Monday, May 26, 2008

A guide on how-to remove Virus Mawar or AhPaw.js or len.js (any fuckin' autorun JS script!)

It's not actually a virus.
It's just a script made by script kiddos to make some fun on your computer. Trend Micro rate it as a malware and give a name JS_AUTORUN.ABE
(http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS%5FAUTORUN%2EABE&VSect=P)

Symtomps:
1. Your Windows Explorer / Internet Explorer window title changed to Mawar.js / AhPaw.js
2. When you right-click any drive inside My Computer, be it C drive or USB flash drive, the default option which is "Open" is not the first choise & it's not in BOLD. It will come up with "Op%n" or "Search" instead of Open.
3. Double clicking the drive won't open it. Instead it will perform another function such as "Search" etc.
4. You have to go to the address bar and select your drive from the small arrow icon to open it, instead of double-clicking the drive.
5. etc. etc

It's caused by the Autorun.ini which resides inside the drive.

---
---

--- OK.. now end that shit ..let's go to removal instruction. Some additional tools (Hijackthis, CCleaner, Spybot S&D, WinPatrol) may help but I prefer manual removal.

REMOVAL INSTRUCTION
-------------------

1. Disable System Restore
(Right click My Computer --> Properties --> System Restore --> check at the Turn Off System Restore box --> OK

2. Restart your computer in Safe Mode
(Restart PC, while Windows tried to load, Press F8 repeatedly and choose the 1st option - "Safe Mode"

3. Login to your computer

4. Unhide all Hidden Files and protected Operating System Files
- Go to My Computer
- Click Toools --> Folder Options... --> View
- Check the "Show hidden files and folders" radio button
- Check the "Hide protected operating system files (Recommended) button
- Click OK to apply the changes

5. Go to My Computer --> C:\ drive (or any additional/removable drive) and..
- Find autorun.ini and DELETE it!
- Find VirusMwrdy.js (if any) and DELETE it!
- Find ahpaw.js (if any) and DELETE it!

6. Go to My Computer again, and right-click C:\ drive
- Click Properties --> Disk Cleanup --> More Options --> System Restore --> Cleanup.. --> click Yes when asked --> Click OK

7. Run Registry Editor
- Click Start -- > Run --> type in regedit
- Highlight at the My Computer icon and press Ctrl+F to start search
- now.. when the search box appears, type VirusMwrdy.js (for Virus Mawar) OR ahpaw.js (For AhPaw.js) and let the system search for the key
- delete all the key once detected
- repeat the search function again and again until you sure that the key is completelty removed.
- ***For virus Mawar, you may need to find additional key -- mawar (and search it over again)
- ***For AhPaw.js you may try to find alternative key -- ahpaw (and search it over again)

8. Read again from steps 1 if you missed any. Now you can safely reboot your computer and login to Windows as normal.

To restore back window title/Internet Explorer title bar you'll need to remove this entry from Registry:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
look at the string value: Windows Title and safely remove it.

Please let me know if you have additional info or send me some winks if you found this article helps.

Thanks


ripped from switch
#shell @ FreeNode
irc.freenode.net:6667

Saturday, March 1, 2008

:: increasing and lowering kernel securelevel in FreeBSD ::

1. to increase kernel securelevel just type:
sysctl kern.securelevel=1
OR
sysctl kern.securelevel=2
and so on

the results will be:
# sysctl kern.securelevel=1
kern.securelevel: -1 -> 1

# sysctl kern.securelevel=2
kern.securelevel: 1 -> 2

2. to lower the secure level you'll need to write the commands in /etc/rc.conf and have your machine rebooted

edit /etc/rc.conf and put these entries:
kern_securelevel_enable="YES"
kern_securelevel="-1"
# this is just an example to lower the securelevel to -1

and reboot

Sunday, January 27, 2008

:: change psybnc server messages ::

ever wanted to change the default message such as simon says: rehashing (while you delete psybnc user) and changing server (while you use /jump ?)

here is the tricks..

edit psybnc/lang/english.lng and find the appropriate words to change
you will need to compile your psybnc again by using make or gmake in order for the changes to take effects

cheers

Thursday, January 24, 2008

:: upgrade FreeBSD 6.2 system from RELEASE to STABLE ::

upgrade FreeBSD 6.2 OS from RELEASE branch to STABLE branch made easy by following the guides below:-

1. simple yet efficient guidance on upgrade process (use other browser than IE to open this site)


http://lofotenmoose.info/bsd/note/upgrading-from-release-to-stable/




-- the site describe upgrading FreeBSD through cvsup, which mean cvsup must
first be installed to the system

(you can install it through ports: /usr/ports/net/cvsup)



-- define FreeBSD release tag in stable-supfile configuration:

*default release=cvs tag=RELENG



--
replace RELENG with RELEASE Tags which you can refer from here:


http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvs-tags.html




2. official FreeBSD Handbook on buildworld/upgrading


http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html

// stats


afraid.org / freedns.afraid.org