Computer And Internet, Miscellaneous, Personal, Tips & Trick

In this short articles we will try to make simple validation using Visual Basic 6 and Microsoft Internet Transfer Control component. Basically I need to make a simple validation to make sure my programs are licensed to real company and others company can’t used it if they not paid the license. I want something which only controlled by me and others can’t change it without my permission.

At the first time this idea coming into my mind. I was thinking to make a simple text file with some string on it, in this sample I write “valid” on this sample text file. I choose to put it on web-hosting because only me can change this value. My next job is creating programs which can get this value and implement it’s logic.

Let’s begin, First Start New Project and then add component name “Microsoft Internet Transfer Control”

component-ist

Next add label and set the visible properties to false, This will hide label from viewers. Next setting the programming logic, this is an my very sample code:

[to_plus]

Private Sub form_load()

‘get the value

Label1.Caption = Inet1.OpenURL(“http://www.istanto.net/license/panel.txt”)

If Label1.Caption = “valid” Then

‘do nothing because label caption is valid

Else

‘close the program when the label caption others than valid

Unload Me

End If

End Sub

That’s it, very simple and easy to understand! when we tested running it the is the result is.. (I set label properties visible true to see if it get the right value)

running-ist

You can be creative by adding timer and playing with the programming logic ex: what should programs do when blabla, etc. Playing with another value and make it following your logic. With this sample we can control our programs to make sure it will only run on authorized company. Others should be paid the license before they’re going to used it.

That’s my share for today, have a nice day everyone! See you soon on next articles.. 🙂

[/to_plus]

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
Computer And Internet, Personal

My cybercafe just got infected this virus yesterday. It’s spreading from removable device users plug into my server. It’s really annoying because my computers starts to hang for 10 seconds and then it run again but very slows. All I notice is windows give notification low virtual memory, I cannot run Internet explorer (but still I can run another .exe application), and I cannot shutdown the computer. It also effect Internet connection speed, but I’m not really sure about this. When I type in command prompt netstats -a I see a lot of established connection (maybe virus sending or downloading something).

Frustrated, I’m looking on google with keyword services303.exe but it’s refers to non computer virus. I believe this is first case of services303.exe documented. Lucky me this virus not spreading in my network so I can stop it fast before it infected others computers. I try scan my computer using malwarebytes, avira, avg, eset32/NOD and they not detects any virus *great*.

The main virus is services303.exe and it’s located in [WINDOWSDRIVE]\DOCUMENTS AND SETTINGS\[USERNAME]\APPLICATION DATA\MICROSOFT\SERVICES303.exe with attributes read only and hidden.

It’s also change your registry in:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

It’s set to run services303.exe when computer starts and giving fake program description about Adobe speed launcher.

[to_plus]

How To Remove Services303.exe

1. Run your computers in safe mode.

2. Open command prompt, Go to folder [WINDOWSDRIVE]\DOCUMENTS AND SETTINGS\[USERNAME]\APPLICATION DATA\MICROSOFT\ and type Attrib -s -h /S /D.

3. Once attrib process done you can see file with name services303.exe, delete it! don’t forget empty your recycle bin too.

4. Delete manually auto-start services303.exe in registry, start – run -> regedit and look on this field :

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

5. Delete all temporary Internet and windows files. Use ATFCleaner or Ccleaner.

6. Scan whole system with updated antivirus.

Done, Your computers should back normal again. Have a nice day everyone 😀

[/to_plus]

Related Search Terms:

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
Computer And Internet, Personal

If you feel your Computers and Internet slower than usual you may get infected by W32/Obfuscated.J (Trojan.Downloader2.25378). This new Trojan will using your Internet connection to send your information to their server and updated their self. Carefully when you’re using your computers for business, they may stole your credit cards or bank information. Would you get up from your sleep and find out someone stole your money? I don’t think so… no one would that happening including myself.

W32/Obfuscated.J (Trojan.Downloader2.25378) created using C language. There is 2 important files for this virus it was .exe and wjdrive32.exe, both of file have size 49KB, hidden attributes, located in \windows\ folder.

Just like an older method W32/Obfuscated.J (Trojan.Downloader2.25378) will spreading using your removable device and hidden in recycler folder. (I’m not sure if this Trojan can spreading on network since I eleminate it before it grown in my networks)

It’s very easy to detect if your computer infected by W32/Obfuscated.J (Trojan.Downloader2.25378) just take a look on some information bellow.

[to_plus]

1. You’ll see a lot of visual basic activity.

2. If you’re running an old computer sometimes virus may crash your explorer.exe

3. Virus will send your information to this server list (use netstats command or another tools to find out):

112.78.112.208 : 80
216.108.234.10 : 80
218.85.133.201 : 80
72.18.202.18 : 80
91.213.29.141 : 80
91.213.29.147 : 80
123.183.217.32 : 5943
60.190.223.125 : 6943

When I check those IP using online IP whois information some of that IP located in JAPAN and some in UNITED STATES. I think this is to make us confused to know who’s creating this Trojan.

4. Virus will turn off your windows firewall.

How to remove W32/Obfuscated.J (Trojan.Downloader2.25378)

1. Disconnect your computers from local networks/Internet.

2. Run you computers in safe mode.

3. Download Dr.Web CureIt! (from clean computers) and then zip it. Transfer this zipped files to your infected computers. Double click zip file and choose the main programs. Scan all yours computer drives including removable device.

*ATTENTION DON’T EXTRACT THE ZIP CONTENT TO FOLDER OR IT MAY GET INFECTED!

4. Repair your registry using this code below:

[Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=Repair
DelReg=Remove

[Repair]
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidden,0x00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, SuperHidden,0x00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, HideFileExt,0x00010001,0
HKLM, SOFTWARE\CLASSES\batfile\shell\open\command,,,”””%1″” %*”
HKLM, SOFTWARE\CLASSES\comfile\shell\open\command,,,”””%1″” %*”
HKLM, SOFTWARE\CLASSES\exefile\shell\open\command,,,”””%1″” %*”
HKLM, SOFTWARE\CLASSES\piffile\shell\open\command,,,”””%1″” %*”
HKLM, SOFTWARE\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe

[Remove]
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Config Setup
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, (Default)
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, vyre32
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MS0593[1]
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run, Microsoft Config Setup
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, 12CFG214-K641-12SF-N85P

Save it as whateveryoulike.inf , right click on it choose install. You may download repairtrojandownloader.inf from my site.

5. Restart your computers and then clean all temporary files (you can use windows disk cleanup, but I recommended CCLEANER).

6. If you won’t this virus coming back update your windows or get some great antivirus you trust.

Done, Have a nice day 😀

[/to_plus]

Related Search Terms:

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
Computer And Internet, Miscellaneous, Personal

This is really strange case on one of my cycber cafe computer. I used ESET/NOD32 antivirus to check all computers in my networks but the result is clean. One I notice is explorer.exe and svchost.exe use to much CPU usage and Memory. I sense there is something strange because usually this computer can run faster.

After checked it with this small tools memory checker finally I found the problem, my computers infected with Conficker.B Variant, It’s really funny when commercial antivirus say my computer clean.. LOL..

The Conficker.B variant a little strange, I still can open Microsoft website. The important key to sense if your computers infected is if your computer run slow than usual. Check with that small memory tools and you may find something 😀

[to_plus]

How to to remove Conficker.A and Conficker.B Variant

I’m to lazy for writing manual step, because conficker has to many variant I won’t you blame me if some conficker variant manual removal won’t work for yourself. Just download this conficker removal tools and before run it make sure you’re disconnected from any local network or Internet. There is fourth (4) step you have to follow using this tools.

After you kicked out this conficker you should update your computers security!!! It’s to prevent this worm back and anoying you once again. This really happen to me when I’m to lazy for update my windows the virus back again in just 1 hours haha..

Have a nice day everyone 🙂

[/to_plus]


Related Search Terms:

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
Computer And Internet, Miscellaneous, Personal

After a weeks analyze newest search term keywords coming to my blog I found there is a lot of request for articles about how to removing virus Searchqu (around 5%). In this short articles I will write how to remove SearchQU virus and bring back your computers to normal condition.

Searchqu is a highly dangerous trojan which lures users to unknowingly perform corrupt actions on a targeted computer. Searchqu poses as an antispyware application that displays deceptive warnings and misleading scan results. It then asks for users to purchase it. Searchqu record the contents of all the instant messages you send or receive—along with the usernames and addresses of your IM partners. Searchqu record the entire contents of each chat room you visit—and log the usernames and addresses of other channel members. Searchqu pretends to be a legitimate software, but infact it’s a virus many computer users got currently, and antivirus won’t help, you need to remove Searchqu manually.

[to_plus]

2 simple step to remove SearchQU virus

1. Deleted this file list manually :

%AppData%\searchqutoolbar\stat.log
%AppData%\searchqutoolbar\uninstallStatIE.dat
%AppData%\searchqutoolbar\uninstallIE.dat
%AppData%\searchqutoolbar\stats.dat
%AppData%\searchqutoolbar\guid.dat
%AppData%\searchqutoolbar\preferences.dat
%AppData%\searchqutoolbar\log.txt
%AppData%\searchqutoolbar\dtx.ini
%AppData%\searchqutoolbar\coupons\categories.xml
%AppData%\searchqutoolbar\
%AppData%\searchqutoolbar\version.xml
%AppData%\searchqutoolbar\coupons\merchants2.xml
%AppData%\searchqutoolbar\coupons\merchants.xml
%Temp%\searchqutoolbar-manifest.xml

Or you can created a manual batch file with content like this:

del %AppData%\searchqutoolbar\stat.log
del %AppData%\searchqutoolbar\uninstallStatIE.dat
del %AppData%\searchqutoolbar\uninstallIE.dat
del %AppData%\searchqutoolbar\stats.dat
del %AppData%\searchqutoolbar\guid.dat
del %AppData%\searchqutoolbar\preferences.dat
del %AppData%\searchqutoolbar\log.txt
del %AppData%\searchqutoolbar\dtx.ini
del %AppData%\searchqutoolbar\coupons\categories.xml
del %AppData%\searchqutoolbar\
del %AppData%\searchqutoolbar\version.xml
del %AppData%\searchqutoolbar\coupons\merchants2.xml
del %AppData%\searchqutoolbar\coupons\merchants.xml
del %Temp%\searchqutoolbar-manifest.xml

Or download it from here

2. Remove this registry list manually:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar “Searchqu Toolbar”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\SearchQUIEHelper.DNSGuard
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ProgID “SearchQUIEHelper.UrlHelper.1”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} “UrlHelper Class”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\VersionIndependentProgID “SearchQUIEHelper.UrlHelper”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\InprocServer32 “C:\PROGRA~1\WINDOW~4\ToolBar\searchqudtx.dll”
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} “Searchqu Toolbar”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7} “Searchqu Toolbar”

Or download searchqu-repair.inf from my blog, then right click on it ,choose install.

3. Done.

I’m not guarantee this way will works for everyone, if there is new varian this step may not works. Have a nice day everyone! 🙂

[/to_plus]

Related Search Terms:

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS