Computer And Internet, Personal

My cybercafe just got infected this virus yesterday. It’s spreading from removable device users plug into my server. It’s really annoying because my computers starts to hang for 10 seconds and then it run again but very slows. All I notice is windows give notification low virtual memory, I cannot run Internet explorer (but still I can run another .exe application), and I cannot shutdown the computer. It also effect Internet connection speed, but I’m not really sure about this. When I type in command prompt netstats -a I see a lot of established connection (maybe virus sending or downloading something).

Frustrated, I’m looking on google with keyword services303.exe but it’s refers to non computer virus. I believe this is first case of services303.exe documented. Lucky me this virus not spreading in my network so I can stop it fast before it infected others computers. I try scan my computer using malwarebytes, avira, avg, eset32/NOD and they not detects any virus *great*.

The main virus is services303.exe and it’s located in [WINDOWSDRIVE]\DOCUMENTS AND SETTINGS\[USERNAME]\APPLICATION DATA\MICROSOFT\SERVICES303.exe with attributes read only and hidden.

It’s also change your registry in:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

It’s set to run services303.exe when computer starts and giving fake program description about Adobe speed launcher.

[to_plus]

How To Remove Services303.exe

1. Run your computers in safe mode.

2. Open command prompt, Go to folder [WINDOWSDRIVE]\DOCUMENTS AND SETTINGS\[USERNAME]\APPLICATION DATA\MICROSOFT\ and type Attrib -s -h /S /D.

3. Once attrib process done you can see file with name services303.exe, delete it! don’t forget empty your recycle bin too.

4. Delete manually auto-start services303.exe in registry, start – run -> regedit and look on this field :

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

5. Delete all temporary Internet and windows files. Use ATFCleaner or Ccleaner.

6. Scan whole system with updated antivirus.

Done, Your computers should back normal again. Have a nice day everyone 😀

[/to_plus]

Related Search Terms:

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
Computer And Internet, Personal

If you feel your Computers and Internet slower than usual you may get infected by W32/Obfuscated.J (Trojan.Downloader2.25378). This new Trojan will using your Internet connection to send your information to their server and updated their self. Carefully when you’re using your computers for business, they may stole your credit cards or bank information. Would you get up from your sleep and find out someone stole your money? I don’t think so… no one would that happening including myself.

W32/Obfuscated.J (Trojan.Downloader2.25378) created using C language. There is 2 important files for this virus it was .exe and wjdrive32.exe, both of file have size 49KB, hidden attributes, located in \windows\ folder.

Just like an older method W32/Obfuscated.J (Trojan.Downloader2.25378) will spreading using your removable device and hidden in recycler folder. (I’m not sure if this Trojan can spreading on network since I eleminate it before it grown in my networks)

It’s very easy to detect if your computer infected by W32/Obfuscated.J (Trojan.Downloader2.25378) just take a look on some information bellow.

[to_plus]

1. You’ll see a lot of visual basic activity.

2. If you’re running an old computer sometimes virus may crash your explorer.exe

3. Virus will send your information to this server list (use netstats command or another tools to find out):

112.78.112.208 : 80
216.108.234.10 : 80
218.85.133.201 : 80
72.18.202.18 : 80
91.213.29.141 : 80
91.213.29.147 : 80
123.183.217.32 : 5943
60.190.223.125 : 6943

When I check those IP using online IP whois information some of that IP located in JAPAN and some in UNITED STATES. I think this is to make us confused to know who’s creating this Trojan.

4. Virus will turn off your windows firewall.

How to remove W32/Obfuscated.J (Trojan.Downloader2.25378)

1. Disconnect your computers from local networks/Internet.

2. Run you computers in safe mode.

3. Download Dr.Web CureIt! (from clean computers) and then zip it. Transfer this zipped files to your infected computers. Double click zip file and choose the main programs. Scan all yours computer drives including removable device.

*ATTENTION DON’T EXTRACT THE ZIP CONTENT TO FOLDER OR IT MAY GET INFECTED!

4. Repair your registry using this code below:

[Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=Repair
DelReg=Remove

[Repair]
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidden,0x00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, SuperHidden,0x00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, HideFileExt,0x00010001,0
HKLM, SOFTWARE\CLASSES\batfile\shell\open\command,,,”””%1″” %*”
HKLM, SOFTWARE\CLASSES\comfile\shell\open\command,,,”””%1″” %*”
HKLM, SOFTWARE\CLASSES\exefile\shell\open\command,,,”””%1″” %*”
HKLM, SOFTWARE\CLASSES\piffile\shell\open\command,,,”””%1″” %*”
HKLM, SOFTWARE\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe

[Remove]
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Config Setup
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, (Default)
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, vyre32
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MS0593[1]
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run, Microsoft Config Setup
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, 12CFG214-K641-12SF-N85P

Save it as whateveryoulike.inf , right click on it choose install. You may download repairtrojandownloader.inf from my site.

5. Restart your computers and then clean all temporary files (you can use windows disk cleanup, but I recommended CCLEANER).

6. If you won’t this virus coming back update your windows or get some great antivirus you trust.

Done, Have a nice day 😀

[/to_plus]

Related Search Terms:

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
Computer And Internet, Miscellaneous, Personal

This is really strange case on one of my cycber cafe computer. I used ESET/NOD32 antivirus to check all computers in my networks but the result is clean. One I notice is explorer.exe and svchost.exe use to much CPU usage and Memory. I sense there is something strange because usually this computer can run faster.

After checked it with this small tools memory checker finally I found the problem, my computers infected with Conficker.B Variant, It’s really funny when commercial antivirus say my computer clean.. LOL..

The Conficker.B variant a little strange, I still can open Microsoft website. The important key to sense if your computers infected is if your computer run slow than usual. Check with that small memory tools and you may find something 😀

[to_plus]

How to to remove Conficker.A and Conficker.B Variant

I’m to lazy for writing manual step, because conficker has to many variant I won’t you blame me if some conficker variant manual removal won’t work for yourself. Just download this conficker removal tools and before run it make sure you’re disconnected from any local network or Internet. There is fourth (4) step you have to follow using this tools.

After you kicked out this conficker you should update your computers security!!! It’s to prevent this worm back and anoying you once again. This really happen to me when I’m to lazy for update my windows the virus back again in just 1 hours haha..

Have a nice day everyone 🙂

[/to_plus]


Related Search Terms:

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
Computer And Internet, Personal, Tips & Trick

In this short articles we will learn how to automatically repair and optimize our database using Cron Job. Cron Job is most likely scheduler, mean it will run automatically after we setup it. I believe not many of us know how to using this features, We can use it to run periodically some PHP script we made. Example a sitemap generator script which may consume to many resource if we run it manually, we can set it run in schedule follow settings on Cron Job.

In this short articles I will give sample how we can use Cron Job to repair and optimize database automatically. Sometimes when you open your database using PHPmyadmin you may see some database corrupt. We need to repair it manually and optimize it then our database will run smoothly again, the impact is our website will run faster. The problem are when we have not much time on focus on this problem, or we manage to much database which may make us frustrating to work on it manually.

Alright enough for the bad explanation, here is a sample how to use Cron Job. First we need to coding some PHP script to follow what we need. In this sample I created an PHP script to repair and optimize my database.

mysql_connect(“localhost“, “DBUSER“, “DBPASS“) or die(mysql_error());
mysql_select_db(“DBNAME“) or die(mysql_error());
mysql_query(“REPAIR TABLE `TABLE1`, `TABLE2`, `TABLE3`”);
mysql_query(“OPTIMIZE TABLE `TABLE1`, `TABLE2`, `TABLE3`”);

I assume all of you already understand the code so let’s continue this articles. This sample script will repair and optimize our database when we open it via web browser. Next, we need to add it to cron job to run it follows the settings we made, so we don’t need to open it manually to repair and optimize database.

[to_plus]

From your hosting cPanel, Click on Cron Job, Next choose the setting for run this job, you can choose common settings:

Next in command form type your/php/bin -q /your/path/to/file.php you need to know your php bin and your real path to file. It should works if you’re not set it wrong.

Cron job also can be used for another automation works. Example: backup your files periodically, backup your database periodically, generate your sitemap periodically, etc. All you need is coding that PHP code first then setup the cron job.

That share for today, Have a nice day 🙂

[/to_plus]

Related Search Terms:

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
Computer And Internet, Miscellaneous, Personal

After a weeks analyze newest search term keywords coming to my blog I found there is a lot of request for articles about how to removing virus Searchqu (around 5%). In this short articles I will write how to remove SearchQU virus and bring back your computers to normal condition.

Searchqu is a highly dangerous trojan which lures users to unknowingly perform corrupt actions on a targeted computer. Searchqu poses as an antispyware application that displays deceptive warnings and misleading scan results. It then asks for users to purchase it. Searchqu record the contents of all the instant messages you send or receive—along with the usernames and addresses of your IM partners. Searchqu record the entire contents of each chat room you visit—and log the usernames and addresses of other channel members. Searchqu pretends to be a legitimate software, but infact it’s a virus many computer users got currently, and antivirus won’t help, you need to remove Searchqu manually.

[to_plus]

2 simple step to remove SearchQU virus

1. Deleted this file list manually :

%AppData%\searchqutoolbar\stat.log
%AppData%\searchqutoolbar\uninstallStatIE.dat
%AppData%\searchqutoolbar\uninstallIE.dat
%AppData%\searchqutoolbar\stats.dat
%AppData%\searchqutoolbar\guid.dat
%AppData%\searchqutoolbar\preferences.dat
%AppData%\searchqutoolbar\log.txt
%AppData%\searchqutoolbar\dtx.ini
%AppData%\searchqutoolbar\coupons\categories.xml
%AppData%\searchqutoolbar\
%AppData%\searchqutoolbar\version.xml
%AppData%\searchqutoolbar\coupons\merchants2.xml
%AppData%\searchqutoolbar\coupons\merchants.xml
%Temp%\searchqutoolbar-manifest.xml

Or you can created a manual batch file with content like this:

del %AppData%\searchqutoolbar\stat.log
del %AppData%\searchqutoolbar\uninstallStatIE.dat
del %AppData%\searchqutoolbar\uninstallIE.dat
del %AppData%\searchqutoolbar\stats.dat
del %AppData%\searchqutoolbar\guid.dat
del %AppData%\searchqutoolbar\preferences.dat
del %AppData%\searchqutoolbar\log.txt
del %AppData%\searchqutoolbar\dtx.ini
del %AppData%\searchqutoolbar\coupons\categories.xml
del %AppData%\searchqutoolbar\
del %AppData%\searchqutoolbar\version.xml
del %AppData%\searchqutoolbar\coupons\merchants2.xml
del %AppData%\searchqutoolbar\coupons\merchants.xml
del %Temp%\searchqutoolbar-manifest.xml

Or download it from here

2. Remove this registry list manually:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar “Searchqu Toolbar”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\SearchQUIEHelper.DNSGuard
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ProgID “SearchQUIEHelper.UrlHelper.1”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} “UrlHelper Class”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\VersionIndependentProgID “SearchQUIEHelper.UrlHelper”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\InprocServer32 “C:\PROGRA~1\WINDOW~4\ToolBar\searchqudtx.dll”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} “Searchqu Toolbar”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7} “Searchqu Toolbar”

Or download searchqu-repair.inf from my blog, then right click on it ,choose install.

3. Done.

I’m not guarantee this way will works for everyone, if there is new varian this step may not works. Have a nice day everyone! 🙂

[/to_plus]

Related Search Terms:

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS