Computer And Internet, Miscellaneous, Tips & Trick

D**n those f***ing China! *joke* ๐Ÿ˜›

This is new varian for Microsoft.vbs virus which I write formula how to clean it around a month ago when it hit my cybercafe until totally broken he he… Now most people know this virus as ARP virus.ร‚  Why? Because after learning it more deeply this virus categorized as HIGH RISK and should removed as soon as possible before it infected total your network.

First.. To know this virus is active on your computer isร‚  you will get most error pagesร‚  message when browsing, or error when using messenger, PLUS you will find this file Microsoft.vbs Microsoft.bat Microsoft.pif on your hard drive where you install your OS PLUS *again* your computer gonna be slow PLUS *oh not again* Your internet connectivity will going slow than usually PLUS *OMG* It will flooding your network until some billing(via TCP/IP) will stop responding.

It’s hard to know when your computer infected because it’s only showing a little error when you browsing and sometimes it’s not active (like clean computer) until you idle for some minutes/hour.

arp-spoofing-1.jpg

When you browsing you don’t feel something goes wrong… but when you look on the page source the evil is waiting on there ๐Ÿ˜€

arp-spoofing-3.jpg

Clean page source from google.com not injected with any code.. but wait when virus active you will look something like this..

arp-spoofing-2.jpg

Holy s**t what is that!!! ๐Ÿ˜›

So the answer is virus going active when you’re using internet by browsing or chat on messenger. Basically all internet explorer activity can bring this virus active! Enough let’s remove this virus permanently and stop it from coming back.

You can use Colasoft MAC Scanner (shareware) to scan your network, If you found there is mac address same with your gateway then you have to unplug that computer from network and clean it before you put it back on network. Why? In condition when you clean infected one virus will going to spread on other computer in your network once you clean it, it will calling back file from other infected one in your network so don’t waste your time for this stupid thing UNPLUG IT to stop it spreading in network!

arp-spoofing-4.jpg

Now.. Get Security Task Manager and delete/remove strange process on your computer background (usually with IE icon and dll files) delete/remove Desktopwin.dll/Jview.dll and ThunderAdvise.dll delete/remove AppInit_DLLs.

Done.. Now get hijackthis and restore your hosts file by Open the Misc Tools section, on System tools choose Open hosts file manager and deleted all line after 127.0.0.1 localhost or you can done this using notepad hosts file is on %systemroot%/system32/drivers/etc

Now get ATF Cleanerร‚  and deleted all cookies, history and java cache.

Repair your registry to back in normal by using this code:

ร‚ [Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs,0, “”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Object

[del]
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, ThunderAdvise
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, DesktopWin

Or download repair.inf

To stop virus coming back from other computer disable default shareร‚  by using this code:

[Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, SYSTEM\CurrentControlSet\Services\lanmanserver\parameters, AutoShareWks,0x00010001,0
HKLM, SYSTEM\CurrentControlSet\Services\lanmanserver\parameters, AutoShareServer,0x00010001,0

Or download disable-default-share.inf and activate it restart-net-service.bat

Disable autorun to stop virus coming back from USB flashdisk/removable mediaby using this code:

[Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoDriveTypeAutoRun,0x000000ff,255
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, NoDriveTypeAutoRun,0x000000ff,255

Or download disable-autoplay.inf

To stop virus from coming back by replacing old files let’s make dummy files download dummy.bat!

Last scan with your BEST antivirus/antimalware to make sure your system clean! Another trick to stop virus from infected back your computer you can add static entry on ARP by write in command prompt “arp รขโ‚ฌโ€œs *gatewayipaddress* *gatewaymacaddress*” or another trick say we can blocked those d**n virus site by change it in hosts file here is some website list detected as virus update:

972.aksjd11.com
w3og.cn
qazc.fourtw.cn
www.aujoy.cn
www.hao601.cn
www.psp476.cn
222.1212l112.net
444.1212l112.net
555.1212l112.net
111.1212l112.net
root.51113.com
hk.www404.cn
err.www404.cn
(Still there a lot out there.. BLOCKING ALL .cn domain might resolve this problem ha ha ha :P)

Anyway this method is not really can stop virus updated as long the creator change website again we have to update block it manually.

Done (finally)… now using your computer like usually for 1-2 hours and see if the virus coming back.. ๐Ÿ˜€

Related Search Terms:

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
Miscellaneous, Tips & Trick

This is my simple explanation on how to get flooded traffic and raise your pagerank in short time. If you disagree with this method then stop reading and give me more technique how to get it ๐Ÿ™‚

Your site got no Traffic? then try this simple tricks to get it. People around the world using Internet are usually using search engine to get information on what they need. The 2 most powerful Search engine are google and yahoo. There is other search engine but in my opinion this 2 search engine are the champion of search engine so we have to focus on it.

The great news is… google have completed data for trends keyword based on daily search you can see it for free!ร‚  We can play with that trends data to create content with keyword from google trends data and get flooded traffic in short time it will also (claimed by some friend and other people) can raised yourร‚  site pagerank.

HOW?

Visit google trends website on HERE you will got almost great data information on trends keyword daily. If you have site with almost same keyword with google trends data you can try to make new content using that keyword. In result? of course it will be flooded in short time on next day you can visited google trends website again and looking for new keyword trends today.

The trends keyword hourly, daily is changed. So… using google trends really fit and the best technique for news site or blogging site. Don’t have it? you can still using google trends to analyze your keyword using google trends.. you can searching for keyword match to your site content and try to implement it on your site.

Give it a try you won’t loose anything ๐Ÿ™‚

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
Make Money Online, Short Reviews

Dear everyone, This time I will write about linkworth review. Please take your time to reading detailed information about linkworth, their service and how they can help you generate revenue.

linkworth.jpg

LinkWorth is one of the web’s largest and most innovative marketing portals that caters to both Advertisers and Partners. LinkWorth have a multitude of products and services to fill your every online marketing need.

LinkWorth products consist of text link ads, paid blog reviews, in-text links, in-content pay per click ads, rotating text ads, hosted content pages, article submission, directory submission and many more.

Alright Now we got it, LinkWorth basically is ads network which specialize on link sale. Dependent on each their product LinkWorth can sell link on blogs, website, etc. You can set your own link price or your blog review price ( I love this feature).

Betterร‚  in result, with lot of link sale media you can optimize your website revenue using LinkWorth, it also will hiding your paid link from your visitor. Example is text link on your site content. Let say you have article and usually on each article you have link to other site say example you write about program blabla and you link their download link to your article. In same way LinkWorth will do that but the different in here is you earn revenue. Almost same with kontera and other inline text ads but better in revenue ๐Ÿ™‚

Basic share revenue is 70:30 you got 70% and LinkWorth got 30% you can simply upgrade it into premium with share revenue 50:50 anyway I prefer you to stay in basic if you want to earn more revenue for yourself or you might can be premium with 50:50 revenue share but they not guarantee you will get lot of job/order.

Minimum Payment is different on each method Payment at date 10 of each month if day 10 is down on Sunday it will processed on next day. You can get paid by paypal, check, wire transfer.

I recommended this ads network to all of you please take a look on LinkWorth website ๐Ÿ˜€

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
Computer And Internet, Tips & Trick

They never been stop spreading their knowledge…. and we also never let them alive forever. This is the article how to remove amburadul virus for all varian no need for antivirus program you can simply clean it using manual technique.

The simple way to know if your computer infected by this virus is you will see JPEG files with aplication extension. Now let’s start to remove it!

1. Unplug your infected computer from your network to stop this virus spreading.
2. DisableSystem Restore” when in cleaning process.
3. Kill the virus process using power tools “currprocess” kill all process with icon JPG.
4. Repair your registry that already changed by the virus using this code:

[Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”””%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, UncheckedValue,0x00010001,0
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt,CheckedValue,0x00010001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt,DefaultValue,0x00010001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, UncheckedValue,0x00010001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, CheckedValue,0x00010001,0
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, DefaultValue,0x00010001,0
HKCU, Software\Microsoft\Internet Explorer\Main, Start Page,0, “about:blank”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, type,0, “checkbox”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, type,0, “checkbox”
HKCU, Control Panel\International, s1159,0, “AM”
HKCU, Control Panel\International, s2359,0, “PM”
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidden,0x00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, SuperHidden,0x00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, HideFileExt,0x00010001,0

[del]
HKCU, Software\Microsoft\Internet Explorer\Main, Window Title,
HKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore, DisableConfig
HKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore, DisableSR
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kspoold.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kspool.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscript.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HokageFile.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rin.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Obito.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMP.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tasklist.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KakashiHatake.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Britney Spears-CLN.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Britney Spears-RTP.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HOKAGE4.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Britney Spears
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Britney Spears
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ansav.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe,debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Instal.exe, debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe,debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ansavgd.exe
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFind
HKLM, SOFTWARE\Policies\Microsoft\Windows\Installer, DisableMSI
HKLM, SOFTWARE\Policies\Microsoft\Windows\Installer, LimitSystemRestoreCheckpointing
HKCR, exefile, NeverShowExt
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, PaRaY_VM
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ConfigVir
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NviDiaGT
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NarmonVirusAnti
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, AVManager
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, EnableLUA

5. Delete the master virus in %systemroot%\system32\~A~m~B~u~R~a~D~u~L~ before you do this you have to make hiden files become visible.
Then deleted this file list:

csrcc.exe
smss.exe
lsass.exe
services.exe
winlogon.exe
Paraysutki_VM_Community.sys
msvbvm60.dll
Drive:\Autorun.inf
Drive:\FoToKu xx-x-*.exe, where x show the date when virus active
Drive:\Friendster Community.exe
Drive:\J3MbataN K4HaYan.exe
Drive:\MyImages.exe
Drive:\PaLMa.exe
Drive:\Images

To make sure your computer clean you can check scan your computer using your favorite antivirus programs.
Done, have a nice day ๐Ÿ˜€

Related Search Terms:

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
Make Money Online, Online Business, Short Reviews, Tips & Trick

Hello everyone, I’m back again he he he *cheers* ๐Ÿ˜€ this time I will write about TNX review. How many website do you own/manage?ร‚  1, 10, 100, 1.000 ? not satisfied with another ads network performance? well.. it’s classic! we all know not all website have different way to generate revenue to pay at least our hosting fees each month and domain fees yearly.

Let me introduce to you about TNX (for people already know about it stop reading then :D), TNX is link sale basically. But why I recommended TNX to you? with some reason sometimes google hit our website pagerank down to 0 and we cannot sell link on that website, we lost revenue and time in here. In TNX we can sell link even we have Pagerank 0 all needed is your website already indexed in most search engine (google, yahoo, msn, ask, etc it can easily done by submitting your website sitemap) in other words you build your SEO and TNX will work to sale link on your website without looking on your pagerank.

TNX is good in my history, they never cheating me in the last 6 month since I joined with them so I very recommended you to try them. You can easily earn $ unlimmited each month from TNX! All depend on to how much page you own and how much website you own. For each of that sale link you will get point and point can soldร‚  back to TNX or other TNX member. Point price will grown each month so you can safe it if you like.

Starting 11-07-2008 TNX will buyout your tnx-points at the rate of $0.9 per 1000 pts. Those who meet link placement recommendations (links not in block etc.) will be getting $0.92 per 1000 pts. You can sell that point to TNX or to other member, And you can also use that point back to advertising your website link to TNX to raise your pagerank. TNX Minimum payout is $5 paid using PAYPAL.

* Tips for double your TNX Points.
1. Calculate how much your website page already indexed on search engine.
2. Double, Triple or more (max 4) your link.
3. Make a good communication between you and TNX so they know you’re a good person.

Well.. if you interesting please do my favor.. Joined on TNX using my TNX referral link in HERE Thank you everyone! ๐Ÿ˜€

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
๏ปฟ