Choosing your web server programs might needed when you need to use maximum resource on your server. This happen to me around 2-4 days ago when there is contact from abuse department hosting about my vps reached it’s maximum specification. I frustrated because they gonna kick me out or they might charge me more if I can’t lower usage resource. After looking at the problem I was found out there is someone using (maybe bug) to use my server as spam email, I deleted that email account, the spam gone and memory going down a little, but the vps resource usage keep high and started annoyed me.

After looking more deeply at the problem this is actually caused by apache webserver, it’s takes to much memory resource and once people remote it I used to many resource, BAM! all my sites down. Thanks god finally I found the solution for this problem. I convert my Apache into Lighttpd to lower the memory usage, you bet… it working like a flash!

It’s very simple to convert from Apache to Lighttpd you can done it in just minutes just follow the installation document, the problem you guy’s will faced is only one, rewrite rules because it totally different with apache. This is might be the hardest part of this installation but once you pass it you will love lighttpd more than apache! don’t you? look at this images you will love it!

What you need to know about lighttpd rewrite rules? it’s simple look at this:

url.rewrite-once = ( “<regex>” => “<relative-uri>” )

OR

url.rewrite-repeat = ( “<regex>” => “<relative-uri>” )

Just write this rules on your configuration files, for more clearly documentation you can read it from here. Lighttpd standard configuration are faster than apache (already test it), anyway if you like to tune up/optimize it for better result you can look the documentation in here. Just follow it, I didn’t try it yet because I like the standard configuration but maybe next time when needed.

Good Score:

• Faster.
• Clean.
• Low resource consumption.

Bad Score:

• Hard to follow rewrite rules.
• To much manual configuration.

I’m not try google sitemap generator beta yet, but I’m sure will be there no problem at all. Go try lighttpd if you want to make your website/blog faster. Have a nice day

Not all antivirus program this day will help you eliminate your virus problem, In this case antivirus XP 2008 is spyware which try to make your computer as spam zombie.  This case make a strong people opinion on corporation between virus maker and antivirus maker(bad joke) *LOL* Be careful when you open email from someone you don’t know, specially from Daily Top 10 with subject CNN.com Daily Top 10 this email will asking you to update your flash player but actually that file is virus.

If you downloaded and run this files it will making virus master and downloaded files from internet automatically then run it.

C:\WINDOWS\system32\CbEvtSvc.exe
C:\Documents and Settings\Your User Name\Local Settings\Temp\lfq0kzgs.exe
C:\Documents and Settings\Your User Name\Local Settings\Temp\.xx1.tmp.vbs
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\smss.exe
C:\WINDOWS\system32\lphc7nvj0e52e.exe
C:\WINDOWS\system32\phc7nvj0e52e.bmp
C:\WINDOWS\system32\phc7nvj0e52e.bmp
C:\WINDOWS\system32\blphc7nvj0e52e.scr
C:\WINDOWS\system32\phc7nvj0e52e.bmp
C:\windows\system32\drivers\xxx.sys
C:\Documents and Settings\LocalService\Application Data\584289103.exe
C:\Program Files\rhc3nvj0e52e
C:\Windows\system32\pphc7nvj0e52e.exe
C:\Documents and Settings\LocalService\Application Data\rhc3nvj0e52e
C:\Documents and Settings\Your User Name\Application Data\rhc3nvj0e52e.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\Your User Name\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk

This virus will also make your registry changes:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc
DisplayName = CbEvtSvc
ImagePath = %SystemRoot%\System32\CbEvtSvc.exe -k netsvcs

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CbEvtSvc
DisplayName = CbEvtSvc
ImagePath = %SystemRoot%\System32\CbEvtSvc.exe -k netsvcs

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CbEvtSvc
DisplayName = CbEvtSvc
ImagePath = %SystemRoot%\System32\CbEvtSvc.exe -k netsvcs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6127a5e3
ImagePath = \SystemRoot\System32\drivers\6127a5e3.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6127a5e3
ImagePath = \SystemRoot\System32\drivers\6127a5e3.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\6127a5e3
ImagePath = \SystemRoot\System32\drivers\6127a5e3.sys

KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
lphc7nvj0e52e = C:\WINDOWS\system32\lphc7nvj0e52e.exe

SMrhc3nvj0e52e = C:\Program Files\rhc3nvj0e52e\rhc3nvj0e52e.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\software notifier

HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\rhc3nvj0e52e
DisplayName = AntivirXP08
UninstallString = “C:\Program Files\rhc3nvj0e52e\uninstall.exe”

HKEY_LOCAL_MACHINE\software\rhc3nvj0e52e
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion
rhc3nvj0e52e = 8b 6e 99 48 (bynary)

HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
AntivirXP08 = AntiVirXP08
SV1

This virus will try to spreading using your internet connection, it will spam every email address founded on your computers, type netstat -a on your command prompt and you will found lot of activity without your action.

This virus also will remove your “screen saver” and “desktop” tab on display properties and change your desktop with file %systemroot%\system32\phc7nvj0e52e.bmp and change your screensaver with executed file %systemroot%\\system32\blphc7nvj0e52e.scr to make you panic by showing fake blue screen of death (BSOD) on your screen

Enough, now time to remove this stupid things!

1. Run your computer from “safe mode” and disable your “system restore“

2. Stop active virus services by type in run/command prompt services.msc

3. Find  services with name CbEvtSvc or something similar with that name then click properties on that services. Stop it and on startup column choose Disable then click OK.

4. Repair your registry already changed by virus using this code:

 [Version]
Signature=”$Chicago$”
Provider=nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”"”%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”"”%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKCU, Control Panel\Desktop, ConvertedWallpaper,0, “”
HKCU, Control Panel\Desktop, OriginalWallpaper,0, “”
HKCU, Control Panel\Desktop, SCRNSAVE.EXE,0, “”
HKCU, Control Panel\Desktop, Wallpaper,0, “”
HKCU, Software\Microsoft\Internet Explorer\Desktop\General, BackupWallpaper,0, “”
HKCU, Software\Microsoft\Internet Explorer\Desktop\General, Wallpaper,0, “”

[del]
HKLM, Software\Microsoft\Windows\CurrentVersion\Run, lphc7nvj0e52e
HKLM, Software\Microsoft\Windows\CurrentVersion\Run, services
HKLM, Software\Microsoft\Windows\CurrentVersion\Run, SMrhc3nvj0e52e
HKLM, Software\Microsoft\Windows\CurrentVersion\Run, rhc3nvj0e52e.exe
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, NoDispBackgroundPage
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, NoDispScrSavPage
HKLM, SYSTEM\CurrentControlSet\Services\6127a5e3
HKLM, SYSTEM\ControlSet002\Services\6127a5e3
HKLM, SYSTEM\ControlSet001\Services\6127a5e3
HKLM, SYSTEM\ControlSet001\Services\CbEvtSvc
HKLM, SYSTEM\ControlSet002\Services\CbEvtSvc
HKLM, SYSTEM\CurrentControlSet\Services\CbEvtSvc
HKLM, SYSTEM\ControlSet001\Services\CbEvtSvc
HKLM, SYSTEM\CControlSet002\Services\CbEvtSvc
HKLM, SOFTWARE\Microsoft\software notifier
HKLM, software\Microsoft\Windows\CurrentVersion\Uninstall\rhc3nvj0e52e
HKLM, software\rhc3nvj0e52e
HKLM, software\Microsoft\Windows\CurrentVersion, rhc3nvj0e52e
HKLM, software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
HKLM, SOFTWARE\Microsoft\Software Notifier
HKLM, SYSTEM\ControlSet001\Services\125c1fb5
HKLM, SYSTEM\ControlSet002\Services\125c1fb5
HKLM, SYSTEM\CurrentControlSet\Services\125c1fb5

Save this code as repair.inf and run it by right click and choose install, or you can download it repair.inf

5.  Deleted this file list (if your OS on drive d then c:\ should be d:\ and so on):

C:\WINDOWS\system32\CbEvtSvc.exe
C:\Documents and Settings\Your User Name\Local Settings\Temp\lfq0kzgs.exe
C:\Documents and Settings\Your User Name\Local Settings\Temp\.xx1.tmp.vbs (xx=random).
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\smss.exe
C:\WINDOWS\system32\lphc7nvj0e52e.exe
C:\WINDOWS\system32\phc7nvj0e52e.bmp
C:\WINDOWS\system32\phc7nvj0e52e.bmp
C:\WINDOWS\system32\blphc7nvj0e52e.scr
C:\WINDOWS\system32\phc7nvj0e52e.bmp
C:\windows\system32\drivers\xxx.sys (xxx random with size 108 KB)
C:\Documents and Settings\LocalService\Application Data\584289103.exe
C:\Program Files\rhc3nvj0e52e
C:\Windows\system32\pphc7nvj0e52e.exe
C:\Documents and Settings\LocalService\Application Data\rhc3nvj0e52e
C:\Documents and Settings\Your User Name\Application Data\rhc3nvj0e52e.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\Your User Name\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk

6. Delete your temporary files using ATF Cleaner.

7. Last, scan with your best updated antivirus to make sure system is clean.

Done, now get some coffee and send it to me he he he

Can you guys stop spam my blog comment?!?! Please leave useful comment only! do not link to other/porn site which have totally different content as my topic! if you’re looking for backlink I’m not giving free service in here. Try spamming in other site not in here!!

Your mIRC client sending spam messages without your permission? STOP IT!

This day spam used as business for some bad people on internet they called the dark side of internet. Spam is business? how can I say that…

Spam was targeting on some newbie, the reason behind it simple just for MONEY or VIRUS SPREADING we should fight back and stop this spam.

My Topic this time is the remover for the most mIRC client spam, it’s free no need to pay!

Spam remover

Guide how to use it:

• After you download it you should put it in the root of your IRC client folder. Example: Your path to IRC client is on c:\program files\mIRC put that files on there.
• Once the files on there it should be loaded by typing //!load -rsn spamrem.zvk
• Once you typed the above command, a confirmation dialog will pop-up, click on YES or ACCEPT or CONTINUE.
• The script will execute itself. Then, it will detect, remove, and disinfect any (common) traces that the spam infection left in your mIRC Client.

Now your mIRC client is clean from auto spam messages.