dont get infected!!

April 11th, 2008


viruses .. “malware, spyware, adware , worms, trojan” its all a big one headache.. try your best to get away from getting infected with any of these .. get urself immune even if there is no-way to do so , try your best . Working with ministry most of their pc’s are infected regularly specially that they use a bullshit anti-virus called officescan its one of trends micro antivirus, but it doesn’t remove trojans nor ad/spyware so whats the use of it dunno yet.

anyway .. most pc’s which are not connected to network , which means not updated regularly with new virus definitions are infected. I have to try my best to remove the viru, even though its not my job to do so. Technical people job but they just dont need to do it, here we are the out-source as they call us in ministry .. well i wont say its not good for me cause i actually like it, its like a challenge for me everytime with new “champion” virus

i had to remove some with tools , others with antivirus .. and most have to manually , i recommend using Kaspersky antivirus its good , specially if it lasts for years like mine expire 2010 .. or NOD32 , heard its good .. but never used it yet.

two viruses be aware from ( NooH , and Amvo ) actually trojans .

and here is a method on removing both :

first NooH :

Summary:
This virus enters you computer from an external device (Flash Disk, External HD, Memoery Card). It runs with explorer autoplay. It copies Sys.
exe to this folder “c:\Windows\Web\Sys.exe”.
Effects:
1- Disables Windows Task Manager.
2- Disables Windows Command Prompt.
3- Disables Windows Folder Options.
4- Copies itself to all removable media.
Resolution:
Restart your computer.
After restart a message will appear “Noooh.. please try to open task manager” and an OK Button.
Don’t click the OK button.

Open the task manager and this process “Sys.exe
Click ‘Start‘.
Open ‘My Computer‘.
Select the ‘Tools‘ menu and click ‘Folder Options‘.
Select the ‘View’ tab.
Under the ‘Hidden files and folders‘ heading select ‘Show hidden files and folders‘.
Uncheck the ‘Hide file extensions for known types‘ option.
Uncheck the ‘Hide protected operating system files (recommended)‘ option.
Click Yes to confirm.
Click OK.
Download KillBox,unzip/extract it to your desktop.
Start up Killbox and place a check in ‘Delete on Reboot‘.
In the ‘Full path of file to delete‘ box,copy and paste:
 C:\Windows\Web\Sys.exe
Then press the red button with the white cross.
It will then provide a window for you to confirm the delete.
Next it will ask if you now wish to reboot,select YES.
Allow it to reboot.
If it does’nt reboot automatically,reboot manually.
Have Hijack This fix the following by placing a check in the appropriate boxes and selecting ‘Fix checked’.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O4 - HKLM\..\Run: [NoooH] C:\Windows\Web\Sys.exe
Exit Hijackthis,restart your pc

————-

AMVO Trojan : amvo.exe

Virus Manual Removal Steps
This is a nasty virus, dont know who dropped it on me. It spreads via USB Memory Sticks. It cannot be seen in the process list, hides itself and hides all files. And my antivirus doesn’t seem to find a problem!

Effects on ur PC :

* Cannot show hidden files
* Slows down USB devices
* Adds infections to plugged in USB devices
* Drives open in new windows from My Computer

How to get rid off?
Step 1
The usual way is to Format the system, but it is not a permanent solution. To get rid run regedit, find all keys related to amvo.exe or the name of the virus.
Run msconfig in the Start Up Tab you can find the amvo.exe or its variants.
Remove all occurrence of the name from regedit.
Reboot the System.

Step 2

If you know how to use dos prompt command , just go to start –> run–> write “cmd”

in dos window goto c:\windows\system32 and do this write ” attrib -h -s -r amvo0.dll”

and delete the file amvo0.dll by writing the command “del amvo0.dll”.

Step 3
Reboot and do the following changes to the Registry using regedit

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer searchidden en 1

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer searchsystemdirs en 1

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\Advanced hidden en 1

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\Advanced showsuperhiden en 1

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\Advanced superhiden en 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN CheckedValue 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN DefaultValue 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL CheckedValue 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL DefaultValue 1

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\Explorer NoDriveTypeAutoRun 0×00000091 (145)

thats it hope it helps a little for any more info just comment i’ll try to reply soon



Posted in the pile | No Comments »

مأجورين عظم الله أجوركم بمصاب ابي عبدالله الحسين (ع(

January 21st, 2008

السلام على ال</p> </div> <p class=Posted in the pile | No Comments »

a nice internet home !

October 30th, 2007

Internet House

yup its a home for different internet and personal computer stuff,

things u can d/l or look at or install in ur pc and have some fun + knowledge .. different

books and applications i hope you like this kind of sites. chk it out at :

Internet House

Posted in the pile | No Comments »

New Batelco Packages rates ;)

August 21st, 2007

Bat3lcohey.. latest news is that batelco removed the bandwidth limit on the
40BD users which is 1mbps so instead of going to the dark ages now
its going back to the speed it was before the damned limit. A 256kbps
which is a happy day to me.. as happy as a hippo .. long time i
waited for this .. very long time.. if u want the prove from the lion
den itself check out this inet packages
bottom of the page they mention :

* For Inet Broadband 256k package, access speed will be 128 kbps after reaching 2 GB monthly usage level.
* For Inet Broadband 512k package, access speed will be 128 kbps after reaching 8 GB monthly usage level.
* For Inet Broadband 1Mb package, access speed will be 256 kbps after reaching 15 GB monthly usage level.
* For Inet Broadband 2Mb package, access speed will be 256 kbps after reaching 25 GB monthly usage level.
so again .. happy internet browsing ..

Posted in the pile | 2 Comments »

Lightspeed!!

August 10th, 2007

New internet in homeland its like a wish came true, so i went to them without

hesitation thought it would be the salvation from batelco but!! i came with bad

thoughts .. dunno really maybe i’m wrong about it.. but seems the company

still not ready to provide a real .. demanded internet service i hope not.. thats

only my thought everybody can go by himself and try it.. i hope i’m all wrong

and its really what we have been waiting too long now. go on give it a try its

Unlimited at last/least

Lightspeed..

Posted in the pile | No Comments »

How to.. ?!

August 1st, 2007

did u ever thought of things like , how to build your own AC ? .. or get money without working ?? lol .. these questions sometimes passed up some minds .. doesn’t it. Well help these people have their own how to manual.. cause they need to help us

wikihow to??

Posted in the pile | No Comments »

Adobe Photoshop 8.0 CS, CS2 , Extended

July 28th, 2007

hmm .. long story with photoshop , its one of the most used tools by me and everybody else

even though i’m not a pro god-forbid but .. its usually coming with any clean windows installation , always i add this tool .. its nice and some stuff are really easy to be done.. a bro remind me of that software coz he told me he’s reading some tutorials for it.. so I told him i got a good program tutorial from lynda.com its really agood teacher so i made him a copy

and myself i started reviewing it.. it starts from the essential part to the deeper knowledge but in an easy way.. so guys anyone want to have that app .. sorry i cant give it to you .. lol

but always there is a solution u can try this good blog .. and youtube is there to help too so get here and help urself instead of asking me for the 3CDs app i got.

youtube to learn photoshop .. good haa?

Posted in the pile | No Comments »

New releases !!

June 19th, 2007

If u are the kind of person who’s like me .. or used to be downloading all kind

of stuff. Software/games/videos .. whatever i used to coz now the damn limit

is there so u cant do anythin of these.. i was a 40BD user 15GB .. i finish these

at 4-5 days then stay the whole month without anythin .. well yeah. not anymore

Batelco Sucks!!!! biiiiig time .. anyway here a good place where u can find new

releases by groups.

Releases of everything

Posted in the pile | 2 Comments »

Work .. find a job today ..

May 26th, 2007

lookin for a job been always a headache to most ppl specially me,
i used to hate looking for a new job everytime i leave one but
with experience it becomes very common thing to do. now again
thinking to leave my job 2 years was more than enough with such
suckin blood company. Actually depends by 99% on foreign staff
another reason to leave i might apply in minstry now after most
people know me and know how do i work

anyway some easy ways to find a job is da net .. here agood way to go:
Find A Job now ..

Posted in the pile | 3 Comments »

I got a PSP!

May 13th, 2007

hey everyone.. sorry looong time didnt write .. first was in dubai . Came back then sick for awhile .. then was very busy.. anyway , i got a sweeet charming PSP .. i really like it .. specially after i upgrade it to v3.40 Custom firmware so i can play games / homebrew from mem stick .. its really cool guys .. til now i downgraded and upgraded 3PSP more to go i think .. u can get all type of games/apps for it .. its just like havin a pda .. with alot of games

and yeah here is a huge gate to start lookin at :

http://dl.qj.net/

Posted in the pile | 3 Comments »

« Previous Entries