Tuesday, November 18, 2008

New Folder.exe (new)

Old New Folder.exe has the effect on the hidden files.
But in the new virus with same name has a property to make the files super hidden
i.e Hide the protected os files.

  • It will make Files super hidden
  • It will make the files as system files
  • It will make the files read only
so some extra efforts are needed with the normal New Folder.exe
read the procedure for New Folder.exe removal at New Folder.exe(old)
and read how to enable the hidden files manually at EnableHiddenFiles



Step 1

Remove the virus by any good anti virus like kaspersky, AVG,Avast.



Step 2

Now Fixing the superhidden open registry editor and navigate to the key

"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\Advanced\Folder\SuperHidden
And delete the Existing "CheckedValue" of the type "String" and create another one of the same name but of the type "DWORD" and set it's value to "1" Then open "My Computer" and go to: Tools> Folder Options> View> and select "Show hidden files and folders" and
Uncheck "Hide protected operating system files".



Step 3

Restart the computer



Step 4

Relax problem solved

New Folder.exe(old) solutions

Removing technique 1:-

I was surprised that my most favourite antivirus Avast, for the first time failed against viruses but then again avg can remove it if the virus is not the latest version .Latest can't be removed by any antivirus . This virus is know popularly as regsvr.exe virus, or as new folder.exe virus and most people identify this one by seeing autorun.inf file on their pen drives, But trend micro identified it as WORM_DELF.FKZ. It is spreading mostly using pen drives as the medium.

New folder.exe virus

Manual Process of removal
I prefer manual process simply because it gives me option to learn new things in the process.

So let’s start the process off reclaiming the turf that virus took over from us.

  1. Dissable to read only Options
    1. Search for autorun.inf file. It is a read only file so you will have to change it to normal by right clicking the file , selecting the properties and un-check the read only option
    2. Open the file in notepad and delete everything and save the file.
    3. Now change the file status back to read only mode so that the virus could not get access again.
    4. Autorun INF: cutting the supply line
    5. Click start->run and type msconfig and click ok
    6. Go to startup tab look for regsvr and uncheck the option click OK.
    7. Click on Exit without Restart, cause there are still few things we need to do before we can restart the PC.
    8. Now go to control panel -> scheduled tasks, and delete the At1 task listed their.
  2. Open GPEDIT if the regedit is dissabled
    1. Click on start -> run and type gpedit.msc(xp professional ) and click Ok.
    2. Opening the gate of castle: starting the gepedit or msconfig
    3. If you are Windows XP Home Edition user you might not have gpedit.msc in that case download and install it from Windows XP Home Edition: gpedit.msc and then follow these steps.
    4. Go to users configuration->Administrative templates->system
    5. Find “prevent access to registry editing tools” and change the option to disable.
    6. Opening the gate of castle: Group Edit Policies
    7. Once you do this you have registry access back.
    8. or visit my post registry is dissable by administratot
  3. Run the regedit
    1. Click on start->run and type regedit and click ok
    2. Go to edit->find and start the search for regsvr.exe,
    3. Launch the attack in the heart of castle: registry search
    4. Delete all the occurrence of regsvr.exe; remember to take a backup before deleting. KEEP IN MIND regsvr32.exe is not to be deleted. Delete regsvr.exe occurrences only.
    5. At one ore two places you will find it after explorer.exe in theses cases only delete the regsvr.exe part and not the whole part. E.g. Shell = “Explorer.exe regsvr.exe” the just delete the regsvr.exe and leave the explorer.exe
  4. Search and destroy the virus files as mentioned-
    1. Click on start->search->for files and folders.
    2. Their click all files and folders
    3. Type “*.exe” as filename to search for
    4. Click on ‘when was it modified ‘ option and select the specify date option
    5. Type from date as 1/31/2008 and also type To date as 1/31/2008
    6. Seek and destory enemy soldiers: the search option
    7. Now hit search and wait for all the exe’s to show up.
    8. Once search is over select all the exe files and shift+delete the files, caution must be taken so that you don’t delete the legitimate exe file that you have installed on 31st January.
    9. Also selecting lot of files together might make your computer unresponsive so delete them in small bunches.
    10. Also find and delete regsvr.exe, svchost .exe( notice an extra space between the svchost and .exe)
  5. Reboot the system
    1. Now you are done.
Removing technique 2

Use the tools to remove it
there are several tools on the internet some of the links are here
Rapidshare Link to newfolder_killer exe

Wednesday, October 22, 2008

HIDE drive

HIDE drive

open CMD

type diskpart

it apears as

diskpart>

then type

list volume

your volumes are shown such as

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 J DVD-ROM 0 B No Media
Volume 1 C Window NTFS Partition 22 GB Healthy System
Volume 2 D software NTFS Partition 30 GB Healthy
Volume 3 E project NTFS Partition 30 GB Healthy
Volume 4 F kaku NTFS Partition 15 GB Healthy
Volume 5 G songs NTFS Partition 35 GB Healthy
Volume 6 H Deepak NTFS Partition 10 GB Healthy
Volume 7 I mix pix NTFS Partition 6863 MB Healthy

if you want to delete D drive the type select volume 2

this appears as volume 2 selected

then type remove letter D

your drive D is hide and its data is note accessed

to restrore it

after list volume

type select volume 2

the assign letter D

your drive is shown

check all commonds off diskpart by type diskpart /?
its strange

Thursday, July 10, 2008

Fixing of Send To Option on right click

By Some Virus or themes,if the "Send To" option on right click got removed.
Then there is a way to get it back.
you need to open the registry editor by typing "regedit" without Quotes in Run.
Then navigate to the key
HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\Send To
does it have this value:
(default) REG_SZ {7BA4C740-9E81-11CF-99D3-00AA004AE837}
if anything is missing create that value.
Then ur problem is solved.
If only, create shortcut on Desktop is missing, then navigate to
HKEY_CLASSES_ROOT\.DeskLink\PersistentHandler
(Default) REG_SZ {098f2470-bae0-11cd-b579-08002b30bfeb}
OtherWise:-
Try this : Go to your Send To folder, if the desktop file is not there, rightclick an empty space, click new - text file. Then rename the new textfile to Desktop (create shortcut).DESKLINK

Thursday, May 22, 2008

Check IP at command prompt

Check IP at command prompt
Did you know you can view it even faster (without opening all the way to cmd or command.com? Just type "cmd /k ipconfig" in the run box (Start button, run).
You can also put cmd /k ipconfig in a text file and give it a .bat extension to make a batch script so you just need to click on the file to execute it instead of going to the start menu.

Change Orginal Desktop Wallpaper

Change Orginal Desktop Wallpaper
Go to run, type regedit press ok.
when that comes up go to HKEY_CURRENT_USER>Control Panel>Desktop
Now find the orginalwallpaper, right click and select modify.In the text box type the path to the file you want to be your orginal desktop wallpaper.
There ya go!
This is more of a fun tweak than it is usefull.

Saturday, May 10, 2008

The REGISTRY EDITOR is dissable by adminstrator

The REGISTRY EDITOR is dissable by adminstrator:-
Registry Editing has been disabled by your administrator For standalone Windows XP systems, perform the steps below to remove the registry editing restrictions.
Method 1: Using the REG.EXE console tool
1. Click Start, Run and type this command:
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
(Just Copy and paste the above Command in RUN)You should be able to launch Tweak UI, as well as the Registry Editor.
Method 2: Using the Group Policy Editor (Windows XP Professional only)
Click Start, Run and type gpedit.msc and press ENTER Go to the following location:
User Configuration Administrative Templates System
Double-click Disable registry editing tools and set it to Not Configured
Exit the Group Policy Editor Note: If the setting already reads Not Configured, set it to Enabled, and click Apply. Then revert it back to Not Configured. This ensures that the DisableRegistryTools registry value is removed successfully.

HOw to convert RAW file system to FAT32 file system

Use disk management:
Start -> Settings -> Control Panel -> Administrative Tools -> Computer Management
In Computer Management, click "Disk Management" on the left which is under "Storage." In the lower portion on the right, you should see a list of all the volumes.If it is a removeable drive you want to format, use "Removable Storage" under "Storage" instead of "Disk Management."First Delete the partition then create a new partition as Fat32 then Right-click on that one you want to format and click "Format".
Problem solved
enjoy!

Change TCP/IP settings by command line

When you often use a laptop on different netwoks you can very easily change your ip and much more by use this command. You can save the line in a batch file and run the file when you switch between home and work.
Example:
set address name="Local Area Connection" static 10.0.5.99 255.255.255.010.0.5.1 1
The syntax is:set address [name=]InterfaceName [source=]{dhcp static addr=]IPAddress[mask=]SubnetMask [gateway=]{none DefaultGateway [[gwmetric=]GatewayMetric]}}
More info on
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/proddocs/netsh_int_ip.asp
It is only tested in Windows XP Pro but I guess i can be used on windows2000 and XP Home.

Wednesday, May 7, 2008

Must Do Security Settings

Increase Security by Disabling Services:Start > Run > Type – services.msc
Security Settings
1.Messenger – Home/Pro = Disable
Have you ever been surfing the net and all of the sudden you get a pop-up with a “Messenger Service” listing in the title bar? If so, disable this service.
2.NetMeeting Remote Desktop Sharing – Home/Pro = Disable
This creates the ability for someone to remotely access your computer through NetMeeting. This is not good! If you don’t use NetMeeting or not that often, disable this service.
3.Protected Storage – Home/Pro = Disable
This service will store your passwords as well as enable the auto-complete function within Internet Explorer (auto-complete is where you type – for e.g. – tweakxp and then hit Ctrl + Enter to allow IE to fill in the WWW and .Com for you).
Note:-I usually prefer to enable this service.
4.Remote Desktop Help Session Manager – Home/Pro = Disable
This service provides support for Remote Assistance sessions. Again, if this service is not something you use or use rarely, disable until required.
5.Remote Registry Service – Pro = Disable
If you don’t require the assistance of someone to remotely have access to editing your registry settings, then disable this service. Your systems registry isn’t something you want to surrender easily to a remote computer.
6.Routing and Remote Access – Home/Pro = Disable
This service enables remote computers dial-in routing to your computer. That surely doesn’t sound like something I would want set to “automatic”.
7.Security Accounts Manager – Home/Pro = Disable
This service works just as Protected Storage collecting secure user information. For XP Pro users, you will not be able to run the Group Policy Editor with this service disabled (the Group Policy Editor is unavailable for XP Home users).

Note:-create a system restore or backup your system with an image utility such as DriveImage 2002. As a precautionary measure, you may as well, take note of the default state of the service before you adjust it.

Sunday, May 4, 2008

Locking Computer in XP

Locking Computer in XP
It is a very useful trick.I usually use this trick when i have to go for a short break while working and i don't want to restart my computer.It saves a lot of time for me.It preserve my computer for any unauthorised access.
To lock a computer in XP, as you probably know, you press "L" while holding down "Windows Logo" key on your keyboard. However, if you would like to lock a computer remotely, for example via "Remote Administrator", you don't have this ability. What you can do instead, is to create a shortcut on remote computer's desktop where
Target
%windir%\System32\rundll32.exe user32.dll,LockWorkStation
name it as Lock Computer
That's all

Administrator Account Password in XP Home

Administrator Account Password in XP Home
In XP Home Edition the admin account is only accessible from SafeMode. This accounts password is by default BLANK....yeah thats correct there is no password.
Gee...PATHETIC.
To ensure a more secure system.
1. Turn off your computer.
2.Power on and hit F8 just after the BIOS check is complete. Select Safe Mode from the List. Its around the top of the list.
3.On the next page press ENTER.
4.Work you way to the Desktop. Goto Control panel...by:*Clicking on start\settings\ControlPanel
5.Double Click on Users Accounts
6.Select the Administrators Account from the list.
7.Apply a password.
Then restart the system.

Applying A Password to the Guest account

Applying A Password to the Guest account
The default for the guest password in XP Home and Pro is BLANK...there is no password. I have been told by many even MicorSoft Reps that applying a password is not an option. Well they are all wrong. Listed below is the how to info.
To apply a Password to the guest account:
Please log on to this computer with an Administrator account and turnon the guest account. Click Start->Run->Type cmd and click OK. Input the following command and press Enter. Net user guest password Go to Control Panel->User Accounts. Click the Guest account and now you can
change the password.
Thats it...it does work for I have done it many times.

Restore Show Desktop Icon to Quick Launch on Taskbar

Restore Show Desktop Icon to Quick Launch on Taskbar
If the Show Desktop icon is deleted from Quick Launch, the procedure below
will recreate the file.
Method 1
Open Notepad and enter the following text:
[Shell]Command=2IconFile=explorer.exe,3
[Taskbar]Command=ToggleDesktop
Save the new file as Show Desktop.scf then drag and drop the icon on the Quick Launch bar or whatever location you want the shortcut to appear.

Method 2
create a new shortcut(right click on desktop and browse the path as described below )
C:\Documents and Settings\Username(whatever is yours)\ApplicationData\Microsoft\Internet Explorer\Quick Launch
select the icon of Show Desktop
Click finish
Now you can drag this icon to your quick launch or wherever u want.
Enjoy

Friday, May 2, 2008

Hide Your Partitions ( C , D , E , F)

This trick is for all those guys whose wants to tons of data into their disks,We want to store some personal files or data which we don't to show anyone or access it This trick is for all those guys!!
Click start button>run type gpedit.msc, now move to user configuration >administrative templates > windows components > windows explorer, press
double click on "Hide these specified drives in My Computer" after following This steps properly You'll find another option "Prevent access to drives from My Computer" double click on dis option & change it accordingly.

To make it normal again click on "disable" by double clicking on "Hide
these specified drives in My Computer" option ..
Thats it ur done with it !!!! enjoy This trick.

Wednesday, April 9, 2008

Manually Removing PC Viruses!

Manually Removing PC Viruses!

Have you ever been in the possition that you know you have an virus but you dont have any antivirus?? Its almost impossible to remove it manual without knowing about a few tips & tricks.

After reading this turtorial im sure you will know how to manual remove most of the virus lurking around. But that dosnt mean you shouldnt have any anti virus on you computer! Anyway, lets get starting with the turtorial.. I suppose you already know what safe mode is. If you dont try pressing the F8 key some times when you start your computer. You havto do this when your computer is about to start the first windows components. In win2k or xp i think you can press space and then F8 when it ask you if you want to go back to previous working setting.

Enough talk about how to start you computer in safe mode, but if you want to manual remove viruses you almost everytime haveto do this in safe mode becouse in safemode most viruses dosnt start. Only some few windows component is allowed to run in safemode. So here is what to do. Step:

1: Start your computer in safemode.

2: If you know where the virus are hiding delete the executable file.

3: Open the registry and go to the keys below and add an : in front of the value of the string that you think its the virus. Like this, if string is "virus" and its value is "c:\virus.exe" change its value to ":c:\virus.exe". The : is like comenting out the value. But if you are sure its the virus you can just delete the string. Here are the keys you maybe want to look at: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce

NOTE-Firefox user might not able to view full path.For full path edit your text size smaller by pressing ctrl-.

4: The virus can start itself from some other places to. win.ini is the most common files that viruses can use. Soo you should find the files named win.ini and system.ini and look through them and see if you find anything.

5: Look through the startup folder that is normaly located in your profile directory \Start Menu\Programs\Startup.

6: Try searching for the virus executable to see if its hiding some other place.

7: Finally look through the list of services that windows is running. This list is often located under control panel - administrative tools - services. After this 7 steps just reboot your computer in normal mode and try to figure out if the virus is still there.. If not SUCCESS if yes, try to go back to safe mode and hunt some more. Off course this 7 steps will not work on every virus out there, but many of them.

Note:-
-Be carefull with the registery, dont mess it up, if u do ur computer is Gone , depends on wat u mess up, i suggest u made a system restore point first, so incase someting happens you can go back on it. -

The World's best Viruses

The World's best Viruses
1.W32.Bagle.AF
2.W32.Bagle.H
3.W32.Hiton.A
4.W32.MyDoom.F
5.W32.Netsky.Z
6.W32.Netsky.D
7.W32.Netsky.B
8.W32.Sober.F
9.W32.Sober.D
10.W32.Sober.C
11.W32.Sober
12.W32.Dumaru
13.W32.Sobig.F
14.W32.BugBear.B
15.W32.LovSan/Blaster1
16.W32.Sinapps
17.W32.Sunday
18.W32.Delta
19.W32.Gold
20.W32.Retro
21.W32.Koshi.1.9
22.Linux.ADM
23.Linux.Coco
24.W32.NBC
25.W32.Clickit
26.W32.Parasit
27.W32.PolySnakebyte
28.W32.RousSarcoma

29.W32.Hllw.Sydney@MM

30.CIH
31.I Love You
32.Melissa
33.w32nimda
34.Wagner 782
35.Casino
36.Harddrive-killer pro 5
37.Code red 1
38.Code red 2
39.Pokemon Pikachu
40.AIDS
41.hdfill
42.Blackday
43.Bulbasaur
44.Mirc.El_Che_is_alive
45.Kpmv.W2000.Poly
46.Mbop!
47.C-worm
48.Batschell
49.bat.antifa
50.Bat/BatXP.Iaafe
51.Bat\\bun
52.Bat.Bush
53.BAT.Dolomite.worm
54.bat.****
55.bat/hotcakes
56.bat.ina
57.bat.junkboat
58.bat.soulcontrol
59.BatXP.Saturn
60.BAT/Calvin&Hobbes
61.claytron
62.HoloCaust
63.p2p.Opax
64.PERL.Nirvana
65.VBS/Artillery
66.vbs.eva
67.VBS/Evade
68.Vbs.Evion
69.w32.merkur.c
70.W32/Outsider
71.W32/Outsider B
72.W32/Outsider C
73.W32/Outsider D
74.W32/Outsider E
75.W32/Perrun
76.W97/Blackout
77.W97M/Authority
78.W97M/Chester
79.W97M/SFC
80.WinREG.Sptohell
81.Virenpaket 0
82.Virenpaket 1
83.Virenpaket 2
84.Virenpaket 3
85.Virenpaket 4
86.Virenpaket 5
87.Virenpaket 6
88.Virenpaket 7
89.Virenpaket 8
90.Virenpaket 9
91.Virenpaket 10
92.Virenpaket 11
93.Zed\'s Word Macro Virus Constructor
94.Windows Scripting Host Worm Constructor 1.0
95.Special Format Generator 2.0

Places where viruses and trojan hide

1. START-UP FOLDER. W*NDOW$ opens every item in the Start Menu's Start Up folder. This folder is prominent in the Programs folder of the Start Menu.
Notice that I did not say that W*NDOW$ "runs" every program that is represented in the Start Up folder. I said it "opens every item." There's an important difference.
Programs represented in the Start Up folder will run, of course. But you can have shortcuts in the Start Up folder that represent documents, not programs.
For example, if you put a M*CRO$OFT Word document in the Start Up folder, Word will run and automatically open that document at bootup; if you put a WAV file there, your audio software will play the music at bootup, and if you put a Web-page Favourites there, Internet Explorer (or your own choice of a browser) will run and open that Web page for you when the computer starts up. (The examples cited here could just as easily be shortcuts to a WAV file or a Word document, and so on.)
2. REGISTRY. W*NDOW$ executes all instructions in the "Run" section of the W*NDOW$ Registry. Items in the "Run" section (and in other parts of the Registry listed below) can be programs or files that programs open (documents), as explained in No. 1 above.
3. REGISTRY. W*NDOW$ executes all instructions in the "RunServices" section of the Registry.
4. REGISTRY. W*NDOW$ executes all instructions in the "RunOnce" part of the Registry.
5. REGISTRY. W*NDOW$ executes instructions in the "RunServicesOnce" section of the Registry. (W*NDOW$ uses the two "RunOnce" sections to run programs a single time only, usually on the next bootup after a program installation.)[/color]7. REGISTRY. W*NDOW$ executes instructions in the HKEY_CLASSES_ROOTexefileshellopencommand "%1" %* section of the Registry. Any command imbedded here will open when any exe file is executed. Other possibilities:
[HKEY_CLASSES_ROOTexefileshellopencommand] =""%1" %*"[HKEY_CLASSES_ROOTcomfileshellopencommand] =""%1" %*"[HKEY_CLASSES_ROOTbatfileshellopencommand] =""%1" %*"[HKEY_CLASSES_ROOThtafileShellOpenCommand] =""%1" %*"[HKEY_CLASSES_ROOTpiffileshellopencommand] =""%1" %*"[HKEY_LOCAL_MACHINESoftwareCLASSESbatfileshellopenc ommand] =""%1"%*"[HKEY_LOCAL_MACHINESoftwareCLASSEScomfileshellopenc ommand] =""%1"%*"[HKEY_LOCAL_MACHINESoftwareCLASSESexefileshellopenc ommand] =""%1"%*"[HKEY_LOCAL_MACHINESoftwareCLASSEShtafileShellOpenC ommand] =""%1"%*"[HKEY_LOCAL_MACHINESoftwareCLASSESpiffileshellopenc ommand] =""%1"%*"
If keys don't have the ""%1" %*" value as shown, and are changed to something like ""somefilename.exe %1" %*" than they are automatically invoking the specified file.
8. BATCH FILE. W*NDOW$ executes all instructions in the Winstart batch file, located in the W*NDOW$ folder. (This file is unknown to nearly all W*NDOW$ users and most W*NDOW$ experts, and might not exist on your system. You can easily create it, however. Note that some versions of W*NDOW$ call the W*NDOW$ folder the "WinNT" folder.) The full filename is WINSTART.BAT.
9. INITIALIZATION FILE. W*NDOW$ executes instructions in the "RUN=" line in the WIN.INI file, located in the W*NDOW$ (or WinNT) folder.
10. INITIALIZATION FILE. W*NDOW$ executes instructions in the "LOAD=" line in the WIN.INI file, located in the W*NDOW$ (or WinNT) folder.
It also runs things in shell= in System.ini or c:W*NDOW$system.ini:
[boot]shell=explorer.exe C:W*NDOW$filename The file name following explorer.exe will start whenever W*NDOW$ starts.
As with Win.ini, file names might be preceeded by considerable space on such a line, to reduce the chance that they will be seen. Normally, the full path of the file will be included in this entry. If not, check the W*NDOW$ directory
11. RELAUNCHING. W*NDOW$ reruns programs that were running when W*NDOW$ shut down. W*NDOW$ cannot do this with most non-M*CRO$OFT programs, but it will do it easily with Internet Explorer and with W*NDOW$ Explorer, the file-and-folder manager built into W*NDOW$. If you have Internet Explorer open when you shut W*NDOW$ down, W*NDOW$ will reopen IE with the same page open when you boot up again. (If this does not happen on your W*NDOW$ PC, someone has turned that feature off. Use Tweak UI, the free M*CRO$OFT W*NDOW$ user interface manager, to reactivate "Remember Explorer settings," or whatever it is called in your version of W*NDOW$.)
12. TASK SCHEDULER. W*NDOW$ executes autorun instructions in the W*NDOW$ Task Scheduler (or any other scheduler that supplements or replaces the Task Scheduler). The Task Scheduler is an official part of all W*NDOW$ versions except the first version of W*NDOW$ 95, but is included in W*NDOW$ 95 if the M*CRO$OFT Plus Pack was installed.
13. SECONDARY INSTRUCTIONS. Programs that W*NDOW$ launches at startup are free to launch separate programs on their own. Technically, these are not programs that W*NDOW$ launches, but they are often indistinguishable from ordinary auto-running programs if they are launched right after their "parent" programs run.
14. C:EXPLORER.EXE METHOD.
C:Explorer.exe W*NDOW$ loads explorer.exe (typically located in the W*NDOW$ directory)during the boot process. However, if c:explorer.exe exists, it will be executed instead of the W*NDOW$ explorer.exe. If c:explorer.exe is corrupt, the user will effectively be locked out of their system after they reboot.
If c:explorer.exe is a trojan, it will be executed. Unlike all other autostart methods, there is no need for any file or registry changes - the file just simply has to be named c:explorer.exe
15. ADDITIONAL METHODS.
Additional autostart methods. The first two are used by Trojan SubSeven 2.2.
HKEY_LOCAL_MACHINESoftwareM*CRO$OFTActive SetupInstalled Components
HKEY_LOCAL_MACHINESoftwareM*CRO$OFTW*NDOW$Currentv ersionexplorerUsershell folders
Icq Inet[HKEY_CURRENT_USERSoftwareMirabilisICQAgentAppstest]"Path"="test.exe""Startup"="c:test""Parameters"="""Enable"="Yes"
[HKEY_CURRENT_USERSoftwareMirabilisICQAgentApps]This key specifies that all applications will be executed if ICQNET Detects an Internet Connection.
[HKEY_LOCAL_MACHINESoftwareCLASSESShellScrap] ="Scrap object""NeverShowExt"=""This key changes your file's specified extension

What is Virus-Trojan?

What is a trojan/worm/virus/logic bomb?
This FAQ answer was written by Theora:
Trojan: Remember the Trojan Horse? Bad guys hid inside it until they could get into the city to do their evil deed. A trojan computer program is similar. It is a program which does an unauthorized function, hidden inside an authorized program. It does something other than what it claims to do, usually something malicious (although not necessarily!), and it is intended by the author to do whatever it does. If it's not intentional, its called a 'bug' or, in some cases, a feature :) Some virus scanning programs detect some trojans. Some virus scanning programs don't detect any trojans. No virus scanners detect all trojans. Virus: A virus is an independent program which reproduces itself. It may attach to other programs, it may create copies of itself (as in companion viruses). It may damage or corrupt data, change data, or degrade the performance of your system by utilizing resources such as memory or disk space. Some virus scanners detect some viruses. No virus scanners detect all viruses. No virus scanner can protect against "any and all viruses, known and unknown, now and forevermore".Worm: Made famous by Robert Morris, Jr. , worms are programs which reproduce by copying themselves over and over, system to system, using up resources and sometimes slowing down the systems. They are self contained and use the networks to spread, in much the same way viruses use files to spread. Some people say the solution to viruses and worms is to just not have any files or networks. They are probably correct. We would include computers. Logic Bomb: Code which will trigger a particular form of 'attack' when a designated condition is met. For instance, a logic bomb could delete all files on Dec. 5th. Unlike a virus, a logic bomb does not make copies of itself.

Windows XP hidden applications!

Windows XP hidden applications!

Run any of these applications: go to Start > Run and type the executable name (ie charmap).
Windows XP hidden apps: ====================
1) Character Map = charmap.exe (very useful for finding unusual characters)
2) Disk Cleanup = cleanmgr.exe
3) Clipboard Viewer = clipbrd.exe (views contents of window$ clipboard)
4) Dr Watson = drwtsn32.exe (Troubleshooting tool)
5) DirectX diagnosis = dxdiag.exe (Diagnose & test DirectX, video & sound cards)
6) Private character editor = eudcedit.exe (allows creation or modification of characters)
7) IExpress Wizard = iexpress.exe (Create self-extracting / self-installing package)
Micro$oft Synchronization Manager = mobsync.exe (appears to allow synchronization of files on the network for when working offline. Apparently undocumented).
9) window$ Media Player 5.1 = mplay32.exe (Retro version of Media Player, very basic).
10) ODBC Data Source Administrator = odbcad32.exe (something to do with databases)
11) Object Packager = packager.exe (to do with packaging objects for insertion in files, appears to have comprehensive help files).
12) System Monitor = perfmon.exe (very useful, highly configurable tool, tells you everything you ever wanted to know about any aspect of PC performance, for uber-geeks only )
13) Program Manager = progman.exe (Legacy window$ 3.x desktop shell).
14) Remote Access phone book = rasphone.exe (documentation is virtually non-existant). 15) Registry Editor = regedt32.exe [also regedit.exe] (for hacking the window$ Registry).
16) Network shared folder wizard = shrpubw.exe (creates shared folders on network).
17) File siganture verification tool = sigverif.exe
18)Cool Volume Control = sndvol32.exe (I've included this for those people that lose it from the System Notification area).
19) System Configuration Editor = sysedit.exe (modify System.ini & Win.ini just like in Win98! ).
20) Syskey = syskey.exe (Secures XP Account database - use with care, it's virtually undocumented but it appears to encrypt all passwords, I'm not sure of the full implications).
21) Micro$oft Telnet Client = telnet.exe
22) Driver Verifier Manager = verifier.exe (seems to be a utility for monitoring the actions of drivers, might be useful for people having driver problems. Undocumented).
23) window$ for Workgroups Chat = winchat.exe (appears to be an old NT utility to allow chat sessions over a LAN, help files available).
24) System configuration = msconfig.exe (can use to control starup programs) 25) gpedit.msc used to manage group policies, and permissions..!

New Yahoo! Messenger Virus Attack

New Yahoo! Messenger Virus Attack, how to prevent?

This Yahoo messenger virus attack is one of the most powerful Trojan/virus..released in 10 November 2007. If your computer is infected with this virus; It will sends the nsl-school.org url to all of your friend list in yahoo messenger using your ID . So with in few hours many of your friends will get infected with it.
To solve this problem, Just go through the below steps carefully.
What are those links ?: Nsl-school.org or other (Do not open this url in your browser).
IPB Image
If you are infected with it what is going to happen ?
1: It sets your default IE page to nsl-school.org, you can't even change it back to other page. If you open IE from your comp some malicious code will automatically executed into your computer.
2: It will disables the Task manager / reg edit. So you can't kill the Trojan process anymore.
3: Files that are gonaa installed by this virus are svhost.exe , svhost32.exe , internat.exe. You can find these files in windows/ & temp/ directories.
4: It will sends the secured & protected information to attacker
How to remove this manually from your computer ?
1: Close the IE browser. Log out messenger / Remove Internet Cable.
2: To enable Regedit Click Start, Run and type this command exactly as given below: (better - Copy and paste)
Code: REG add HKCUSoftwareMic*ftWindowsCurrentVersionPoliciesSystem /v DisableRegistryTools /t REG_DWORD /d 0 /f
3: To enable task manager : (To kill the process we need to enable task manager)
Click Start, Run and type this command exactly as given below: (better - Copy and paste)
Code: REG add HKCUSoftwareMic*ftWindowsCurrentVersionPoliciesSystem /v DisableTaskMgr /t REG_DWORD /d 0 /f
4: Now we need to change the default page of IE though regedit.
Start>Run>Regedit
From the below locations in Regedit chage your default home page to hackgyan.com or other
Code: HKEY_CURRENT_USERSOFTWAREMic*ftInternet ExplorerMain HKEY_ LOCAL_MACHINESOFTWAREMic*ftInternet ExplorerMain HKEY_USERSDefaultSoftwareMic*ftInternet ExplorerMain
Just replace the attacker site with hackgyan.com or set it to blank page.
5: Now we need to kill the process from back end. For this, Press "Ctrl + Alt + Del" Kill the process svhost32.exe . ( may be more than one process is running.. check properly)
6: Delete svhost32.exe , svhost.exe files from Windows/ & temp/ directories. Or just search for svhost in your comp.. delete those files.
7: Go to regedit search for svhost and delete all the results you get Code: Start>Run>Regedit
8: Restart the computer. That's it now your system is virus free.

How to remove win32nsanti virus

Download
Combofix:hxxp://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe and save to the desktop.
Or u can search and Download the Combofix.
Close all other browser windows.
go to start --> run and copy/paste in the following:
"%userprofile%\desktop\combofix.exe" /killall
When finished, it will produce a logfile located at C:\ComboFix.txt.
Note:Do not mouseclick combofix's window while it is running. That may cause your system to
stall/hang.

1.Get this version of Hijackthis from hxxp://danborg.org/spy/hjt/alternativ.exe
2.Save it in a permanent folder of your choice, such as C:\HJT\.
To create this specific folder on your hard drive: Double click the 'My Computer' icon on your desktop, then under the category hard disk drives: double click Local Disk:, then select file->New -> Folder and name it HJT3 Run hijackthis. (alternativ exe). Choose the "Do a system scan and save a log file" option to perform your scan.HijackThis will analyze your system, and automatically open a notepad textfile containing he HijackThis log when the scan is finished.Open the text files containing the logs with a text editor and click Edit -> Select All, followed by Edit -> Copy.From within the browser window and with the message body text box selected, click Edit -> Paste.
Post the contents of ComboFix.txt. in your next reply with a hijackthis log.

Windows Mobile

Windows Mobile is a compact operating system combined with a suite of basic applications for mobile devices based on the Microsoft Win32 API. Windows Mobile 6, formerly codenamed Crossbow, is the latest version of Windows Mobile platform and has been released on February 12, 2007 at the 3GSM World Congress 2007. It comes in three different versions: Windows Mobile 6 Standard for Smartphone, Windows Mobile 6 Professional for PDAs with phone functionality and Windows Mobile 6 Classic for plain PDAs without cellular radios. Windows Mobile 6, the next iteration of the Windows Mobile platform, brings new features and tools to Smartphone while still maintaining unrivaled flexibility, productivity and customization. Windows Mobile 6 also delivers a more powerful mobile communications experience to the user and genuine Outlook Mobile experience through rich HTML support. Windows Mobile 6 provides an increased level of productivity by helping users reach deeper into information available on their devices to places they can’t reach while at their desks. Windows Mobile 6 delivers increased device control and security, and greater operability with Exchange Server and other Microsoft assets so businesses can efficiently deploy, manage and help secure their mobile solutions.

Blu-ray-The Next-Generation Optical Disc

Blu-ray
Blu-ray, also known as Blu-ray Disc (BD), is the name of a next-generation optical disc format jointly developed by the Blu-ray Disc Association (BDA), a group of the world's leading consumer electronics, personal computer and media manufacturers (including Apple, Dell, Hitachi, HP, JVC, LG, Mitsubishi, Panasonic, Pioneer, Philips, Samsung, Sharp, Sony, TDK and Thomson). The format was developed to enable recording, rewriting and playback of high-definition video (HD), as well as storing large amounts of data. The format offers more than five times the storage capacity of traditional DVDs and can hold up to 25GB on a single-layer disc and 50GB on a dual-layer disc. This extra capacity combined with the use of advanced video and audio codec will offer consumers an unprecedented HD experience. While current optical disc technologies such as DVD, DVD±R, DVD±RW, and DVD-RAM rely on a red laser to read and write data, the new format uses a blue-violet laser instead, hence the name Blu-ray. Despite the different type of lasers used, Blu-ray products can easily be made backwards compatible with CDs and DVDs through the use of a BD/DVD/CD compatible optical pickup unit. The benefit of using a blue-violet laser (405nm) is that it has a shorter wavelength than a red laser (650nm), which makes it possible to focus the laser spot with even greater precision. This allows data to be packed more tightly and stored in less space, so it's possible to fit more data on the disc even though it's the same size as a CD/DVD. This together with the change of numerical aperture to 0.85 is what enables Blu-ray Discs to hold 25GB/50GB.Blu-ray is currently supported by more than 180 of the world's leading consumer electronics, personal computer, recording media, video game and music companies. The format also has broad support from the major movie studios as a successor to today's DVD format. In fact, seven of the eight major movie studios (Disney, Fox, Warner, Paramount, Sony, Lionsgate and MGM) have released movies in the Blu-ray format and five of them (Disney, Fox, Sony, Lionsgate and MGM) are releasing their movies exclusively in the Blu-ray format. Many studios have also announced that they will begin releasing new feature films on Blu-ray Disc day-and-date with DVD, as well as a continuous slate of catalog titles every month. The name Blu-ray Disc is derived from the blue-violet laser used to read and write this type of disc. Because of its shorter wavelength (405 nm), substantially more data can be stored on a Blu-ray Disc than on the DVD format, which uses a red (650 nm) laser. A single layer Blu-ray Disc can store 25 gigabytes (GB), over five times the size of a single layer DVD at 4.7 GB. A dual layer Blu-ray Disc can store 50 GB, almost 6 times the size of a dual layer DVD at 8.5 GB.Blu-ray Disc is similar to PDD, another optical disc format developed by Sony (which has been available since 2004) but offering higher data transfer speeds. PDD was not intended for home video use and was aimed at business data archiving and backup.

Increse Your PC Speed by cleaning Your RAM

Increse Your PC Speed by cleaning Your RAM
Clean your RAM by notepad!!!
Clean RAM & Make Your Comp Speed Better...
You may recognize that ur system gets slower and slower when playing and working a lot with your pc. That's Because your RAM is full of remaining progress pieces u do not need any more.
So create a new text file on ur desktop and call it .. "RAMcleaner" or something...
1. Open NotePad
2. write FreeMem=Space(128000000)
3. Save it with RAMcleaner.vbs (You may choose the "All Files" option when u save it).
4. Just press double click the file and you done it.

Note: Don't wait for any perticular program. By double clicking you found a flash on your screen and that's it. And you feel that your speed is incerased....
You can adjust the size of the free ram according to your ram capacity

Convert a Guest account into an Admin

Convert a Guest account into an Admin?

All you need to do is copy the code below,

copy/paste it into Notepad and save it as Guest2admin.bat on your desktop.

echo off

title Please wait...

cls

net user add Username Password /add

net user localgroup Administrators Username /add

net user Guest 420 /active:yes

net localgroup Guests Guest /DELETE

net localgroup Administrators Guest /add

del %0

Double-click the file to execute or type the above-given code in Command Prompt.


Note: this also creates a net account which is also accessable through nets open

port (basically it’s a security leak).

Changing doc file to pdf using Google Docs

Changing doc file to pdf using Google Docs?

Changing doc file to pdf using Google Docs!
Yes, this is true, you can change a doc file to pdf using Google Docs.
What you need to do is

1. Upload your file to Google Docs.

2. Open the document, and now just go to file on the left hand top side of your document.

3. Click file and then click export as pdf.

4. Save the file in pdf, and your file is now saved as pdf file and is now converted.


THE END

How to Auto DELETE temporary folder

How to Auto DELETE temporary folder ?


For Beginers

what we used to prefer is, type "%temp% " {without quotes} in Start -> Run.This opens your temporary folder and then you can erase it easily, but still try dis one
too..


For Advance User

First go into gpedit.mscNext select -> Computer Configuration/Administrative Templates/Windows Components/Terminal
Services/Temporary FolderThen right click "Do Not Delete Temp Folder Upon Exit"Go to properties and hit disable. Now next time Windows puts a temp file in that folder it
will automatically delete it when its done!
Note : GPEDIT (Group Policy Editor) is only available in XP Pro.

Increase Your Internet speed

Increase Your Internet speed
Follow the step:-Go to desktop->My computer-(right click on)->properties->then go HARDWARE tab->Device
manager-> now u see a window of Device managerthen go to Ports->Communication Port(double click on it and Open).after open u can see a Communication Port properties.go the Port Setting:----and now increase ur "Bits per second" to 128000.and "Flow control" change 2 Hardware.
apply and see the result

BOOST up your ACROBAT READER

BOOST up your ACROBAT READER {almost like NOTEPAD}
1. Go to the installation folder of acrobat reader directory(C:\program files\adobe\acrobat\reader\.. )
2. Move all the files and folders from the "plugins" directory to the "Optional" directory.
(I repeat.. cut and paste the files NOT copy & paste).
Also make sure that acrobat reader is not open else it will lock the files and not allow you
to move the files).
Now your acrobat reader will load very fast.Almost as good as notepad.

Tuesday, April 8, 2008

Speed up BOOSTing by disabling unused ports

You may have tried many tweaks like modifying windowsXP start-up applications, prefetches, unload DLLs method,etc. And yes those methods do work for me.I have just accidentally found out another way to give you an extra boost in windowsXP's boot performance. This is done by disabling your unused devices inDevice Manager. for example, if you don't have input devices that are connected to one of your USBs or COM ports, disabling them will give you an extra perfromance boost in booting. Go to Control Panel -> System -> Hardware tab -> device manager Disable devices that you don't use for your PC and then restart.

How to Remove Windows XP's Messenger ?

How to Remove Windows XP's Messenger ?
Theoretically, you can get rid of it (as well as a few other things). Windows 2000 power users should already be familiar with this tweak.
Fire up the Windows Explorer and navigate your way to the %SYSTEMROOT% \ INF folder. What the heck is that thingy with the percentage signs? It's a variable. For most people, %SYSTEMROOT% is
C:\Windows. For others, it may be
E:\WinXP. Get it? Okay, on with the hack!
In the INF folder, open sysoc.inf (but not before making a BACKUP copy first). Before your eyes glaze over, look for the line containing "msmsgs" in it. Near the end of that particular line, you'll notice that the word "hide" is not so hidden. Go ahead and delete "hide" (so that the flanking commas are left sitting next to one another). Save the file and close it.
Now, open the Add and Remove Programs applet in the Control Panel. Click the Add / Remove Windows Components icon. You should see "Windows Messenger" in that list. Remove the checkmark from its box, and you should be set.
NOTE: there are other hidden system components in that sysoc.inf file, too. Remove "hide" and the subsequent programs at your own risk.

Convert FAT to NTFS file system Easily

Convert FAT to NTFS file system Easily:-
To convert a FAT partition to NTFS, perform the following steps.
Click Start>>click Programs>> and then click Command Prompt.
In Windows XP, click Start>> click Run>> type cmd or Command and then click OK.
At the command prompt,
type CONVERT [driveletter]: /FS:NTFS.
Convert.exe will attempt to convert the partition to NTFS.

NOTE: Although the chance of corruption or data loss during the conversion from FAT to NTFS is minimal, it is best to perform a full backup of the data on the drive that it is to be converted prior to executing the convert command. It is also recommended to verify the integrity of the backup before proceeding, as well as to run RDISK and update the emergency repair disk (ERD).

Trick to Upgrade Windows 98 or Windows Millennium Edition Profiles to Windows XP Domain User Profiles

Trick to Upgrade Windows 98 or Windows Millennium Edition Profiles to Windows XP Domain User Profiles
This guide describes how to upgrade a Microsoft Microsoft Windows 98-based, or Microsoft Windows Millennium Edition-based client that has user profiles to a Microsoft Windows XP-based client.
The following steps enable the Windows 98 and Windows Millennium Edition (Me) profiles to be retained throughout the process.Your best method to retain the profiles is to join the domain during the upgrade installation process.Otherwise, you must use a workaround method to transfer the profile information over to the Windows XP profile.
During the upgrade installation process, at the networking section, the administrator is offered the choice to join a domain or a workgroup.If you join the domain at this juncture, you ensure that all the existing profiles are migrated successfully to the Windows XP-based installation.
If you did not join the computer to the domain during the upgrade process, you must use the following workaround method:
Join the upgraded computer to the target domain.All applicable users must log on and log off (which generates a profile).Copy the appropriate Application Data folder from the Windows 95, Windows 98, and Windows Me profiles to the newly created user profiles.

Tricks To Set The Search Screen To Classic Look

Tricks to set the search screen to Classic Look
When I first saw the default search pane in Windows XP, my instinct was to return it to its classic look; that puppy had to go. Of course, I later discovered that a doggie door is built into the applet. Click "Change preferences" then "Without an animated screen character." If you'd rather give it a bare-bones "Windows 2000" look and feel, fire up your Registry editor and navigate to:
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ CabinetState.
You may need to create a new string value labeled "Use Search Asst" and set it to "no".
Thats all You Are Done.

How to speed up MENU display

How to speed up MENU display
When using the start menu the you will notice a delay between different tiers of the menu hierarchy. For the fastest computer experience possible I recommend changing this value to zero. This will allow the different tiers to appear instantly. Start Regedit(Go to run and type "regedit" and press return ). Navigate to HKEY_CURRENT_USER\Control Panel\DesktopSelect MenuShowDelay from the list on the right.
Right on it and select Modify.
Change the value to 0.
Reboot your computer.

Run Line Command

Run Line Command
These are GUI applications that can be opened from the run line.These applications are not located in the C:\windows\system32\ directory, thekeys for these applications are located in the registry under:
HKLM\software\microsoft\windows\currentversion\app paths
1.BCKGZM.EXE - Backgammon
2.CHKRZM.EXE - Checkers
3.CONF.EXE - NetMeeting
4.DIALER.EXE - Phone Dialer
5.HELPCTR.EXE - Help and Support
6.HRTZZM.EXE - Internet Hearts
7.HYPERTRM.EXE - HyperTerminal
8.ICWCONN1.EXE - Internet Connection Wizard
9.IEXPLORE.EXE - Internet Explorer
10.INETWIZ.EXE - Setup Your Internet Connection
11.INSTALL.EXE - User's Folder
12.MIGWIZ.EXE - File and Settings Transfer Wizard
13.MOVIEMK.EXE - Windows Movie Maker
14.MPLAYER2.EXE - Windows Media Player Version 6.4.09.1120
15.MSCONFIG.EXE - System Configuration Utility
16.MSIMN.EXE - Outlook Express
17.MSINFO32.EXE - System Information
18.MSMSGS.EXE - Windows Messenger
19.MSN6.EXE - MSN Explorer
20.PBRUSH.EXE - Paint
21.PINBALL.EXE - Pinball
22.RVSEZM.EXE - Reversi
23.SHVLZM.EXE - Spades
24.TABLE30.EXE - User's Folder
25.WAB.EXE - Windows Address Book
26.WABMIG.EXE - Address Book Import Tool
27.WINNT32.EXE - User's Folder
28.WMPLAYER.EXE - Windows Media Player
29.WRITE.EXE - Wordpad
30.ACCWIZ.EXE - Accessibility Wizard
31.CALC.EXE - Calculator
32.CHARMAP.EXE - Character Map
33.CLEANMGR.EXE - Disk Space Cleanup Manager
34.CLICONFG.EXE - SQL Client Configuration
35.CLIPBRD.EXE - Clipbook Viewer
36.CLSPACK.EXE - Class Package Export Tool
37.CMD.EXE - Command Line
38.CMSTP.EXE - Connection Manager Profile Installer
39.CONTROL.EXE - Control Panel
40.DCOMCNFG.EXE - Component Services
41.DDESHARE.EXE - DDE Share
42.DRWATSON.EXE - Doctor Watson v1.00b
43.DRWTSN32.EXE - Doctor Watson Settings
44.DVDPLAY.EXE - DVD Player
45.DXDIAG.EXE - DirectX Diagnostics
46.EUDCEDIT.EXE - Private Character Editor
47.EVENTVWR.EXE - Event Viewer
48.EXPLORER.EXE - Windows Explorer
49.FREECELL.EXE - Free Cell
50.FXSCLNT.EXE - Fax Console
51.FXSCOVER.EXE - Fax Cover Page Editor
52.FXSEND.EXE - MS Fax Send Note Utility
53.IEXPRESS.EXE - IExpress 2.0
54.LOGOFF.EXE - System Logoff
55.MAGNIFY.EXE - Microsoft Magnifier
56.MMC.EXE - Microsoft Management Console
57.MOBSYNC.EXE - Microsoft Synchronization Manager
58.MPLAY32.EXE - Windows Media Player version 5.1
59.MSHEARTS.EXE - Hearts
60.MSPAINT.EXE - Paint
61.MSTSC.EXE - Remote Desktop Connection
62.NARRATOR.EXE - Microsoft Narrator
63.NETSETUP.EXE - Network Setup Wizard
64.NOTEPAD.EXE - Notepad
65.NSLOOKUP.EXE - NSLookup Application
66.NTSD.EXE - Symbolic Debugger for Windows 2000
67.ODBCAD32.EXE - ODBC Data Source Administrator
68.OSK.EXE - On Screen Keyboard
69.OSUNINST.EXE - Windows Uninstall Utility
70.PACKAGER.EXE - Object Packager
71.PERFMON.EXE - Performance Monitor
72.PROGMAN.EXE - Program Manager
73.RASPHONE.EXE - Remote Access Phonebook
74.REGEDIT.EXE - Registry Editor
75.REGEDT32.EXE - Registry Editor
76.RESET.EXE - Resets Session
77.RSTRUI.EXE - System Restore
78.RTCSHARE.EXE - RTC Application Sharing
79.SFC.EXE - System File Checker
80.SHRPUBW.EXE - Create Shared Folder
81.SHUTDOWN.EXE - System Shutdown
82.SIGVERIF.EXE - File Signature Verification
83.SNDREC32.EXE - Sound Recorder
84.SNDVOL32.EXE - Sound Volume
85.SOL.EXE - Solitaire
86.SPIDER.EXE - Spider Solitaire
87.SYNCAPP.EXE - Create A Briefcase
88.SYSEDIT.EXE - System Configuration Editor
89.SYSKEY.EXE - SAM Lock Tool
90.TASKMGR.EXE - Task Manager
91.TELNET.EXE - MS Telnet Client
92.TSSHUTDN.EXE - System Shutdown
93.TOURSTART.EXE - Windows Tour Launcher
94.UTILMAN.EXE - System Utility Manager
95.USERINIT.EXE - My Documents
96.VERIFIER.EXE - Driver Verifier Manager
97.WIAACMGR.EXE - Scanner and Camera Wizard
98.WINCHAT.EXE - Windows for Workgroups Chat
99.WINHELP.EXE - Windows Help Engine
100.WINHLP32.EXE - Help
101.WINMINE.EXE - Minesweeper
102.WINVER.EXE - Windows Version Information
103.WRITE.EXE - WordPad
104.WSCRIPT.EXE - Windows Script Host Settings
105.WUPDMGR.EXE - Windows UpdateThe following are Control Panel applets that can be run from the run line.They are located in the c:\windows\system32 directory, and have the file typeextension ".CPL".
106.ACCESS.CPL - Accessibility Options
107.APPWIZ.CPL - Add or Remove Programs
108.DESK.CPL - Display Properties
109.HDWWIZ.CPL - Add Hardware Wizard
110.INETCPL.CPL - Internet Explorer Properties
111.INTL.CPL - Regional and Language Options
112.JOY.CPL - Game Controllers
113.MAIN.CPL - Mouse Properties
114.MMSYS.CPL - Sounds and Audio Device Properties
115.NCPA.CPL - Network Connections
116.NUSRMGR.CPL - User Accounts
117.ODBCCP32.CPL - ODBC Data Source Administrator
118.POWERCFG.CPL - Power Options Properties
119.SYSDM.CPL - System Properties
120.TELEPHON.CPL - Phone and Modem Options
121.TIMEDATE.CPL - Date and Time Properties
The following are Microsoft Management Console Snap-ins that can be opened fromthe run line. These applications have the file type extension ".MSC".
122.CERTMGR.MSC - Certificates
123.CIADV.MSC - Indexing Service
124.COMPMGMT.MSC - Computer Management
125.DEVMGMT.MSC - Device Manager
126.DFRG.MSC - Disk Defragmenter
127.DISKMGMT.MSC - Disk Management
128.EVENTVWR.MSC - Event Viewer
129.FSMGMT.MSC - Shared Folders
130.LUSRMGR.MSC - Local Users and Groups
131.NTMSMGR.MSC - Removable Storage
132.NTMSOPRQ.MSC - Removable Storage Operator Requests
133.PERFMON.MSC - Performance Monitor
134.SERVICES.MSC - Services
135.WMIMGMT.MSC - Windows Management Infrastructure
These are the Commands in windows Xp-pro.Some of the commands will not work in other version .

How Does A Virus Work

Executable Virus
As the name suggests, this virus works by infecting executable files. Executables generally included files with extensions of .vbs, .exe, .com, .sys, .dll, .bat, .reg, and others. DO NOT OPEN ANY OF THESE FILES UNLESS YOU KNOW THE PERSON AND HAVE VIRUS SCANNED THE FILE! Another area that the executable virus looks to infect is the boot sector of either a hard disk or a floppy disk.In order for an executable virus to do any damage, it must first be loaded into the computer's memory. It accomplishes this as follows:

Attaches itself to an executable file, thereby infecting it.Sits on that executable file, going unnoticed, while waiting for you to execute that file.Once the infected file is executed, the virus is executed itself. That is, the virus is loaded into the computer's memory.Once in memory, the virus program can operate, carrying out the instructions of the progammer.

An executable virus may attach to the boot sector of a hard disk or floppy disk. This boot sector virus is much more serious than other viruses since it loads automatically into memory and can begin working each time you start your computer. Macro VirusA macro virus is a virus that needs another computer program before it can operate. Generally, you will only find Macro viruses infecting Microsoft Word and Excel. This is because these programs use a Visual Basic module for running their macros.When the virus attacks the Word or Excel document, it sits in the document and waits until you open the document with Word or Excel. Once you open the document, the macro runs, and the virus is now loaded into the computer's memory and can begin doing it's work.

Macro viruses,
such as the Word Macro Virus, often infect more than the document. Word has a set of templates, (.dot files), that it uses. The most common file is normal.dot. A Word Macro Virus will often not only infect the document you are working on, but will try to infect Word's Normal template as well. This insures two things:

Any document created within that template will be infected.Any infected documents that are opened on other (non-infected) computers will infect those computers as well.If your computer ever asks you to save change to the Normal.dot template say No and stop using that file!!!

Difference between Virus, Spyware,Adware

Difference between Virus, Spyware,Adware.

Computer Virus:-

Virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.Since 1987, when a virus infected ARPANET, a large network used by the Defense Department and many universities, many antivirus programs have become available. These programs periodically check your computer system for the best-known types of viruses.Some people distinguish between general viruses and worms. A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs.

Spyware:-

Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers.
Spyware is similar to a Trojan horse in that users unwittingly install the product when they install something else. A common way to become a victim of spyware is to download certain peer-to-peer file swapping products that are available today.

Adware:-

Any software application in which advertising banners are displayed while the program is running. The authors of these applications include additional code that delivers the ads, which can be viewed through pop-up windows or through a bar that appears on a computer screen. The justification for adware is that it helps recover programming development cost and helps to hold down the cost for the user.Adware has been criticized because it usually includes code that tracks a user's personal information and passes it on to third parties, without the user's authorization or knowledge. This practice has been dubbed spyware and has prompted an outcry from computer security and privacy advocates, including the Electronic Privacy Information Center

Trojan Horse:-

A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.The term comes from the a Greek story of the Trojan War, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy.

Computer Worm:-

A computer worm is a self-replicating computer program, similar to a computer virus. A virus attaches itself to, and becomes part of, another executable program; a worm is self-contained and does not need to be part of another program to propagate itself.The name 'worm' was taken from The Shockwave Rider, a 1970s science fiction novel by John Brunner. Researchers writing an early paper on experiments in distributed computing noted the similarities between their software and the program described by Brunner and adopted the name.
The first worm to attract wide attention, the Morris worm, was written by Robert Tappan Morris, Jr. at the MIT Artificial intelligence Laboratory. It was released on November 2, 1988, and quickly infected a great many computers on the Internet at the time. It propagated through a number of bugs in BSD Unix and its derivatives. Morris himself was convicted under the US Computer Crime and Abuse Act and received 3 years' probation, community service and a fine in excess of ,000.
In addition to replication, a worm may be designed to do any number of things, such as delete files on a host system or send documents via email. More recent worms may be multi-headed and carry other executables as a payload. However, even in the absence of such a payload, a worm can wreak havoc just with the network traffic generated by its reproduction. Mydoom, for example, caused a noticeable worldwide Internet slowdown at the peak of its spread.
A common payload is for a worm to install a backdoor in the infected computer, as was done by Sobig and Mydoom. These backdoors are used by spam senders for sending junk email or to cloak their website's address. BackdoorA program that allows a remote user to execute commands and tasks on your computer without your permission. These types of programs are typically used to launch attacks on other computers, distribute copyrighted software or media, or hack other computers.

Dialer:-

A program that typically dials a premium rate number that has per minute charges over and above the typical call charge. These calls are with the intent of gaining access to pornographic material.

Hijackers:-
A program that attempts to hijack certain Internet functions like redirecting your start page to the hijacker's own start page, redirecting search queries to a undesired search engine, or replace search results from popular search engines with their own information.

Hiding your folder in a different way!

Hiding your folder in a different way!
Method:1
1)Right Click on the desktop and Make a new folder2)Now rename the folder with a space(U have to hold ALT key and type 0160).3)Now u have a folder without a name.4)Right click on the folder>properties>customize. Click on change icon.5)Scroll a bit, u should find some empty spaces, Click on any one of them.click okThats it, now u can store ur personal data without any 3rd party tools.
Method:2
U can also hide ur folder by dis method:-open Start>Run>CMDnow type attrib +a +s +h C:/name of d folder u want to hide(Path of the Directory)Now even in the folder option Show all Hide folders is slected still u will get dis folder hide...Reason:-BeCause the directory will get the attribute of a system file.
To unhide 1.Type same command juzz put "-" instead of "+" .2.Go to Tools>>Folder Options>>View and uncheck the Hide Protected operating system files.

Virus Infection Strategies And Their Solution

Infection strategies:-
In order to replicate itself, a virus must be permitted to execute code and write to memory. For this reason, many viruses attach themselves to executable files that may be part of legitimate programs. If a user tries to start an infected program, the virus' code may be executed first. Viruses can be divided into two types, on the basis of their behavior when they are executed. Nonresident viruses immediately search for other hosts that can be infected, infect these targets, and finally transfer control to the application program they infected. Resident viruses do not search for hosts when they are started. Instead, a resident virus loads itself into memory on execution and transfers control to the host program. The virus stays active in the background and infects new hosts when those files are accessed by other programs or the operating system itself.
Nonresident viruses:-
Nonresident viruses can be thought of as consisting of a finder module and a replication module. The finder module is responsible for finding new files to infect. For each new executable file the finder module encounters, it calls the replication module to infect that file.
Resident viruses:-
Resident viruses contain a replication module that is similar to the one that is employed by nonresident viruses. However, this module is not called by a finder module. Instead, the virus loads the replication module into memory when it is executed and ensures that this module is executed each time the operating system is called to perform a certain operation. For example, the replication module can be called each time the operating system executes a file. In this case, the virus infects every suitable program that is executed on the computer.Resident viruses are sometimes subdivided into a category of fast infectors and a category of slow infectors. Fast infectors are designed to infect as many files as possible. For instance, a fast infector can infect every potential host file that is accessed. This poses a special problem to anti-virus software, since a virus scanner will access every potential host file on a computer when it performs a system-wide scan. If the virus scanner fails to notice that such a virus is present in memory, the virus can "piggy-back" on the virus scanner and in this way infect all files that are scanned. Fast infectors rely on their fast infection rate to spread. The disadvantage of this method is that infecting many files may make detection more likely, because the virus may slow down a computer or perform many suspicious actions that can be noticed by anti-virus software. Slow infectors, on the other hand, are designed to infect hosts infrequently. For instance, some slow infectors only infect files when they are copied. Slow infectors are designed to avoid detection by limiting their actions: they are less likely to slow down a computer noticeably, and will at most infrequently trigger anti-virus software that detects suspicious behavior by programs. The slow infector approach does not seem very successful, however.

Vectors and hosts:-
Viruses have targeted various types of transmission media or hosts. This list is not exhaustive:
1.Binary executable files (such as COM files and EXE files in MS-DOS, Portable Executable files in Microsoft Windows, and ELF files in Linux)
2.Volume Boot Records of floppy disks and hard disk partitions
3.The master boot record (MBR) of a hard disk
4.General-purpose script files (such as batch files in MS-DOS and Microsoft Windows, VBScript files, and shell script files on Unix-like platforms).
5.Application-specific script files (such as Telix-scripts)
6.Documents that can contain macros (such as Microsoft Word documents, Microsoft Excel spreadsheets, AmiPro documents, and Microsoft Access database files)
7.Cross-site scripting vulnerabilities in web applications
8.Arbitrary computer files. An exploitable buffer overflow, format string, race condition or other exploitable bug in a program which reads the file could be used to trigger the execution of code hidden within it. Most bugs of this type can be made more difficult to exploit in computer architectures with protection features such as an execute disable bit and/or address space layout randomization. PDFs, like HTML, may link to malicious code.[citation needed]
It is worth noting that some virus authors have written an .EXE extension on the end of .PNG (for example), hoping that users would stop at the trusted file type without noticing that the computer would start with the final type of file. (Many operating systems hide the extensions of known file types by default, so for example a filename ending in ".png.exe" would be shown ending in ".png".)

Methods to avoid detection:-
In order to avoid detection by users, some viruses employ different kinds of deception. Some old viruses, especially on the MS-DOS platform, make sure that the "last modified" date of a host file stays the same when the file is infected by the virus. This approach does not fool anti-virus software, however, especially that which maintains and dates Cyclic redundancy check on file changes.
Some viruses can infect files without increasing their sizes or damaging the files. They accomplish this by overwriting unused areas of executable files. These are called cavity viruses. For example the CIH virus, or Chernobyl Virus, infects Portable Executable files. Because those files had many empty gaps, the virus, which was 1 KB in length, did not add to the size of the file.
Some viruses try to avoid detection by killing the tasks associated with antivirus software before it can detect them.
As computers and operating systems grow larger and more complex, old hiding techniques need to be updated or replaced. Defending a computer against viruses may demand that a file system migrate towards detailed and explicit permission for every kind of file access.

Avoiding bait files and other undesirable hosts:-
A virus needs to infect hosts in order to spread further. In some cases, it might be a bad idea to infect a host program. For example, many anti-virus programs perform an integrity check of their own code. Infecting such programs will therefore increase the likelihood that the virus is detected. For this reason, some viruses are programmed not to infect programs that are known to be part of anti-virus software. Another type of host that viruses sometimes avoid is bait files. Bait files (or goat files) are files that are specially created by anti-virus software, or by anti-virus professionals themselves, to be infected by a virus. These files can be created for various reasons, all of which are related to the detection of the virus:
1.Anti-virus professionals can use bait files to take a sample of a virus (i.e. a copy of a program file that is infected by the virus). It is more practical to store and exchange a small, infected bait file, than to exchange a large application program that has been infected by the virus.
2.Anti-virus professionals can use bait files to study the behavior of a virus and evaluate detection methods. This is especially useful when the virus is polymorphic. In this case, the virus can be made to infect a large number of bait files. The infected files can be used to test whether a virus scanner detects all versions of the virus.
3.Some anti-virus software employs bait files that are accessed regularly. When these files are modified, the anti-virus software warns the user that a virus is probably active on the system. Since bait files are used to detect the virus, or to make detection possible, a virus can benefit from not infecting them. Viruses typically do this by avoiding suspicious programs, such as small program files or programs that contain certain patterns of 'garbage instructions'.
A related strategy to make baiting difficult is sparse infection. Sometimes, sparse infectors do not infect a host file that would be a suitable candidate for infection in other circumstances. For example, a virus can decide on a random basis whether to infect a file or not, or a virus can only infect host files on particular days of the week.

Stealth:-
Some viruses try to trick anti-virus software by intercepting its requests to the operating system. A virus can hide itself by intercepting the anti-virus software’s request to read the file and passing the request to the virus, instead of the OS. The virus can then return an uninfected version of the file to the anti-virus software, so that it seems that the file is "clean". Modern anti-virus software employs various techniques to counter stealth mechanisms of viruses. The only completely reliable method to avoid stealth is to boot from a medium that is known to be clean

Self-modification:-
Most modern antivirus programs try to find virus-patterns inside ordinary programs by scanning them for so-called virus signatures. A signature is a characteristic byte-pattern that is part of a certain virus or family of viruses. If a virus scanner finds such a pattern in a file, it notifies the user that the file is infected. The user can then delete, or (in some cases) "clean" or "heal" the infected file. Some viruses employ techniques that make detection by means of signatures difficult but probably not impossible. These viruses modify their code on each infection. That is, each infected file contains a different variant of the virus.

Encryption with a variable key:-
A more advanced method is the use of simple encryption to encipher the virus. In this case, the virus consists of a small decrypting module and an encrypted copy of the virus code. If the virus is encrypted with a different key for each infected file, the only part of the virus that remains constant is the decrypting module, which would (for example) be appended to the end. In this case, a virus scanner cannot directly detect the virus using signatures, but it can still detect the decrypting module, which still makes indirect detection of the virus possible. Since these would be symmetric keys, stored on the infected host, it is in fact entirely possible to decrypt the final virus, but that probably isn't required, since self-modifying code is such a rarity that it may be reason for virus scanners to at least flag the file as suspicious.
An old, but compact, encryption involves XORing each byte in a virus with a constant, so that the exclusive-or operation had only to be repeated for decryption. It is suspicious code that modifies itself, so the code to do the encryption/decryption may be part of the signature in many virus definitions.
Polymorphic code:-
Polymorphic code was the first technique that posed a serious threat to virus scanners. Just like regular encrypted viruses, a polymorphic virus infects files with an encrypted copy of itself, which is decoded by a decryption module. In the case of polymorphic viruses however, this decryption module is also modified on each infection. A well-written polymorphic virus therefore has no parts which remain identical between infections, making it very difficult to detect directly using signatures. Anti-virus software can detect it by decrypting the viruses using an emulator, or by statistical pattern analysis of the encrypted virus body. To enable polymorphic code, the virus has to have a polymorphic engine (also called mutating engine or mutation engine) somewhere in its encrypted body. See Polymorphic code for technical detail on how such engines operate.
Some viruses employ polymorphic code in a way that constrains the mutation rate of the virus significantly. For example, a virus can be programmed to mutate only slightly over time, or it can be programmed to refrain from mutating when it infects a file on a computer that already contains copies of the virus. The advantage of using such slow polymorphic code is that it makes it more difficult for anti-virus professionals to obtain representative samples of the virus, because bait files that are infected in one run will typically contain identical or similar samples of the virus. This will make it more likely that the detection by the virus scanner will be unreliable, and that some instances of the virus may be able to avoid detection.
Metamorphic code:-
To avoid being detected by emulation, some viruses rewrite themselves completely each time they are to infect new executables. Viruses that use this technique are said to be metamorphic. To enable metamorphism, a metamorphic engine is needed. A metamorphic virus is usually very large and complex. For example, W32/Simile consisted of over 14000 lines of Assembly language code, 90% of which is part of the metamorphic engine.
Vulnerability and countermeasures
The vulnerability of operating systems to viruses
Just as genetic diversity in a population decreases the chance of a single disease wiping out a population, the diversity of software systems on a network similarly limits the destructive potential of viruses.
This became a particular concern in the 1990s, when Microsoft gained market dominance in desktop operating systems and office suites. The users of Microsoft software (especially networking software such as Microsoft Outlook and Internet Explorer) are especially vulnerable to the spread of viruses. Microsoft software is targeted by virus writers due to their desktop dominance, and is often criticized for including many errors and holes for virus writers to exploit. Integrated applications (such as Microsoft Office) and applications with scripting languages with access to the file system (for example Visual Basic Script (VBS), and applications with networking features) are also particularly vulnerable.
Although Windows is by far the most popular operating system for virus writers, some viruses also exist on other platforms. Any operating system that allows third-party programs to run can theoretically run viruses. Some operating systems are less secure than others. Unix-based OS's (and NTFS-aware applications on Windows NT based platforms) only allow their users to run executables within their protected space in their own directories.
An Internet based research revealed that there were cases when people willingly pressed a particular button to download a virus. A security firm F-Secure ran a half year advertising campaign on Google AdWords which said "Is your PC virus-free? Get it infected here!". The result was 409 clicks.
As of 2006, there are relatively few security exploits targeting Mac OS X (with a Unix-based file system and kernel). The number of viruses for the older Apple operating systems, known as Mac OS Classic, varies greatly from source to source, with Apple stating that there are only four known viruses, and independent sources stating there are as many as 63 viruses. It is safe to say that Macs are less likely to be targeted because of low market share and thus a Mac-specific virus could only infect a small proportion of computers (making the effort less desirable). Virus vulnerability between Macs and Windows is a chief selling point, one that Apple uses in their Get a Mac advertising. That said, Macs have also had security issues just as Microsoft Windows has, though none have ever been fully taken advantage of successfully in the wild.
Windows and Unix have similar scripting abilities, but while Unix natively blocks normal users from having access to make changes to the operating system environment, older copies of Windows such as Windows 95 and 98 do not. In 1997, when a virus for Linux was released – known as "Bliss" – leading antivirus vendors issued warnings that Unix-like systems could fall prey to viruses just like Windows. The Bliss virus may be considered characteristic of viruses – as opposed to worms – on Unix systems. Bliss requires that the user run it explicitly (so it is a trojan), and it can only infect programs that the user has the access to modify. Unlike Windows users, most Unix users do not log in as an administrator user except to install or configure software; as a result, even if a user ran the virus, it could not harm their operating system. The Bliss virus never became widespread, and remains chiefly a research curiosity. Its creator later posted the source code to Usenet, allowing researchers to see how it worked.

The role of software development:-
Because software is often designed with security features to prevent unauthorized use of system resources, many viruses must exploit software bugs in a system or application to spread. Software development strategies that produce large numbers of bugs will generally also produce potential exploits.

Anti-virus software and other preventive measures:-
Many users install anti-virus software that can detect and eliminate known viruses after the computer downloads or runs the executable. There are two common methods that an anti-virus software application uses to detect viruses. The first, and by far the most common method of virus detection is using a list of virus signature definitions. This works by examining the content of the computer's memory (its RAM, and boot sectors) and the files stored on fixed or removable drives (hard drives, floppy drives), and comparing those files against a database of known virus "signatures". The disadvantage of this detection method is that users are only protected from viruses that pre-date their last virus definition update. The second method is to use a heuristic algorithm to find viruses based on common behaviors. This method has the ability to detect viruses that anti-virus security firms have yet to create a signature for.
Some anti-virus programs are able to scan opened files in addition to sent and received e-mails 'on the fly' in a similar manner. This practice is known as "on-access scanning." Anti-virus software does not change the underlying capability of host software to transmit viruses. Users must update their software regularly to patch security holes. Anti-virus software also needs to be regularly updated in order to prevent the latest threats.
One may also prevent the damage done by viruses by making regular backups of data (and the Operating Systems) on different media, that are either kept unconnected to the system (most of the time), read-only or not accessible for other reasons, such as using different file systems. This way, if data is lost through a virus, one can start again using the backup (which should preferably be recent). If a backup session on optical media like CD and DVD is closed, it becomes read-only and can no longer be affected by a virus. Likewise, an Operating System on a bootable can be used to start the computer if the installed Operating Systems become unusable. Another method is to use different Operating Systems on different file systems. A virus is not likely to affect both. Data backups can also be put on different file systems. For example, Linux requires specific software to write to NTFS partitions, so if one does not install such software and uses a separate installation of MS Windows to make the backups on an NTFS partition, the backup should remain safe from any Linux viruses. Likewise, MS Windows can not read file systems like ext3, so if one normally uses MS Windows, the backups can be made on an ext3 partition using a Linux installation.

Recovery methods:-
Once a computer has been compromised by a virus, it is usually unsafe to continue using the same computer without completely reinstalling the operating system. However, there are a number of recovery options that exist after a computer has a virus. These actions depend on severity of the type of Virus.

Virus removal:-
One possibility on Windows XP and Windows Vista is a tool known as System Restore, which restores the registry and critical system files to a previous checkpoint. Often a virus will cause a system to hang, and a subsequent hard reboot will render a system restore point from the same day corrupt. Restore points from previous days should work provided the virus is not designed to corrupt the restore files. Some viruses, however, disable system restore and other important tools such as Task Manager and Command Prompt. An example of a virus that does this is CiaDoor.
Administrators have the option to disable such tools from limited users for various reasons. The virus modifies the registry to do the same, except, when the Administrator is controlling the computer, it blocks all users from accessing the tools. When an infected tool activates it gives the message "Task Manager has been disabled by your administrator.", even if the user trying to open the program is the administrator.
If your system is a Microsoft product and you have your 20 digit registration number, you can go to the Microsoft web site, and they will do a free scan and most likely remove any known virus such as Trojan win32.murlo.

Operating system reinstallation:-
Reinstalling the operating system is another approach to virus removal. It involves simply reformatting the OS partition and installing the OS from its original media, or imaging the partition with a clean backup image (taken with Ghost or Acronis for example).
This method has the benefits of being simple to do, can be faster than running multiple anti-virus scans, and is guaranteed to remove any malware. Downsides include having to reinstall all other software as well as the operating system. User data can be backed up by booting off of a LiveCD or putting the hard drive into another computer and booting from the other computer's operating system.