Computer And Internet, Miscellaneous, Tips & Trick

Hello Everyone, I’m back again ho ho ho πŸ˜›

This time I will write tutorial on “how to make random ads” using php and text as database. This idea comes from gmail interface my lovely free mail account! pfffftt yea .. yea.. we all know gmail are better than ymail *lol* πŸ˜›gmail

gmail

Alright leave them fight alone *not our business* before we start to make random ads we have to understand why we should make random ads? if we can fill those ads space with permanent ads. Most of people are bored about ads and ads on all website. Dilemma! in webmaster side we have to earn some revenue to keep continue, in costumer side sometimes they hate if we push to many ads on web page.

So? why not making random ads on your ads space some paid ads and some free ads you can use to help your costumer for what they looking for.Γ‚? Simple as 1-2-3Γ‚? now open your superb text editor NOTEPAD and copy this code:

<?php
$fcontents = join (“”, file (“random_ads.txt“));
$s_con = split(“~”,$fcontents);
$banner_no = rand(0,(count($s_con)-1));
echo $s_con[$banner_no];
?>

Save it as random.php or whatever you like (remember to give .php extension) Now creating random_ads.txt files (for database) and put a sample code on there:

<center>I’m center!</center>
~
<b>I’m bold!!! for freeeeeeeeeeeee</b>
~
I’m adsense ads
~
I’m short news!
~
I’m paid ads!!! hooray!

You can write html code or php code on database file if you’re creative you can put images/flash on it. Now put this both files on same directory on your hosting and embed it using include command into your website page.

Refresh your page to see ads rotated or you can use auto refresh meta

<meta http-equiv=”refresh” content=”180“>

180 value are in milliseconds you can change it to fit your need.

See what you have now πŸ˜€

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
Computer And Internet, Miscellaneous, Tips & Trick

D**n those f***ing China! *joke* πŸ˜›

This is new variant for Microsoft.vbs virus which I write formula how to clean it around a month ago when it hit my cybercafe until totally broken he he… Now most people know this virus as ARP virus. Why? Because after learning it more deeply this virus categorized as HIGH RISK and should removed as soon as possible before it infected total your network.

First.. To know this virus is active on your computer is you will get most error pages message when browsing, or error when using messenger, PLUS you will find this file Microsoft.vbs Microsoft.bat Microsoft.pif on your hard drive where you install your OS PLUS *again* your computer gonna be slow PLUS *oh not again* Your internet connectivity will going slow than usually PLUS *OMG* It will flooding your network until some billing(via TCP/IP) will stop responding.

It’s hard to know when your computer infected because it’s only showing a little error when you browsing and sometimes it’s not active (like clean computer) until you idle for some minutes/hour.

arp-spoofing-1.jpg

When you browsing you don’t feel something goes wrong… but when you look on the page source the evil is waiting on there πŸ˜€

arp-spoofing-3.jpg

Clean page source from google.com not injected with any code.. but wait when virus active you will look something like this..

arp-spoofing-2.jpg

Holy s**t what is that!!! πŸ˜›

So the answer is virus going active when you’re using internet by browsing or chat on messenger. Basically all internet explorer activity can bring this virus active! Enough let’s remove this virus permanently and stop it from coming back.

You can use Colasoft MAC Scanner (shareware) to scan your network, If you found there is mac address same with your gateway then you have to unplug that computer from network and clean it before you put it back on network. Why? In condition when you clean infected one virus will going to spread on other computer in your network once you clean it, it will calling back file from other infected one in your network so don’t waste your time for this stupid thing UNPLUG IT to stop it spreading in network!

arp-spoofing-4.jpg

Now.. Get Security Task Manager and delete/remove strange process on your computer background (usually with IE icon and dll files) delete/remove Desktopwin.dll/Jview.dll and ThunderAdvise.dll delete/remove AppInit_DLLs.

Done.. Now get hijackthis and restore your hosts file by Open the Misc Tools section, on System tools choose Open hosts file manager and deleted all line after 127.0.0.1 localhost or you can done this using notepad hosts file is on %systemroot%/system32/drivers/etc

Now get ATF Cleaner and deleted all cookies, history and java cache.

Repair your registry to back in normal by using this code:

[Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs,0, “”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Object

[del]
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, ThunderAdvise
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, DesktopWin

Or download repair.inf

To stop virus coming back from other computer disable default shareΓ‚? by using this code:

[Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, SYSTEM\CurrentControlSet\Services\lanmanserver\parameters, AutoShareWks,0x00010001,0
HKLM, SYSTEM\CurrentControlSet\Services\lanmanserver\parameters, AutoShareServer,0x00010001,0

Or download disable-default-share.inf and activate it restart-net-service.bat

Disable autorun to stop virus coming back from USB flashdisk/removable mediaby using this code:

[Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoDriveTypeAutoRun,0x000000ff,255
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, NoDriveTypeAutoRun,0x000000ff,255

Or download disable-autoplay.inf

To stop virus from coming back by replacing old files let’s make dummy files download dummy.bat!

Last scan with your BEST antivirus/antimalware to make sure your system clean! Another trick to stop virus from infected back your computer you can add static entry on ARP by write in command prompt “arp Γ’β‚¬β€œs *gatewayipaddress* *gatewaymacaddress*” or another trick say we can blocked those d**n virus site by change it in hosts file here is some website list detected as virus update:

972.aksjd11.com
w3og.cn
qazc.fourtw.cn
www.aujoy.cn
www.hao601.cn
www.psp476.cn
222.1212l112.net
444.1212l112.net
555.1212l112.net
111.1212l112.net
root.51113.com
hk.www404.cn
err.www404.cn
(Still there a lot out there.. BLOCKING ALL .cn domain might resolve this problem ha ha ha :P)

Anyway this method is not really can stop virus updated as long the creator change website again we have to update block it manually.

Done (finally)… now using your computer like usually for 1-2 hours and see if the virus coming back.. πŸ˜€

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
Computer And Internet, Tips & Trick

They never been stop spreading their knowledge…. and we also never let them alive forever. This is the article how to remove amburadul virus for all varian no need for antivirus program you can simply clean it using manual technique.

The simple way to know if your computer infected by this virus is you will see JPEG files with aplication extension. Now let’s start to remove it!

1. Unplug your infected computer from your network to stop this virus spreading.
2. DisableSystem Restore” when in cleaning process.
3. Kill the virus process using power tools “currprocess” kill all process with icon JPG.
4. Repair your registry that already changed by the virus using this code:

[Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”””%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, UncheckedValue,0x00010001,0
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt,CheckedValue,0x00010001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt,DefaultValue,0x00010001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, UncheckedValue,0x00010001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, CheckedValue,0x00010001,0
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, DefaultValue,0x00010001,0
HKCU, Software\Microsoft\Internet Explorer\Main, Start Page,0, “about:blank”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, type,0, “checkbox”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, type,0, “checkbox”
HKCU, Control Panel\International, s1159,0, “AM”
HKCU, Control Panel\International, s2359,0, “PM”
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidden,0x00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, SuperHidden,0x00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, HideFileExt,0x00010001,0

[del]
HKCU, Software\Microsoft\Internet Explorer\Main, Window Title,
HKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore, DisableConfig
HKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore, DisableSR
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kspoold.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kspool.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscript.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HokageFile.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rin.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Obito.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMP.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tasklist.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KakashiHatake.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Britney Spears-CLN.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Britney Spears-RTP.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HOKAGE4.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Britney Spears
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Britney Spears
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ansav.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe,debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Instal.exe, debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe,debugger
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ansavgd.exe
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFind
HKLM, SOFTWARE\Policies\Microsoft\Windows\Installer, DisableMSI
HKLM, SOFTWARE\Policies\Microsoft\Windows\Installer, LimitSystemRestoreCheckpointing
HKCR, exefile, NeverShowExt
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, PaRaY_VM
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ConfigVir
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NviDiaGT
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NarmonVirusAnti
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, AVManager
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, EnableLUA

5. Delete the master virus in %systemroot%\system32\~A~m~B~u~R~a~D~u~L~ before you do this you have to make hiden files become visible.
Then deleted this file list:

csrcc.exe
smss.exe
lsass.exe
services.exe
winlogon.exe
Paraysutki_VM_Community.sys
msvbvm60.dll
Drive:\Autorun.inf
Drive:\FoToKu xx-x-*.exe, where x show the date when virus active
Drive:\Friendster Community.exe
Drive:\J3MbataN K4HaYan.exe
Drive:\MyImages.exe
Drive:\PaLMa.exe
Drive:\Images

To make sure your computer clean you can check scan your computer using your favorite antivirus programs.
Done, have a nice day πŸ˜€

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
Computer And Internet, Miscellaneous, Tips & Trick

Computer virus again.. Today my Laptop and PC got infected by W32/ALMAN. All I can say this virus is smart and not easy to killed It’s cannot stopped by just view in background process, in services, and startup list. This virus will make 2 master source files on %SystemRoot%\System32 first wmdrtc32.dll (40 KB) and wmdrtc32.dl_ (26,5 KB) Once it active it will injected code to any executable files and infected it. If you got message box with message “There is no disk blabla” or you cannot run any executable files you should check on your system files about those 2 d**n files.

To clean infected files use this free W32/ALMAN remover from grisoft. Download this booth files and save in one folder rmalman.exe rmalman.nt run rmalman.exe and follow instruction on there. Anyway I’m not guarantee this remover will make your computer totally clean from this virus.

In my case this remover not clean my computer totally from this virus, it keep generate .dll files again and again I do scan with ANSAV, AVG and rmalman.exe but there is nothing can help me out. I was so frustrated because much of important data in my laptop should be safe. After searching in google I found out we can check and bring back Windows genuine file by using command sfc (Windows System File Checker) so I test it run “sfc /scannow” from command prompt. It’s WORKS this virus stopped infected my computer now! Yay! πŸ˜€

*Tips
You lost your windows CD or you install your windows from your Hard disk? you can run sfc command without CD by following this tricks.. Run regedit and find..

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ServicePackSourcePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePath

Change Value Data and point it into your i386 folder! example: the structure is D:\blabla\i386 then you should change Value Data to D:\blabla

Run “sfc /scannow” It should work if you set right Value Data on registry!

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
Computer And Internet, Personal, Tips & Trick

I really hate when people claimed using shared computers always not secure. To stop that words from spreading I do lot of software review and implemented it on my own cybercafe to attract people for use it.

1. I do reinstall all Windows XP home edition from zero (clean install) to make sure my windows on top performance I’m not doing any windows software update, I just updated the driver and security patch.

picture-001.jpgpicture-002.jpg

2. Buy deepfreeze standard edition from faronics company to help me keep my cybercafe computers keep clean from any virus, mallware, spyware or anything each time it reboot. That make me really bored on clean virus or spyware daily! after review deepfreeze with windows steady state I choose deepfreeze because it’s take more less memory resource.

3. Buy some accessories to make my computers more “beauty” this including optical mouse, mousepad gel, camac sound system, usb hub, etc I can’t write in here.

picture-003.jpg

4. Standard software for each computer including : Microsoft Office XP & Open Office, Winamp, Remote admin, Gunbound, mIRC, Yahoo Messenger, ICQ, Internet Explorer and anything usefull I can’t write it in here.

5. I create databank to collecting all people data on server by creating and shared some disk space on server I can save money and people can still save their data because I freeze all client computers to make sure it keep on top performance.

6. I installed programs to cheking all data in and data out from each ethernet to internet and do little modification on windows hosts file to stop people from accessing “p**n” site I redirected into local web server with warning message.

picture-005.jpg

7. The last thing is I do backup of each computer using Norton ghost to help me bring my windows back like new when there is a specific problem.

Now it’s done and time to coverting it. Traffic in last 7 days (I use indobilling to check statistic of visitor) after I change everything going up to 200-300% with daily income more than really enough to pay ISP connection and eletric bill. I save 70-150% from total profit πŸ˜€ geez I love my life he he he..

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
ο»Ώ