Wednesday, August 20, 2008

Unable to view hidden folder ?

Recently i have been bugged a lot by a malware which disables me from viewing the hidden folders in my windows drives, in spite of enabling the option of "view hidden files and folders " in Windows folders option.After a bit of googling I came across a few articles which helped me know the threat and its solution.For every ones convinience I would jot down those points here.

Name of the threat :
kxvo.exe

Location :
The file is located in C/Windows/System32 folder

Modus Operandi :
kxvo.exe file changes the registry value for showing hidden files to 0 instead of the default 1

Solution :
  • Boot into Windows in safe mode by pressing F8 button at startup
  • Open command prompt ( I assume u know how to do it and other similar stuff )
  • Navigate to the folder containing the virus/malware , which in our case is C/Windows/System32
  • Type the following command to see if the malware exists there or not
    dir /a:h kxvo*

    /a here implies an attribute and h implies the atrribute property which is hidden in this case, for more info type help dir
  • If it lists the kxvo.exe file there then proceed to the next step
  • Type the following command to delete the file
    dir /a:h /f kxvo*

    /a:h has already been explained earlier , the /f options forces the execution of the command
  • Once you are done deleting the file , open the windows run tool and enter regedit in order to open registry editor
  • Once the Registry editor window pops up follow the following path
    HKEY_LOCAL_MACHINE
    SOFTWARE
    Microsoft
    Windows
    Current Version
    Explorer
    Advanced
    Folder
    Hidden
    SHOWALL
  • On selecting SHOWALL you should be able to see the name CheckedValue on the right , right click on it and chage its value to 1 ( kxvo.exe changes this value to 0 hence snatching away the ability to view hidden folders from you )
  • reboot
Prevention is better than cure if it exists :

I would suggets you better install some anti-spyware software in order to prevent them from entering your system. I had "Spybot - Search and Destroy" and "Windows Defender" when the kxvo.exe malware infected my stsem.Although both the anti-spywares were able to detect the changes made by kxvo to the registry they were not able to remove it."Spyware Terminator" did claim that it removed the kxvo.exe from my system after it had shown its ugly face again on my system.Having an enterprise version of Symantec Endpoint didn't help my cause either.

Wednesday, May 14, 2008

3-D Window Flipping in Windows XP

The 3-D window flipping has been one of the most soothing features of Vista, now even windows XP can get the look and feel of the 3-d flipping using the software WinFlip . I have added a screen shot of my desktop with WinFlip in action. One need not even install the program , just unzip and run it directly. I have added the .exe to my windows startup so that it gets activated everytime i boot my system.

RSS Reader

Off late RSS has become the way to be up to date without surfing the web.Once I realized the super powers of using a RSS feed I started googling and stumbled upon Google Reader as my default RSS reader.It may not be as advanced as other RSS Readers( which are mostly desktop based) yet it has everything I require for the time being. Above that all my feeds are saved/bookmarked online and hence more suited for me as I check my feeds from various PCs

Saturday, July 21, 2007

I DNT HATE MOZILLA! ORKUT IS BANNED!! USE INTERNET EXPLORER U DOPE

WTF is the title abt ?

You opened Firefox and an annoying message pops up telling
USE INTERNET EXPLORER U DOPE
I DNT HATE MOZILLA BUT USE IE OR ELSE...
Then u get pissed off and go to IE and and type www.orkut.com in the address bar and press enter and alas what you get is a another bloody annoying pop up saying

ORKUT IS BANNED!!
Orkut is banned you fool, The administrators didnt write this program guess who did?? MUHAHAHA!!

In fact whenever you type the words mozilla,firefox or orkut even in IE or any other browser you keep getting the annoying messages.

This is generally caused by a malware called w32.USBWorm and as the name suggests it spreads through pen drives.

Solution:
  1. Open the task manager by typing CTRL+ALT+DEL
  2. Search for svchost.exe under image name. There would be many such process running but keep tab on only those svchost.exe images which have your usename under the username.
  3. Kill all the svchost.exe processes which are running for ur username
  4. Open explorer( My Computer) and in the address bar type
    C:\heap41a
    It is a hidden folder hence can't be browsed to directly
  5. Permanently delete all the files in this folder by pressing SHIFT+DEL
  6. Go to Run( WIN+R) and type in Regedit
  7. Go to menu Edit -> Find and type heap41a there.
  8. Look for the line "[winlogon]C:\heap41a\svchost.exe C:\heap(sum number)\std.txt" and press DELETE
  9. To be on the safer side please do delete autorun.inf file and any other file .exe file in your pend drive
I found all the above things at the following blog

How to block sites

In this blog I will describe how you can prevent all the browsers in your system from opening certain sites.

Requirements:
  1. You should be logged in as the administrator.
  2. You should know the exact URL address of the websites you want to block.
How To:
  1. Open notepad or your favorite editor(Vim/Emacs/etc)
  2. Open the file C:\WINDOWS\system32\drivers\etc\hosts
  • Look for the line containing " 127.0.0.1 localhost "
  • Add another line below it :
127.0.0.1 www.sitename.com


Please note that you need not add http:// before the sitename.

For the more inquisitive ones :)

Basically the hosts file specifies the IP address for the hostname/address.
So when you actually type 127.0.0.1 in front of the websites name , you are indirectly telling the machine to look into the IP address 127.0.0.1 whenever the web page URL is typed in a browser.But 127.0.0.1 is the address of your own machine so the browsers fail to load the actual page.So in other words you are not blocking but just misleading ;)

Difference of opinion:

In case you feel that I have mentioned anything which is TECHNICALLY wrong then please do revert back to me, I would be glad to correct my/your mistakes/doubts.

Welcome

Today sun rose in the west !!
Yes a Linux god like me does use Windows XP !!!