-8)... How to Enable System Restore Option in Windows server 2003

Generally You will not find system restore option in Windows Server 2003 ( as you have experienced in windows XP Professional)

now say You want to Enable this feature in Your server.. its easy follow the steps as under


will need your Windows XP CD on hand to install this, as files from Windows XP are required to install System Restore into Windows Server 2003.
Please take care when using System Restore, as system instabilities are still unknown at this point, although it has been tried and tested! If your copy of Windows Server 2003 is to be used as a 100% workstation, then it should be OK to use System Restore!
The installation of System Restore is as easy as pie, follow the instructions below:
Download: Add System Restore
1. Extract the zip file into a folder, you will see two main files - AddSystemRestoreEntries.reg and sr.inf
2. Double click on AddSystemRestoreEntries.reg and click on Yes when prompted.
3. Insert your Windows XP CD
4. Right click on sr.inf and select Install.
5. Point to the /i386 directory on the CD if prompted.
6. Reboot!

huuu You have done IT....!!!!!!!!!

-7)....Easy way to increase your Cable/DSL speed (BSNL)

Easy way to increase your Cable/DSL speed
Here is a simple way to boost your Cable/DSL speed, just copy the ENTIRE BOLD text in the "code" box to Notepad, then save them as *.reg files - Then all you have to do to modify/restore is double-click the *.reg file!!


REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters]
"GlobalMaxTcpWindowSize"=dword:0000ffff
Originally Posted by DEFAULT Cable/DSL SPEED

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters]
"GlobalMaxTcpWindowSize"=dword:00007fff

you can check ur speed after and before applying dis code at here :http://www.bandwidthplace.com/speedtest/

-6)..... Lock a folder without any software!!!!!

HERE IS THE TRICK....



U can lock any folder without any softwares. Using the codes given below u can redirect the folder to control panel, internet explorer etc., by renaming the files by pasting the code for example if u have a folder in d: which is named as "HELL" then rename it to Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}. thats all ur folder will redirect to control panel.

1)Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}

2)Internet Explorer.{FBF23B42-E3F0-101B-8488-00AA003E56F8}

3)Recycle Bin.{645FF040-5081-101B-9F08-00AA002F954E}

4)My Computer.{20D04FE0-3AEA-1069-A2D8-08002B30309D}

5)My Documents.{ECF03A32-103D-11d2-854D-006008059367}

6)Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}

to unlock the folder
Go to Start>RUN>CMD
If the folder is in d: then go to that drive
then type dir/x then the folder is shown as for example with control panel it shows as contro~1.{21
rename this folder to any name using command "ren control~1.{21 myfolder" without quote ok
that it all over..... U can lock and unlock the folder

-5)..... How to disable format command in windows XP xp2

If you REALLY want to prevent the ability to Format from the right-click menu, the
first step is to disable Windows File Protection. To do that you need to hex edit
the C:\windows\system32\sfc_os.dll file (this assumes you are using WinXP SP-2, otherwise
go straight to step 3 since SP-1 does not require this hex edit).

1. Go here, download and install a free hex editor.

2. Then go here and follow the instructions on loading, editing, and saving
your modified sfc_os.dll file. You'll be able to copy it into system32\dllcache\
modified, but most likely you'll have to use the Recovery Console to copy
the modified sfc_os.dll file into \system32\.





3. Cut and paste the lighter blue text below into notepad, and save as indicated.
With the modified sfc_os.dll file in place, just double click the .reg files whenever
you want to either disable or enable WFP.

Save this file as No_WFP.reg (File Protection Disabled)

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:ffffff9d

Save this file as Yes_WFP.reg (File Protection Enabled)

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000

Once you've turned WFP off, reboot.

4. The next step is to modify the c:\windows\system32\shell32.dll file. To do that,
you'll need a resource hacker like this one. Download and copy the zipped files into a folder and
launch the executable. SAVE YOUR MOST RECENT SHELL32.DLL FILE TO ANOTHER LOCATION
- FLOPPY/FLASH DRIVE ANOTHER DRIVE, ETC.

5. In Resource Hacker, open C:\windows\system32\shell32.dll and find this section:
Dialog: 28672: 1033.

Delete the resource and save the shell32.dll file - if you are not able to save it
right back into C:\windows\system32, then save it to another location, for example
to C:\shell32.dll. Then go back into the Recovery Console and copy the modified shell32.dll
into C:\windows\system32 and to C:\windows\system32\dllcache. Reboot and now when
anyone clicks on Format from the right-click menu NOTHING will happen or be displayed
(no Format Box). You will still be able to format drives by using a cmd box and the
c:\windows\system32\format.com command, if you want to disable this too, rename this
file or move it to another location only you know about or off the hard drive altogether.



6. When you're done tinkering, turn WFP back on with the second .reg file (Yes_WFP.reg)
and you're done.

-4)...... Generic Host Process for win32 Services Error

Error Address in RAM Dump
szappname: svchost.exe sczappver: 0.0.0.0 szmodname: unknownszmodver: 0.0.0.0 offset: 00000000.


The couse of this kind of error

1) Your system is infected by spyware
2) Windows update problem

solution for this problem

If you have think that your system is ifected by spyware or malware please download spyboat (http://www.spybot.com/) and scann ur system and fix the problem. if still this problem is not solved please follow this steps

1) Click Start->Run, type "services.msc" (without quotation marks) in the open box
and click OK
2) Double click the service "Automatic Updates".

3) Click on the Log On tab, please ensure the option "Local System account" is selected and option "Allow service to interact with desktop" is unchecked
4) Check if this service has been enabled on the listed Hardware Profile. If not, please click the
Enable button to enable it.
5) Click on the tab "General "; make sure the "Startup Type" is "Automatic". Then please click
the button "Start" under "Service Status" to start the service.
6) Repeat the above steps with the other service: Background Intelligent Transfer Service
(BITS)

Re-register Windows Update components and Clear the corrupted Windows
Update temp folder

to do this thing do the following


1) Click on Start and then click Run.

2) In the open field type "REGSVR32 WUAPI.DLL" (without quotation marks) and press
Enter.
3) When you receive the "DllRegisterServer in WUAPI.DLL succeeded" message, click OK.

4) Please repeat these steps for each of the following commands:

* REGSVR32 WUAUENG.DLL
* REGSVR32 WUAUENG1.DLL
* REGSVR32 ATL.DLL
* REGSVR32 WUCLTUI.DLL
* REGSVR32 WUPS.DLL
* REGSVR32 WUPS2.DLL
* REGSVR32 WUWEB.DLL

After the above steps are finished. Sicne temporary folder of Windows Update may be corrupted. We can refer to the following steps to rename this folder that

1) Click Start, Run, type: cmd and press Enter. Please run the following command in
the opened window

net stop WuAuServ
(note, you might need to reboot before the net stop command will work)


2) Click Start, Run, type: %windir% and press Enter.

3) In the opened folder, rename the folder SoftwareDistribution to SDold.

4) Click Start, Run, type: cmd and press Enter. Please run the following command in
the opened window.

net start WuAuServ


now restart the system

-3)....... recommended site to visite

http://www.lnk.in/jatinxpsp2

-2)...... how to manually remove windows genuine notification

Kill the process wgatray.exe in Windows TaskManager (Select it then right click and select End task) and restart Windows XP in safe mode. Now delete the following files:

Delete WgaTray.exe from c:\windowss\system32
Delete WgaTray.exe from c:\windows\system32\dllcache

Start Windows Registry editor and delete the folder “WGALOGON” located in the following location:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\WinlogonNotify.
Delete all references in your registry to WgaTray.exe (repeat search using F3 function key).

-1).....How to troubleshoot TCP/IP connectivity

INTRODUCTION
There are tools that can provide useful information when you are trying to determine the cause of TCP/IP networking problems under Microsoft Windows XP. This article lists recommendations for using these tools to diagnose network problems. Although this list is not complete, the list does provide examples that show how you can use these tools to track down problems on the network.
TCP/IP troubleshooting tools
loadTOCNode(2, 'moreinformation');
The following list shows some of the TCP/IP diagnostic tools that are included with Windows XP:
Basic tools
*
Network Diagnostics in Help and SupportContains detailed information about the network configuration and the results of automated tests
*
Network Connections folderContains information and configuration for all network connections on the computer. To locate the Network Connections folder, click Start, click Control Panel, and then click Network and Internet Connections.
*
IPConfig commandDisplays current TCP/IP network configuration values, updates, or releases, Dynamic Host Configuration Protocol (DHCP) allocated leases, and display, register, or flush Domain Name System (DNS) names.
*
Ping commandSends ICMP Echo Request messages to verify that TCP/IP is configured correctly and that a TCP/IP host is available.
Advanced tools
*
Hostname commandDisplays the name of the host computer
*
Nbtstat commandDisplays the status of current NetBIOS over TCP/IP connections, updates the NetBIOS name cache, and displays the registered names and scope ID.
*
PathPing commandDisplays a path of a TCP/IP host and packet losses at each router along the way.
*
Route commandDisplays the IP routing table and adds or deletes IP routes.
*
Tracert commandDisplays the path of a TCP/IP host.

To view the correct command syntax to use with each of these tools, type -? at a command prompt after the name of the tool.

Windows XP Professional tools :-

Windows XP Professional contains the following additional tools:

•
Event viewerRecords system errors and events.
•
Computer ManagementChanges network interface drivers and other components

0)..... HOW TO REMOVE WINFILE VIRUS

when you right click on any drive its looks like chinees and do not give you option for open

IT MEANS THAT YOUR PC IS INFECTED BY WUKIL.GEN (WINFILE )

HERE IS THE SOLUTION



1 - Open my computer explorer--->tool options-----> folder options
----->view---->show hidden files and folders

2 - then go to C drive using the explorer by typing this
Command C:\

3 - Delete the [A]autorun.inf [B]and [b]RevMon.exe


4 - Repeat the process in the rest of drives e.g; d,e,f etc


5 - Restart your computer and you will see that now your computer
is norman.and now ehn you right click on any drive it shows open.

6 - In some cases you can not see the above mentioned files
( autorun.inf & RevMon.exe) then you open your drives in
winrar.because the winrar shows all hidden files and folders.you
can also use the winrar for this purpose.

7 - But if your computer is more infected then it will appear after
some time when you deletes these files.you have no need to
worry.Just install zonealram or any other firewall and kill that
process after adding this program.

8 - If you are expert then you can also use software restriction
policies by adding that program to kill it.

9 - You have no need to worry if your computer is infected that virus
becoz that virus does not harm to ur data.

10 - Symantec Antivirus 10.1 is also effective against that program.

11 - Mcafee 7 home or Mcafee 7 enterprise or hire is also remove this virus

1).... suffering from FOLDER.HTT AND DESKTOP.INI (Redloaf virus)

Suffering from FOLDER.HTT and DESKTOP.INI here is the solutin and techincal details

Virus Name :- A. VBS/Redlof@M [McAfee],
B. VBS.Redlof [AVP],
C. VBS_REDLOF.A [Trend],
D. VBS/Redlof-A

Type :- Virus



Infection Length: varies


Systems Affected :- Windows95 , windows 98, windows 2000 . windows NT , windows Xp,
Windows Me


When VBS.Redlof.A runs, it does the following:

It decrypts its viral body and then executes it.

Depending on the location of the Windows System folder, the virus copies itself as one of the following:
%Windir%\System\Kernel.dll
%Windir%\System\Kernel32.dll


NOTE:- %Windir% is a variable. The worm locates the primary Windows installation folder
(by default, this is C:\Windows or C:\Winnt) and copies itself to that location.


The virus makes the following changes to the registry to allow for the execution of
the .dll files as script files:

1) Verifies that the (Default) value of the registry key:

HKEY_CLASSES_ROOT\.dll

is equal to:

dllfile

2) For the registry key:

HKEY_CLASSES_ROOT\.dll

the virus verifies that the value:

Content Typeis equal to:

application/x-msdownload

3) In the registry key:
HKEY_CLASSES_ROOT\dllFile
the virus changes these subkeys:
* DefaultIcon
is changed to the same value as the value of the DefaultIcon subkey that is
underthe registry key:
HKEY_CLASSES_ROOT\vxdfile
* It adds the subkey ScriptEngineand
changes its value to:
VBScript
* It adds the subkey ScriptHostEncodeand
changes its value to:
{85131631-480C-11D2-B1F9-00C04F86C324}



4) In the registry key:
HKEY_CLASSES_ROOT\dllFile\Shell\Open\Command\
the virus adds a (Default) value of:
"%windir%\WScript.exe ""%1"" %*"
or:
"%windir%\System32\WScript.exe ""%1"" %*"


5) In the registry key:
HKEY_CLASSES_ROOT\dllFile\ShellEx\PropertySheetHandlers\WSHProps

the virus sets the (Default) value to:

{60254CA5-953B-11CF-8C96-00AA00B8708C}


6) Copies itself as %Windir%\web\kwjall.gif.

The virus searches for the files that have the file extensions .html, .htm, .asp, .php, .jsp, .htt and .vbs in all the folders and on all the drives, and then infects those files.

VBS.Redlof.A spreads by adding itself as the default stationery that is used to create email messages. The virus:


1) Either copies itself to
C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm or, if that file
already exists, it appends itself to the file.

2) Sets Outlook Express to use stationery by default. To do this, in the registry key:

HKEY_CURRENT_USER\Identities\[Default Use ID]\Software\Microsoft\Outlook
Express\[Outlook Version].0\Mail

the virus sets the value of :
Compose Use Stationery to 1


3) Then, if the following values do not exist, they are created with the following value In
data:

*the registry key:
HKEY_CURRENT_USER\Identities\[Default Use ID]\Software\Microsoft\Outlook
Express\[Outlook Version].0\Mail

the virus changes the value data of:
Stationery Name to

C:\Program Files\Common Files\Microsoft Shared\Stationery\blank.htm

4) * In the registry key:

HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Outlook\Options\Mail

the virus sets the value data of:

EditorPreference to

131072


5) Next, if the following values do not exist, they are created and set to "blank":

The value: 001e0360

in the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging
Subsystem\Profiles\Microsoft Outlook Internet
Settings\0a0d020000000000c000000000000046

The value: 001e0360

in the registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows

NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook

Internet Settings\0a0d020000000000c000000000000046

The value: NewStationery

in the registry key:

HKEY_CURRENT_USER\Software\Microsoft\Office\10.0

\Common\MailSettings

6) In the registry key:

HKEY_CURRENT_USER\Software\Microsoft\Office\10.0

\Outlook\Options\Mail\EditorPreference

the virus sets the value in:

EditorPreference to 131072

7) Finally, in the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

the virus adds the value: Kernel32 and set its to

SYSTEM\Kernel32.dll or SYSTEM\Kernel.dll

Recommendations

Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":

* Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.

* If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.

* Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services (for example, all Windows-based computers should have the current Service Pack installed.). Additionally, please apply any security updates that are mentioned in this writeup, in trusted Security Bulletins, or on vendor Web sites.

* Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.

* Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.

* Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media

* Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.

REMOVAL

Reversing the changes that the virus made to the registry

CAUTION:

Symantec strongly recommends that you back up the registry before you make any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify only the keys that are specified. Read the document, "How to make a backup of the Windows registry," for instructions.

1) Click Start, and then click Run. (The Run dialog box appears.)

2) Type regedit and then click OK. (The Registry Editor opens.)

3) Navigate to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

4) In the right pane, delete the value: Kernel32

5) Navigate to the key:

HKEY_CURRENT_USER\Identities\[Default Use ID]\Software\Microsoft\Outlook

Express\[Outlook Version].0\Mail

6) In the right pane, delete the values:

Compose Use Stationery

Stationery Name

Wide Stationery Name

7) Navigate to the key:

HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Outlook\Options\Mail

8) In the right pane, delete the value:

EditorPreference

9) Navigate to and delete these subkeys:

HKEY_CLASSES_ROOT\dllFile\Shell

HKEY_CLASSES_ROOT\dllFile\ShellEx

HKEY_CLASSES_ROOT\dllFile\ScriptEngine

HKEY_CLASSES_ROOT\dllFile\ScriptHostEncode

10) Exit the Registry Editor.

2).......suffering from RONTOKBRO

Here is the details that can be usefull to U


CATEGORY DESCRIPTION


Virus-like program that spreads automatically to other computers by sending itself out by email or by any other means. A program that propagates itself by attacking other machines and copying itself to the affected machine.

Worms have self-replicating code that travels from machine to machine by various means. A worms first objective is merely propagation. Worms can be destructive depending on what payload they have been given. Worms may replace files, but do not insert themselves into files.



COMMENT

This is a mass mailing worm. It makes system unstable.





When W32.Rontokbro.K@mm is executed, it performs the following actions:


Copies itself as:


%UserProfile%\Local Settings\Application Data\csrss.exe
%UserProfile%\Local Settings\Application Data\inetinfo.exe
%UserProfile%\Local Settings\Application Data\lsass.exe
%UserProfile%\Local Settings\Application Data\services.exe
%UserProfile%\Local Settings\Application Data\smss.exe
%UserProfile%\Local Settings\Application Data\winlogon.exe
%UserProfile%\Start Menu\Programs\Startup\Empty.pif
%UserProfile%\Templates\Brengkolang.com
%Windir%\eksplorasi.exe
%Windir%\ShellNew\sempalong.exe
%System%\[USER NAME]'s Setting.scr

Notes:
%UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
%System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).


#(2#)Creates the following folder, where the variables [X]-[Y] are two random numbers:

%UserProfile%\Local Settings\Application Data\Bron.tok-[X]-[Y]


#(3#)Overwrites C:\Autoexec.bat with the following text:

pause


#(3)#Adds the values:

"Bron-Spizaetus" = ""%Windir%\ShellNew\sempalong.exe""
"Tok-Cirrhatus" = "%UserProfile%\Local Settings\Application Data\smss.exe""

to the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

so that it runs every time Windows starts.


#(4)#Adds the value:

"Tok-Cirrhatus" = "%UserProfile%\Local Settings\Application Data\smss.exe""

to the registry subkey:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

so that it runs every time Windows starts.


#(5)#Adds the value:

"Shell" = "Explorer.exe "%Windir%\eksplorasi.exe""

to the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

so that it runs every time Windows starts.


#(6)#Adds the value:

"NoFolderOptions" = "1"

to the registry subkey:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\Explorer

in an attempt to hide itself from the user.


#(7)#Adds the values:

"DisableRegistryTools" = "1"
"DisableCMD" = "0"

to the registry subkey:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\System

in an attempt to hide itself from the user.


#(8)#Adds the values:

"Hidden" = "0"
"HideFileExt" = "1"
"ShowSuperHidden" = "0"

to the registry subkey:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Explorer\Advanced

in an attempt to hide itself from the user.


#(10)#Adds a task to the Windows scheduler to execute the following file at 5:08 PM every day:

%UserProfile%\Templates\Brengkolang.com


#(11)# Restarts the computer when it detects a window whose title contains one of the
following strings:

1)..
2).@
3) @.
4).ASP
5).EXE
6).HTM
7).JS
8).PHP
9)ADMIN
10)ADOBE
11)AHNLAB
12)ALADDIN
13)ALERT
14)ALWIL
15)ANTIGEN
16)APACHE
17)APPLICATION
18)ARCHIEVE
19)ASDF
20)ASSOCIATE
21)AVAST
22)AVG
23)AVIRA
24)BILLING@
25)BLACK
26)BLAH
27)BLEEP
28)BUILDER
29)CANON
30)CENTER
31)CILLIN
32)CISCO
33)CMD.
34)CNET
35)COMMAND
36)COMMAND PROMPT
37)CONTOH
38)CONTROL
39)CRACK
40)DARK
41)DATA
42)DATABASE
43)DEMO
44)DETIK
45)DEVELOP
46)DOMAIN
47)DOWNLOAD
48)ESAFE
49)ESAVE
50)ESCAN
51)EXAMPLE
52)FEEDBACK
53)FIREWALL
54)FOO@
55)FUCK
56)FUJITSU
57)GATEWAY
58)GOOGLE
59)GRISOFT
60)GROUP
61)HACK
62)HAURI
63)HIDDEN
64)HP.
65)IBM.
66)INFO@
67)INTEL.
68)KOMPUTER
69)LINUX
70)LOG OFF WINDOWS
71)LOTUS
72)MACRO
73)MALWARE
74)MASTER
75)MCAFEE
76)MICRO
77)MICROSOFT
78)MOZILLA
79)MYSQL
80)NETSCAPE
81)NETWORK
82)NEWS
83)NOD32
84)NOKIA
85)NORMAN
86)NORTON
87)NOVELL
88)NVIDIA
89)OPERA
90)OVERTURE
91)PANDA
92)PATCH
93)POSTGRE
94)PROGRAM
95)PROLAND
96)PROMPT
97)PROTECT
98)PROXY
99)RECIPIENT
100)REGISTRY
101)RELAY
102)RESPONSE
103)ROBOT
104)SCAN
105)SCRIPT HOST
106)SEARCH R
107)SECURE
108)SECURITY
109)SEKUR
110)SENIOR
111)SERVER
112)SERVICE
113)SHUT DOWN
114)SIEMENS
115)SMTP
116)SOFT
117)SOME
118)SOPHOS
119)SOURCE
120)SPAM
121)SPERSKY
122)SUN.
123)SUPPORT
124)SYBARI
125)SYMANTEC
126)SYSTEM CONFIGURATION
127)TEST
128)TREND
129)TRUST
130)UPDATE
131)UTILITY
132)VAKSIN
133)VIRUS
134)W3.
135)WINDOWS SECURITY.VBS
136)WWW
137)XEROX
138)XXX
139)YOUR
140)ZDNET
141)ZEND
142)ZOMBIE


#(12)#May also launch a ping flood attack on the following sites:


1) kaskus.com
2) 17tahun.com


#(13)#Gathers email addresses from files with the following extensions on all local drives from C to Y:


1) ASP
2) CFM
3) CSV
4) DOC
5) EML
6) HTML
7) PHP
8) TXT
9) WAB


#(14)Avoids sending itself to email addresses that contain any of the following strings in the domain name:


1) PLASA
2) TELKOM
3) INDO
4) .CO.ID
5) .GO.ID
6) .MIL.ID
7) .SCH.ID
8) .NET.ID
9) .OR.ID
10) .AC.ID
11) .WEB.ID
12) .WAR.NET.ID
13) ASTAGA
14) GAUL
15) BOLEH
16) EMAILKU
17) SATU


#(15)#May append the following prefixes to domain names in an attempt to find Simple Mail Transfer Protocol (SMTP) servers:


1) smtp.
2) mail.
3) ns1.


#(16)#Uses its own SMTP engine to send itself to the email addresses that it finds.

The email has the following characteristics:

From: [SPOOFED]

Subject: [BLANK]

Message:

BRONTOK.A[10] [ By: H[REMOVED]nity ]
-- Hentikan kebobrokan di negeri ini --
1. Penjarakan Koruptor, Penyelundup, Tukang Suap, & Bandar NARKOBA
( Send to "NUSAKAMBANGAN")
2. Stop Free Sex, Aborsi, & Prostitusi
( Go To HELL )
3. Stop pencemaran lingkungan, pembakaran hutan & perburuan liar.
4. SAY NO TO DRUGS !!!

Attachment:

Kangen.exe


#(17)#Copies itself to removable drives and network shares. The filename will be one of the following:


[existingfilename].exe
Data [username].exe

Example:

If calc.exe is in the destination folder, the worm copies itself as calc.exe.exe


RECOMMENDATIONS

Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices

* Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.


* If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied

*Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services (for example, all Windows-based computers should have the current Service Pack installed.). Additionally, please apply any security updates that are mentioned in this writeup, in trusted Security Bulletins, or on vendor Web sites

*Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.

*Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.

* Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.



REMOVAL INSTRUCTIONS
The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

1)
Disable System Restore (Windows Me/XP).
2)
Update the virus definitions.
3)
Run a full system scan and delete all the files detected.
4)
Use the Security Response "Tool to reset shell\open\command registry subkeys."
5)
Delete any values added to the registry.
6)
Delete the scheduled task.


For specific details on each of these steps, read the following instructions.

1)To delete the value from the registry


A. Click Start > Run.
B. Type regedit
C. Click OK.

A. Navigate to the subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

B. In the right pane, delete the value

"Bron-Spizaetus" = ""%Windir%\ShellNew\sempalong.exe""

C. Navigate to the subkey:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

D. In the right pane, delete the value:

"Tok-Cirrhatus" = "%UserProfile%\Local Settings\Application Data\smss.exe""

E. Navigate to the subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

D. In the right pane, reset the value to its default value

"Shell" = "Explorer.exe"

F. Navigate to the subkey:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

G. In the right pane, reset the following value to its default value if required

"NoFolderOptions" = "0" or "NoFolderOptions" = "1"

H. Navigate to the subkey:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\explorer\advanced

I. In the right pane, reset the following values to their default value if required

"Hidden" = "0" or "Hidden" = "1"
"ShowSuperHidden" = "0" or "ShowSuperHidden" = "1"
"HideFileExt" = "0" or "HideFileExt" = "1"

J. Exit the Registry Editor.


To delete the scheduled tasks added by the worm


A. Click Start, and then click Control Panel. (In Windows XP, switch to Classic View.)
B. In the Control Panel window, double click Scheduled Tasks.
C. Right click the task icon and select Properties from pop-up menu.

The properties of the task is displayed.


D. Delete the task if the contents of the Run text box in the task pane, matches the following

%UserProfile%\Templates\Brengkolang.com

3)........How to use System files to create a boot disk to guard against being unable to start Windows XP

INTRODUCTION

If your computer uses an Intel x86-based processor, and the startup record for the active partition or files that you must have to start Windows become corrupted, you may not be able to start your computer. This article describes how to create a startup disk. With a startup disk, you can start your computer if the startup record becomes corrupte


MORE INFORMATION
Create a Windows startup disk when you first install Windows on the computer. This disk is different from an MS-DOS startup disk. Unlike MS-DOS, the whole Windows operating system cannot fit on one floppy disk. A Windows startup disk contains only the files that you must have to start the operating system with the remainder of the Windows system files installed on the hard disk drive. To create the startup disk, follow these steps:


##1. Insert a blank floppy disk in drive A, and then format the disk by using Windows XP.
##2. From the root folder of the system partition of your hard disk drive (for example, C:\-), copy the following files to the floppy disk:
(1)Boot.ini
(2)NTLDR
(3)Ntdetect.com
NOTE:- You may have to remove the hidden, system, and read-only attributes from the files.
##3. Restore the hidden, system, and read-only attributes to the files on your hard disk if you removed these attributes.
##4. If the Bootsect.dos file or the Ntbootdd.sys file resides in the system partition, repeat steps 2 through 4 to copy these files to the boot disk.
If you format a floppy disk in Windows XP, the startup record points to the NTLDR file. When NTLDR runs, it loads the available operating system selections from the Boot.ini file. If you select Windows, NTLDR runs Ntdetect.com, and then passes control to Osloader.exe. If you select MS-DOS or OS/2, NTLDR loads Bootsect.dos.

and your system will be UP ....( if there is no any problem with ur BOOT.INI file ...if there is any problem with ur BOOT.INI please see the artical BOOT.INI PROBLEM ISSUE ON THIS SITE)

4).......MY Documents folder auto opens every time

Every time that you log on to the computer, the My Documents folder automatically opens. This symptom occurs after you install Microsoft Windows XP Service Pack 2 (SP2).

SOLUTION TO THIS PRO. is as under




* Click Start, click Run, type regedit in the Open box, and then click OK.

* Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon


* In the right pane, right-click Userinit, and then click Modify.

* In the Edit String dialog box, type Windows installation drive letter:\WINDOWS\system32\userinit.exe under Value data, and then click OK.

* Locate and then click the following registry subkey:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

* In the right pane, right-click PersistBrowsers, and then click Modify.

* In the Edit DWORD Value dialog box, type 0 under Value data, and then click OK.

* Quit Registry Editor, and then restart the computer

5)......BOOT.INI Problems

When you start your computer, the Boot options may show two or more Operating System entries, out of which some may be invalid.



simple solution



The additional entries can be removed by modifying the Boot.ini file. Alternately, you can use the Check All Boot Paths option available in MSConfig (System Configuration utility).

*Click Start, Run and type MSCONFIG

*Select the Boot.ini tab

*Click Check All Boot Paths button

MSConfig will now quickly verify each line mentioned in the Boot.ini to check if they are valid. If orphaned entries are detected, you'll be prompted with this dialog:


It appears that the following line in the BOOT.INI file does not refer to a valid operating system:
"multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional " /fastdetect /NoExecute=OptIn"


Would you like to remove it from the BOOT.INI file?

Choose Yes when the dialog box appears. This will remove the incorrect entry from Boot.ini file.

6)......The command prompt has been disabled by your administrator

When you attempt to run CMD.exe or a batch file, you may receive the message "The command prompt has been disabled by your administrator". This is caused by restrictions placed in Registry. (value is set to 1 or via Group Policy. To enable Task Manager, try this methods:)





ERROR..........The command prompt has been disabled by your administrator....... ((just enable it ...man ..... U R only the Administrator.... isnt it????))))


do the following thing to be able to run CMD.EXE

Click Start, Run and type this command exactly as given below: (better - Copy and paste)

REG add HKCU\Software\Policies\Microsoft\Windows\System /v DisableCMD /t REG_DWORD /d 0 /f

and press Enter

7).....Restore IE toolbar

IE TOOLBAR IS MISSING...... NO PROBLEM ------
!
!
\/



copy the following text .. pest it in notepad and silect save as option type save as name like this "IERESET.REG" and run it (((( simple... man just silect it and press enter)))))

REGEDIT4
; Unlocks the Homepage; Restores all the tabs; Removes all IE restrictions including Toolbar restrictions
[-HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]
[-HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions]
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions]
[-HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel]
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel]
[-HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions]
[-HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions]
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions]
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel]"HomePage"=dword:00000000
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]"HomePage"=dword:00000000
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions]"NoSetHomePage"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]"NoToolbarCustomize"=dword:00000000"NoBandCustomize"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]"NoToolbarCustomize"=dword:00000000"NoBandCustomize"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Show_FullURL"="no""Show_ToolBar"="yes""Show_URLToolBar"="yes""Start Page"="about:blank""Show_StatusBar"="yes""Show_URLinStatusBar"="yes""Window_Placement"=-

8).....Registry Editing has been disabled by your administrator

Registry Editing has been disabled by your administrator (HOT Problem nowadays)



Problem:-
This error occurs if the DisableRegistryTools Policy is enabled. With this policy enabled, you receive the following error message when you start the Registry Editor (regedit.exe):


simple solution....... :-)

For standalone Windows XP systems, perform the steps below to remove the registry editing restrictions.


1. Click Start, Run and type this command:


REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f



now You should be able to launch the Registry Editor. Please say thnx to me

9)......HOW TO SPEED UP WINDOWS XP

DO AS I SAY ....( YOU HAVE TO DO 10 THINGS) AND SPEED UP UR PC (running xp sp2)



1. Disable Indexing Services

Indexing Services is a small little program that uses large amounts of RAM and can often make a computer endlessly loud and noisy. This system process indexes and updates lists of all the files that are on your computer. It does this so that when you do a search for something on your computer, it will search faster by scanning the index lists. If you don’t search your computer often, or even if you do search often, this system service is completely unnecessary. To disable do the following:

Go to Start
Click Settings
Click Control Panel
Double-click Add/Remove Programs
Click the Add/Remove Window Components
Uncheck the Indexing services
Click Next

2. Optimise Display Settings

Windows XP can look sexy but displaying all the visual items can waste system resources. To optimise:

Go to Start
Click Settings
Click Control Panel
Click System
Click Advanced tab
In the Performance tab click Settings
Leave only the following ticked:
Show shadows under menus
Show shadows under mouse pointer
Show translucent selection rectangle
Use drop shadows for icons labels on the desktop
Use visual styles on windows and buttons


3. Speedup Folder Browsing

You may have noticed that everytime you open my computer to browse folders that there is a slight delay. This is because Windows XP automatically searches for network files and printers everytime you open Windows Explorer. To fix this and to increase browsing significantly:

Open My Computer
Click on Tools menu
Click on Folder Options
Click on the View tab.
Uncheck the Automatically search for network folders and printers check box
Click Apply
Click Ok
Reboot your computer


4. Disable Performance Counters

Windows XP has a performance monitor utility which monitors several areas of your PC’s performance. These utilities take up system resources so disabling is a good idea.

To disable:

download and install the Extensible Performance Counter List
Then select each counter in turn in the ‘Extensible performance counters’ window and clear the ‘performance counters enabled’ checkbox at the bottom.button below


Improve Memory Usage

Cacheman Improves the performance of your computer by optimizing the disk cache, memory and a number of other settings.

Once Installed:

Go to Show Wizard and select All
Run all the wizards by selecting Next or Finished until you are back to the main menu. Use the defaults unless you know exactly what you are doing
Exit and Save Cacheman
Restart Windows


6. Optimise your internet connection

There are lots of ways to do this but by far the easiest is to run TCP/IP Optimizer.

Download and install
Click the General Settings tab and select your Connection Speed (Kbps)
Click Network Adapter and choose the interface you use to connect to the Internet
Check Optimal Settings then Apply
Reboot



7. Optimise Your Pagefile

If you give your pagefile a fixed size it saves the operating system from needing to resize the page file.

Right click on My Computer and select Properties
Select the Advanced tab
Under Performance choose the Settings button
Select the Advanced tab again and under Virtual Memory select Change
Highlight the drive containing your page file and make the initial Size of the file the same as the Maximum Size of the file.
Windows XP sizes the page file to about 1.5X the amount of actual physical memory by default. While this is good for systems with smaller amounts of memory (under 512MB) it is unlikely that a typical XP desktop system will ever need 1.5 X 512MB or more of virtual memory. If you have less than 512MB of memory, leave the page file at its default size. If you have 512MB or more, change the ratio to 1:1 page file size to physical memory size.



8. Run BootVis - Improve Boot Times

BootVis will significantly improve boot times

Download and Run
Select Trace
Select Next Boot and Driver Trace
A Trace Repetitions screen will appear, select Ok and Reboot
Upon reboot, BootVis will automatically start, analyze and log your system’s boot process. When it’s done, in the menu go to Trace and select Optimize System
Reboot.
When your machine has rebooted wait until you see the Optimizing System box appear. Be patient and wait for the process to complete


PLEASE GO TO THIS LINK TO DOWNLOAD MSBOOTVIS.EXE

http://www.majorgeeks.com/downloadget.php?id=664&file=10&evp=42bcbfb72b106c700fe6d18eb6c20dbe


9. Remove the Desktop Picture

Your desktop background consumes a fair amount of memory and can slow the loading time of your system. Removing it will improve performance.

Right click on Desktop and select Properties
Select the Desktop tab
In the Background window select None
Click Ok


10. Remove Fonts for Speed

Fonts, especially TrueType fonts, use quite a bit of system resources. For optimal performance, trim your fonts down to just those that you need to use on a daily basis and fonts that applications may require.

Open Control Panel
Open Fonts folder
Move fonts you don’t need to a temporary directory (e.g. C:\FONTBKUP?) just in case you need or want to bring a few of them back. The more fonts you uninstall, the more system resources you will gain.
Hope you find these 10 tips useful please leave a comment below and please share any other tips you may have with other readers.

10).....NTLDR IS MISSIMG

NTLDR MISSING PROBLEM




NTLDR is Missing.

Related errors:

Below are the full error messages that may be seen when the computer is booting.

NTLDR is Missing
Press any key to restart

Boot: Couldn't find NTLDR
Please insert another disk

NTLDR is missing
Press Ctrl Alt Del to Restart

Cause:

Computer is booting from a non-bootable source.
Computer hard disk drive is not properly setup in BIOS.
Corrupt NTLDR and/or NTDETECT.COM file.
Misconfiguration with the boot.ini file.
Attempting to upgrade from a Windows 95, 98, or ME computer that is using FAT32.
New hard disk drive being added.
Corrupt boot sector / master boot record.
Seriously corrupted version of Windows 2000 or Windows XP.
Loose or Faulty IDE/EIDE hard disk drive cable.
Solutions:

Computer is booting from a non-bootable source
Many times this error is caused when the computer is attempting to boot from a non-bootable floppy disk or CD-ROM. First verify that no floppy diskette is in the computer, unless you are attempting to boot from a diskette.

If you are attempting to boot from a floppy diskette and are receiving this error message it is likely that the diskette does not have all the necessary files and/or is corrupt.

If you are attempting to install Windows XP or Windows 2000 and are receiving this error message as the computer is booting verify that your computer BIOS has the proper boot settings. For example, if you are attempting to run the install from the CD-ROM make sure the CD-ROM is the first boot device, and not the hard disk drive.

Second, when the computer is booting you should receive the below prompt.

Press any key to boot from the CD

Important: When you see this message press any key such as the Enter key immediately, otherwise it will try booting from the hard drive and likely get the NTLDR error again.

Note: If you are not receiving the above message and your BIOS boot options are set properly it's also possible that your CD-ROM drive may not be booting from the CD-ROM properly. Verify the jumpers are set properly on the CD-ROM drive. Additional information about checking the CD-ROM drive connections can be found on document CH000213.

Additional information: This error has also been known to occur when a memory stick is in a card reader and the computer is attempting to boot from it. If you have any type of card reader or flash reader make sure that no memory stick is inside the computer.

Computer hard disk drive is not properly setup in BIOS
Verify that your computer hard disk drive is properly setup in the BIOS / CMOS setup. Improper settings can cause this error. Additional information on how to enter the BIOS / CMOS setup can be found in document CH000192.

Corrupt NTLDR and/or NTDETECT.COM file
Windows 2000 users
Windows XP users

Windows 2000 users

If your computer is using Microsoft Windows 2000 and you are encountering the NTLDR error. Create the below boot.ini file on the floppy diskette drive.

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Professional" /fastdetect

Copy the NTLDR and NTDETECT.COM files from another computer using the same Operating System. Both of these files are located in the root directory of the primary hard disk drive. For example, C:\NTLDR and C:\NTDETECT.COM should be the locations of these files on many computers.

Please keep in mind that these files are hidden system files, if you need additional help with viewing hidden files in Windows please see document CH000516.
Once these files have been copied to a floppy diskette reboot the computer and copy the NTLDR and NTDETECT.COM files to the root directory of the primary hard disk drive. Below is an example of what commonly should be performed from the A:\> drive.

copy ntldr c:
copy ntdetect.com c:

After the above two files have been copied, remove the floppy diskette and reboot the computer.

Windows XP users

Insert the Windows XP bootable CD into the computer.
When prompted to press any key to boot from the CD, press any key.
Once in the Windows XP setup menu press the "R" key to repair Windows.
Log into your Windows installation by pressing the "1" key and pressing enter.
You will then be prompted for your administrator password, enter that password.
Copy the below two files to the root directory of the primary hard disk. In the below example we are copying these files from the CD-ROM drive letter "E". This letter may be different on your computer.

copy e:\i386\ntldr c:\
copy e:\i386\ntdetect.com c:\


Once both of these files have been successfully copied, remove the CD from the computer and reboot.
Misconfiguration with the boot.ini file
Edit the boot.ini on the root directory of the hard disk drive and verify that it is pointing to the correct location of your Windows Operating System and that the partitions are properly defined. Additional information about the boot.ini can be found on document CH000492.

Attempting to upgrade from a Windows 95, 98, or ME computer that is using FAT32
If you are getting this error message while you are attempting to upgrade to Windows 2000 or Windows XP from Windows 95, Windows 98, or Windows ME running FAT32 please try the below recommendations.

Boot the computer with a Windows 95, Windows 98 or Windows ME bootable diskette.
At the A:\> prompt type:

sys c:


After pressing enter you should receive the "System Transferred" message. Once this has been completed remove the floppy diskette and reboot the computer.
New hard disk drive being added
If you are attempting to add a new hard disk drive to the computer make sure that drive is a blank drive. Adding a new hard disk drive to a computer that already has Windows installed on it may cause the NTLDR error to occur.

If you are unsure if the new drive is blank or not try booting from a bootable diskette and format the new hard disk drive.

Corrupt boot sector / master boot record
It's possible your computer's hard disk drive may have a corrupt boot sector and/or master boot record. These can be repaired through the Microsoft Windows Recovery console by running the fixboot and fixmbr commands.

Additional information and help in getting into the Microsoft Windows Recovery console can be found on document CH000627.

Seriously corrupted version of Windows 2000 or Windows XP
If you have tried each of the above recommendations that apply to your situation and you continue to experience this issue it is possible you may have a seriously corrupted version of Microsoft Windows. Therefore we would recommend you reinstall Microsoft Windows 2000 and Windows XP.

If you are encountering this issue during your setup you may wish to completely erase your computer hard disk drive and all of its existing data and then install Microsoft Windows 2000 / Windows XP. Additional information about erasing the computer and starting over can be found on document CH000186.

Loose or Faulty IDE/EIDE hard disk drive cable
This issue has been known to be caused by a loose or fault IDE/EIDE cable. If the above recommendation does not resolve your issue and your computer hard disk drive is using an IDE or EIDE interface. Verify the computer hard disk drive cable is firmly connected by disconnected and reconnecting the cable.

If the issue continues it is also a possibility that the computer has a faulty cable, try replacing the hard disk drive cable with another cable and/or a new cable.