Miscellaneous

Miscellaneous Article

SEO:Search Engine Ranking Position(SERP) Secret

Secret?? Not yet.. mostly people already know this secret but some didn’t know so here I will share this article. If you’re already know about this just leave this article right now.

What actually search engine ranking position (SERP) and how it can affect your website. Search engine ranking position (SERP) is the listing of web pages returned by a search engine in response to a keyword query… more details can be reading in here.

How it can affect your website? Mostly first top 10 search result will got visited by searcher. That mean more traffic, traffic mean money 🙂 that’s why SERP is needed to learned if you want to monetize your traffic 😛

EXPLANATION 1:

Basically SERP calculated automatically by ROBOT, the more link you have into your website mean you will get better ranking. In this case if you have enough money you can buy million to billion link from other website to linked into your website, your SERP will raise up trust me…

For easiest way to understand this explanation look on this chart:

ist-serp-1

*Better SERP

Read More »SEO:Search Engine Ranking Position(SERP) Secret

Remove K0pL4xZ Virus VBWorm.QTT

“K0pL4xZ” Virus or VBWorm.QTT is computer virus that targeted on Microsoft Office files. This virus has been created using Visual Basic, Basically K0pL4xZ will change the icon and file type Microsoft Office.

To hiding K0pL4xZ will use Windows Media Player Classic icon, but if you always working carefully you will know this file type is .exe, OK let’s remove it.

Step to Remove K0pL4xZ Virus VBWorm.QTT

1. Disconnected your computer from network.

2. Turn off “System Restore” when in cleaning process.

3. Kill active virus process in your computer background using THIS 3rd tool.

4. Repair your registry using code below save it as repair.inf the right click on it choose install, or just download it HERE

[Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\comfile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\exefile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\piffile\shell\open\command,,,”””%1″” %*”
HKLM, Software\CLASSES\regfile\shell\open\command,,,”regedit.exe “%1″”
HKLM, Software\CLASSES\scrfile\shell\open\command,,,”””%1″” %*”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, “Explorer.exe”
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, “cmd.exe”
HKLM, SOFTWARE\Classes\exefile,,,application
HKCU, Software\Microsoft\Internet Explorer\Main, start page,0, “about:blank”
HKCU, Software\Microsoft\Internet Explorer\Main, Search Page,0, “about:blank”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, UncheckedValue,0x00010001,0
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, UncheckedValue,0x00010001,1
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion, RegisteredOrganization,0, “Organization”
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion, RegisteredOwner,0, “Owner”
HKLM, SOFTWARE\Classes\txtfile, FriendlyTypeName,0, “@C:\Windows\system32\notepad.exe,-469″
HKLM, SOFTWARE\Classes\Word.Document.8,,,”Microsoft Word Document”
HKLM, SOFTWARE\Classes\Word.Document.8\DefaultIcon,,,”C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-01500 48383C9}\wordicon.exe,1″
HKLM, SOFTWARE\Classes\PowerPoint.Show.8,,, “Microsoft PowerPoint Presentation”
HKLM, SOFTWARE\Classes\PowerPoint.Show.8\DefaultIcon,,,”C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-015 0048383C9}\pptico.exe,1″
HKLM, SOFTWARE\Classes\Excel.Sheet.8,,,”Microsoft Excel Worksheet”
HKLM, SOFTWARE\Classes\Excel.Sheet.8\DefaultIcon,,,”C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-01500483 83C9}\xlicons.exe,1″
HKLM, SOFTWARE\Classes\Access.Application.11,,,”Microsoft Office Access Application”
HKLM, SOFTWARE\Classes\Access.Application.11\DefaultIcon,,,”C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-01 50048383C9}\accicons.exe,1″
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, Hidden, 0x00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, HideFileExt, 0x00010001,0
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidden, 0x00010001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden,WarningIfNotDefault,0,”@ shell32.dll,-28964″

[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableTaskMgr
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DIsablecmd
HKCU, Software\Microsoft\Internet Explorer\Main, Window Title
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer,NoFolderOptions
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System,DisableRegistryTools
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System,DisableTaskMgr
HKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore
HKCU, Software\Microsoft\Windows\CurrentVersion\Run, System
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
HKCU, Software\Microsoft\Windows NT\CurrentVersion\Winlogon, shell
HKCU, Software\Policies\Microsoft\Windows\System, DisableCMD
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, WarningIfNotDefault
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Run, cintaku
HKLM, SOFTWARE\Classes\exefile, FriendlyTypeName

5. Deleted file %systemroot%\Windows\desktop.ini using DOS prompt.
Read More »Remove K0pL4xZ Virus VBWorm.QTT

RELATED SEARCH TERMS:

Remove Worm Kido

Worm kido also known as Conficker or Downadup, on 1st April 2009 there is some rumors out there said this worm will generated new varian. I Personally not hear big problem on that date. Many computers has been infected by this worm because it’s spreading through network. Kaspersky AntiVirus has free removal tools for this worm. First before we remove this worm, to prevent it’s spreading in networks and infected many computers please follow this step. Install Patch from Microsoft for MS08-067, MS08-068, and MS09-001. Make sure Administrator password not easy to guess. Turn off autoplay on removable devices. Follow… Read More »Remove Worm Kido

YM and Skype Virus:YouTube Lady_Eats_Her_Shit Worm:Coutsonif.A

Last week I got IRC bot virus in my server. I don’t know the virus name but I cleaned it manually. We’re not talking about this IRC bot virus cause it really simple cleaned manually using ANSAV UPX tools and Hidden Revealer I cleaned it in within short 1 minutes 😛 In this article we will write to clean YM and Skype bot virus Worm:Coutsonif.A

This virus spreading using social technique and autorun.inf, since it using social technique this virus can spreading easy. Did you ever received message from your TRUSTED friend like this sample?

coutsonif

Listen to me, don’t so easy clicked any link in email or anything! even it come from trusted source. In this case social technique can make you in danger position, Think if virus collecting your financial information :p

When you download this virus it will making 2 random file in %systemroot%\Documents and Settings\%user%\Local Settings\Temp with extension .tmp and .exe then created vshost.exe with size 122kb, file will available on every drive root.

Virus will also make another files:

  • %systemroot%\autorun.inf [all drive]
  • %systemroot%\RECYCLER\S-1-5-21-9949614401-9544371273-983011715-7040\winservices.exe
  • %systemroot%\WINDOWS\system32\sysmgr.exe
  • %systemroot%\WINDOWS\TEMP\5755.tmp
  • %systemroot%\windows\system32\crypts.dll
  • %systemroot%\windows\system32\msvcrt2.dll

It wil also change your registry to automatically started when your computers booting. Beside that, old autorun.inf technique also adopted in this virus spreading:

coutsonif-autorun

Virus will change your registry to allowed only 11 maximum active application, it also blocking your maximum port to only port 8000.

Automatic Update:

This virus will try to automatically update himself to this address list:

66.90.103.169:99/a.exe
66.90.103.169:6666/lsass .exe
66.90.103.169:443/crss .exe
TCP:72.249.94.146:7008 Port:27
TCP:127.0.0.1:1092 Port:30
TCP:66.90.103.169:99 Port:29
TCP:66.90.103.169:6666 Port:30
TCP:66.90.103.169:443 Port:30
Port 80 IP:83.133.127.5
Port 80 IP:68.180.151.74
Port 25 IP:127.0.0.1
Port 80 IP:65.55.21.250
TCP:83.133.127.5:443 Port:17
TCP:65.54.186.47:443 Port:17
Port 80 IP:87.248.208.54
TCP:89.149.254.14:443 Port:21
Port 80 IP:64.4.33.7
Port 80 IP:207.46.11.121
Port 80 IP:65.54.186.47
Port 80 IP:88.221.26.64
TCP:65.55.16.123:443 Port:28
TCP:92.122.112.124:443 Port:28
TCP:92.122.112.124:443 Port:28
TCP:88.221.165.186:443 Port:29
TCP:88.221.165.186:443 Port:29
TCP:83.133.127.5:443 Port:18
TCP:89.149.254.14:443 Port:2
TCP:65.55.16.123:443 Port:27
TCP:65.54.186.47:443 Port:27
TCP:92.122.112.124:443 Port:27
TCP:92.122.112.124:443 Port:28
TCP:88.221.165.186:443 Port:28
TCP:89.149.254.14:443 Port:21

Simple steps to cleaning Coutsonif.A:

1. Disable “System Restore” when in cleaning process.

2. Disable “autoplay/autorun” function by:

Read More »YM and Skype Virus:YouTube Lady_Eats_Her_Shit Worm:Coutsonif.A

RELATED SEARCH TERMS:

7 Simple Step to Remove Virus “Conficker” W32/Conficker.DV

Hello world! Are your network attacking by Conficker? hahaha.. don’t get mad this virus can be removed using 7 simple step only. Anyway this virus make some people mad because it’s attacking network (they might have more trouble when try to clean it) and of course your protection 😛 , If we look more deeply this virus using mostly lame virus technique included all in one packet *lol*…. but in advanced the virus maker understand and really know hows really weak windows protection so he make you all mad 😛

How to detect if your computer infected by conficker? There many sign like…. Error message Generic Host Process, You can’t access some important site ex: www.microsoft.com, www.symantec.com, www.norman.com, www.clamav.com, www.grisoft.com, www.avast.com, etc. You can’t update your antivirus, Many application not working like usually specially network application, and many more sign.

This virus created with UPX compression with size 162kb, You might get trouble when try to killed this virus process because it’s (again) using lame technique by running .dll files following fake svchost.exe file. Virus is not automatically active, it will starts download some images files and created temporary files then building himself (again) LAME! *lol*

Once virus build completed it will starts to disabled some windows services, Virus will blocking any string he found on each active application, here is the list:

Read More »7 Simple Step to Remove Virus “Conficker” W32/Conficker.DV

RELATED SEARCH TERMS:

Remove Vista Virus: huhuhaha VBS/Autorun.AO

Who says new version of operating system would be safe and better than older version ?!?! In this case virus trouble maker show how they can adapted their new technique to touching new version of operating system. In this case “huhhaha” virus has been touched windows vista even it categorized as low risk virus.

“huhuhaha” virus has been created using language “VBScripting” virus size around 6 kb. Spreading technique almost same with classic technique using autorun.inf .. here us virus structure :

  1. autorun.inf (in all root drive)
  2. huhuhaha.vbs (in all root drive)
  3. %systemroot%\WINDOWS\system32\XpWin.vbs

How to detect when you get infected by this virus?

1. look on your run command.

huhuhaha-run

2. System restore deactivated automatically.

3. On your browser header.

huhuhaha-browser

4. Disable UAC (User Account Control) function, Vista team clarify this function as better protection for vista and now it’s already broken so who say vista are safe?

huhuhaha-uac

5. Change registry on name and organization on your registered version to become “huhuhaha

6. De-activated safe mode function, and try to make BSOD (Blue screen of death when you try to access “safe mode”.

huhuhaha-bsod

7. Turned off “security center” function.

How to clean your computer from huhuhaha VBS/Autorun.AO:

1. Unplug your computer from network.

2. Kill active virus process, in this case because this virus run as “VBScript” it will used file “wscript.exe” to run in computer background. Kill wscript.exe by select end process.

Read More »Remove Vista Virus: huhuhaha VBS/Autorun.AO

RELATED SEARCH TERMS:

Economic Global Affected the World

Seems like what I predicted in December 2008 will become true, After reading news from some source I predicted USA in next 1-3 years next will stay in economic crisis condition. After president Obama fails to stimulate the US Dollar raising, from wrong on pledge an oath and also his decisions on supporting Israel beside help people in Gaza to live normally I think it will make US dollar get hit going lower in next movement. USA will stay on crisis after Obama change his decisions to make a better world, Obama forget on his own promise to make a… Read More »Economic Global Affected the World

Playing with .htaccess file

Crazy! I think all of my site has been targeted to get spammed by someone or maybe group.. Last 2 days ago I give notification in some of my site tell them to stop spamming or I will banned them. Mostly they are spamming for V****a, x**, p**n, rubbish stuff, etc. Seems like spam business make a lot money for them… eh?

Looks like they was thinking I’m joke? hell no I’m not joke this time *bad temperament lol* I banned all they IP from accessing my website. I don’t care about traffic may decrease for a weeks this stupid guys group must be stopped!

I searching the way to do it and i found it lately to play with simple .htaccess file to stop this noob from spamming..

blocking their IP using this sample code:

## USER IP BANNING
<Limit GET POST>
order allow,deny
deny from 123.123.123.123
deny from 123.123.123.
deny from 123.123.
deny from 123.
allow from all
</Limit>

Read the rules:

123.123.123.123 (Blocks a specific IP address)
123.123.123. (Blocks ALL IPs within the range 123.123.123.xxx)
123.123. (Blocks ALL IPs within the range 123.123.xxx.xxx)
123. (Blocks ALL IPs within the range 123.xxx.xxx.xxx)

I recommended you to blocks specific IP adress to minimize your lost traffic.

Now for disable hotlinking from bandwith stealer use this sample code:

Read More »Playing with .htaccess file

RELATED SEARCH TERMS:

Google Pagerank Algorithm

Hi Everyone finally we’ll meet again.. I have free little time to write article on my blog 😀 , I’m little scared to publish this article to public…. NOPE I mean If this information accurate then google will change this pagerank algorithm in the future. Take a look on this table sheet: As you can read the table it very simple. Example: you want your new website jumping into pagerank 2 or 8 in next pagerank update you can try get 1 one way link from site with PR 10. I’m not really sure this data 100% accurate! that’s why… Read More »Google Pagerank Algorithm

Merry Christmas 2008 and Happy New Year 2009

Hi all sorry for late update on this blog.. to busy on manage my new sites, last week I created 6 sites but not completed yet LOL. Even it’s to late or to fast I just want to wishes to all of you “merry christmas 2008 and happy new year 2009” hope youÂall peacefull and have better life than in older year. Istanto :):):)