Google
 

Tuesday, November 6, 2007

FASTNET Payah!!!

Posted by My Computer

Betapa mengecewakannya FASTNET dari FIRST MEDIA 3 hari belakangan ini.. (*> <) (gigit2 layar laptop) Ini adalah kutipan dari keluhan yang ingin Michelle kirim ke FIRSTMEDIA kalau saja halaman Contact Us berfungsi dengan baik...

(gigit2 keyboard)

saya adalah pelanggan fastnet dengan bayaran bulanan 320 rb.

no pelanggan saya 463***.
first media kenapa ya?
sudah tiga hari ini super lemot.
sampai2 download ratenya lebih rendah dari dial up telkomnet saya (berdasarkan speedtest).
yaitu download 23kbps dan upload 1kbps dengan ping 999ms (nasional).
ketika saya hub costumer servicenya tdk diangkat (mungkin karena banyak yg menanyakan).
padahal kalau menurut website ini, saya seharusnya mendapatkan 768kbps
(beberapa minggu yang lalu saya masih mendapatkan sekitar 700kbps berdasarkan speedtest).
apakah karena sedang upgrade/expansi?

kalau hanya karena banyak pengguna saya rasa penurunan speed yang lebih dari 70% ini keterlaluan

kalau memang karena upgrade, berapa lama saya akan mengalami lag yang seperti ini?

terima kasih untuk perhatiannya



FASTNET payah!!!

at 5:26 AM 0 comments

Labels:

Monday, September 10, 2007

BatamHacker Manual Removal

Posted by My Computer

This virus was rather new. Most of my updated antivirus doesn't recognize it.

I noticed that this version of the virus create a new user named BatamHacker as an admin when my computer was not joined to a domain. It also tries to hide known extension, "show hidden files" and "hide protected system files" option. It link itself to run when user logon through registry (strangely it doesn't tun itself from startup folder and scheduled task).

The removal tricks that I use to remove this crap were simple and straight forward. It include killing the virus from memory using Process XP, repairing the registry, manual search and destroy, and deleting the registry string that run the virus using Autoruns (or you can do it manually).

  1. First use an alternative process explorer because the virus will close task manager. My favorite was Process XP from sysinternals. But some virus recognize the program title or the filename and close it immediately. So I use a modified version of the program (an apology to sysinternals :p) to prevent the virus from closing it. Kill any process that has a folder as an icon (usually under explorer).
  2. Repair the registry, I have a compiled version of registry repair from various virus including this one. Then check "show hidden files and folders", uncheck "hide protected system files and folders (recommended)", and uncheck "hide extension for known file type". This option was under explorer-tools-folder options-view.
  3. Manually search and destroy the virus. In my version it were at most 4800 KB, and I search for most common file type used by a virus (*.exe,*.cmd;*.scr;*.com;*.bat). Sort by size and delete all file that have a folder icon (in my case it was folder.exe).
  4. Than use sysinternals Autoruns and delete the virus entry (it doesn’t have a description,publisher,and it's image path fields show file not found because I already delete it in step 3)

Now restart the computer, and run process explorer again. See if under explorer.exe there waas still a process with folder icon.

Crap virus :p

at 9:13 PM 0 comments

Labels: ,

Friday, August 10, 2007

Registry and inf blocked

Posted by My Computer

Virus block my registry, and changes inf file type... (T.T)

Most Indonesian virus change the registry setting. Then it does everything to stay alive by blocking access to many programs including registry editor. Usually you can just write your registry modification to an .inf file. But in some case, the virus changes the inf file type from Setup Information to Text Document. This effectively blocks the install command when you press the right mouse button on an inf file. If this happen, you can use this command from the run menu or command prompt:

Rundll32 setupapi,InstallHinfSection DefaultInstall 128 [filepath]

in case the virus also hide run menu and block *.exe file from registry debugger, then you need to first kill the virus, then open command prompt manually from c:\windows\system32\cmd.exe. If the virus does block *.exe file using debugger, this action will prompt a question on what program you want to use to open cmd.exe. Choose cmd.exe (if it’s not there in the choice, then browse it in c:\windows\system32\cmd.exe). And a command prompt will pop up. After that you just need to enter the command above.

Reference: www.myitforum.com/articles/1/view.asp?id=3270

at 2:37 AM 0 comments

Labels: , ,

Most Common Registry Fix

Posted by My Computer

Fixing and understanding most commonly blocked windows function in registry.

HKLM, Software\CLASSES\[file extension]\shell\open\command [filename default: "%1" %*]

This is probably the most annoying block. The virus can attach a program that open every time that file extension is called.

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, [filename default:explorer.exe]

This will call the file every time we log on to windows.

HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, [filename default:cmd.exe]

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, [filename default:cmd.exe]

This one will call the file even on safe mode.

HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, type,0, [string default:checkbox]

Ever lost the “Hide Extensions for known file types” checkbox in folder option? This is the culprit.

HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, Text,0, [string default:Hide Extensions for known file types]

The “Hide Extensions for known file types” was replaced by something weird? This is the string that changes it.

HKLM, Software\Microsoft\Windows NT\CurrentVersion, ProductId,0, [string ProductId]

HKCU, Software\Microsoft\Internet Explorer\Main, Window Title,0, [string default:Microsoft Internet Explorer]

HKLM, Software\Microsoft\Windows NT\CurrentVersion, ProductName,0 [string ProductName]

HKLM, Software\Microsoft\Windows NT\CurrentVersion, RegisteredOrganization,0, [string RegisteredOrganization ]

HKLM, Software\Microsoft\Windows NT\CurrentVersion, RegisteredOwner,0, [string RegisteredOwner ]

These string above change the text in computer system (inside the control panel)

HKCU, Software\Microsoft\Internet Explorer\Main, Window Title,0, [string default:Microsoft Internet Explorer]

HKCU, Software\Policies\Microsoft\Internet Explorer\Control Panel, Homepage,1,0

These string change the name of internet explorer and the homepage.

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableTaskMgr

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoRun

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFind

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoSaveSettings

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoControlPanel

HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, NoFolderOptions

HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, NoRun

HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, NoFind

HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, NoControlPanel

These string usually enable or disable something according to the value (usually 1 to activate and 0 to deactivate)

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\[filename], Debugger

This string cause a file to be called for a (very) particular filename.

HKCU, Software\Yahoo\pager\View\YMSGR_buzz, "content url"

HKCU, Software\Yahoo\pager\View\YMSGR_Launchcast, "content url"

These strings are changed by yahoo related virus.

HKCU, Software\Microsoft\Windows\ShellNoRoam\MUICache,@shell32.dll,-30503,0, "Hide Extensions for known file types"

HKLM, Software\Microsoft\Windows\CurrentVersion\Run,renova

HKCU, Software\Microsoft\Windows\CurrentVersion\Run,Shell

I don’t exactly know what these strings are for, but some virus uses them. Usually I just delete them. If anybody know how to use them or know what they’re for please let me know.

When fixing things in registry when it’s blocked, you can still inject it from *.inf file. That is as long as your inffile is not also blocked. If it does, follow my instruction in playing with registry.

This is the string I found during my virus cleaning experience. I compile it into one big registry fixer from various source and a tedious trial and error (lots of them from vaksin.com). Copy this file into filename.inf, then right click and install. Or you can simply download this file.

[Version]

Signature="$Chicago$"

Provider=Michelle

[DefaultInstall]

AddReg=UnhookRegKey

DelReg=del

[UnhookRegKey]

HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\txtfile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""

HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"

HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, "cmd.exe"

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, "cmd.exe"

HKCU, Software\Microsoft\Windows\ShellNoRoam\MUICache, "@shell32.dll,-30503",0, "Hide Extensions for known file types"

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, type,0, "checkbox"

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, Text,0, "@shell32.dll,-30503"

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, Type, 0, "radio"

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, Type, 0, "checkbox"

HKCU, Software\Microsoft\Windows\ShellNoRoam\MUICache, "@shell32.dll,-30503",0, "Hide Extensions for known file types"

HKCU, Software\Microsoft\Windows\ShellNoRoam\MUICache, "@shell32.dll,-30508",0, "Hide protected system files and folders (Recommended)"

HKLM, Software\Microsoft\Windows NT\CurrentVersion, ProductId,0, "Your Product ID"

HKCU, Software\Microsoft\Internet Explorer\Main, Window Title,0, "Internet Explorer"

HKLM, Software\Microsoft\Windows NT\CurrentVersion, ProductName,0,"Your Product Name"

HKLM, Software\Microsoft\Windows NT\CurrentVersion, RegisteredOrganization,0,"Your Organization"

HKLM, Software\Microsoft\Windows NT\CurrentVersion, RegisteredOwner,0, "Your Registered Owner"

HKCU, Software\Policies\Microsoft\Internet Explorer\Control Panel, Homepage,1,0

[del]

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableTaskMgr

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoRun

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFind

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoSaveSettings

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoControlPanel

HKLM, Software\Microsoft\Windows\CurrentVersion\Run,renova

HKCU, Software\Microsoft\Windows\CurrentVersion\Run,Shell

HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, NoFolderOptions

HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, NoRun

HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, NoFind

HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, NoControlPanel

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sol.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\calc.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmine.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mshearts.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\freecell.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spider.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANSAV.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANSAV32.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tasklist.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winamp.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\URemovalCRC32.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Niu.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvccf.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcod.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CClaw.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcoas.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Njeeves.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nipsvc.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcsched.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nip.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe, Debugger

HKCU, Software\Yahoo\pager\View\YMSGR_buzz, "content url"

HKCU, Software\Yahoo\pager\View\YMSGR_Launchcast, "content url"

In case you cannot install your inf file (there's no install command when you right click), perhaps you could insert install it using rundll32

Hope this will help

Reference: vaksin.com

at 1:58 AM 1 comments

Labels: , , ,

Thursday, August 9, 2007

ASP.NET (VB) Create a dynamic organisation chart on a website (Indonesian)

Posted by My Computer


Dimana saya bisa mendapatkan program organisation chart yang secara dinamis berubah sesuai dangan database karyawan? Berdasarkan pencarian ini saya mendapatkan beberapa sumber yang cukup menarik. Sayangnya tidak sesuai dengan apa yang saya butuhkan.

Saya membutuhkan gambar struktur organisasi berbasis html (agar terinteraksi langsung ke halaman .NET yang sedang saya bangun). Program yang ada (gratisan) rata2 mengkonvert Struktur Organisasi (STO) ke bentuk excel atau jpg terlebih dahulu. Jadi sekarang pertanyaannya bagaimana membangun gambar table dalam html tanpa harus menggenerate jpg atau excel?


Inilah hasilnya. setiap kotak yang ada diatas mewakili jabatan. Garis yang ada diatas tulisan details adalah hyperlink yang berisi nama karyawan (sorry,.. harus di sensor ;p). Garis2 yang menghubungkan antar kotak adalah jpg 1KB. Gambar yang harus dipersiapkan ada 5 buah. (vertikal, horisontal, vertikal last, horisontal middle, dan vertikal middle). Tambahan detailnya adalah ajax popup extender.

Ketika hyperlink di click, STO mendrildown lima level ke bawah dengan dia (hyperlink yang di click) sebagai root nya (kotak paling kiri).

Sedangkan ketika tombol details di click, muncul detailsview dalam panel (karena masalah bug ajax, detailsviewnya harus dimasukan ke panel).


Lagi lagi maaf... gambarnya harus di sensor :(

Bagaimana konsepnya? Hopefully akan dilanjutkan nanti... (karena sekarang jam 5.30 pm dan bel pulang kantor dah bunyi... hehehe).

at 3:17 AM 0 comments

Labels: , , , ,

Subscribe to: Posts (Atom)