Custom Search

Monday, October 26, 2009

Showing hidden files using regedit

Sometimes if our computer is infected with virus the hidden files and folders will not be visible even if the virus has already been removed. Even if you already click the Show Hidden files in Folder Options, it doesn't show up.

We can show this hidden files and folders by editing our registry.

Showing hidden files and folders using regedit


1. Click Start then select RUN. Type regedit then press enter
2. Navigate through HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL.
3. At the right side of the window double click CheckedValue then change the value into 1.
4. Double click DefaultValue then change the value into 2.

After that your hidden files and folders will now be visible.


NOTE: If your computer is still infected with a virus this procedure is useless. So be sure that you have remove the virus before you do this, so that the registry values that you have edited will not be retun to virus default.

Read More...
Posted by hizuka007 at 8:58 PM 3 comments

Thursday, October 22, 2009

How to replace Ctrl+Alt+Del (taskmanager) with different application

We can launch any application when pressing Ctrl+Alt+Del instead of Taskmanager. Just these steps:

1. Go to START then click RUN. Type regedit then press enter.
2. Navigate through HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options.
3. Right click Image File Execution Options then select New then click Key. And name it Taskmgr.exe
4. Click the key that you've created (taskmgr.exe), then at the right side part of the window, right click then select New then click String Value. Then name it debugger.
5. Double Click it(debugger), then put in the location of the application (including the filename) that you want to launch every time the user press Ctrl+Alt+Del. Example: c:\windows\system32\calc.exe
6. Click Ok.

After that when you press Ctrl+Alt+Del your application will launch instead of Taskmanager.

If you want to restore it, just delete taskmgr.exe in the registry by navigating to: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options.Then double click the Image File Execution Options, the right click the Taskmgr.exe then select delete.

Thats all!

Read More...
Posted by hizuka007 at 7:33 AM 0 comments

Tuesday, October 20, 2009

Blocking/Redirecting websites without using any additional software in windows xp

We can block or redirect websites without installing additional softwares in our pc. You can do that by going to C:\windows\system32\drivers\etc, then open the HOSTS file in a notepad. Here's the sample content of the HOSTS file:


# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

So if you want to block yahoo.com, just put this code after the last line:
127.0.0.1 www.yahoo.com
So it would look like this:
127.0.0.1 localhost
127.0.0.1 www.yahoo.com
Remember to put 127.0.0.1 before the website name.

To redirect a website just change 127.0.0.1 into an IP Address of the website that you want to redirect. For example, if you want to automatically redirect the browser to 125.445.122.333 whenever a user go into yahoo.com, it should look like this:
127.0.0.1 localhost
125.445.122.333 www.yahoo.com
So everytime I go to www.yahoo.com the browser will automatically redirects me to the website that has an IP Address of 125.445.122.333 (Sample only).

Read More...
Posted by hizuka007 at 6:26 AM 0 comments

Friday, October 16, 2009

How to delete virus in a USB Stick using CMD

Before you start following the steps below be sure to disable your autorun first. Disabling Autorun in windows XP


To delete a virus file in a USB Stick using dos command (cmd) follow these steps:

1. Insert your usb

2. Click Start then select RUN. Type cmd then press enter

3. Using the cmd, open your USB by typing its drive letter. Example type x: then press enter. If you are unsure what drive letter is your usb stick, go to MYCOMPUTER and look for the drive letter of Removable Disk under the column TYPE. NOTE: Do not open your usb drive.

4. In the cmd window, type dir/a:h then press enter. Look at the list, if you think that one of the filename listed is not yours then delete it by typing del /f /a:- nameoffile.xxx.
Example: If I see a file named 'virus.inf' listed after I typed dir/a:h, then I would type del /f /a:- virus.inf to delete that file.

NOTE: if you see 'autorun.inf' file in your usb drive then delete it, because it is used to execute virus files whenever you insert or double click you usb stick. But remember that not all autorun.inf is use to execute virus file, especially if it is not hidden.

5. Repeat step 4, but this time using 'dir/a:s' instead of 'dir/a:h'.

6. Safely remove your usb then insert it again. After that you can now open your usb using MyComputer and search for a malicious file(s) then delete.



Read More...
Posted by hizuka007 at 7:40 PM 0 comments

Wednesday, October 14, 2009

Disabling autorun in windows xp

Disabling autorun in windows xp is very important nowadays, because virus creators exploits autorun so that their malicious file will be executed.


To prevent that malicious file execution we should disable autorun in our computer by following this steps:

1. Click Start menu, go RUN. Type gpedit.msc then press enter.
2. At the left part of the Group Policy window double click the Administrative Templates under Computer Configuration. Then click System. Look for Turn Off Autoplay at the right part of the window then double click it. Then select Enabled, then select All Drives. Click Ok.
3. Follow the second step, but under User Configuration this time.

After that all usb sticks and CD/DVD will not open automatically after insertion.

NOTE: Home Edition of XP do not have gpedit.msc, so you need follow the instructions on this site: Windows XP Home Edition: gpedit.msc (Group Policy)


Read More...
Posted by hizuka007 at 8:50 PM 0 comments

How to Enable Taskmanager, Command, and RegEdit using VBScripting

In this How To blog I'm going to show you how to enable Taskmanager, Command, and RegEdit using vbscript.


Before we begin enabling this tools be sure to kill/terminate all processes that you think is malicious. Go to this post to know how to do it: How to Kill a Process Using VBScript

Creating a .vbs file

Go to run and type 'notepad', without quotes. Then press enter. A notepad will open, go to file then click Save As.. then change the Save As Type into All Files. Then name it as 'enable_tools.vbs'.

Enabling Taskmanager, command (cmd), and Regedit

Paste this code inside enable_tools.vbs file that you have just created:
set a=wscript.createobject("wscript.shell")
a.regwrite "HKCU\software\microsoft\windows\currentversion\policies\system\disableregistrytools", 0, "REG_DWORD"
a.regwrite "HKCU\software\microsoft\windows\currentversion\policies\system\disabletaskmgr", 0, "REG_DWORD"
a.regwrite "HKCU\Software\policies\microsoft\windows\system\DisableCMD", 0, "REG_DWORD"
Then click save and run it by double clicking the actual file (enable_tools.vbs). After that your Taskmanager, Regedit, and cmd are now enabled!

Again, be sure to kill the malicious process first before running your script (enable_tools.vbs), because if you don't those tools that you have enabled (taskmanager, regedit, and cmd) will automatically be disabled again right after you run your script.

Thats All!





Read More...
Posted by hizuka007 at 2:51 AM 0 comments

How to kill a process using vbscript in windows xp

Today I'm gonna show you how to kill a process using a very short vbscript code.


There are some reasons why you want to use VBscript to kill a process instead of using task manager or dos commands. One of the reason is to counter the virus activity, and that is our goal in this how to blog.

There are some viruses nowadays that disables regedit, taskmanager, and dos command. If that happens you cannot terminate a malicious process using taskmanager or dos command, and you cannot edit your registry using regedit or dos command so that you can remove values that is made by virus.

The only way (for me) we can get through in this situation is to use VBScript (.vbs). VBScript stands for Visual Basic Scripting.

We can create .vbs file in this way:

Go to run and type 'notepad', without quotes, then press enter. A notepad will open, then go to file then click Save As.. then change the Save As Type into All Files. Then insert .vbs at the end of your file name. Example: (myfilename.vbs).

Listing all processes without using Taskmanager or DOS Commands

First create a vbs file by following the instructions above, then inside it paste this code:
set a=getobject("winmgmts://./root/cimv2")
set b = a.execquery("SELECT * FROM Win32_process")
for each c in b
str=str & vbcrlf & c.name
next
wscript.echo str
wscript.quit
Save it as 'view_process.vbs', then double click it to execute the code. You will see a new window will appear that has a list of all the processes running in your computer. Now write down the process name that you want to kill. (ex. notepad.exe)

Killing/Terminating a process without using Taskmanager or DOS Commands

Make a new .vbs file by following the instructions above, then paste this code:
set a=getobject("winmgmts://./root/cimv2")
set b = a.execquery("SELECT * FROM Win32_process WHERE name='notepad.exe'")
for each c in b
c.terminate()
next
wscript.echo "process killed"
wscript.quit
NOTE: the second and third line of codes is not separate, that is, it should be one line only "set b = a.execquery("SELECT * FROM Win32_process WHERE name='notepad.exe'")"

Save it as 'kill_process.vbs', then go to Start click RUN then type NOTEPAD then press enter. Then run the kill_process.vbs by double clicking the file. You will notice that the notepad you had opened will disappear! Thats how this code does.

So if you found for example 'scvhost.exe' in the list of processes that you have created then replace notepad.exe with scvhost.exe in the above code.

By the way, the process SCVHOST.EXE is not a legitimate windows process, the legit process name is SVCHOST.EXE. Note the first three letters of the two processes.

Thats all folks!




Read More...
Posted by hizuka007 at 1:43 AM 0 comments
Subscribe to: Posts (Atom)