Registry and inf blocked

Virus block my registry, and changes inf file type... (T.T)

Most Indonesian virus change the registry setting. Then it does everything to stay alive by blocking access to many programs including registry editor. Usually you can just write your registry modification to an .inf file. But in some case, the virus changes the inf file type from Setup Information to Text Document. This effectively blocks the install command when you press the right mouse button on an inf file. If this happen, you can use this command from the run menu or command prompt:

Rundll32 setupapi,InstallHinfSection DefaultInstall 128 [filepath]

in case the virus also hide run menu and block *.exe file from registry debugger, then you need to first kill the virus, then open command prompt manually from c:\windows\system32\cmd.exe. If the virus does block *.exe file using debugger, this action will prompt a question on what program you want to use to open cmd.exe. Choose cmd.exe (if it’s not there in the choice, then browse it in c:\windows\system32\cmd.exe). And a command prompt will pop up. After that you just need to enter the command above.

Reference: www.myitforum.com/articles/1/view.asp?id=3270

Most Common Registry Fix

Fixing and understanding most commonly blocked windows function in registry.

HKLM, Software\CLASSES\[file extension]\shell\open\command [filename default: "%1" %*]

This is probably the most annoying block. The virus can attach a program that open every time that file extension is called.

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, [filename default:explorer.exe]

This will call the file every time we log on to windows.

HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, [filename default:cmd.exe]

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, [filename default:cmd.exe]

This one will call the file even on safe mode.

HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, type,0, [string default:checkbox]

Ever lost the “Hide Extensions for known file types” checkbox in folder option? This is the culprit.

HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, Text,0, [string default:Hide Extensions for known file types]

The “Hide Extensions for known file types” was replaced by something weird? This is the string that changes it.

HKLM, Software\Microsoft\Windows NT\CurrentVersion, ProductId,0, [string ProductId]

HKCU, Software\Microsoft\Internet Explorer\Main, Window Title,0, [string default:Microsoft Internet Explorer]

HKLM, Software\Microsoft\Windows NT\CurrentVersion, ProductName,0 [string ProductName]

HKLM, Software\Microsoft\Windows NT\CurrentVersion, RegisteredOrganization,0, [string RegisteredOrganization ]

HKLM, Software\Microsoft\Windows NT\CurrentVersion, RegisteredOwner,0, [string RegisteredOwner ]

These string above change the text in computer system (inside the control panel)

HKCU, Software\Microsoft\Internet Explorer\Main, Window Title,0, [string default:Microsoft Internet Explorer]

HKCU, Software\Policies\Microsoft\Internet Explorer\Control Panel, Homepage,1,0

These string change the name of internet explorer and the homepage.

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableTaskMgr

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoRun

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFind

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoSaveSettings

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoControlPanel

HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, NoFolderOptions

HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, NoRun

HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, NoFind

HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, NoControlPanel

These string usually enable or disable something according to the value (usually 1 to activate and 0 to deactivate)

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\[filename], Debugger

This string cause a file to be called for a (very) particular filename.

HKCU, Software\Yahoo\pager\View\YMSGR_buzz, "content url"

HKCU, Software\Yahoo\pager\View\YMSGR_Launchcast, "content url"

These strings are changed by yahoo related virus.

HKCU, Software\Microsoft\Windows\ShellNoRoam\MUICache,@shell32.dll,-30503,0, "Hide Extensions for known file types"

HKLM, Software\Microsoft\Windows\CurrentVersion\Run,renova

HKCU, Software\Microsoft\Windows\CurrentVersion\Run,Shell

I don’t exactly know what these strings are for, but some virus uses them. Usually I just delete them. If anybody know how to use them or know what they’re for please let me know.

When fixing things in registry when it’s blocked, you can still inject it from *.inf file. That is as long as your inffile is not also blocked. If it does, follow my instruction in playing with registry.

This is the string I found during my virus cleaning experience. I compile it into one big registry fixer from various source and a tedious trial and error (lots of them from vaksin.com). Copy this file into filename.inf, then right click and install. Or you can simply download this file.

---

[Version]

Signature="$Chicago$"

Provider=Michelle

[DefaultInstall]

AddReg=UnhookRegKey

DelReg=del

[UnhookRegKey]

HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\txtfile\shell\open\command,,,"""%1"" %*"

HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""

HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"

HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, "cmd.exe"

HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, "cmd.exe"

HKCU, Software\Microsoft\Windows\ShellNoRoam\MUICache, "@shell32.dll,-30503",0, "Hide Extensions for known file types"

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, type,0, "checkbox"

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt, Text,0, "@shell32.dll,-30503"

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, Type, 0, "radio"

HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, Type, 0, "checkbox"

HKCU, Software\Microsoft\Windows\ShellNoRoam\MUICache, "@shell32.dll,-30503",0, "Hide Extensions for known file types"

HKCU, Software\Microsoft\Windows\ShellNoRoam\MUICache, "@shell32.dll,-30508",0, "Hide protected system files and folders (Recommended)"

HKLM, Software\Microsoft\Windows NT\CurrentVersion, ProductId,0, "Your Product ID"

HKCU, Software\Microsoft\Internet Explorer\Main, Window Title,0, "Internet Explorer"

HKLM, Software\Microsoft\Windows NT\CurrentVersion, ProductName,0,"Your Product Name"

HKLM, Software\Microsoft\Windows NT\CurrentVersion, RegisteredOrganization,0,"Your Organization"

HKLM, Software\Microsoft\Windows NT\CurrentVersion, RegisteredOwner,0, "Your Registered Owner"

HKCU, Software\Policies\Microsoft\Internet Explorer\Control Panel, Homepage,1,0

[del]

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableTaskMgr

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoRun

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFind

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoSaveSettings

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoControlPanel

HKLM, Software\Microsoft\Windows\CurrentVersion\Run,renova

HKCU, Software\Microsoft\Windows\CurrentVersion\Run,Shell

HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, NoFolderOptions

HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, NoRun

HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, NoFind

HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, NoControlPanel

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sol.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\calc.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmine.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mshearts.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\freecell.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spider.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANSAV.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANSAV32.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tasklist.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winamp.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\URemovalCRC32.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Niu.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvccf.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcod.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CClaw.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcoas.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Njeeves.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nipsvc.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcsched.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nip.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe, Debugger

HKLM, Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe, Debugger

HKCU, Software\Yahoo\pager\View\YMSGR_buzz, "content url"

HKCU, Software\Yahoo\pager\View\YMSGR_Launchcast, "content url"

---

In case you cannot install your inf file (there's no install command when you right click), perhaps you could insert install it using rundll32

Hope this will help

Reference: vaksin.com

ASP.NET (VB) Create a dynamic organisation chart on a website (Indonesian)

Dimana saya bisa mendapatkan program organisation chart yang secara dinamis berubah sesuai dangan database karyawan? Berdasarkan pencarian ini saya mendapatkan beberapa sumber yang cukup menarik. Sayangnya tidak sesuai dengan apa yang saya butuhkan.

Saya membutuhkan gambar struktur organisasi berbasis html (agar terinteraksi langsung ke halaman .NET yang sedang saya bangun). Program yang ada (gratisan) rata2 mengkonvert Struktur Organisasi (STO) ke bentuk excel atau jpg terlebih dahulu. Jadi sekarang pertanyaannya bagaimana membangun gambar table dalam html tanpa harus menggenerate jpg atau excel?


Inilah hasilnya. setiap kotak yang ada diatas mewakili jabatan. Garis yang ada diatas tulisan details adalah hyperlink yang berisi nama karyawan (sorry,.. harus di sensor ;p). Garis2 yang menghubungkan antar kotak adalah jpg 1KB. Gambar yang harus dipersiapkan ada 5 buah. (vertikal, horisontal, vertikal last, horisontal middle, dan vertikal middle). Tambahan detailnya adalah ajax popup extender.

Ketika hyperlink di click, STO mendrildown lima level ke bawah dengan dia (hyperlink yang di click) sebagai root nya (kotak paling kiri).

Sedangkan ketika tombol details di click, muncul detailsview dalam panel (karena masalah bug ajax, detailsviewnya harus dimasukan ke panel).


Lagi lagi maaf... gambarnya harus di sensor :(

Bagaimana konsepnya? Hopefully akan dilanjutkan nanti... (karena sekarang jam 5.30 pm dan bel pulang kantor dah bunyi... hehehe).