Gmail is Blocked? Try These Ways

Blocking email service in an office is an unwise act.

Now, in this post I will share you several tips on how to send email through gmail when the access is blocked by your office network administrator.
You can easily access all of your contact & send mail from your mail id by following tips. No need to think about proxy.
You just need to have a google account. If you didn't have it, you could easily make it by clicking here!
  1. Goto this URL (the link beside refer to UK google)
  2. You find "Email this Story" on this page. See the screenshot below!
    trick for blocked gmail1
  3. Click on "Email this Story" link. Give email address of sender(You can choose email adress from clicking "Contact") in To & enter the message. Then just click on send.Refer to screenshot below.
    trick for blocked gmail2
    Type the required field & Send Mail
  4. You have done it.
There is little difference against sending a standard e-mail that you do not just send messages via email, but you also send a news to your friends.

Ok, that's all my post. I hope it will be useful for you. Leave your comments are welcomed...

Proxy Server Bypassing via Decimal IP

This trick is used to penetrate the blocked sites. Blocking site usually does by your office network administrator.
Follow the steps bellow:
  1. Open command prompt.
  2. Press Windows key + R buttons, type "cmd" and then press "enter" button.
  3. Type "ping [address of a blocked site]" and press "enter" button.
  4. Example: ping We can see the IP number of this site [facebook] is:
  5. Enter the IP number to, just click here now.
  6. This step to change the IP number of the object [facebook] into decimal form. [HTTP://1161803024]
  7. Copy and paste the new address into your favorite browser.
  8. Blocked site has been appeared
  9. Thank to CyberMuttaqin.
  10. Good luck
Adopted from Jasakom

Hacking Deep Freeze 6

Hacking DF.6 is easier than DF.5. I use Anti DeepFreeze and Uninstall DeepFreeze software.

These tools are used to penetrate deep freeze 6 password.
I thought this tool was better than the previous version (DF.5 crackerpassword). Okay, there are two tools that I will write down:

1. Anti DeepFreeze
Very easy to use, just select the version of Deepfreeze and click the Apply button. Then click the image icon in the taskbar (Ctrl + Shift) while you click the icon.
hacking deepfreeze1

Keep the password box blank. You will be allowed to enter Deepfreeze configuration panel without anything password.
2. Uninstall Deepfreeze
I thought this was quiet simple tool although use Vietnamese. Click the Login button, until the Login button is not active and the Crack button become active. Then click the crack.
hacking deepfreeze 2
Sign in to DeepFreeze configuration file using Ctrl + Shift + click the icon DF and take over the configurations...
Click to Anti Deep Freeze to download
Special thanks:
  1. Jasakom
  2. lovepassword
Say thanks to them please,

New iPhone Virus

Sophos, a security company in the field of IT warned of new virus that attacks the iPhone. This virus is most dangerous to date, because it makes an infected iPhone becomes zombies and incorporate them into the botnet.

This virus changes Wallpaper’s victims become a pop star image in the 1980s Rick Astley. This new iPhone worm (informally called a "duh" or "Ikee.B" by Security Researchers) was reported spreading in the wild in the Netherlands, designed to upload banking information to the server in Lithuania and to follow orders from a remote hacker. The "Duh" worm hunts for the iPhone vulnerable to a broader range of IP ranges from Ikee, who only ever reported in Australia. "Duh" including IP ranges in several countries, including the Netherlands, Portugal, Australia, Austria, and Hungary.

"This latest iPhone malware is doubly criminal. Not only does it break into your iPhone without permission, but it also cedes control of your phone to a botnet command server in Lithuania," said Graham Cluley, senior technology consultant at Sophos "That means your iPhone has just been turned into a zombie, ready to download and to perform any commands the cybercriminals might want in the future. If infected, you have to consider all of the data that passes through your iPhone compromised."

Further, Sophos reports that "Duh" changes the password on your iPhone - meaning that cybercriminals know what it is but infected users don't, allowing criminals to log back into your iPhone later. However, Sophos expert Paul Ducklin managed to recover the password - revealing that infected users can login as root with the password 'ohshit'.

"Apple's default root password - 'alpine' - on the iPhone breaks two fundamental rules - it's both a dictionary word and well-known. This doesn't matter for most iPhone users, as they haven't jailbroken their iPhones and installed SSH to allow remote access - but the new worm will break in and immediately change it. This change is made by directly editing the encrypted value of the password in the master password file, so that the new password is never revealed," explained Paul Ducklin, head of technology in Sophos Asia Pacific. "This password-changing represents an additional risk, as it means that cybercriminals now know what your password is - allowing them to log back into your iPhone later - but you don't, so you cannot login and eliminate the virus."

Sophos strongly recommends that all users of jailbroken phones change their passwords from 'alpine' immediately to avoid further attacks.

Huh, be careful... an invisible activity is going to your iPhone...
Adopted from infozine

Netcut Overview

This post was adopted from "all about how to" here.
Hi guys, now I'll tell you a naughty tool which used to disconnect the computers in the network. This is a quiet outrageous but user friendly tool, even for a newbie hacker. It called NETCUT. This tool works in Wi****s OS only, like a trojan that exploiting your system. We can call it a software that might broke the computer system.
These steps will bring you to recognize this tool:
  1. Download the NETCUT here
  2. Install and run this tool
  3. Choose your NIC
  4. Scan your network and choose which one is the target
  5. Select the target, and then click the "off" button.
  6. Re-scan the network…what is happens? The target doesn’t appear anymore?
So, what's the important part about this post? The important part is make sure to hide your hostname and IP address while you in some unsecured connection. This just a prevention method, further you can download the "anti-NETCUT" here.
Suggestion: try to use under Linux OS


This Trojan downloads another malicious program via the Internet and launches it on the victim machine without the user’s knowledge or consent. It is a Windows PE EXE file. It is 9216 bytes in size. It is packed using UPX. The unpacked file is approximately 38KB in size. It is written in C++.
The Trojan downloads files from the following URLs:


At the time of writing, these links were not working. The files will be saved to the current user’s Windows temporary directory with random names. The Trojan then sends a request to the following address:


If the server does not respond, the Trojan will repeat the attempt after six minutes. The Trojan also creates a unique identifier, “S_SERV_v0.66_Beta_erf” to flag its presence in the system.

Deletion Method
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
  1. To remove Trojan-Downloader.Win32.Agent.ahoe, you must first stop any Trojan-Downloader.Win32.Agent.ahoe processes that are running in your computer's memory. To stop all Trojan-Downloader.Win32.Agent.ahoe processes, press CTRL+ALT+DELETE to open the Windows Task Manager. Click on the "Processes" tab, search for Trojan-Downloader.Win32.Agent.ahoe, then right-click it and select "End Process" key.
  2. To delete Trojan-Downloader.Win32.Agent.ahoe registry keys, open the Windows Registry Editor by clicking on the Windows "Start" button and selecting "Run." Type "regedit" into the box and click "OK." Once the Registry Editor is open, search for the registry key "HKEY_LOCAL_MACHINE\Software\Trojan-Downloader.Win32.Agent.ahoe." Right-click this registry key and select "Delete."
  3. Finally, to completely get rid of Trojan-Downloader.Win32.Agent.ahoe, you must manually remove other Trojan-Downloader.Win32.Agent.ahoe files. These Trojan-Downloader.Win32.Agent.ahoe files can be in the form of EXE, DLL, LSP, TOOLBAR, BROWSER HIJACK, and/or BROWSER PLUGIN. For example, Trojan-Downloader.Win32.Agent.ahoe might create a file like
    %PROGRAM_FILES%\Trojan-Downloader.Win32.Agent.ahoe\Trojan-Downloader.Win32.Agent.ahoe.exe. Locate and remove these files.
Original Source:
  1. viruslist
  2. spywareremove
Please say thanks to them

How to Kill a Process Using PsKill

pskill to terminate process

This trick is another way to terminate process on your system without TaskManager.
Follow these steps bellow:
1. Open Command Prompt window:
Press the "Start" button on your Taskbar and select the "Run" option. Type "cmd" in the field and then press the "OK" button.

2. Search the unwanted process
When the Command Prompt window is opened, type the command "pslist" and press "Enter" to search processes from the list of running programs.

3.Kill the unwanted process
Once you know the name of the process you want to kill, type the command "pskill [PROCESS_NAME]" and press "Enter" to terminate the unwanted process. For example, if you wanted to kill SpyLocked (a rogue anti-spyware program), you would type pskill spy-locked.exe.

4. Please say thanks to spywareremove

Backdoor.Win32.Clampi.a Removal Procedures

Backdoor.Win32.Clampi.a is a Trojan program created to steal confidential user data and distantly manage the victim's computer.

Backdoor.Win32.Clampi.a is a Windows PE EXE file. The size of Backdoor.Win32.Clampi.a is 470 bytes. Backdoor.Win32.Clampi.a downloads various codes from servers. These codes can be changed or replaced with other malicious codes. It is about 470 bytes in size.
When launched, the Trojan creates the following file:
<name> is chosen at random from the list below:

Trojan adds a link to its executable file in the system registry:
“<name2>” = %AppData%\<name>.exe

<name2> is chosen at random from the list below:

How to remove?
Step 1 : Use Windows Task Manager to Remove Backdoor.Win32.Clampi.a Processes
Remove the "Backdoor.Win32.Clampi.a " processes files:
Step 2 : Use Registry Editor to Remove Backdoor.Win32.Clampi.a Registry Values
Locate and delete "Backdoor.Win32.Clampi.a " registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\"PID
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\"KeyE"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\"KeyM"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\"GID"
"<name2>" = %AppData%\<name>.exe

Step 3 : Detect and Delete Other Backdoor.Win32.Clampi.a Files using "Find" on your Windows Eplorer
Remove the "Backdoor.Win32.Clampi.a " processes files:
That's all, I hope will be usefull for you...
Please say thanks to viruslist and spywareremove

NetWorm Win32.Kido.ih Removing Procedures

On my previous post here, I've told you the characteristic of Win32.Kido.ih. Now, I'll share you how to remove it.
Step by step to remove Win32.Kido.ih manually. Follow the instructions bellow:
  1. Delete the registry key from [HKLM\SYSTEM\CurrentControlSet\Services\netsvcs].
  2. Delete “%System%\<rnd>.dll” from system registry key value shown below:
    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "netsvcs".
  3. Reboot the system.
  4. Delete the original worm file and it’s copies from the windows location show before.
  5. Delete autorun files and .exe files located in removable storage [usb flash/pen drives].
  6. Update your current antivirus databases and perform a full scan of the computer to remove NetWorm Win32.Kido.ih
Some of preventive ways:
  1. Try under Linux Operating System...
  2. Get the latest update of your antivirus
  3. Update your Windows regularly (just for original version)
That's all, I hope useful for you...
Please say thanks to renjusblog

Win32.Kido.ih Characteristic

This is a network worm type. It spreads via local networks and removable storage media. When it copies itself to remote computers, the worm creates a temporary file with a random extension. The program itself is a Windows PE DLL file. The worm components vary in size from 155KB to 165KB. It is packed using UPX.
The worm copies its executable file with random names as shown below:

%Program Files%\Internet Explorer\<rnd>.dll
%Program Files%\Movie Maker\<rnd>.dll
%All Users Application Data%\<rnd>.dll

<rnd> is a random string of symbols.
You can use Windows Search to find them. Remember to select "Search system folder", "Search hidden files and folders", and "Search subfolders" under More advanced options.

In order to ensure that the worm is launched next time the system is started, it creates a system service which launches the worm’s executable file each time Windows is booted. The following registry key will be created:
The worm also modifies the following system registry key value:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs" = " %System%\<rnd>.dll"

So, how to remove it?
Just get the latest update of your antivirus...
Or you can manually remove it, see my next post here

Description to Win32/Agent.ab

Win32/TrojanDownloader.Agent.AB trojan is Downloader which is malware.

Installing it is extremely not recommended. This program designed to retrieve and install additional files, when run. Most will be configured to retrieve from a designated web or FTP sites. Ranging from downloaders that can download and run executables without the user's knowledge to simple spyware components. In some cases, for example, when an unsuspecting user enters a webpage that contains code that exploits flaws in certain browsers the malware is automatically downloaded and executed. This malware might download other malware such as spyware and drop a browser helper object. It might even hijack the users machine, interrupt online searches or send out sensitive information, for example a list of the webpages that the user has visited.
  1. The home page address is modified.
  2. File signature: %Windows%\temp\phg16189.exe
  3. Denied access or redirected when entering certain previously available webpages, usually anti-malware/security related webpages.
  4. Unknown entries found in favorites.
  5. Internet searches are redirected to another online search engine.
Manual Win32/TrojanDownloader.Agent.AB trojan removal:
  • Kill process Windows\temp\phg16189.exe
  • Delete file Windows\temp\phg16189.exe
Important notes:
Be sure you get the last update of your antivirus software.
Update your windows regularly using automatic update (just for original version) .
That's all, all of this content have been analyzed before posted. May it useful for you, leave your comments please..

Sality Manual Removal Procedure

I got this post from viruscontra
Below is a list of Sality manual removal instructions and Sality components listed to help you remove Sality from your PC. Backup Reminder: Always be sure to back up your PC before making any changes.

Note: This manual removal process may be difficult and you run the risk of destroying your computer.

Step 1 : Use Windows File Search Tool to Find Sality Path

* Go to Start > Search > All Files or Folders.
* In the "All or part of the the file name" section, type in "Sality" file name(s).
* To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
* When Windows finishes your search, hover over the "In Folder" of "Sality", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path todelete Sality in the following manual removal steps.

Step 2 : Use Windows Command Prompt to Unregister Sality DLL Files

* To open the Windows Command Prompt, go to Start > Run > type cmd and then click the "OK" button.
* Type "cd" in order to change the current directory, press the "space" button, enter the full path to where you believe the Sality DLL file is located and press the "Enter" button on your keyboard. If you don't know where Sality DLL file is located, use the "dir" command to display the directory's contents.
* To unregister "Sality" DLL file, type in the exact directory path + "regsvr32 /u" + [DLL_NAME] (for example, :C\Spyware-folder\> regsvr32 /u Sality.dll) and press the "Enter" button. A message will pop up that says you successfully unregistered the file.
* Search and unregister "Sality" DLL files: syslib32.dll, sysdll.dll, oledsp32.dll

Step 3 : Detect and Delete Other Sality Files

* To open the Windows Command Prompt, go to Start > Run > type cmd and then press the "OK" button.
* Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
* To change directory, type in "cd name_of_the_folder".
* Once you have the file you're looking for type in "del name_of_the_file".
* To delete a file in folder, type in "del name_of_the_file".
* To delete the entire folder, type in "rmdir /S name_of_the_folder".
* Select the "Sality" process and click on the "End Process" button to kill it.
* Remove the "Sality" processes files: syslib32.dll, sysdll.dll, oledsp32.dll, oledsp32.dll, sysdll.dll, syslib32.dll
Please say thanks to viruscontra

The List of Changed Registry Value That Caused Win32/sality.

Modified from Viruscontra
In my previous post (Win32/sality), I've introduced you to win32/sality. Now, I'll tell you some of registry values that may changed by Win32/sality .
Focus your attention on the following notes:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Setting\"GlobalUserOffline" = "0"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"EnableLUA" = "0"
The virus also removes entries in the following registry sub key:

  1. HKEY_CURRENT_USER\System\CurrentControlSet\Control\SafeBoot
  2. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
  3. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
  4. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats
  5. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
  6. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats
  7. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
  8. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Your firewall system is bypassed by Sality.AA through execution the command netsh firewall set opmode disable
It may also disable settings related to system security. It does this by adding the following registry entries:
  1. HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride = dword:00000001
  2. HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify = dword:00000001
  3. HKLM\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify = dword:00000001
  4. HKLM\SOFTWARE\Microsoft\Security Center\FirewallOverride = dword:00000001
  5. HKLM\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify = dword:00000001
  6. HKLM\SOFTWARE\Microsoft\Security Center\UacDisableNotify = dword:00000001
  7. HKLM\SOFTWARE\Microsoft\Security Center\Svc\AntiVirusOverride = dword:00000001
  8. HKLM\SOFTWARE\Microsoft\Security Center\Svc\AntiVirusDisableNotify = dword:00000001
  9. HKLM\SOFTWARE\Microsoft\Security Center\Svc\FirewallDisableNotify = dword:00000001
  10. HKLM\SOFTWARE\Microsoft\Security Center\Svc\FirewallOverride = dword:00000001
  11. HKLM\SOFTWARE\Microsoft\Security Center\Svc\UpdatesDisableNotify = dword:00000001
  12. HKLM\SOFTWARE\Microsoft\Security Center\Svc\UacDisableNotify = dword:00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden = 2, this registry entry used by the virus to hide folders and files so they're not displayed in Windows Explorer view.
It also disables Registry Editor and Task Manager by adding these registry entries:
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\DisableTaskMgr = dword:00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\DisableRegistryTools = dword:00000001
Sality.AA terminates all anti virus regular services running on the system, and prevent access to Websites that contain its names, like sality_remove, viruscan, sophos, mcafee,, kaspersky, onlinescan, and other thing like that...
The device driver is not dropped and installed onto the system unless there is an active internet connection.
The virus may prevent execution of applications that perform integrity self-check as a result of them being infected.
So my friend the easiest way to tackle this virus is to Remove above mention Virus Entry Doors from registry and delete those .DLL files from system.
I'll give you the way to do it on my next post...
Bravo blogger Indonesia
Please say thanks to Viruscontra

USB Modem Spesification

Re-posted from wr_sobat
Bellow are price and specification of USB modem, the price may different depends on your area. I just share...
  1. SPEEDUP3G SU-6350U (Wireless USB CDMA Modem External, CDMA 2000 1x With R-UIM, 153,6 Kbps)
    Price : Rp 749,000
    Features : Voice Call, SMS, and Fax
    SIM Compatibility : FREN (800 MHz)
    Flexi (800 MHz)
    StarOne (800 MHz)
    Esia (800 MHz)
    Data SpeedsUp to 153.6 Kbps (averaging 60 to 100 Kbps)
    Frequency Specification : CDMA 800MHz (824~894)
    Qualcomm Chipset
    System Requirements : System Requirements for Laptops :
    USB Slots : USB 1.1 Slot
    Communication Ports : 1 Available
    Disk Drive : CD-ROM
    I/O Resources : 1 IRQ, 32 bytes I/O space
    Memory : 32MB Disk Space : 7MB
    Others : External Antenna
    Power USB 5V
    Network Protocol Support : TCP/IP, PPP, and VPN
  2. SPEEDUP3G SU-8600U (HSDPA DL 3.6Mbps, UL 384Kbps, USB Modem)
    Price:Rp 999,000
    Price:Rp 999,000
    SIM Compatibility : Can be used with any GSM Operator standard 6 PIN SIM card interface, compaliant with 3GPP 31.101 and 31.102
    Data Speeds : up to 3.6 Mbps DL 384 Kbps UL
    Frequency Specification : GSM/GPRS/EDGE: 850/900/1800/ 1900 MHz
    System RequirementsUMTS: 2100 MHz
    OS Compatibility : Win2000/ XP/VISTA 32bit/64bit
    Mac OS X 10.4.9 or higher (only support INTEL platform)
  3. SpeedUp3G SU-5100P (PCMCIA), CDMA 800Mhz, Ruim
    CDMA : CDMA2000 1xRTT protocol with R-UIM
    CDMA 800MHz Frequency Bands
    Qualcomm Chipset : MSM 5100 series
    Data Speeds : Up to 153.6 Kbps (averaging 60 to 100 Kbps) *
    Additional Connectivity Support : Voice call and SMS
    Mechanical : PCMCIA Type II Card
  4. Speed Up 3,5 G SU-8300U (Hsdpa)
    Spec : 3,5G (HSDPA)
    Tri-Band 900/1800/1900
    Qualcom Chipset MSM6260
    Support Windows & MAC
  5. Sierra Wireless USB Modem Air Card 881U.
    Spec : 3.75G (HSUPA/HSDPA)
    Tri-Band 850/1900/2100
    GPS /1575 Mhz Support
    Down Link 7,2Mbps / Up Link 2 Mbps (feature Upgrable 5,76M)
    Support Windows & MAC
  6. Huawei E220
  7. Huawei K3520 HSDPA
  8. Modem CDMA SpeedUp 3G SU-6200U

Detect and Prevent The Hacker Attack

Trick to detecting hacker attacks is not an easy task, especially for an inexperienced user. This is caused most of the computer weakness can be exploited in a variety of ways. Hacker may use many kinds of attacks which can be separated became 4 parts.
A hacker attack may use a single specific exploit, several exploit in the same time, a misconfiguration on your system, even from the backdoor which injected on the previous attack. The steps below will help you reduce the hacker attacks, although no system is 100% secure. This is a prevention step that may be helpful for you.
  1. Beware high network traffic, especially when the computer is idle. Your computer may have been used to send spams that will double him selves. Cable users, don’t fret – with cable it is quite normal to have the same amount of outgoing and incoming traffic.
  2. Increased disk activity or suspicious looking files in the root directory. After hacking into a system, many hackers run a massive scan for any interesting documents or files containing passwords or logins for bank or e-payment.
  3. If your personal firewall is reporting blocking large packets of data from the same IP address, that could mean that someone is probing your defense and is trying to break in. Remember – having a personal firewall is essential if you want to keep your computer away from harm.
  4. Try increasing protection when your anti-virus software starts finding a lot of trojans and backdoors.
That’s all my share today, may be you can get the advantage and feel free from the hacker…


Re-posted from viruscontra
Hi, I just a but try yo do better than ever...
Sality is a virus that has backdoor capabilities and executes keylogger and may infect executable files by putting its code to host files. Once it is installed, Sality virus will infect local executable files and delete all files that are associated with anti-virus and anti-spyware applications, as well as firewalls. After this, Sality runs a keylogging module that gathers all system and network information, records passwords and login names, steals all sensitive information and sends all this collected data to a predefined email address.
In addition, Sality opens a backdoor that allows the remote attacker to get the full control over the infected computer and this places any financial or banking information stored on your computer in severe jeopardy and represents a serious security risk.
Also known as: W32/Sality (McAfee), Virus.Win32.Sality.aa (Kaspersky), W32.Sality.AE (Symantec), Virus:Win32/Sality.AM (MS OneCare), PE_SALITY.EM (Trend)

W32/Sality is a parasitic virus that infects Win32 PE executable files. It is a polymorphic virus that attempts to spread by file infection. It looks for Win32 PE executable files with .EXE or .SCR file extensions, and infects any such files found on the system by appending the virus body to the host file.
The virus also attempts to propagate by copying itself with a random filename to network drives, including all removable disk drives. Sality.AA also creates an "autorun.inf" file in these drives so that the virus executes when it is accessed.
Upon execution, it drops the following files into the Windows system directory:
  • %Windir%\System32\Hdaudprop.dll
  • %Windir%\System32\Hdaudpropres.dll
  • %Windir%\System32\Hdaudpropshortcut.exe
  • %Windir%\System32\drivers\Hdaudbus.sys
  • %Windir%\System32\drivers\Hdaudio.sys
  • %Windir%\System32\drivers\portcls.sys
Creates the following registry keys:
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WMI_MFC_TPSHOCKER_80
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\GlobalUserOffline
and it downloads further malware from the following domains:
Too long, huh? I thing enough for this time, maybe next time we’ll give the rest for you. Leave your comment for better post future…
Say thanks to viruscontra please!

Change The boot.ini Configuration

On the previous post Failure Safe Mode Booting, I have told you another way to get into safe mode without pressing F8 button. Actually, I wouldn’t recommend this trick for you. Why? The reason is my computer couldn’t boot at all after tried the trick. If you've already tried these tricks, you should to change the boot.ini configuration through another computer (your hard drive used as a slave disk on another computer) because your computer can’t be used for booting. Make sure you change the jumper disk position as a slave disk.

Follow these steps carefully:
  1. Try to go to the cmd prompt by pressing Win key + R.
  2. Get your drive (e. g. E) by typing "e:\" (without quotes) and press enter.
  3. After you got into your drive (E:) type "boot.ini" and press enter.
  4. You should get this window.

    picture of safe mode configuration
  5. remove the text "/neoexecute=optin" and "/safemode:minimal".
  6. Your boot.ini file should be seen like this.

  7. Save your boot.ini file.
  8. Shut down the PC and get your hard disk.
  9. Try to normally booting using your hard disk.
  10. Remove the viruses that causing your failure safe mode using trusted antivirus.
That’s all, I hope you’re understanding my language…I’m sorry, my English is poor. I never study when I schooled.

Failure Safe Mode Booting

Computer trick to booting via failure safe mode

This is from my true experience. You know, my computer still injected by a virus . My safe mode booting was disabled by the virus. I can’t access the menu to select Safe Mode, Safe Mode With Networking, and Safe Mode With Command Prompt just fine. Every time any of these 3 options, my PC always reboot. I have asked some people who dedicated their time about viruses. They just suggested me to do a small trick, but I thought this trick doesn’t absolutely remove my problem. Whatever… I just want to share, hopefully my passage will be useful for you .

These are the suggested way from them:
  1. Try “start” then “run” and go to "msconfig".
  2. Then in the menu that pop up, select “BOOT.INI” tab.
  3. In that menu there is a box that you can tick to tell the PC to start up in safe mode.

  4. When you want to boot using normal way, just untick the box above.
That’s all, I’m so sorry cuz my English is bad , I hope you can understand what I mean..

USB Flashdisk Security

Trick to protect you USB disk

Hello world , in this chance I’ll share a software which used for protect your USB disk. It’s name is USB Disk Security. It protects offline computer without the need for signature updates. This tool doesn’t make your computer getting slow. Do you interest to try? Just click here.
  1. This file was downloaded from phrozenfilez. Visit the site to get more software… but don’t forget to visit me back
  2. the password to extract is "thecybergal". Just promote my blog bro…

A0003104.exe on System Volume Information Folder

Hi, I got this from my experience. Some days ago, my computer has been injected by virus. I didn’t know the name about this virus. The after effect I felt was my computer speed became very slow. I have checked into Task Manager, but I think nothing was different. I try to scan my computer using SUPERAntispyware Free. Some viruses have been seen, but SUPERAntispyware couldn’t remove them. The virus was located here:
C:\System Volume Information\ _restore {4E170950-50E0-453F-B281-59338F8EC32E} \ RP16 \ A0003104.exe
Many things I have done to recover my computer. Nothing gave me the answers. Suddenly, I remember that System Volume Information folder is used by Windows to record the data of system configuration. All restore points have been saved into this folder. The restore points allow you to return to the stable configuration, that it precedes the installation of a driver program.
Ok, let’s go to the point now. These are the steps to remove the virus above which located in the system volume information folder:

  1. Right click on my computer icon, and select properties.
  2. Click on the System Restore tab.

  3. Check “Turn off System Restore on all drives and click apply button.
  4. A confirmation window ask you about turning off System Restore, just click “yes”.

  5. You must to check the System Restore by press Start menu button, All programs, Accessories, System Tools, And System Restore to ensure all restore points have been deleted. If the restore point was blanked, it means you have finished all steps to remove the viruses on the System Volume Information folder.
That’s all from me, I hope it will useful for you . Oh, don’t forget to re-active your System Restore to prevent you lose the important settings of your system. I'm so sorry, my English is bad . I hope you're understanding what I mean..

Photo to My Computer Properties

What the picture bellow is?

I got this from tips-trik-komputer.

This is the picture of My Computer Properties. It’s not seen as usually. A few script to customize your view . Now, I’ll tell you how to make it. I thought this was simple enough, but very interesting to did. Follow instructions bellow:
  1. Open Notepad
  2. Type the following:

    Manufacturer=”your name”
    [Support Information]
    Line1= /*you can edit the address besides using yours.*/
    Line2= [whatever you want] /*you can fill anything you want*/
  3. Save as "oeminfo.ini" in the System32 folder. (Without Quote)
  4. Create a bmp file (Your Photo) and save it in the System32 folder as "oemlogo.bmp" (Without Quote).The size of the image should be within 180 (wide) x120 (high) pixels
  5. Now check your My Computer Properties.
Ok, that's all. I hope it will be useful for you. Don't forget to leave a comment .