat.100
TCP 5151 OptixLite.020, OptixLite.030, OptixLite.040
TCP 5190 MBomber.100
TCP 5277 WinShell.400
TCP 5343 WCRat.100
TCP 5400 BackConstruction.120, BackConstruction.150, BladeRunner.080, DeepThroat.300
TCP 5401 BackConstruction.120, BackConstruction.150, BackConstruction.210, BackConstruction.250, BladeRunner.080, DeepThroat.300, Mneah.100
TCP 5402 BackConstruction.210, BackConstruction.250, BladeRunner.080, DeepThroat.300, Mneah.100
TCP 5534 TheFlu.100
TCP 5550 XTCP.200, XTCP.201
TCP 5555 Noxcape.100, Noxcape.200
TCP 5695 Assassin.100
TCP 5714 WinCrash.100
TCP 5741 WinCrash.100
TCP 5742 WinCrash.103
TCP 5802 Y3KRat.160
TCP 5810 Y3KRat.160
TCP 5838 Y3KRat.170
TCP 5858 Y3KRat.110, Y3KRat.120, Y3KRat.140
TCP 5880 Y3KRat.140
TCP 5881 Y3KRat.110, Y3KRat.120, Y3KRat.140
TCP 5882 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150
TCP 5883 Y3KRat.110, Y3KRat.140
TCP 5884 Y3KRat.140, Y3KRat.150
TCP 5885 Y3KRat.110, Y3KRat.120, Y3KRat.140
TCP 5886 Y3KRat.120, Y3KRat.140
TCP 5887 Y3KRat.110, Y3KRat.120, Y3KRat.140
TCP 5888 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150
TCP 5889 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150
TCP 5890 Y3KRat.140
TCP 6400 Thething.100, Thething.150
TCP 6556 AutoSpy.120, AutoSpy.122
TCP 6655 Aqua.020
TCP 6660 LameSpy.095
TCP 6666 LameRemote.100, ProjectMayhem.100
TCP 6669 Vampire.100
TCP 6670 DeepThroat.200, DeepThroat.210
TCP 6671 DeepThroat.310
TCP 6699 HostControl.101
TCP 6711 DeepThroat.300, Noknok.820, SubSeven.180, SubSeven.190
TCP 6712 Subseven.100
TCP 6713 Subseven.100
TCP 6767 NTRC.120
TCP 6776 SubSeven.180, SubSeven.190, Subseven.200
TCP 6789 Doly.200
TCP 6796 SubSeven.214
TCP 6912 ShitHeep.100
TCP 6939 Indoctrination.100
TCP 6953 Lithium.100
TCP 6969 2000Cracks.100, Bigorna.100, Danton.110, Danton.210, Danton.220, Danton.310, Danton.320, Danton.330, GateCrasher.110, NetController.108, Sparta.110, VagrNocker.120
TCP 6970 Danton.330
TCP 7001 Freak88.100
TCP 7119 Massaker.100
TCP 7200 Massaker.110
TCP 7300 Coced.221
TCP 7301 Coced.221
TCP 7306 NetSpy.200, NetSpy.200
TCP 7410 Phoenix.190, Phoenix.200
TCP 7511 Genue.100
TCP 7609 Snid.120, Snid.212
TCP 7614 Wollf.130
TCP 7648 BlackStar.100, Ghost.230
TCP 7788 Last.2000, Matrix.200
TCP 7826 MiniOblivion.010, Oblivion.010
TCP 7887 SmallFun.110
TCP 7891 Revenger.100
TCP 7979 VagrNocker.200
TCP 7997 VagrNocker.200
TCP 8000 XConsole.100
TCP 8011 Way.240
TCP 8012 Ptakks.215, Ptakks.217
TCP 8110 LoseLove.100
TCP 8111 LoseLove.100
TCP 8301 LoseLove.100
TCP 8302 LoseLove.100
TCP 8372 NetBoy.100
TCP 8720 Connection.130
TCP 8734 AutoSpy.110
TCP 8811 Force.155
TCP 8899 Last.2000
TCP 9000 Aristotles.100
TCP 9301 LoseLove.100
TCP 9400 InCommand.100, InCommand.110, InCommand.120, InCommand.130, InCommand.140, InCommand.150, InCommand.153, InCommand.160, InCommand.167, InCommand.170
TCP 9401 InCommand.100, InCommand.110, InCommand.170
TCP 9402 InCommand.100, InCommand.110
TCP 9561 CRatPro.110
TCP 9563 CRatPro.110
TCP 9580 TheefLE.100
TCP 9696 Danton.210, Ghost.230
TCP 9697 Danton.320, Danton.330, Ghost.230
TCP 9870 R3C.100
TCP 9872 PortalOfDoom.100
TCP 9873 PortalOfDoom.100
TCP 9874 PortalOfDoom.100
TCP 9875 PortalOfDoom.100
TCP 9876 Rux.100, SheepGoat.100
TCP 9877 SmallBigBrother.020
TCP 9878 SmallBigBrother.020, TransmissionScout.100, TransmissionScout.110, TransmissionScout.120
TCP 9879 SmallBigBrother.020
TCP 9999 ForcedEntry.100, Infra.100, Prayer.120, Prayer.130, TakeOver.200, TakeOver.300
TCP 10001 DTr.130, DTr.140
TCP 10013 Amanda.200
TCP 10067 PortalOfDoom.100
TCP 10100 Gift.240
TCP 10101 NewSilencer.100
TCP 10167 PortalOfDoom.100
TCP 10528 HostControl.100, HostControl.260
TCP 10607 Coma.109
TCP 10666 Ambush.100
TCP 11011 Amanda.200
TCP 11050 HostControl.101
TCP 11051 HostControl.100, HostControl.260
TCP 11223 AntiNuke.100, Progenic.100, Progenic.110
TCP 11225 Cyn.100, Cyn.103, Cyn.120
TCP 11306 Noknok.800, Noknok.820
TCP 11831 Katux.200, Latinus.140, Latinus.150, Pest.100, Pest.400
TCP 11991 PitfallSurprise.100
TCP 12043 Frenzy.2000
TCP 12345 Fade.100, Netbus.160, Netbus.170, VagrNocker.400
TCP 12346 Netbus.160, Netbus.170
TCP 12348 Bionet.210, Bionet.261, Bionet.280, Bionet.302, Bionet.305, Bionet.311, Bionet.313, Bionet.316, Bionet.317
TCP 12349 Bionet.084, Bionet.261, Bionet.280, Bionet.302, Bionet.305, Bionet.311, Bionet.313, Bionet.314, Bionet.316, Bionet.317, Bionet.401, Bionet.402
TCP 12389 KheSanh.210
TCP 12478 Bionet.210
TCP 12623 Buttman.090, Buttman.100
TCP 12624 Buttman.090, Buttman.100
TCP 12625 Buttman.100
TCP 12904 Akropolis.100, Rocks.100
TCP 13473 Chupacabra.100
TCP 13753 AFTP.010
TCP 14100 Eurosol.100
TCP 14194 CyberSpy.840
TCP 14286 HellDriver.100
TCP 14500 PCInvader.050, PCInvader.060, PCInvader.070
TCP 14501 PCInvader.060, PCInvader.070
TCP 14502 PCInvader.050, PCInvader.060, PCInvader.070
TCP 14503 PCInvader.050, PCInvader.060, PCInvader.070
TCP 14504 PCInvader.050, PCInvader.060
TCP 15092 HostControl.100, HostControl.260
TCP 15382 SubZero.100
TCP 15432 Cyn.210
TCP 15555 ICMIBC.100
TCP 16322 LastDoor.100
TCP 16484 MoSucker.110
TCP 16661 Dfch.010
TCP 16969 Progenic.100
TCP 16982 AcidShiver.100
TCP 17300 Kuang.200
TCP 17499 CrazzyNet.370, CrazzyNet.375, CrazzyNet.521
TCP 17500 CrazzyNet.370, CrazzyNet.375, CrazzyNet.521
TCP 17569 Infector.141, Infector.160, Infector.170, Infector.180, Infector.190, Infector.200, Intruder.100, Intruder.100
TCP 17593 AudioDoor.120
TCP 19191 BlueFire.035, BlueFire.041
TCP 19604 Metal.270
TCP 19605 Metal.270
TCP 19991 Dfch.010
TCP 20000 Millenium.100
TCP 20001 Millenium.100, PshychoFiles.180
TCP 20002 AcidKor.100, PshychoFiles.180
TCP 20005 MoSucker.200, MoSucker.210, MoSucker.220
TCP 21212 Schwindler.182
TCP 21554 Exploiter.100, Exploiter.110, Girlfriend.130, GirlFriend.135
TCP 21579 Breach.2001
TCP 21584 Breach.2001
TCP 21684 Intruse.134
TCP 22068 AcidShiver.110
TCP 22115 Cyn.120
TCP 22222 Prosiak.047, Ruler.141, Rux.300, Rux.400, Rux.500, Rux.600
TCP 22223 Rux.400, Rux.500, Rux.600
TCP 22456 Bla.200, Bla.503
TCP 22457 AcidShiver.120, Bla.200, Bla.503
TCP 22784 Intruzzo.110
TCP 22845 Breach.450
TCP 22847 Breach.450
TCP 23005 Infinaeon.110, NetTrash.100, Oxon.110, WinRat.100
TCP 23006 Infinaeon.110, NetTrash.100, Oxon.110, WinRat.100
TCP 23032 Amanda.200
TCP 23432 Asylum.010, Asylum.012, Asylum.013, Asylum.014, MiniAsylum.110
TCP 23456 EvilFTP.100, VagrNocker.400
TCP 23476 DonaldDick.153, DonaldDick.154, DonaldDick.155
TCP 23477 DonaldDick.153
TCP 24000 Infector.170
TCP 24307 Wildek.020
TCP 25386 MoonPie.220
TCP 25486 MoonPie.220
TCP 25555 FreddyK.100, FreddyK.200
TCP 25556 FreddyK.100
TCP 25685 MoonPie.010, MoonPie.012, MoonPie.130, MoonPie.220, MoonPie.240, MoonPie.400
TCP 25686 MoonPie.135, MoonPie.200, MoonPie.400
TCP 25982 MoonPie.135, MoonPie.200
TCP 26274 Delta.050
TCP 27160 MoonPie.135, MoonPie.200
TCP 27184 Alvgus.100, Alvgus.800
TCP 27374 Muerte.110, Subseven.210, SubSeven.213
TCP 28429 Hack'a'Tack.2000
TCP 28430 Hack'a'Tack.2000
TCP 28431 Hack'a'Tack.2000
TCP 28432 Hack'a'Tack.2000
TCP 28433 Hack'a'Tack.2000
TCP 28434 Hack'a'Tack.2000
TCP 28435 Hack'a'Tack.2000
TCP 28436 Hack'a'Tack.2000
TCP 29559 DuckToy.100, DuckToy.101, Katux.200, Latinus.140, Latinus.150, Pest.100, Pest.400
TCP 29891 Unexplained.100
TCP 30000 Infector.170
TCP 30001 Error32.100
TCP 30003 LamersDeath.100
TCP 30029 AOLTrojan.110
TCP 30100 NetSphere.127, NetSphere.130, NetSphere.131
TCP 30101 NetSphere.127, NetSphere.130, NetSphere.131
TCP 30102 NetSphere.127, NetSphere.130, NetSphere.131
TCP 30103 NetSphere.131
TCP 30947 Intruse.134
TCP 31320 LittleWitch.400, LittleWitch.420
TCP 31337 BackOrifice.120, Khaled.100, OPC.200
TCP 31415 Lithium.101
TCP 31416 Lithium.100, Lithium.101
TCP 31557 Xanadu.110
TCP 31631 CleptoManicos.100
TCP 31745 Buschtrommel.100, Buschtrommel.122
TCP 31785 Hack'a'Tack.100, Hack'a'Tack.112
TCP 31787 Hack'a'Tack.100, Hack'a'Tack.112
TCP 31789 Hack'a'Tack.100, Hack'a'Tack.112
TCP 31791 Hack'a'Tack.100, Hack'a'Tack.112
TCP 31887 BDDT.100
TCP 31889 BDDT.100
TCP 32100 ProjectNext.053
TCP 32418 AcidBattery.100
TCP 32791 Akropolis.100, Rocks.100
TCP 33291 RemoteHak.001
TCP 33333 Blackharaz.100, Prosiak.047, SubSeven.214
TCP 33577 SonOfPsychward.020
TCP 34324 TelnetServer.100
TCP 34763 Infector.180, Infector.190, Infector.200
TCP 35000 Infector.190, Infector.200
TCP 35600 Subsari.140
TCP 36794 BugBear.100
TCP 37237 Mantis.020
TCP 37651 YAT.210
TCP 37653 YAT.310
TCP 40308 Subsari.140
TCP 40412 TheSpy.100
TCP 40421 MastersParadise.970
TCP 40422 MastersParadise.970
TCP 40999 DiemsMutter.110, DiemsMutter.140
TCP 41626 Shah.100
TCP 44444 Prosiak.070
TCP 45673 Akropolis.100, Rocks.100
TCP 47262 Delta.050
TCP 48006 Fragglerock.200
TCP 49683 HolzPferd.210
TCP 50000 Infector.180
TCP 50130 Enterprise.100
TCP 50766 Fore.100
TCP 51234 Cyn.210
TCP 51966 Cafeini.080, Cafeini.110
TCP 54321 PCInvader.010
TCP 57341 NetRaider.100
TCP 57922 Bionet.084
TCP 58008 Tron.100
TCP 58009 Tron.100
TCP 59090 AcidReign.200
TCP 59211 DuckToy.100, DuckToy.101
TCP 59345 NewFuture.100
TCP 60000 DeepThroat.300, MiniBacklash.100, MiniBacklash.101, MiniBacklash.101
TCP 60411 Connection.100, Connection.130
TCP 60412 Connection.130
TCP 60552 RoxRat.100
TCP 63536 InsaneNetwork.500
TCP 63878 AphexFTP.100
TCP 63879 AphexFTP.100
TCP 64969 Lithium.100
TCP 65000 Socket.100
UDP 1 SocketsDeTroie.250
UDP 666 Bla.200, Bla.400, Bla.503, Noknok.820
UDP 1130 Noknok.800, Noknok.820
UDP 2140 DeepThroat.100, DeepThroat.200, DeepThroat.310
UDP 2989 Rat.200
UDP 3128 MastersParadise.970
UDP 3129 MastersParadise.920, MastersParadise.970
UDP 3150 DeepThroat.100, DeepThroat.200, DeepThroat.310, MiniBacklash.110
UDP 3333 Daodan.123
UDP 3800 Eclypse.100
UDP 3996 RemoteAnything.364
UDP 4000 RemoteAnything.364
UDP 5555 Daodan.123
UDP 5881 Y3KRat.110, Y3KRat.140
UDP 5882 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150
UDP 5883 Y3KRat.110, Y3KRat.140
UDP 5884 Y3KRat.140, Y3KRat.150
UDP 5885 Y3KRat.110, Y3KRat.120, Y3KRat.140
UDP 5886 Y3KRat.120, Y3KRat.140
UDP 5887 Y3KRat.110, Y3KRat.120, Y3KRat.140
UDP 5888 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.150
UDP 6953 Lithium.100
UDP 8012 Ptakks.217
UDP 10067 PortalOfDoom.100
UDP 10167 PortalOfDoom.100
UDP 10666 Ambush.100
UDP 11225 Cyn.100, Cyn.103, Cyn.120
UDP 11306 Noknok.800, Noknok.820
UDP 12389 KheSanh.210
UDP 12623 Buttman.090, Buttman.100
UDP 12625 Buttman.100
UDP 14100 Eurosol.100
UDP 23476 DonaldDick.155
UDP 26274 Delta.050
UDP 27184 Alvgus.100
UDP 28431 Hack'a'Tack.2000
UDP 28432 Hack'a'Tack.2000
UDP 28433 Hack'a'Tack.2000
UDP 28434 Hack'a'Tack.2000
UDP 28435 Hack'a'Tack.2000
UDP 28436 Hack'a'Tack.2000
UDP 29891 Unexplained.100
UDP 30103 NetSphere.131
UDP 31320 LittleWitch.400, LittleWitch.420
UDP 31337 BackOrifice.120, OPC.200
UDP 31416 Lithium.100, Lithium.101
UDP 31789 Hack'a'Tack.100, Hack'a'Tack.112
UDP 31791 Hack'a'Tack.100, Hack'a'Tack.112
UDP 33333 Blackharaz.100
UDP 47262 Delta.050
UDP 49683 HolzPferd.210
UDP 60000 MiniBacklash.100

Monday, August 11, 2008

All About Trojan

What is a trojan?
A trojan horse could be either:
a) Unauthorized instructions contained within a legitimate program. These instrcutions perform functions unknown to (and probably unwanted by) the user.
b) A legitimate program that has been altered by the placement of anauthorized instructions within it. These instructions perform functions unknown to (and probably unwanted by) the user.
c) Any program that appears to perform a desirable and necessary function but that (because of unauthorized instructions within it) performs functions unknown to (and probably unwanted by) the user.

Under a restricted environment (a restricted Unix shell or a restricted Windows computer), malicious trojans can't do much, since they are restricted in their actions. But on a home PC, trojans can be lethal and quite destructive.

Why the name 'trojan horse'?
In the 12th century B.C., Greece declared war on the city of Troy. The dispute erupted when the prince of Troy abducted the queen of Sparta and declared that he wanted to make her his wife, which made the Greeks and especially the queen of Sparta quite furious.

The Greeks gave chase and engaged Troy in a 10-year war, but unfortunately for them, all of their efforts went down the drain. Troy was simply too well fortified.

In a last effort, the Greek army pretended to be retreating, leaving behind a hude wooden horse. The people of Troy saw the horse, and, thinking it was some kind of a present from the Greeks, pulled the horse into their city, without knowing that the finest soldiers of Greece were sitting inside it, since the horse was hollow.

Under the cover of night, the soldiers snuck out and opened the gates of the city, and later, together with the rest of the army, killed the entire army of Troy.

This is why such a program is called a trojan horse - it pretends to do something while it does something completely different, or does what it is supposed to be and hides it's malicious actions from the user's prying eyes.

During the rest of this text, we will explain about the most common types of trojan horses.

Remote Administration Trojans
These trojans are the most popular trojans now. Everyone wants to have them trojan because they let you have access to your victim's hard drive, and also perform many functions on his computer (open and close his CD-ROM drive, put message boxes on his computer etc'), which will scare off most computer users and are also a hell lot of fun to run on your friends or enemies.

Modern RAT'S (remote administration trojans) are very simple to use. They come packaged with two files - the server file and the client file (if you don't know which is which, look for a help file, a FAQ, a readme or instructions on the trojan's homepage). Just fool someone into runnig the server file and get his IP and you have FULL control over his/her computer (some trojans are limited by their functions, but more functions also mean larger server files. Some trojans are merely ment for the attacker to use them to upload another trojan to his target's computer and run it, hence they take very little disk space). You can also bind trojans into other programs which appear to be legitimate.

RAT'S have the common remote access trojan functions like:
keylogging (logging the target's keystrokes (keyboard functions) and sometimes even interfering with them, thus being able to use your keyboard to type instead of the target and say weird things in chatrooms or scare the hell out of people), upload and download function, make a screenshot of the target's monitor and so on.

Some people use the trojans for malicious purposes. They either use them to irritate, scare or harm their enemies, scare the hell out of their friends or enemies and seem like a "super hacker" to them, getting information about people and spying on them or just get into people's computers and delete stuff. This is considered very lame.

There are many programs out there that detects the most common trojans (such as Nemesis at blacksun.box.sk, which also detects people trying to access your computer), but new trojans are released every day and it's pretty hard to keep track of things.

Trojans would usually want to automatically start whenever you boot-up your computer. If you use Windows, you can get b00tm0n from blacksun.box.sk (note: at the time this tutrial was released, b00tm0n was not ready yet, but it should be ready some time before year 2,000, so if you're reading this after Y2K, b00tm0n should probably be available at blacksun.box.sk). Under Unix, we suggest getting some sort of an IDS (Intrusion Detection System) programs to monitor your system.

Most Windows trojans hide from the Alt+Ctrl+Del menu (we havn't seen any Unix program that had the ability to hide itself from the processes list yet, but you can never know - one day someone might discover a way to do so. Hell, someone might have already did). This is bad because there are people who use the task list to see which process are running. There are programs that will tell me you exactly what processes are running on your computer (such as Wintop, which is the Windows version of the popular Unix program called top). Some trojans, however, use fake names and it's a little harder for certain people to realize that they are infected.

Also, some trojans might simply open an FTP server on your computer (usually NOT on port 21, the default FTP port, in order to be less noticable). The FTP server is, of course, unpassworded, or has a password which the attacker has determined, and allows the attacker to download, upload and execute files quickly and easily. For more info about FTP servers and FTP security, read our FTP security tutorial at blacksun.box.sk.

How RATs work
Remote administration trojans open a port on your computer and bind themselves to it (make the server file listen to incoming connections and data going through these ports). Then, once someone runs his client program and enters the victim's IP, the trojan starts receiving commands from the attacker and runs them on the victim's computer.

Some trojans let you change this port into any other port and also put a password so only the person that infect this specific computer will be able to use the trojan. However, some of these password protections can be cracked due to bugs in the trojan (people who program RATs usually don't have much knowledge in the field of programming), and in some cases the creator of the trojan would also put a backdoor (which can be sometimes detected, under certain conditions) within the server file itself so he'll be able to access any computer running his trojan without the need to enter a password. This is called "a backdoor within a backdoor".

The most popular RATs are Netbus (because of it's simplicity), BO (has many functions and hides itself pretty good) and Sub7 (lots of functions and easy to use). These are all Windows RATs.

If you havn't done so already, it is advised to get some RAT and play around with it, just to see how the whole thing works. Using RATs for legitimate purposes
Some people use RATs to remotely administer computers they are allowed to have access to. This is all good and fine, but anyway, you should always be careful while working with RATs. Make sure you have legal access and the right to remotely administer a computer before using a RAT on it.

Password Trojans
Yes, password trojans. Password trojans scour your computer for password and then send them to the attacker or the author of the trojan. Whether it's your Internet password, your Hotmail password, your ICQ password or your IRC passwords, there is a trojan for every passsword. These trojans usually send the information back to the attacker via Email.

Priviledges-Elevating Trojans
These trojans would usually be used to fool system administrators. They can either be binded into a common system utility or pretend to be something unharmful and even quite useful and appealing. Once the administrator runs it, the trojan will give the attacker more priviledges on the system. These trojans can also be sent to less-priviledges users and give the attacker access to their account.

Keyloggers
These trojans are very simple. They log all of your keystrokes (including passwords), and then either save them on a file or Email them to the attacker once in a while.

Keyloggers usually don't take much disk space and can masquerade as important utilities, thus making them very hard to detect. Some keyloggers can also highlight passwords found in text boxes with titles such as 'enter password' or just the word password somewhere within the title text.

Destructive Trojans
These little fellows do nothing but damaging your computer. These trojans can destroy your entire hard drive, encrypt or just scramble important files and basically make you feel very unpleasent. I wouldn't want to bump into one in a dark alley.

Some might seem like joke programs, while they are actually tearing every file they encounter to pieces.

Joke Programs
Joke programs are nice, cute and unharmful. They can either pretend to be formatting your hard drive, sending all of your passwords to some evil cracker, self-destructing your computer, turning in all information about illegal and pirated software you might have on your computer to the FBI etc'. They are certainly no reason to worry about (except if you work in tech support, since unexperienced computer users tend to get scared off pretty easily by joke programs.

Protecting Yourself Against Trojans
Under Unix
If you are working on your PC, DO NOT work as root! If you run a trojan as root, you can endanger your entire system! The whole point in multi-users on a single-user system is limiting yourself in such cases (or in case you want to prevent yourself from doing anything stupid). Switch to root only when you NEED root, and when you know what you're running. Also, remember that even if you're working on a restricted environment, you still put the passwords and files you still have access to to risk. Also, if someone has a keylogger on your system, and you type in some passwords (especially the root password), they will be logged!

Also, DO NOT download any files from untrusted sources (small websites, underground websites, Usenet newsgroups, IRC etc'), even if it comes in the form of source code.

Under Windows
Windows is a whole lot different in this aspect. Limiting yourself under Windows is quite an annoyance. It is almost impossible to work like that, in comparison to Unix.

Also, make sure you don't run any untrusted software. There are much more evil Windows trojans for Windows than Unix, since people are more motivated to write trojans for Unix (because of all the security Unix imposes). Also, when running on a restricted Windows environment, you cannot just act like you're so protected and all. Remember that people can still steal passwords owned by the restricted user, and also, some trojans can break into administrator priviledges and then compromise your entire system, since Windows imposes such lame security.

Oh, and one last tip - you should try to download and use at least some of the types of trojans listed above, so you could get to know them better and be able to remove them in case you get infected.

Tuesday, August 5, 2008

What is Social Engineering?

what is social engineering?
Basically, social engineering is the art and science of getting somebody to comply with your wishes. It is not a form of mind control, it will not allow you to get people to perform tasks wildly outside their normal behaviour and it is far from foolproof.

It also involves a lot more than simply quick thinking and a few selective accents. Social engineering can involve a lot of groundwork. Like normal hacking, Social engineering needs prior preparation, and the majority of the work goes into this, rather than the actual attempt it self.

Social engineering concentrates on the weakest link of the computer security chain, humans. It is often said that the only secure computer is an unplugged one, even this comment is untrue. It is possible that you could talk somebody into plugging it in and switching it on.

It is also important to note that the human link in the security chain, is the most important one. There is not one computer system in the world that don't exist with out human interaction, and unlike a normal exploit, this vulnerability is universal, independent of platform, software, network or hardware.

Anybody with access to the system physically or electronically is a possible threat. This means that even people not normally included in a security policy could be involved.

It is impossible to obscure the fact that humans use the system or that they can influence it, because as I stated before, there isn't a computer system in the world that does not use human interaction as a part of it.

Almost every human has the skills to attempt social engineering, the only difference is the amount of skill used when making use of these tools.

Some of the tools are going to be explained below here, and we make note that these are not foolproof skills, and that common sense is the most important tool that you will ever have.

The first "skill" and most obvious is simply a direct request, where the individual is asked to complete your task directly. Although least likely to succeed, this is the easiest and most straightforward method. The individual knows exactly what you want them to do.

The second is to create a fake situation, which the individual is simply a part of. With more factors than the individual concerned it is more likely that you will succeed, because you create reasons for compliance other than simply personal ones. This involves far more work for the person making the attempt at persuasion, and most certainly involves gaining extensive knowledge of the 'target'. This also does not mean that the whole social engineering operation needs to be all lies, the best operation will be one where the facts are more truthful than lies.

One of the essential tools used for social engineering is a good memory for gathered facts. This is something that hackers and sys-admins excel in, especially in there own field of expertise.

Another thing that you can use against somebody is the notation of conformity. It is possible to make somebody to "conform" with the group, even if they know that the decision is wrong, eg. Have you ever been in an assembly/class and the teacher asks a question, eg. Who here has smoked before? When the majority of the class puts their hand up the odd others that haven't tentivally put their hands up so that they do not get looked down upon by their peers.

That is just an example of the extent that people will go to just so that they don't loose face with the friends/ work companions.

Using situations where the person is more likely to go with the flow is a effective way to social engineer them.

However most social engineering attempts are done by lone individuals and so the social pressure and other influencing factors to be constructed by creating a believable situation that the target feels emersed in are less effective.

If the situation, real or imaginary has certain characteristics then the individual is more likely to comply with your requests. Following this paragraph they are listed.

Diffusion of responsibility away from the target individual. This is when the individual believes that they are not solely responsible for their actions.

A chance for imagination. Compliance is more likely to occur if the individual believes that by complying that they are ingratiating themselves with someone who may give them future benefits. Getting on the good side of the boss is surely going to have some benefits hey?

Moral duty. This is where the target complies because they believe that it is there moral duty to. Part of this is guilt. People prefer to avoid guilty feelings and so if there is a chance that they will feel guilty they will if possible avoid this outcome.

On a personal level there are methods used to make a person more likely to cooperate with you. The aim of persuasion is not to force people to complete your tasks, but enhance their voluntary compliance with your requests.

Basically the target is simply being guided down the garden path,:P. The target believes that they have control of the situation, and that they are exercising their power to help you out.

The fact that the benefits that the person will gain from helping you out have been invented is irrelevant. The target believes they are making a reasoned decision to exchange these benefits for a small loss of their time and energy.

CO-OPERATION
There are several factors, which if present will increase the chances of a target co-operating with a social engineer.

The less conflict the better. Co-operation will be readily gained when the softly-softly approach is used. Pulling rank, annoyance or orders rarely work for effective persuasion.

Psychological research has also shown that people are more likely to comply with your wishes if you have dealt with the same person before. Before trying the 'big hit' try requesting smaller and more reasonable requests. This way they will be more compliant to your needs.

When attempting a social engineering hack, the more sensory detail you can provide to the target is better. A person would be more compliant to your needs if they can See and smell you as well as speak to you, it is often difficult to get some one to comply with just a simple phone call. However these days the possibilities are great because of the fact that so many businesses are on the net. Another point I am going to make is that it is often impossible to persuade somebody using ASCII chat or e-mail. Ever tried Social Engineering some one on IRC?

The main thing I can tell you is don't try Social engineering people with higher authority than the made up person you are using, for instance, don't try to Social engineer the sys admin as we all know he's more competent than you are, Especially on his own network.

Remember before attempting to social engineer somebody, you have to do some info searching on that particular person. I have known people to read over people's shoulder when a person was typing on the phone just to gain knowledge on the targets lifestyle and friends. Another aspect of what people will go to just to find out information on people is to watch as they type in their Credit card and ATM pin numbers. Some even go to the extent as to watch from windows across the road with binoculars to see these numbers being punched.

Ever sat in computer class and called to your teacher to type in some sort of password, which you conveniently watch over his fingers on the keyboard as he punches in this innocent request. This is the sort of ways social engineering can be taken into life, I have often used skills described in this tutorial just to nock down prices on goods at a local market.

When looking for information on a Target, you want to consider going Dumpster diving, or trashing as it is sometimes called. On these outings remember to take a sturdy pair of shoes, gloves and a torch (preferably with red filter), Bolt cutters may come in handy too! Oh and remember to cover yourself up! In these outings you can often find employee names, phone numbers, account details, amongst the mounds of IT treasures.

One technique to use on a target is to pretend you're an employee of another company doing surveys for a hardware company, if you choose to follow this line of attack, have the questions lined up, and make sure you take time as if you were writing down their reply's.

Any information gained from these phone calls can be used, Information on the companies firewalls, routers or servers could be used for further attack on the companies Website.

So now you have some of the skills that it takes to become a good social engineer, but remember like I said at the start of this tutorial, the most important tool of common sense out weighs any of the skills in this text.

Even major companies can be social engineered, an example of this is an AOL employee who was having a Tech support session, during which the hacker mentioned he had a car for sale, at a very good price, and the techie was interested. Of course the hacker sent the techie a pic of car, binded to the jpg was a trojan, which enabled the hacker to get into the internal network.

So remember anything is possible with the right incentive, you just have to please the person's senses.

Tips And Tricks

Some Tips And Tricks For Your Windows XP

STOP NOISE IN COPYING AUDIO CD
When using 3rd party burning software (eg, Nero Burning Rom) to copy audio CD,some noise may be heard at the end of each track. To prevent this,try the following method:
1. Enter System Properties\device manager
2. Select IDE ATA/ATAPI controllers
3. Double click on thee CD writer IDE channel
4. Select advance setting
5. Change the transfer mode to 'PIO Only'
6. Restart Computer

DISABLING THE 'UNSIGNED DRIVER' DIALOGS
This option wll disable the screen wich keeps popping up when you try to install 'digitally unsigned drivers'. Normally you can choose to continue the install anyways, but I have had situations where you cannot continue the install.. very annoying.. This is how to fix it:
Click Start - Run
then type: gpedit.msc
then hit enter.
Browse the folder tree to the following location:
User Configuration - Administrative Templates - System
now right-click Code signing for Device drivers and select Properties.
On the Settings tab, either select
- enable, and then select ignore from the appearing listbox..
- or click the disable option. Click apply and Ok and your set!
Alternatively especially for XP Home users:
Open "System" properties (Windows key + pause or Right click 'My Computer' - properties or Control Panel - System).On the Hardware tab click the "Driver Signing" button. In the dialogue that comes up choose "Ignore" to install the new driver anyway.

DMA MODE ON IDE DEVICES VIEWS
Just like Windows 2000, Windows XP still fails to set the DMA mode correctly for the IDE device designated as the slaves on the primary IDE and secondary IDE channels. Most CD-ROMS are capable of supporting DMA mode, but the default in XP is still PIO. Setting it to DMA won't make your CD-ROM faster, but it will consume less CPU cycles. Here's how:
1. Open the Device Manager. One way to do that is to right click on "My Computer", select the Hardware tab, and Select Device Manager.
2. Expand "IDE ATA/ATAPI Controllers" and double-click on "Primary IDE Channel"
3. Under the "Advanced Settings" tab, check the "Device 1" setting. More than likely, your current transfer mode is set to PIO.
4. Set it to "DMA if available".
Repeat the step for the "Secondary IDE Channel" if you have devices attached to it. Reboot.

RESTORING MEDIA PLAYER
To restore Windows Media Player insert the the XP CD into the CD drive (if it autostarts click exit). Open a command window and type the following :
rundll32.exe setupapi,InstallHinfSection InstallWMP7 132 c:\windows\inf\wmp.inf

RESTORING ACCESS TO CD ROM'S
If you removed CD Burning software, or for some other mystical reason, can not longer access your CD ROM's, in most cases following registry keys needs to be deleted: Locate and delete the UpperFilters and LowerFilters values under the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}

DELETING THE INDEX.DAT
Del "C:\Documents and Settings\aeon\Local Settings\Temporary Internet Files\Content.IE5\index.dat"

CONTROL PANEL ON THE DESKTOP.
On The Desktop, Right Click Your Mouse Then Choose "New | Folder". Name The Folder As "ControlPanel. {21EC2020-3AEA-1069-A2DD-08002B30309D}" Without The "Quote Things. And Now You Can Access The Control Panel More Faster Then Before.

CHANGING INTERNET EXPLORER ICON NAME.
Open Registry Editor Then Go To : "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID". You Can See A Few Key Below It.

Now Go To This Key {871C5380-42A0-1069-A2EA-08002B30309D}, Double Click At The Default Value On The Right, Enter Whatever Name You Like.

REMOVING USERNAME IN THE STARTMENU
Open Registry Editor Then Go To : "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer".
On The Right, Make A New Entry With Right Click On Your Mouse Then Choose "New | DWORD Value" Change The Entry's Name Into "NoUserNameInStartMenu", Double Click In The New Entry And Fill The "Value Data" With "1". Press OK, Exit From The Registry Editor. Restart Your Computer.

INTERNET EXPLORER LIGHTING-FAST STARTUP.
Isn't it annoying when you want to go to a new website, or any other site but your homepage, and you have to wait for your 'home' to load? This tweak tells Internet Explorer to simply 'run', without loading any webpages. (If you use a 'blank' page, that is still a page, and slows access. Notice the 'about:blank' in the address bar. The blank html page must still be loaded..). To load IE with 'nothing' [nothing is different than blank]:
1. Right-click on any shortcut you have to IE
[You should create a shortcut out of your desktop IE icon, and delete the original icon]
2. Click Properties
3. Add ' -nohome' [with a space before the dash] after the endquotes in the Target field.
4. Click OK
Fire up IE from your modified shortcut, and be amazed by how fast you are able to use IE!

INTERNET EXPLORER SPEED UP.
Edit your link to start Internet Explorer to have -nohome after it. For Example: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
This will load internet explorer very fast because it does not load a webpage while it is loading. If you want to go to your homepage after it is loaded, just click on the home button.

SPEED UP BROWSING WITH DNS CATCH.
when you connect to a web site your computer sends information back and forth, this is obvious. Some of this information deals with resolving the site name to an IP address, the stuff that tcp/ip really deals with, not words. This is DNS information and is used so that you will not need to ask for the site location each and every time you visit the site. Although WinXP and win2000 has a pretty efficient DNS cache, you can increase its overall performance by increasing its size. You can do this with the registry entries below:
************begin copy and paste***********
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]
"CacheHashTableBucketSize"=dword:00000001
"CacheHashTableSize"=dword:00000180
"MaxCacheEntryTtlLimit"=dword:0000fa00
"MaxSOACacheEntryTtlLimit"=dword:0000012d
************end copy and paste***********
make a new text file and rename it to dnscache.reg. Then copy and paste the above into it and save it. Then merge it into the registry.

START IEXPLORER WITH EMPTY BLUE SCREEN.
Set your default page to about:mozilla and IE will show a nice blue screen upon startup.

SPEED UP DETAILED VIEW IN WINDOWS EXPLORER.
If you like to view your files in Windows Explorer using the "Details" view here is a tweak to speed up the listing of file attributes: Viewing files in Windows Explorer using the "Details" mode shows various attributes associated with each file shown. Some of these must be retrieved from the individual files when you click on the directory for viewing. For a directory with numerous and relatively large files (such as a folder in which one stores media, eg: *.mp3's, *.avi's etc.)

Windows Explorer lags as it reads through each one. Here's how to disable viewing of unwanted attributes and speed up file browsing:
1. Open Windows Explorer
2. Navigate to the folder which you wish to optimize.
3. In "Details" mode right click the bar at the top which displays the names of the attribute columns.
4. Uncheck any that are unwanted/unneeded.
Explorer will apply your preferences immediately, and longs lists of unnecessary attributes will not be displayed. Likewise, one may choose to display any information which is regarded as needed, getting more out of Explorer.

WEB PAGES SLOWS DOWN, FIX.
The tweak is simple. Beside the QoS and others around the Internet for the new XP OS, I found out that native drivers sometimes slow you down (cable and xDSL users). So if you have applied all tweaks and you are still having slow downs try reinstalling your NICs drivers. The difference is noticeable. My web pages now load almost instantly where they used to take even a minute!

FIX IE 6 SLOWDOWNS AND HANGS.
1. Open a command prompt window on the desktop (Start/Run/command).
2. Exit IE and Windows Explorer (iexplore.exe and explorer.exe, respectively, in Task Manager, i.e - Ctrl-Alt-Del/Task Manager/Processes/End Process for each).
3. Use the following command exactly from your command prompt window to delete the corrupt file:
C:\>del "%systemdrive%\Documents and Settings\%username%\Local
Settings\Temporary Internet Files\Content.IE5\index.dat"
4. Restart Windows Explorer with Task Manager (Ctrl-Alt-Del/Task Manager/Applications/New Task/Browse/C:\Windows\explorer.exe[or your path]) or Shutdown/Restart the computer from Task Manager.

SPEED UP WEB BROWSING.
Iv'e personally found a dramatic increase in web browsing after clearing the Windows XP DNS cache. To clear it type the following in a command prompt: ipconfig /flushdns.

ALLOW MORE THAN 2 SIMULTANEOUS DOWNLOADS ON IEXPLORER 6.
This is to increase the the number of max downloads to 10.
1. Start Registry Editor (Regedt32.exe).
2. Locate the following key in the registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
3. On the Edit menu, click Add Value , and then add the following registry values:
"MaxConnectionsPer1_0Server"=Dword:0000000a
"MaxConnectionsPerServer"=Dword:0000000a
4. Quit Registry Editor.

IPV6 INSTALLATION FOR WINDOWS XP.
This protocol is distined to replace the Internet Protocal Version 4 used by Internet Explorer it uses hexadecimal ip addresses instead of decimal example (decimal ip 62.98.231.67) (hexadecimal IP 2001:6b8:0:400::70c)
To install To install the IPv6 Protocol for Windows XP:
Log on to the computer running Windows XP with a user account that has local administrator privileges. Open a command prompt. From the Windows XP desktop, click Start, point to Programs, point to Accessories, and then click Command Prompt. At the command prompt, type: ipv6 install
For more information on IPv6, visit the site below:
CODE
http://www.microsoft.com/windowsxp/pro/techinfo/administration/ipv6/default.asp

ANOTHER WAY TO FIX IEXPLORER 6 SLOW PAGES LOADED.
Here's an easier way to get to index.dat file as addresse in another tweak submitted here.
1. click on Internet Explorer
2. go to to your root dir (usually C:)
3. open Documents and Settings folder
4. open "your username folder"
5. open UserData
6. **close IE if you have it open**
rename index.dat to index.old
logoff and log back on (don't need to restart) open up IE and go to a web page or site that always seemed to load slowly. It should load a lot more quickly now. NOTE. Always rename or backup .dat or other system files before deleting.

EASY WAY TO ADD THE ADMINISTRATOR USER TO THE WELCOME SCREEN.
Start the Registry Editor Go to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ SpecialAccounts \ UserList \
Right-click an empty space in the right pane and select New > DWORD Value Name the new value Administrator. Double-click this new value, and enter 1 as it's Value data. Close the registry editor and restart.

DRIVE ICONS.
To set the icon of any drive (hard disk, cd rom or anything else) with a letter (C:\ etc.), run REGEDIT (Start -> Run -> regedit)
Navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
If one doesn't already exist, create a new KEY called "DriveIcons". Under this key, create a new key with the letter of your drive. I.e. C for your C:\ drive.
To change the icon for that drive, create a key inside that one called DefaultIcon and set the path of (Default) to the location of your icon
eg C\DefaultIcon\ then (Default) = D:\Documents\C Drive Icon.ico
To change the name of that drive, create a key in the drive letter one (eg C\) called DefaultLabel and set the (Default) to what you want the drive to be called. This is useful if you want to assign a long name to the floppy drive.

CHANGING OEM REGISTRATIONS.
Have you used someone's new Hewlet Packard with their OEM version of Windows XP? You've seen that HP has their own icon in the Start Menu, underneath Run, that goes to their Help Site. Now, you can have your icon that does anything you want (website, program, etc) and says anything you want. Basically, you are "branding" Windows XP (Home or Pro), great for if you are a computer builder and sell them, or you just want to make Windows XP your own. It involves Regedit.
1. Start up Notepad and creat a new registry file (*.reg) and copy and paste the following into it:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0}]
@="YOUR COMPANY NAME"
[HKEY_CLASSES_ROOT\CLSID\{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIcon]
@="YOUR ICON HERE"
00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,68,00,70,00,6c,00,69,00,\
6e,00,6b,00,2e,00,69,00,63,00,6f,00,00,00
[HKEY_CLASSES_ROOT\CLSID\{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
64,00,6f,00,63,00,76,00,77,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0}\Instance]
"CLSID"="{3f454f0e-42ae-4d7c-8ea3-328250d6e272}"
[HKEY_CLASSES_ROOT\CLSID\{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0}\Instance\InitPropertyBag]
"CLSID"="{13709620-C279-11CE-A49E-444553540000}"
"method"="ShellExecute"
"Command"="YOUR TITLE HERE"
"Param1"="YOUR FUNCTION HERE"
[HKEY_CLASSES_ROOT\CLSID\{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0}\shellex]
[HKEY_CLASSES_ROOT\CLSID\{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0}\shellex\ContextMenuHandlers]
[HKEY_CLASSES_ROOT\CLSID\{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0}\shellex\ContextMenuHandlers\{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0}\shellex\MayChangeDefaultMenu]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder]
"Attributes"=dword:00000000
2. Edit where it says YOUR ICON HERE to a path to an icon (ex. c:\\icon.ico), it must be 24x24 pixels and in *.ico format. Use double back slash for path names.
3. Edit both places where it says YOUR TITLE HERE to what you want it to say in the Start Menu (ex. Elranzer Homepage).
4. Edit where it says YOUR FUNCTION here to what you want it to do when you click it, it can be anything... your website, a local HTML document, a program, a Windows funtion, whatever your imagination can provide (ex. http://www.shareordie.com).
5. Save this file as brand.reg, double-click it to enterin your information, and refresh Explorer (log off/on) to see it in the Start Menu!! This works in both Home and Professional (and probably 64-Bit Professional) Editions!

ORIGINAL WALLPAPERS.
This is more of a fun tweak than it is useful. Go to run, type regedit press ok. when that comes up go to HKEY_CURRENT_USER>Control Panel>Desktop
Now find the orginalwallpaper, right click and select modify.In the text box type the path to the file you want to be your orginal desktop wallpaper.

DELETING My eBooks AND SPECIALS FOLDER IN MY DOCUMENTS.
Click Start, then Run and type: regsvr32 /u mydocs.dll
then delete them.

DISABLE WINDOWS PICTURE AND FAX VIEWER.
By default, Windows XP opens all picture files (gif,jpg,...) with the included Windows Picture and Fax Viewer no matter what other picture viewers you have installed. To disable the Windows Picture and Fax Viewer, unregister shimgvw.dll. This can be done from command prompt: regsvr32 /u shimgvw.dll

REMOVE PAST ITEMS ICONS IN TASKBAR.
Some times When you check your TasKbar properties or when you hide or unhide icons you can see old icons from Uninstalled or old programs you dont have anymore. This Tweak will help you how to get rid of this problem Thanks to leobull of Xperience.or How To clear the Past Items or Icons list in the TaskBar, perform the following steps:
1.Open Regedit Navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify
2.Delete the IconStreams and PastIconsStream values
3.Open Task Manager, click the Processes tab, click Explorer.exe , and then click End Process .
4.In Task Manager, click File , click New Task , type explorer , and then click OK .

LOCKING COMPUTERS.
To lock a computer in XP, as you probably know, you press "L" while holding down "Windows Logo" key on your keyboard. However, if you would like to lock a computer remotely, for example via "Remote Administrator", you don't have this ability. What you can do instead, is to create a shortcut on remote computer's desktop where Target %windir%\System32\rundll32.exe user32.dll,LockWorkStation Start In %windir%

ADMINISTRATOR IN WELCOME SCREEN.
When you install Windows XP an Administrator Account is created (you are asked to supply an administrator password), but the "Welcome Screen" does not give you the option to log on as Administrator unless you boot up in Safe Mode.
First you must ensure that the Administrator Account is enabled:
1 open Control Panel
2 open Administrative Tools
3 open Local Security Policy
4 expand Local Policies
5 click on Security Options
6 ensure that Accounts: Administrator account status is enabled Then follow the instructions from the "Win2000 Logon Screen Tweak" ie.
1 open Control Panel
2 open User Accounts
3 click Change the way users log on or log off
4 untick Use the Welcome Screen
5 click Apply Options
You will now be able to log on to Windows XP as Administrator in Normal Mode.

BUGFIXES.
This is a strange bug in Windows XP Pro but it can and does happen to everyone. When you open the My Computer screen and your Documents folder is missing but all the other users folders are there try this tweak.
STEP 1:
START > RUN > REGEDIT > HKEY_LOCAL_MACHINE / Software / Microsoft / Windows / Current Version / Explorer / DocFolderPaths
Once you click the DocFolderPaths folder you should see all the user's folders.
STEP 2:
Add a new string value
Value Name: your user name
Value Data: the path to your docs folder ( ex. C:\Documents and Settings\your docs folder )
Exit Registry editor and open my computer, your docs folder should now be visable.

MOUSE POINTERS.
It seems that even without pointer precision disabled, the mouse under XP is still influenced by an acceleration curve. This is especially noticeable in games. To

completely remove mouse acceleration from XP, you will need to go into the registry and adjust the SmoothmouseXYCurve values. Here is how its done.
1. Click Start button
2. Select Run
3. Type 'regedit' in the open textbox
4. Open the tree 'HKEY_CURRENT_USER', select control panel, then select mouse
5. Right clicking, modify the SmoothMouseXCurve and SmoothMouseYCurve hexidecimal values to the following:
SmoothMouseXCurve:
00,00,00,00,00,00,00,00
00,a0,00,00,00,00,00,00
00,40,01,00,00,00,00,00
00,80,02,00,00,00,00,00
00,00,05,00,00,00,00,00
SmoothMouseYCurve:
00,00,00,00,00,00,00,00
66,a6,02,00,00,00,00,00
cd,4c,05,00,00,00,00,00
a0,99,0a,00,00,00,00,00
38,33,15,00,00,00,00,00
If done correctly, you will notice you are holding a markedly more responsive mouse.

HIDDEN WINDOWS XP ICONS.
Windows XP Pro and Home contains icons for folders and files that cannot normally be seen, you can select to view hidden files from the folder options menu, but there are still some that remain hidden.
You can set windows to view these files as normal hidden files, so that when you use the view hidden files and folders toggle from the folder options menu that these will be turned on/off along with the normal hidden files.
These files are usually system files and should not be altered/deleted unless you really know what you are doing, if you don't yet still wish to change them I might suggest that you create back-ups of your system first.
I will personally accept no responsibility for any damage caused by using this tweak. To view the hidden files you need to open up regedit, if you are not sure how to do this, select run from the start menu and type in 'regedit' without the apostrophe's. In the regedit window, expand out the groups by clicking on the '+' next to the name in the left hand column of regedit, and navigate to the below address.
HKEY_CURRENT_USER \SOFTWARE \MICROSOFT \WINDOWS \CURRENTVERSION \EXPLORER \ADVANCED
when you have clicked the advanced folder on the left pane, look down the list at the titles in the right hand pane, one of those titles is 'ShowSuperHidden'
double click the title and in the window that appears set the value to equal 1 to show the super hidden files and 0 to hide them.

XP HOME ADVANCED FILE PERMISSIONS.
This is actually an addition to my previous post entitled "Get XP Pro file security with XP Home". In the aforementioned post I outlined how to access
*Advance file Permissions* on NTFS file systems for XP Home simply by booting into *Safe Mode*, rt-clicking any file or folder, and navigating to the *Security tab*. This gives the user the ability to allow or deny read, write, execute, read & write, display contents, full-control, iheritance, and take ownership permissions, with many more options available to apply to different users and groups stored on the computer. Well, you don't have to do this in *Safe Mode* (XP Home). Although it is a little less intuitive, you can simply go to your command prompt - Start>All Programs>Accessories>Command Prompt. Now type "cacls" in the window (without the quotes). This gives you the ability to add, remove or modify file permissions on files and folders through the command prompt. Type "cacls /?" for help on different options and variables. You do not need to be in safe mode to use this so it makes it a little quicker than using the safe mode security tab GUI. Remember - this only applies to NTFS. Here also is a very useful link to find a lot of extras and tweaks straight from the horse's mouth - the Microsoft Resource Center. You will find a lot of very useful web-based extra's here, most of them left unknowing to the general public - such as, "Online Crash Analysis" - a site that looks like Windows Update but you can upload your crash "dump logs" (when you get those system or application crash error reports). Microsoft will then analyze the log file and tell you some more info about WHY the system crashed (ie. faulty hardware/software/conflicts, etc).

FLASHGET :BYPASSING 8 MAX SIMULTANEOUS JOBS.
Users of Flash get will notice that the maximum number of file splits is 8. This number can be increased by the tweak below:
1. Run regedit.
2. Navigate to [HKEY_CURRENT_USER\Software\JetCar\JetCar\General\]
3. Right Click -> Add String Value.
4. Name as MaxSimJobs -> Set the value as what ever number you want.
After a restart you should be able to download with more file splits.

OUTLOOK EXPRESS WINDOWS TITLE TWEAKS.
Change the window title of Outlook Express to anything you want!
In regedt32 and navigate to HKEY_CURRENT_USER\Identities\{EE383506-901D-43C6-8E40-9A61901DF7CC}\Software\Microsoft\Outlook Express\5.0. Add a new string key called WindowTitle and make its value the desired window title. Then close the registry editor, and restart Outlook Express (if it's running.) Your new title now shows up in the title bar!

WINDOWS MEDIA PLAYER 9.
When installing WMP 9 it leaves a watersign on your desktop. You can easily remove this with: regedit:
HKey_Local_Machine\SOFTWARE\microsoft\system certificates\CA\certificates\FEE449EE0E3965A5246F00E87FDE2A065FD89D4
HKey_Local_Machine\software\microsoft\system certificates\ROOT\certificates\2BD63D28D7BCD0E251195AEB519243C13142EBC3
Remove both lines and restart computer.

CHANGING THE WINDOWS MEDIA PLAYER TITLEBAR.
This is a per-user tweak. Open RegEdit.
Browse to the following key:
HKEY_USERS\S-1-5-21-xxxxxxxxx-xxxxxxxxx-xxxxxxxxxx-xxxx\Software\Policies\Microsoft\WindowsMediaPlayer
(the x's will vary from computer to computer , it's the key without the "_Classes" at the end) Create the following String, "TitleBar" , the value of this will now become the TitleBar of Windows Media Player.

AUTO DELETE TEMPORARY FOLDER.
First go into gpedit.msc
Next select -> Computer Configuration/Administrative Templates/Windows Components/Terminal Services/Temporary Folder
Then right click "Do Not Delete Temp Folder Upon Exit"
Go to properties and hit disable. Now next time Windows puts a temp file in that folder it will automatically delete it when its done! Note from Forum Admin: Remember, GPEDIT (Group Policy Editor) is only available in XP Pro.

CLEANUP STARTUP ITEMS IN MSCONFIG.
Do you ever uninstall programs and they are still listed under startup items in msconfig? Personally, I found myself with 30 such items from old installs. Microsoft leaves you no way to clean up this list, but have no fear, I have figured it out for you.
1. Open MSconfig and click on the startup items tab
2. Open Regedit and naviate to HKLM/Software/Microsoft/Sharedtools/MSconfig/startupreg
3. Compare the list of registry keys under startup reg with their counterparts in msconfig.
4. Delete the keys which are no longer valid.
5. Voila! You've cleaned up msconfig.

REMOVING SERVICES DEPENDENCIES.
This will allow you to disable a service or uninstall it from your system without effecting another service that depends on it. Here's how you do it
1. After you have set your services the way you want them and you have disabled/uninstalled something that another services depends on, run "regedit"
2. Under HKEY_LOCAL_MACHINE\System\find the service that will not function, do to another service being disabled/uninstall (found in ControlSet001\Services, ControlSet002\Services, and CurrentControlSet\Services)
3. Once you have found the service right-click on the string value, "DependOnService,"and modify
4. You should now see a list of services that it is dependent on. Simply delete the service that you have disabled/uninstalled
5. Restart your computer and your ready to go Disclaimer REMEMBER TO BACKUP YOU REGISTRY FIRST I'm not totaly sure if this will have any negative effects on your system. I used this method after uninstalling "Netbios over Tcpip" from my system completely, so that my Dhcp service would function and I have had NO negative effects on my system.

ANOTHER WAY TO DELETE HIDDEN DEVICES.
You can view and delete or modify hidden devices by:
1. Openning Device Manager. (I usually right-click on My Computer, select Properties, select the Hardware tab, then select Device Manager.)
2. Select View and check "Show hidden devices"
3. Hidden devices will appear below with the others and can be modified.

HOW TO GET "My Briefcase" IN WINDOWS XP.
go to C:\WINDOWS\system32\dllcache. look for a file named "syncapp".
double click it. an icon should appear on your desktop that says "My Briefcase". double click it. it will come up with this window that tells you how to use it.

TURN NUMLOCK ON AT LOGON.
NumLock does not toggle on by default (system-wide), even if you have it set in your PC's BIOS, because of XP's multi-user functionality. Guess Microsoft doesn't know everyone actually turns it on, which should be reason enough for what acts as "default"...
Anyway, you can hack the Windows Registry to change this behavior, or run a script at logon to turn NumLock on.
1. To enable NumLock through the Registry:
* Open Windows' Registry Editor (START > RUN, type "REGEDIT").
*. Navigate to HKEY_USERS\.Default\Control Panel\Keyboard.
*. Change the value for InitialKeyboardIndicators from 0 to 2.
2. To enable NumLock using a script, see this MS Knowledgebase article for complete instructions:
CODE
http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q262625

Option 1 is the quicker method, but if you have more than one user on your system and one or more don't want NumLock on (stranger things have been known of), then option 2 is the way to go since it allows you to only attach the script to specific users.

FREE DISK SPACE BY DELETING RESTORE POINTS.
Start button-all programs-accessories-system tools-cleanup-more options. You will have the option of deleting your restore points.When your done creat one
restore point as a back up.

HOW TO REAL GET RID OF UNNECESSARY SOFTWARE
to uninstall things like msn messenger and other hidden installs thru add remove programs, do this: find sysoc.inf (you might have to enable "show hidden files" and "show hidden/protected system folders" in explorer) and open it in notepad replace all ",hide" with "," (both with out quotes) which is easiest to do with the replace all command under edit then in add/remove programs under add/remove windows compnents and whole new list of things to uninstall and add are now listed (such as internet explorer)

HAVING PROGRAMS RUN WHEN WINDOWS LOADS SLOWS DOWN YOUR STARTUP.
There are two ways do disable programs that may be in your startup (like icq, messanger,) The easiest is to do the following:
1. start --> run --> msconfig
2. Click on the "startup" tab (furthest right)\
3. Unclick any items you don't want to load when windows starts.
The second is by deleting registry entrys, this can be done the following way:
1. Start --> run --> regedit
2. Navigate to : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
3. Delete any entry's that you don't want to load up

TURN OFF INDEXING TO SPEED UP XP.
Windows XP keeps a record of all files on the hard disk so when you do a search on the hard drive it is faster. There is a downside to this and because the computer has to index all files, it will slow down normal file commands like open, close, etc. If you do not do a whole lot of searches on your hard drive then I suggest turnning this feature off:
1. Control Panel
2. Administrative Tools
3. Services
4. Disable Indexing Services

HALF LIFE AND WINDOWS XP.
1. How to recover from incompatible drivers
Before you install new drivers set a system restore point. Start>All programs>Accessories>system tools>system restore
After your new drivers don't work reset your computer. Press F8 repeatedly as soon as the BIOS screen disappears, and before the Windows XP screen appears. Select safe mode. Use system restore again to undo your mess.
2. Video Drivers
The NVidia drivers that come with XP do not allow you to run Half Life in OpenGL. Update to the newest drivers.
Despite the fact that they are not official drivers, 22.50 was the only set which worked
3. Sound Drivers
Use windows update to update Creative drivers.
4. Fixing screen flicker
Windows XP defaults to 60Hz for games. A fix is available here:
CODE
http://www.fileplanet.com/dl/dl.asp?/planetquake/ztn/nvreffix-setup.exe

Select "set: ev ery resolution to monitor's maximum supported rate"
5. Fixing lag
If you are having trouble with lag, try disabling the windows XP firewall. Go to control panel>network connections. Select connection, right click, properties, advanced, untick the firewall.
6. Mouse
You can improve your mouse smoothness for games.
Control panel>mouse>hardware>properties>advanced
Change the sample rate to a higher one, eg. 200

REGISTRY METHOD FOR REMOVING STARTUP ITEMS.
I prefer to use MSCONFIG selective startup to troubleshoot. To remove entries for good, open the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUN and HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RUN
Delete entries of unwanted startup daemons and tray procedures.

DISPLAY MESSAGE ON STARTUP.
Start regedit, if you are unfamiliar with regedit please see our FAQ.
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Modify the key legalnoticecaption with what you want to name the window.
Modify the key legalnoticetext with what you want the window to say. Restart.

REMOVE THE DEFAULT IMAGE VIEWER IN WINDOWS ME/XP.
This tweak works in Windows Me/XP, I have not try it in Windows NT/2000 yet, because i don't have that OS, you can try it if you have.
*This tweak does not work in Windows 95/98
To remove the Windows default Image Viewer, first:
Click Start Menu
Select Run menu
Type "cmd", (for Windows Me, type "command")
Then type "regsvr32 /u shimgvw.dll" to unregister this dll. This will stop it from previewing any picture that it support, e.g. JPEG, Bitmap, GIF....
* Before perform this tweak, make sure that you have the alternative Image Viewer installed in you windows e.g. ACDsee, FireGraphics... because once you do this tweak without that application, you can't open and view your image anymore! So, to undo it, type "regsvr32 shimgvw.dll" in command prompt.

SPEED UP BOOT BY DISABLING UNUSED PORTS.
You may have tried many tweaks like modifying windowsXP start-up applications, prefetches, unload DLLs method,etc. And yes those methods do work for me.
I have just accidentally found out another way to give you an extra boost in windowsXP's boot performance. This is done by disabling your unused devices in
Device Manager. for example, if you don't have input devices that are connected to one of your USBs or COM ports, disabling them will give you an extra perfromance boost in booting. Go to Control Panel -> System -> Hardware tab -> device manager Disable devices that you don't use for your PC and then restart.

CLEAR UNWANTED ENTRIES FROM ADD/REMOVE PROGRAMS.
Run the Registry Editor (REGEDIT).
Open HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Uninstall Remove any unwanted keys under "Uninstall."

CLICKING * .AVI FILES ON EXPLORER CAUSING 100% CPU USAGE.
Well windows seem to have a REALLY big problem when it comes to reading AVI files. It seems that when you click on an AVI file in explorer, it'll try to read the entire AVI file to determine the width,height, etc. of the AVI file (this is displayed in the Properties window). Now the problem with Windows is that if you have a broken/not fully downloaded AVI file that doesnt contain this info, Windows will scan the entire AVI file trying to figure out all these properties which in the process will probably cause 100% CPU usage and heavy memory usage. To solve this problem all you have to do is the following:
1. Open up regedit
2. Goto HKEY_CLASSES_ROOT\SystemFileAssociations\.avi\shellex\PropertyHandler
3. Delete the "Default" value which should be "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"
Voila! Please not that this will no longer provide you with the windows properties displaying the AVI file information such as width, height, bitrate etc. But its a small price to pay for saving you resources.
NOTE: Please use caution when using regedit. Improper usage may cause windows to behave imcorrectly. Also, I cannot be held resposible. Backup your registry first.

CD ROM STOPS AUTOPLAYING/AUTORUN.
And the AutoPlay Tab has disappeared in My Computer, Devices With Removable Storage, Right Click on CDROM, Properties.
Solution: The service: "Shell Hardware Detection" has been set to Manual or Disabled. Go to Control Panel, Administrative Tools, Services. Return this service to "Automatic".

SHUTDOWN XP FASTER 1.
Like previous versions of windows, it takes long time to restart or shutdown windows xp when the "Exit Windows" sound is enabled. to solve this problem you
must disable this useless sound. click start button then go to settings -> control panel -> Sound,Speech and Audio devices -> Sounds and Audio Devices -> Sounds, then under program events and windows menu click on "Exit Windows" sub-menu and highlight it.now from sounds you can select,choose "none" and then click apply and ok. now you can see some improvements when shutting down your system.

SHUTDOWN XP FASTER 2.
Start Regedit.
Navigate to HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control.
Click on the "Control" Folder.
Select "WaitToKillServiceTimeout"
Right click on it and select Modify.
Set it a value lower than 2000 (Mine is set to 200).

EASIEST WAY TO DELETE PREFETCH.
1. Open notepad.exe, type del c:\windows\prefetch\*.* /q (without the quotes) & save as "delprefetch.bat" in c:\
2. From the Start menu, select "Run..." & type "gpedit.msc".
3. Double click "Windows Settings" under "Computer Configuration" and double click again on "Startup" in the right window.
4. In the new window, click "add", "Browse", locate your "delprefetch.bat" file & click "Open".
5. Click "OK", "Apply" & "OK" once again to exit.
6. Reboot your computer.

SPEED UP MENU DISPLAY.
When using the start menu the you will notice a delay between different tiers of the menu hierarchy. For the fastest computer experience possible I recommend changing this value to zero. This will allow the different tiers to appear instantly. Start Regedit. If you are unfamiliar with regedit please refer to our FAQ on how to get started.
Navigate to HKEY_CURRENT_USER\Control Panel\Desktop
Select MenuShowDelay from the list on the right.
Right on it and select Modify.
Change the value to 0.
Reboot your computer.

16 COLOUR ICONS.
If you select 16bit mode for graphics your icons will revert to using 8bit (16 color) icons. Yuck! Change the following registry setting to:
[HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics] "Shell Icon BPP"="16" "Shell Icon Size"="32" Setting the BPP to 16bit will yield 65565 colors for icons.

DE-CRYPT ENCRYPTED FILES ON WINDOWS XP.
1. Login as Administrator
2. Go to Start/Run and type in cmd and click OK.
At the prompt type cipher /r:Eagent and press enter
This prompt will then display:
Please type in the password to protect your .PFX file:
Type in your Administrator password
Re-confirm your Administrator password
The prompt will then display
Your .CER file was created successfully.
Your .PFX file was created successfully.
The Eagent.cer and Eagent.pfx files will be saved in the current directory that is shown at the command prompt. Example: The command prompt displays
C:\Documents and Settings\admin> the two files are saved in the admin folder. (For security concerns, you should house the two files in your Administrator folder or on a floppy disk).
3. Go to Start/Run and type in certmgr.msc and click OK. This will launch the Certificates Manager. Navigate to Personal and right click on the folder and select All Tasks/Import. The Certificate Import Wizard will appear. Click Next. Browse to the C:\Documents and Settings\admin folder. In the Open dialog box, change the Files of Type (at the bottom) to personal Information Exchange (*.pfx,*.P12). Select the file Eagent.pfx and click Open. Click Next. Type in your Administrator password (leave the two checkboxes blank) and click Next. Make sure the Radio button is active for the first option (Automatically select the certificate store based on the type of certifcate). Click Next. Click Finish. (You'll receive a message that the import was successful). To confirm the import, close Certificates Manager and re-open it. Expand the Personal folder and you will see a new subfolder labeled Certificates. Expand that folder and you will see the new entry in the right side column. Close Certificate Manager.
4. Go to Start/Run and type in secpol.msc and click OK. This will launch the Local Security Policy. Expand the Public Key Policies folder and then right click on the Encrypted File System subfolder and select Add Data Recovery Agent... The Wizard will then display. Click Next. Click the Browse Folders... button. Browse to the C:\Documents and Settings\admin folder. Select the Eagent.cer file and click Open. (The wizard will display the status User_Unknown. That's ok). Click Next. Click Finish. You will see a new entry in the right side column. Close the Local Security Policy.
You, the Administrator are now configured as the default Recovery Agent for All Encrypted files on the Local Machine.
To Recover Encrypted files: Scenario #1
If you have completed the above steps BEFORE an existing user encrypted his/her files, you can log in to your Administrator account and navigate to the encrypted file(s). Double click on the file(s) to view the contents.
Scenario #2
If you have completed the above steps AFTER an existing user has already encrypted his/her files, you must login to the applicable User's User Account and then immediately logout. Next, login to your Administrator account and navigate to the encrypted file(s). Double click on the file(s) to view the contents.
*Warning Do not Delete or Rename a User's account from which will want to Recover the Encrypted Files. You will not be able to de-crypt the files using the steps outlined above.

DUMP FILES TWEAK & DISABLE DR.WATSON.
"Dump file. A dump file stores data from memory during a system crash and can be helpful when diagnosing problems, but like a swap file, it can also expose a lot of sensitive, unencrypted data. To prevent Windows from creating the file, go to Control Panel | System. Click on the Advanced tab and then the Settings button on the Startup and Recovery pane. Set the drop-down menu under Write debugging information to (none). "Similarly, the debugging program Dr. Watson saves information when applications crash. To disable it, go to:
HKEY_local_machine\software\Microsoft\WindowsNT\CurrentVersion\ AeDebug and set the Auto string to 0. Then use Windows Explorer to go to Documents and Settings\All Users\Shared Documents\DrWatson. Delete User.dmp and Drwtsn32.log, the insecure logs the program creates." Heed related advice from 'microsoft' regarding 'Disable Dr.Watson' first before the preceding Dr. Watson advice (go Google search.) Back up with System Restore, and go ahead. As cautious as I am, I have gladly applied these tweaks, and followed related microsot advice on Dr. Watson.

Precaution: Backups All Of Your Data Before Tweaking, Not All Of The Tips I've Mentioned Above Were Tested. I Don't Responsible For Any Damages. Happy Experiments

Monday, August 4, 2008

Choosing A Good Domain Name, ya..good name is important!

Another good tip for successful web experience..injoy it!

Choosing A Good Domain Name

Choosing a domain name for your site is one of the most important steps towards creating the perfect internet presence. If you run an on-line business, picking a name that will be marketable and achieve success in search engine placement is paramount. Many factors must be considered when choosing a good domain name. This article summarizes all the different things to consider before making that final registration step!

Short and Sweet

Domain names can be really long or really short (1 - 67 characters). In general, it is far better to choose a domain name that is short in length. The shorter your domain name, the easier it will be for people remember. Remembering a domain name is very important from a marketability perspective. As visitors reach your site and enjoy using it, they will likely tell people about it. And those people may tell others, etc. As with any business, word of mouth is the most powerful marketing tool to drive traffic to your site (and it's free too!). If your site is long and difficult to pronounce, people will not remember the name of the site and unless they bookmark the link, they may never return.

Consider Alternatives

Unless a visitor reaches your site through a bookmark or a link from another site, they have typed in your domain name. Most people on the internet are terrible typists and misspell words constantly. If your domain name is easy to misspell, you should think about alternate domain names to purchase. For example, if your site will be called "MikesTools.com", you should also consider buying "MikeTools.com" and "MikeTool.com". You should also secure the different top level domain names besides the one you will use for marketing purposes ("MikesTools.net", "MikesTools.org", etc.) You should also check to see if there are existing sites based on the misspelled version of the domain name you are considering. "MikesTools.com" may be available, but "MikesTool.com" may be home to a graphic pornography site. You would hate for a visitor to walk away thinking you were hosting something they did not expect.

Also consider domain names that may not include the name of your company, but rather what your company provides. For example, if the name of your company is Mike's Tools, you may want to consider domain names that target what you sell. For example: "buyhammers.com" or "hammer-and-nail.com". Even though these example alternative domain names do not include the name of your company, it provides an avenue for visitors from your target markets. Remember that you can own multiple domain names, all of which can point to a single domain. For example, you could register "buyhammers.com", "hammer-and-nail.com", and "mikestools.com" and have "buyhammers.com" and "hammer-and-nail.com" point to "mikestools.com".

Hyphens: Your Friend and Enemy

Domain name availability has become more and more scant over the years. Many single word domain names have been scooped up which it makes it more and more difficult to find a domain name that you like and is available. When selecting a domain name, you have the option of including hyphens as part of the name. Hyphens help because it allows you to clearly separate multiple words in a domain name, making it less likely that a person will accidentally misspell the name. For example, people are more likely to misspell "domainnamecenter.com" than they are "domain-name-center.com". Having words crunched together makes it hard on the eyes, increasing the likelihood of a misspelling. On the other hand, hyphens make your domain name longer. The longer the domain name, the easier it is for people to forget it altogether. Also, if someone recommends a site to someone else, they may forget to mention that each word in the domain name is separated by a hyphen. If do you choose to leverage hyphens, limit the number of words between the hyphens to three. Another advantage to using hyphens is that search engines are able to pick up each unique word in the domain name as key words, thus helping to make your site more visible in search engine results.

Dot What?

There are many top level domain names available today including .com, .net, .org, and .biz. In most cases, the more unusual the top level domain, the more available domain names are available. However, the .com top level domain is far and away the most commonly used domain on the internet, driven by the fact that it was the first domain extension put to use commercially and has received incredible media attention. If you cannot lay your hands on a .com domain name, look for a .net domain name, which is the second most commercially popular domain name extension.

Long Arm of the Law

Be very careful not to register domain names that include trademarked names. Although internet domain name law disputes are tricky and have few cases in existence, the risk of a legal battle is not a risk worth taking. Even if you believe your domain name is untouchable by a business that has trademarked a name, do not take the chance: the cost of litigation is extremely high and unless you have deep pockets you will not likely have the resources to defend yourself in a court of law. Even stay away from domain names in which part of the name is trademarked: the risks are the same.

Search Engines and Directories

All search engines and directories are different. Each has a unique process for being part of the results or directory listing and each has a different way of sorting and listing domain names. Search engines and directories are the most important on-line marketing channel, so consider how your domain name choice affects site placement before you register the domain. Most directories simply list links to home pages in alphabetical order. If possible, choose a domain name with a letter of the alphabet near the beginning ("a" or "b"). For example, "aardvark-pest-control.com" will come way above "joes-pest-control.com". However, check the directories before you choose a domain name. You may find that the directories you would like be in are already cluttered with domain names beginning with the letter "a". Search engines scan websites and sort results based on key words. Key words are words that a person visiting a search engine actually search on. Having key words as part of your domain name can help you get better results.

Caught A Virus

Caught A Virus?

If you've let your guard down--or even if you haven't--it can be hard to tell if your PC is infected. Here's what to do if you suspect the worst.

Heard this one before? You must run antivirus software and keep it up to date or else your PC will get infected, you'll lose all your data, and you'll incur the wrath of every e-mail buddy you unknowingly infect because of your carelessness.

You know they're right. Yet for one reason or another, you're not running antivirus software, or you are but it's not up to date. Maybe you turned off your virus scanner because it conflicted with another program. Maybe you got tired of upgrading after you bought Norton Antivirus 2001, 2002, and 2003. Or maybe your annual subscription of virus definitions recently expired, and you've put off renewing.

It happens. It's nothing to be ashamed of. But chances are, either you're infected right now, as we speak, or you will be very soon.

For a few days in late January, the Netsky.p worm was infecting about 2,500 PCs a day. Meanwhile the MySQL bot infected approximately 100 systems a minute (albeit not necessarily desktop PCs). As David Perry, global director of education for security software provider Trend Micro, puts it, "an unprotected [Windows] computer will become owned by a bot within 14 minutes."

Today's viruses, worms, and so-called bots--which turn your PC into a zombie that does the hacker's bidding (such as mass-mailing spam)--aren't going to announce their presence. Real viruses aren't like the ones in Hollywood movies that melt down whole networks in seconds and destroy alien spacecraft. They operate in the background, quietly altering data, stealing private operations, or using your PC for their own illegal ends. This makes them hard to spot if you're not well protected.

Is Your PC "Owned?"

I should start by saying that not every system oddity is due to a virus, worm, or bot. Is your system slowing down? Is your hard drive filling up rapidly? Are programs crashing without warning? These symptoms are more likely caused by Windows, or badly written legitimate programs, rather than malware. After all, people who write malware want to hide their program's presence. People who write commercial software put icons all over your desktop. Who's going to work harder to go unnoticed?

Other indicators that may, in fact, indicate that there's nothing that you need to worry about, include:

* An automated e-mail telling you that you're sending out infected mail. E-mail viruses and worms typically come from faked addresses.
* A frantic note from a friend saying they've been infected, and therefore so have you. This is likely a hoax. It's especially suspicious if the note tells you the virus can't be detected but you can get rid of it by deleting one simple file. Don't be fooled--and don't delete that file.

I'm not saying that you should ignore such warnings. Copy the subject line or a snippet from the body of the e-mail and plug it into your favorite search engine to see if other people have received the same note. A security site may have already pegged it as a hoax.

Sniffing Out an Infection

There are signs that indicate that your PC is actually infected. A lot of network activity coming from your system (when you're not actually using Internet) can be a good indicator that something is amiss. A good software firewall, such as ZoneAlarm, will ask your permission before letting anything leave your PC, and will give you enough information to help you judge if the outgoing data is legitimate. By the way, the firewall that comes with Windows, even the improved version in XP Service Pack 2, lacks this capability.

To put a network status light in your system tray, follow these steps: In Windows XP, choose Start, Control Panel, Network Connections, right-click the network connection you want to monitor, choose Properties, check "Show icon in notification area when connected," and click OK.

If you're interested in being a PC detective, you can sniff around further for malware. By hitting Ctrl-Alt-Delete in Windows, you'll bring up the Task Manager, which will show you the various processes your system is running. Most, if not all, are legit, but if you see a file name that looks suspicious, type it into a search engine and find out what it is.

Want another place to look? In Windows XP, click Start, Run, type "services.msc" in the box, and press Enter. You'll see detailed descriptions of the services Windows is running. Something look weird? Check with your search engine.

Finally, you can do more detective work by selecting Start, Run, and typing "msconfig" in the box. With this tool you not only see the services running, but also the programs that your system is launching at startup. Again, check for anything weird.

If any of these tools won't run--or if your security software won't run--that in itself is a good sign your computer is infected. Some viruses intentionally disable such programs as a way to protect themselves.

What to Do Next

Once you're fairly sure your system is infected, don't panic. There are steps you can take to assess the damage, depending on your current level of protection.

* If you don't have any antivirus software on your system (shame on you), or if the software has stopped working, stay online and go for a free scan at one of several Web sites. There's McAfee FreeScan, Symantec Security Check, and Trend Micro's HouseCall. If one doesn't find anything, try two. In fact, running a free online virus scan is a good way to double-check the work of your own local antivirus program. When you're done, buy or download a real antivirus program.
* If you have antivirus software, but it isn't active, get offline, unplug wires-- whatever it takes to stop your computer from communicating via the Internet. Then, promptly perform a scan with the installed software.
* If nothing seems to be working, do more research on the Web. There are several online virus libraries where you can find out about known viruses. These sites often provide instructions for removing viruses--if manual removal is possible--or a free removal tool if it isn't. Check out GriSOFT's Virus Encyclopedia, Eset's Virus Descriptions, McAffee's Virus Glossary, Symantec's Virus Encyclopedia, or Trend Micro's Virus Encyclopedia.

A Microgram of Prevention

Assuming your system is now clean, you need to make sure it stays that way. Preventing a breach of your computer's security is far more effective than cleaning up the mess afterwards. Start with a good security program, such Trend Micro's PC-Cillin, which you can buy for $50.

Don't want to shell out any money? You can cobble together security through free downloads, such as AVG Anti-Virus Free Edition, ZoneAlarm (a personal firewall), and Ad-Aware SE (an antispyware tool).

Just make sure you keep all security software up to date. The bad guys constantly try out new ways to fool security programs. Any security tool without regular, easy (if not automatic) updates isn't worth your money or your time.

Speaking of updating, the same goes for Windows. Use Windows Update (it's right there on your Start Menu) to make sure you're getting all of the high priority updates. If you run Windows XP, make sure to get the Service Pack 2 update. To find out if you already have it, right-click My Computer, and select Properties. Under the General tab, under System, it should say "Service Pack 2."

Here are a few more pointers for a virus-free life:

* Be careful with e-mail. Set your e-mail software security settings to high. Don't open messages with generic-sounding subjects that don't apply specifically to you from people you don't know. Don't open an attachment unless you're expecting it.
* If you have broadband Internet access, such as DSL or cable, get a router, even if you only have one PC. A router adds an extra layer of protection because your PC is not connecting directly with the Internet.
* Check your Internet ports. These doorways between your computer and the Internet can be open, in which case your PC is very vulnerable; closed, but still somewhat vulnerable; or stealthed (or hidden), which is safest. Visit Gibson Research's Web site and run the free ShieldsUP test to see your ports' status. If some ports show up as closed--or worse yet, open--check your router's documentation to find out how to hide them.

Sunday, August 3, 2008

Bandwidth Explained!

This is well written explanation about bandwidth, very useful info.

BandWidth Explained

Most hosting companies offer a variety of bandwidth options in their plans. So exactly what is bandwidth as it relates to web hosting? Put simply, bandwidth is the amount of traffic that is allowed to occur between your web site and the rest of the internet. The amount of bandwidth a hosting company can provide is determined by their network connections, both internal to their data center and external to the public internet.

Network Connectivity

The internet, in the most simplest of terms, is a group of millions of computers connected by networks. These connections within the internet can be large or small depending upon the cabling and equipment that is used at a particular internet location. It is the size of each network connection that determines how much bandwidth is available. For example, if you use a DSL connection to connect to the internet, you have 1.54 Mega bits (Mb) of bandwidth. Bandwidth therefore is measured in bits (a single 0 or 1). Bits are grouped in bytes which form words, text, and other information that is transferred between your computer and the internet.

If you have a DSL connection to the internet, you have dedicated bandwidth between your computer and your internet provider. But your internet provider may have thousands of DSL connections to their location. All of these connection aggregate at your internet provider who then has their own dedicated connection to the internet (or multiple connections) which is much larger than your single connection. They must have enough bandwidth to serve your computing needs as well as all of their other customers. So while you have a 1.54Mb connection to your internet provider, your internet provider may have a 255Mb connection to the internet so it can accommodate your needs and up to 166 other users (255/1.54).

Traffic

A very simple analogy to use to understand bandwidth and traffic is to think of highways and cars. Bandwidth is the number of lanes on the highway and traffic is the number of cars on the highway. If you are the only car on a highway, you can travel very quickly. If you are stuck in the middle of rush hour, you may travel very slowly since all of the lanes are being used up.

Traffic is simply the number of bits that are transferred on network connections. It is easiest to understand traffic using examples. One Gigabyte is 2 to the 30th power (1,073,741,824) bytes. One gigabyte is equal to 1,024 megabytes. To put this in perspective, it takes one byte to store one character. Imagine 100 file cabinets in a building, each of these cabinets holds 1000 folders. Each folder has 100 papers. Each paper contains 100 characters - A GB is all the characters in the building. An MP3 song is about 4MB, the same song in wav format is about 40MB, a full length movie can be 800MB to 1000MB (1000MB = 1GB).

If you were to transfer this MP3 song from a web site to your computer, you would create 4MB of traffic between the web site you are downloading from and your computer. Depending upon the network connection between the web site and the internet, the transfer may occur very quickly, or it could take time if other people are also downloading files at the same time. If, for example, the web site you download from has a 10MB connection to the internet, and you are the only person accessing that web site to download your MP3, your 4MB file will be the only traffic on that web site. However, if three people are all downloading that same MP at the same time, 12MB (3 x 4MB) of traffic has been created. Because in this example, the host only has 10MB of bandwidth, someone will have to wait. The network equipment at the hosting company will cycle through each person downloading the file and transfer a small portion at a time so each person's file transfer can take place, but the transfer for everyone downloading the file will be slower. If 100 people all came to the site and downloaded the MP3 at the same time, the transfers would be extremely slow. If the host wanted to decrease the time it took to download files simultaneously, it could increase the bandwidth of their internet connection (at a cost due to upgrading equipment).

Hosting Bandwidth

In the example above, we discussed traffic in terms of downloading an MP3 file. However, each time you visit a web site, you are creating traffic, because in order to view that web page on your computer, the web page is first downloaded to your computer (between the web site and you) which is then displayed using your browser software (Internet Explorer, Netscape, etc.) . The page itself is simply a file that creates traffic just like the MP3 file in the example above (however, a web page is usually much smaller than a music file).

A web page may be very small or large depending upon the amount of text and the number and quality of images integrated within the web page. For example, the home page for CNN.com is about 200KB (200 Kilobytes = 200,000 bytes = 1,600,000 bits). This is typically large for a web page. In comparison, Yahoo's home page is about 70KB.

How Much Bandwidth Is Enough?

It depends (don't you hate that answer). But in truth, it does. Since bandwidth is a significant determinant of hosting plan prices, you should take time to determine just how much is right for you. Almost all hosting plans have bandwidth requirements measured in months, so you need to estimate the amount of bandwidth that will be required by your site on a monthly basis

If you do not intend to provide file download capability from your site, the formula for calculating bandwidth is fairly straightforward:

Average Daily Visitors x Average Page Views x Average Page Size x 31 x Fudge Factor

If you intend to allow people to download files from your site, your bandwidth calculation should be:

[(Average Daily Visitors x Average Page Views x Average Page Size) +
(Average Daily File Downloads x Average File Size)] x 31 x Fudge Factor

Let us examine each item in the formula:

Average Daily Visitors - The number of people you expect to visit your site, on average, each day. Depending upon how you market your site, this number could be from 1 to 1,000,000.

Average Page Views - On average, the number of web pages you expect a person to view. If you have 50 web pages in your web site, an average person may only view 5 of those pages each time they visit.

Average Page Size - The average size of your web pages, in Kilobytes (KB). If you have already designed your site, you can calculate this directly.

Average Daily File Downloads - The number of downloads you expect to occur on your site. This is a function of the numbers of visitors and how many times a visitor downloads a file, on average, each day.

Average File Size - Average file size of files that are downloadable from your site. Similar to your web pages, if you already know which files can be downloaded, you can calculate this directly.

Fudge Factor - A number greater than 1. Using 1.5 would be safe, which assumes that your estimate is off by 50%. However, if you were very unsure, you could use 2 or 3 to ensure that your bandwidth requirements are more than met.

Usually, hosting plans offer bandwidth in terms of Gigabytes (GB) per month. This is why our formula takes daily averages and multiplies them by 31.

Summary

Most personal or small business sites will not need more than 1GB of bandwidth per month. If you have a web site that is composed of static web pages and you expect little traffic to your site on a daily basis, go with a low bandwidth plan. If you go over the amount of bandwidth allocated in your plan, your hosting company could charge you over usage fees, so if you think the traffic to your site will be significant, you may want to go through the calculations above to estimate the amount of bandwidth required in a hosting plan.

10 Security Enhancements

10 Fast and Free Security Enhancements
PC magazine.

Before you spend a dime on security, there are many precautions you can take that will protect you against the most common threats.

1. Check Windows Update and Office Update regularly.

2. Install a personal firewall.

3. Install a free spyware blocker.

4. Block pop-up spam messages in Windows NT, 2000, or XP by disabling the Windows Messenger service (this is unrelated to the instant messaging program). Open Control Panel | Administrative Tools | Services and you'll see Messenger. Right-click and go to Properties. Set Start-up Type to Disabled and press the Stop button. Bye-bye, spam pop-ups! Any good firewall will also stop them.

5. Use strong passwords and change them periodically. Passwords should have at least seven characters; use letters and numbers and have at least one symbol. A decent example would be m!@uts@#$. This will make it much harder for anyone to gain access to your accounts.

6. If you're using Outlook or Outlook Express, use the current version or one with the Outlook Security Update installed. The update and current versions patch numerous vulnerabilities.

7. Buy antivirus software and keep it up to date. If you're not willing to pay,

8. If you have a wireless network, turn on the security features: Use MAC filtering, turn off SSID broadcast, and even use WEP with the biggest key you can get. For more, check out our wireless section or see the expanded coverage in Your Unwired World in our next issue.

9. Join a respectable e-mail security list, such as the one found at our own Security Supersite at _http://security.ziffdavis.com, so that you learn about emerging threats quickly and can take proper precautions.

10. Be skeptical of things on the Internet. Don't assume that e-mail "From:" a particular person is actually from that person until you have further reason to believe it's that person. Don't assume that an attachment is what it says it is. Don't give out your password to anyone, even if that person claims to be from "support."

23 Ways To Speed WinXP, Not only Defrag

Since defragging the disk won't do much to improve Windows XP performance, here are 23 suggestions that will. Each can enhance the performance and reliability of your customers' PCs. Best of all, most of them will cost you nothing.
1.) To decrease a system's boot time and increase system performance, use the money you save by not buying defragmentation software -- the built-in Windows defragmenter works just fine -- and instead equip the computer with an Ultra-133 or Serial ATA hard drive with 8-MB cache buffer.

2.) If a PC has less than 512 MB of RAM, add more memory. This is a relatively inexpensive and easy upgrade that can dramatically improve system performance.

3.) Ensure that Windows XP is utilizing the NTFS file system. If you're not sure, here's how to check: First, double-click the My Computer icon, right-click on the C: Drive, then select Properties. Next, examine the File System type; if it says FAT32, then back-up any important data. Next, click Start, click Run, type CMD, and then click OK. At the prompt, type CONVERT C: /FS:NTFS and press the Enter key. This process may take a while; it's important that the computer be uninterrupted and virus-free. The file system used by the bootable drive will be either FAT32 or NTFS. I highly recommend NTFS for its superior security, reliability, and efficiency with larger disk drives.

4.) Disable file indexing. The indexing service extracts information from documents and other files on the hard drive and creates a "searchable keyword index." As you can imagine, this process can be quite taxing on any system.

The idea is that the user can search for a word, phrase, or property inside a document, should they have hundreds or thousands of documents and not know the file name of the document they want. Windows XP's built-in search functionality can still perform these kinds of searches without the Indexing service. It just takes longer. The OS has to open each file at the time of the request to help find what the user is looking for.

Most people never need this feature of search. Those who do are typically in a large corporate environment where thousands of documents are located on at least one server. But if you're a typical system builder, most of your clients are small and medium businesses. And if your clients have no need for this search feature, I recommend disabling it.

Here's how: First, double-click the My Computer icon. Next, right-click on the C: Drive, then select Properties. Uncheck "Allow Indexing Service to index this disk for fast file searching." Next, apply changes to "C: subfolders and files," and click OK. If a warning or error message appears (such as "Access is denied"), click the Ignore All button.

5.) Update the PC's video and motherboard chipset drivers. Also, update and configure the BIOS. For more information on how to configure your BIOS properly, see this article on my site.

6.) Empty the Windows Prefetch folder every three months or so. Windows XP can "prefetch" portions of data and applications that are used frequently. This makes processes appear to load faster when called upon by the user. That's fine. But over time, the prefetch folder may become overloaded with references to files and applications no longer in use. When that happens, Windows XP is wasting time, and slowing system performance, by pre-loading them. Nothing critical is in this folder, and the entire contents are safe to delete.

7.) Once a month, run a disk cleanup. Here's how: Double-click the My Computer icon. Then right-click on the C: drive and select Properties. Click the Disk Cleanup button -- it's just to the right of the Capacity pie graph -- and delete all temporary files.

8.) In your Device Manager, double-click on the IDE ATA/ATAPI Controllers device, and ensure that DMA is enabled for each drive you have connected to the Primary and Secondary controller. Do this by double-clicking on Primary IDE Channel. Then click the Advanced Settings tab. Ensure the Transfer Mode is set to "DMA if available" for both Device 0 and Device 1. Then repeat this process with the Secondary IDE Channel.

9.) Upgrade the cabling. As hard-drive technology improves, the cabling requirements to achieve these performance boosts have become more stringent. Be sure to use 80-wire Ultra-133 cables on all of your IDE devices with the connectors properly assigned to the matching Master/Slave/Motherboard sockets. A single device must be at the end of the cable; connecting a single drive to the middle connector on a ribbon cable will cause signaling problems. With Ultra DMA hard drives, these signaling problems will prevent the drive from performing at its maximum potential. Also, because these cables inherently support "cable select," the location of each drive on the cable is important. For these reasons, the cable is designed so drive positioning is explicitly clear.

10.) Remove all spyware from the computer. Use free programs such as AdAware by Lavasoft or SpyBot Search & Destroy. Once these programs are installed, be sure to check for and download any updates before starting your search. Anything either program finds can be safely removed. Any free software that requires spyware to run will no longer function once the spyware portion has been removed; if your customer really wants the program even though it contains spyware, simply reinstall it. For more information on removing Spyware visit this Web Pro News page.

11.) Remove any unnecessary programs and/or items from Windows Startup routine using the MSCONFIG utility. Here's how: First, click Start, click Run, type MSCONFIG, and click OK. Click the StartUp tab, then uncheck any items you don't want to start when Windows starts. Unsure what some items are? Visit the WinTasks Process Library. It contains known system processes, applications, as well as spyware references and explanations. Or quickly identify them by searching for the filenames using Google or another Web search engine.

12.) Remove any unnecessary or unused programs from the Add/Remove Programs section of the Control Panel.

13.) Turn off any and all unnecessary animations, and disable active desktop. In fact, for optimal performance, turn off all animations. Windows XP offers many different settings in this area. Here's how to do it: First click on the System icon in the Control Panel. Next, click on the Advanced tab. Select the Settings button located under Performance. Feel free to play around with the options offered here, as nothing you can change will alter the reliability of the computer -- only its responsiveness.

14.) If your customer is an advanced user who is comfortable editing their registry, try some of the performance registry tweaks offered at Tweak XP.

15.) Visit Microsoft's Windows update site regularly, and download all updates labeled Critical. Download any optional updates at your discretion.

16.) Update the customer's anti-virus software on a weekly, even daily, basis. Make sure they have only one anti-virus software package installed. Mixing anti-virus software is a sure way to spell disaster for performance and reliability.

17.) Make sure the customer has fewer than 500 type fonts installed on their computer. The more fonts they have, the slower the system will become. While Windows XP handles fonts much more efficiently than did the previous versions of Windows, too many fonts -- that is, anything over 500 -- will noticeably tax the system.

18.) Do not partition the hard drive. Windows XP's NTFS file system runs more efficiently on one large partition. The data is no safer on a separate partition, and a reformat is never necessary to reinstall an operating system. The same excuses people offer for using partitions apply to using a folder instead. For example, instead of putting all your data on the D: drive, put it in a folder called "D drive." You'll achieve the same organizational benefits that a separate partition offers, but without the degradation in system performance. Also, your free space won't be limited by the size of the partition; instead, it will be limited by the size of the entire hard drive. This means you won't need to resize any partitions, ever. That task can be time-consuming and also can result in lost data.

19.) Check the system's RAM to ensure it is operating properly. I recommend using a free program called MemTest86. The download will make a bootable CD or diskette (your choice), which will run 10 extensive tests on the PC's memory automatically after you boot to the disk you created. Allow all tests to run until at least three passes of the 10 tests are completed. If the program encounters any errors, turn off and unplug the computer, remove a stick of memory (assuming you have more than one), and run the test again. Remember, bad memory cannot be repaired, but only replaced.

20.) If the PC has a CD or DVD recorder, check the drive manufacturer's Web site for updated firmware. In some cases you'll be able to upgrade the recorder to a faster speed. Best of all, it's free.

21.) Disable unnecessary services. Windows XP loads a lot of services that your customer most likely does not need. To determine which services you can disable for your client, visit the Black Viper site for Windows XP configurations.

22.) If you're sick of a single Windows Explorer window crashing and then taking the rest of your OS down with it, then follow this tip: open My Computer, click on Tools, then Folder Options. Now click on the View tab. Scroll down to "Launch folder windows in a separate process," and enable this option. You'll have to reboot your machine for this option to take effect.

23.) At least once a year, open the computer's cases and blow out all the dust and debris. While you're in there, check that all the fans are turning properly. Also inspect the motherboard capacitors for bulging or leaks. For more information on this leaking-capacitor phenomena, you can read numerous articles on my site.

Following any of these suggestions should result in noticeable improvements to the performance and reliability of your customers' computers. If you still want to defrag a disk, remember that the main benefit will be to make your data more retrievable in the event of a crashed drive.

10 reasons why PCs crash U must Know

10 reasons why PCs crash U must Know

Fatal error: the system has become unstable or is busy," it says. "Enter to return to Windows or press Control-Alt-Delete to restart your computer. If you do this you will lose any unsaved information in all open applications."

You have just been struck by the Blue Screen of Death. Anyone who uses Mcft Windows will be familiar with this. What can you do? More importantly, how can you prevent it happening?

1 Hardware conflict

The number one reason why Windows crashes is hardware conflict. Each hardware device communicates to other devices through an interrupt request channel (IRQ). These are supposed to be unique for each device.

For example, a printer usually connects internally on IRQ 7. The keyboard usually uses IRQ 1 and the floppy disk drive IRQ 6. Each device will try to hog a single IRQ for itself.

If there are a lot of devices, or if they are not installed properly, two of them may end up sharing the same IRQ number. When the user tries to use both devices at the same time, a crash can happen. The way to check if your computer has a hardware conflict is through the following route:

* Start-Settings-Control Panel-System-Device Manager.

Often if a device has a problem a yellow '!' appears next to its description in the Device Manager. Highlight Computer (in the Device Manager) and press Properties to see the IRQ numbers used by your computer. If the IRQ number appears twice, two devices may be using it.

Sometimes a device might share an IRQ with something described as 'IRQ holder for PCI steering'. This can be ignored. The best way to fix this problem is to remove the problem device and reinstall it.

Sometimes you may have to find more recent drivers on the internet to make the device function properly. A good resource is www.driverguide.com. If the device is a soundcard, or a modem, it can often be fixed by moving it to a different slot on the motherboard (be careful about opening your computer, as you may void the warranty).

When working inside a computer you should switch it off, unplug the mains lead and touch an unpainted metal surface to discharge any static electricity.

To be fair to Mcft, the problem with IRQ numbers is not of its making. It is a legacy problem going back to the first PC designs using the IBM 8086 chip. Initially there were only eight IRQs. Today there are 16 IRQs in a PC. It is easy to run out of them. There are plans to increase the number of IRQs in future designs.

2 Bad Ram

Ram (random-access memory) problems might bring on the blue screen of death with a message saying Fatal Exception Error. A fatal error indicates a serious hardware problem. Sometimes it may mean a part is damaged and will need replacing.

But a fatal error caused by Ram might be caused by a mismatch of chips. For example, mixing 70-nanosecond (70ns) Ram with 60ns Ram will usually force the computer to run all the Ram at the slower speed. This will often crash the machine if the Ram is overworked.

One way around this problem is to enter the BIOS settings and increase the wait state of the Ram. This can make it more stable. Another way to troubleshoot a suspected Ram problem is to rearrange the Ram chips on the motherboard, or take some of them out. Then try to repeat the circumstances that caused the crash. When handling Ram try not to touch the gold connections, as they can be easily damaged.

Parity error messages also refer to Ram. Modern Ram chips are either parity (ECC) or non parity (non-ECC). It is best not to mix the two types, as this can be a cause of trouble.

EMM386 error messages refer to memory problems but may not be connected to bad Ram. This may be due to free memory problems often linked to old Dos-based programmes.

3 BIOS settings

Every motherboard is supplied with a range of chipset settings that are decided in the factory. A common way to access these settings is to press the F2 or delete button during the first few seconds of a boot-up.

Once inside the BIOS, great care should be taken. It is a good idea to write down on a piece of paper all the settings that appear on the screen. That way, if you change something and the computer becomes more unstable, you will know what settings to revert to.

A common BIOS error concerns the CAS latency. This refers to the Ram. Older EDO (extended data out) Ram has a CAS latency of 3. Newer SDRam has a CAS latency of 2. Setting the wrong figure can cause the Ram to lock up and freeze the computer's display.

Mcft Windows is better at allocating IRQ numbers than any BIOS. If possible set the IRQ numbers to Auto in the BIOS. This will allow Windows to allocate the IRQ numbers (make sure the BIOS setting for Plug and Play OS is switched to 'yes' to allow Windows to do this.).

4 Hard disk drives

After a few weeks, the information on a hard disk drive starts to become piecemeal or fragmented. It is a good idea to defragment the hard disk every week or so, to prevent the disk from causing a screen freeze. Go to

* Start-Programs-Accessories-System Tools-Disk Defragmenter

This will start the procedure. You will be unable to write data to the hard drive (to save it) while the disk is defragmenting, so it is a good idea to schedule the procedure for a period of inactivity using the Task Scheduler.

The Task Scheduler should be one of the small icons on the bottom right of the Windows opening page (the desktop).

Some lockups and screen freezes caused by hard disk problems can be solved by reducing the read-ahead optimisation. This can be adjusted by going to

* Start-Settings-Control Panel-System Icon-Performance-File System-Hard Disk.

Hard disks will slow down and crash if they are too full. Do some housekeeping on your hard drive every few months and free some space on it. Open the Windows folder on the C drive and find the Temporary Internet Files folder. Deleting the contents (not the folder) can free a lot of space.

Empty the Recycle Bin every week to free more space. Hard disk drives should be scanned every week for errors or bad sectors. Go to

* Start-Programs-Accessories-System Tools-ScanDisk

Otherwise assign the Task Scheduler to perform this operation at night when the computer is not in use.

5 Fatal OE exceptions and VXD errors

Fatal OE exception errors and VXD errors are often caused by video card problems.

These can often be resolved easily by reducing the resolution of the video display. Go to

* Start-Settings-Control Panel-Display-Settings

Here you should slide the screen area bar to the left. Take a look at the colour settings on the left of that window. For most desktops, high colour 16-bit depth is adequate.

If the screen freezes or you experience system lockups it might be due to the video card. Make sure it does not have a hardware conflict. Go to

* Start-Settings-Control Panel-System-Device Manager

Here, select the + beside Display Adapter. A line of text describing your video card should appear. Select it (make it blue) and press properties. Then select Resources and select each line in the window. Look for a message that says No Conflicts.

If you have video card hardware conflict, you will see it here. Be careful at this point and make a note of everything you do in case you make things worse.

The way to resolve a hardware conflict is to uncheck the Use Automatic Settings box and hit the Change Settings button. You are searching for a setting that will display a No Conflicts message.

Another useful way to resolve video problems is to go to

* Start-Settings-Control Panel-System-Performance-Graphics

Here you should move the Hardware Acceleration slider to the left. As ever, the most common cause of problems relating to graphics cards is old or faulty drivers (a driver is a small piece of software used by a computer to communicate with a device).

Look up your video card's manufacturer on the internet and search for the most recent drivers for it.

6 Viruses

Often the first sign of a virus infection is instability. Some viruses erase the boot sector of a hard drive, making it impossible to start. This is why it is a good idea to create a Windows start-up disk. Go to

* Start-Settings-Control Panel-Add/Remove Programs

Here, look for the Start Up Disk tab. Virus protection requires constant vigilance.

A virus scanner requires a list of virus signatures in order to be able to identify viruses. These signatures are stored in a DAT file. DAT files should be updated weekly from the website of your antivirus software manufacturer.

An excellent antivirus programme is McAfee VirusScan by Network Associates ( www.nai.com). Another is Norton AntiVirus 2000, made by Symantec ( www.symantec.com).

7 Printers

The action of sending a document to print creates a bigger file, often called a postscript file.

Printers have only a small amount of memory, called a buffer. This can be easily overloaded. Printing a document also uses a considerable amount of CPU power. This will also slow down the computer's performance.

If the printer is trying to print unusual characters, these might not be recognised, and can crash the computer. Sometimes printers will not recover from a crash because of confusion in the buffer. A good way to clear the buffer is to unplug the printer for ten seconds. Booting up from a powerless state, also called a cold boot, will restore the printer's default settings and you may be able to carry on.

8 Software

A common cause of computer crash is faulty or badly-installed software. Often the problem can be cured by uninstalling the software and then reinstalling it. Use Norton Uninstall or Uninstall Shield to remove an application from your system properly. This will also remove references to the programme in the System Registry and leaves the way clear for a completely fresh copy.

The System Registry can be corrupted by old references to obsolete software that you thought was uninstalled. Use Reg Cleaner by Jouni Vuorio to clean up the System Registry and remove obsolete entries. It works on Windows 95, Windows 98, Windows 98 SE (Second Edition), Windows Millennium Edition (ME), NT4 and Windows 2000.

Read the instructions and use it carefully so you don't do permanent damage to the Registry. If the Registry is damaged you will have to reinstall your operating system. Reg Cleaner can be obtained from www.jv16.org

Often a Windows problem can be resolved by entering Safe Mode. This can be done during start-up. When you see the message "Starting Windows" press F4. This should take you into Safe Mode.

Safe Mode loads a minimum of drivers. It allows you to find and fix problems that prevent Windows from loading properly.

Sometimes installing Windows is difficult because of unsuitable BIOS settings. If you keep getting SUWIN error messages (Windows setup) during the Windows installation, then try entering the BIOS and disabling the CPU internal cache. Try to disable the Level 2 (L2) cache if that doesn't work.

Remember to restore all the BIOS settings back to their former settings following installation.

9 Overheating

Central processing units (CPUs) are usually equipped with fans to keep them cool. If the fan fails or if the CPU gets old it may start to overheat and generate a particular kind of error called a kernel error. This is a common problem in chips that have been overclocked to operate at higher speeds than they are supposed to.

One remedy is to get a bigger better fan and install it on top of the CPU. Specialist cooling fans/heatsinks are available from www.computernerd.com or www.coolit.com

CPU problems can often be fixed by disabling the CPU internal cache in the BIOS. This will make the machine run more slowly, but it should also be more stable.

10 Power supply problems

With all the new construction going on around the country the steady supply of electricity has become disrupted. A power surge or spike can crash a computer as easily as a power cut.

If this has become a nuisance for you then consider buying a uninterrupted power supply (UPS). This will give you a clean power supply when there is electricity, and it will give you a few minutes to perform a controlled shutdown in case of a power cut.

It is a good investment if your data are critical, because a power cut will cause any unsaved data to be lost.

Installing IIS On Windows Xp Pro

Installing Iis On Windows Xp Pro

If you are running Windows XP Professional on your computer you can install Microsoft's web server, Internet Information Server 5.1 (IIS) for free from the Windows XP Pro installation CD and configure it to run on your system by following the instructions below: -

1. Place the Windows XP Professional CD-Rom into your CD-Rom Drive.

2. Open 'Add/Remove Windows Components' found in 'Add/Remove Programs' in the 'Control Panel'.

3. Place a tick in the check box for 'Internet Information Services (IIS)' leaving all the default installation settings intact.

4. Once IIS is installed on your machine you can view your home page in a web browser by typing 'http://localhost' (you can substitute 'localhost' for the name of your computer) into the address bar of your web browser. If you have not placed your web site into the default directory you should now be looking at the IIS documentation.

5. If you are not sure of the name of your computer right-click on the 'My Computer' icon on your desktop, select 'Properties' from the shortcut menu, and click on the 'Computer Name' tab.

6. Your default web directory to place your web site in is 'C:\Inetpub\wwwroot', but if you don't want to over write the IIS documentation found in this directory you can set up your own virtual directory through the 'Internet Information Services' console.

7. The 'Internet Information Services' console can be found in the 'Administration Tools' in the 'Control Panel' under 'Performance and Maintenance', if you do not have the control panel in Classic View.

8. Double-click on the 'Internet Information Services' icon.

8. Once the 'Internet Information Services' console is open you will see any IIS web services you have running on your machine including the SMTP server and FTP server, if you chose to install them with IIS.

9. To add a new virtual directory right click on 'Default Web Site' and select 'New', followed by 'Virtual Directory', from the drop down list.

7. Next you will see the 'Virtual Directory Creation Wizard' from the first screen click the 'next' button.

9. You will then be asked to type in an 'Alias' by which you will access the virtual directory from your web browser (this is the name you will type into your web browser after 'localhost' to view any web pages you place in the directory).

10. Next you will see a 'Browse...' button, click on this to select the directory your web site pages are in on your computer, after which click on the 'next' button to continue.

11. On the final part of the wizard you will see a series of boxes, if you are not worried about security then select them all, if you are and want to run ASP scripts then check the first two, followed by the 'next' button.

12. Once the virtual directory is created you can view the web pages in the folder by typing 'http://localhost/aliasName' (where 'aliasName' is, place the alias you called the virtual directory) into the address bar of your web browser (you can substitute 'localhost' for the name of your computer if you wish).

Evolution Of Computer Viruses History Of Viruses

part 1

Like any other field in computer science, viruses have evolved -a great deal indeed- over the years. In the series of press releases which start today, we will look at the origins and evolution of malicious code since it first appeared up to the present.

Going back to the origin of viruses, it was in 1949 that Mathematician John Von Neumann described self-replicating programs which could resemble computer viruses as they are known today. However, it was not until the 60s that we find the predecessor of current viruses. In that decade, a group of programmers developed a game called Core Wars, which could reproduce every time it was run, and even saturate the memory of other players’ computers. The creators of this peculiar game also created the first antivirus, an application named Reeper, which could destroy copies created by Core Wars.

However, it was only in 1983 that one of these programmers announced the existence of Core Wars, which was described the following year in a prestigious scientific magazine: this was actually the starting point of what we call computer viruses today.

At that time, a still young MS-DOS was starting to become the preeminent operating system worldwide. This was a system with great prospects, but still many deficiencies as well, which arose from software developments and the lack of many hardware elements known today. Even like this, this new operating system became the target of a virus in 1986: Brain, a malicious code created in Pakistan which infected boot sectors of disks so that their contents could not be accessed. That year also saw the birth of the first Trojan: an application called PC-Write.

Shortly after, virus writers realized that infecting files could be even more harmful to systems. In 1987, a virus called Suriv-02 appeared, which infected COM files and opened the door to the infamous viruses Jerusalem or Viernes 13. However, the worst was still to come: 1988 set the date when the “Morris worm” appeared, infecting 6,000 computers.

From that date up to 1995 the types of malicious codes that are known today started being developed: the first macro viruses appeared, polymorphic viruses … Some of these even triggered epidemics, such as MichaelAngelo. However, there was an event that changed the virus scenario worldwide: the massive use of the Internet and e-mail. Little by little, viruses started adapting to this new situation until the appearance, in 1999, of Melissa, the first malicious code to cause a worldwide epidemic, opening a new era for computer viruses.

part 2

This second installment of ‘The evolution of viruses’ will look at how malicious code used to spread before use of the Internet and e-mail became as commonplace as it is today, and the main objectives of the creators of those earlier viruses.
Until the worldwide web and e-mail were adopted as a standard means of communication the world over, the main mediums through which viruses spread were floppy disks, removable drives, CDs, etc., containing files that were already infected or with the virus code in an executable boot sector.

When a virus entered a system it could go memory resident, infecting other files as they were opened, or it could start to reproduce immediately, also infecting other files on the system. The virus code could also be triggered by a certain event, for example when the system clock reached a certain date or time. In this case, the virus creator would calculate the time necessary for the virus to spread and then set a date –often with some particular significance- for the virus to activate. In this way, the virus would have an incubation period during which it didn’t visibly affect computers, but just spread from one system to another waiting for ‘D-day’ to launch its payload. This incubation period would be vital to the virus successfully infecting as many computers as possible.

One classic example of a destructive virus that lay low before releasing its payload was CIH, also known as Chernobyl. The most damaging version of this malicious code activated on April 26, when it would try to overwrite the flash-BIOS, the memory which includes the code needed to control PC devices. This virus, which first appeared in June 1998, had a serious impact for over two years and still continues to infect computers today.

Because of the way in which they propagate, these viruses spread very slowly, especially in comparison to the speed of today’s malicious code. Towards the end of the Eighties, for example, the Friday 13th (or Jerusalem) virus needed a long time to actually spread and continued to infect computers for some years. In contrast, experts reckon that in January 2003, SQLSlammer took just ten minutes to cause global communication problems across the Internet.

Notoriety versus stealth

For the most part, in the past, the activation of a malicious code triggered a series of on screen messages or images, or caused sounds to be emitted to catch the user’s attention. Such was the case with the Ping Pong virus, which displayed a ball bouncing from one side of the screen to another. This kind of elaborate display was used by the creator of the virus to gain as much notoriety as possible. Nowadays however, the opposite is the norm, with virus authors trying to make malicious code as discreet as possible, infecting users’ systems without them noticing that anything is amiss.

pat 3

This third installment of ‘The evolution of viruses’ will look at how the Internet and e-mail changed the propagation techniques used by computer viruses.

Internet and e-mail revolutionized communications. However, as expected, virus creators didn’t take long to realize that along with this new means of communication, an excellent way of spreading their creations far and wide had also dawned. Therefore, they quickly changed their aim from infecting a few computers while drawing as much attention to themselves as possible, to damaging as many computers as possible, as quickly as possible. This change in strategy resulted in the first global virus epidemic, which was caused by the Melissa worm.

With the appearance of Melissa, the economic impact of a virus started to become an issue. As a result, users -above all companies- started to become seriously concerned about the consequences of viruses on the security of their computers. This is how users discovered antivirus programs, which started to be installed widely. However, this also brought about a new challenge for virus writers, how to slip past this protection and how to persuade users to run infected files.

The answer to which of these virus strategies was the most effective came in the form of a new worm: Love Letter, which used a simple but effective ruse that could be considered an early type of social engineering. This strategy involves inserting false messages that trick users into thinking that the message includes anything, except a virus. This worm’s bait was simple; it led users to believe that they had received a love letter.

This technique is still the most widely used. However, it is closely followed by another tactic that has been the center of attention lately: exploiting vulnerabilities in commonly used software. This strategy offers a range of possibilities depending on the security hole exploited. The first malicious code to use this method –and quite successfully- were the BubbleBoy and Kakworm worms. These worms exploited a vulnerability in Internet Explorer by inserting HTML code in the body of the e-mail message, which allowed them to run automatically, without needing the user to do a thing.

Vulnerabilities allow many different types of actions to be carried out. For example, they allow viruses to be dropped on computers directly from the Internet -such as the Blaster worm-. In fact, the effects of the virus depend on the vulnerability that the virus author tries to exploit.

part 4

In the early days of computers, there were relatively few PCs likely to contain “sensitive” information, such as credit card numbers or other financial data, and these were generally limited to large companies that had already incorporated computers into working processes.

In any event, information stored in computers was not likely to be compromised, unless the computer was connected to a network through which the information could be transmitted. Of course, there were exceptions to this and there were cases in which hackers perpetrated frauds using data stored in IT systems. However, this was achieved through typical hacking activities, with no viruses involved.

The advent of the Internet however caused virus creators to change their objectives, and, from that moment on, they tried to infect as many computers as possible in the shortest time. Also, the introduction of Internet services -like e-banking or online shopping- brought in another change. Some virus creators started writing malicious codes not to infect computers, but, to steal confidential data associated to those services. Evidently, to achieve this, they needed viruses that could infect many computers silently.

Their malicious labor was finally rewarded with the appearance, in 1986, of a new breed of malicious code generically called “Trojan Horse”, or simply “Trojan”. This first Trojan was called PC-Write and tried to pass itself off as the shareware version of a text processor. When run, the Trojan displayed a functional text processor on screen. The problem was that, while the user wrote, PC-Write deleted and corrupted files on the computers’ hard disk.

After PC-Write, this type of malicious code evolved very quickly to reach the stage of present-day Trojans. Today, many of the people who design Trojans to steal data cannot be considered virus writers but simply thieves who, instead of using blowtorches or dynamite have turned to viruses to commit their crimes. Ldpinch.W or the Bancos or Tolger families of Trojans are examples of this

part 5

Even though none of them can be left aside, some particular fields of computer science have played a more determinant role than others with regard to the evolution of viruses. One of the most influential fields has been the development of programming languages.

These languages are basically a means of communication with computers in order to tell them what to do. Even though each of them has its own specific development and formulation rules, computers in fact understand only one language called "machine code".

Programming languages act as an interpreter between the programmer and the computer. Obviously, the more directly you can communicate with the computer, the better it will understand you, and more complex actions you can ask it to perform.

According to this, programming languages can be divided into "low and high level" languages, depending on whether their syntax is more understandable for programmers or for computers. A "high level" language uses expressions that are easily understandable for most programmers, but not so much for computers. Visual Basic and C are good examples of this type of language.

On the contrary, expressions used by "low level" languages are closer to machine code, but are very difficult to understand for someone who has not been involved in the programming process. One of the most powerful, most widely used examples of this type of language is "assembler".

In order to explain the use of programming languages through virus history, it is necessary to refer to hardware evolution. It is not difficult to understand that an old 8-bit processor does not have the power of modern 64-bit processors, and this of course, has had an impact on the programming languages used.

In this and the next installments of this series, we will look at the different programming languages used by virus creators through computer history:

- Virus antecessors: Core Wars

As was already explained in the first chapter of this series, a group of programs called Core Wars, developed by engineers at an important telecommunications company, are considered the antecessors of current-day viruses. Computer science was still in the early stages and programming languages had hardly developed. For this reason, authors of these proto-viruses used a language that was almost equal to machine code to program them.

Curiously enough, it seems that one of the Core Wars programmers was Robert Thomas Morris, whose son programmed -years later- the "Morris worm". This malicious code became extraordinarily famous since it managed to infect 6,000 computers, an impressive figure for 1988.

- The new gurus of the 8-bits and the assembler language.

The names Altair, IMSAI and Apple in USA and Sinclair, Atari and Commodore in Europe, bring memories of times gone by, when a new generation of computer enthusiasts "fought" to establish their place in the programming world. To be the best, programmers needed to have profound knowledge of machine code and assembler, as interpreters of high-level languages used too much run time. BASIC, for example, was a relatively easy to learn language which allowed users to develop programs simply and quickly. It had however, many limitations.

This caused the appearance of two groups of programmers: those who used assembler and those who turned to high-level languages (BASIC and PASCAL, mainly).

Computer aficionados of the time enjoyed themselves more by programming useful software than malware. However, 1981 saw the birth of what can be considered the first 8-bit virus. Its name was "Elk Cloner", and was programmed in machine code. This virus could infect Apple II systems and displayed a message when it infected a computer.

part 6

Computer viruses evolve in much the same way as in other areas of IT. Two of the most important factors in understanding how viruses have reached their current level are the development of programming languages and the appearance of increasingly powerful hardware.

In 1981, almost at the same time as Elk Kloner (the first virus for 8-bit processors) made its appearance, a new operating system was growing in popularity. Its full name was Microsoft Disk Operating System, although computer buffs throughout the world would soon refer to it simply as DOS.

DOS viruses

The development of MS DOS systems occurred in parallel to the appearance of new, more powerful hardware. Personal computers were gradually establishing themselves as tools that people could use in their everyday lives, and the result was that the number of PCs users grew substantially. Perhaps inevitably, more users also started creating viruses. Gradually, we witnessed the appearance of the first viruses and Trojans for DOS, written in assembler language and demonstrating a degree of skill on the part of their authors.

Far less programmers know assembler language than are familiar with high-level languages that are far easier to learn. Malicious code written in Fortran, Basic, Cobol, C or Pascal soon began to appear. The last two languages, which are well established and very powerful, are the most widely used, particularly in their TurboC and Turbo Pascal versions. This ultimately led to the appearance of “virus families”: that is, viruses that are followed by a vast number of related viruses which are slightly modified forms of the original code.

Other users took the less ‘artistic’ approach of creating destructive viruses that did not require any great knowledge of programming. As a result, batch processing file viruses or BAT viruses began to appear.

Win16 viruses

The development of 16-bit processors led to a new era in computing. The first consequence was the birth of Windows, which, at the time, was just an application to make it easier to handle DOS using a graphic interface.

The structure of Windows 3.xx files is rather difficult to understand, and the assembler language code is very complicated, as a result of which few programmers initially attempted to develop viruses for this platform. But this problem was soon solved thanks to the development of programming tools for high-level languages, above all Visual Basic. This application is so effective that many virus creators adopted it as their ‘daily working tool’. This meant that writing a virus had become a very straightforward task, and viruses soon appeared in their hundreds. This development was accompanied by the appearance of the first Trojans able to steal passwords. As a result, more than 500 variants of the AOL Trojan family -designed to steal personal information from infected computers- were identified.

part 7

This seventh edition on the history of computer viruses will look at how the development of Windows and Visual Basic has influenced the evolution of viruses, as with the development of these, worldwide epidemics also evolved such as the first one caused by Melissa in 1999.

While Windows changed from being an application designed to make DOS easier to manage to a 32-bit platform and operating system in its own right, virus creators went back to using assembler as the main language for programming viruses.

Versions 5 and 6 of Visual Basic (VB) were developed, making it the preferred tool, along with Borland Delphi (the Pascal development for the Windows environment), for Trojan and worm writers. Then, Visual C, a powerful environment developed in C for Windows, was adopted for creating viruses, Trojans and worms. This last type of malware gained unusual strength, taking over almost all other types of viruses. Even though the characteristics of worms have changed over time, they all have the same objective: to spread to as many computers as possible, as quickly as possible.

With time, Visual Basic became extremely popular and Microsoft implemented part of the functionality of this language as an interpreter capable of running script files with a similar syntax.

At the same time as the Win32 platform was implemented, the first script viruses also appeared: malware inside a simple text file. These demonstrated that not only executable files (.EXE and .COM files) could carry viruses. As already seen with BAT viruses, there are also other means of propagation, proving the saying "anything that can be executed directly or through a interpreter can contain malware." To be specific, the first viruses that infected the macros included in Microsoft Office emerged. As a result, Word, Excel, Access and PowerPoint become ways of spreading ‘lethal weapons’, which destroyed information when the user simply opened a document.

Melissa and self-executing worms

The powerful script interpreters in Microsoft Office allowed virus authors to arm their creations with the characteristics of worms. A clear example is Melissa, a Word macro virus with the characteristics of a worm that infects Word 97 and 2000 documents. This worm automatically sends itself out as an attachment to an e-mail message to the first 50 contacts in the Outlook address book on the affected computer. This technique, which has unfortunately become very popular nowadays, was first used in this virus which, in 1999, caused one of the largest epidemics in computer history in just a few days. In fact, companies like Microsoft, Intel or Lucent Technologies had to block their connections to the Internet due to the actions of Melissa.

The technique started by Melissa was developed in 1999 by viruses like VBS/Freelink, which unlike its predecessor sent itself out to all the contacts in the address book on the infected PC. This started a new wave of worms capable of sending themselves out to all the contacts in the Outlook address book on the infected computer. Of these, the worm that most stands out from the rest is VBS/LoveLetter, more commonly known as ‘I love You’, which emerged in May 2000 and caused an epidemic that caused damage estimated at 10,000 million euros. In order to get the user’s attention and help it to spread, this worm sent itself out in an e-mail message with the subject ‘ILOVEYOU’ and an attached file called ‘LOVE-LETTER-FOR-YOU.TXT.VBS’. When the user opened this attachment, the computer was infected.

As well as Melissa, in 1999 another type of virus emerged that also marked a milestone in virus history. In November of that year, VBS/BubbleBoy appeared, a new type of Internet worm written in VB Script. VBS/BubbleBoy was automatically run without the user needing to click on an attached file, as it exploited a vulnerability in Internet Explorer 5 to automatically run when the message was opened or viewed. This worm was followed in 2000 by JS/Kak.Worm, which spread by hiding behind Java Script in the auto-signature in Microsoft Outlook Express, allowing it to infect computers without the user needing to run an attached file. These were the first samples of a series of worms, which were joined later on by worms capable of attacking computers when the user is browsing the Internet.

Computer Matinence

You may not realize it, but your computer and your car have something in common: they both need regular maintenance. No, you don't need to change your computer's oil. But you should be updating your software, keeping your antivirus subscription up to date, and checking for spyware. Read on to learn what you can do to help improve your computer's security.

Getting started

Here are some basics maintenance tasks you can do today to start improving your computer's security. Be sure you make these part of your ongoing maintenance as well.

* Sign up for software update e-mail notices. Many software companies will send you e-mail whenever a software update is available. This is particularly important for your operating system (e.g., Microsoft VV!|VD0VV$® or Macintosh), your antivirus program, and your firewall.
* Register your software. If you still have registration forms for existing software, send them in. And be sure to register new software in the future. This is another way for the software manufacturer to alert you when new updates are available.
* Install software updates immediately.
When you get an update notice, download the update immediately and install it. (Remember, downloading and installing are two separate tasks.)
An ounce of prevention

A few simple steps will help you keep your files safe and clean.

* Step 1: Update your software
* Step 2: Backup your files
* Step 3: Use antivirus software and keep it updated
* Step 4: Change your passwords

Developing ongoing maintenance practices

Now that you've done some ground work, it's time to start moving into longer term maintenance tasks. These are all tasks that you should do today (or as soon as possible) to get started. But for best results, make these a part of a regular maintenance schedule. We recommend setting aside time each week to help keep your computer secure.

* Back up your files. Backing up your files simply means creating a copy of your computer files that you can use in the event the originals are lost. (Accidents can happen.) To learn more read our tips for backing up information.

* Scan your files with up to date antivirus software. Use your antivirus scan tool regularly to search for potential computer viruses and worms. Also, check your antivirus program's user manual to see if you can schedule an automatic scan of your computer. To learn more, read our tips for reducing your virus risk
.
* Change your passwords. Using the same password increases the odds that someone else will discover it. Change all of your passwords regularly (we recommend monthly) to reduce your risk. Also, choose your passwords carefully. To learn more, read our tips for creating stronger passwords
.

Making a schedule

One of the best ways to help protect your computer is to perform maintenance regularly. To help you keep track, we suggest making a regular "appointment" with your computer. Treat it like you would any other appointment. Record it in your datebook or online calendar, and if you cannot make it, reschedule. Remember, you are not only helping to improve your computer, you are also helping to protect your personal information.

Best Keyboard Shortcuts

Getting used to using your keyboard exclusively and leaving your mouse behind will make you much more efficient at performing any task on any Windows system. I use the following keyboard shortcuts every day:

Windows key + R = Run menu

This is usually followed by:
cmd = Command Prompt
iexplore + "web address" = Internet Explorer
compmgmt.msc = Computer Management
dhcpmgmt.msc = DHCP Management
dnsmgmt.msc = DNS Management
services.msc = Services
eventvwr = Event Viewer
dsa.msc = Active Directory Users and Computers
dssite.msc = Active Directory Sites and Services
Windows key + E = Explorer

ALT + Tab = Switch between windows

ALT, Space, X = Maximize window

CTRL + Shift + Esc = Task Manager

Windows key + Break = System properties

Windows key + F = Search

Windows key + D = Hide/Display all windows

CTRL + C = copy

CTRL + X = cut

CTRL + V = paste

Also don't forget about the "Right-click" key next to the right Windows key on your keyboard. Using the arrows and that key can get just about anything done once you've opened up any program.

Keyboard Shortcuts

[Alt] and [Esc] Switch between running applications

[Alt] and letter Select menu item by underlined letter

[Ctrl] and [Esc] Open Program Menu

[Ctrl] and [F4] Close active document or group windows (does not work with some applications)

[Alt] and [F4] Quit active application or close current window

[Alt] and [-] Open Control menu for active document

Ctrl] Lft., Rt. arrow Move cursor forward or back one word

Ctrl] Up, Down arrow Move cursor forward or back one paragraph

[F1] Open Help for active application

Windows+M Minimize all open windows

Shift+Windows+M Undo minimize all open windows

Windows+F1 Open Windows Help

Windows+Tab Cycle through the Taskbar buttons

Windows+Break Open the System Properties dialog box

acessability shortcuts

Right SHIFT for eight seconds........ Switch FilterKeys on and off.

Left ALT +left SHIFT +PRINT SCREEN....... Switch High Contrast on and off.

Left ALT +left SHIFT +NUM LOCK....... Switch MouseKeys on and off.

SHIFT....... five times Switch StickyKeys on and off.

NUM LOCK...... for five seconds Switch ToggleKeys on and off.

explorer shortcuts

END....... Display the bottom of the active window.

HOME....... Display the top of the active window.

NUM LOCK+ASTERISK....... on numeric keypad (*) Display all subfolders under the selected folder.

NUM LOCK+PLUS SIGN....... on numeric keypad (+) Display the contents of the selected folder.

NUM LOCK+MINUS SIGN....... on numeric keypad (-) Collapse the selected folder.

LEFT ARROW...... Collapse current selection if it's expanded, or select parent folder.

RIGHT ARROW....... Display current selection if it's collapsed, or select first subfolder.

Type the following commands in your Run Box (Windows Key + R) or Start Run

devmgmt.msc = Device Manager
msinfo32 = System Information
cleanmgr = Disk Cleanup
ntbackup = Backup or Restore Wizard (Windows Backup Utility)
mmc = Microsoft Management Console
excel = Microsoft Excel (If Installed)
msaccess = Microsoft Access (If Installed)
powerpnt = Microsoft PowerPoint (If Installed)
winword = Microsoft Word (If Installed)
frontpg = Microsoft FrontPage (If Installed)
notepad = Notepad
wordpad = WordPad
calc = Calculator
msmsgs = Windows Messenger
mspaint = Microsoft Paint
wmplayer = Windows Media Player
rstrui = System Restore
netscp6 = Netscape 6.x
netscp = Netscape 7.x
netscape = Netscape 4.x
waol = America Online
control = Opens the Control Panel
control printers = Opens the Printers Dialog

internetbrowser

type in u're adress "google", then press [Right CTRL] and [Enter]
add www. and .com to word and go to it

For Windows XP:

Copy. CTRL+C
Cut. CTRL+X
Paste. CTRL+V
Undo. CTRL+Z
Delete. DELETE
Delete selected item permanently without placing the item in the Recycle Bin. SHIFT+DELETE
Copy selected item. CTRL while dragging an item
Create shortcut to selected item. CTRL+SHIFT while dragging an item
Rename selected item. F2
Move the insertion point to the beginning of the next word. CTRL+RIGHT ARROW
Move the insertion point to the beginning of the previous word. CTRL+LEFT ARROW
Move the insertion point to the beginning of the next paragraph. CTRL+DOWN ARROW
Move the insertion point to the beginning of the previous paragraph. CTRL+UP ARROW
Highlight a block of text. CTRL+SHIFT with any of the arrow keys
Select more than one item in a window or on the desktop, or select text within a document. SHIFT with any of the arrow keys
Select all. CTRL+A
Search for a file or folder. F3
View properties for the selected item. ALT+ENTER
Close the active item, or quit the active program. ALT+F4
Opens the shortcut menu for the active window. ALT+SPACEBAR
Close the active document in programs that allow you to have multiple documents open simultaneously. CTRL+F4
Switch between open items. ALT+TAB
Cycle through items in the order they were opened. ALT+ESC
Cycle through screen elements in a window or on the desktop. F6
Display the Address bar list in My Computer or Windows Explorer. F4
Display the shortcut menu for the selected item. SHIFT+F10
Display the System menu for the active window. ALT+SPACEBAR
Display the Start menu. CTRL+ESC
Display the corresponding menu. ALT+Underlined letter in a menu name
Carry out the corresponding command. Underlined letter in a command name on an open menu
Activate the menu bar in the active program. F10
Open the next menu to the right, or open a submenu. RIGHT ARROW
Open the next menu to the left, or close a submenu. LEFT ARROW
Refresh the active window. F5
View the folder one level up in My Computer or Windows Explorer. BACKSPACE
Cancel the current task. ESC
SHIFT when you insert a CD into the CD-ROM drive Prevent the CD from automatically playing.

Use these keyboard shortcuts for dialog boxes:

To Press
Move forward through tabs. CTRL+TAB
Move backward through tabs. CTRL+SHIFT+TAB
Move forward through options. TAB
Move backward through options. SHIFT+TAB
Carry out the corresponding command or select the corresponding option. ALT+Underlined letter
Carry out the command for the active option or button. ENTER
Select or clear the check box if the active option is a check box. SPACEBAR
Select a button if the active option is a group of option buttons. Arrow keys
Display Help. F1
Display the items in the active list. F4
Open a folder one level up if a folder is selected in the Save As or Open dialog box. BACKSPACE

If you have a Microsoft Natural Keyboard, or any other compatible keyboard that includes the Windows logo key and the Application key , you can use these keyboard shortcuts:

Display or hide the Start menu. WIN Key
Display the System Properties dialog box. WIN Key+BREAK
Show the desktop. WIN Key+D
Minimize all windows. WIN Key+M
Restores minimized windows. WIN Key+Shift+M
Open My Computer. WIN Key+E
Search for a file or folder. WIN Key+F
Search for computers. CTRL+WIN Key+F
Display Windows Help. WIN Key+F1
Lock your computer if you are connected to a network domain, or switch users if you are not connected to a network domain. WIN Key+ L
Open the Run dialog box. WIN Key+R
Open Utility Manager. WIN Key+U

accessibility keyboard shortcuts:

Switch FilterKeys on and off. Right SHIFT for eight seconds
Switch High Contrast on and off. Left ALT+left SHIFT+PRINT SCREEN
Switch MouseKeys on and off. Left ALT +left SHIFT +NUM LOCK
Switch StickyKeys on and off. SHIFT five times
Switch ToggleKeys on and off. NUM LOCK for five seconds
Open Utility Manager. WIN Key+U

shortcuts you can use with Windows Explorer:

Display the bottom of the active window. END
Display the top of the active window. HOME
Display all subfolders under the selected folder. NUM LOCK+ASTERISK on numeric keypad (*)
Display the contents of the selected folder. NUM LOCK+PLUS SIGN on numeric keypad (+)
Collapse the selected folder. NUM LOCK+MINUS SIGN on numeric keypad (-)
Collapse current selection if it's expanded, or select parent folder. LEFT ARROW
Display current selection if it's collapsed, or select first subfolder. RIGHT ARROW