dipes.com.np

Sality Killer and Virut Killer

On 6/18/2011 By dipes // No comments:

Every exe in your computer can get infected with sality virus and virut virus if you are not aware of these. Once they get infected your system and other drives, the installation of avira antivirus is fatal as it quarantines all the exe infected virus including the explorer.exe and other all the system programs. Then it will lock you outside of your computer making it unaccessible to the user, forcing the user to reinstallation of the operating system. To fight against them, kaspersky has pretty two tools salitykiller and virutkiller, better says to run them in safe mode, but the virus is smart itself to disable the safe mode as well. They work pretty good in normal mode too but they are exposed to the infected system, themselves are infected with those two creepy virus. So better way run them in the zipped mode and run a full scan. It works.

Here too, its time consuming and the use might thing the formatting and reinstallation of the system may be the easy way to handle this. But the care should be taken to take the backups of user data in the system drive.

However even after the reinstallation if the care is not given the whole system can be reinfected if any one of the infected exe file from the other drivers are executed in the system. Even the drivers should not be installed b4 cleaning the whole system. Running a full scan after the reinstallation of the operating system will do.

Happy killing sality and virut. If you enjoy working with them, test them in virtual OS or vmware.

igfxwt32.exe

On 6/18/2011 By dipes // No comments:

Searching for the trouble at the Internet, its really not that hard to get. But the solution for the problem, thats really hard to get and one has to go for searching and searching to find the real one solution.
A little virus that resides on our computer and that adds an exception in the windows firewall with NETLAN or LANX or any name, its really annoying and moreover the C: drive these folders
c:\sanbox
c:\cwsanbox
c:\program files\wireshark

Everytime you delete it, it does not hesitate to get itself deleted but once your computer wakes up after reboot those folders are there with some exe files within them. The presence of this virus can be detected by autoruns tool at the startup tab with the name of Intel Wifi Service with the missing publisher name of the file, pointing to the file igfxwt32.exe in system32 folder of the system drive.

The unlocker tools also fails to delete the file igfxwt32.exe, it says it will be able to delete the file after the reboot but never will. The malware bytes which is free to try comes to the rescue in such case. But it will take too much time enough to install a new system. However that nuisance file can be deleted by from other bootable system. and then a fresh install of antivirus and full scan as well as that by malware bytes can free up the system. In some cases the malware bytes too hangs up with nothing doing itself other than NOT RESPONDING in the Task Manager.

Fotos Virus

On 8/07/2009 By dipes // No comments:

If you are getting messages from your fiends with the subject 'Fotos ' then you are getting forwarded a virus.
The first prevention is not to click on any of the three attatched picture link like Imagens anexadas: DSC_614.jpg - DSC_615.jpg - DSC_616.jpg
This is automated mail sent by the virus to all the contacts of the sender in his/her address book. If your computer is already infected with this virus, then there should be _winnt folder in c: drive or system drive. Safely remove this directory to prevent the virus send this automated mail to your contacts in your address book.

Troubleshooting WiFi in HTC

On 7/01/2009 By dipes // No comments:

Troubleshooting WiFi in HTC

WiFi was detected but unable to browse the internet.

I was connected to the CNet ADSL Wireless Router and able to browse the internet using the wifi in HTC Touch P3452.

However in the new network with InfoSmart Router this device even didn't detected the wireless access point. But the HTC Touch Diamond was able to detect this access point and was also able to connect to this access point. But it was also failing to browse the internet through it. Always said the page could not be found. I then installed the task manager from fdcsoft from http://www.gsmhacks.com/forums/pocket-pc-windows-smartphone-applications/47860-fdcsoft-task-manager-ppc-app.html Through its ping test I was not even able to ping the wireless router. So after little searching I found out the solution of it. Just change a small setting
Go Start -> Settings -> Connections -> Wireless LAN -> Power Mode -> and slide all the way to Best Performance.
That just solved the problem in both the HTC Touch P3452 and the Diamond.

Deploying Active Directory with DNS (linux) in Mixed Environment

On 7/01/2009 By dipes // No comments:

Deploying Active Directory with DNS (Linux) in Mixed Environment

Integrating Active Directory with the Linux as primary DNS Server Lately I was working on integrating the newly configuring Windows 2003 Active Directory with the old running DNS server which was running on Linux. After a day or two searching on the internet I finally found a way to integrate the windows and Linux together.

Generally we install DNS server into an Active Directory. The separation might have been far easier if the DNS server had been the Windows Server itself, but some tweaks were required when the server was Linux.

The Linux DNS server was far old running and the new Active Directory was to integrate to it. So the active directory was installed in the windows 2003 server with the domain name adtest.dipes.com.np and the full name of this computer being dc.adtest.dipes.com.np

The preferred dns of the server itself was like that of others and the clients, e.g. 192.168.40.2 (the ip of Linux DNS server)
The windows server (domain controller) ip was 192.168.40.13

Then inspecting the netlogon.dns file, the following lines of codes of database were written in the dns database file of Linux (dipes.com.np zone file)


dc.adtest IN A 192.168.40.13

_ldap._tcp.adtest.dipes.com.np. SRV 0 0 389 dc.adtest.dipes.com.np.
_kerberos._tcp.adtest.dipes.com.np. SRV 0 0 88 dc.adtest.dipes.com.np.
_ldap._tcp.dc._msdcs.adtest.dipes.com.np. SRV 0 0 389 dc.adtest.dipes.com.np.
_kerberos._tcp.dc._msdcs.adtest.dipes.com.np. SRV 0 0 88 dc.adtest.dipes.com.np.

And this was what looked in the netlogon.dns file in windows server

adtest.dipes.com.np. 600 IN A 192.168.40.13
_ldap._tcp.adtest.dipes.com.np. 600 IN SRV 0 100 389 dc.adtest.dipes.com.np.
_ldap._tcp.Default-First-Site-Name._sites.adtest.dipes.com.np. 600 IN SRV 0 100 389 dc.adtest.dipes.com.np.
_ldap._tcp.pdc._msdcs.adtest.dipes.com.np. 600 IN SRV 0 100 389 dc.adtest.dipes.com.np.
_ldap._tcp.gc._msdcs.adtest.dipes.com.np. 600 IN SRV 0 100 3268 dc.adtest.dipes.com.np.
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.adtest.dipes.com.np. 600 IN SRV 0 100 3268 dc.adtest.dipes.com.np.
_ldap._tcp.359ce6bb-ad7c-46c9-8cb3-ee36d2c72f5c.domains._msdcs.adtest.dipes.com.np. 600 IN SRV 0 100 389 dc.adtest.dipes.com.np.
gc._msdcs.adtest.dipes.com.np. 600 IN A 192.168.40.13
fc3d8251-738c-402d-9ba1-33f2402923eb._msdcs.adtest.dipes.com.np. 600 IN CNAME dc.adtest.dipes.com.np.
_kerberos._tcp.dc._msdcs.adtest.dipes.com.np. 600 IN SRV 0 100 88 dc.adtest.dipes.com.np.
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.adtest.dipes.com.np. 600 IN SRV 0 100 88 dc.adtest.dipes.com.np.
_ldap._tcp.dc._msdcs.adtest.dipes.com.np. 600 IN SRV 0 100 389 dc.adtest.dipes.com.np.
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.adtest.dipes.com.np. 600 IN SRV 0 100 389 dc.adtest.dipes.com.np.
_kerberos._tcp.adtest.dipes.com.np. 600 IN SRV 0 100 88 dc.adtest.dipes.com.np.
_kerberos._tcp.Default-First-Site-Name._sites.adtest.dipes.com.np. 600 IN SRV 0 100 88 dc.adtest.dipes.com.np.
_gc._tcp.adtest.dipes.com.np. 600 IN SRV 0 100 3268 dc.adtest.dipes.com.np.
_gc._tcp.Default-First-Site-Name._sites.adtest.dipes.com.np. 600 IN SRV 0 100 3268 dc.adtest.dipes.com.np.
_kerberos._udp.adtest.dipes.com.np. 600 IN SRV 0 100 88 dc.adtest.dipes.com.np.
_kpasswd._tcp.adtest.dipes.com.np. 600 IN SRV 0 100 464 dc.adtest.dipes.com.np.
_kpasswd._udp.adtest.dipes.com.np. 600 IN SRV 0 100 464 dc.adtest.dipes.com.np.
ForestDnsZones.adtest.dipes.com.np. 600 IN A 192.168.40.13
_ldap._tcp.ForestDnsZones.adtest.dipes.com.np. 600 IN SRV 0 100 389 dc.adtest.dipes.com.np.
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.adtest.dipes.com.np. 600 IN SRV 0 100 389 dc.adtest.dipes.com.np.
DomainDnsZones.adtest.dipes.com.np. 600 IN A 192.168.40.13
_ldap._tcp.DomainDnsZones.adtest.dipes.com.np. 600 IN SRV 0 100 389 dc.adtest.dipes.com.np.
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.adtest.dipes.com.np. 600 IN SRV 0 100 389 dc.adtest.dipes.com.np.

The next step was the finally joining the client with the domain controller with its previous old settings of preferred dns being same (i.e. 192.168.40.2)

Restore Search in XP

On 2/08/2009 By dipes // No comments:

Everytime a virus attacks the computer, certain features are missing from the computer. One of the common missing feature is the good old search option from the explorer. One of the approve method is explore to the inf folder in windows of the system drive e.g. C:\WINDOWS\inf\srchasst.inf and locate the srchasst.inf file. Right click over it click on install. You may need the windows xp to complete this.

There is also the another method, hacking the registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFind"=dword:00000000

Click on START >> RUN >> REGEDIT and browse to the above mentioned keys
HKEY_CURRENT_USER
Software
Microsoft
Windows
CurrentVersion
Policies
Explorer
Right click on the right side of the registry window and create a new key called "NoFind" with its DWORD value 00000000.
Many of my friends have reported the successful restore of the search in their computer. Among them some are no other than Sanjip and Sambhu. Good Luck Guys. This save many of you like troubled out there. The good ones are not that easier to find.

Limited Users in Windows and Portables Apps for Windows

On 1/18/2009 By dipes // No comments:

Everybody in the windows want to be administrator. They don't want to use the computer from other users other than administrator. They want the full privilege of the system. They don't really see the benefits running the computer in normal user mode. From my point of view the safest way of using the computer is from the normal user mode. Today the major problem with the computer is the virus and these really changes the system settings. One will not get into these problems if they run in the normal mode since the normal user does not have the permissions to modify the system global settings. However if one is using the fat32 system it does not make any difference as a normal user or an administrator user. Fat32 is single user mode filesystem. Therefore not secure. However if one is in NTFS then better opt for normal user for the sake of computer security.

Then on using the computer one has to get into serious problem of installing the new software as one of my friend get into. I asked him why he is not updating his website. His first answer was obvious the increasing the loadshedding in Nepal, which of course we don't have the replacement but just to wait for our schedule to get into light. His next reason was his unabilty to install a ftp software in the computer as he was not an administrator in it. For those who are really seeking using the computers to use in the normal mode as I do, the alternative is not far, we can use the portables software instead, copy-paste-run-delete. These are actually designed to run on pendrives that are portables/mobile or whatever they may call. There are many softwares now available as portables than in previous. A good list is available at http://www.portableapps.com/ There is filezilla portable already available and can be used for you Sanjip.

Not only them other several programs can be run from other drives too once they have been installed. What I generally do is install most of my favorite programs in drive D: which is not the system drive of course, so when my system drive is formatted I don't have to bother installing my programs again and again. The programs I have been using as that are Macromedia Studio 7 (flashmx6, flash7, dreamweaver7, fireworks). The Macromedia Studio 8 can be done as similar, but once you run from drive D: it says sth is missing. However if you install any of one of the program in studio 8 is installed in the system drive or anywhere you can get all others studio 8 programs installed in the drive D: gets running. Other cool programs are Concept Draw NetDigrammer which is really trial and expiration never gets expired if you run from the normal user. When you launch the program is says writing in registry fails and the software will expire in 30 days. And that 30 days had never run out in mine. However if you get it running from the administrator you get only exactly 30 days to run the software. Beware this is really cool point on having the underprivilege user account.

The another big program as a portable is opera and the open office, an alternative to Microsoft Office. Open Office ver3 can even open the Office 2007 files and its word completion is really cool, however I am still looking for the word completion of the nepali words that worked perfectly in the previous open office versions. The opera@usb is another great program as it clear its cache once it is closed. However this closing of cache who want's to browse their content offline may not be the welcoming point for them.