Virus: Worm:Win32/Sober.AH@mm

Virus Encyclopedia: Worm:Win32/Sober.AH@mm

Worm:Win32/Sober.AH@mm is a mass-mailing e-mail worm that sends itself in either English or German language e-mail, depending on the domain suffix of the infected user. Typically, the Win32/Sober worm family downloads additional malicious files at pre-determined times and locations. These files are commonly proxies that are used to relay spam from infected systems.

How do I know if my computer is infected?

The following symptoms may be indicative of a Worm:Win32/Sober.AH@mm infection:

Presence of the following subfolder:

%windir%\pooldata\

Presence of the following files in %windir%\pooldata\:

services.exe

smss.exe

csrss.exe

Note: the presence of the filenames themselves are not indicative of infection, unless specifically located in the aforementioned folder.

Presence of the following registry modifications:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

"_WinData" = "%windir%\pooldata\services.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

“Windata” = "%windir%\pooldata\services.exe"

Recovery Instructions

To manually recover from infection by Worm:Win32/Sober.AH@mm, follow these steps:

Disconnect from the Internet.
Restart your computer in safe mode.
End the worm process.
Delete the main worm file from your computer.
Delete the worm registry entries.
Restart your computer.
Take steps to prevent re-infection.

Disconnect from the Internet

To help ensure that the computer is not actively infecting other computers, disconnect it from the Internet before proceeding. Print this Web page or save a copy on your computer; then unplug your network cable and disable your wireless connection. You can reconnect to the Internet after completing these steps.

Restart your computer in safe mode

To start your computer in safe mode

Remove all floppy disks and CDs from the computer, and then restart the computer.
When prompted, press F8. If Windows starts without displaying the Please select the operating system to start menu, restart your computer. Press F8 after the firmware POST process completes, but before Windows displays graphical output.
From the Windows Advanced Options menu, select a safe mode option.

End the worm process

To end the worm process

Press CTRL+ALT+DEL once and click Task Manager.
Click Processes and click Image Name to sort the running processes by name.
Select the process services.exe if it exists, and click End Process.

Delete the main worm file from your computer

To delete the main worm file from your computer

Click Start, and click Run.
In the Open field, type %windir%\pooldata\services.exe
Click OK.
Click Name to sort files by name.
Delete the file services.exe if it is in the list.
On the Desktop, right-click the Recycle Bin and click Empty Recycle Bin.
Click Yes to confirm the deletion.

If deleting the file fails, use the following steps to verify that process services.exe is not running:

Press CTRL+ALT+DEL once and click Task Manager.
Click Processes and click Image Name to sort the running processes by name.
Confirm that services.exe is not in the list.
Repeat these steps to locate and remove %windir%\pooldata\smss.exe and %windir%\pooldata\csrss.exe

Delete the worm registry entries

Worm:Win32/Sober.AH@mm creates entries in the Windows registry that cause the worm to run each time Windows starts. These entries should be deleted.

To delete the worm registry entries

On the Start menu, click Run.
Type regedit and click OK.
In the left pane, navigate to the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
In the right pane, right-click the following value, if it exists: Windata
Click Delete and click Yes to delete the value.
In the left pane, navigate to the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
In the right pane, right-click the following value, if it exists: _WinData
Click Delete and click Yes to delete the value.
Close the Registry Editor.

Restart your computer

To restart your computer

On the Start menu, click Shut Down.
Select Restart from the drop-down list and click OK.

Infections in virus scan

Infections in virus scan
When I scan my laptop, i find infections in MBR , ntoskrnl.exe, shell32.dll, user32.dll, kernel32.dll by AVG. In the result, it shows no threats. please help.

This fdisk command will allow you to recreate the Master Boot Record or MBR. Although this can be dangerous, it is a quick way to fix many boot issues... if you know what you are doing.
1. Click Start
2. Click Run
3. Type CMD and hit ENTER
4. From this dos box command line:

FDISK /MBR
This rebuilds the boot sector of the first bootable hard disk based on current disk structure. The partition table information should not be altered.

This is usually used to repair a damaged, corrupted, or infected master boot record.

RESET your BIOS settings.

RESET your BIOS settings.
First try to RESET your BIOS settings.
If you can enter your BIOS then make it the default factory settings mode.
If you cannot enter into the BIOS then look for the two pins near the CMOS battery and remove them fora while to make them unshorted. this will reset your system BIOS. Look into the image for more how to reset the BIOS using Jumper settings.

How to remove icons from system tray

How to remove icons from system tray

Run -> msconfig.exe -> go to the option "startup" and uncheck the unwanted items and restart the system. This will work on windows 98/xp. But for windows 2000 you have to download it(you can copy msconfig.exe from a windows xp machine also) and put in c:\winnt folder.

Windows XP Unread Mail Count

Windows XP Unread Mail Count

Windows XP's logon screen lists the number of unread email messages associated with the user account. The message count is taken from all email accounts checked within the last 3 days using Outlook Express, Outlook, Messenger (Hotmail/MSN), and the MSN browser client. This includes not only your accounts, but those of anyone who used your computer to check their email.

The unread message count is stored in the registry at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\UnreadMail and each account ever checked from this computer in the count is listed as subkeys under this key. Their unread count is only included in the total shown on the logon screen if they were checked within the last 3 days.

This can be deleted from the registry

I cannot open my Drive by double click

Open notepad, paste the following code and save the file as drive_open.reg and then double click it. Click on Yes

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Drive]
@="Drive"
"EditFlags"=hex:d2,01,00,00

[HKEY_CLASSES_ROOT\Drive\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00 ,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00 ,32,00,5c,00,73,00,68,00,\
65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c ,00,2c,00,38,00,00,00

[HKEY_CLASSES_ROOT\Drive\shell]
@="none"

[HKEY_CLASSES_ROOT\Drive\shell\find]
"SuppressionPolicy"=dword:00000080

[HKEY_CLASSES_ROOT\Drive\shell\find\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00 ,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00 ,72,00,2e,00,65,00,78,00,\
65,00,00,00

[HKEY_CLASSES_ROOT\Drive\shell\find\ddeexec]
@="[FindFolder(\"%l\", %I)]"
"NoActivateHandler"=""

[HKEY_CLASSES_ROOT\Drive\shell\find\ddeexec\applica tion]
@="Folders"

[HKEY_CLASSES_ROOT\Drive\shell\find\ddeexec\topic]
@="AppProperties"

[HKEY_CLASSES_ROOT\Drive\shellex]

[HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandler s]

[HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandler s\Offline Files]
@="{750fdf0e-2a26-11d1-a3ea-080036587f03}"

[HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandler s\Sharing]
@="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"

[HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandler s\Symantec.Norton.Antivirus.IEContextMenu]
@="{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

[HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandler s\{59099400-57FF-11CE-BD94-0020AF85B590}]

[HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandler s\{cc86590a-b60a-48e6-996b-41d25ed39a1e}]
@="Portable Media Devices Menu"

[HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandler s\{fbeb8a05-beee-4442-804e-409d6c4515e9}]
@=""

[HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions]

[HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{ fbeb8a05-beee-4442-804e-409d6c4515e9}]
@=""
"DriveMask"=dword:00000020

[HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandl ers]

[HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandl ers\Sharing]
@="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"

[HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandl ers\{1F2E5C40-9550-11CE-99D2-00AA006E086C}]

[HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandl ers\{7988B573-EC89-11cf-9C00-00AA00A14F56}]
@=""

[HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandl ers\{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}]

[HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandl ers\{fbeb8a05-beee-4442-804e-409d6c4515e9}]
@=""

Locating a Lost Nortan Antivirus Product Key

Locating a Lost Nortan Antivirus Product Key

start-> Run-> regedit.exe

Locate:
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\CCPD-LC\KStore\00000082\0000000f\0000001b
find on the right side

A simple Batch program

A simple Batch program

Open an MS-DOS command window or get to MS-DOS

# At the MS-DOS prompt, type edit test.bat and press enter.
# If typed properly, you should now be in a blue screen. Within the screen, type:

pause
dir c:\windows
dir c:\windows\system

Microsoft Windows

# Click Start
# Click Run
# Type "notepad" and press enter.
# Once notepad is open, type the below lines in the file or copy and paste the below lines into notepad.

@echo off
echo Hello this is a test batch file
pause
dir c:\windows

Lock the screen (Windows 2000): using batch program

RUNDLL32 USER32.DLL,LockWorkStation

save as .bat

Transcend Unveils 32GB Flash Drive in India

Transcend announced the launch of its latest high-capacity USB flash drive - the 32GB JetFlash V60 in India. It’s the first brand selling 32GB pen drives with in India.

About the size of an AA battery (61mm x 18.6mm x 9.8mm), the JetFalsh V60 is small and light enough to be taken anywhere. With its 32GB memory capacity, users can easily store their personal files, music, digital photos, and even full-length HDTV movies.

The 32GB JetFalsh V60 is also equipped with some useful software tools designed for computer users. The JetFlash elite software suite can be installed to run directly from the JetFlash drive when you plug it in, and includes seven time-saving data management functions, including: Website AutoLogin, PC-Lock, Mobile Favorites, Secret-Zip encryption, Mobile E-mail, DataBackup and Online Update.

Priced at Rs. Rs. 7,300, the JetFlash V60 also supports Windows 98SE / Me / 2000 / XP / Vista, Mac and Linux and comes with a 3 year warranty.

Microsoft Announces Open Source Interoperability Initiative

Microsoft Announces Open Source Interoperability Initiative

Microsoft has announced Open Source Interoperability Initiative. From the announcement press release :

The Open Source Interoperability Initiative exists to foster more open engagement between Microsoft and open source communities. It will encompass a broad range of facilities, events, and resources supporting interoperability, including labs, plug fests, technical content and opportunities for ongoing cooperative development. Microsoft plans to publish APIs and protocols that are used by Windows Vista (including the .NET Framework), Windows Server 2008, SQL Server 2008, Office 2007, Exchange Server 2007 and Office SharePoint Server 2007 — as well as their future versions. Also Microsoft will not require developers to license or pay royalties for this information. Specifically, Microsoft is implementing four new interoperability principles and corresponding actions across its high-volume business products: (1) ensuring open connections; (2) promoting data portability; (3) enhancing support for industry standards; and (4) fostering more open engagement with customers and the industry, including open source communities.

Microsoft also agreed not to sue developers of open-source software and releasing tons of API.

Remove Brontok ur self .NO NEED OF ANY ANTIVIRUS

Remove Brontok ur self .NO NEED OF ANY ANTIVIRUS

Start ur computer in safe mode with command prompt and type the following command to enable registry editor:-

reg delete HKCU\software\microsoft\windows\currentversion\policies\system /v "DisableRegistryTools"
and run HKLM\software\microsoft\windows\currentversion\policies\system /v "DisableRegistryTools"

after this ur registry editor is enable
type explorer
go to run and type regedit
then follow the following path :-
HKLM\Software\Microsoft\Windows\Currentversion\Run

on the right side delete the entries which contain 'Brontok' and 'Tok-' words.

after that restart ur system
open registry editor and follow the path to enable folder option in tools menu

HKCU\Software\Microsoft\Windows\Currentversion\Policies\Explorer\ 'NoFolderOption'
delete this entry and restart ur computer

and search *.exe files in all drives (search in hidden files also)
remove all files which are display likes as folder icon.

ur computer is completely free from virus brontok

"--Increase BroadBand Speed Upto 20%--"

If you are using a BroadBand connection at your home and using Windows Xp as your Operating System, and you feel that your BB speed is a bit less, then in that case you have the option to increase your Broadband speed upto 20%.

HOW? Well this is what you need to do.

1. First of all make sure you are logged in as Administrator.
2. Go to Start -> Run -> gpedit.msc, press OK.
3. Then go to Computer Configuration -> Administrative Templates -> Network -> QoS packet Scheduler.
4. On the right it will give you the option of “Limit Reservable bandwidth”, open and and select “Enabled”, and change the value to 0.

Improve Hard Disk Speed

Improve Hard Disk Speed

If hard disk of your computer or server is taking too much time to get the result, then to improve your hard disk speed you will need to configure a special buffer in the computer’s memory in order to enable it to better deal with interrupts made from the disk. This tip is only recommended if your computer or server has 256MB RAM or higher.

Step 1:

Run SYSEDIT.EXE from the Run command.

Step 2:

Expand the system.ini file window.

Step 3:

Scroll down almost to the end of the file till you find a line called [386enh].

Step 4:

Press Enter to make one blank line, and in that line type

Irq14=4096

Note: This line IS CASE SENSITIVE!!!

Step 5:Click on the File menu, then choose Save.

Step 6:

Close SYSEDIT and reboot your computer or server.

Done.

Speed improvement will be noticed after the computer reboots.

A TRICK to get a warranty replace phone

You bought a nokia phone about a year ago and warranty will be soon over.You wish you could get a new phone?

Well this is how we do it:

Remove battery cover and battery
Connect a 12V DC power supply to the phone's battery connector
as shown in the picture
An IC will then burn internally and your phone will die.There will be no sign of it so Nokia technicians won't see that you did something to your phone and will replace it with a new one.

Do not try this if your phone is not under warranty
Do not try this if you suspect or you are not sure if your phone has ever suffered liquid or drop damage
Do not try this if you don't understand what I'm talking about
TRY THIS AT UR OWN RISK..DONT BLAME.ME..

```Symbian Mobile Tricks And Tips```

Tip 1 : Do u know how to use the edit button (abc or pencil button)?
Heres how… in the inbox for example; u wanna delete multiple sms, simply hold the edit button, scroll down, and then, press c to delete the marked sms. The edit button can also b used to copy and past text in sms, simply hold it and scroll across, choose copy. pretty good for placing song names in ngages

Tip 2 : ….happens, on a smartphone, its inevitable u do something wrong, and tis calls for a format of fone. to format the fone, press *#7370#, then enter the lock code(12345). NOTE: batt must b Charged it take 3-4 min, else if format is disrupted by low batt, consequences will b disatrous
I heard the code *#7780# works too, pretty much the same i tink.
for 6600 users, to format the fone, theres an alternative way. Press and hold <3>, <*>, and the buttons, then power on fone, keep holding on the 3 buttons, till u come to a format screen. tis method ONLY works on 6600, and need not enter the sec code. BUT sec code wun be reset to default 12345.

Tip 3 : TO NGAGE USERS; Did u know u can install .sis files simply using the cable given? Juz plug it in, place the .sis file anywhere on e: (the mmc), not in any folders, root of e:, disconnect, then look for it in manager.

Tip 4: Save on battery and system memory being used by regulary checking the task manager which can be accessed by holding down the menu button!!

Tip 5: Type *#06# to display your IMEI serial number, very valuable for the unlocking your phone to other sim cards

Tip 6: Type *#0000# to view which firmware version you are running
Tip 4a: Set the screen saver to a short time out period to prolong battery life.
Tip 4b: Avoid restarting the phone, or repeatedly turning it on and off. This helps increase battery life.

Tip 7: If you would like to avoid being “blue jacked”, keep bluetooth turned off, or set your phone’s visibility to hidden.

Tip 8: Don’t want to carry a watch and a phone? Set the screen saver to show date and time, then you can ditch the watch.

Tip 9: Save memory when installing apps, by installing over bluetooth. This can be done using the nokia phone suite and a bluetooth serial connection. Only works with .SIS files, so java still has to be sent to the phone, but will save space when using .SIS files.

Tip 10: Operator logos
Use a filemanager like FExplorer or SeleQ to add the folders: “c:/system/Apps/phone/oplogo”. Add a .bmp picture to folder “oplogo” and restart your phone! The .bmp picture size needs to be: 97 x 25 pixels

Tip 11: Check if the recepients phone is on
Delivery reports
or
Type *0# your message in the message composer window space then write your message, the recipient will not see the star zero hash bit - just the message When they read it it will relay a message back to your fone showing the time they recieved it. (haven’t yet tried it myself though)

Tip 12: BlueJacking
First up, you need to know what Bluetooth is. There are lots of types of modern devices that incorporate Bluetooth as one of their many features. PDAs, mobile phones and laptops are a few of these modern devices. Bluetooth means that Bluetooth enabled devices can send things like phonebook/address book contacts, pictures & notes to other Bluetooth enabled devices wirelessly over a range of about 10 metres. So, we’ve got past the boring part. Now, using a phone with Bluetooth, you can create a phonebook contact and write a message, eg. ‘Hello, you’ve been bluejacked’, in the ‘Name’ field. Then you can search for other phones with Bluetooth and send that phonebook contact to them. On their phone, a message will popup saying “‘Hello, you’ve been bluejacked’ has just been received by Bluetooth” or something along those lines. For most ‘victims’ they will have no idea as to how the message appeared on their phone.

Tip 13: While you are viewing a picture in your phone’s gallery, press one of these shortcut keys (definitely works on 6600, not sure about other symbians)
1 - turn image anticlockwise
3 - turn image clockwise
* - toggle on/off of full screen
5 - zoom in
0 - zoom out
#15 u can select all files in a folder by selecting THE folder and copy it then paste it somewhere. however u need to make a new directory. fexplorer wun let u copy that folder together. well seleQ can mark files to copy but it really takes time!
#16: A soft and Hard reset
A Soft-reset - the process of resetting all the settings of the phone to the factory default! No applications are deleted! A Hard-reset is like formatting a drive! It does format the memory. Everything that has been installed after the first use of the phone is deleted! It will recover the memory of the phone to the state you purchased it! It is done by inputing the following code: *#7370# code:12345 NOTE: The battery must not be low it takes 3-4min.
#17: Formats of images
supported ones: JPG UPF GIF87a/89a WBMB MBM TIFF/F PNG EXIF
How to copy & paste text in your Nokia 3650:
Press and hold the pencil key and select your text using the scroll key.
Left function key will change to ‘Copy’. Press it to copy the selected text to clipboard.
You can paste the clipboard contents the same way:
press and hold the pencil key and press ‘Paste’. Or, press pencil key once and select ‘Paste’.
Press and hold the Menu key to open the application switching window, where you can *duh* switch between applications.
If a program hangs and you can’t shut it down, select the application in the
application switching window and press ‘C’ to kill it. It’s also a faster way to exit programs.
Turn on/off the “click” sound made by the camera by selecting the ‘Silent’ profile or by turning warning tones on/off:
Menu > Profiles > “select your activated profile” > Personalise > Warning tones > On/Off.
(This also effects the sound of Java games and apps).
To change background image go to:
Menu > Tools > Settings > Phone > Standby mode > Background image > Yes > “choose an image”.
The best size for background images is 174×132 pixels.
Only got blue, green and purple in your 3650 colour palette?
This free app adds 3 more colours: Palette Extender.
Display an image when someone’s calling:
Menu > Contacts > “select a contact card” > Options > Edit > Options > Add thumbnail > “choose an image”.
Add a personal ringing tone to a contact:
Menu > Contacts > “select a contact card” > Options > Open > Options > Ringing tone > “choose a ringing tone”.
Delete all messages from your Inbox at once:
Menu > Messaging > Inbox > Options > Mark/Unmark > Mark all > Options > Delete.
Send or hide your caller ID: Go to: Menu > Tools > Settings > Call > Send My
Caller ID > ‘Yes’, ‘No’ or ‘Set By Network’ to follow the default settings of your home network.
If you often copy large files to your MultiMedia Card, I recommend a card reader.
E.g. With a card reader it takes only 12 seconds to copy a 10 MB file!
Record the sound of a phone call using the (sound) Recorder.
Menu > Extra’s > Recorder > Options > Record sound clip.
Note: short beeps are audible during call registration.
But there is a 60 second limitation so if you want unlimited sound recording get this app: Extended Recorder.
While writing text, press “#” to switch between upper and lower case and Dictonary on/off (predictive text input).
Press and hold “#” to switch between Alpha mode and Number mode.
Keyboard shortcuts for zooming and rotating images in Images:
1 = zoom in, 0 = zoom out, press and hold to return to the normal view.
2 = rotate anticlockwise, 9 = rotate clockwise, * = full screen.
In standby mode, press and hold the right soft key to activate voice dialling.
To add a voice tag to a phone number, open a contact card and scroll to the phone number and select:
Options > Add voice tag.
You can customize both soft keys located below the screen (in standby mode):
Menu > Tools > Settings > Phone > Standby mode > Left/Right selection key > “select an application”.
In standby mode. press scroll key center (joystick) to go directly to Contacts.
In standby mode, press and hold 0 to launch your wap home page.
In Menu or any subfolder, press numbers 1 - 9 to start the application at that location.
123
456
789
In standby mode,
45# + dials the number on your sim in memory slot 45.
50# + dials slot 50 and so on.
If you have your keylock activated just press the on/off button to turn on your backlight
to look at the time when it’s dark without having to unlock the keypad.
Never, ever, in your whole life, install WildSkinz on your Nokia 3650!!! WildSkinz screws up
the whole 3650 system. It was never intended to work on the 3650, only on the 7650.