Monday, December 22, 2008
Monday, December 15, 2008
Resetting Internet Explorer Home Page and Search Page
This procedure restores the Internet Explorer home page and search page to the default settings.
Close all Internet Explorer windows.
Open Control Panel. Click Start>Settings>Control Panel.
Double-click the Internet Options icon.
In the Internet Properties window, click the Programs tab.(Note: If you are running Internet Explorer 7 (IE7), click the Advanced tab.)
Click the Reset Web Settings... button.(Note: On IE7, click the Reseta? button. Note that by doing this, you are resetting IE back to its default settings.)
Select Also reset my home page. Click Yes.
Click OK.
Close all Internet Explorer windows.
Open Control Panel. Click Start>Settings>Control Panel.
Double-click the Internet Options icon.
In the Internet Properties window, click the Programs tab.(Note: If you are running Internet Explorer 7 (IE7), click the Advanced tab.)
Click the Reset Web Settings... button.(Note: On IE7, click the Reseta? button. Note that by doing this, you are resetting IE back to its default settings.)
Select Also reset my home page. Click Yes.
Click OK.
Deleting Malware-created AUTORUN.INF/s
Right-click Start then click Search... or Find..., depending on the version of Windows you are running.
In the Named input box, type:AUTORUN.INF
In the Look In drop-down list, select a drive, then press Enter.
Select the file, then open using Notepad.
Check if the following lines are present in the file:[autorun]open=wscript.exe system32.dll.vbsAction=Open Removable Driveicon=%windir%\system32\shell32.dll,8shell\explore\command=wscript.exe system32.dll.vbsshell\explore=Exploreshell\open\command=wscript.exe system32.dll.vbsshell\open=Open
If the lines are present, delete the file.
Repeat steps 3 to 6 for AUTORUN.INF files in the remaining removable drives.
Close Search Results.
In the Named input box, type:AUTORUN.INF
In the Look In drop-down list, select a drive, then press Enter.
Select the file, then open using Notepad.
Check if the following lines are present in the file:[autorun]open=wscript.exe system32.dll.vbsAction=Open Removable Driveicon=%windir%\system32\shell32.dll,8shell\explore\command=wscript.exe system32.dll.vbsshell\explore=Exploreshell\open\command=wscript.exe system32.dll.vbsshell\open=Open
If the lines are present, delete the file.
Repeat steps 3 to 6 for AUTORUN.INF files in the remaining removable drives.
Close Search Results.
Restoring Registry Entries
Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:HKEY_CURRENT_USER>Control Panel>Desktop
In the right panel, locate the entry: Wallpaper = "%System%\7mevj_beeuser_.html"
Right-click on the value name and choose Modify. Change the value data of this entry to your preferred value.
In the left panel, double-click the following:HKEY_CURRENT_USER>Software>Microsoft>Windows> CurrentVersion>Explorer>Advanced
In the right panel, locate the entry: ShowSuperHidden = "0"
Right-click on the value name and choose Modify. Change the value data of this entry to: 1
In the left panel, double-click the following:HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT> CurrentVersion
In the right panel, locate the entry: RegisteredOrganization = "Da Seeker Inc."
Right-click on the value name and choose Modify. Change the value data of this entry to your preferred value.
In the right panel, locate the entry: RegisteredOwner = "Jollybeecute"
Right-click on the value name and choose Modify. Change the value data of this entry to your preferred value.
In the left panel, double-click the following:HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT> CurrentVersion>Winlogon
In the right panel, locate the entry: LegalNoticeCaption = "Please Read"
Right-click on the value name and choose Modify. Delete the value data of this entry.
In the right panel, locate the entry: LegalNoticeText = "Hi. Howaryu? Aym Jaw-ly-bee-cute 3 yehs old frum da bheig bheig manchion ein Shurigaw. Ayl stey hirh forawhile bcos duhbad ghuys tukmehan lefme sumwerh inda leibleib phleiys and ayduno how tu get bak howm. Dows badguys promishd me five moh box of cholate afterh ay join dem indahgeymof haydenshik. Little duhayno bout theyrh ploy of shelling me to dah burgoise. Gudtinh Jawllybeeismart to trwikdemowt anfund weyh hirh tuhuyd."
Right-click on the value name and choose Modify. Delete the value data of this entry.
In the left panel, double-click the following:HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows> CurrentVersion>Explorer>Advanced>Folder>SuperHidden
In the right panel, locate the entry: UncheckedValue = "0"
Right-click on the value name and choose Modify. Change the value data of this entry to: 1
Close Registry Editor.
In the left panel, double-click the following:HKEY_CURRENT_USER>Control Panel>Desktop
In the right panel, locate the entry: Wallpaper = "%System%\7mevj_beeuser_.html"
Right-click on the value name and choose Modify. Change the value data of this entry to your preferred value.
In the left panel, double-click the following:HKEY_CURRENT_USER>Software>Microsoft>Windows> CurrentVersion>Explorer>Advanced
In the right panel, locate the entry: ShowSuperHidden = "0"
Right-click on the value name and choose Modify. Change the value data of this entry to: 1
In the left panel, double-click the following:HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT> CurrentVersion
In the right panel, locate the entry: RegisteredOrganization = "Da Seeker Inc."
Right-click on the value name and choose Modify. Change the value data of this entry to your preferred value.
In the right panel, locate the entry: RegisteredOwner = "Jollybeecute"
Right-click on the value name and choose Modify. Change the value data of this entry to your preferred value.
In the left panel, double-click the following:HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT> CurrentVersion>Winlogon
In the right panel, locate the entry: LegalNoticeCaption = "Please Read"
Right-click on the value name and choose Modify. Delete the value data of this entry.
In the right panel, locate the entry: LegalNoticeText = "Hi. Howaryu? Aym Jaw-ly-bee-cute 3 yehs old frum da bheig bheig manchion ein Shurigaw. Ayl stey hirh forawhile bcos duhbad ghuys tukmehan lefme sumwerh inda leibleib phleiys and ayduno how tu get bak howm. Dows badguys promishd me five moh box of cholate afterh ay join dem indahgeymof haydenshik. Little duhayno bout theyrh ploy of shelling me to dah burgoise. Gudtinh Jawllybeeismart to trwikdemowt anfund weyh hirh tuhuyd."
Right-click on the value name and choose Modify. Delete the value data of this entry.
In the left panel, double-click the following:HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows> CurrentVersion>Explorer>Advanced>Folder>SuperHidden
In the right panel, locate the entry: UncheckedValue = "0"
Right-click on the value name and choose Modify. Change the value data of this entry to: 1
Close Registry Editor.
Removing Other Malware Entries from the Registry
In the left panel, double-click the following:HKEY_CURRENT_USER>Software>Microsoft>Internet Explorer>Main
In the right panel, locate and delete the entry:Window Title = "Jollybee is Watching..."
In the left panel, double-click the following:HKEY_CURRENT_USER>Software>Policies>Microsoft> Windows>System
In the right panel, locate and delete the entry:DisableCMD = "1"
In the left panel, double-click the following:HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows> CurrentVersion>policies>Explorer
In the right panel, locate and delete the entries:NoActiveDesktop = "0"NoDesktop = "0"NoRun = "1"
In the right panel, locate and delete the entry:Window Title = "Jollybee is Watching..."
In the left panel, double-click the following:HKEY_CURRENT_USER>Software>Policies>Microsoft> Windows>System
In the right panel, locate and delete the entry:DisableCMD = "1"
In the left panel, double-click the following:HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows> CurrentVersion>policies>Explorer
In the right panel, locate and delete the entries:NoActiveDesktop = "0"NoDesktop = "0"NoRun = "1"
Removing Autostart Entries from the Registry
This solution deletes/modifies registry keys/entries added/modified by this malware. Before performing the steps below, make sure you know how to back up the registry and how to restore it if a problem occurs. Refer to this Microsoft article for more information about modifying your computer's registry.
Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT> CurrentVersion>Winlogon
In the right panel, locate the entry:Shell = "Explorer.exe %System%\system32.dll.vbs"
Right-click on the value name and choose Modify. Change the value data of this entry to:Explorer.exe
Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT> CurrentVersion>Winlogon
In the right panel, locate the entry:Shell = "Explorer.exe %System%\system32.dll.vbs"
Right-click on the value name and choose Modify. Change the value data of this entry to:Explorer.exe
Sunday, December 14, 2008
Can't Change Homepage in IE
In Regedit, navigate to this key:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
In the right-hand pane, right-click the "HomePage" value, then select Modify. Change it to: 00 00 00 00
Also change either or these to zero 0 instead of 1 if present:[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] - DWORD "NoSetHomePage"=dword:00000001[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions] - DWORD "NoSetHomePage"=dword:00000001
If you don't have this key, browse to:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Mainand in the right hand pane, double click "Local Page" and set equal to "C:\WINDOWS\System\blank.htm" (no quotes) which will hopefully set your Home Page to blank and then allow you to subsequently modify it using Internet Options.Exit regedit and reboot.
When you reboot, you should be able to change the home page again.
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
In the right-hand pane, right-click the "HomePage" value, then select Modify. Change it to: 00 00 00 00
Also change either or these to zero 0 instead of 1 if present:[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] - DWORD "NoSetHomePage"=dword:00000001[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions] - DWORD "NoSetHomePage"=dword:00000001
If you don't have this key, browse to:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Mainand in the right hand pane, double click "Local Page" and set equal to "C:\WINDOWS\System\blank.htm" (no quotes) which will hopefully set your Home Page to blank and then allow you to subsequently modify it using Internet Options.Exit regedit and reboot.
When you reboot, you should be able to change the home page again.
Remove Auto ChkDsk at Start-up
There are some people suggested to edit the registry but the proper way to disable CHKDSK from starting up is using the /x switch on chkntfs command in command prompt. The /x switch will exclude a drive from the default boot-time check. If you have drive C: as your hard drive, then the command to disable chkdsk from scanning C: drive would be:
chkntfs /x c:
If you have 2 drive, C and D, you can disable chkdsk with the command below
chkntfs /x c: d:
The chkntfs utility works by modifying the BootExcecute value in the system registry. The BootExecute value is located in the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\Session Manager
The default value is for BootExecute is autocheck autochk *. When you use the /x switch, it will add a /k parameter prior to the asterisk. The /k parameter excludes volumes from being checked for the presence of a dirty bit.
For example, I run the command chkntfs /x c: in command prompt. This command would modify this registry entry to autocheck autochk /k:c *
chkntfs /x c:
If you have 2 drive, C and D, you can disable chkdsk with the command below
chkntfs /x c: d:
The chkntfs utility works by modifying the BootExcecute value in the system registry. The BootExecute value is located in the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\Session Manager
The default value is for BootExecute is autocheck autochk *. When you use the /x switch, it will add a /k parameter prior to the asterisk. The /k parameter excludes volumes from being checked for the presence of a dirty bit.
For example, I run the command chkntfs /x c: in command prompt. This command would modify this registry entry to autocheck autochk /k:c *
Monday, December 8, 2008
Repair Windows Corrupted Files
Sometimes we get registry entries or system files damaged somehow,even if we dont know the real reason,but same time we need to fix without installing new system here we go.in our windows is an application which can do this . C:\WINDOWS\system32 then look for the application named "Webfolder.msi" then insert ur windows Cd and run the programe then follow the pics
Subscribe to:
Comments (Atom)
Posts
