Monday, October 8, 2007

Shutdown commands in windows

Shutdown commands in windows
--------------------------------------
Open command prompt (start >> run - type cmd press enter)
type

shutdown /s

shuts down the system
----------------------------------------

type

shutdown /r

shutdown and restart the sytem


----------------------------------------

type

shutdown -a

Aborts a system shutdown (very useful if u accidentally or for virus removal
purpose endtasked system critical processes like svchost.exe)

----------------------------------------

type

shutdown /s /f

shutdown the system and closes any running applications

(quick shutdown)
here is file when double clicked will shutdown windows (very fast)
http://www.mediafire.com/?d4znz2vmmgd
_______________________________________________________

Friday, October 5, 2007

ISDLL.DLL.VBS ... The worm that spreads thru ur pendrive

Is ur system slow and nothing seems to happen when u double click ur c drive or any other drive except ur cd rom drive.. and even if it opens it opens in a new window..

bad new for u..

Ur system is infected and the culprit is a file name ISDLL.DLL.VBS
This is a script file virus.

How did it get tinside ur system
-------------------------------------
Via ur pendrive / mobile

but who ran the script in the first place?
------------------------------------------
sadly the answer is U urself did it.

How it acts
----------------
There are a lot of worms today that spread using pendrives - one of the most famous one is
win32/ahkheap.a (famous bcoz it shows the user something is wrong as they cannot browse certain sites like orkut,youtube etc.. and prevents firefox from opening so users are aware of their system's problem.

This one spreads the same way when a pen drive is plugged into a infected system the virus
makes a copy of itself inside the pendive in the recycler folder as the file autorun.exe
(if u check the properties it has microsoft as the company name with arabic written or some boxes appear after microsoft [if arabic language pack is not installed] and the size is around 32kb or so).

How to remove it
-----------------------

step1: Bring up ur task manager by pressing these buttons together Ctrl + Shift + Esc .
or use process explorer from microsoft sysinternals
step 2: Now stop all instances of wscipt.exe from the process tab (right click on the image name wscript.exe and select stop process tree) make sure u have stopped all wscript.exe.
step2a: Now select folder options and make sure that u can see all hidden and protecte operating system files (detailed instructions available on this topic here
http://dennyphilip.blogspot.com/2007/08/show-hidden-files-and-folders.html)
if u cannot see ur folder options at all (where did the folder options go??) follow instructions in this page and come back to this page
http://dennyphilip.blogspot.com/2007/08/no-folder-options.html)

step 3: Once this is done open my computer and after it is open press these keys together Ctrl+F to bring the search pane up on ur "My computer".
now make sure u have checked hidden files,protected operating system files,search system files (all the three in arow should be checked).
step 4: search for isdll..dll.vbs or isdll*.* by typing any one of these in the search bar.
wait for all the results to appear and select the results by pressing Ctrl + A or cleck and drag a selection box around the results delete all instances of isdll.dll.vbs files by pressing shift +Del buttons together if u r unable to see any file redo step2a agian.
if are denied access to the file redo step2
even after doing it right if u cant see the files open file location by the right click menu on the file
then follow instructions given here.
http://dennyphilip.blogspot.com/2007/08/manualy-unhide-files.html
then search for autorun.exe inside the recycler folder in all removable media including ur pendrives and mobile delete it.

step4: Now go the search bar and search for autorun.inf in all ur harddisks(say c:,D:,E: etc)and ur pendive or any other devices connected to ur pc . delete the files in the root (i.e in c: the autorun .inf in C: [file path will be c:\autorun.exe]) delete the files in the root of all the files except in cd roms (in cd roms they help to launch a file say a set up file when u put a cd in the drive no harm there and the worm doesn't have cd writing capabilities at least yet).
now once u have deleted all these file delete any system restore points u have made earlier and create a new one( as the virus may have copies of itself stored in the system backup).

restart ur system and check if all u can open c: by double clicking the icon in my computer if it opens ur are good to go and u have cleaned ur system manually. Congrats. If not read this post again carefully and do exactlt as it is said i f u have questions.please post in the comments section below by clicking comments and a popup will open with space for writing ur comment.

Wednesday, October 3, 2007

Welcome aboard ABY....

Welcome aboard the blog Aby John. Our new blog admin.

Here is a photo of Aby.

Tuesday, October 2, 2007

safety instructions while plugging a pendrive or a mobile phone to ur pc.


Here are a few safety instructions that if followed can prevent malware (virus worm and trogan) infection...
  • 1)Do not allow any autorun programs to run from ur pendrive/mobile unless u put it there in the first place. U can use tweakui from microsoft to deactivate the autorun function from all drives except the cd rom

  • 2)Always use "Windows explorer" and NOT "My computer" to open pendrive/mobile. If u use my computer clicking the folders button will give u the side tree view in both case only access the pendrive/mobile from the tree DO NOT DOUBLE CLICK THE DRIVE ICON.
  • or
  • type the drive letter in the address bar and press enter to browse the pendrive/mobile

  • 4)Always scan ur pendrive/mobile with ur antivirus before opening it, and make sure ur antivirus has the latest virus definitions and that it is uptodate.

  • 5)use a registry protection software. (u can use spy bot search and destroy..with its teatimer option enabled... though u may be annoyed when it asks for every registry change made to be allowed... but it will save u a lot of tension as it would as ur permission before any virus could make a registry change... u can swith off when u are installling a new software else it might bug u more than u ever want to and force u to disable the teatimer/reg protection... which is a bad idea.)

  • 6) if u find a file called autorun.inf in ur pendrive delete it unless u put it there on purpose. autorun.inf is NOT a virus it is a file that tells windows which program to open whenu double click a drive icon.. if find it open it using notepad.exe and try to locate which program is supposed to open find it, if found suspicious delete it (most of the case it can be deleted safely)
  • 7) if u double click a folder and nothing happens right click on it and check whether it is an application if so u r most probably infected by now by the brontok virus. use the guide lines given in this blog to clean ur system.

Well these are certain guidelines if u guyz feel that there are more please let me know by posting a comment i will update this topic as soon as possible.