Computer And Internet, Miscellaneous, Personal
I believe this topic is good for application developers. In this short article we will learn how to created SMS gateway and applicated it on worldwide-web using PHP script. What is SMS? SMS stands for short message service. It’s the text communication service component of phone or mobile communication systems, using standardized communications protocols that allow the exchange of short text messages between fixed line or mobile phone devices… more details about SMS please read in wikipedia.
I already written about how to build SMS gateway on my “Bahasa Indonesia” blog, but many people give negative comment on that article because that article is just illustration without real product. There is nothing goes wrong on that article, everything has requirement to created SMS gateway. I think people commenting negative on that article because they never use their brain to “think outside the box“.
Here is image illustration how SMS and Internet can be combined, this application can created a better experience for end users :
Enough for my bad introduction, before we start to learn how to created real SMS gateway we need some requirements in here:
- An computer to act as gateway and web-server.
- One or more Phone/Modem+SIM cards to act as connection between your SMS gateway and your provider.
- NowSMS program (60 days trials or buy) act as virtual machine to send and received SMS.
- Web hosting with PHP support (needed when you want to created an online worldwide-web application).
- An knowledge to solve a little problem.
First, we have to make our computers to be a web-server. I recommended to use XAMPP. It works on windows/linux operating system. Use your knowledge to solve all problem you may faced on this step, no need to ask me everything  You may have to setting port forwarding on your router if necessary.
Next step is connecting your phone/modem to your computer. You can use USB-Cable, Bluetooth, Infrared, or anything that can be used to connecting your phone into your computer. Use your knowledge to solve all problem on this step. In this sample I used USB-Cable.
Next step is installing NowSMS and configure it. After you install NowSMS run it, program should show this screen, next click on add.
Choose which one fit on your configuration and then click OK.
Choose modem installed on your computer, then click test and add modem. In many case, mostly the problem is you might can connecting your Phone but your phone didn’t support for SMS. You can solve this case by use USB-Cable connection.
When you success on add modem, this screen will shown. make sure you click on test button once again.
Click on properties and write down your phone number, you can write phone/modem PIN if it required.
Run this sms gateway service when you needed to send SMS from worldwide-web application.
Try it on your local computers, by default port for SMS gateway is 8800. So you have to write http://localhost:8800 to see this form.
After this step our SMS gateway are ready to use. Next step is created application via PHP script to let us sending SMS or received SMS from internet.
Received SMS
First we have to created an MySQL database to recorded all incoming message to our database. Created a new MySQL database and then import this code:
# CREATE TABLE `inbox` (
# `id` int(5) NOT NULL auto_increment,
# `msg` text NOT NULL,
# PRIMARY KEY (`id`)
# ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=4 ;
Next use this sample PHP script
# <?php
#
# // database
# $db_host = “localhost”;
# $db_user = “username”;
# $db_pass = “password”;
# $db_name = “database name”;
#
# // connect to mysql
# $link = mysql_pconnect ($db_host, $db_user, $db_pass) or die (“can’t connect”);
# mysql_select_db ($db_name) 0or die (“can’t select database”);
# $msg = trim($msg);
#
# //input to table inbox
# $sql = “INSERT INTO inbox
# SET id=”,
# msg=’$msg’”;
# $query = mysql_query($sql) ;
# ?>
Next step is configure setting on NowSMS program:
- Click 2-Way tab.
- Check Process Received SMS Messages
- Add SMS Command Prefix text, example: Idol (every SMS received with Idol prefix will added into database).
- Write your phone number on Receive Phone Number(s)
- Write http:/[yourdomainname]/[yourpath]/index.php?msg=@@FULLSMS@@ to Command to Execute.
- Click Add then click Apply.
When we received message to this phone number with right prefix it will automatically recorded into our database, on next step we can use this database to any application we need example: vote SMS, etc. Please be creative!
Sending SMS
Next, how we created an simple script to send SMS message from our web-server? I was searching on google and found this good sample script. It might be useful to use. Read the full sample SMS script in here. Use your imagination and be creative!
Ending
That’s it, enough the lesson for today If you like this script you can donate to me *LOL* I’m just kidding… If you want to test SMS application you can try this http://sms.istanto.net it would sending SMS message to all Indonesian GSM/CDMA network. Have a good day everyone :)
July 23rd, 2010 by Istanto
 Loading ...
Computer And Internet, Miscellaneous, Personal, Tips & Trick
In this short article we will learn how to created an custom google translate tools. Google translate tools is free translate service provided by google. This tools really help people to translate some website/page to any language people want.
Google translate tools standards is not really interesting in style *lol* So why we don’t created a simple good looking translate tools our own, but of course we have to credited google as this service provider? Alright let’s created it, I want everyone be creative as possible.
First we have to know how translate tools format working. Example:
http://translate.google.com/translate?hl=en&sl=en&tl=pl&u=http%3A%2F%2Fwww.istanto.net
This is standard format when google translate try to translating my blog from English to Polish. There is some rules we can manipulate it. Example, I try change tl=pl with tl=id:
http://translate.google.com/translate?hl=en&sl=en&tl=id&u=http%3A%2F%2Fwww.istanto.net
The result is I got id translation page (Indonesian). When I try change sl=en to sl=id I got result:
http://translate.google.com/translate?hl=en&sl=id&tl=id&u=http%3A%2F%2Fwww.istanto.net
So the answer is we can manipulate this format if we know country code! That it! Standard format would be like this:
http://translate.google.com/translate?hl=en&sl=[YOUR PAGE ORIGINAL LANGUAGE]&tl=[LANGUAGE YOU WANT TRANSLATED TO]&u=[PAGE SOURCE]
HL = Hidden Language? *lol* I Don’t know! This properties maybe the language setting on each computers or from where google page country we coming from.
SL = Source Language
TL = Translated Language
U = User
Okay we already know and understand this format, our next goal is created a custom html code to follow this format. This is a simple code I created, if you can please use CSS to make this code clean.
<style>
.translate img {
filter:alpha(opacity=100);
-moz-opacity: 1.0;
opacity: 1.0;
border:0;
padding-left:0px;
}
.translate:hover img {
filter:alpha(opacity=50);
-moz-opacity: 0.50;
opacity: 0.50;
border:0;
}
</style>
<div style=”text-align:center”>
<a class=”translate” href=”#” target=”_blank” rel=”nofollow” title=”English” onclick=”window.open(‘http://translate.google.com/translate?u=’+encodeURIComponent(location.href)+’&langpair=en%7Cen&hl=en’); return false;”><img alt=”English” border=”0″ align=”absbottom” title=”English” height=”24″ src=”http://www.istanto.net/flag/uk-flag.png” style=”cursor: pointer;margin-right:8px” width=”24″/></a>
<a class=”translate” href=”#” target=”_blank” rel=”nofollow” title=”French” onclick=”window.open(‘http://translate.google.com/translate?u=’+encodeURIComponent(location.href)+’&langpair=en%7Cfr&hl=en’); return false;”><img alt=”French” border=”0″ align=”absbottom” title=”French” height=”24″ src=”http://www.istanto.net/flag/france-flag.png” style=”cursor: pointer;margin-right:8px” width=”24″/></a>
<a class=”translate” href=”#” target=”_blank” rel=”nofollow” title=”German” onclick=”window.open(‘http://translate.google.com/translate?u=’+encodeURIComponent(location.href)+’&langpair=en%7Cde&hl=en’); return false;”><img alt=”German” border=”0″ align=”absbottom” title=”German” height=”24″ src=”http://www.istanto.net/flag/german-flag.png” style=”cursor: pointer;margin-right:8px” width=”24″/></a>
<a class=”translate” href=”#” target=”_blank” rel=”nofollow” title=”Spain” onclick=”window.open(‘http://translate.google.com/translate?u=’+encodeURIComponent(location.href)+’&langpair=en%7Ces&hl=en’); return false;”><img alt=”Spain” border=”0″ align=”absbottom” title=”Spain” height=”24″ src=”http://www.istanto.net/flag/spain-flag.png” style=”cursor: pointer;margin-right:8px” width=”24″/></a>
<a class=”translate” href=”#” target=”_blank” rel=”nofollow” title=”Italian” onclick=”window.open(‘http://translate.google.com/translate?u=’+encodeURIComponent(location.href)+’&langpair=en%7Cit&hl=en’); return false;”><img alt=”Italian” border=”0″ align=”absbottom” title=”Italian” height=”24″ src=”http://www.istanto.net/flag/italy-flag.png” style=”cursor: pointer;margin-right:8px” width=”24″/></a>
<a class=”translate” href=”#” target=”_blank” rel=”nofollow” title=”Dutch” onclick=”window.open(‘http://translate.google.com/translate?u=’+encodeURIComponent(location.href)+’&langpair=en%7Cnl&hl=en’); return false;”><img alt=”Dutch” border=”0″ align=”absbottom” title=”Dutch” height=”24″ src=”http://www.istanto.net/flag/dutch-flag.png” style=”cursor: pointer;margin-right:8px” width=”24″/></a>
<br/><br/>
<a class=”translate” href=”#” target=”_blank” rel=”nofollow” title=”Russian” onclick=”window.open(‘http://translate.google.com/translate?u=’+encodeURIComponent(location.href)+’&langpair=en%7Cru&hl=en’); return false;”><img alt=”Russian” border=”0″ align=”absbottom” title=”Russian” height=”24″ src=”http://www.istanto.net/flag/russian-flag.png” style=”cursor: pointer;margin-right:8px” width=”24″/></a>
<a class=”translate” href=”#” target=”_blank” rel=”nofollow” title=”Brazil” onclick=”window.open(‘http://translate.google.com/translate?u=’+encodeURIComponent(location.href)+’&langpair=en%7Cpt&hl=en’); return false;”><img alt=”Brazil” border=”0″ align=”absbottom” title=”Brazilian” height=”24″ src=”http://www.istanto.net/flag/brazil-flag.png” style=”cursor: pointer;margin-right:8px” width=”24″/></a>
<a class=”translate” href=”#” target=”_blank” rel=”nofollow” title=”Japanese” onclick=”window.open(‘http://translate.google.com/translate?u=’+encodeURIComponent(location.href)+’&langpair=en%7Cja&hl=en’); return false;”><img alt=”Japanese” border=”0″ align=”absbottom” title=”Japanese” height=”24″ src=”http://www.istanto.net/flag/japan-flag.png” style=”cursor: pointer;margin-right:8px” width=”24″/></a>
<a class=”translate” href=”#” target=”_blank” rel=”nofollow” title=”Korean” onclick=”window.open(‘http://translate.google.com/translate?u=’+encodeURIComponent(location.href)+’&langpair=en%7Cko&hl=en’); return false;”><img alt=”Korean” border=”0″ align=”absbottom” title=”Korean” height=”24″ src=”http://www.istanto.net/flag/korean-flag.png” style=”cursor: pointer;margin-right:8px” width=”24″/></a>
<a class=”translate” href=”#” target=”_blank” rel=”nofollow” title=”Arabic” onclick=”window.open(‘http://translate.google.com/translate?u=’+encodeURIComponent(location.href)+’&langpair=en%7Car&hl=en’); return false;”><img alt=”Arabic” border=”0″ align=”absbottom” title=”Arabic” height=”24″ src=”http://www.istanto.net/flag/arab-flag.png” style=”cursor: pointer;margin-right:8px” width=”24″/></a>
<a class=”translate” href=”#” target=”_blank” rel=”nofollow” title=”Chinese Simplified” onclick=”window.open(‘http://translate.google.com/translate?u=’+encodeURIComponent(location.href)+’&langpair=en%7Czh-CN&hl=en’); return false;”><img alt=”Chinese Simplified” border=”0″ align=”absbottom” title=”Chinese Simplified” height=”24″ src=”http://www.istanto.net/flag/china-flag.png” style=”cursor: pointer;margin-right:8px” width=”24″/></a>
<div style=”font-size:10px; padding:8px 0px 0px 0px”><a href=”http://www.istanto.net/how-to-creating-custom-google-translate-tools.html” target=”_blank”>Custom Google Translate Tools</a> – <a href=”http://www.google.com” target=”_blank”>Provided by google</a>
</div></div>
The result will be like this:
That’s looks beauty right? You can add more translated language if you want. All you need to do is preparing the country flag pictures and edited the code. I wan’t someone created wordpress plugins for this custom translate, you’re free to use code in here.
That’s the lesson for today, have a nice day.
July 2nd, 2010 by Istanto
Loading ...
Computer And Internet, Personal, Tips & Trick
Computer virus always using sociable technique to infecting their victims. When there is gossip virus creator always using this gossip to spreading their virus ex:paris hilton xxx movies, what FBI hidding from us, etc. This time they’re using facebook popularity to infect all facebook fans. This virus also has been reported bundled with FAKE antispyware security tools.
When you see this on your monitor that mean you’re already infected.
Just ignore this fake antispyware warning, if you follow it you will get more virus infected your computer or your operating system gonna be corrupt.
How to Remove Facebook Virus W32/Obfuscated.D2!genr :
1. It’s recommended to running windows in “safe mode” when in cleaning process, backup all your important data first!.
2. Disable “System Restore” when in cleaning process.
3. Disconnected your computers from local network.
4. Download “unlocker” and install it.
5. Download “security task manager“ then kill virus process active in computer background.
6. Download repair.inf then right click, choose “install”. Make sure repair.inf content same with this:
[Version]
Signature=”$Chicago$”
Provider=nobody
[DefaultInstall]
AddReg=inject
DelReg=rem
[inject]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKCU, Software\Microsoft\Internet Explorer\Main, tart Page,0, “about:blank”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,userinit,0, “userinit.exe”
[rem]
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run,reader_s
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run,47543326
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run,PromoReg
HKCU, SOFTWARE\Microsoft\Windows\CurrentVersion\Run,reader_s
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,EnableProfileQuota
HKLM, SOFTWARE\AGProtect
HKLM, SOFTWARE\47543326
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network, UID
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion, Rlist
HKU, .DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6}
HKU, .DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{8FFA689D-2C2B-2B2E-D865-74C04CA4EF06}
7. Delete this file list has been created by virus, before you doing this set your computers to show all hidden files.
%systemroot%\Documents and Settings\All Users\Application Data\47543326
%systemroot%\Documents and Settings\%user%\Start Menu\Programs\Security Tools.lnk
%systemroot%\Documents and Settings\%user%\Desktop\Security Tools.lnk
%systemroot%\Documents and Settings\%user%\Application Data\wiaservg.log
%systemroot%\Documents and Settings\%user%\Local Settings\Temp\*.tmp
%systemroot%\WINDOWS\Temp\wpv311256600826.exe
%systemroot%\WINDOWS\Temp\wpv411256806849.exe
%systemroot%\Documents and Settings\%user%\reader_s.exe
%systemroot%\Documents and Settings\%user%\Start Menu\Programs\Startup\isqsys32.exe
%systemroot%\WINDOWS\system32\reader_s.exe
%systemroot%\Windows\system32\wbem\proquota.exe
%systemroot%\windows\system32\sdra64.exe
%systemroot%\Windows\system32\lowsec
local.ds
user.ds
user.ds.lll
* NOTE: when you have problem deleted folder %systemroot%\Windows\system32\lowsec and file %systemroot%\windows\system32\sdra64.exe please use unlocker. Right click on folder/files then choose unlocker, choose deleted then click OK. If there any warning just ignore it.
7. Deleted all temporary files using ATF-Cleaner.
8. Update your best antivirus then scan full all your system, make sure there is no virus/worm/trojan left.
9. Subscribe to my blog… hehehe 
Good luck, have a great day
[Version]
Signature=”$Chicago$”
Provider=nobody
[DefaultInstall]
AddReg=inject
DelReg=rem
[inject]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKCU, Software\Microsoft\Internet Explorer\Main, tart Page,0, “about:blank”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,userinit,0, “userinit.exe”
[rem]
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run,reader_s
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run,47543326
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run,PromoReg
HKCU, SOFTWARE\Microsoft\Windows\CurrentVersion\Run,reader_s
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,EnableProfileQuota
HKLM, SOFTWARE\AGProtect
HKLM, SOFTWARE\47543326
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network, UID
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion, Rlist
HKU, .DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6}
HKU, .DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{8FFA689D-2C2B-2B2E-D865-74C04CA4EF06}
June 24th, 2010 by Istanto
Loading ...
Computer And Internet, Personal
You might have some strange program in your computers based on their operating system and service pack. Example: total vista security, total xp security, vista antimalware 2010, vista defender pro, vista security tool 2010, vista smart security 2010, xp anti mallware 2010, xp defender pro, xp security tool 2010, and xp smart security 2010. If you have one of any program from this list in your computers, that means your computer has been infected by this malware.
I just got infected today, my computers using windows xp and service pack 3 the result is I got fake xp smart security 2010. First time I was thinking if this is new program from Microsoft because I just updated my Microsoft security essential then this program appears. Because this program annoying me I try to search on google and found out this is an malware. I do scanned my computers using Microsoft security essential but it didn’t found anything (this antivirus is NOT recommended) I didn’t believe when this fake antispyware say my FireFox and IE has been infected, it’s stupid I just installed it yesterday. If you got message infected by this fake antispyware please IGNORE THEM or you might have problem with your operating system.
Ave.exe is the main component of each program from fake antispyware group. Basically ave.exe didn’t run without help from any files, there is Trojan when it active it will downloaded ave.exe and save it into your %AppData, this Trojan also will configure ave.exe to start annoying you.
When Ave.exe is active it will totally showing you FAKE infection, it’s also forced anyone infected to buy a license to remove this fake infection, if you following this stupid ave.exe you will lost your time, your money, and your operating system, Just ignore all warning from Ave.exe and prepared to remove this f*cking malware.
How To: Remove Ave.exe
1. Unplug your computer from network, disconnected from Internet.
1. Start your computer in safe mode.
2. Kill ave.exe process from your computer background (use task manager or an program that will allow you).
3. Merge this code to repair your registry (choose only one or using booth is OK):
FIX.REG (Right click choose merge / double click)
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@=”\”%1\” %*”
[HKEY_CLASSES_ROOT\.exe]
@=”exefile”
“Content Type”=”application/x-msdownload”
FIX.INF (Right click choose Install)
[Version]
Signature=”$Chicago$”
Provider=Myantispyware.com
[DefaultInstall]
DelReg=regsec
AddReg=regsec1
[regsec]
HKCU, Software\Classes\.exe
HKCU, Software\Classes\secfile
HKCR, secfile
HKCR, .exe\shell\open\command
[regsec1]
HKCR, exefile\shell\open\command,,,”"”%1″” %*”
HKCR, .exe,,,”exefile”
HKCR, .exe,”Content Type”,,”application/x-msdownload”
Then reboot your system.
4. Download MalwareBytes Anti-Malware Install this program on your computers and then UPDATED it first before you start scanned all your system.
5. Scan all your system, Removed all Trojan/virus/malware detected.
6. Updated your best antivirus program, scan all your system, Removed all Trojan/virus/malware detected .
7. After all scan result says no infection, connect back to the Internet then watching your network activity, if there is no activity when computer idle then you’re totally safe from this Trojan (please turn off all background which using Internet activity to make sure nothing used your connection).
Good luck
March 21st, 2010 by Istanto
Loading ...
Computer And Internet, Personal, Tips & Trick
Squid is a caching proxy server that can help reduce internet bandwidth usage and improving response time of loading a website by caching and re-using frequently opened web page. Squid reduce the bandwidth usage and accelerate the website loading by caching static website objects such as images, flash objects and text files, with some modification Squid can cache larger files such as PDF, MP3, executable, flash videos, etc.
Last week ago my client ask me to install squid on his computers. First time I meet problem because I’m not familiar with windows 7 (XP Still the best for me). The mostly problem I meet is I can’t install squid as windows 7 service. Anyway I finally found the way to do this… Want to know? keep reading this tutorial…
Preparation before you install squid:
- Squid 2.7
- Squid.conf sample
The step to install squid on windows 7:
1. Extract squid 7 and put it on example “c:\squid“.
2. Get squid.conf sample and save it as “squid.conf” put this files on example “c:\squid\etc“
3. Now the important step! we have to disable UAC (User Account Control) if we didn’t disable this we will got problem on installing squid as windows service. Mostly a lot of people try to install squid on windows 7 has problem on this step.
Control Panel -> System and Security -> Change User Account Control Settings
Slide the bar into “Never Notify” You need to restart your computer after doing this step.
4. Open command prompt. Then install squid service by typing “squid -i” in your command prompt. If you success you will see something like this:
5. Build your squid cache by typing “squid -z” You will see this message “Creating Swap Directories” in your command prompt, just waiting until it finished.
6. After squid service installed and squid cache finish building now you have to start this service.
Control Panel -> Administrative Tools -> Services
Look for service with name “squid” the start this service (you can also configure it too to auto start each time your computer on)
7. Make sure squid process is running on your computer background. You can see this on task manager in services tab.
8. It’s might important and secure to re-enable back again User Account Control Settings.
9. You just finished installing squid, congratulation
Now you have to configure your web browser to use this squid. Open your web browser and looking for (mostly network) then write your squid IP and squid Port. Example my squid IP server is 192.168.1.254 and port 3128.
That’s it, another web browser will have almost same configuration like this. Have a nice day
March 16th, 2010 by Istanto
Loading ...
Computer And Internet, Miscellaneous, Personal, Tips & Trick
This is a new stupid virus/trojan that will redirected all your traffic to google.com (209.85.225.99) infected my client on 01-01-2010, This virus was made using visual basic with size around 212-233KB. If active it has another supported files with random size.
How to know if you’re infected?
It’s very easy, if you browsing on internet or opening antivirus website then your page always redirected to google website that mean you’re infected by this virus.
Master Files
When this virus active it will created some master files and downloading some another supported files from internet. It will spreading files in different location to make it hard to cleaned. This virus also hiding as windows service and windows drivers.
This is a list of virus master files:
- %systemroot%\windows\system32
- wmispqd.exe
- Wmisrwt.exe
- qxzv85.exe
- qxzv47.exe
- secupdat.dat
- %systemroot%\Documents and Settings\%user%\%xx%.exe, Where xx is random character with size 6KB (example: rclxuio.exe).
- %systemroot%\windows\system32\drivers
- Kernelx86.sys
- xx%.sys, where xx is random character with size 40KB (example: cvxqkopsd.sys)
- Ndisvvan.sys
- krndrv32.sys
- %systemroot%\Documents and Settings\%user%\secupdat.dat
- Netsf.inf
- Netsf_m.inf
Spreading Technique and Virus Affect
This virus will spreading in your network or using any removable disk using a autorun technique. If we look in the back mostly all virus using this same technique to spreading, Maybe a good option to modify your windows to disable autorun.
Virus will blocking some windows function like: System Restore, Windows Firewall, RPC DCOM, etc. Virus will also redirected mostly antivirus or security website into google.com using hosts file.
How to Remove W32/SmallTroj.VPCG
1. Deactivated “System Restore” when in cleaning progress.
2. Disconnected your computer from Network/LAN.
3. Rename msvbvm60.dll (%systemroot%\Windows\system32\msvbvm60.dll) to backup.dll This step to prevent virus active because this virus was made using visual basic, virus will need msvbvm60.dll to run, when you rename it virus can’t active. After you cleaned this virus I recommended you to rename backup.dll back to msvbvm60.dll.
4. Deleted virus master files using Mini PE2XT, Because some rootkit hidden as windows service and driver you need to boot your computers using Mini PE2XT then follow the step:
Menu -> Programs -> File Management -> Windows Explorer
Then deleted files “Virus Master Files” (check in this article).
5. Deleted registry made by virus using Mini PE2XT
Menu -> Programs -> Registry Tools -> Avast! Registry Tools
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\\ctfmon.exe
HKEY_LOCAL_MACHINE\system\ControlSet001\services\kernelx86
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\kernelx86
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\passthru
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe
HKEY_LOCAL_MACHINE\system\ControlSet001\services\%xx%
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\%xx%
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
* %windir%\system32\ wmispqd.exe = %system%\ wmispqd.exe:*:enabled:UpnP Firewall
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
* %windir%\system32\ wmispqd.exe = %system%\ wmispqd.exe:*:enabled:UpnP Firewall
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
* %windir%\system32\ wmispqd.exe = %system%\ wmispqd.exe:*:enabled:UpnP Firewall
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
* Change string value Userinit to = userinit.exe
ATTENTION: %xx% is random character, this key created to run .SYS with size 40KB.
6. Restart your computer then use this repair-inf (rename it to repair.inf) right click on it then choose install.
[Version]
Signature=”$Chicago$”
Provider=Nobody
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKLM, software\microsoft\ole, EnableDCOM,0, “Y”
HKLM, SOFTWARE\Microsoft\Security Center,AntiVirusDisableNotify,0×00010001,0
HKLM, SOFTWARE\Microsoft\Security Center,FirewallDisableNotify,0×00010001,0
HKLM, SOFTWARE\Microsoft\Security Center,AntiVirusOverride,0×00010001,0
HKLM, SOFTWARE\Microsoft\Security Center,FirewallOverride,0×00010001,0
HKLM, SYSTEM\ControlSet001\Control\Lsa, restrictanonymous, 0×00010001,0
HKLM, SYSTEM\ControlSet002\Control\Lsa, restrictanonymous, 0×00010001,0
HKLM, SYSTEM\CurrentControlSet\Control\Lsa, restrictanonymous, 0×00010001,0
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, CheckedValue,0×00010001,0
[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableCMD
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ctfmon.exe
HKLM, SYSTEM\ControlSet001\Services\kernelx86
HKLM, SYSTEM\ControlSet002\Services\kernelx86
HKLM, SYSTEM\CurrentControlSet\Services\kernelx86
HKLM, SYSTEM\CurrentControlSet\Services\mojbtjlt
HKLM, SYSTEM\ControlSet001\Services\mojbtjlt
HKLM, SYSTEM\ControlSet002\Services\mojbtjlt
HKLM, SYSTEM\ControlSet001\Services\Passthru
HKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore
HKLM, SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate, DoNotAllowXPSP2
HKLM, SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe
7. Deleted all temporary internet files using ATF Cleaner.
8. Restore your hosts files using HostsXpert.
9. To make sure your system totally clean and to prevent virus from coming back please scan full your system using Norman Malware Cleaner, If you don’t like Norman I would recommended you to use AVIRA.
Good luck!
January 10th, 2010 by Istanto
Loading ...
Computer And Internet, Miscellaneous, Tips & Trick
Do you have any wallpaper site or photos site which get lot of traffic but there is no conversion? I know you might get frustrated to solve this problem. The problem is usually image search traffic from google search engine will bring visitors on a frame, this frame should have to be removed to get full page attention.
Using this trick it should can break any frames coming to your website. The risk behind this code already known and confirmed by some webmaster. This code can bring down your your SERP in time, also your site might got penalties. The good side, people already try using this code get more accurate data from analystic.
<script language=”JavaScript” type=”text/javascript”>
if (top.location != self.location) top.location = self.location;
</script>
Put this code in your page code it should works like magic removing frames, usually people will put it on header files. Please note, I’m NOT recommended you to use this code because you already know the risk of using this code. If you still using this code that mean you’re using it at your own risk.
Have a good day
November 15th, 2009 by Istanto
Loading ...
Computer And Internet, Miscellaneous, Tips & Trick
This time-bomb virus will deleted all your data in your hard-disk and flash-disk including system files for each file founded on date 12-13 around 8-9 AM each month. If you got this message in your computer then you have infected by this Deadlock Virus.
This virus has strange master files, I don’t know why this virus creator choose apache.exe (popular web server) and mysql.exe (popular database) if users familiar with computer process they will found out this master files easily. Deadlock has been compressed by petite 2.x. with size 80KB, using application icon.
Spreading Technique:
No autorun.inf, Deadlock using desktop.ini then folder.htt to execute flashguard.exe, so… if you’re infected by this virus each folder will contains this 3 files.
- Desktop.ini
- Folder.htt
- Flashguard.exe
Virus Affect:
This virus will deleted all files, not only data or document, virus will removing them all. If this happen to you I really don’t have smart solution for this… You can try using recovery programs, badly this programs not free. Maybe you can try to searching for free recovery programs, Anyway in my experience not all recovery programs working 100% sometimes you can’t get back lost files in 100% if you lost it in long time ago (ex: 1 year ago).
Virus also will deleted system files and make your computers fails to start, consult with your OS vendor how to fix this (In windows XP there is repair tools from CD but don’t know other) if there is no repair tools you have no choice to reinstall your OS then recover back your lost files.
HOW TO:Remove DeadLock Virus Manually:
1. Disable System Restore when in cleaning process.
Read More »
August 15th, 2009 by Istanto
Loading ...
Computer And Internet, Personal, Short Reviews
Choosing your web server programs might needed when you need to use maximum resource on your server. This happen to me around 2-4 days ago when there is contact from abuse department hosting about my vps reached it’s maximum specification. I frustrated because they gonna kick me out or they might charge me more if I can’t lower usage resource. After looking at the problem I was found out there is someone using (maybe bug) to use my server as spam email, I deleted that email account, the spam gone and memory going down a little, but the vps resource usage keep high and started annoyed me.
After looking more deeply at the problem this is actually caused by apache webserver, it’s takes to much memory resource and once people remote it I used to many resource, BAM! all my sites down. Thanks god finally I found the solution for this problem. I convert my Apache into Lighttpd to lower the memory usage, you bet… it working like a flash!
It’s very simple to convert from Apache to Lighttpd you can done it in just minutes just follow the installation document, the problem you guy’s will faced is only one, rewrite rules because it totally different with apache. This is might be the hardest part of this installation but once you pass it you will love lighttpd more than apache! don’t you? look at this images you will love it!
What you need to know about lighttpd rewrite rules? it’s simple look at this:
url.rewrite-once = ( “<regex>” => “<relative-uri>” )
OR
url.rewrite-repeat = ( “<regex>” => “<relative-uri>” )
Just write this rules on your configuration files, for more clearly documentation you can read it from here. Lighttpd standard configuration are faster than apache (already test it), anyway if you like to tune up/optimize it for better result you can look the documentation in here. Just follow it, I didn’t try it yet because I like the standard configuration but maybe next time when needed.
Good Score:
- Faster.
- Clean.
- Low resource consumption.
Bad Score:
- Hard to follow rewrite rules.
- To much manual configuration.
I’m not try google sitemap generator beta yet, but I’m sure will be there no problem at all. Go try lighttpd if you want to make your website/blog faster. Have a nice day
July 31st, 2009 by Istanto
Loading ...
Computer And Internet, Miscellaneous, Tips & Trick
VBS/Cryf.A was created using visual basic scripting (not visual basic), first case happen on my cyber cafe on date 18 July 2009 it spreading from user flash disk and try to infected all PC in my network.
I’m not sure why so much Indonesian virus maker using lot of this VBS technique (maybe they know without msvbvm.dll VBS can executed on a lot target), Since I write about VBS article long long time ago (I forget maybe around year 2003-2005) in jasakom website with title “VBS sederhana yang berbahaya” many people has try to manipulate that simple code to become advanced code. Now I’m fell really stupid by share that Article to public…
How to know if you’re infected by this worm VBS/Cryf.A:
1.First time your computer turned on it will open web browser and show this pictures.
2. VBS/Cryf.A will change your web browser start page become:
3. There is folder “album bokep” (in Indonesian language this mean porn) in all folder.
4. VBS/Cryf.A will change your system properties become like this:
5. Change file type .lnk become “movie clip”
6. It will control your DVD/CD-rom by make it open and close to make you panic.
Read More »
July 19th, 2009 by Istanto
Loading ...
|
|
Did you know?
