Friday, August 22, 2008

Trojan Ports

TCP 1 Breach.2001, SocketsDeTroie.230, SocketsDeTroie.250
TCP 28 Amanda.200
TCP 31 MastersParadise.920
TCP 68 Subseven.100
TCP 142 NetTaxi.180
TCP 146 Infector.141, Intruder.100, Intruder.100
TCP 171 ATrojan.200
TCP 285 WCTrojan.100
TCP 286 WCTrojan.100
TCP 334 Backage.310
TCP 370 NeuroticKat.120, NeuroticKat.130
TCP 413 Coma.109
TCP 420 Breach.450
TCP 555 Id2001.100, PhaseZero.100, StealthSpy.100
TCP 623 Rtb666.160
TCP 660 Zaratustra.100
TCP 661 Noknok.800, Noknok.820
TCP 666 BackConstruction.210, BackConstruction.250, Bla.100, Bla.200, Bla.400, Bla.503, Cain.150, Dimbus.100, Noknok.820, Ripper.100, SatansBackdoor.100, SatansBackdoor.101, SatansBackdoor.102, Unicorn.100, Unicorn.101, Unicorn.110
TCP 667 SniperNet.210, Snipernet.220
TCP 668 Unicorn.101, Unicorn.110
TCP 680 Rtb666.160
TCP 777 Tiny.100, Undetected.230, Undetected.300, Undetected.310, Undetected.320, Undetected.330, Undetected.331, Undetected.332
TCP 785 NetworkTerrorist.100
TCP 800 NeuroticKitten.010
TCP 831 NeuroticKat.100, NeuroticKat.120, NeuroticKat.130
TCP 901 NetDevil.130, NetDevil.140
TCP 1000 DerSpaeher.200
TCP 1001 Silencer.100
TCP 1008 AutoSpy.100
TCP 1010 DerSpaeher.200
TCP 1015 Doly.150
TCP 1111 TPort.100
TCP 1130 Noknok.800, Noknok.820
TCP 1207 SoftWAR.100
TCP 1243 Subseven.100, SubSeven.110, SubSeven.180, SubSeven.190, Subseven.200
TCP 1245 VoodooDoll.006
TCP 1269 Matrix.130
TCP 1480 RemoteHack.130
TCP 1568 RemoteHack.100, RemoteHack.110
TCP 1600 DirectConnection.100
TCP 1601 DirectConnection.100
TCP 1602 DirectConnection.100
TCP 1634 NetCrack.100
TCP 1784 Snid.120, Snid.212
TCP 1999 TransmissionScout.100, TransmissionScout.110
TCP 2000 ATrojan.200, InsaneNetwork.400
TCP 2001 DIRT.220, TrojanCow.100
TCP 2003 TransmissionScout.100, TransmissionScout.110
TCP 2023 RipperPro.100
TCP 2040 InfernoUploader.100
TCP 2115 Bugs.100
TCP 2140 DeepThroat.100, DeepThroat.200, DeepThroat.310
TCP 2332 SilentSpy.202
TCP 2589 Dagger.140
TCP 2600 DigitalRootbeer.100
TCP 2989 Rat.200
TCP 3128 MastersParadise.970
TCP 3129 MastersParadise.920, MastersParadise.970
TCP 3150 DeepThroat.100, DeepThroat.200, DeepThroat.310, MiniBacklash.110
TCP 3215 BlackStar.100, Ghost.230
TCP 3333 Daodan.123
TCP 3410 OptixPro.100, OptixPro.110
TCP 3456 Force.155, TerrorTrojan.100
TCP 3505 AutoSpy.130, AutoSpy.140
TCP 3586 Snid.120, Snid.212
TCP 3700 PortalOfDoom.100
TCP 3723 Mantis.100
TCP 3800 Eclypse.100
TCP 3996 RemoteAnything.364
TCP 4000 SkyDance.220, SkyDance.229
TCP 4201 Wartrojan.160, Wartrojan.200
TCP 4225 SilentSpy.202
TCP 4321 Bobo.100
TCP 4444 AlexTrojan.200, Crackdown.100
TCP 4488 EventHorizon.100
TCP 4523 Celine.100
TCP 4545 InternalRevise.100, RemoteRevise.150
TCP 4567 FileNail.100
TCP 4666 Mneah.100
TCP 4950 ICQTrojan.100
TCP 5005 Aladino.060
TCP 5025 Keylogger.WMRemote.100
TCP 5031 NetMetro.104
TCP 5032 NetMetro.104
TCP 5033 NetMetro.104
TCP 5050 RoxRat.100
TCP 5151 OptixLite.020, OptixLite.030, OptixLite.040
TCP 5190 MBomber.100
TCP 5277 WinShell.400
TCP 5343 WCRat.100
TCP 5400 BackConstruction.120, BackConstruction.150, BladeRunner.080, DeepThroat.300
TCP 5401 BackConstruction.120, BackConstruction.150, BackConstruction.210, BackConstruction.250, BladeRunner.080, DeepThroat.300, Mneah.100
TCP 5402 BackConstruction.210, BackConstruction.250, BladeRunner.080, DeepThroat.300, Mneah.100
TCP 5534 TheFlu.100
TCP 5550 XTCP.200, XTCP.201
TCP 5555 Noxcape.100, Noxcape.200
TCP 5695 Assassin.100
TCP 5714 WinCrash.100
TCP 5741 WinCrash.100
TCP 5742 WinCrash.103
TCP 5802 Y3KRat.160
TCP 5810 Y3KRat.160
TCP 5838 Y3KRat.170
TCP 5858 Y3KRat.110, Y3KRat.120, Y3KRat.140
TCP 5880 Y3KRat.140
TCP 5881 Y3KRat.110, Y3KRat.120, Y3KRat.140
TCP 5882 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150
TCP 5883 Y3KRat.110, Y3KRat.140
TCP 5884 Y3KRat.140, Y3KRat.150
TCP 5885 Y3KRat.110, Y3KRat.120, Y3KRat.140
TCP 5886 Y3KRat.120, Y3KRat.140
TCP 5887 Y3KRat.110, Y3KRat.120, Y3KRat.140
TCP 5888 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150
TCP 5889 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150
TCP 5890 Y3KRat.140
TCP 6400 Thething.100, Thething.150
TCP 6556 AutoSpy.120, AutoSpy.122
TCP 6655 Aqua.020
TCP 6660 LameSpy.095
TCP 6666 LameRemote.100, ProjectMayhem.100
TCP 6669 Vampire.100
TCP 6670 DeepThroat.200, DeepThroat.210
TCP 6671 DeepThroat.310
TCP 6699 HostControl.101
TCP 6711 DeepThroat.300, Noknok.820, SubSeven.180, SubSeven.190
TCP 6712 Subseven.100
TCP 6713 Subseven.100
TCP 6767 NTRC.120
TCP 6776 SubSeven.180, SubSeven.190, Subseven.200
TCP 6789 Doly.200
TCP 6796 SubSeven.214
TCP 6912 ShitHeep.100
TCP 6939 Indoctrination.100
TCP 6953 Lithium.100
TCP 6969 2000Cracks.100, Bigorna.100, Danton.110, Danton.210, Danton.220, Danton.310, Danton.320, Danton.330, GateCrasher.110, NetController.108, Sparta.110, VagrNocker.120
TCP 6970 Danton.330
TCP 7001 Freak88.100
TCP 7119 Massaker.100
TCP 7200 Massaker.110
TCP 7300 Coced.221
TCP 7301 Coced.221
TCP 7306 NetSpy.200, NetSpy.200
TCP 7410 Phoenix.190, Phoenix.200
TCP 7511 Genue.100
TCP 7609 Snid.120, Snid.212
TCP 7614 Wollf.130
TCP 7648 BlackStar.100, Ghost.230
TCP 7788 Last.2000, Matrix.200
TCP 7826 MiniOblivion.010, Oblivion.010
TCP 7887 SmallFun.110
TCP 7891 Revenger.100
TCP 7979 VagrNocker.200
TCP 7997 VagrNocker.200
TCP 8000 XConsole.100
TCP 8011 Way.240
TCP 8012 Ptakks.215, Ptakks.217
TCP 8110 LoseLove.100
TCP 8111 LoseLove.100
TCP 8301 LoseLove.100
TCP 8302 LoseLove.100
TCP 8372 NetBoy.100
TCP 8720 Connection.130
TCP 8734 AutoSpy.110
TCP 8811 Force.155
TCP 8899 Last.2000
TCP 9000 Aristotles.100
TCP 9301 LoseLove.100
TCP 9400 InCommand.100, InCommand.110, InCommand.120, InCommand.130, InCommand.140, InCommand.150, InCommand.153, InCommand.160, InCommand.167, InCommand.170
TCP 9401 InCommand.100, InCommand.110, InCommand.170
TCP 9402 InCommand.100, InCommand.110
TCP 9561 CRatPro.110
TCP 9563 CRatPro.110
TCP 9580 TheefLE.100
TCP 9696 Danton.210, Ghost.230
TCP 9697 Danton.320, Danton.330, Ghost.230
TCP 9870 R3C.100
TCP 9872 PortalOfDoom.100
TCP 9873 PortalOfDoom.100
TCP 9874 PortalOfDoom.100
TCP 9875 PortalOfDoom.100
TCP 9876 Rux.100, SheepGoat.100
TCP 9877 SmallBigBrother.020
TCP 9878 SmallBigBrother.020, TransmissionScout.100, TransmissionScout.110, TransmissionScout.120
TCP 9879 SmallBigBrother.020
TCP 9999 ForcedEntry.100, Infra.100, Prayer.120, Prayer.130, TakeOver.200, TakeOver.300
TCP 10001 DTr.130, DTr.140
TCP 10013 Amanda.200
TCP 10067 PortalOfDoom.100
TCP 10100 Gift.240
TCP 10101 NewSilencer.100
TCP 10167 PortalOfDoom.100
TCP 10528 HostControl.100, HostControl.260
TCP 10607 Coma.109
TCP 10666 Ambush.100
TCP 11011 Amanda.200
TCP 11050 HostControl.101
TCP 11051 HostControl.100, HostControl.260
TCP 11223 AntiNuke.100, Progenic.100, Progenic.110
TCP 11225 Cyn.100, Cyn.103, Cyn.120
TCP 11306 Noknok.800, Noknok.820
TCP 11831 Katux.200, Latinus.140, Latinus.150, Pest.100, Pest.400
TCP 11991 PitfallSurprise.100
TCP 12043 Frenzy.2000
TCP 12345 Fade.100, Netbus.160, Netbus.170, VagrNocker.400
TCP 12346 Netbus.160, Netbus.170
TCP 12348 Bionet.210, Bionet.261, Bionet.280, Bionet.302, Bionet.305, Bionet.311, Bionet.313, Bionet.316, Bionet.317
TCP 12349 Bionet.084, Bionet.261, Bionet.280, Bionet.302, Bionet.305, Bionet.311, Bionet.313, Bionet.314, Bionet.316, Bionet.317, Bionet.401, Bionet.402
TCP 12389 KheSanh.210
TCP 12478 Bionet.210
TCP 12623 Buttman.090, Buttman.100
TCP 12624 Buttman.090, Buttman.100
TCP 12625 Buttman.100
TCP 12904 Akropolis.100, Rocks.100
TCP 13473 Chupacabra.100
TCP 13753 AFTP.010
TCP 14100 Eurosol.100
TCP 14194 CyberSpy.840
TCP 14286 HellDriver.100
TCP 14500 PCInvader.050, PCInvader.060, PCInvader.070
TCP 14501 PCInvader.060, PCInvader.070
TCP 14502 PCInvader.050, PCInvader.060, PCInvader.070
TCP 14503 PCInvader.050, PCInvader.060, PCInvader.070
TCP 14504 PCInvader.050, PCInvader.060
TCP 15092 HostControl.100, HostControl.260
TCP 15382 SubZero.100
TCP 15432 Cyn.210
TCP 15555 ICMIBC.100
TCP 16322 LastDoor.100
TCP 16484 MoSucker.110
TCP 16661 Dfch.010
TCP 16969 Progenic.100
TCP 16982 AcidShiver.100
TCP 17300 Kuang.200
TCP 17499 CrazzyNet.370, CrazzyNet.375, CrazzyNet.521
TCP 17500 CrazzyNet.370, CrazzyNet.375, CrazzyNet.521
TCP 17569 Infector.141, Infector.160, Infector.170, Infector.180, Infector.190, Infector.200, Intruder.100, Intruder.100
TCP 17593 AudioDoor.120
TCP 19191 BlueFire.035, BlueFire.041
TCP 19604 Metal.270
TCP 19605 Metal.270
TCP 19991 Dfch.010
TCP 20000 Millenium.100
TCP 20001 Millenium.100, PshychoFiles.180
TCP 20002 AcidKor.100, PshychoFiles.180
TCP 20005 MoSucker.200, MoSucker.210, MoSucker.220
TCP 21212 Schwindler.182
TCP 21554 Exploiter.100, Exploiter.110, Girlfriend.130, GirlFriend.135
TCP 21579 Breach.2001
TCP 21584 Breach.2001
TCP 21684 Intruse.134
TCP 22068 AcidShiver.110
TCP 22115 Cyn.120
TCP 22222 Prosiak.047, Ruler.141, Rux.300, Rux.400, Rux.500, Rux.600
TCP 22223 Rux.400, Rux.500, Rux.600
TCP 22456 Bla.200, Bla.503
TCP 22457 AcidShiver.120, Bla.200, Bla.503
TCP 22784 Intruzzo.110
TCP 22845 Breach.450
TCP 22847 Breach.450
TCP 23005 Infinaeon.110, NetTrash.100, Oxon.110, WinRat.100
TCP 23006 Infinaeon.110, NetTrash.100, Oxon.110, WinRat.100
TCP 23032 Amanda.200
TCP 23432 Asylum.010, Asylum.012, Asylum.013, Asylum.014, MiniAsylum.110
TCP 23456 EvilFTP.100, VagrNocker.400
TCP 23476 DonaldDick.153, DonaldDick.154, DonaldDick.155
TCP 23477 DonaldDick.153
TCP 24000 Infector.170
TCP 24307 Wildek.020
TCP 25386 MoonPie.220
TCP 25486 MoonPie.220
TCP 25555 FreddyK.100, FreddyK.200
TCP 25556 FreddyK.100
TCP 25685 MoonPie.010, MoonPie.012, MoonPie.130, MoonPie.220, MoonPie.240, MoonPie.400
TCP 25686 MoonPie.135, MoonPie.200, MoonPie.400
TCP 25982 MoonPie.135, MoonPie.200
TCP 26274 Delta.050
TCP 27160 MoonPie.135, MoonPie.200
TCP 27184 Alvgus.100, Alvgus.800
TCP 27374 Muerte.110, Subseven.210, SubSeven.213
TCP 28429 Hack'a'Tack.2000
TCP 28430 Hack'a'Tack.2000
TCP 28431 Hack'a'Tack.2000
TCP 28432 Hack'a'Tack.2000
TCP 28433 Hack'a'Tack.2000
TCP 28434 Hack'a'Tack.2000
TCP 28435 Hack'a'Tack.2000
TCP 28436 Hack'a'Tack.2000
TCP 29559 DuckToy.100, DuckToy.101, Katux.200, Latinus.140, Latinus.150, Pest.100, Pest.400
TCP 29891 Unexplained.100
TCP 30000 Infector.170
TCP 30001 Error32.100
TCP 30003 LamersDeath.100
TCP 30029 AOLTrojan.110
TCP 30100 NetSphere.127, NetSphere.130, NetSphere.131
TCP 30101 NetSphere.127, NetSphere.130, NetSphere.131
TCP 30102 NetSphere.127, NetSphere.130, NetSphere.131
TCP 30103 NetSphere.131
TCP 30947 Intruse.134
TCP 31320 LittleWitch.400, LittleWitch.420
TCP 31337 BackOrifice.120, Khaled.100, OPC.200
TCP 31415 Lithium.101
TCP 31416 Lithium.100, Lithium.101
TCP 31557 Xanadu.110
TCP 31631 CleptoManicos.100
TCP 31745 Buschtrommel.100, Buschtrommel.122
TCP 31785 Hack'a'Tack.100, Hack'a'Tack.112
TCP 31787 Hack'a'Tack.100, Hack'a'Tack.112
TCP 31789 Hack'a'Tack.100, Hack'a'Tack.112
TCP 31791 Hack'a'Tack.100, Hack'a'Tack.112
TCP 31887 BDDT.100
TCP 31889 BDDT.100
TCP 32100 ProjectNext.053
TCP 32418 AcidBattery.100
TCP 32791 Akropolis.100, Rocks.100
TCP 33291 RemoteHak.001
TCP 33333 Blackharaz.100, Prosiak.047, SubSeven.214
TCP 33577 SonOfPsychward.020
TCP 34324 TelnetServer.100
TCP 34763 Infector.180, Infector.190, Infector.200
TCP 35000 Infector.190, Infector.200
TCP 35600 Subsari.140
TCP 36794 BugBear.100
TCP 37237 Mantis.020
TCP 37651 YAT.210
TCP 37653 YAT.310
TCP 40308 Subsari.140
TCP 40412 TheSpy.100
TCP 40421 MastersParadise.970
TCP 40422 MastersParadise.970
TCP 40999 DiemsMutter.110, DiemsMutter.140
TCP 41626 Shah.100
TCP 44444 Prosiak.070
TCP 45673 Akropolis.100, Rocks.100
TCP 47262 Delta.050
TCP 48006 Fragglerock.200
TCP 49683 HolzPferd.210
TCP 50000 Infector.180
TCP 50130 Enterprise.100
TCP 50766 Fore.100
TCP 51234 Cyn.210
TCP 51966 Cafeini.080, Cafeini.110
TCP 54321 PCInvader.010
TCP 57341 NetRaider.100
TCP 57922 Bionet.084
TCP 58008 Tron.100
TCP 58009 Tron.100
TCP 59090 AcidReign.200
TCP 59211 DuckToy.100, DuckToy.101
TCP 59345 NewFuture.100
TCP 60000 DeepThroat.300, MiniBacklash.100, MiniBacklash.101, MiniBacklash.101
TCP 60411 Connection.100, Connection.130
TCP 60412 Connection.130
TCP 60552 RoxRat.100
TCP 63536 InsaneNetwork.500
TCP 63878 AphexFTP.100
TCP 63879 AphexFTP.100
TCP 64969 Lithium.100
TCP 65000 Socket.100
UDP 1 SocketsDeTroie.250
UDP 666 Bla.200, Bla.400, Bla.503, Noknok.820
UDP 1130 Noknok.800, Noknok.820
UDP 2140 DeepThroat.100, DeepThroat.200, DeepThroat.310
UDP 2989 Rat.200
UDP 3128 MastersParadise.970
UDP 3129 MastersParadise.920, MastersParadise.970
UDP 3150 DeepThroat.100, DeepThroat.200, DeepThroat.310, MiniBacklash.110
UDP 3333 Daodan.123
UDP 3800 Eclypse.100
UDP 3996 RemoteAnything.364
UDP 4000 RemoteAnything.364
UDP 5555 Daodan.123
UDP 5881 Y3KRat.110, Y3KRat.140
UDP 5882 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150
UDP 5883 Y3KRat.110, Y3KRat.140
UDP 5884 Y3KRat.140, Y3KRat.150
UDP 5885 Y3KRat.110, Y3KRat.120, Y3KRat.140
UDP 5886 Y3KRat.120, Y3KRat.140
UDP 5887 Y3KRat.110, Y3KRat.120, Y3KRat.140
UDP 5888 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.150
UDP 6953 Lithium.100
UDP 8012 Ptakks.217
UDP 10067 PortalOfDoom.100
UDP 10167 PortalOfDoom.100
UDP 10666 Ambush.100
UDP 11225 Cyn.100, Cyn.103, Cyn.120
UDP 11306 Noknok.800, Noknok.820
UDP 12389 KheSanh.210
UDP 12623 Buttman.090, Buttman.100
UDP 12625 Buttman.100
UDP 14100 Eurosol.100
UDP 23476 DonaldDick.155
UDP 26274 Delta.050
UDP 27184 Alvgus.100
UDP 28431 Hack'a'Tack.2000
UDP 28432 Hack'a'Tack.2000
UDP 28433 Hack'a'Tack.2000
UDP 28434 Hack'a'Tack.2000
UDP 28435 Hack'a'Tack.2000
UDP 28436 Hack'a'Tack.2000
UDP 29891 Unexplained.100
UDP 30103 NetSphere.131
UDP 31320 LittleWitch.400, LittleWitch.420
UDP 31337 BackOrifice.120, OPC.200
UDP 31416 Lithium.100, Lithium.101
UDP 31789 Hack'a'Tack.100, Hack'a'Tack.112
UDP 31791 Hack'a'Tack.100, Hack'a'Tack.112
UDP 33333 Blackharaz.100
UDP 47262 Delta.050
UDP 49683 HolzPferd.210
UDP 60000 MiniBacklash.100

Monday, August 11, 2008

All About Trojan

What is a trojan?
A trojan horse could be either:
a) Unauthorized instructions contained within a legitimate program. These instrcutions perform functions unknown to (and probably unwanted by) the user.
b) A legitimate program that has been altered by the placement of anauthorized instructions within it. These instructions perform functions unknown to (and probably unwanted by) the user.
c) Any program that appears to perform a desirable and necessary function but that (because of unauthorized instructions within it) performs functions unknown to (and probably unwanted by) the user.

Under a restricted environment (a restricted Unix shell or a restricted Windows computer), malicious trojans can't do much, since they are restricted in their actions. But on a home PC, trojans can be lethal and quite destructive.

Why the name 'trojan horse'?
In the 12th century B.C., Greece declared war on the city of Troy. The dispute erupted when the prince of Troy abducted the queen of Sparta and declared that he wanted to make her his wife, which made the Greeks and especially the queen of Sparta quite furious.

The Greeks gave chase and engaged Troy in a 10-year war, but unfortunately for them, all of their efforts went down the drain. Troy was simply too well fortified.

In a last effort, the Greek army pretended to be retreating, leaving behind a hude wooden horse. The people of Troy saw the horse, and, thinking it was some kind of a present from the Greeks, pulled the horse into their city, without knowing that the finest soldiers of Greece were sitting inside it, since the horse was hollow.

Under the cover of night, the soldiers snuck out and opened the gates of the city, and later, together with the rest of the army, killed the entire army of Troy.

This is why such a program is called a trojan horse - it pretends to do something while it does something completely different, or does what it is supposed to be and hides it's malicious actions from the user's prying eyes.

During the rest of this text, we will explain about the most common types of trojan horses.

Remote Administration Trojans
These trojans are the most popular trojans now. Everyone wants to have them trojan because they let you have access to your victim's hard drive, and also perform many functions on his computer (open and close his CD-ROM drive, put message boxes on his computer etc'), which will scare off most computer users and are also a hell lot of fun to run on your friends or enemies.

Modern RAT'S (remote administration trojans) are very simple to use. They come packaged with two files - the server file and the client file (if you don't know which is which, look for a help file, a FAQ, a readme or instructions on the trojan's homepage). Just fool someone into runnig the server file and get his IP and you have FULL control over his/her computer (some trojans are limited by their functions, but more functions also mean larger server files. Some trojans are merely ment for the attacker to use them to upload another trojan to his target's computer and run it, hence they take very little disk space). You can also bind trojans into other programs which appear to be legitimate.

RAT'S have the common remote access trojan functions like:
keylogging (logging the target's keystrokes (keyboard functions) and sometimes even interfering with them, thus being able to use your keyboard to type instead of the target and say weird things in chatrooms or scare the hell out of people), upload and download function, make a screenshot of the target's monitor and so on.

Some people use the trojans for malicious purposes. They either use them to irritate, scare or harm their enemies, scare the hell out of their friends or enemies and seem like a "super hacker" to them, getting information about people and spying on them or just get into people's computers and delete stuff. This is considered very lame.

There are many programs out there that detects the most common trojans (such as Nemesis at blacksun.box.sk, which also detects people trying to access your computer), but new trojans are released every day and it's pretty hard to keep track of things.

Trojans would usually want to automatically start whenever you boot-up your computer. If you use Windows, you can get b00tm0n from blacksun.box.sk (note: at the time this tutrial was released, b00tm0n was not ready yet, but it should be ready some time before year 2,000, so if you're reading this after Y2K, b00tm0n should probably be available at blacksun.box.sk). Under Unix, we suggest getting some sort of an IDS (Intrusion Detection System) programs to monitor your system.

Most Windows trojans hide from the Alt+Ctrl+Del menu (we havn't seen any Unix program that had the ability to hide itself from the processes list yet, but you can never know - one day someone might discover a way to do so. Hell, someone might have already did). This is bad because there are people who use the task list to see which process are running. There are programs that will tell me you exactly what processes are running on your computer (such as Wintop, which is the Windows version of the popular Unix program called top). Some trojans, however, use fake names and it's a little harder for certain people to realize that they are infected.

Also, some trojans might simply open an FTP server on your computer (usually NOT on port 21, the default FTP port, in order to be less noticable). The FTP server is, of course, unpassworded, or has a password which the attacker has determined, and allows the attacker to download, upload and execute files quickly and easily. For more info about FTP servers and FTP security, read our FTP security tutorial at blacksun.box.sk.

How RATs work
Remote administration trojans open a port on your computer and bind themselves to it (make the server file listen to incoming connections and data going through these ports). Then, once someone runs his client program and enters the victim's IP, the trojan starts receiving commands from the attacker and runs them on the victim's computer.

Some trojans let you change this port into any other port and also put a password so only the person that infect this specific computer will be able to use the trojan. However, some of these password protections can be cracked due to bugs in the trojan (people who program RATs usually don't have much knowledge in the field of programming), and in some cases the creator of the trojan would also put a backdoor (which can be sometimes detected, under certain conditions) within the server file itself so he'll be able to access any computer running his trojan without the need to enter a password. This is called "a backdoor within a backdoor".

The most popular RATs are Netbus (because of it's simplicity), BO (has many functions and hides itself pretty good) and Sub7 (lots of functions and easy to use). These are all Windows RATs.

If you havn't done so already, it is advised to get some RAT and play around with it, just to see how the whole thing works. Using RATs for legitimate purposes
Some people use RATs to remotely administer computers they are allowed to have access to. This is all good and fine, but anyway, you should always be careful while working with RATs. Make sure you have legal access and the right to remotely administer a computer before using a RAT on it.

Password Trojans
Yes, password trojans. Password trojans scour your computer for password and then send them to the attacker or the author of the trojan. Whether it's your Internet password, your Hotmail password, your ICQ password or your IRC passwords, there is a trojan for every passsword. These trojans usually send the information back to the attacker via Email.

Priviledges-Elevating Trojans
These trojans would usually be used to fool system administrators. They can either be binded into a common system utility or pretend to be something unharmful and even quite useful and appealing. Once the administrator runs it, the trojan will give the attacker more priviledges on the system. These trojans can also be sent to less-priviledges users and give the attacker access to their account.

Keyloggers
These trojans are very simple. They log all of your keystrokes (including passwords), and then either save them on a file or Email them to the attacker once in a while.

Keyloggers usually don't take much disk space and can masquerade as important utilities, thus making them very hard to detect. Some keyloggers can also highlight passwords found in text boxes with titles such as 'enter password' or just the word password somewhere within the title text.

Destructive Trojans
These little fellows do nothing but damaging your computer. These trojans can destroy your entire hard drive, encrypt or just scramble important files and basically make you feel very unpleasent. I wouldn't want to bump into one in a dark alley.

Some might seem like joke programs, while they are actually tearing every file they encounter to pieces.

Joke Programs
Joke programs are nice, cute and unharmful. They can either pretend to be formatting your hard drive, sending all of your passwords to some evil cracker, self-destructing your computer, turning in all information about illegal and pirated software you might have on your computer to the FBI etc'. They are certainly no reason to worry about (except if you work in tech support, since unexperienced computer users tend to get scared off pretty easily by joke programs.

Protecting Yourself Against Trojans
Under Unix
If you are working on your PC, DO NOT work as root! If you run a trojan as root, you can endanger your entire system! The whole point in multi-users on a single-user system is limiting yourself in such cases (or in case you want to prevent yourself from doing anything stupid). Switch to root only when you NEED root, and when you know what you're running. Also, remember that even if you're working on a restricted environment, you still put the passwords and files you still have access to to risk. Also, if someone has a keylogger on your system, and you type in some passwords (especially the root password), they will be logged!

Also, DO NOT download any files from untrusted sources (small websites, underground websites, Usenet newsgroups, IRC etc'), even if it comes in the form of source code.

Under Windows
Windows is a whole lot different in this aspect. Limiting yourself under Windows is quite an annoyance. It is almost impossible to work like that, in comparison to Unix.

Also, make sure you don't run any untrusted software. There are much more evil Windows trojans for Windows than Unix, since people are more motivated to write trojans for Unix (because of all the security Unix imposes). Also, when running on a restricted Windows environment, you cannot just act like you're so protected and all. Remember that people can still steal passwords owned by the restricted user, and also, some trojans can break into administrator priviledges and then compromise your entire system, since Windows imposes such lame security.

Oh, and one last tip - you should try to download and use at least some of the types of trojans listed above, so you could get to know them better and be able to remove them in case you get infected.

Tuesday, August 5, 2008

What is Social Engineering?

what is social engineering?
Basically, social engineering is the art and science of getting somebody to comply with your wishes. It is not a form of mind control, it will not allow you to get people to perform tasks wildly outside their normal behaviour and it is far from foolproof.

It also involves a lot more than simply quick thinking and a few selective accents. Social engineering can involve a lot of groundwork. Like normal hacking, Social engineering needs prior preparation, and the majority of the work goes into this, rather than the actual attempt it self.

Social engineering concentrates on the weakest link of the computer security chain, humans. It is often said that the only secure computer is an unplugged one, even this comment is untrue. It is possible that you could talk somebody into plugging it in and switching it on.


It is also important to note that the human link in the security chain, is the most important one. There is not one computer system in the world that don't exist with out human interaction, and unlike a normal exploit, this vulnerability is universal, independent of platform, software, network or hardware.

Anybody with access to the system physically or electronically is a possible threat. This means that even people not normally included in a security policy could be involved.

It is impossible to obscure the fact that humans use the system or that they can influence it, because as I stated before, there isn't a computer system in the world that does not use human interaction as a part of it.

Almost every human has the skills to attempt social engineering, the only difference is the amount of skill used when making use of these tools.

Some of the tools are going to be explained below here, and we make note that these are not foolproof skills, and that common sense is the most important tool that you will ever have.

The first "skill" and most obvious is simply a direct request, where the individual is asked to complete your task directly. Although least likely to succeed, this is the easiest and most straightforward method. The individual knows exactly what you want them to do.

The second is to create a fake situation, which the individual is simply a part of. With more factors than the individual concerned it is more likely that you will succeed, because you create reasons for compliance other than simply personal ones. This involves far more work for the person making the attempt at persuasion, and most certainly involves gaining extensive knowledge of the 'target'. This also does not mean that the whole social engineering operation needs to be all lies, the best operation will be one where the facts are more truthful than lies.

One of the essential tools used for social engineering is a good memory for gathered facts. This is something that hackers and sys-admins excel in, especially in there own field of expertise.

Another thing that you can use against somebody is the notation of conformity. It is possible to make somebody to "conform" with the group, even if they know that the decision is wrong, eg. Have you ever been in an assembly/class and the teacher asks a question, eg. Who here has smoked before? When the majority of the class puts their hand up the odd others that haven't tentivally put their hands up so that they do not get looked down upon by their peers.

That is just an example of the extent that people will go to just so that they don't loose face with the friends/ work companions.

Using situations where the person is more likely to go with the flow is a effective way to social engineer them.

However most social engineering attempts are done by lone individuals and so the social pressure and other influencing factors to be constructed by creating a believable situation that the target feels emersed in are less effective.

If the situation, real or imaginary has certain characteristics then the individual is more likely to comply with your requests. Following this paragraph they are listed.

Diffusion of responsibility away from the target individual. This is when the individual believes that they are not solely responsible for their actions.

A chance for imagination. Compliance is more likely to occur if the individual believes that by complying that they are ingratiating themselves with someone who may give them future benefits. Getting on the good side of the boss is surely going to have some benefits hey?

Moral duty. This is where the target complies because they believe that it is there moral duty to. Part of this is guilt. People prefer to avoid guilty feelings and so if there is a chance that they will feel guilty they will if possible avoid this outcome.

On a personal level there are methods used to make a person more likely to cooperate with you. The aim of persuasion is not to force people to complete your tasks, but enhance their voluntary compliance with your requests.

Basically the target is simply being guided down the garden path,:P. The target believes that they have control of the situation, and that they are exercising their power to help you out.

The fact that the benefits that the person will gain from helping you out have been invented is irrelevant. The target believes they are making a reasoned decision to exchange these benefits for a small loss of their time and energy.

CO-OPERATION
There are several factors, which if present will increase the chances of a target co-operating with a social engineer.

The less conflict the better. Co-operation will be readily gained when the softly-softly approach is used. Pulling rank, annoyance or orders rarely work for effective persuasion.

Psychological research has also shown that people are more likely to comply with your wishes if you have dealt with the same person before. Before trying the 'big hit' try requesting smaller and more reasonable requests. This way they will be more compliant to your needs.

When attempting a social engineering hack, the more sensory detail you can provide to the target is better. A person would be more compliant to your needs if they can See and smell you as well as speak to you, it is often difficult to get some one to comply with just a simple phone call. However these days the possibilities are great because of the fact that so many businesses are on the net. Another point I am going to make is that it is often impossible to persuade somebody using ASCII chat or e-mail. Ever tried Social Engineering some one on IRC?

The main thing I can tell you is don't try Social engineering people with higher authority than the made up person you are using, for instance, don't try to Social engineer the sys admin as we all know he's more competent than you are, Especially on his own network.

Remember before attempting to social engineer somebody, you have to do some info searching on that particular person. I have known people to read over people's shoulder when a person was typing on the phone just to gain knowledge on the targets lifestyle and friends. Another aspect of what people will go to just to find out information on people is to watch as they type in their Credit card and ATM pin numbers. Some even go to the extent as to watch from windows across the road with binoculars to see these numbers being punched.

Ever sat in computer class and called to your teacher to type in some sort of password, which you conveniently watch over his fingers on the keyboard as he punches in this innocent request. This is the sort of ways social engineering can be taken into life, I have often used skills described in this tutorial just to nock down prices on goods at a local market.

When looking for information on a Target, you want to consider going Dumpster diving, or trashing as it is sometimes called. On these outings remember to take a sturdy pair of shoes, gloves and a torch (preferably with red filter), Bolt cutters may come in handy too! Oh and remember to cover yourself up! In these outings you can often find employee names, phone numbers, account details, amongst the mounds of IT treasures.

One technique to use on a target is to pretend you're an employee of another company doing surveys for a hardware company, if you choose to follow this line of attack, have the questions lined up, and make sure you take time as if you were writing down their reply's.

Any information gained from these phone calls can be used, Information on the companies firewalls, routers or servers could be used for further attack on the companies Website.

So now you have some of the skills that it takes to become a good social engineer, but remember like I said at the start of this tutorial, the most important tool of common sense out weighs any of the skills in this text.

Even major companies can be social engineered, an example of this is an AOL employee who was having a Tech support session, during which the hacker mentioned he had a car for sale, at a very good price, and the techie was interested. Of course the hacker sent the techie a pic of car, binded to the jpg was a trojan, which enabled the hacker to get into the internal network.

So remember anything is possible with the right incentive, you just have to please the person's senses.

Tips And Tricks

Some Tips And Tricks For Your Windows XP

STOP NOISE IN COPYING AUDIO CD
When using 3rd party burning software (eg, Nero Burning Rom) to copy audio CD,some noise may be heard at the end of each track. To prevent this,try the following method:
1. Enter System Properties\device manager
2. Select IDE ATA/ATAPI controllers
3. Double click on thee CD writer IDE channel
4. Select advance setting
5. Change the transfer mode to 'PIO Only'
6. Restart Computer

DISABLING THE 'UNSIGNED DRIVER' DIALOGS
This option wll disable the screen wich keeps popping up when you try to install 'digitally unsigned drivers'. Normally you can choose to continue the install anyways, but I have had situations where you cannot continue the install.. very annoying.. This is how to fix it:
Click Start - Run
then type: gpedit.msc
then hit enter.
Browse the folder tree to the following location:
User Configuration - Administrative Templates - System
now right-click Code signing for Device drivers and select Properties.
On the Settings tab, either select
- enable, and then select ignore from the appearing listbox..
- or click the disable option. Click apply and Ok and your set!
Alternatively especially for XP Home users:
Open "System" properties (Windows key + pause or Right click 'My Computer' - properties or Control Panel - System).On the Hardware tab click the "Driver Signing" button. In the dialogue that comes up choose "Ignore" to install the new driver anyway.

DMA MODE ON IDE DEVICES VIEWS
Just like Windows 2000, Windows XP still fails to set the DMA mode correctly for the IDE device designated as the slaves on the primary IDE and secondary IDE channels. Most CD-ROMS are capable of supporting DMA mode, but the default in XP is still PIO. Setting it to DMA won't make your CD-ROM faster, but it will consume less CPU cycles. Here's how:
1. Open the Device Manager. One way to do that is to right click on "My Computer", select the Hardware tab, and Select Device Manager.
2. Expand "IDE ATA/ATAPI Controllers" and double-click on "Primary IDE Channel"
3. Under the "Advanced Settings" tab, check the "Device 1" setting. More than likely, your current transfer mode is set to PIO.
4. Set it to "DMA if available".
Repeat the step for the "Secondary IDE Channel" if you have devices attached to it. Reboot.

RESTORING MEDIA PLAYER
To restore Windows Media Player insert the the XP CD into the CD drive (if it autostarts click exit). Open a command window and type the following :
rundll32.exe setupapi,InstallHinfSection InstallWMP7 132 c:\windows\inf\wmp.inf

RESTORING ACCESS TO CD ROM'S
If you removed CD Burning software, or for some other mystical reason, can not longer access your CD ROM's, in most cases following registry keys needs to be deleted: Locate and delete the UpperFilters and LowerFilters values under the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}

DELETING THE INDEX.DAT
Del "C:\Documents and Settings\aeon\Local Settings\Temporary Internet Files\Content.IE5\index.dat"

CONTROL PANEL ON THE DESKTOP.
On The Desktop, Right Click Your Mouse Then Choose "New | Folder". Name The Folder As "ControlPanel. {21EC2020-3AEA-1069-A2DD-08002B30309D}" Without The "Quote Things. And Now You Can Access The Control Panel More Faster Then Before.

CHANGING INTERNET EXPLORER ICON NAME.
Open Registry Editor Then Go To : "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID". You Can See A Few Key Below It.

Now Go To This Key {871C5380-42A0-1069-A2EA-08002B30309D}, Double Click At The Default Value On The Right, Enter Whatever Name You Like.

REMOVING USERNAME IN THE STARTMENU
Open Registry Editor Then Go To : "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer".
On The Right, Make A New Entry With Right Click On Your Mouse Then Choose "New | DWORD Value" Change The Entry's Name Into "NoUserNameInStartMenu", Double Click In The New Entry And Fill The "Value Data" With "1". Press OK, Exit From The Registry Editor. Restart Your Computer.

INTERNET EXPLORER LIGHTING-FAST STARTUP.
Isn't it annoying when you want to go to a new website, or any other site but your homepage, and you have to wait for your 'home' to load? This tweak tells Internet Explorer to simply 'run', without loading any webpages. (If you use a 'blank' page, that is still a page, and slows access. Notice the 'about:blank' in the address bar. The blank html page must still be loaded..). To load IE with 'nothing' [nothing is different than blank]:
1. Right-click on any shortcut you have to IE
[You should create a shortcut out of your desktop IE icon, and delete the original icon]
2. Click Properties
3. Add ' -nohome' [with a space before the dash] after the endquotes in the Target field.
4. Click OK
Fire up IE from your modified shortcut, and be amazed by how fast you are able to use IE!

INTERNET EXPLORER SPEED UP.
Edit your link to start Internet Explorer to have -nohome after it. For Example: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
This will load internet explorer very fast because it does not load a webpage while it is loading. If you want to go to your homepage after it is loaded, just click on the home button.

SPEED UP BROWSING WITH DNS CATCH.
when you connect to a web site your computer sends information back and forth, this is obvious. Some of this information deals with resolving the site name to an IP address, the stuff that tcp/ip really deals with, not words. This is DNS information and is used so that you will not need to ask for the site location each and every time you visit the site. Although WinXP and win2000 has a pretty efficient DNS cache, you can increase its overall performance by increasing its size. You can do this with the registry entries below:
************begin copy and paste***********
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]
"CacheHashTableBucketSize"=dword:00000001
"CacheHashTableSize"=dword:00000180
"MaxCacheEntryTtlLimit"=dword:0000fa00
"MaxSOACacheEntryTtlLimit"=dword:0000012d
************end copy and paste***********
make a new text file and rename it to dnscache.reg. Then copy and paste the above into it and save it. Then merge it into the registry.

START IEXPLORER WITH EMPTY BLUE SCREEN.
Set your default page to about:mozilla and IE will show a nice blue screen upon startup.

SPEED UP DETAILED VIEW IN WINDOWS EXPLORER.
If you like to view your files in Windows Explorer using the "Details" view here is a tweak to speed up the listing of file attributes: Viewing files in Windows Explorer using the "Details" mode shows various attributes associated with each file shown. Some of these must be retrieved from the individual files when you click on the directory for viewing. For a directory with numerous and relatively large files (such as a folder in which one stores media, eg: *.mp3's, *.avi's etc.)

Windows Explorer lags as it reads through each one. Here's how to disable viewing of unwanted attributes and speed up file browsing:
1. Open Windows Explorer
2. Navigate to the folder which you wish to optimize.
3. In "Details" mode right click the bar at the top which displays the names of the attribute columns.
4. Uncheck any that are unwanted/unneeded.
Explorer will apply your preferences immediately, and longs lists of unnecessary attributes will not be displayed. Likewise, one may choose to display any information which is regarded as needed, getting more out of Explorer.

WEB PAGES SLOWS DOWN, FIX.
The tweak is simple. Beside the QoS and others around the Internet for the new XP OS, I found out that native drivers sometimes slow you down (cable and xDSL users). So if you have applied all tweaks and you are still having slow downs try reinstalling your NICs drivers. The difference is noticeable. My web pages now load almost instantly where they used to take even a minute!

FIX IE 6 SLOWDOWNS AND HANGS.
1. Open a command prompt window on the desktop (Start/Run/command).
2. Exit IE and Windows Explorer (iexplore.exe and explorer.exe, respectively, in Task Manager, i.e - Ctrl-Alt-Del/Task Manager/Processes/End Process for each).
3. Use the following command exactly from your command prompt window to delete the corrupt file:
C:\>del "%systemdrive%\Documents and Settings\%username%\Local
Settings\Temporary Internet Files\Content.IE5\index.dat"
4. Restart Windows Explorer with Task Manager (Ctrl-Alt-Del/Task Manager/Applications/New Task/Browse/C:\Windows\explorer.exe[or your path]) or Shutdown/Restart the computer from Task Manager.

SPEED UP WEB BROWSING.
Iv'e personally found a dramatic increase in web browsing after clearing the Windows XP DNS cache. To clear it type the following in a command prompt: ipconfig /flushdns.

ALLOW MORE THAN 2 SIMULTANEOUS DOWNLOADS ON IEXPLORER 6.
This is to increase the the number of max downloads to 10.
1. Start Registry Editor (Regedt32.exe).
2. Locate the following key in the registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
3. On the Edit menu, click Add Value , and then add the following registry values:
"MaxConnectionsPer1_0Server"=Dword:0000000a
"MaxConnectionsPerServer"=Dword:0000000a
4. Quit Registry Editor.

IPV6 INSTALLATION FOR WINDOWS XP.
This protocol is distined to replace the Internet Protocal Version 4 used by Internet Explorer it uses hexadecimal ip addresses instead of decimal example (decimal ip 62.98.231.67) (hexadecimal IP 2001:6b8:0:400::70c)
To install To install the IPv6 Protocol for Windows XP:
Log on to the computer running Windows XP with a user account that has local administrator privileges. Open a command prompt. From the Windows XP desktop, click Start, point to Programs, point to Accessories, and then click Command Prompt. At the command prompt, type: ipv6 install
For more information on IPv6, visit the site below:
CODE
http://www.microsoft.com/windowsxp/pro/techinfo/administration/ipv6/default.asp


ANOTHER WAY TO FIX IEXPLORER 6 SLOW PAGES LOADED.
Here's an easier way to get to index.dat file as addresse in another tweak submitted here.
1. click on Internet Explorer
2. go to to your root dir (usually C:)
3. open Documents and Settings folder
4. open "your username folder"
5. open UserData
6. **close IE if you have it open**
rename index.dat to index.old
logoff and log back on (don't need to restart) open up IE and go to a web page or site that always seemed to load slowly. It should load a lot more quickly now. NOTE. Always rename or backup .dat or other system files before deleting.

EASY WAY TO ADD THE ADMINISTRATOR USER TO THE WELCOME SCREEN.
Start the Registry Editor Go to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ SpecialAccounts \ UserList \
Right-click an empty space in the right pane and select New > DWORD Value Name the new value Administrator. Double-click this new value, and enter 1 as it's Value data. Close the registry editor and restart.

DRIVE ICONS.
To set the icon of any drive (hard disk, cd rom or anything else) with a letter (C:\ etc.), run REGEDIT (Start -> Run -> regedit)
Navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
If one doesn't already exist, create a new KEY called "DriveIcons". Under this key, create a new key with the letter of your drive. I.e. C for your C:\ drive.
To change the icon for that drive, create a key inside that one called DefaultIcon and set the path of (Default) to the location of your icon
eg C\DefaultIcon\ then (Default) = D:\Documents\C Drive Icon.ico
To change the name of that drive, create a key in the drive letter one (eg C\) called DefaultLabel and set the (Default) to what you want the drive to be called. This is useful if you want to assign a long name to the floppy drive.

CHANGING OEM REGISTRATIONS.
Have you used someone's new Hewlet Packard with their OEM version of Windows XP? You've seen that HP has their own icon in the Start Menu, underneath Run, that goes to their Help Site. Now, you can have your icon that does anything you want (website, program, etc) and says anything you want. Basically, you are "branding" Windows XP (Home or Pro), great for if you are a computer builder and sell them, or you just want to make Windows XP your own. It involves Regedit.
1. Start up Notepad and creat a new registry file (*.reg) and copy and paste the following into it:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0}]
@="YOUR COMPANY NAME"
[HKEY_CLASSES_ROOT\CLSID\{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIcon]
@="YOUR ICON HERE"
00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,68,00,70,00,6c,00,69,00,\
6e,00,6b,00,2e,00,69,00,63,00,6f,00,00,00
[HKEY_CLASSES_ROOT\CLSID\{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
64,00,6f,00,63,00,76,00,77,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0}\Instance]
"CLSID"="{3f454f0e-42ae-4d7c-8ea3-328250d6e272}"
[HKEY_CLASSES_ROOT\CLSID\{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0}\Instance\InitPropertyBag]
"CLSID"="{13709620-C279-11CE-A49E-444553540000}"
"method"="ShellExecute"
"Command"="YOUR TITLE HERE"
"Param1"="YOUR FUNCTION HERE"
[HKEY_CLASSES_ROOT\CLSID\{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0}\shellex]
[HKEY_CLASSES_ROOT\CLSID\{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0}\shellex\ContextMenuHandlers]
[HKEY_CLASSES_ROOT\CLSID\{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0}\shellex\ContextMenuHandlers\{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0}\shellex\MayChangeDefaultMenu]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2559a1f6-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder]
"Attributes"=dword:00000000
2. Edit where it says YOUR ICON HERE to a path to an icon (ex. c:\\icon.ico), it must be 24x24 pixels and in *.ico format. Use double back slash for path names.
3. Edit both places where it says YOUR TITLE HERE to what you want it to say in the Start Menu (ex. Elranzer Homepage).
4. Edit where it says YOUR FUNCTION here to what you want it to do when you click it, it can be anything... your website, a local HTML document, a program, a Windows funtion, whatever your imagination can provide (ex. http://www.shareordie.com).
5. Save this file as brand.reg, double-click it to enterin your information, and refresh Explorer (log off/on) to see it in the Start Menu!! This works in both Home and Professional (and probably 64-Bit Professional) Editions!

ORIGINAL WALLPAPERS.
This is more of a fun tweak than it is useful. Go to run, type regedit press ok. when that comes up go to HKEY_CURRENT_USER>Control Panel>Desktop
Now find the orginalwallpaper, right click and select modify.In the text box type the path to the file you want to be your orginal desktop wallpaper.

DELETING My eBooks AND SPECIALS FOLDER IN MY DOCUMENTS.
Click Start, then Run and type: regsvr32 /u mydocs.dll
then delete them.

DISABLE WINDOWS PICTURE AND FAX VIEWER.
By default, Windows XP opens all picture files (gif,jpg,...) with the included Windows Picture and Fax Viewer no matter what other picture viewers you have installed. To disable the Windows Picture and Fax Viewer, unregister shimgvw.dll. This can be done from command prompt: regsvr32 /u shimgvw.dll

REMOVE PAST ITEMS ICONS IN TASKBAR.
Some times When you check your TasKbar properties or when you hide or unhide icons you can see old icons from Uninstalled or old programs you dont have anymore. This Tweak will help you how to get rid of this problem Thanks to leobull of Xperience.or How To clear the Past Items or Icons list in the TaskBar, perform the following steps:
1.Open Regedit Navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify
2.Delete the IconStreams and PastIconsStream values
3.Open Task Manager, click the Processes tab, click Explorer.exe , and then click End Process .
4.In Task Manager, click File , click New Task , type explorer , and then click OK .

LOCKING COMPUTERS.
To lock a computer in XP, as you probably know, you press "L" while holding down "Windows Logo" key on your keyboard. However, if you would like to lock a computer remotely, for example via "Remote Administrator", you don't have this ability. What you can do instead, is to create a shortcut on remote computer's desktop where Target %windir%\System32\rundll32.exe user32.dll,LockWorkStation Start In %windir%

ADMINISTRATOR IN WELCOME SCREEN.
When you install Windows XP an Administrator Account is created (you are asked to supply an administrator password), but the "Welcome Screen" does not give you the option to log on as Administrator unless you boot up in Safe Mode.
First you must ensure that the Administrator Account is enabled:
1 open Control Panel
2 open Administrative Tools
3 open Local Security Policy
4 expand Local Policies
5 click on Security Options
6 ensure that Accounts: Administrator account status is enabled Then follow the instructions from the "Win2000 Logon Screen Tweak" ie.
1 open Control Panel
2 open User Accounts
3 click Change the way users log on or log off
4 untick Use the Welcome Screen
5 click Apply Options
You will now be able to log on to Windows XP as Administrator in Normal Mode.

BUGFIXES.
This is a strange bug in Windows XP Pro but it can and does happen to everyone. When you open the My Computer screen and your Documents folder is missing but all the other users folders are there try this tweak.
STEP 1:
START > RUN > REGEDIT > HKEY_LOCAL_MACHINE / Software / Microsoft / Windows / Current Version / Explorer / DocFolderPaths
Once you click the DocFolderPaths folder you should see all the user's folders.
STEP 2:
Add a new string value
Value Name: your user name
Value Data: the path to your docs folder ( ex. C:\Documents and Settings\your docs folder )
Exit Registry editor and open my computer, your docs folder should now be visable.

MOUSE POINTERS.
It seems that even without pointer precision disabled, the mouse under XP is still influenced by an acceleration curve. This is especially noticeable in games. To

completely remove mouse acceleration from XP, you will need to go into the registry and adjust the SmoothmouseXYCurve values. Here is how its done.
1. Click Start button
2. Select Run
3. Type 'regedit' in the open textbox
4. Open the tree 'HKEY_CURRENT_USER', select control panel, then select mouse
5. Right clicking, modify the SmoothMouseXCurve and SmoothMouseYCurve hexidecimal values to the following:
SmoothMouseXCurve:
00,00,00,00,00,00,00,00
00,a0,00,00,00,00,00,00
00,40,01,00,00,00,00,00
00,80,02,00,00,00,00,00
00,00,05,00,00,00,00,00
SmoothMouseYCurve:
00,00,00,00,00,00,00,00
66,a6,02,00,00,00,00,00
cd,4c,05,00,00,00,00,00
a0,99,0a,00,00,00,00,00
38,33,15,00,00,00,00,00
If done correctly, you will notice you are holding a markedly more responsive mouse.

HIDDEN WINDOWS XP ICONS.
Windows XP Pro and Home contains icons for folders and files that cannot normally be seen, you can select to view hidden files from the folder options menu, but there are still some that remain hidden.
You can set windows to view these files as normal hidden files, so that when you use the view hidden files and folders toggle from the folder options menu that these will be turned on/off along with the normal hidden files.
These files are usually system files and should not be altered/deleted unless you really know what you are doing, if you don't yet still wish to change them I might suggest that you create back-ups of your system first.
I will personally accept no responsibility for any damage caused by using this tweak. To view the hidden files you need to open up regedit, if you are not sure how to do this, select run from the start menu and type in 'regedit' without the apostrophe's. In the regedit window, expand out the groups by clicking on the '+' next to the name in the left hand column of regedit, and navigate to the below address.
HKEY_CURRENT_USER \SOFTWARE \MICROSOFT \WINDOWS \CURRENTVERSION \EXPLORER \ADVANCED
when you have clicked the advanced folder on the left pane, look down the list at the titles in the right hand pane, one of those titles is 'ShowSuperHidden'
double click the title and in the window that appears set the value to equal 1 to show the super hidden files and 0 to hide them.

XP HOME ADVANCED FILE PERMISSIONS.
This is actually an addition to my previous post entitled "Get XP Pro file security with XP Home". In the aforementioned post I outlined how to access
*Advance file Permissions* on NTFS file systems for XP Home simply by booting into *Safe Mode*, rt-clicking any file or folder, and navigating to the *Security tab*. This gives the user the ability to allow or deny read, write, execute, read & write, display contents, full-control, iheritance, and take ownership permissions, with many more options available to apply to different users and groups stored on the computer. Well, you don't have to do this in *Safe Mode* (XP Home). Although it is a little less intuitive, you can simply go to your command prompt - Start>All Programs>Accessories>Command Prompt. Now type "cacls" in the window (without the quotes). This gives you the ability to add, remove or modify file permissions on files and folders through the command prompt. Type "cacls /?" for help on different options and variables. You do not need to be in safe mode to use this so it makes it a little quicker than using the safe mode security tab GUI. Remember - this only applies to NTFS. Here also is a very useful link to find a lot of extras and tweaks straight from the horse's mouth - the Microsoft Resource Center. You will find a lot of very useful web-based extra's here, most of them left unknowing to the general public - such as, "Online Crash Analysis" - a site that looks like Windows Update but you can upload your crash "dump logs" (when you get those system or application crash error reports). Microsoft will then analyze the log file and tell you some more info about WHY the system crashed (ie. faulty hardware/software/conflicts, etc).

FLASHGET :BYPASSING 8 MAX SIMULTANEOUS JOBS.
Users of Flash get will notice that the maximum number of file splits is 8. This number can be increased by the tweak below:
1. Run regedit.
2. Navigate to [HKEY_CURRENT_USER\Software\JetCar\JetCar\General\]
3. Right Click -> Add String Value.
4. Name as MaxSimJobs -> Set the value as what ever number you want.
After a restart you should be able to download with more file splits.

OUTLOOK EXPRESS WINDOWS TITLE TWEAKS.
Change the window title of Outlook Express to anything you want!
In regedt32 and navigate to HKEY_CURRENT_USER\Identities\{EE383506-901D-43C6-8E40-9A61901DF7CC}\Software\Microsoft\Outlook Express\5.0. Add a new string key called WindowTitle and make its value the desired window title. Then close the registry editor, and restart Outlook Express (if it's running.) Your new title now shows up in the title bar!

WINDOWS MEDIA PLAYER 9.
When installing WMP 9 it leaves a watersign on your desktop. You can easily remove this with: regedit:
HKey_Local_Machine\SOFTWARE\microsoft\system certificates\CA\certificates\FEE449EE0E3965A5246F00E87FDE2A065FD89D4
HKey_Local_Machine\software\microsoft\system certificates\ROOT\certificates\2BD63D28D7BCD0E251195AEB519243C13142EBC3
Remove both lines and restart computer.

CHANGING THE WINDOWS MEDIA PLAYER TITLEBAR.
This is a per-user tweak. Open RegEdit.
Browse to the following key:
HKEY_USERS\S-1-5-21-xxxxxxxxx-xxxxxxxxx-xxxxxxxxxx-xxxx\Software\Policies\Microsoft\WindowsMediaPlayer
(the x's will vary from computer to computer , it's the key without the "_Classes" at the end) Create the following String, "TitleBar" , the value of this will now become the TitleBar of Windows Media Player.

AUTO DELETE TEMPORARY FOLDER.
First go into gpedit.msc
Next select -> Computer Configuration/Administrative Templates/Windows Components/Terminal Services/Temporary Folder
Then right click "Do Not Delete Temp Folder Upon Exit"
Go to properties and hit disable. Now next time Windows puts a temp file in that folder it will automatically delete it when its done! Note from Forum Admin: Remember, GPEDIT (Group Policy Editor) is only available in XP Pro.

CLEANUP STARTUP ITEMS IN MSCONFIG.
Do you ever uninstall programs and they are still listed under startup items in msconfig? Personally, I found myself with 30 such items from old installs. Microsoft leaves you no way to clean up this list, but have no fear, I have figured it out for you.
1. Open MSconfig and click on the startup items tab
2. Open Regedit and naviate to HKLM/Software/Microsoft/Sharedtools/MSconfig/startupreg
3. Compare the list of registry keys under startup reg with their counterparts in msconfig.
4. Delete the keys which are no longer valid.
5. Voila! You've cleaned up msconfig.

REMOVING SERVICES DEPENDENCIES.
This will allow you to disable a service or uninstall it from your system without effecting another service that depends on it. Here's how you do it
1. After you have set your services the way you want them and you have disabled/uninstalled something that another services depends on, run "regedit"
2. Under HKEY_LOCAL_MACHINE\System\find the service that will not function, do to another service being disabled/uninstall (found in ControlSet001\Services, ControlSet002\Services, and CurrentControlSet\Services)
3. Once you have found the service right-click on the string value, "DependOnService,"and modify
4. You should now see a list of services that it is dependent on. Simply delete the service that you have disabled/uninstalled
5. Restart your computer and your ready to go Disclaimer REMEMBER TO BACKUP YOU REGISTRY FIRST I'm not totaly sure if this will have any negative effects on your system. I used this method after uninstalling "Netbios over Tcpip" from my system completely, so that my Dhcp service would function and I have had NO negative effects on my system.

ANOTHER WAY TO DELETE HIDDEN DEVICES.
You can view and delete or modify hidden devices by:
1. Openning Device Manager. (I usually right-click on My Computer, select Properties, select the Hardware tab, then select Device Manager.)
2. Select View and check "Show hidden devices"
3. Hidden devices will appear below with the others and can be modified.

HOW TO GET "My Briefcase" IN WINDOWS XP.
go to C:\WINDOWS\system32\dllcache. look for a file named "syncapp".
double click it. an icon should appear on your desktop that says "My Briefcase". double click it. it will come up with this window that tells you how to use it.

TURN NUMLOCK ON AT LOGON.
NumLock does not toggle on by default (system-wide), even if you have it set in your PC's BIOS, because of XP's multi-user functionality. Guess Microsoft doesn't know everyone actually turns it on, which should be reason enough for what acts as "default"...
Anyway, you can hack the Windows Registry to change this behavior, or run a script at logon to turn NumLock on.
1. To enable NumLock through the Registry:
* Open Windows' Registry Editor (START > RUN, type "REGEDIT").
*. Navigate to HKEY_USERS\.Default\Control Panel\Keyboard.
*. Change the value for InitialKeyboardIndicators from 0 to 2.
2. To enable NumLock using a script, see this MS Knowledgebase article for complete instructions:
CODE
http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q262625

Option 1 is the quicker method, but if you have more than one user on your system and one or more don't want NumLock on (stranger things have been known of), then option 2 is the way to go since it allows you to only attach the script to specific users.

FREE DISK SPACE BY DELETING RESTORE POINTS.
Start button-all programs-accessories-system tools-cleanup-more options. You will have the option of deleting your restore points.When your done creat one
restore point as a back up.

HOW TO REAL GET RID OF UNNECESSARY SOFTWARE
to uninstall things like msn messenger and other hidden installs thru add remove programs, do this: find sysoc.inf (you might have to enable "show hidden files" and "show hidden/protected system folders" in explorer) and open it in notepad replace all ",hide" with "," (both with out quotes) which is easiest to do with the replace all command under edit then in add/remove programs under add/remove windows compnents and whole new list of things to uninstall and add are now listed (such as internet explorer)

HAVING PROGRAMS RUN WHEN WINDOWS LOADS SLOWS DOWN YOUR STARTUP.
There are two ways do disable programs that may be in your startup (like icq, messanger,) The easiest is to do the following:
1. start --> run --> msconfig
2. Click on the "startup" tab (furthest right)\
3. Unclick any items you don't want to load when windows starts.
The second is by deleting registry entrys, this can be done the following way:
1. Start --> run --> regedit
2. Navigate to : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
3. Delete any entry's that you don't want to load up

TURN OFF INDEXING TO SPEED UP XP.
Windows XP keeps a record of all files on the hard disk so when you do a search on the hard drive it is faster. There is a downside to this and because the computer has to index all files, it will slow down normal file commands like open, close, etc. If you do not do a whole lot of searches on your hard drive then I suggest turnning this feature off:
1. Control Panel
2. Administrative Tools
3. Services
4. Disable Indexing Services

HALF LIFE AND WINDOWS XP.
1. How to recover from incompatible drivers
Before you install new drivers set a system restore point. Start>All programs>Accessories>system tools>system restore
After your new drivers don't work reset your computer. Press F8 repeatedly as soon as the BIOS screen disappears, and before the Windows XP screen appears. Select safe mode. Use system restore again to undo your mess.
2. Video Drivers
The NVidia drivers that come with XP do not allow you to run Half Life in OpenGL. Update to the newest drivers.
Despite the fact that they are not official drivers, 22.50 was the only set which worked
3. Sound Drivers
Use windows update to update Creative drivers.
4. Fixing screen flicker
Windows XP defaults to 60Hz for games. A fix is available here:
CODE
http://www.fileplanet.com/dl/dl.asp?/planetquake/ztn/nvreffix-setup.exe

Select "set: ev ery resolution to monitor's maximum supported rate"
5. Fixing lag
If you are having trouble with lag, try disabling the windows XP firewall. Go to control panel>network connections. Select connection, right click, properties, advanced, untick the firewall.
6. Mouse
You can improve your mouse smoothness for games.
Control panel>mouse>hardware>properties>advanced
Change the sample rate to a higher one, eg. 200

REGISTRY METHOD FOR REMOVING STARTUP ITEMS.
I prefer to use MSCONFIG selective startup to troubleshoot. To remove entries for good, open the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUN and HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RUN
Delete entries of unwanted startup daemons and tray procedures.

DISPLAY MESSAGE ON STARTUP.
Start regedit, if you are unfamiliar with regedit please see our FAQ.
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Modify the key legalnoticecaption with what you want to name the window.
Modify the key legalnoticetext with what you want the window to say. Restart.

REMOVE THE DEFAULT IMAGE VIEWER IN WINDOWS ME/XP.
This tweak works in Windows Me/XP, I have not try it in Windows NT/2000 yet, because i don't have that OS, you can try it if you have.
*This tweak does not work in Windows 95/98
To remove the Windows default Image Viewer, first:
Click Start Menu
Select Run menu
Type "cmd", (for Windows Me, type "command")
Then type "regsvr32 /u shimgvw.dll" to unregister this dll. This will stop it from previewing any picture that it support, e.g. JPEG, Bitmap, GIF....
* Before perform this tweak, make sure that you have the alternative Image Viewer installed in you windows e.g. ACDsee, FireGraphics... because once you do this tweak without that application, you can't open and view your image anymore! So, to undo it, type "regsvr32 shimgvw.dll" in command prompt.

SPEED UP BOOT BY DISABLING UNUSED PORTS.
You may have tried many tweaks like modifying windowsXP start-up applications, prefetches, unload DLLs method,etc. And yes those methods do work for me.
I have just accidentally found out another way to give you an extra boost in windowsXP's boot performance. This is done by disabling your unused devices in
Device Manager. for example, if you don't have input devices that are connected to one of your USBs or COM ports, disabling them will give you an extra perfromance boost in booting. Go to Control Panel -> System -> Hardware tab -> device manager Disable devices that you don't use for your PC and then restart.

CLEAR UNWANTED ENTRIES FROM ADD/REMOVE PROGRAMS.
Run the Registry Editor (REGEDIT).
Open HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Uninstall Remove any unwanted keys under "Uninstall."

CLICKING * .AVI FILES ON EXPLORER CAUSING 100% CPU USAGE.
Well windows seem to have a REALLY big problem when it comes to reading AVI files. It seems that when you click on an AVI file in explorer, it'll try to read the entire AVI file to determine the width,height, etc. of the AVI file (this is displayed in the Properties window). Now the problem with Windows is that if you have a broken/not fully downloaded AVI file that doesnt contain this info, Windows will scan the entire AVI file trying to figure out all these properties which in the process will probably cause 100% CPU usage and heavy memory usage. To solve this problem all you have to do is the following:
1. Open up regedit
2. Goto HKEY_CLASSES_ROOT\SystemFileAssociations\.avi\shellex\PropertyHandler
3. Delete the "Default" value which should be "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"
Voila! Please not that this will no longer provide you with the windows properties displaying the AVI file information such as width, height, bitrate etc. But its a small price to pay for saving you resources.
NOTE: Please use caution when using regedit. Improper usage may cause windows to behave imcorrectly. Also, I cannot be held resposible. Backup your registry first.

CD ROM STOPS AUTOPLAYING/AUTORUN.
And the AutoPlay Tab has disappeared in My Computer, Devices With Removable Storage, Right Click on CDROM, Properties.
Solution: The service: "Shell Hardware Detection" has been set to Manual or Disabled. Go to Control Panel, Administrative Tools, Services. Return this service to "Automatic".

SHUTDOWN XP FASTER 1.
Like previous versions of windows, it takes long time to restart or shutdown windows xp when the "Exit Windows" sound is enabled. to solve this problem you
must disable this useless sound. click start button then go to settings -> control panel -> Sound,Speech and Audio devices -> Sounds and Audio Devices -> Sounds, then under program events and windows menu click on "Exit Windows" sub-menu and highlight it.now from sounds you can select,choose "none" and then click apply and ok. now you can see some improvements when shutting down your system.

SHUTDOWN XP FASTER 2.
Start Regedit.
Navigate to HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control.
Click on the "Control" Folder.
Select "WaitToKillServiceTimeout"
Right click on it and select Modify.
Set it a value lower than 2000 (Mine is set to 200).

EASIEST WAY TO DELETE PREFETCH.
1. Open notepad.exe, type del c:\windows\prefetch\*.* /q (without the quotes) & save as "delprefetch.bat" in c:\
2. From the Start menu, select "Run..." & type "gpedit.msc".
3. Double click "Windows Settings" under "Computer Configuration" and double click again on "Startup" in the right window.
4. In the new window, click "add", "Browse", locate your "delprefetch.bat" file & click "Open".
5. Click "OK", "Apply" & "OK" once again to exit.
6. Reboot your computer.

SPEED UP MENU DISPLAY.
When using the start menu the you will notice a delay between different tiers of the menu hierarchy. For the fastest computer experience possible I recommend changing this value to zero. This will allow the different tiers to appear instantly. Start Regedit. If you are unfamiliar with regedit please refer to our FAQ on how to get started.
Navigate to HKEY_CURRENT_USER\Control Panel\Desktop
Select MenuShowDelay from the list on the right.
Right on it and select Modify.
Change the value to 0.
Reboot your computer.

16 COLOUR ICONS.
If you select 16bit mode for graphics your icons will revert to using 8bit (16 color) icons. Yuck! Change the following registry setting to:
[HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics] "Shell Icon BPP"="16" "Shell Icon Size"="32" Setting the BPP to 16bit will yield 65565 colors for icons.

DE-CRYPT ENCRYPTED FILES ON WINDOWS XP.
1. Login as Administrator
2. Go to Start/Run and type in cmd and click OK.
At the prompt type cipher /r:Eagent and press enter
This prompt will then display:
Please type in the password to protect your .PFX file:
Type in your Administrator password
Re-confirm your Administrator password
The prompt will then display
Your .CER file was created successfully.
Your .PFX file was created successfully.
The Eagent.cer and Eagent.pfx files will be saved in the current directory that is shown at the command prompt. Example: The command prompt displays
C:\Documents and Settings\admin> the two files are saved in the admin folder. (For security concerns, you should house the two files in your Administrator folder or on a floppy disk).
3. Go to Start/Run and type in certmgr.msc and click OK. This will launch the Certificates Manager. Navigate to Personal and right click on the folder and select All Tasks/Import. The Certificate Import Wizard will appear. Click Next. Browse to the C:\Documents and Settings\admin folder. In the Open dialog box, change the Files of Type (at the bottom) to personal Information Exchange (*.pfx,*.P12). Select the file Eagent.pfx and click Open. Click Next. Type in your Administrator password (leave the two checkboxes blank) and click Next. Make sure the Radio button is active for the first option (Automatically select the certificate store based on the type of certifcate). Click Next. Click Finish. (You'll receive a message that the import was successful). To confirm the import, close Certificates Manager and re-open it. Expand the Personal folder and you will see a new subfolder labeled Certificates. Expand that folder and you will see the new entry in the right side column. Close Certificate Manager.
4. Go to Start/Run and type in secpol.msc and click OK. This will launch the Local Security Policy. Expand the Public Key Policies folder and then right click on the Encrypted File System subfolder and select Add Data Recovery Agent... The Wizard will then display. Click Next. Click the Browse Folders... button. Browse to the C:\Documents and Settings\admin folder. Select the Eagent.cer file and click Open. (The wizard will display the status User_Unknown. That's ok). Click Next. Click Finish. You will see a new entry in the right side column. Close the Local Security Policy.
You, the Administrator are now configured as the default Recovery Agent for All Encrypted files on the Local Machine.
To Recover Encrypted files: Scenario #1
If you have completed the above steps BEFORE an existing user encrypted his/her files, you can log in to your Administrator account and navigate to the encrypted file(s). Double click on the file(s) to view the contents.
Scenario #2
If you have completed the above steps AFTER an existing user has already encrypted his/her files, you must login to the applicable User's User Account and then immediately logout. Next, login to your Administrator account and navigate to the encrypted file(s). Double click on the file(s) to view the contents.
*Warning Do not Delete or Rename a User's account from which will want to Recover the Encrypted Files. You will not be able to de-crypt the files using the steps outlined above.

DUMP FILES TWEAK & DISABLE DR.WATSON.
"Dump file. A dump file stores data from memory during a system crash and can be helpful when diagnosing problems, but like a swap file, it can also expose a lot of sensitive, unencrypted data. To prevent Windows from creating the file, go to Control Panel | System. Click on the Advanced tab and then the Settings button on the Startup and Recovery pane. Set the drop-down menu under Write debugging information to (none). "Similarly, the debugging program Dr. Watson saves information when applications crash. To disable it, go to:
HKEY_local_machine\software\Microsoft\WindowsNT\CurrentVersion\ AeDebug and set the Auto string to 0. Then use Windows Explorer to go to Documents and Settings\All Users\Shared Documents\DrWatson. Delete User.dmp and Drwtsn32.log, the insecure logs the program creates." Heed related advice from 'microsoft' regarding 'Disable Dr.Watson' first before the preceding Dr. Watson advice (go Google search.) Back up with System Restore, and go ahead. As cautious as I am, I have gladly applied these tweaks, and followed related microsot advice on Dr. Watson.

Precaution: Backups All Of Your Data Before Tweaking, Not All Of The Tips I've Mentioned Above Were Tested. I Don't Responsible For Any Damages. Happy Experiments

Monday, August 4, 2008

Choosing A Good Domain Name, ya..good name is important!

Another good tip for successful web experience..injoy it!



Choosing A Good Domain Name


Choosing a domain name for your site is one of the most important steps towards creating the perfect internet presence. If you run an on-line business, picking a name that will be marketable and achieve success in search engine placement is paramount. Many factors must be considered when choosing a good domain name. This article summarizes all the different things to consider before making that final registration step!


Short and Sweet

Domain names can be really long or really short (1 - 67 characters). In general, it is far better to choose a domain name that is short in length. The shorter your domain name, the easier it will be for people remember. Remembering a domain name is very important from a marketability perspective. As visitors reach your site and enjoy using it, they will likely tell people about it. And those people may tell others, etc. As with any business, word of mouth is the most powerful marketing tool to drive traffic to your site (and it's free too!). If your site is long and difficult to pronounce, people will not remember the name of the site and unless they bookmark the link, they may never return.


Consider Alternatives

Unless a visitor reaches your site through a bookmark or a link from another site, they have typed in your domain name. Most people on the internet are terrible typists and misspell words constantly. If your domain name is easy to misspell, you should think about alternate domain names to purchase. For example, if your site will be called "MikesTools.com", you should also consider buying "MikeTools.com" and "MikeTool.com". You should also secure the different top level domain names besides the one you will use for marketing purposes ("MikesTools.net", "MikesTools.org", etc.) You should also check to see if there are existing sites based on the misspelled version of the domain name you are considering. "MikesTools.com" may be available, but "MikesTool.com" may be home to a graphic pornography site. You would hate for a visitor to walk away thinking you were hosting something they did not expect.

Also consider domain names that may not include the name of your company, but rather what your company provides. For example, if the name of your company is Mike's Tools, you may want to consider domain names that target what you sell. For example: "buyhammers.com" or "hammer-and-nail.com". Even though these example alternative domain names do not include the name of your company, it provides an avenue for visitors from your target markets. Remember that you can own multiple domain names, all of which can point to a single domain. For example, you could register "buyhammers.com", "hammer-and-nail.com", and "mikestools.com" and have "buyhammers.com" and "hammer-and-nail.com" point to "mikestools.com".


Hyphens: Your Friend and Enemy

Domain name availability has become more and more scant over the years. Many single word domain names have been scooped up which it makes it more and more difficult to find a domain name that you like and is available. When selecting a domain name, you have the option of including hyphens as part of the name. Hyphens help because it allows you to clearly separate multiple words in a domain name, making it less likely that a person will accidentally misspell the name. For example, people are more likely to misspell "domainnamecenter.com" than they are "domain-name-center.com". Having words crunched together makes it hard on the eyes, increasing the likelihood of a misspelling. On the other hand, hyphens make your domain name longer. The longer the domain name, the easier it is for people to forget it altogether. Also, if someone recommends a site to someone else, they may forget to mention that each word in the domain name is separated by a hyphen. If do you choose to leverage hyphens, limit the number of words between the hyphens to three. Another advantage to using hyphens is that search engines are able to pick up each unique word in the domain name as key words, thus helping to make your site more visible in search engine results.


Dot What?

There are many top level domain names available today including .com, .net, .org, and .biz. In most cases, the more unusual the top level domain, the more available domain names are available. However, the .com top level domain is far and away the most commonly used domain on the internet, driven by the fact that it was the first domain extension put to use commercially and has received incredible media attention. If you cannot lay your hands on a .com domain name, look for a .net domain name, which is the second most commercially popular domain name extension.


Long Arm of the Law

Be very careful not to register domain names that include trademarked names. Although internet domain name law disputes are tricky and have few cases in existence, the risk of a legal battle is not a risk worth taking. Even if you believe your domain name is untouchable by a business that has trademarked a name, do not take the chance: the cost of litigation is extremely high and unless you have deep pockets you will not likely have the resources to defend yourself in a court of law. Even stay away from domain names in which part of the name is trademarked: the risks are the same.


Search Engines and Directories

All search engines and directories are different. Each has a unique process for being part of the results or directory listing and each has a different way of sorting and listing domain names. Search engines and directories are the most important on-line marketing channel, so consider how your domain name choice affects site placement before you register the domain. Most directories simply list links to home pages in alphabetical order. If possible, choose a domain name with a letter of the alphabet near the beginning ("a" or "b"). For example, "aardvark-pest-control.com" will come way above "joes-pest-control.com". However, check the directories before you choose a domain name. You may find that the directories you would like be in are already cluttered with domain names beginning with the letter "a". Search engines scan websites and sort results based on key words. Key words are words that a person visiting a search engine actually search on. Having key words as part of your domain name can help you get better results.

Caught A Virus

Caught A Virus?

If you've let your guard down--or even if you haven't--it can be hard to tell if your PC is infected. Here's what to do if you suspect the worst.


Heard this one before? You must run antivirus software and keep it up to date or else your PC will get infected, you'll lose all your data, and you'll incur the wrath of every e-mail buddy you unknowingly infect because of your carelessness.

You know they're right. Yet for one reason or another, you're not running antivirus software, or you are but it's not up to date. Maybe you turned off your virus scanner because it conflicted with another program. Maybe you got tired of upgrading after you bought Norton Antivirus 2001, 2002, and 2003. Or maybe your annual subscription of virus definitions recently expired, and you've put off renewing.

It happens. It's nothing to be ashamed of. But chances are, either you're infected right now, as we speak, or you will be very soon.

For a few days in late January, the Netsky.p worm was infecting about 2,500 PCs a day. Meanwhile the MySQL bot infected approximately 100 systems a minute (albeit not necessarily desktop PCs). As David Perry, global director of education for security software provider Trend Micro, puts it, "an unprotected [Windows] computer will become owned by a bot within 14 minutes."

Today's viruses, worms, and so-called bots--which turn your PC into a zombie that does the hacker's bidding (such as mass-mailing spam)--aren't going to announce their presence. Real viruses aren't like the ones in Hollywood movies that melt down whole networks in seconds and destroy alien spacecraft. They operate in the background, quietly altering data, stealing private operations, or using your PC for their own illegal ends. This makes them hard to spot if you're not well protected.

Is Your PC "Owned?"

I should start by saying that not every system oddity is due to a virus, worm, or bot. Is your system slowing down? Is your hard drive filling up rapidly? Are programs crashing without warning? These symptoms are more likely caused by Windows, or badly written legitimate programs, rather than malware. After all, people who write malware want to hide their program's presence. People who write commercial software put icons all over your desktop. Who's going to work harder to go unnoticed?

Other indicators that may, in fact, indicate that there's nothing that you need to worry about, include:

* An automated e-mail telling you that you're sending out infected mail. E-mail viruses and worms typically come from faked addresses.
* A frantic note from a friend saying they've been infected, and therefore so have you. This is likely a hoax. It's especially suspicious if the note tells you the virus can't be detected but you can get rid of it by deleting one simple file. Don't be fooled--and don't delete that file.

I'm not saying that you should ignore such warnings. Copy the subject line or a snippet from the body of the e-mail and plug it into your favorite search engine to see if other people have received the same note. A security site may have already pegged it as a hoax.

Sniffing Out an Infection

There are signs that indicate that your PC is actually infected. A lot of network activity coming from your system (when you're not actually using Internet) can be a good indicator that something is amiss. A good software firewall, such as ZoneAlarm, will ask your permission before letting anything leave your PC, and will give you enough information to help you judge if the outgoing data is legitimate. By the way, the firewall that comes with Windows, even the improved version in XP Service Pack 2, lacks this capability.

To put a network status light in your system tray, follow these steps: In Windows XP, choose Start, Control Panel, Network Connections, right-click the network connection you want to monitor, choose Properties, check "Show icon in notification area when connected," and click OK.

If you're interested in being a PC detective, you can sniff around further for malware. By hitting Ctrl-Alt-Delete in Windows, you'll bring up the Task Manager, which will show you the various processes your system is running. Most, if not all, are legit, but if you see a file name that looks suspicious, type it into a search engine and find out what it is.

Want another place to look? In Windows XP, click Start, Run, type "services.msc" in the box, and press Enter. You'll see detailed descriptions of the services Windows is running. Something look weird? Check with your search engine.

Finally, you can do more detective work by selecting Start, Run, and typing "msconfig" in the box. With this tool you not only see the services running, but also the programs that your system is launching at startup. Again, check for anything weird.

If any of these tools won't run--or if your security software won't run--that in itself is a good sign your computer is infected. Some viruses intentionally disable such programs as a way to protect themselves.

What to Do Next

Once you're fairly sure your system is infected, don't panic. There are steps you can take to assess the damage, depending on your current level of protection.

* If you don't have any antivirus software on your system (shame on you), or if the software has stopped working, stay online and go for a free scan at one of several Web sites. There's McAfee FreeScan, Symantec Security Check, and Trend Micro's HouseCall. If one doesn't find anything, try two. In fact, running a free online virus scan is a good way to double-check the work of your own local antivirus program. When you're done, buy or download a real antivirus program.
* If you have antivirus software, but it isn't active, get offline, unplug wires-- whatever it takes to stop your computer from communicating via the Internet. Then, promptly perform a scan with the installed software.
* If nothing seems to be working, do more research on the Web. There are several online virus libraries where you can find out about known viruses. These sites often provide instructions for removing viruses--if manual removal is possible--or a free removal tool if it isn't. Check out GriSOFT's Virus Encyclopedia, Eset's Virus Descriptions, McAffee's Virus Glossary, Symantec's Virus Encyclopedia, or Trend Micro's Virus Encyclopedia.

A Microgram of Prevention

Assuming your system is now clean, you need to make sure it stays that way. Preventing a breach of your computer's security is far more effective than cleaning up the mess afterwards. Start with a good security program, such Trend Micro's PC-Cillin, which you can buy for $50.

Don't want to shell out any money? You can cobble together security through free downloads, such as AVG Anti-Virus Free Edition, ZoneAlarm (a personal firewall), and Ad-Aware SE (an antispyware tool).

Just make sure you keep all security software up to date. The bad guys constantly try out new ways to fool security programs. Any security tool without regular, easy (if not automatic) updates isn't worth your money or your time.

Speaking of updating, the same goes for Windows. Use Windows Update (it's right there on your Start Menu) to make sure you're getting all of the high priority updates. If you run Windows XP, make sure to get the Service Pack 2 update. To find out if you already have it, right-click My Computer, and select Properties. Under the General tab, under System, it should say "Service Pack 2."

Here are a few more pointers for a virus-free life:

* Be careful with e-mail. Set your e-mail software security settings to high. Don't open messages with generic-sounding subjects that don't apply specifically to you from people you don't know. Don't open an attachment unless you're expecting it.
* If you have broadband Internet access, such as DSL or cable, get a router, even if you only have one PC. A router adds an extra layer of protection because your PC is not connecting directly with the Internet.
* Check your Internet ports. These doorways between your computer and the Internet can be open, in which case your PC is very vulnerable; closed, but still somewhat vulnerable; or stealthed (or hidden), which is safest. Visit Gibson Research's Web site and run the free ShieldsUP test to see your ports' status. If some ports show up as closed--or worse yet, open--check your router's documentation to find out how to hide them.

Sunday, August 3, 2008

10 Security Enhancements

10 Fast and Free Security Enhancements
PC magazine.

Before you spend a dime on security, there are many precautions you can take that will protect you against the most common threats.

1. Check Windows Update and Office Update regularly.

2. Install a personal firewall.


3. Install a free spyware blocker.

4. Block pop-up spam messages in Windows NT, 2000, or XP by disabling the Windows Messenger service (this is unrelated to the instant messaging program). Open Control Panel | Administrative Tools | Services and you'll see Messenger. Right-click and go to Properties. Set Start-up Type to Disabled and press the Stop button. Bye-bye, spam pop-ups! Any good firewall will also stop them.

5. Use strong passwords and change them periodically. Passwords should have at least seven characters; use letters and numbers and have at least one symbol. A decent example would be m!@uts@#$. This will make it much harder for anyone to gain access to your accounts.

6. If you're using Outlook or Outlook Express, use the current version or one with the Outlook Security Update installed. The update and current versions patch numerous vulnerabilities.

7. Buy antivirus software and keep it up to date. If you're not willing to pay,

8. If you have a wireless network, turn on the security features: Use MAC filtering, turn off SSID broadcast, and even use WEP with the biggest key you can get. For more, check out our wireless section or see the expanded coverage in Your Unwired World in our next issue.

9. Join a respectable e-mail security list, such as the one found at our own Security Supersite at _http://security.ziffdavis.com, so that you learn about emerging threats quickly and can take proper precautions.

10. Be skeptical of things on the Internet. Don't assume that e-mail "From:" a particular person is actually from that person until you have further reason to believe it's that person. Don't assume that an attachment is what it says it is. Don't give out your password to anyone, even if that person claims to be from "support."

23 Ways To Speed WinXP, Not only Defrag

Since defragging the disk won't do much to improve Windows XP performance, here are 23 suggestions that will. Each can enhance the performance and reliability of your customers' PCs. Best of all, most of them will cost you nothing.
1.) To decrease a system's boot time and increase system performance, use the money you save by not buying defragmentation software -- the built-in Windows defragmenter works just fine -- and instead equip the computer with an Ultra-133 or Serial ATA hard drive with 8-MB cache buffer.

2.) If a PC has less than 512 MB of RAM, add more memory. This is a relatively inexpensive and easy upgrade that can dramatically improve system performance.

3.) Ensure that Windows XP is utilizing the NTFS file system. If you're not sure, here's how to check: First, double-click the My Computer icon, right-click on the C: Drive, then select Properties. Next, examine the File System type; if it says FAT32, then back-up any important data. Next, click Start, click Run, type CMD, and then click OK. At the prompt, type CONVERT C: /FS:NTFS and press the Enter key. This process may take a while; it's important that the computer be uninterrupted and virus-free. The file system used by the bootable drive will be either FAT32 or NTFS. I highly recommend NTFS for its superior security, reliability, and efficiency with larger disk drives.

4.) Disable file indexing. The indexing service extracts information from documents and other files on the hard drive and creates a "searchable keyword index." As you can imagine, this process can be quite taxing on any system.

The idea is that the user can search for a word, phrase, or property inside a document, should they have hundreds or thousands of documents and not know the file name of the document they want. Windows XP's built-in search functionality can still perform these kinds of searches without the Indexing service. It just takes longer. The OS has to open each file at the time of the request to help find what the user is looking for.

Most people never need this feature of search. Those who do are typically in a large corporate environment where thousands of documents are located on at least one server. But if you're a typical system builder, most of your clients are small and medium businesses. And if your clients have no need for this search feature, I recommend disabling it.

Here's how: First, double-click the My Computer icon. Next, right-click on the C: Drive, then select Properties. Uncheck "Allow Indexing Service to index this disk for fast file searching." Next, apply changes to "C: subfolders and files," and click OK. If a warning or error message appears (such as "Access is denied"), click the Ignore All button.

5.) Update the PC's video and motherboard chipset drivers. Also, update and configure the BIOS. For more information on how to configure your BIOS properly, see this article on my site.

6.) Empty the Windows Prefetch folder every three months or so. Windows XP can "prefetch" portions of data and applications that are used frequently. This makes processes appear to load faster when called upon by the user. That's fine. But over time, the prefetch folder may become overloaded with references to files and applications no longer in use. When that happens, Windows XP is wasting time, and slowing system performance, by pre-loading them. Nothing critical is in this folder, and the entire contents are safe to delete.

7.) Once a month, run a disk cleanup. Here's how: Double-click the My Computer icon. Then right-click on the C: drive and select Properties. Click the Disk Cleanup button -- it's just to the right of the Capacity pie graph -- and delete all temporary files.

8.) In your Device Manager, double-click on the IDE ATA/ATAPI Controllers device, and ensure that DMA is enabled for each drive you have connected to the Primary and Secondary controller. Do this by double-clicking on Primary IDE Channel. Then click the Advanced Settings tab. Ensure the Transfer Mode is set to "DMA if available" for both Device 0 and Device 1. Then repeat this process with the Secondary IDE Channel.

9.) Upgrade the cabling. As hard-drive technology improves, the cabling requirements to achieve these performance boosts have become more stringent. Be sure to use 80-wire Ultra-133 cables on all of your IDE devices with the connectors properly assigned to the matching Master/Slave/Motherboard sockets. A single device must be at the end of the cable; connecting a single drive to the middle connector on a ribbon cable will cause signaling problems. With Ultra DMA hard drives, these signaling problems will prevent the drive from performing at its maximum potential. Also, because these cables inherently support "cable select," the location of each drive on the cable is important. For these reasons, the cable is designed so drive positioning is explicitly clear.

10.) Remove all spyware from the computer. Use free programs such as AdAware by Lavasoft or SpyBot Search & Destroy. Once these programs are installed, be sure to check for and download any updates before starting your search. Anything either program finds can be safely removed. Any free software that requires spyware to run will no longer function once the spyware portion has been removed; if your customer really wants the program even though it contains spyware, simply reinstall it. For more information on removing Spyware visit this Web Pro News page.

11.) Remove any unnecessary programs and/or items from Windows Startup routine using the MSCONFIG utility. Here's how: First, click Start, click Run, type MSCONFIG, and click OK. Click the StartUp tab, then uncheck any items you don't want to start when Windows starts. Unsure what some items are? Visit the WinTasks Process Library. It contains known system processes, applications, as well as spyware references and explanations. Or quickly identify them by searching for the filenames using Google or another Web search engine.

12.) Remove any unnecessary or unused programs from the Add/Remove Programs section of the Control Panel.

13.) Turn off any and all unnecessary animations, and disable active desktop. In fact, for optimal performance, turn off all animations. Windows XP offers many different settings in this area. Here's how to do it: First click on the System icon in the Control Panel. Next, click on the Advanced tab. Select the Settings button located under Performance. Feel free to play around with the options offered here, as nothing you can change will alter the reliability of the computer -- only its responsiveness.

14.) If your customer is an advanced user who is comfortable editing their registry, try some of the performance registry tweaks offered at Tweak XP.

15.) Visit Microsoft's Windows update site regularly, and download all updates labeled Critical. Download any optional updates at your discretion.

16.) Update the customer's anti-virus software on a weekly, even daily, basis. Make sure they have only one anti-virus software package installed. Mixing anti-virus software is a sure way to spell disaster for performance and reliability.

17.) Make sure the customer has fewer than 500 type fonts installed on their computer. The more fonts they have, the slower the system will become. While Windows XP handles fonts much more efficiently than did the previous versions of Windows, too many fonts -- that is, anything over 500 -- will noticeably tax the system.

18.) Do not partition the hard drive. Windows XP's NTFS file system runs more efficiently on one large partition. The data is no safer on a separate partition, and a reformat is never necessary to reinstall an operating system. The same excuses people offer for using partitions apply to using a folder instead. For example, instead of putting all your data on the D: drive, put it in a folder called "D drive." You'll achieve the same organizational benefits that a separate partition offers, but without the degradation in system performance. Also, your free space won't be limited by the size of the partition; instead, it will be limited by the size of the entire hard drive. This means you won't need to resize any partitions, ever. That task can be time-consuming and also can result in lost data.

19.) Check the system's RAM to ensure it is operating properly. I recommend using a free program called MemTest86. The download will make a bootable CD or diskette (your choice), which will run 10 extensive tests on the PC's memory automatically after you boot to the disk you created. Allow all tests to run until at least three passes of the 10 tests are completed. If the program encounters any errors, turn off and unplug the computer, remove a stick of memory (assuming you have more than one), and run the test again. Remember, bad memory cannot be repaired, but only replaced.

20.) If the PC has a CD or DVD recorder, check the drive manufacturer's Web site for updated firmware. In some cases you'll be able to upgrade the recorder to a faster speed. Best of all, it's free.

21.) Disable unnecessary services. Windows XP loads a lot of services that your customer most likely does not need. To determine which services you can disable for your client, visit the Black Viper site for Windows XP configurations.

22.) If you're sick of a single Windows Explorer window crashing and then taking the rest of your OS down with it, then follow this tip: open My Computer, click on Tools, then Folder Options. Now click on the View tab. Scroll down to "Launch folder windows in a separate process," and enable this option. You'll have to reboot your machine for this option to take effect.

23.) At least once a year, open the computer's cases and blow out all the dust and debris. While you're in there, check that all the fans are turning properly. Also inspect the motherboard capacitors for bulging or leaks. For more information on this leaking-capacitor phenomena, you can read numerous articles on my site.


Following any of these suggestions should result in noticeable improvements to the performance and reliability of your customers' computers. If you still want to defrag a disk, remember that the main benefit will be to make your data more retrievable in the event of a crashed drive.