Computer And Internet, Tips & Trick

In this article we will learn how to created online/offline server status, mostly this php code function used in gaming site to show server available or not. In my emulate site I was created sample php snippet code to show server online/offline.

Click here to read sample code in txt format.

All you need is just this sample code:

<?
$ip = “this.ismy.ip.number”;
$port = “portnumber”;

if ([email protected]($ip,$port,$ERROR_NO,$ERROR_STR,(float)0.5))
{
fclose($check);
echo “MY OWN SERVER<br>”;
echo “<img border=’0′ src=’images/online.jpg’ alt=’ONLINE’>”;
}
else
{
echo “MY OWN SERVER<br>”;
echo “<img border=’0′ src=’images/offline.jpg’ alt=’OFFLINE’>”;
}
?>

Sample result:

ress

Just that! really simple right? he he he.. you can costumize and added anything to make it more beauty. Anyway if you like to play games or bored with life *lol* come to my emulate site www.nexmutk.com and play games together.

Done, Have a good day 😀

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
Computer And Internet

Hello everyone sorry for late update this blog, I have been really very busy analyze forex market and grown my another business, busy IRL also… 😀

Now my story…….

Last week my cousins tell me in his office he got strange virus. He said there is lot shortcut in desktop an computers running slow. How actually some newbie out there know exactly which one real programs/folders and which one shortcut? Don’t say you’re not noob! almost many people not take to much attention on this simple different, that’s why with simple social technique virus maker can win beating yourself! 😛

LOOOOOOOOOOOOKKKKKKKK!!!!!!

shortcut

To know when your computer infected by this virus there is 4 important point:

  1. In your “My Documents” folder there is file named “database.mdb“.
  2. There is clone folder with extension .lnk maximum 5 first folder arranged by name, rules until second sub folders.
  3. There is files Autorun.inf, Thumb.db, Microsoft.lnk in each root drive and folders, rules until second sub folders. (You might not see them because it’s set hidden)
  4. Your Registry Editor is disabled.

This virus master actually in “My Document” folder named “database.mdb” Wait… you will know why this is called as virus master. Actually virus will created clone for folder using “wscript.exe” execution. wscript.exe is microsoft windows based script host programs.

Read More »

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
Computer And Internet, Miscellaneous, Personal

Last week I got IRC bot virus in my server. I don’t know the virus name but I cleaned it manually. We’re not talking about this IRC bot virus cause it really simple cleaned manually using ANSAV UPX tools and Hidden Revealer I cleaned it in within short 1 minutes 😛 In this article we will write to clean YM and Skype bot virus Worm:Coutsonif.A

This virus spreading using social technique and autorun.inf, since it using social technique this virus can spreading easy. Did you ever received message from your TRUSTED friend like this sample?

coutsonif

Listen to me, don’t so easy clicked any link in email or anything! even it come from trusted source. In this case social technique can make you in danger position, Think if virus collecting your financial information :p

When you download this virus it will making 2 random file in %systemroot%\Documents and Settings\%user%\Local Settings\Temp with extension .tmp and .exe then created vshost.exe with size 122kb, file will available on every drive root.

Virus will also make another files:

  • %systemroot%\autorun.inf [all drive]
  • %systemroot%\RECYCLER\S-1-5-21-9949614401-9544371273-983011715-7040\winservices.exe
  • %systemroot%\WINDOWS\system32\sysmgr.exe
  • %systemroot%\WINDOWS\TEMP\5755.tmp
  • %systemroot%\windows\system32\crypts.dll
  • %systemroot%\windows\system32\msvcrt2.dll

It wil also change your registry to automatically started when your computers booting. Beside that, old autorun.inf technique also adopted in this virus spreading:

coutsonif-autorun

Virus will change your registry to allowed only 11 maximum active application, it also blocking your maximum port to only port 8000.

Automatic Update:

This virus will try to automatically update himself to this address list:

66.90.103.169:99/a.exe
66.90.103.169:6666/lsass .exe
66.90.103.169:443/crss .exe
TCP:72.249.94.146:7008 Port:27
TCP:127.0.0.1:1092 Port:30
TCP:66.90.103.169:99 Port:29
TCP:66.90.103.169:6666 Port:30
TCP:66.90.103.169:443 Port:30
Port 80 IP:83.133.127.5
Port 80 IP:68.180.151.74
Port 25 IP:127.0.0.1
Port 80 IP:65.55.21.250
TCP:83.133.127.5:443 Port:17
TCP:65.54.186.47:443 Port:17
Port 80 IP:87.248.208.54
TCP:89.149.254.14:443 Port:21
Port 80 IP:64.4.33.7
Port 80 IP:207.46.11.121
Port 80 IP:65.54.186.47
Port 80 IP:88.221.26.64
TCP:65.55.16.123:443 Port:28
TCP:92.122.112.124:443 Port:28
TCP:92.122.112.124:443 Port:28
TCP:88.221.165.186:443 Port:29
TCP:88.221.165.186:443 Port:29
TCP:83.133.127.5:443 Port:18
TCP:89.149.254.14:443 Port:2
TCP:65.55.16.123:443 Port:27
TCP:65.54.186.47:443 Port:27
TCP:92.122.112.124:443 Port:27
TCP:92.122.112.124:443 Port:28
TCP:88.221.165.186:443 Port:28
TCP:89.149.254.14:443 Port:21

Simple steps to cleaning Coutsonif.A:

1. Disable “System Restore” when in cleaning process.

2. Disable “autoplay/autorun” function by:

Read More »

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
Computer And Internet, Miscellaneous

Hello world! Are your network attacking by Conficker? hahaha.. don’t get mad this virus can be removed using 7 simple step only. Anyway this virus  make some people mad because it’s attacking network (they might have more trouble when try to clean it) and of course your protection 😛 , If we look more deeply this virus using mostly lame virus technique included all in one packet *lol*…. but in advanced the virus maker understand and really know hows really weak windows protection so he make you all mad 😛

How to detect if your computer infected by conficker? There many sign like…. Error message Generic Host Process, You can’t access some important site ex: www.microsoft.com,  www.symantec.com,  www.norman.com,  www.clamav.com,  www.grisoft.com,  www.avast.com, etc. You can’t update your antivirus, Many application not working like usually specially network application, and many more sign.

This virus created with UPX compression with size 162kb, You might get trouble when try to killed this virus process because it’s (again) using lame technique by running .dll files following fake svchost.exe file. Virus is not automatically active, it will starts download some images files and created temporary files then building himself (again) LAME! *lol*

Once virus build completed it will starts to disabled some windows services, Virus will blocking any string he found on each active application, here is the list:

Read More »

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS