Optimize Windows XP
Windows XP operating system has many features and components embedded in the operating system. But some of the features it does not need to use Windows XP, but still make loading into the computer system.
Run Service.msc (module default Windows XP)
Windows XP to make loading of the module program with the goal to make the user operating system is always ready available. Unfortunately, not all people need a program that diloading module from the system default WinXP. In addition to eating because of resource memory module first run when the computer work, and sometimes even make the Windows operating system become a little more slowly.
Module features a program that does not diperlu can be turned off through the facilities SERVICE.MSC.
How:
Log in to the Start and Run and type "service.msc." Furthermore, the list will appear from the service module of the program always defaults diloading by Windows XP. To turn off the Windows service module, in the second picture you see on the list of programs and STATUS. In the list status, you can see whether the program Module always run Windows XP, the first Windows work, or automatically when needed and the last new work does not run at all (Disable)
Below is a list of components of the Windows default diloading but likely not necessary for some needs (Source Techtree) Module unused function module that can be turned off (Disable)
1. Computer Browser
This module to monitor the list from a computer connected into a network Network.
Computer Browser module can be turned off when you use a home computer without connecting to the network / LAN
2. Distributed Link Tracking Client
This module used to monitor the relationship between NTFS files in the computer itself or jaringn network with the domain name. Function module is only needed when someone requires a link to other computers on a file.
Not all people need links to and from your computer to a file and you can turn off (Disable).
3. Error Reporting Service
Function module Error Reporting Service is to provide a report when the subject of Windows XP.
This function is useful and can not in the Disable
4. Help and Support
Getting support files by pressing F1 to activate.
Do you often enough to make reading and help files from Windows, turn off this feature
5. Indexing Service
Indexes contents and properties of files on local and remote computers aims to accelerate access to the files by antiran in flexibel.Service is not required
6. Net logon
Supports pass-through authentication of account logon events for computers in a domain. When you connect with the network and a domain. This feature is required
But if you only use the computer itself and does not have a domain. This feature can be turned off
7. NetMeeting Remote Desktop Sharing
This feature is to provide access to your computer through Netmeeting through the Intranet network.
If you are not willing to provide access to other people, especially with the way the Remote to your computer. Should this feature is disabled
8. Network Location Awareness (NLA)
This module to record and store the list of network configuration and location information.
This function does not help, and can be turned off
9. Network Provisioning Service
Manages the XML configuration files on a domain basis for automatic network provisioning.
No need for computer systems and simple home network. Feature can be turned off
10. Performance Logs and Alerts
Features module to record the performance of computers and other activities are recorded in a file (log files)
You do not need the headache with the performance of your Windows system, turn off because not many useful for stand-alone.
11. Portable Media Serial Number Service
Retrieves the serial number of any portable media player connected to this computer.
Function module is not useful, and only intended for Windows Media based / compatible ( "PlaysForSure") portable. MP3 users do not need this feature and should be turned off
12. Please RSVP QoS
Providing signal transmission network and on local traffic control
Function module with the concept of providing greater bandwidth for the application needs. The reality of this function does not impact too. Options can be turned off or permanent use
13. Remote Desktop Help Session Manager
Manages and controls Remote Assistance. "
Not yet known what the function, the Remote Assistance can be accepted. Or is not necessary and can be turned off
14. Remote Registry
To authorize a remote user to modify registry on a computer
Should be turned off
15. Security Center
Monitors system security settings and configurations. "Pop-Up Displays down when the firewall, anti virus has been out o date or update system Windows deliberately turned off.
If you always monitor the functions of 3 above, this feature can function dimatikan.Karena Security center not only monitor and prevent and better control directly from your security program
16. Server
Support file server, such as printers, files for sharing or share in the network
Can not be required, if you do not share the computer in the network. This feature can be turned off.
17. Smart Card
Manages access to smart cards read by this computer. "
You use the Smart Card on your computer. When turned off should not
18. SSDP Discovery Service
Enables discovery of UPnP devices on your home network. "Windows will monitor other hardware with the Plug and Play system.
This function can be turned off if you do not add more devices or other hardware that you use is permanent. But when you use many features of this hardware should remain switched on
19.System Restore Service
Performs system restore Functions. Windows can do with the Windows system restore point when you set the backup is done. With the system restore will be easier to restore if Windows crashes and malfunction occurs and restore Windows XP to make backups of your time.
20. TCP / IP NetBIOS Helper
Provides the user experience theme management support for NetBIOS over TCP / IP (NetBT) service and NetBIOS name resolution
Turn off if you do not need NetBIOS for the network
21. Themes
Provides the user experience theme management. For performance reasons, such as the display interface Win2000. This feature can be run through the Desktop Properties. So there is no reason for the module is loaded
You can turn off this feature
22. Uninterruptible Power Supply
Manages an uninterruptible power supply (UPS) connected to the computer
It is clear function when you use the UPS need this function, this feature is only special for UPS, which is connected to the computer through the COM port. When you can not turn off
23. Wireless Zero Configuration
Provide automatic function for the Wireless network adapter.
If you do not have WIFI devices can be turned off.
24. WMI Performance Adapter
The library provides performance information from WMI providers HiPerf
It is not clear to what, and can be turned off
25.Workstation
Creates and maintains client network connections to remote servers. If you use the file-sharing network, leave this function is still working.
If you do not use the features of the computer and sharing your own stand / stand alone. This feature can be turned off and no impact on internet connection
=============================================
Remove the programs that are not needed from the start-up
Like other Microsoft operating systems, when installed the program into the hard disk. Generally, some programs such as placing the auto update feature, the driver or additional programs in the start-up. You may never realize bahwar program that is placed on the Windows start-up is also slow when Windows XP will be used.
To open the program and see what is loaded when Windows XP first start working. You can type in the Run, with Regedit
Driving is to see and alter the Windows Registry when necessary. The area is located in the startup. Or use msconfig which is run through the Run.
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Run
Some programs will be loaded on the system Windows XP, Windows XP, the program outside placed in the area Run. Make sure when removing task on the startup programs in the RUN directory is not a program you use.
If you feel doubt lead touch the Windows Registry, there is a good adjuvant use programs such as TuneUp.
Results for optimizing the Windows system
With the setup from the start module in the Service of Windows XP, Windows will have a larger memory source for the application. So that applications have more memory space.
Risk in the optimization of this article
Optimization by using the Service, registry and turn the feature on the Windows XP operating system can not be separated from some of the risk. You should already know what you do with the biggest risk is the Windows XP you can not work properly until can not go to the screen Desktop WinXP.
Do not forget, to make changes to Windows XP, you are handled, and the risk borne by your own.
Hopefully beneficial to all ...
free download
Blog Archive
-
▼
2008
(11)
-
▼
November
(11)
- Optimize Windows XP
- 7 Windows Vista More Than OK
- how the computer settings to connect to the Internet
- Tips and How to Re-Formatting Hard Disk and Re-Ins...
- HOW MMC FORMAT
- HOW Format HANDPHONE
- ENGINEERING format HP
- Clean Brontok Brontok may still be in the update, ...
- Characteristics Brontok I will not give lengthy ex...
- Analysis of how the virus made?There are three way...
- Strange things around BrontokCreator of the virus ...
-
▼
November
(11)
LOS ANGELES - After a long local government, later, Microsoft Corp. finally officially introduce Windows 7, the newest operating system.
Attendance replacement for the Windows Vista operating system, which is known to have problems, this was announced in a presentation by the head of Microsoft software architect, Ray Ozzie, in the Professional Developers Conference held company in Los Angeles, Tuesday local time. However, as quoted from CNN, Wednesday (29/10/2008).
Respond to the many complaints against Vista, Microsoft claims Windows 7 will be faster and takes only a little memory in the work. During this is known as the Vista operating system, which requires expensive hardware configuration, compared to predecessor, Windows XP.
Features of Windows 7 will simplify the work often makes computer users dejected. For example, the features of Home Group to create a user can quickly connect with other computers and other hardware device.
Julie Larsen-Green, one of petinggi Microsoft, in the conference demonstrate the convenience plays music files in other computers in the network, and then connect to the voice in other places.
Microsoft also change the desktop taskbar, and create space for users to put the applications they use most often.
This operating system also gives users the opportunity to turn the system alerts, and time booting faster than Vista. Microsoft also added features multi-touch interface in Windows 7.
Roger Kay, president of Endpoint Technologies Associates, said, a whole new operating system is to reduce the number of steps that are usually taken by users when making a working computer.
Meanwhile, Debby Fry Wilson, senior director of product management for Windows, Microsoft said it conducted a radical change with this new operating system.
The new Windows 7 will be officially sold in the market in early 2010. While the test version cobanya can enjoy the beginning of the year 2008.
To make the relationship to the Internet, is required, among other technical requirements as follows:
Computer hardware:
* Processors minimum 486 DX, recommended Pentium
* A minimum of 8 MB Ram, 16 Mb recommended
* A minimum modem speed of 14.4 kbps, suggested a higher speed. SijiwaeNet supports modem speeds of 56 kbps with the V.90 protocol.
* Phone lines, which should not use the multiplier channel (pairgain) or WLL (phone via radio). Multiplier channel will slow the speed of access.
Software:
* Windows 3.1, 95 or more. (of course, can also use other operating systems)
* In Windows has been installed 'Dial-up networking' and functioning properly.
* The attached protocol TCP / IP on the windows.
* Browser software (for browsing the Internet). When you can not have downloaded here (Internet Explorer, Netscape).
The installation computer
If the above requirements have been fulfilled, then you are ready to install a computer with the following steps:
1. Installing the modem, how to install the modem to be known by your computer.
2. The dial-up, set the modem to be connected to the Internet.
3. DNS settings.
Tips and How to Re-Formatting Hard Disk and Re-Installing Windows or Linux OS on a PC Computer / Laptops - Technical Guidelines
Diposting oleh zui.M03t.4905Tips and How to Re-Formatting Hard Disk and Re-Installing Windows or Linux OS on a PC Computer / Laptops - Technical Guidelines
The problem is that fatal and serious can only happen when and where it does not look brand and the price of computer pc / your laptop. Sometimes the computer can not go to the windows due to many things such as virus infected, booting missing files, bad sector, slow computer, frequently hangs the computer, a variety of settings and other problems.
If you have a variety of ways and do not get results that satisfy the shortcut / short, the best way is to re-format the hard drive / hard drive in the koputer pc / your laptop. In these tips will be given a few easy steps you can do yourself, but not in play. If you need assistance you can ask in the forum organisasi.org this site. Hopefully my friends or others can help you.
A. Step and Repeat Phase Format Hard Disk
1. Back up / bekap your important files on the disk because the format will delete all the files on your hard disk. If you have a CD-RW drive or DVD-RW drive you can burn your files to CD or DVD. Another way is with the backup flash disks, floppy diskettes, Zip disk, move files to the network lan network or the Internet on a computer or server and others.
2. After the backup is to make the next windows boot disk / rescue disk in the floppy diskette 1.4 MB. Floppy disk, aims to booting directly to the diskette is not through your hard drive. The term you will use Microsoft dos os on the disk that you create.
3. Change Settings Bios
When should you start the computer directly into the display settings for the BIOS boot sequence options. By the way, when your computer starts up a new press and hold the delete button until the BIOS appear on the screen computer monitor you. Change the order of booting the first floppy disk.
4. Hard Disk format
After the BIOS and replaced disave you enter the disk and then restart your computer. Later your computer will automatically boot from the floppy and select the boot with the CD-ROM booting process that can more quickly. After the entry to a command prompt: \ type format c: and press enter. Adjusted by the number of partitions you are. If you have a partition 3 then add the format d: and e format. Tips and how to partition the hard disk you may be looking at the search box on the left page of this article. If the format has been selsesai give the name of the appropriate drive your taste. If all wrong and running smoothly, the process of re-format has been completed. Now your hard drive as a new return.
B. Step and Repeat Step Install Windows and Linux OS
1. Install Windows 98 / 2000 / ME / XP / Vista / Linux
The first step in reproduced mengistall operating system on the PC or laptop computer is booting you back to your disk and select the support cd-roms devices. After exit the command prompt and enter your installation cd os you on your taste you. Then, looking CD-ROM drive or DVD-ROM with your type d: e:, and other suitable locations drive CD or DVD ROM. After you check and search setup.exe file with the command cdnama folfer for entry into the folder. The command cd .. to back one folder level. dir command or the dir / w or dir / p to see the list of files that are in the folder. If the facts then run setup.exe or install.exe by typing the name of the file and press the enter key one time only. The next step to follow the commands you live in the installation CD or DVD os.
2. Boot Settings Silence They Cry in the Bios
After re-install Windows or Linux is finished, remove the floppy diskette flopyy 1.4 and you re-enter the BIOS menu to restart after restart. Select the IDE-0 as the first boot. Floppy you can boot into both setting and cd-roms boot into the third. You specify free to your liking. AFTER the restart back again.
3. Install Driver and Software
If successful entry into the display windows or linux early, then you nginstall drivers for sound cards, printers, scanners, data cable, according forth and hardware available. You must seek and have their own driver. Each type of computer that has a different driver. Usually you will be given cd drivers when you buy a computer or other hardware. Without a driver, the equipment that connects to the PC or laptop computer can not run properly.
Congratulations and good luck trying
HOW MMC format
1.INCLUDE TO MENU EXTRAS - MEMORY - options - Format.
2.WITH FACILITY Windows Explorer
With select the Format menu, and select the type of formatting is FAT.
3.WITH COMMAND LINE
START - Run - cmd
Then type format i: / FS / FAT (I MMC) to avoid a format C.
HOW open the MMC because TER-password
Use seleq 1.65 and lnjutkan drive.
From the options, continue to find.
Write the name MMCSTORE
Send files to the computer through MMCSTORE INFA red or Bluetooth.
Change the name of the computer MMCSTORE become MMCSTORE.txt
Use the files and passwords MMCSTORE.txt open.
1.NOKIA
Press * # 7370 #
Code 12345 and I had never changed his PIN
In the case of N6600 declined code format,
How loose battery hp, MMC, and SIM card and hold the pair again and press call 3 *,
Press and hold power on respest appear written format.
For how N9210 hp closed, and batereai removed and opened hp and press CTRL + SHIFT simultaneously and hold, and then replacing it again.
Wait until there is a hand shake hands.
Coinciding with the emergence of the image that we want to shake hands, press the letter M appears to writing Format, and press OK.
2.SONY AND SIEMENS
No format, only to return to the beginning ....
When the program has no written hp Reset ALL, which means that the requested code * # 0000 #
I * # 9999 #.'s How the menu - settings reset all requested =* code 0000 # * # # i # 9999
3.SAMSUNG
Type the code directly on the LCD: * 2767 * 2878 # waiting sanpai hp flame itself.
If not press the power on less than 3 minutes.
ENGINEERING format HP
Condition-going
1. conditions in the affected mobile phone virus
2. to normal conditions in the affected hangs.
3. to normal conditions in the loss of one of the programs folder
4. conditions in the mobile phone can not display the battery indicator
5. conditions in the mobile phone can not get out and the number
Brontok may still be in the update, so I will give instructions and cleaning Brontok is not a antibrontok. Note that the steps detailed here may not be exactly the same deal for Brontok, because the file names may change.
If you are not sure, replace all the steps become clear steps to move the file directory certain.
1. Turn off the system restore features in Windows.
2. Close all programs that are running, save all your documents.
3. First, kill the process Brontok (the process is a program that is running).
You can use Process Explorer from sysinternals.com, one of the programs that are not imaginable by the Brontok (other similar programs will cause the computer restarts. Perhaps only in the next version of the program Brontok Process Explorer will also lead to restart the computer if run). Services.exe kill the process, lsass.exe, smss.exe, and winlogon.exe.
* Another way is to utilize the program KillVB I have made, the program will kill all the processes that executablenya written in VB (not only viruses). Simply download, extract, and run the file. Virus will die in the memory after you run the program and you can continue the process of cleaning your computer (no need to restart or log in safe mode).
# In the start menu, select programs, and select the startup Click the right (not the one with a left-click) on Empty.pif, and delete the file. (If necessary, remove all the files that you do not need, in the future may file name will be changed Empty.pif.)
# Fix registry to create the file fixbrontok.inf listed below, and then right click on the file and choose to install (you can download the file here). This file will change the settings to improve by Brontok, and will set Explorer to show hidden files and display the file extension is also known by the Explorer.
# For the next step, to ensure whether the object with a folder icon is actually a folder, do one of the following steps:
* Use the detail view (in Explorer, select the menu view, and details). See whether the object type in the folder or application. Do not click on the folder icon with the application.
* Restart explorer (without restart Windows), how to do: run the task manager by pressing ctrl-alt-del, select the Processes, and select explorer.exe and select End Process. Select "Yes", then go to the Application tab, select New Task, type Explorer.exe, and press enter.
# Delete all the files. Exe files in the% windir% \ shellnew (% windir% is your Windows directory, for example, C: \ Windows). You must remove the right of the folder icons have, but should not this directory contains the files. Exe and usually all exe files in the directory is safe in the clear.
# Clean the remaining registry established by random string, use the msconfig (select Start, type msconfig and Enter), and see the startup tab, remove the startup items with the name begins with the name and bbm brxxxon (xxxx is a random number). Once again: the name of this may soon change. The best way is to see the command (second column), for example, listed C: \ Windows \ X.exe, see the file C: \ Windows \ X.exe, if the file has a folder icon you can delete them.
# Find all the files. Exe and. Britain in the drive all the features you find in the Explorer and delete the file if the file has a folder icon. To reduce the number of files that restrict the size of the files found to be <90 kb (old version of about 82 kb, a new version about 43 kb).
# Sort by file size in order to facilitate the process penghapusan.Hapus all the files. Com with the same size Brontok size that you find in the previous step-in C: \ Documents and Settings \% username% \ Templates.Hapus Scheduled task in the Control panel is not your own (the name At1, At2, etc.). If you use Windows 95, Windows 98, ME or Windows, see the contents of the autoexec.bat file in the root folder (C: \ autoexec.bat, D: \ autoexec.bat , Etc.), if the content is only one line (one form of the word "pause"). Remove autoexec.bat.
# Restart the computer, and see whether there is Brontok.
Characteristics Brontok
I will not give lengthy explanations about the characteristics Brontok, because this section is discussed at many sites. In short, Brontok characteristics are:
1. Brontok use the standard Windows folder icon, you use the theme strange / nonstandar will see a rarity this icon.
2. Brontok make many changes in the registry so difficult to clean (disable the registry editor, remove the folder menu options, etc.). Rather, Brontok to make changes in the value of the subkey:
* HKCU \ Software \ Microsoft \ Windows \ currentversion \ run
o Value-Tok Cirrhatus a path to Brontok.
o Value-Cirrhatus Tok-XXX (xxx is a random) into the path to the name Brontok also random.
* HKLM \ Software \ Microsoft \ Windows \ currentversion \ run
o Value Bron-Spizaetus a path to Brontok.
o Value Bron-Spizaetus-xxx (xxx is a random) into the path to Brontok.
* HKCU \ Software \ Microsoft \ Windows \ currentversion \ Policies \ Explorer \
o Value NoFolderOptions to 1.
* HKCU \ Software \ Microsoft \ Windows \ currentversion \ Policies \ System \
o Value DisableCMD to 0.
o DisableRegistryTools value to 1.
* HKCU \ Software \ Microsoft \ Windows \ currentversion \ explorer \ advanced
o Hidden Value to 0.
o Value HideFileExt to 1.
o Value ShowSuperHidden to 0.
* SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon
o Value of a Shell Explorer.exe "c: \ windows \ xxx.exe-food". (xxx is a random)
* SYSTEM \ CurrentControlSet \ Control \ SafeBoot \
o Value AlternateShell into cmd-bro-xxx.exe (xxx is a random). Caution: it Windows will automatically copy all the contents in the key HKLM, SYSTEM \ CurrentContolSet \ Control \ SafeBoot to HKLM, SYSTEM \ ContolSet00X \ Control \ SafeBoot X (from 1-2) restart the process if done successfully (or if the computer is turned off and computer starts up again).
3. Brontok mar many copies of the directory itself.
4. Brontok override the autoexec.bat line with a "pause", may mean to stop the antivirus software running in DOS mode, which is run by autoexec.bat.
5. Brontok make a lot of startup items that run when the computer starts (in the start menu and in various places in the registry). This applies also in safe mode (Attention attention, which is "SAFE MODE" not "SAVEMODE").
6. Brontok to update itself from a particular URL, this is exactly Brontok download exe files from certain sites and mengeksekusinya (can not update the content brontok, but the code to format the entire computer). Discussion in the next section in this article.
7. Brontok use encryption to hide the string-string in himself. Encryption Brontok also discussed in this article.
8. Brontok submit himself to an email address that finding, if the address does not contain the following string (meaning brontok will not submit himself to Microsoft, the company's antivirus software, etc.): SECURE, SUPPORT, MASTER, MICROSOFT, Closer, HACK, CRACK, LINUX, AVG, GRISOFT, CILLIN, SECURITY, Symantec, Associate, VACCINE, NORTON, NORMAN, PANDA, SOFT, SPAM, BLAH. Vbs, DOMAIN, HIDDEN, DEMO, develop, FOO @, COMPUTER, SENIOR, DARK, BLACK, BLEEP, FEEDBACK, IBM., Intel., Macro, Adobe, Calumet Campus, recipient, SERVER, proxy, ZEND, ZDNET, CNET, DOWNLOADS, HP., XEROX, Canon, SERVICE, ARCHIEVE, Netscape, Mozilla, Opera, Novell, NEW LOTUS, Micro, TREND, Siemens, FUJITSU, NOKIA, W3., NVIDIA, apache, mysql, POSTGRE, SUN., Goo GLE, SPERSKY, ZOMBIE, ADMIN, AVIRA, AVAST, work, ESAVE, ESAFE, Protect, Aladdin, alerts, BUILDER, DATABASE , AHNLAB, PROLAND, ESCAN, HAURI, NOD32, SYBARI, antigens, R OBOT, ALWIL, BROWSE, COMPUSE, compute, SECUN, SPYW, REGIST, FREE, s, MATH, LAB, IEEE, KDE, TRACK, information, Fuji, @ MAC, SLACK, REDHA, Vancouver, Ghatkopar, XANDROS, @ ABC, @ 123, LO OKSMART, SYNDICAT, ELEKTRO, ELECTRO, NASA, Lucent, TELECOM, STUDIO, Sierra, USERNAME, IPTE K, CLICK, SALES, PROMO,. CA.COM There is little difference in the email if an email sent to the address with the following substring ( "server address"): Plasa; TELKOM; INDO;. CO.ID;. GO.ID;. MIL.ID;. SCH.ID;. NET.ID;. OR.ID;. AC.ID;. WEB.ID;. WAR.NET.ID; ASTAGA; GAUL; CAN; EMAILKU; ONE. The difference in the original sender, if Indonesia goal for the sender if the non menjadi@boleh.com while "address Indonesia" menjadi@friendster.com the sender (in the initial version Brontok, memakai@kafegaul.com to Indonesia and the Philippines to address non-address @ pornstargals . com). (bodohnya content of the email remain the same, and use English in the content downloaded from the Internet). Caution: analysis of one of the many states that Brontok not submit himself to an email address in Indonesia.
9. Brontok try to get an email address with the victim parsing of HTML files,. Htm,. TXT,. EML,. WAB, and. PHP discovering (Brontok find all the files in a string xxx@yyy.zzz).
10. Brontok SMTP to connect directly when sending email, but do not use the MX records (Mail eXchanger record) a DNS domain. If Brontok to send alamat@yahoo.com, he will try to use SMTP server mta237.mail.re2.yahoo.com, whereas if the domain to search for other Brontok MX / SMTP server by adding prefix smtp., Mail. or ns1. in the mail domain.
11. Brontok Create a file that the contents of all people to stop crime (bla bla bla, please read on other sites if you are curious about the contents).
12. Brontok restart the computer when a particular program is active. The program checks to see done with the program window to the text string: Registry, SYSTEM CONFIGURATION, command prompt. EXE, shut down, SCRIPT HOST, LOG OFF Windows, KILLBOX, TASK, two of the last new string added to the program, which can kill Brontok task, for example, the program HijakThis.
13. Brontok schedule himself to run at certain hours. Brontok schedule an early version of himself only at 17:08, but the new version also schedule an execution at 11:03 (both scheduled every day).
14. Brontok share in trying to access the local network also menginfeksinya and.
15. Brontok have a string: By: HVM31 - Jowobot # VM Community - (Note the word VM / Virus makes this community, it may HVM31 have friends who know about this).
16. Brontok version of the old attack (DDOS mean you want to do / Distributed Denial of Service Attack) and the site 17tahun.com israel.gov.il with ping, while the new version of HTTP Get to attack www.17tahun.com, www.kaskus.com, and www.fajarweb.com.
17. Brontok make debuging.com counter at the site, the URL: http://debuging.com/WS1/cgi/x.cgi?NAVG=Tracker&username =% 64% 65% 6C% 62% 65% 6C% 62% 72% 6F ( usernamenya is delbelbro). I have not contact the owner of the site. Counter increased the value of each finished attack sites in the list (www.17tahun.com, www.kaskus.com, and www.fajarweb.com).
18. Brontok create files in the directory sistem.sys% windir% / system32/sistem.sis contents of the code is the time when the active brontok the first time. This code consists of 2 digits month, 2-digit date, 2-digit hours and 2 minutes digits. Ex: 01122245 means Brontok active in the first 01 = January, 17 = 17, 22 = 1 malamm, 45 = minutes to 45. This file is also dicopykan to the directory \ Documents and Settings \ Username \ Application Data \ with the file name is BronMes *. (* part can vary).
19. Brontok force will try to kill some process (the process is running the program) with the command taskkill / f / im namaproses. The process includes the killed virus / worm another local, and some antivirus software. Precisely the process that is killed mcvsescn.exe; poproxy.exe; avgemc.exe; ccapps.exe; tskmgr.exe; syslove.exe; xpshare.exe; riyani_jangkaru.exe; systray.exe; ashmaisv.exe; aswupdsv.exe; nvcoas . exe; cclaw.exe; njeeves.exe; nipsvc.exe; dkernel.exe; iexplorer.exe; lexplorer.exe.
20. Brontok will change the file attributes MSVBVM60.DLL in the Windows system directory. Attribute files will be converted into a hidden, system, and read only. Goals this step is more difficult to remove files from msvbvm60.dll DOS mode, as discussed in several websites.
21. Brontok will download a file from a URL random (see the update Brontok) and try to overwrite the file% windir% \ system32 \ drivers \ etc \ hosts file with the didownloadnya.
22. If Brontok find the file. DOC,. PDF. XLS, and. PPT attributnya will then be returned to normal, the nature of this seems to be done to restore the documents hidden (be hidden) by other viruses.
23. Brontok try to delete a file with the substring "nostalgic", * RORO *. HTT, FOLDER.HTT. If the file extension is. EXE, then Brontok will also delete the file if the file has a name substring. DOC.EXE;. DOC;. XLS.EXE;. XLS; PATAH; stuff; stay; LUCU; MOVZX; love; for; DATA about; RIYANI; JANGKARU; KANGEN; JROX; DIARY; DKERNEL; IEXPLORER; LEXPLORER; ADULTONLY; ASIAN; VIRTUAL GIRL; X-PHOTOS; BESTMODEL; GAME Two people; HOT SCREEN; HOTBABE; NAKED; MODEL VG; SEXY; V-GIRL7; JAPANESEGIRL; POEM (note that Brontok not remove. DOC, but. DOC followed by a space and with the extension. EXE, as well as with. XLS).
24. Brontok also delete the file: C: \! Submit \ winword.exe, c: \ submit \ xpshare.exe, c: \ windows \ systray.exe,% windir% \ systray.exe,% windir% \ fonts \ tskmgr.exe , C: \ windows \ rundll32.exe. There are still some files again removed Brontok this (I did not continue the analysis of the deletion until the file here).
Analysis of how the virus made? There are three ways to analyze the virus, the first black box, namely to see the behavior of the virus in a particular environment, analyze the content of the virus with the disassembly, and the third is to see the way the virus with a debugger. Unfortunately, most people can only make analysis of how the first and second how little, but not comprehensively. Black box analysis Some programs are available to see the difference in state computers before and after the program started (including before and after the virus starts). I do not believe with this kind of program, but programs like this can show files what made the virus, and registry changes made by the virus. This is not easy but powerful, because the virus may behave strange every Wednesday while you test in Tuesday. The program may also be used to record the state system is not perfect, so there are changes that are not recorded, and there is the possibility the virus remaining after the analysis process is completed. If the virus is quite sophisticated and can detect the existence of the program pemonitor, the virus can make the situation different from the ordinary. Disassembly and dekompilasi Program in a certain language (usually compiled and diinterpretasi at once, such as Java or C #) can didekompilasi easily, meaning "language engine" that is on the exe files can be returned into the source code, but the program in another language can not be returned into the source code, can only be assembly language. Assembly language are very low level (very close to the engine) so difficult to understand except with patience and a lot of training (usually with the help of a debugger as well). Not many people want and can do it, but it is done every day to make a cracker serial number generator, and mengcrack various programs (programs that would be used by many people now is the paper cracker). | ||
Strange things around Brontok
Creator of the virus suspected Brontok from the Bandung Institute of Technology (ITB), but had no evidence about it except that the reports about the virus began to spread in the ITB. This update the virus itself from a site on the Internet, but really only one analysis, which states this. Even with the URL to know from where the virus is to update itself, we can do the following:
* Track who is the owner of the site, and in the case of free web site, certain parties (ISP administrators, etc.) can be asked to track people who register for the site or access the site the first time (most likely the creator of the virus).
* Administrators can block viruses in URLs update the level of proxy or firewall.
* With view the log, administrators can track the computer where the infected Brontok.
The only local analysis, which states that the virus update himself comes from an antivirus company, which formed a local partnership with an antivirus companies overseas. But even though the company is strange to know that the virus has to update himself, he did not mention the URL update the page, although I have a personal question via email. Does the company does not know the URL? (less versed in analyzing virusnya), or they accidentally let a virus that had the opportunity to update themselves and get the company speculate? (second possibility is the same mengkhawatirkannya).
The virus was not only able to update itself, but also download a list of files that need to be removed before the update is done, meaning that the virus was considered only exacerbate this fact also can be dangerous. And the actual file update virus it could not contain the new virus, but contains the code to format your computer.
Early versions of the virus only attacked the site and 17tahun.com israel.gov.il, but long-time start attacking other sites, such as www.kaskus.com, and even personal sites (blogs) as fajarweb.com, does personal revenge by the virus on this particular person?
Creator of the virus include these words in virusnya:
! They will Kubuat (VM's local sloppy & stupid) LINK!
And in the latest version Brontok, he had tried to delete filthy viruses such as local / decoy, mustache, Fawn, nostalgic, and riyani_jangkaru (my knowledge about the virus locally rather minimal, so this only dafar I know). Elimination of the virus part of local harmonized enough, with the task to kill the virus, delete the file viruses, and even menormalkan attribute file documents created by a hidden viruses other (but cleaning the registry is modified viruses do not do).
This article will make my seobjektif may, with the analysis that in and accurate. This article can be a correction at a time for information analysis Brontok in the content of other sites that are sometimes not accurate.
Facts and notes
Some statements in this article may be a certain prejudice, by because I want to tell you some facts about myself:
1. Currently I am not a Windows user again, although I still have a Windows partition that I use for purposes such as this (analysis of the virus, try, try and Windows programs). I do not store data in Windows, so a kind of experiment is safe enough for me. Everyday I use Mac OS X on my iBook G4, and GNU / Linux (Fedora Core 4) on AMD64. Because not a Windows user, my little knowledge may be behind in terms of applications in Windows, but low-level technical knowledge of Windows I always update.
2. Currently I do not work in the security business or have business-related security. Any statement on my other business entities are not intended to benefit myself. My job is a teaching assistant at the Department of Information Engineering School of Electrical and Information (first part of the Faculty of Industrial Technology) Bandung Institute of Technology.
3. I am not a cracker, I'm not the people from both groups of virus creators groups outside the country and Indonesia.
4. I only have the older version Brontok (Brontok sample taken from a lab at ITB), and the latest version (Brontok sample taken from the Jakarta State University / UNJ), a version of which I do not have.
5. I do not include the URL various tools that I use, because the URL for the tools that can help the process of cracking usually always shifting, use Google to search tools, tools that I mentioned.
6. I do not make antivirus software for Brontok this, please use your existing antivirus software (I do not want to take pains to update the antivirus Brontok always updated, many antibrontok on the Internet is no longer able to detect, delete, or Brontok handle the new version) . The antivirus software on the market with the latest update should have been enough. However, if this Brontok increasingly difficult diberantas, I will make antivirus software for special Brontok. However, I provide cleaning Brontok step manual for the various generic versions Brontok at this time.