Computer Info & Latest Computer Virus

Hot Promotion

2011-04-11T16:39:00.000-07:00

• Data pada ThumbDrive anda bertukar Shortcut???
Tak perlu reformat komputer. Remove Virus jer - RM25
• Reformat computer - RM 35

Hubungi :
Razi : 014 – 8736005
ladingmerah@gmail.com

“We Pickup, We Repair, We Deliver”

Multicast Technology

2011-04-11T16:36:00.000-07:00

"We Pickup, We Repair, We Deliver"

* Customize Software & Maintenance
* Computer Software & Hardware Maintenance
* Networking
* Repair & Services
* Antivirus
* Reformat
* Computer Virus Specialize
* On Site repair (Minor Problem)

Call Us :

Razi - 014 8736005 (Universiti Malaysia Sabah,Putatan, Taman Pantai Lokkawi, Lokkawi Height, Kinarut area)

Azlan - 016 8455756 (Universiti Malaysia Sabah, Alam Mesra, Sepanggar, Likas, Kingfisher area)

Anuar - 016 8470478 (Universiti Malaysia Sabah, Inanam, Kalansanan, Sepanggar, kolombong, Putatan area)

Trojan.Win32.FraudPack.bkhe

2010-11-14T18:23:00.000-08:00

Details

This Trojan has a malicious payload. It is a Windows dynamic link library (DLL) file. It is 361216 bytes in size.

Once launched, the program will display a message stating that the computer has been infected by malicious programs:

The message is displayed even if there are no other malicious programs on the computer.

If the user clicks the message, the program will display a license agreement in a new window:

The program then starts to load a fake antivirus solution without waiting for the user’s consent:

It is downloaded from one of the following addresses (depending on the file which contains the malicious program):

http://searchbad.org
http://searchfinddeliver.org
http://finderwid.org
http://searchannoying.org
http://fastoutostop.com

The following files are downloaded:

/avt/avt_db
/avt/avt_ext
/avt/avt_hook
/avt/avt_un
/avt/avt_main

The downloaded program is then installed into the directory:

%ProgramFiles%\AnVi

In order to ensure that it is launched automatically when the system is rebooted, the Trojan adds a link to the program which has just been installed to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"="%ProgramFiles%\AnVi\avt.exe\ -noscan"

At the time of writing the following program could be downloaded and installed from the above addresses:

This program informs the user of the presence of various malicious programs in the system even if there are no such programs on the computer. In addition, it displays alerts about a network attack on the computer and the existence of a keylogger in the system:

The program states that the full version has to be activated in order to remove these supposed “threats”. The user is prompted to make an electronic transaction using a bank card.

The program also prevents Windows Task Manager from being launched by modifying the following system registry key values:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000001
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"DisableTaskMgr"=dword:00000001
In addition, the malicious program creates the following system registry key:
[HKLM\SOFTWARE\AnVi]

Remove

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

1. Delete the original malware file which is usually located in the
%TEMP%
folder named as
eapp32hst.dll

2. Enable the launch of Task Manager by restoring the following system registry key values:

3. [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
4. "DisableTaskMgr"=dword:00000000
5. [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
6. "DisableTaskMgr"=dword:00000000
7. Use Task Manager to terminate the process.
8. Delete the

%ProgramFiles%\AnVi
folder with all its contents.

9. Delete the following system registry key parameters:
10. [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
11. "Antivirus"="%ProgramFiles%\AnVi\avt.exe\ -noscan"
12. [HKLM\SOFTWARE\AnVi]
13. Delete all files from the %Temp% directory.

Rootkit.Win32.Stuxnet.a

2010-11-14T18:08:00.000-08:00

Details
It is a rootkit which is designed to launch malicious code in the user’s system. It is an NT kernel mode driver. It is 26616 bytes in size.

Infection

The rootkit copies its executable file as:
%System%\drivers\mrxcls.sys

In order to ensure that it is launched automatically when the system is rebooted, the rootkit creates the following service registry key:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxCls]
"Description"="MRXCLS"
"DisplayName"="MRXCLS"
"ErrorControl"=dword:00000000
"Group"="Network"
"ImagePath"="\\??\\%System%\Drivers\\mrxcls.sys"
"Start"=dword:00000001
"Type"=dword:00000001

It creates the file:

%System%\drivers\mrxnet.sys

– 17400 bytes, defined as Rootkit.Win32.Stuxnet.b

To ensure that it is launched automatically when the system is rebooted, the rootkit creates the following service registry key:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxNet]
"Description"="MRXCLS"
"DisplayName"="MRXNET"
"ErrorControl"=dword:00000000
"Group"="Network"
"ImagePath"="\\??\\%System%\Drivers\\mrxnet.sys"
"Start"=dword:00000001
"Type"=dword:00000001

It also creates the following files:

%windir%\inf\mdmcpq3.pnf - 4633 bytes.
%windir%\inf\mdmeric3.pnf - 90 bytes.
%windir%\inf\oem6c.pnf - 323848 bytes.
%windir%\inf\oem7a.pnf – 498176 bytes.
which contain the code and encrypted rootkit data.

The rootkit spreads via removable USB devices exploiting the zero-day vulnerability CVE-2010-2568 in LNK files (for more details see here).

For this purpose the malicious code running in the services.exe process monitors the connection of new USB storage devices to the system and if a connection is detected, creates the following files in the root folder of the device:

~wtr4132.tmp
– 513536 bytes, identified as Trojan-Dropper.Win32.Stuxnet.a

~wtr4141.tmp
– 25720 bytes, identified as Trojan-Dropper.Win32.Stuxnet.b

These DLL files are downloaded when the vulnerability is exploited and install the rootkit on the system. Together with these files the shortcuts to the vulnerability are placed in the root of the infected disk:

"Copy of Shortcut to.lnk"
"Copy of Copy of Shortcut to.lnk"
"Copy of Copy of Copy of Shortcut to.lnk"
"Copy of Copy of Copy of Copy of Shortcut to.lnk"

The files are 4171 bytes in size and are detected as Trojan.WinLnk.Agent.i. The vulnerability will be exploited if the user attempts to view the contents of the removable media’s root directory using the file manager with file icons enabled. Once the vulnerability is exploited the rootkit is activated, which instantaneously hides the malicious files.

The rootkit is designed to inject the malicious code into user mode processes. The rootkit downloads the DLL dynamic library to the following system processes:

svchost.exe
services.exe
lsass.exe

After this DLLs are displayed in their module lists with the following names:
kernel32.dll.aslr.
shell32.dll.aslr.

Where rnd stands for a random hexadecimal number. The code being injected is contained in the file:

%WinDir%\inf\oem7A.PNF
It is encrypted.

The injected code contains the main functionality of this malicious program. This includes:

• Propagation via removable media.
• Monitoring of the Siemens Step7 system. For this purpose the rootkit driver injects its intermediary library to the s7tgtopx.exe process instead of the original s7otbxsx.dll, which emulates the work of the following API functions:
• s7_event
• s7ag_bub_cycl_read_create
• s7ag_bub_read_var
• s7ag_bub_write_var
• s7ag_link_in
• s7ag_read_szl
• s7ag_test
• s7blk_delete
• s7blk_findfirst
• s7blk_findnext
• s7blk_read
• s7blk_write
• s7db_close
• s7db_open
• s7ag_bub_read_var_seg
• s7ag_bub_write_var_seg
collecting various information on the work of the system.
• Performing SQL requests. The rootkit receives a list of computers in the local network and checks if the Microsoft SQL server, which services the visualization system for Siemens WinCC operational processes, is launched on any of them. If the server is found, the malware attempts to log in to the database using the WinCCConnect/2WSXcder username and password and then tries to acquire data from the following tables:

• MCPTPROJECT
• MCPTVARIABLEDESC
• MCPVREADVARPERCON
• It collects information from files with the extensions:
• *.S7P
• *.MCP
• *.LDF

which are created using Siemens Step7. The entire computer hard drive is searched for the files.

• It sends the collected data via the Internet to the cybercriminals’ servers in encrypted format.

The rootkit file is signed with the digital signature of Realtek Semiconductor Corp.

Remove Virus

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

1. Delete the original rootkit file (the location will depend on how the program originally penetrated the victim machine).
2. Delete the system registry keys
3. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxNet]
4. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxCls]
5. Delete the following files:
6. %System%\drivers\mrxnet.sys
7. %System%\drivers\mrxcls.sys
8. %windir%\inf\mdmcpq3.pnf
9. %windir%\inf\mdmeric3.pnf
10. %windir%\inf\oem6c.pnf
11. %windir%\inf\oem7a.pnf
12. Reboot the computer
13. Disable the display of icons in the file manager to avoid repeated infection.
14. Delete the following files from removable media if there are any:
15. "Copy of Shortcut to.lnk"
16. "Copy of Copy of Shortcut to.lnk"
17. "Copy of Copy of Copy of Shortcut to.lnk"
18. "Copy of Copy of Copy of Copy of Shortcut to.lnk"
19. ~wtr4132.tmp
20. ~wtr4141.tmp

D-link DIR-300 Wireless G Router (For Sale)

2010-10-25T17:29:00.000-07:00

For Sale - RM 75

- IEEE 802.11b/g Wireless LAN Compliant
- Built-in 4 port switch
- Advanced firewall & Security
- Advanced scheduling & user level control
- Supports VPN passthrough
- WPA (TKIP) & WPA2 (AES) support
- Interactive install guide
- UPnP support

Call/SMS :

Razi - 014 8736005

Virus change your data into shortcut (Shortcut Virus)

2010-10-06T19:29:00.001-07:00

This Virus Widely spread within Universiti Malaysia Sabah Main Campus. It was built using Visual Basic Programming language that take advantage of 'autorun' function inside Microsoft Windows.

This virus will automatically close the application such as Internet Explorer, Task Manager and most of your .exe file cannot be open even your antivirus.

It spread rapidly because we always share file using ThumbDrive. When your thumbdrive infected with the virus and you plug in into a Computer. That Computer will get Infected too. then, When another ThumbDrive plugged in to that Computer, that Thumbdrive will get infect. All data inside will be hidden & A shortcut that link to the virus file will appear. Clever virus.

This virus trigger a panic especially for them that need the actual data inside the thumbdrive.

Most of them who infected with the virus bring their computer to computer shop for reformatting the Operating System (Windows). this computer virus infection can be disinfect without reformatting your Computer.

I know a personal that can help you remove the infection without reformatting your computer. With a Charge as low as RM25, he can remove it.

If u interested, Please Call Mr. Razi - 014 8736005

Worm.Win32.Kido @ Conficker Worm

2009-05-19T23:24:00.000-07:00

also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008. The worm uses a combination of advanced malware techniques which has made it difficult to counter, and has since spread rapidly into what is now believed to be the largest computer worm infection since the 2003 SQL Slammer.

check whether Your computers are infected with Conficker Worm

Download Full Virus Report

Download Kido Malware Remover

Sality Virus Removal

2009-04-26T20:08:00.000-07:00

Description:
Sality is a family of file infecting viruses that spread by infecting exe and scr files. The virus also includes an autorun worm component that allows it to spread to any removable or discoverable drive. In addition, Sality includes a downloader trojan component that installs additional malware via the Web.

Symptom:
As with many other malware, Sality disables antivirus software and prevents access to certain antivirus and security websites. Sality can also prevent booting into Safe Mode and may delete security-related files found on infected systems. To spread via the autorun component, Sality generally drops a .cmd, .pif, and .exe to the root of discoverable drives, along with an autorun.inf file which contains instructions to load the dropped file(s) when the drive is accessed.

Removal
- I managed to remove this virus using Kaspersky Virus Removal Tool With Latest Virus Definition.
- U can easily Download this Tools From Kaspersky lab Website Or From Softpedia.com ... It's Free ..
- just install the tools and run it ...
BUT BE CAREFUL..
- when it detect the Sality Virus ... Please CHOOSE disinfect.
Never CHOOSE Delete. or else all your program inside your PC will disappear because sality infect all your .EXE program files and system files.
If u choose to delete, nothing is working on ur PC after that...

Restore printer Spool service after Bulubebek Infection

2009-04-24T18:02:00.000-07:00

First Of all you need to remove the Bulubebek infection,

Click Here and Please follow this step

then after that,

*let assume that the Bulubebek infection is clean and your PC is not infect with another virus*

to restore your Print spool Service :-

1. click Start > Run
2. type services.msc and hit
3. On right Panel of Services, try to find Print Spooler service and make sure it's Started.
4. If the Print Spooler service is not listed,
5. click Start > Run
6. type regedit and hit
7. On left panel of Registry Editor, Expand
HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > Spooler

8. on the right panel, you should see Start and Type. Delete both of this key.
9. create new key by right clicking on the right panel, select New
10. Select DWORD Value. rename it as Start.
11. Double click it and add value 2 and base Hex
12. create new key by right clicking on the right panel, select New
13. Select DWORD Value. rename it as Type.
14. Double click it and add value 110 and base Hex
15. you should get like this :

16. Reboot your PC.

Restore Audio after Bulubebek Infection

2009-04-24T17:06:00.000-07:00

First Of all you need to remove the Bulubebek infection,

Please follow this step

then after that,

*let assume that the Bulubebek infection is clean and your PC is not infect with another virus*

to restore your PC's audio :-

1. click Start > Run
2. type services.msc and hit
3. On right Panel of Services, try to find Windows Audio service and make sure it's Started.
4. If the Windows Audio service is not listed,
5. click Start > Run
6. type notepad and hit
7. Copy the Script below and save it as audio.reg (save it on c:\):-

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AudioSrv]
"DependOnService"=hex(7):50,00,6c,00,75,00,67,00,50,00,6c,00,61,00,79,00,00,00,\
52,00,70,00,63,00,53,00,73,00,00,00,00,00
"Description"="Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start."
"DisplayName"="Windows Audio"
"ErrorControl"=dword:00000001
"Group"="AudioGroup"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AudioSrv\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
61,00,75,00,64,00,69,00,6f,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,\
00
"ServiceDllUnloadOnStop"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AudioSrv\Enum]
"0"="Root\\LEGACY_AUDIOSRV\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

8. Run the file by double click it (
9. click Yes
10. Reboot your PC

Download Audio.Reg

2.BAT Cloaked Malware

2009-04-11T03:33:00.000-07:00

File Behavior

• The Process is packed and/or encrypted using a software packing process
• Executes a Process
• Writes to another Process's Virtual Memory (Process Hijacking)
• This process creates other processes on disk
• This Process Deletes Other Processes From Disk
• Creates a new Background Service on the machine
• Injects code into other processes
• Copies files
• Registers a Dynamic Link Library File

2.BAT also:

• Created as a process on disk
• Deleted as a process from disk
• Executed as a Process
• Has code inserted into its Virtual Memory space by other programs
• Added as a Registry auto start to load Program on Boot up

also using the following file names:

• 1.BAT
• 44546234.SVD
• 3.BAT
• 52632502.SVD
• OLHRWEF.EXE
• 32616742.SVD

File Activity

One or more files with the name 2.BAT creates, deletes, copies or moves the following files and folders:

• Creates c:\windows\system32\drivers\klif.sys
• Deletes c:\windows\system32\drivers\klif.sys
• Deletes c:\windows\system32\olhrwef.exe
• Deletes c:\windows\system32\nmdfgds0.dll
• Creates c:\windows\system32\nmdfgds0.dll
• Deletes c:\2.ba
• Copies filec:\windows\system32\olhrwef.exe to c:\2.ba
• Deletes c:\autorun.in
• Creates c:\autorun.in
• Deletes d:\2.ba
• Copies filec:\windows\system32\olhrwef.exe to d:\2.ba
• Deletes d:\autorun.in
• Creates d:\autorun.in
• Deletes c:\docume~1\user\locals~1\temp\help1.rar
• Creates c:\docume~1\user\locals~1\temp\help1.rar
• Creates c:\docume~1\user\locals~1\temp\help.exe
• Deletes c:\docume~1\user\locals~1\temp\help.exe
• Copies filec:\docume~1\user\locals~1\temp\help.exe to c:\windows\system32\olhrwef.exe
• Deletes c:\windows\system32\nmdfgds1.dll
• Creates c:\windows\system32\nmdfgds1.dll

Registry Activity

One or more files with the name 2.BAT creates or modifies the following registry keys and values:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run cdoosoft C:\WINDOWS\system32\olhrwef.exe

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Hidden value:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ShowSuperHidden value:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer NoDriveTypeAutoRun [REG_DWORD, value: 00000091]

Website Activity

One or more files with the name 2.BAT interacts with the following web sites and pages. Web addresses have been deliberately modified to prevent unintentional use.

• TCP:127.0.0.1:1056 Port:17
• Port 80 IP:221.1.204.243
• TCP:127.0.0.1:1064 Port:17

TCP/IP

2009-04-03T05:29:00.002-07:00

Also Known as Internet Protocol suite or Networking Model. TCP/IP model Is Set of communications protocols used for the Internet and other similar networks. Divided to 4 layer protocol.

Application Layer Protocol

* Computer program will talk to the Application layer. Each kind of program talks to a different Application protocol, depending on the program purpose such as SMTP or FTP.

* After processing the program request, the protocol on the Application layer will talk to another protocol from the Transport layer, usually TCP.

Transport Layer

* Transport Layer in charge of getting data sent by the upper layer, dividing them into packets and sending them to the layer below.

* Also, during data reception, this layer is in charge of putting the packets received from the network in order and also checking if the contents of the packets are intact.

Internet Layer

* IP (Internet Protocol) gets the packets received from the Transport layer and adds virtual address information.
- the address of the computer that is sending data.
- the address of the computer that will receive this data.

* Then the packet is sent to the lower layer.

Network Access

* The Network Access Layer will get the packets sent and send them over the network.

OR

* Receive the packets from the network and send it to Internet Layer.

Computer Operating System

2009-04-03T05:29:00.001-07:00

Definisi

Koleksi program2 komputer yg menyatukan sumber2 hardware komputer tersebut (tetikus, pencetak, peranti storan dan ingatan) & membolehkan sumber2 hardware sentiasa bersedia digunakan oleh pengguna.

Membenarkan pengguna mengakses komputer secara produktif, tepat pada masa & efisyen.

Dgn kata lain, bertindak sbg org tengah di antara pengguna dgn sistem komputer.

Konsep

Berfungsi sbg pengurus sistem, mengawal setiap h/ware & software serta bertindak sbg antaramuka antara pengguna & sistem.

OS mengandungi koleksi2 program di mana ianya bekerjasama secara berkumpulan utk m’laksanakan pelbagai jenis tugas.

Fungsi OS

Menyediakan antaramuka kpd penggun utk menggunakan komputer.

Terdpt 2 jenis antaramuka : antaramuka baris-perintah dan antaramuka grafik.

a)Antaramuka baris-perintah : pengguna perlu menaip perintah. OS yg b’asaskan baris perintah ialah MS-DOS.

 Cth : C:\> copy c:\myfile a:\yourfile

 Baris perintah mengarahkan komputer utk menyalin satu fail dr cakera keras C ke cakera liut A.
 Antaramuka baris perintah lebih sesuai utk pengguna mahir.
 OS spt Unix dan Linux juga menggunakan baris perintah.
 Antaramuka baris perintah semakin kurang digunakan ttp masih digunakan dlm sistem kerangka utama * sistem pelayan yg menggunakan platform Unix.

b)Antaramuka grafik : bergantung kpd perisian berasaskan grafik yg membolehkan teks disepadukan dgn imej grafik.

 Antara komponen dlm antaramuka grafik ialah icon, kotak dialog & menu.
 Cth perisian yg menggunakan antaramuka grafik ialah BeOS, Macintosh dan Windows.
 Pengguna GUI berinteraksi dgn OS dan lain2 pakej perisian dgn menggunakan peranti penuding spt tetikus dan papan kekunci utk memasukkan arahan.
 GUI byk memudahkan pengguna krn tdk perlu utk menghafal dan memasukkan semua arahan rumit spt antaramuka baris perintah.

Mengurus Perkakasan :

Perkakasan adalah seperti peranti input (tetikus, papan kekunci, pengimbas), peranti output (pencetak, skrin, audio, video), storan sekunder (cakera keras) dan ingatan utama (RAM)

OS berfungsi utk menyelaras dan menjejaki/mengikuti aturcara mana yg memerlukan perkakasan mana.

Menguruskan sistem fail cakera keras

OS menguruskan perjalanan data dari komponen input (papan kekunci) kepada output (monitor)

OS menguruskan perjalanan data dari storan sekunder kepada ingatan utama serta dari ingatan utama ke storan sekunder.

Menguruskan proses atau perjalanan perisian lain :

Andaikan perlaksanaan satu perisian sbg satu proses. Jika pengguna menggunakan 3 perisian serentak (cth menghasilkan grafik dgn Adobe Photoshop, melayari Internet dgn IE & mendengar muzik menggunakan Windows Media Player) maka terdapat 3 proses yg berbeza sedang dilaksanakan dlm komputer.

OS bertanggungjawab agar ketiga-tiga proses tersebut berjalan lancar dan tdk berlaku apa2 yg boleh menyebabkan pemprosesan komputer tergantung.

 Fungsi OS yang lain :

1. Utk membantu interaksi antara komputer dan pengguna.
2. Utk membantu komunikasi antara komponen2 komputer
3. Utk mengurangkan masa bg menjalankan arahan pengguna.
4. Utk mengoptimakan penggunaan sumber sistem komputer
5. Utk menjejak semua fail dlm storan cakera
6. Utk memastikan keselamatan kpd sistem komputer
7. Utk memantau semua aktiviti sistem dan memberi amaran kpd pengguna tentang sebarang masalah pd sistem.

Ciri-ciri OS

1. Multitugasan
2. Multipengguna
3. Multipemproses
4. Kelompok/Batch
5. Ingatan Maya

Multitugasan

 Keupayaan sesuatu sistem komputer utk mengendalikan lebih dr satu tugasan pd satu masa scr serentak.
 Membolehkan seorg pengguna melaksanakan tugasan baru tanpa perlu keluar dr tugasan yg sedang dilaksanakan dan menggunakan hasil dari tugasan kedua dalam tugasan pertama.
 Cth : pengguna boleh menghasilkan carta dlm MS Excel semasa menggunakan MS Word dan memasukkan carta tersebut dlm dokumen yg sedang ditulis iaitu dlm MS Word.

Computer External Storage

2009-04-03T05:27:00.000-07:00

STORAGE DEVICES

• Optical Drive
• Hard Drive
• Floppy Drive
• Network Attachment Storage (NAS)

OPTICAL DRIVE

• CD-ROM
• CD-R
• CD-RW
• DVD-ROM
• DVD-R
• DVD-RW

Both technologies (CD-R and CD-RW) use a small laser in the drive to record.

New on the market are CD-Rs that burn reliably at up to 16X speed and discs that can hold up to 700MB of data, rather than the more common 650MB.

When buying media, make sure that you match the media speed to that of your drive. Trying to burn an 8X CD-R at 12X is a sure way to ruin a disc.

Most CD-RW drives come with both software to burn a CD-R and packet-writing software, which lets you use a CD-RW just the same way that you use a hard or floppy disk, dragging and dropping files to the disc.

CD-ROM

• uses laser technology.
• It contains of text, graphic, video and sound.
• Read Only means that data cannot be erased or modified.
• For a computer to read the items on a CD-ROM, you must place it into a CD-ROM drive.
• A CD-ROM can hold up to 700 MB of data.
• CD-ROM drive speed influence the quality of display and it is measured by its data transfer rate, which is the time it takes the drive to transmit data from CD-ROM.

CD-RECORDABLE (CD-R)

• Allows the user to read data on all format CD.
• Allows user to write on a compact disc using own computer.
• Data can be written on discs in stages.
• Stored data cannot be deleted. User must have CD-R software and also CD-R drive to use it.

CD-REWRITABLE (CD-RW)

• Allows the user to read data on all format CD.
• Allows the user to write on multiple times.
• To use it user must have CD-RW software and CD-RW drive.

DVD-ROM

• A high-capacity compact disc ranges 4.7 GB to 17 GB data. Suitable to store large items such as video.
• In order to read a DVD-ROM the user must have a DVD-ROM drive or DVD player.

• Finally, some DVD- ROMs are double-sided. The user must remove the DVD-ROM and turn it over to read the other side.
• Available in a variety of formats, one of which stores digital or audio data.

DVD- RECORDABLE (DVD-R)

• Allows user write once on it and read it many times.
• Specifications (e.g)
• Capacity - 4.7GB
• Speeds (DVD) - 2x write/ 1x rewrite/ 6x read
• Speeds (CD) - 8x write/ 8x rewrite/ 24x read
• Interface - IEEE 1394
• Buffer Size - 2 MB
• Access Time - 180-200 ms
• Warranty - 1 Year

System Requirements:
(e.g)
For Windows Users
• 800 MHz processor or greater
• 128MB of RAM
• Built-in FireWire port

For Macintosh Users
• G4
• 128MB of RAM
• Built-in FireWire port

HARD DRIVE

• Hard disks store the majority of information on today's modern computer.
• Can be stored and delete.
• The hard disk retains information stored on it, with or without power.
• Hard Drive capacity is measured in GigaBytes, or 1 million megabytes (MB).
• Hard Drives connect to the motherboard (or sometimes an expansion card) through one of two special interfaces:
1. Integrated Drive Electronics (IDE)
2. Small Computer Systems Interface (SCSI, pronounced "scuzzy").

How a hard disk works

• Most hard disks have multiple platters stacked on top of one another and each platter has two read/write heads, one for each side.
• The hard disk has arms that move the read/write heads to the proper location on the platter.
• The location of the read/write heads often is referring to by its cylinder. Cylinder is the location of a single track through all platters.
• While the computer is running, the platters in the hard disk rotate at a high rate of speed. Usually 5,400 to 7,200 revolutions per minute.
• Access time is from 5 to 7 milliseconds, can be increased with disk caching. Cache Disk is a portion of memory that the CPU uses to store frequently accessed items.

REMOVABLE HARD DISK

• Can be inserted and removed from a hard disk drive
• Advantages:
– Used to store larger files
– To do backup
– For data security issue, user can remove the hard disk and leaving no data on the computer for secret files.
• Networks, minicomputers and mainframe computers often use disk packs.
• Disk Packs is a collection of removable hard disks mounted in the same cabinet.

Maintaining data stored on a hard disk

• Hard disk came lasts somewhere between three and five years, although many last much longer with proper care.
• To prevent the loss of items stored on a hard disk, you should perform preventative maintenance such as defragmenting or scanning the disk for errors.
• Operating systems such as Windows XP provides many maintenance utilities.

FLOPPY DISKS

• A floppy or diskette is a portable, inexpensive storage medium that consists of a thin, circular, flexible plastic disk enclosed in a square-shaped plastic shell.
• The term portable means the storage medium can be moved from one computer to another computer.
Floppy disk drive is a device that can read from and write to a floppy disk.

HIGH-CAPACITY FLOPPY DISKS

• Can store large files containing graphics, audio or video.
• To make a backup. Backup is a duplicate of an original file and can be used if the original is lost or damaged.
• SuperDisk™ drive with capacity 120MB is developed by Imation.
• Sony Electronics Inc. has developed HiFD™ (High Capacity FD) with capacity 200 MB.
• Zip® drive developed by Iomega Corporation, with capacity 250 MB.

Network Attachment Storage (NAS)

• Traditional methods of solving a problem of shortage of disc space (extension of a capacity of a server's disc subsystem or a purchase of a new server)
• The NAS technology was developed as an alternative to universal servers carrying a lot of functions (printing, applications, fax server, e-mail etc.).

• NAS servers implement only one function - a file server function, thus fulfilling it better, simpler and faster.
• Advantages of the NAS:
1. Easy installation and administration
2. Lower cost
3. Access restriction standards support
4. Universality for clients (one server can service MS, Novell, Mac, Unix clients)
5. Support for the most of backup copying programs
6. Possibility to access data in case a master server is out of order
7. Transmission of huge amount of information (multimedia, presentations etc.)

STORAGE SOLUTION
• Data Replication & Mirroring
• Email Archiving
• Hot Failover
• IP Based Storage

EMAIL ARCHIVING

• An e-mail archive is a repository kept in a non-production environment to provide secure retention of messages for compliance and operational purposes.
• It is not good policy to treat backups made for disaster recovery as archives.
• It makes sense to establish the difference between archives and backups in everyone's mind and in day-to-day practice.
• Use backups to restore e-mails at users' request
• Keep backups for long periods of time
• To search tapes in response to an opponent's discovery request.
• On the other hand, backups used solely for business continuity and routinely overwritten at short intervals — say, 90 days or less — have a fighting chance to be excluded from legal discovery.

HOT FAILOVER

• Failover is a backup operational mode in which the functions of a system component (such as a processor, server, network, or database, for example) are assumed by secondary system components when the primary component becomes unavailable through either failure or scheduled down time.

• Used to make systems more fault-tolerant, failover is typically an integral part of mission-critical systems that must be constantly available.

• The procedure involves automatically offloading tasks to a standby system component.

• Failover can apply to any aspect of a system:

1. Personal computer : for example, failover might be a mechanism to protect against a failed processor

2. Network; failover can apply to any network component or system components, such as a connection path, storage device, or Web server.

Computer Server

2009-04-03T05:26:00.000-07:00

Merupakan computer software application yang menjalankan beberapa tugas(i.e. menyediakan perkhidmatan)

Khusus untuk penyimpanan data

Menyediakan kemudahan yang mahal. Cth : pencetak pantas, e-mail, remote login

Direka untuk menyediakan prosesan maklumat kepada berbilang pengguna dan melaksanakan berbilang aplikasi program secara serentak.
Membenarkan > 100 pengguna untuk berinteraksi dengan sistem komputer secara serentak.

Kelebihan :
1.Kurangkan kos keseluruhan pusat komputer utk membeli peranti dan persisian komputer.
2.Komputer pelayan tidak memerlukan sebarang peranti I/O sekiranya terdapat penyambungan ke rangkaian.

Client Server

 Komputer Pelanggan & Pelayan (client/server) diperlukan dlm rangkaian Pelanggan/Pelayan.

 Satu atau lebih komputer sebagai komputer pelayan (server). Selebihnya sbg komputer pelanggan (client).

 Komputer pelayan mengawal capaian ke atas perkakasan & perisian termasuk perkongsian ruang storan untuk menyimpan data & maklumat.

 Setiap komputer perlu ada NIC (Network Interface Card) utk membolehkan setiap komputer dihubungkan di antara satu sama lain.

 Komputer pelayan perlu dipasang sistem pengendalian rangkaian. Cth : Window Server 2003, Window NT

Local Area Network

Server Type

 Jenis-jenis komputer pelayan :
1. Pelayan Aplikasi
2. Pelayan Tahap Masukan
3. Pelayan Web
4. Pelayan E-mel
5. Pelayan Kerangka Utama
6. Pelayan Kerangka Pertengahan.

Pelayan Aplikasi (Application Server)

 Merupakan pelayan dalam rangkaian komputer untuk melarikan (running) beberapa aplikasi perisian.

 Bertindak sebagai perantara (middleware) kepada program lain

 Berkomunikasi dengan web pada borang HTML dan XML, menghubungkan beberapa database dan menghubungkan sistem dgn peralatan yang tidak dapat diwarisi oleh pelayan aplikasi.

 Cth : Portal adalah mekanisma pelayan aplikasi yg paling biasa di mana orgn tersebut yg akan mengurus maklumat.

Pelayan Mel Elektronik (E-mail Server)

 Set up sistem mesej yang membenarkan pengguna untuk menggunakan aplikasi mel elektronik over LAN atau Internet

 Contoh :Yahoomail, Hotmail

Pelayan Web (Web Server)

 Merupakan host apabila menggunakan/melarikan salah satu daripada multiplatform servers.

 Contoh : Apache HTTP Server

 Contoh client : IE,Netscape, Mozilla Firefox

Pelayan Kerangka Utama (Mainframe Server)

 Merupakan komputer pelayan yang sangat besar dan berkuasa tinggi.

 Digunakan untuk mengawal urusan perniagaan yang besar.

 Juga dipanggil "Enterprise Servers" atau "Super Computers."

 Mengandungi bebrapa CPU, memory, dan disk drive.

 hot-swapable power supplies (mudah alih power supply) , and uninterrupted power supplies yang semuanya terpasang terus pada mesin.

 Syarikat yang terlibat dalam mengeluarkan pelayan jenis ini ialah IBM, Sun Microsystems, HP, SGI

Pelayan Julat Pertengahan

 VAX (Virtual Address eXtension) ialah pelayan yang dilancarkab oleh Digital Equipment Corporation (DEC).
 VAX mengandungi pemproses 32-bit dan virtual memory.
 Bersaing dengan Hewlett-Packard dan IBM computers dalam small enterprise dan pasaran university-scientific.
 Pada masa sekarang, pelayan jenis ini lebih dekenali sebagai minicomputer.
 Kini, VAX dan pesaing-pesaingnya menjual "servers" untuk tujuan rangkaian perniagaan yang menggunakan client/server computing model.

Pelayan Tahap Masukan

 Contoh Server Matrix
 Lebih berkeupayaan untuk mengendalikan high traffic websites dan processor intensive applications
 Mampu menyelesaikan masalah datacenter facilities dan tier-one network.

Computer RAID

2009-04-03T05:21:00.000-07:00

RAID

 RAID is an acronym for "Redundant Array of Inexpensive Disks".

 Configuration for multiple hard drives which provide fault tolerance and improved data access times.

 RAID was traditionally only found in the domain of servers

 But inexpensive IDE RAID solutions now mean many desktop computers can benefit from the same data redundancy, and performance increases for applications like video editing.

Implement RAID

 RAID is a technology that uses multiple hard drives to increase the speed of data transfer to and from hard disk storage.

 Also to provide instant data backup and fault tolerance for any information you might store on a hard drive.

 The hard drives are joined in an array (a single logical drive, as far as the operating system is concerned) and all disks share the data written to them in some form.

 There are several different implementations, or 'levels' of RAID, ranging from RAID 0 to RAID 53.

RAID array:

 A group of hard drives linked together as a single logical drive.

 Must be connected to one or more hardware RAID controllers

 or be attached normally to a computer using a RAID capable operating system, such as Windows XP Professional.
Striping:

 A procedure in which data sent to a RAID array is broken down and portions of it written to each drive in the array.

 This can dramatically speed up hard drive access when the data is read back, since each drive can transfer part of the data simultaneously.

 Striping data on two or more drives actually reduces reliability

 If a single drive in the array fails, all data is lost as each physical hard disk only contains a fragment of the data which is useless without the rest.
Mirroring:

 A procedure in which data sent to a RAID array is duplicated and written onto two or more drives at once.

Parity & Common Types of RAID

 In the majority of RAID implementations, a whole drive, or an area of one or more of the drives in the array is dedicated to storing parity information.

 Each time a bit of information (a digital 1 or 0) is written to every drive in a striped RAID array, an additional parity bit is generated and stored.

 If one of the data drives fails, a new drive can be added and by comparing the information present on the surviving data drive with the corresponding parity information from the parity drive,

 The missing information can be written onto the replacement drive a bit at a time.

 RAID technology began as a method to provide additional data security to business servers

 Many of the RAID levels are still almost exclusively used in the business domain, due to the cost of the required hardware.

 Since the lower levels of RAID are easily implemented on modern computers and need only a pair of drives and a RAID-capable drive controller (hardware) or operating system (software)

 RAID 0 and RAID 1 implementations have become common in the high end desktop/PC

 RAID 0 is used to gain additional performance from conventional drives by pairing them up

 While RAID 1 provides a very simple and effective form of backup by duplicating or 'mirroring' all data on a second drive.

Types of RAID

 Most Hardware RAID controllers intended for the enthusiast or small business markets support only three levels of RAID; RAID 0, 1 and 0+1.

 These are the only levels of RAID that do not require the use of parity, as this feature adds greatly to the complexity and expense of the controller.

RAID 0

• RAID 0 uses multiple hard drives to stripe data over one large logical drive.

• While there are physically two drives, the computer logically sees just one.

• The RAID 0 configuration is typically used when there are data-intensive applications because it offers the fastest data access, though no redundancy

 RAID 0 can essentially combine two hard drives into one using striping, and greatly increase the speed that the drives transfer data.

 This has one obvious disadvantage. There is no fault tolerance.

 If any drive fails, all the data is lost.

RAID 1

• Fault tolerance is the cornerstone of RAID 1.

• In this configuration, two identical physical drives are used, with one drive mirroring the information on the other.

• A RAID 1 configuration is ideal for data redundancy, though storage is more costly as only 1/2 the total drive space of both hard drives is available.

 A mirrored disk array is composed of a set of two physical hard drives, each of which contains a full copy of all data sent to the logical drive that represents the array.

 This has a couple of advantages :

1. Any data stored on a RAID 1 array is completely and automatically backed up, and in the event of the failure of one drive, the other can be substituted without a hitch.

2. Secondly, data can be read from both drives simultaneously, increasing the speed of data retrieval.

 In the event one of the drives in the array fails, a new drive can be added, the array rebuilt, and the RAID controller will duplicate the information onto the new blank drive.

 The disadvantage of RAID 1 is that unlike striping, a mirrored array can use only half of its total free space for storage, since one disk is an exact duplicate of the other.

RAID 1+0

 This RAID level combines the best features of RAID 0 and 1. (Striped array with mirroring)

 It requires a minimum of four physical drives to implement, so it is not cheap.

 Essentially, two pairs of striped drives are mirrored together to provide fault tolerance.

 The mirroring provides the fault tolerance, though if any drive is lost, it must be immediately replaced and the array rebuilt, since it cannot handle the loss of more than one drive.

 Intended for business use, these levels of RAID use the parity system as explained above to provide varying levels of fault tolerance.

 RAID solutions at this level generally come as an add-in controller card or a dedicated storage rack and are intended to work hand-in-hand with hot-swappable hard drive mountings.

 With this setup, any failed drives can be swapped out for new ones on the fly, and the missing data quickly restored by using the parity data.

Hardware & Software RAID

 Depends on your means and expectations.

 Windows XP Pro at least, much easier to set up and much more flexible in terms of disk use than a hardware based system.

 A second factor to consider is whether you want your operating system disk to be part of the RAID array you create?

 The software solution provided by Windows 2000 or XP as it is easier and cheaper.

Using RAID :

 To store a high capacity of data

 Suitable for server

 A system back up

 Many level of RAID from RAID 0 to RAID 53

Computer Sound & Graphic Card

2009-04-03T05:15:00.000-07:00

What is sound card

• Sound cards are special expansion cards enabling computers to play audio.

• Consist of one or more chips used to convert digital sound data to analog sounds played through the speakers.

• 2 types of sound card :

a. built-in sound card

b. sound card in the motherboard.

Built-in sound card

• Built-in on the computer system.

• External speakers are not required.
Sound card on the motherboard

• And external speaker are required.

• The sound jack(PS/2 for speaker) are needed to connect the external speaker and the motherboard.

• All the PCs used these sound cards.

• Used for laptop/notebook

Graphic Card

• Enable to use Graphic Standard.

• To appear the video graphic on the screen

What is a Bus?

• Signal Pathways

• A way of passing information between components inside and outside the computer.

• A modular way of expanding the functions or capabilities of the computer.

PC Bus Architectures

• ISA
• MCA
• EISA
• VL-Bus
• PCI
• AGP
• PC Card

Peripheral Component Interconnect (PCI)

• Developed for Pentium-class processors
• 32-bit and 64-bit data path versions
• 33-MHz Clock
• Processor Independent
• Plug and Play with Bus Mastering

Accelerated Graphics Port (AGP)

• Developed for high speed graphics cards
• Frees the PCI bus from making video transfers
• Used only for video cards
• Considered a port rather than a bus
• 66 MHz, 32-Bit

Computer Cooling

• Cooling vents are usually in the front and rear of the case, but in some newer cases can be elsewhere as well.

• These allow air to be circulated by the power supply fan and any auxiliary fans used by the case.

• The most common location of additional cooling fans is the front of the case, opposite the main power supply fan, but some larger cases have cooling fan mounting locations in many places.

• These cases use plastic ducts or tubes to concentrate air flow in a specific direction, which may help the fans do a better job than would be accomplished through standard case air convection.

• The devices that require the cooling aspects :

1. Processor
2. Computer case

Your PC

2009-04-03T05:13:00.002-07:00

Windows vs. Mac vs. Linux - Windows vs. Mac has long been a perennial debate, and it's still a personal decision as to whether that OS is right for you. But now desktop Linux is on the rise, complicating things even further. It's all very confusing, but here's some advice: Don't jump from Windows to a Mac or Linux without spending a little hands-on time with the OS, either at a physical store or a friend's house. Both are very similar to Windows in many ways, but some substantial differences remain. I regularly recommend both alternatives for readers, but not unless they've experienced Mac OS or Linux in the flesh first.

Desktop vs. Laptop - Most people know this answer coming in, but many are still confused about whether they should go portable. A key issue is price: Expect to pay an extra $500 for a comparably equipped laptop vs. a similar desktop (sans monitor). Is that premium worth it to you for the extra mobility? If so, make the jump to laptop. Don't forget, though: Your laptop will be dead after anywhere from one to three years of use, depending on how rough you are with it. A good desktop PC will last you five years or more, and even longer with appropriate upgrades.

CPU - I'm assuming we're talking a Windows Vista or XP PC from here on out, as that represents the vast majority of computer buyers. (Linux and Mac PCs have far fewer choices when it comes to specs, so just roll with what's available.) As for CPU, right now Intel Core 2 Duo is the way to go, especially on laptops. The AMD Athlon 64 or Phenom are still solid choices for desktops, especially if you're on a budget. Don't get Celeron- or Sempron-based systems if you can help it. Also, it's not worth buying the very fastest CPU on the market. A good rule of thumb is to get a CPU that is two rungs down from the top, speedwise. You'll be getting great performance at a very good price.

RAM - This one's easy. In the Vista world, you need 2GB of RAM. Less will slow down your computer. More will do you no additional good. Don't worry about the speed of the RAM, cache, front side bus, or any of that stuff.
Hard Drive - Even an entry-level drive is more than enough for most people, unless you do loads of video editing on your computer. Even starter computers usually come with 250GB of hard drive space or more now. Upgrade as you need it.

Optical Drive - Unless you are set on high-definition DVD, a dual-layer DVD writer (standard on most machines now) is all you need.

Graphics - Unless you're spending under about $1,000 (laptops) or $600 (desktops), avoid integrated or "shared" graphics. They will noticeably slow your system under Vista and any gaming will be impossible. You don't need to break the bank to get a good graphics card; an Nvidia GeForce 8500GT supports DirectX 10 and can be found for a mere $70, for example. PC makers tend to offer only a couple of video card options with new computers, so get what you can afford, Nvidia or ATI, as long as it's DirectX compatible.

Laptop Screen Size - 15.4-inch laptops are the mainstream now. You'll find the best deals on machines at this size. However, plenty of smaller options abound, at 14 inches, 13.3 inches, and even smaller, but I personally find the lack of screen real estate makes me less productive below 15.4 inches. Again, it's up to you... and remember that those sexy ultraportables have stripped-down components (to keep them light) and can cost much more than larger laptops. 17-inch laptops (aka "desktop replacements") are another option, but they are not terribly feasible if you travel with them.

Choosing Your Computer

2009-04-03T05:13:00.001-07:00

How to Choose a PC
In today's market, there are almost infinite variables when choosing a PC. How can you choose a PC when you walk into any computer store and there are 5-10 major brands that all seem similar other than slight appearance and incentives? As I stated in the processors article, most of the big guys use proprietary equipment that is slow, detrimental to your computers longevity and does not leave cost effective options for upgrading. I will be ignoring any and all computers with proprietary equipment. I feel they are an insult to consumers and take advantage of an overcrowded market with underhanded marketing tricks. Most do not even offer support anymore, they outsource it to the lowest bidder, usually overseas. Choosing a PC can be tricky because of all the confusing information made available. I know most of you are not going to read all my articles on components, but I suggest reading Buss Speed and Motherboards, as they are very relevant and informative to choosing a new PC. Your goal is a well balanced PC. By balance I mean that the transfers inside the computer are all the correct speeds to make sure the information from component to component can flow smoothly and not get stuck, causing bottlenecks, backups and lag. Picture your PC as a network of pipes. What will happen if you have a big 4" pipe flowing at full capacity into a small 2" pipe? It will not slow down for the 2" pipe, it will backup and flood. Same with PCs, the data will flood the components and finally cause them to freeze, cause blue screens and other critical errors. I’m going to teach you two things:One of them is that ANY PC can do the basic features. Trading pictures, photo editing, music etc... I will show you the statistics that determine how well they do these functions and what software and operating systems control the features. Also a PC, even purpose built, can and will do other things, it just may perform better at its purpose.The other is how to identify and buy a well balanced PC that will lower the total cost of ownership. What this means is that I will show you how to build a PC that will last upwards of five to seven years (over the two year average of most proprietary builders) before it becomes "to slow". We will start with a question.

What do you use your PC for?

Gaming Computers:
This is the majority of our customers. You want fast, high resolution gaming for cheap. But you also seem to want bragging rights. We see the component lists and wish lists on the forums from retailers showing your builds and the choices are made almost strictly on model numbers and marketing, instead of performance. This is bad. We also see you make huge cuts in components to make room for a video card that is way too large for the PC. This will not get you more performance. It will actually overwork the rest of your choking components and lag you more. We constantly see computers with some fast components built at home that score lower then our Gamer LvL 1 in Future Mark tests. This is because of the dangers of a build at home environment versus a clean room, and the fact that you are not choosing balanced components.

Business Computers:
This were we see a lot of people get victimized. Business PCs do not have to be that powerful in most cases, but they need to be reliable and able to stand up to constant data changing, long hours and multiple users with little or no updates. You want a tank, not a Ferrari. Keep in mind tanks can cruise at 40-60 miles per hour on any terrain, so they are not slow. You also want to lower your total cost of ownership with low electric usage from computers that will last for years and offer low cost upgrading options.

Home Computers:
Home users actually have it easy. Most component makers are so caught up in the war to be the fastest, you can use almost anything and be very happy with the performance. The problem lies when companies sell low priced stuff targeted to your market. This is usually "to good to be true" items. There is a minimum cost for building a PC, anything less is a lot less then you want. Component prices usually only change three times. They come out priced high, then settle when their competitor releases a competing product, then finally go to their final pricing when newer technology replaces it. Thats where they sit for about a year or two until they become obsolete. When this happens any leftover components are sold at an extremely reduced cost to free up space. This is not a bargain sale! This is outdated stuff that cannot survive in todays environment, if it could, it would still be on the shelf! I know it sounds like I contradicted myself because L2 claims our computers last 5-7 years, but our components choice usually stay on the shelf for 3-5 years. See the problem here? You are buying almost a decade old component!

Now You are ready to choose your PC
The basis for any good PC is a solid motherboard and PSU (power supply unit). You should demand a specification sheet on the motherboard to see if supports the processor that is included with the PC. Motherboards will run faster processors then they can support, but only at the maximum supported speed. So if you buy a computer with 3.2MHz processor and a 1333FSB (Front Side Buss) and the motherboard only supports 2.8 with a 1066FSB, it will run the 3.2, but at 2.8/1066. Is the PSU that important if I don't plan to upgrade? Yes! This is a common belief that is very wrong. While it is true you should plan ahead if you ever want to upgrade, making sure the PSU has enough power and the proper connections, it is also true you should check it out even if you don't plan to upgrade. A lot of companies just assume you will never push your PC hard enough make the PSU work. But over time as the PC gets bogged down and/or the internet updates the latest java or flash programs you use every day while browsing, the PSU is now stressed all the time. As the PSU becomes stressed it will cause locking, freezing, lagging etc., and it is extremely hard to trace these symptoms back to the PSU. This will seriously decrease the time you own the PC. Look for a PSU that is 80+ certified, or use the Thermaltake power supply calculator HERE and add about 40% if it's not 80+ certified (80+ means that is 80% efficient or better). So if it says 500watts you get 400, unlike some lesser quality PSUs that will give much less. Other notable statistics:Processing power measured in MHz. For example: 3.2MHz.How important is processing power? The sad answer is not very for most users. While it is the heart of the computer because everything does need to be processed at some point, it is not what I call a "choke point". A choke point is my name for the weakest part of the component or PC, that part that is most likely to cause lag and delays. Processing speed has not changed for some time. What has changed is how many cores (or mini processors are inside one physical chip). We see dual and quad core a lot now. So that same 3.2 MHz processor is essentially two 3.2 MHz processors or a 6.4 in the case of dual core. This is still not the most important statistic. The FSB (Front Side Buss) is by far the most important and most crucial decision. Also the cache (pronounced cash) will speed up processes, but only if your RAM can support it (I will explain later).The FSB is how much information your processor can accept at one time. The more information that comes in, the more information that is processed and sent out, then the faster the rest of your components can do their job. The processor can be as fast as it wants, but if you can't get the information into the processor then you are wasting your money.

RAM
measured in MB or GB (GB = 1000MB)

This is the director of traffic for your PC. This has to be fast enough to transfer all the internal information to where it needs to go, while having enough power to make sure it reads the data and sends it to the right place. This is where a lot of people get cheap, especially gamers. People want the highest quad core processor, with a massive FSB and cache, but no RAM to get the data to it. The most notable statistics of RAM are the MHz, CL and DDR rating (example: 2 GB of 800 MHz CL3 DDR2). Ram is extremely technical, so I will oversimplify this. The DDR can be thought of as a bandwidth benchmark. DDR stands for double data rate, so it is essentially double the bandwidth, or transfer rate, of the previous model that was SDR (Single Data Rate). DDR2 is another improvement to bandwidth, as is DDR3. There are changes to voltage and architecture, but for the sake of just choosing a PC, I will stick to the easy meat and potatoes of the deal. So the higher the DDR number and the MHz the better right? No, sorry, not that easy. There is the CL to consider also. The CL is the amount of time it takes to get information into the chip, process it and get it back out. So we need to factor four variables. Cost, bandwidth, processing power and CL. Best general advice is to have enough of it. This would be a budget minded decision. Gamers need to pay closer attention to CL, although it still should be a factor for everyone else. I usually recommend half of the motherboards maximum RAM. So if your motherboard can handle 8GB, I would recommend 4GB. This is very general, but a good guideline.

Video Card
Is a video card is necessary? The answer is no. If your processor and RAM are strong enough and your onboard video chip has the proper drivers, shaders, DX level etc., you can replicate the results of a video card. Gamers and home users are the ones that get victimized by this the most. Yes, home users. Just because you don't play games, doesn't mean you don't want to pay attention to graphics, and gamers put all their emphasis on the video card, which is also wrong. A video card is a small computer that is dedicated to rendering video and video effects. The problem is that this information must be still be processed by the rest of the computer. If you were to take the fastest video card out and put it in a mid level computer, your PC would choke and be very slow. The key to choosing the proper video is balance. For a home user, you want to make sure you have good drivers, features and capable resolution. Think about how many monitors you will be running also, make sure your video can handle it and can handle the resolution. For gamers. Pay attention to the specs, not the model number. Stop buying a video card that is more than the PC can handle. Pick a budget and pay attention to RAM and the FSB of the processor, not the processing power itself as this means very little to a gamer. Then fit a video card with good transfers into the budget last to assist those components. A video card is made to assist, not dominate.

Hard Drive
Hard drive usually gets some attention because most people want to be able to store all their information. However, even the most famous online builders, ignore speed. The things we pay attention to are the RPMs of the drive (7200RPM for example), but ignore the transfer rate and cache of the drive. Everything you load comes from the HDD and goes into the RAM, no exceptions. Look for a fast transfer and nice buffer on the HDD, this, in some cases, will be faster than platter speed.

Summary
We hope this has been informative. The market is dominated by lies, deception and marketing to the point where even benchmark software can be a lie. A computer can be programmed to do anything, even appear more than it is. Your only defense is education. I know, who wants to learn everything?!

But look at this way: You do own and will buy another computer. Compare our computer to a proprietary build of the same price. Not only will our computer runs circles around it in performance, you will (on average) keep our computer 150% longer then the proprietary. We look at that as 150% cheaper.

There are very few of us left that haven't been run out, bought up or simply bullied off the net by the powers that be. If you don't like us, please contact us so that we may refer you to another boutique company and help keep freedom of industry truly free.

How To Choose Your Computer

2009-04-03T05:11:00.000-07:00

First, you should decide what you are going to use the computer for. Then, you need to mind the configurations and your budget.

Computers are getting really inexpensive these days. Buy the most powerful computer your budget allows is always a good idea.

Computer prices do go down with time. However, that doesn't mean that you should wait forever to use it, to learn from it, and, most of all, enjoy it. Computer is the best investment money can buy now! Why do I say that, knowing that the value of a computer goes down significantly with time? What a computer can help you is limitless.

The most powerful computers these days are for gamers, servers, and rocket scientists. The priority is probably true in that order.

Do not buy a so-called "name-brand" or "major-brand" if upgrading may be on your mind a couple of years down on the road. These brands are specifically designed to hook you on buying only their highly priced components to maximize their 40-60% profit margin. Most "clone" makers are operating only with a 5-25% margin. Go figure where you could save money. Besides, most major PC makers are not really "manufacturers." They are just "box-makers" -putting components together- like every body else.

Clone or house-brands are often based on open structures, which means easier and cheaper upgrading, using "universal" components. You pretty much can go anywhere to have the computer served, upgraded, or repaired.

You should consider putting a computer together yourself only if you have some computer knowledge and some spare time. It is not that easy the first time. However, it does get easier once you have started. The satisfaction you get from putting a computer together is difficult to describe with words. Besides, you could sell a few of them and try to become the next Michael Dell. Who knows…

Rule of thumb: It is a better deal to buy a new one instead of upgrading an old one if the old one is more than three years old.

If all you need to do is word processing, spreadsheet, home finance, some basic windows games, e-mails, and browsing the Internet, you are an average user. Nothing really "high end" is needed. Consider a mid-grade computer that includes 350-500MHz microprocessor, 32 or 64 MB of memory, 8MB video, 4-8GB hard drive, 56K Modem, and any sound card. A 15” or larger monitor is recommended.

Servers are a lot more complex than any other computer systems. Normally servers should have as high a CPU speed as possible, preferably Pentium III microprocessor with 512K cache, a minimum of 128MB memory and 9.1GB or higher hard disk drives, often SCSI along with a network adapter. SCSI hard drives are better designed for simultaneous data access and not limited to just four hard drives as their IDE counterpart. Since servers rarely deal with a complex graphics, a 4 or 8MB video card would do the job, unless it is a Terminal Server. Use a large case with tons of cooling. Don't forget an uninterruptible power supply (UPS) and a tape backup drive to protect your data and investment. Well, the price tag could go up quickly.

Designing a gaming computer is more fun than anything. Currently high-end and hardware-demanding games include QuakeII, QuakeIII, Hexen, StarCraft and Half-Life. These games run well only on intense gaming engines. Go with top of the line processor, such as 500-600MHz, Pentium III or AMD K6-3. Take a minimum of 128MB Memory and at least 8.4GB hard drive. IDE with ultra DMA/ATA66 is OK. The deciding factor is the video card for all the 3D actions. You need the best video card your budge allows! Examples are STB Voodoo3 3500, ATI-128, and Matrox G400 with 16-32MB video memory. A DVD drive is a must these days. Depending on how the end-user plans to game you might need a network adapter or a modem. PC gaming is a lot of fun, so be sure design a computer that you can enjoy it for a long time. Do get a nice sound card. For game machines, do not even think about systems with integrated components such as video and audio. You will hate it when the next version of your favorite game is released.
If you are choosing a computer for normal office work, only the mid-range computer is necessary. I actually recommend Intel Celeron for workstations. Celeron is quite more inexpensive with less cache than their Pentium cousins but is almost equally powerful. You really do not need that much cache for word processing, spreadsheet, and e-mail. Consider 350-500MHz, 64MB, 4-8GB hard disk drive and 4-8GB video card

1 April Worm Attack (this is not april fool)

2009-03-31T03:10:00.000-07:00

KETERANGAN ANCAMAN

Nama dan Jenis Ancaman
Worm W32.downadup.KK [Trend Micro]
W32.Downadup.C [Symantec]
Worm:W32/Downadup.DY [F-Secure]
Win32/Conficker.C [Computer Associates]
Mal/Conficker-B [Sophos]

Tarikh Dikesan
18 Mac 2009

Bilangan Agensi Terlibat

Semua agensi yang menggunakan sistem pengoperasian Microsoft Windows
Sistem Pengoperasian/Aplikasi Berisiko

* Ms Windows 95
* Ms Windows 98
* Ms Windows NT
* Ms Windows Me
* Ms Windows XP
* Ms Windows 2000
* Ms Windows Vista
* Ms Windows Server 2003

Kaedah Serangan

i. Worm W32.downadup.KK merebak dengan mengeksploitasi kelemahan pada
sistem pengoperasian Microsoft Windows yang tidak dilengkapi dengan
tampalan keselamatan (security patch) MS08-067.
ii. Worm ini dipercayai akan mula aktif pada 1 April 2009. Ia akan
menyerang komputer dengan cara:
a. Connects to various time servers to determine the current date and
time.
b. Register itself as a system service to ensure auto execution every
startup.
c. Deletes a registry key to prevent system startup in safe mode.
d. Terminates security-related processes (i.e. procexp, regmon,
autoruns, gmer etc.)
e. Blocks access to security and antivirus websites.
f. Generates 50,000 malicious URLs and attempts to connect to
around 500 random generated URLs at a time.

Kesan Serangan

i. Worm ini boleh menyebabkan serangan/pencerobohan yang lebih parah ke
atas komputer/server memandangkan ia mampu mematikan ciri-ciri keselamatan
pada komputer/server.

Cadangan Tindakan Pengukuhan

i. Memasang patch MS08-067 dari Microsoft
(http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx).
ii. Memastikan perisian antivirus dilengkapi dengan virus signature yang
terkini dan jalankan full system scan.
iii. Memastikan semua storan mudah alih (removable storage) di imbas
terlebih dahulu sebelum digunakan; cth: USB drive, mobile hard disk, dll.
iv. Memastikan HIPS dan perlindungan buffer overflow diaktifkan.
v. Memastikan imbasan masa sebenar (real-time scanning) dan imbasan 'on
write' diaktifkan

Maklumat Lanjut

1.http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DOWNAD.KK&VSect=T
2.http://www.sophos.com/security/analyses/viruses-and-spyware/malconfickerb.html
3.http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx

Virus Bulu Bebek Removal

2009-03-23T04:31:00.000-07:00

Bulubebek Virus
Main File :

:\Autorun.inf
:\bulubebek.ini

Virus Running Process

Script.exe
LSASS.exe

Virus Simptom

Duplicate every folder on Drive and change it to .EXE file with ‘folder’ Icon.
Hide the origin folder on Drive.
Hide Task Manager & Folder Option on your PC.

Remove Bulubebek Virus.
* Assume that your PC is infected by bulubebek virus Only(this step is useless if your PC is infected with multiple virus infection)

1. Disconnected From Internet (LAN or Wireles)
2. Turn Off System Restore
3. Use Third party software such as Process Explorer or Security Task Manager, to View and Kill process tree for LSASS.exe and Script.exe.
*delete
- c:\windows\LSASS.exe
- c:\windows\LSASS.ini
- c:\windows\system32\SCRIPT.exe
- c:\windows\system32\SCRIPT.ini

4. Repair Windows registry using this script:

[Version]
Signature="$Chicago$"
Provider=Vaksincom Oyee

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"
HKLM, SYSTEM\ControlSet001\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SYSTEM\ControlSet002\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SYSTEM\CurrentControlSet\Control\SafeBoot, AlternateShell,0, "cmd.exe"
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, UncheckedValue,0x00010001,1
HKLM, SOFTWARE\Microsoft\Command Processor, AutoRun,0,
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, CheckedValue, 0x00010001,1
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, DefaultValue, 0x00010001,2
HKCU, Software\Microsoft\Command Processor, AutoRun,0,

[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NOFind
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NORun
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAYXX.exe
HKCU, Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\HideFileExt
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\ShowFullPath
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\ShowFullPathAddress
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SuperHidden
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools

5. Copy and paste this script into Notepad and save it as Removebulubebek.inf.
6. Right Click Removebulubebek.inf and Click install.
7. LogOff and Logon Computer.
8. ‘Show Hidden file and folder’ on your Folder Option.
9. Delete autorun.inf and bulubebek.ini on your drive (Drive C, Drive D, Removable Drive)
10. Search and remove virus duplication file by using ‘Windows Search”.
Duplication file always
• using ‘folder’ icon,
• 53Kb in size,
• .EXE file,
• File Type ‘Application’

11. To unhide the origin folder on your drive (Drive C, Drive D, Removable Drive)

• Use ATTRIB –s –h –r /s /d On Command Prompt,

c:\ ATTRIB –s –h –r /s /d
Or
d:\ ATTRIB –s –h –r /s /d
Or
:\ ATTRIB –s –h –r /s /d

its done ... as simple as that .. unless u'r facing a multiple virus infection

there is a few time, im facing a multiple virus infection (bulubebek,sality & 2.bat) .. its a bit disaster but i managed to remove it by using safemode or administrator account.

for Vista user,
if bulubebek infected ur pc, u will not enter ur desktop(u will only see dark screen), it is because ur system cannot run 'explorer.exe' after the virus added value 'SCRIPT.exe' at the back of it on winlogon shell. so what i always do is :-

1. press CTRL-ALT-DEL and run task manager,
2. on menu bar, click FILE -> NEW TASK (RUN)
3. type explorer.exe to enter your desktop
4. after entering ur desktop, follow the step i show u earlier ...

Download RemoveBulubebek.inf

Download process explorer.exe

Net-Worm.Win32.Kido

2009-02-25T19:30:00.000-08:00

Details

This malicious program exploits the MS08-067 vulnerability to spread via network resources and removable storage media.

This modification of the worm is a Windows PE DLL file. The file is 158110 bytes in size. It is packed using UPX.

Infection

The worm copies its executable file with random names to the following directories:

%System%\dir.dll
%Program Files%\Internet Explorer\.dll
%Program Files%\Movie Maker\.dll
%All Users Application Data%\.dll
%Temp%\.dll
%System%\tmp
%Temp%\.tmp

is a random string of symbols.

In order to ensure that the worm is launched next time the system is started, it creates a system service which launches the worm’s executable file each time Windows is booted. The following registry key will be created:

[HKLM\SYSTEM\CurrentControlSet\Services\netsvcs]

The name of the service will be created from combining words from the list below:

Boot
Center
Config
Driver
Helper
Image
Installer
Manager
Microsoft
Monitor
Network
Security
Server
Shell
Support
System
Task
Time
Universal
Update
Windows

The worm also modifies the following system registry key value:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "netsvcs" = " %System%\.dll"

The worm hides its files in Explorer by modifying the registry key value shown below:

[HKCR\ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = "dword: 0x00000002"
"SuperHidden" = "dword: 0x00000000"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue" = "dword: 0x00000000"

The worm flags its presence in the system by creating the unique identifier shown below:

Global\%rnd%-%rnd%

Propagation

In order to spread quickly via networks, the worm uses tcpip.sys functions to increase the number of potential network connections.

The worm connects to the servers shown below in order to determine the external IP address of the victim machine:

http://www.getmyip.org
http://www.whatsmyipaddress.com
http://www.whatismyip.org
http://checkip.dyndns.org

The worm then launches an HTTP server on a random TCP port; this is then used to download the worm's executable file to other computers.

Copies of the worm have the extensions listed below:
.bmp
.gif
.jpeg
.png

The worm gets the IP addresses of computers in the same network as the victim machine and attacks them via a buffer overrun vulnerability (MS08-067) in the Server service. The worm sends a specially crafted RPC request to TCP ports 139 (NetBIOS) and 445 (Direct hosted SMB) remote machines on remote machines. This causes a buffer overrun when the wcscpy_s function is called in netapi32.dll, which launches code that downloads the worm's executable file to the victim machine and launches it. The worm is then installed on the new victim machine.

The worm then hooks the NetpwPathCanonicalize API call (netapi.dll) to prevent buffer overruns caused by the absence of a check on the size of outgoing strings. By doing this, the worm makes repeat exploitation of the vulnerability impossible.

In order to speed up propagation, the worm modifies the following registry value:

[HKLM\ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"TcpNumConnections" = "dword:0x00FFFFFE"

In order to exploit the vulnerability described above, the worm attempts to connect to the Administrator account on the remote machine. It searches the network for an appropriate machine and gets a list of users.

In order to gain administrator access, the worm copies itself to the following shared folders:

\\*\ADMIN$\System32\.
\\\IPC$\.

The worm can then be launched remotely or scheduled for remote launch using the following commands:

rundll32.exe ,

Spreading via removable storage media

The worm copies its executable file to all removable media under the following name:
:\RECYCLER\S-<%d%>-<%d%>-%d%>-%d%>-%d%>-
%d%>-%d%>\.vmx, rnd is a string of random lower case letters; d is a random number; X
is the disk

In addition to its executable file, the worm also places the file shown below in the root of every disk:
:\autorun.inf

This file will launch the worm's executable file each time Explorer is used to open the infected disk.

When launching, the worm injects its code into the address space of one of the “svchost.exe” system processes. (The worm may also write its code to the “explorer.exe” and “services.exe” processes.) This code delivers the worm's main malicious payload and:

1. disables the following services:
2. Windows Automatic Update Service (wuauserv)
3. Background Intelligent Transfer Service (BITS)
4. Windows Security Center Service (wscsvc)
5. Windows Defender Service (WinDefend, WinDefender)
6. Windows Error Reporting Service (ERSvc)
Windows Error Reporting Service (WerSvc)
7. blocks access to addresses which contain any of the strings listed below:
8. nai
9. ca
10. avp
11. avg
12. vet
13. bit9
14. sans
15. cert
16. windowsupdate
17. wilderssecurity
18. threatexpert
19. castlecops
20. spamhaus
21. cpsecure
22. arcabit
23. emsisoft
24. sunbelt
25. securecomputing
26. rising
27. prevx
28. pctools
29. norman
30. k7computing
31. ikarus
32. hauri
33. hacksoft
34. gdata
35. fortinet
36. ewido
37. clamav
38. comodo
39. quickheal
40. avira
41. avast
42. esafe
43. ahnlab
44. centralcommand
45. drweb
46. grisoft
47. eset
48. nod32
49. f-prot
50. jotti
51. kaspersky
52. f-secure
53. computerassociates
54. networkassociates
55. etrust
56. panda
57. sophos
58. trendmicro
59. mcafee
60. norton
61. symantec
62. microsoft
63. defender
64. rootkit
65. malware
66. spyware
virus

In Windows Vista, the worm will disable autoconfiguration of the TCP/IP stack in order to speed up propagation via network channels by using a fixed window size for TCP packets:

netsh interface tcp set global autotuning=disabled
The worm also hooks the following API calls (dnsrslvr.dll) in order to block access to the list of user domains:

DNS_Query_A
DNS_Query_UTF8
DNS_Query_W
Query_Main
sendto

The worm may also download files from links of the type shown below:
http:///search?q=<%rnd2%>

rnd2 is a random number; URL is a link generated by a special algorithm which uses the current date. The worm gets the current date from one of the sites shown below:

http://www.w3.org
http://www.ask.com
http://www.msn.com
http://www.yahoo.com
http://www.google.com
http://www.baidu.com
http://www.myspace.com
http://www.msn.com
http://www.ebay.com
http://www.cnn.com
http://www.aol.com

Downloaded files are saved to the Windows system directory under their original names.

Removal Guide

If your computer does not have an up-to-date antivirus solution, or does not have an antivirus solution at all, you can either use a special removal tool (which can be found here or follow the instructions below:
More details about the vulnerability can be found here:
http://www.kaspersky.ru/support/wks6mp3/error?qid=208636215
Or follow the instructions below:

1. Delete the following system registrykey:
[HKLM\SYSTEM\CurrentControlSet\Services\netsvcs]

2. Delete “%System%\.dll” from the system registry key value shown below:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"

3. Revert the following registry key values:
[HKCR\ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = "dword: 0x00000002"
"SuperHidden" = "dword: 0x00000000"
to
[HKCR\ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = "dword: 0x00000001"
"SuperHidden" = "dword: 0x00000001"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue" = "dword: 0x00000000"
to
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue" = "dword: 0x00000001"

4. Reboot the computer.

5. Delete the original worm file (the location will depend on how the program originally penetrated the victim machine).

6. Delete copies of the worm:

7. %System%\dir.dll

8. %Program Files%\Internet Explorer\.dll

9. %Program Files%\Movie Maker\.dll

10. %All Users Application Data%\.dll

11. %Temp%\.dll

12. %System%\tmp
%Temp%\.tmp
is a random string of symbols.

13. Delete the files shown below from all removable storage media:

:\autorun.inf
:\RECYCLER\S-<%d%>-<%d%>-%d%>-%d%>-%d%>-%d%>-
%d%>\.vmx,

Trojan-PSW.Win32.OnLineGames.sxa / Kavo.exe

2008-12-09T19:00:00.000-08:00

Details

This malicious program is a Trojan. It is a Windows PE EXE file. It is 118103 bytes in size.

Infection

The Trojan copies its executable file to the Windows system directory:

%System%\kavo.exe

In order to ensure that the Trojan is launched automatically each time the system is restarted, the Trojan registers its executable file in the system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"kava" = "%System%\kavo.exe"

The Trojan also extracts the file shown below from its body:

%System%\kavo0.dll

This file is 114176 bytes in size. It will be detected by Kaspersky Anti-Virus as Trojan-GameThief.Win32.OnLineGames.szc.

The Trojan also extracts the file shown below from its body:

%Temp%\.dll

This file is 29815 bytes in size. It will be detected by Kaspersky Anti-Virus as Trojan-GameThief.Win32.OnLineGames.stcw.

The Trojan loads the .dll file to all processes launched in the system.
The Trojan intercepts mouse and keyboard events if any of the processes below have been launched:

maplestory.exe
dekaron.exe
gc.exe
RagFree.exe
Ragexe.exe
ybclient.exe
wsm.exe
sro_client.exe
so3d.exe
ge.exe
elementclient.exe

It sniffs traffic sent to the following addresses:

61.220.60.***
61.220.62.***
61.220.56.***
61.220.62.***
203.69.46.***
220.130.113.***

It does this in an attempt to harvest account data for the following games:

ZhengTu
Wanmi Shijie or Perfect World
Dekaron Siwan Mojie
HuangYi Online
Rexue Jianghu
ROHAN
Seal Online
Maple Story
R2 (Reign of Revolution)
Talesweaver
and some other games. The Trojan also analyses the configuration files of the games above and attempts to harvest information about gamers' accounts on the web
server.

Harvested data is sent to the remote malicious user's site.

The Trojan also modifies the following system registry key parameter values:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Fol
der\Hidden\SHOWALL]
"CheckedValue" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = "2"
"ShowSuperHidden" = "0"

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Pocilies\Explorer]
"NoDriveTypeAutoRun" = "0x91"

The Trojan also attempts to terminate the following processes:
KAV
RAV
AVP
KAVSVC

The Trojan also has worm functionality, making it able to propagate via removable storage media. The Trojan copies its executable file to the root of each drive as follows:

:\n6j.com
indicates the relevant disk.

In addition to its executable file, the Trojan also places the file shown below in the root directory of every disk:
:\autorun.inf

This file will launch the Trojan executable file each time the user opens the infected disk using Explorer.

Removal Guide
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

1. Delete the following file:
%System%\kavo.exe

2. Reboot the computer.

3. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).

4. Delete the following system registry key parameter:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"kava" = "%System%\kavo.exe"

5. Restore the original system registry key values:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Fol
der\Hidden\SHOWALL]
"CheckedValue" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = "2"
"ShowSuperHidden" = "0"

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Pocilies\Explorer]
"NoDriveTypeAutoRun" = "0x91"

6. Delete the following file:
%System%\kavo0.dll

7. Empty the temporary directory (%Temp%).

8. Delete the files shown below from all removable disks:
:\n6j.com
:\autorun.inf
stands for the letter of the removable disk.

Trojan-Downloader.JS.Small.fi

2008-12-09T18:49:00.000-08:00

Details

This Trojan downloads other files via the Internet and launches them for execution on the victim machine. The program is an HTML page which contains Java Script scenarios. It is 1432 bytes in size.

The Trojan downloads a file from the URL shown below by exploiting a vulnerability (CVE-2006-1359) in the processing of "createTextRange" in Microsoft Internet Explorer:

http://195.62.***.21/a.exe

The Trojan saves this file to its working directory as shown below:

%WorkDir%\a.exe

The downloaded file will then be launched for execution.
At the time of writing, the link was not active.

Removal Guide

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

1. Use Task Manager to terminate the process shown below:
a.exe

2. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).

3. Delete the following file:

%WorkDir%\a.exe

4. Delete all files from %Temporary Internet Files%.

Trojan-Downloader.Win32.Delf.cgx

2008-10-27T18:23:00.000-07:00

Tecnical Details

This Trojan downloads other files via the Internet and launches them for execution on the victim machine without the user’s knowledge or consent. It is a Windows PE EXE file. It is 48128 bytes in size. It is packed using PECompact. The unpacked file is approximately 131KB in size. It is written in Delphi.

Simpton

Once launched, the Trojan downloads files from the following URL:

http://paginas.terra.com.br/*****/down2/code.jpg
http://paginas.terra.com.br/*****/down1/lzma.jpg
http://paginas.terra.com.br/*****/down1/branch.jpg
http://paginas.terra.com.br/*****/down1/7z2.jpg
http://paginas.terra.com.br/*****/down1/7z.jpg

These files will be saved to the Windows root directory as follows:

%WinDir%\krn.7z
%WinDir%\7z\Codecs\lzma.dll
%WinDir%\7z\Codecs\branch.dll
%WinDir%\7z\Formats\7z.dll
%WinDir%\7z\7z.exe

The saved files are then launched for execution

Removal instructions

1. Use Task Manager to terminate the Trojan process.

2. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).

3. Delete the following files:

%WinDir%\krn.7z
%WinDir%\7z\Codecs\lzma.dll
%WinDir%\7z\Codecs\branch.dll
%WinDir%\7z\Formats\7z.dll
%WinDir%\7z\7z.exe

4. Delete all files from %Temporary Internet Files%

Trojan-Downloader.Win32.Banload.dcd Virus

2008-09-02T16:58:00.000-07:00

This Trojan downloads other files via the Internet and launches them for execution on the victim machine without the user’s knowledge or consent. It is a Windows PE EXE file. It is 113152 bytes in size. It is not packed in any way. This Trojan is written in Visual Basic.

INSTALLATION

Once launched, the Trojan copies its body to the Windows program files directory as "lsass.exe":

%Program Files%\Microsoft Studio Files\lsass.exe

In order to ensure that the Trojan is launched automatically each time the system is rebooted, the Trojan registers its executable file in the system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]

"lsass" = "%Program Files%\Microsoft Studio Files\lsass.exe"

The Trojan then creates a command interpreter file called "vcdg.bat" in the same directory:

%Program Files%\Microsoft Studio Files\vcdg.bat

It writes the following strings to this file:
netsh.exe firewall add allowedprogram PROGRAM="%Program Files%\Microsoft Studio
Files\lsass.exe" NAME="Session Win32" MODE=ENABLE PROFILE=ALL

In doing so, the Trojan modifies the configuration of the Windows XP firewall, permitting any network activity created by the malicious process.

"%Program Files%\Microsoft Studio Files\vcdg.bat" is then launched for execution.

PAYLOAD

Once installed, the Trojan downloads files from the following URLs:

http://www.club-vw.cl/*****/modules/subsmanager/api_apache.tar
http://www.*****-consult.net/rcss.res
http://www.photo-*****.ru/images/exhibition_moll2005_file0031.jpg

At the time of writing, these links were not active.

http://www.cemm*****ac.at/img/nav/plus19a_RO.jpg

This file is 2603325 bytes in size. It will be detected by Kaspersky Anti-Virus as Trojan-Spy.Win32.Banbra.bak.

Files which are downloaded are saved to the Trojan's installation directory under random names and launched for execution.

REMOVAL GUIDE

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

1. Use Task Manager to terminate the Trojan process.

2. Delete the following system registry key parameter:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"lsass" = "%Program Files%\Microsoft Studio Files\lsass.exe"

3. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).

4. Delete the following directory and its contents:
%Program Files%\Microsoft Studio Files

5. Delete all files from %Temporary Internet Files%.

Ingin Mengetahui Meningkatkan Traffik bagi perniagaan internet anda???

Ingin Mengetahui Cara untuk Menjadi 'Pria Terhebat' ??????

Ingin Mengetahui Rahsia Membuat Duit Tanpa Modal Dengan Google Adsense???

Ingin Mengetahui bagaimana caranya individu menjana pendapatan lumayan melalui Internet???

Backdoor.Win32.Agent.ich

2008-08-27T19:44:00.000-07:00

Details
This Trojan provides a remote malicious user with access to the victim machine. It is a Windows PE EXE file. It is 48640 bytes in size. It is packed using UPX. The unpacked file is approximately 360KB in size.

Installation

The Trojan extracts the following file from its body:
%System%\aspimgr.exe

This file is 73728 bytes in size. Kaspersky Anti-Virus does not detect this file as malicious.

The original file will then be deleted.

The backdoor creates a service called "Microsoft ASPI Manager" which ensures the backdoor executable file will be launched each time the victim machine is restarted.
The Trojan launches a HTTP proxy server on the victim machine on TCP port 80. It then sends notification that the victim machine has been infected to the addresses shown below:

66.199.241.98
82.103.140.75
203.117.175.124
72.21.63.114
66.232.102.169
66.96.196.53

It does this by sending HTTP requests. Once infected, the victim machine becomes part of a zombie network and can be used to send spam or to conduct DoS attacks.

The backdoor creates the following log files:

%WinDir%\ws386.ini
%WinDir%\db32.txt
%WinDir%\s32.txt
%WinDir%\f32.txt

It creates the following registry key:

[HKLM\SOFTWARE\Microsoft\Sft]

and saves its configuration to this key.

Removal Guide

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

1. Use Task Manager to terminate the malicious process

2. Delete the following registry key:

[HKLM\SOFTWARE\Microsoft\Sft]

3. Delete the "Microsoft ASPI Manager" service.

4. Delete the following files:

%WinDir%\ws386.ini
%WinDir%\db32.txt
%WinDir%\s32.txt
%WinDir%\f32.txt
%System%\aspimgr.exe

Tips about How to Choose Computer

Check Out

http://choosingcomputer.blogspot.com

Trojan.Win32.Agent.dcc

2008-08-27T19:37:00.000-07:00

Once launched, the Trojan copies its executable file as shown below:
%System%\drivers\runtime.sys

In order to ensure that the Trojan is launched each time the system is started, it creates a system service called "Runtime" which launches the Trojan executable file each time Windows is booted. The following registry key will be created:

[HKLM\System\CurrentControlSet\Services\runtime]

Once installed, the Trojan deletes its original file.

This Trojan has a malicious payload. It is a Windows PE EXE file. It is 20480 bytes in size.

The Trojan contains a rootkit driver which masks the presence of Trojan files on the hard disk, and also the presence of the files listed below:

%System%\ntoskrnl.exe
%System%\ntkrnlpa.exe
%System%\ntkrnlmp.exe
%System%\ntkrpamp.exe

It also masks the presence of processes related to these files.
The Trojan also launches a hidden process called "iexplore.exe". It injects its code into this process, which will then download files from the following addresses:

208.66.194.***
66.246.252.***
208.66.195.***
74.53.42.***
74.53.42.***

Downloaded files will be saved as:

%TEMP%\.exe

with standing for a random sequence of numbers.

Once downloaded, the files will be launched for execution.

Removal Guide

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

1. Use Task Manager to terminate the malicious program’s process.

2. Delete the following system registry key:

[HKLM\System\CurrentControlSet\Services\runtime]

3. Delete the following file:

%System%\drivers\runtime.sys

4. Delete the contents of %Temp%

Tips about How to Choose Computer

Check Out

http://choosingcomputer.blogspot.com

DriveGuard.exe Or FlashGuard.exe Virus

2008-08-26T16:12:00.000-07:00

This virus also known as Worm.Win32.Autoit.au - kaspersky, this worm tries to impersonate a friendly application one that wants to protect your removable drives from other pieces of malware.

It also includes a readme file that reads:
"This tiny software is used to protect removable storage devices from
worms that are spread from one PC to another. "

But at the same time it will download backdoor files..

You can locate the virus at c:\Program Files\FlashGuard\FlashGuard.exe only if you unhide hidden files already(How to Unhide Hidden Files Guide)

The malicious file would copy itself to :

c:\Program Files\FlashGuard\FlashGuard.exe
c:\Program Files\FlashGuard\ReadMe.txt
c:\DocumentsandSettings\**UserProfile\LocalSettings\Temp\DriveGuard.tmp.exe
c:\DocumentsandSettings\**UserProfile\LocalSettings\Temp\gHmpg.tmp.exe

It create folders in your pendrive & copy itself to :

f:\System\Security\DriveGuard.exe *
f:\autorun.ini *

*[f:\] drive letter could vary depend on how Windows assign/mount your pendrive

Create startup launcher(Registry) :

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\FlashGuard

To see these virus you must set Windows to show hidden files - Guide

Removal Guide :

Press Ctrl+Alt+Del to open 'Task Manager', select FlashGuard.exe & click 'End Process'

You can browse to the folder mentioned above or you can find it quickly by using 'Search' feature(Start Menu>>Search). In the search box type, flashguard.exe or flashguard. Don't hit the search button yet..

Scroll down & expand 'More Advanced Options'.Check the all the box as you see in the screenshot below & hit 'Search' button..

Delete all the files found..

Also serch for .tmp.exe, delete DriveGuard.tmp.exe & gHmpg.tmp.exe files found..

The virus files can easily recognized with pendrive like icon..

Your pc now clean from the virus, since the virus load at startup, it left an entry in your registry, you can delete it in registry or you can go to Start Menu>>Run, type msconfig & click 'Ok'.

Select 'Startup' tab, select & uncheck FlashGuard. Click 'Apply' to take effect..

Delete Registry Entry : Go to Start Menu>>Run, type regedit & click 'Ok'
Browse to :
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\FlashGuard
Select FlashGuard, right-click on it & delete..

FlashGuard.exe cleaned..
If you new on manually on removing virus, this guide also useful for other type of virus too, especially the type that infecting removable drive(pendrive/flashdrive/memory card). It also depend on how strong the viruses, some viruses replicate itself with random/different file name(hard to find). As you can see FlashGuard.exe replicate itself as DriveGuard.tmp.exe & gHmpg.tmp.exe.

system.exe backdoor spyware

2008-08-26T15:41:00.000-07:00

System.exe is a Backdoor W32.Spybot.OBB.
System.exe spreads by e-mail and via network shares.
System.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site
Related files :

"c:\Windows\system.exe" or "c:\Windows\system32\system.exe"

Solution :

1. update your antivirus and scan it ... ehehehe
2. Manual Removal

MANUAL REMOVAL
Step 1: Use Windows File Search Tool to Find system.exe Path

1. Go to Start > Search > All Files or Folders.
2. In the "All or part of the the file name" section, type in " system.exe" file name(s).
3. To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
4. When Windows finishes your search, hover over the "In Folder" of " system.exe", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete system.exe in the following manual removal steps.

Step 2: Use Windows Task Manager to Remove system.exe Processes

1. To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
2. Click on the "Image Name" button to search for " system.exe" process by name.
3. Select the " system.exe" process and click on the "End Process" button to kill it.

Step 3: Detect and Delete Other system.exe Files

1. To open the Windows Command Prompt, go to Start > Run > cmd and then press the "OK" button.
2. Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
3. To change directory, type in "cd name_of_the_folder".
4. Once you have the file you're looking for type in del "name_of_the_file".
5. To delete a file in folder, type in "del name_of_the_file".
6. To delete the entire folder, type in "rmdir /S name_of_the_folder".
7. Select the " system.exe" process and click on the "End Process" button to kill it.

Tips About Choosing Your Computer
Check Out

http://choosingcomputer.blogspot.com

Virus "81u3f4nt45y - 24.01.2007 - Surabaya”

2008-08-26T02:54:00.000-07:00

Jika anda dipaparkan dengan message seperti dibawah setiap kali anda menghidupkan komputer anda bererti anda sudah terkena virus:

“Surabaya in my birthday
Don’t kill me, i’m just send message from your computer
Terima kasih telah menemaniku walaupun hanya sesaat, tapi bagiku sangat berarti
Maafkan jika kebahagiaan yang kuminta adalah teman sepanjang hidupku
Seharusnya aku mengerti bahwa keberadaanku bukanlah disisimu, hanyalah lamunan dalam sesal
Untuk kekasih yang tak kan pernah kumiliki 3r1k1m0″

Cara untuk membuang virus pesanan ini:

1.klik ke start-> run kemudian taip regedit dan enter.

2.Setelah program register editor muncul, sila klik urutan berikut pada window kiri :

“HKEY_LOCAL_MACHINE” -> “SOFTWARE” -> “Microsoft” -> “Windows NT” -> “Current Version” -> “WinLogon”.

dibahagian kanan window, delete item “LegalNoticeCaption” dan “LegalNoticeText”.

3. selesai

Tips About Choosing Your Computer
Check Out

http://choosingcomputer.blogspot.com

HOW TO REMOVE PC-OFF.BAT Trojan

2008-08-26T02:42:00.000-07:00

1. Open "task manager" by pressing CTRL-ALT-DEL. Under tab 'processes', select 'password_viewer.exe' or 'bar311.exe' or 'photo.zip.exe' and Click ‘End Process’

2. Open "register editor"( click 'START’--> ‘RUN’ , type “regedit”) .

• GO TO ‘HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon’

FIND KEY
"Userinit" = C:\WINDOWS\system32\userinit.exe,bar311.exe"
----> remove value ‘bar311.exe’ ONLY!!!!
OR
"Userinit" = C:\WINDOWS\system32\userinit.exe,photo.zip.exe"
----> remove value ‘photo.zip.exe’ ONLY!!!!
OR
"Userinit" = C:\WINDOWS\system32\userinit.exe,password_viewer.exe"
----> remove value ‘password_viewer.exe’ ONLY!!!!

*/DO NOT REMOVE “USERINIT.EXE” VALUE OR “USERINIT” KEY, OR ELSE YOUR PC CANNOT ENTER YOUR WINDOWS/*

• GO TO ‘HKEY_CURRENT_USER \software\microsoft\windows\currentversion\explorer\advanced’
Change Value data for Key As Shown Below :-

"Hidden"=dword:00000001 (1) - Change to ‘1’
"HideFileExt"=Dword:00000000 (0) - Change to ‘0’
"ShowSupperHidden"=Dword:00000001 (1) – Change to ‘1’

• GO TO
‘HKEY_CURRENT_USER \software\microsoft\Command Processor’

FIND KEY

"autorun=c:\windows\pc-off.bat"
-----> Remove "c:\windows\pc-off.bat" or Delete autorun key

. go to ThumbDrive DRIVE(Do not doubleclick the drive,Use Address panel to view file inside DRIVE)

4. delete - autorun.inf
password_viewer.exe
bar311.exe
photo.zip.exe

5. Open Notepad and Type -

@echo off
del /a /f c:\windows\bar311.exe
del /a /f c:\windows\password_viewer.exe
del /a /f c:\windows\photo.zip.exe
del /a /f c:\windows\pc-off.bat
pause

6. Save As "remove.bat"

7. Run remove.bat

8. GO TO
C:\Windows\

Find bar311.exe OR password_viewer.exe OR photo.zip.exe OR pc-off.bat and delete it.

Tips About Choosing Your Computer
Check Out

http://choosingcomputer.blogspot.com