Cmd Auto Shutdown Virus

Remove the pc-off.bat



A few months ago, I've found fixed my friend’s computer’s problem. She was having problems accessing the command prompt (DOS) from her Windows XP operating system. Every time she attempts to execute “cmd” on her Run dialog box, her computer automatically shuts down. Here is my analysis on how the virus prevents her from using the command prompt and how to remove the virus from the system.

Problem


A virus is preventing the user from using the command prompt. When “cmd” is used, the system automatically shuts off.



Analysis


After giving attempting the “cmd” on her system, the command prompt executes a file called “pc-off.bat“. If my assumptions are correct, this file causes the system to shut down. The file injects itself before the “cmd” command starts.


The only way that this can be done is to inject a command in the Command Processor registry entry. To solve the problem, we have to trace and remove the command that was injected by the virus.


Solution


We must first gain access to our registry editor (regedit on your run prompt). In some cases, the virus disables user (admin) access to the registry. Since the virus injects itself in our command prompt, using DOS to access the registry is not possible. What I can suggest is you download and install an alternate registry editor which you can use to browse your registry editors.


One you gain access to the system registry, browse on the [HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor] and remove the “autorun“= “c:Windowspc-off.bat” entry.



Quickpost this image to Myspace, Digg, Facebook, and others!


After removing the autorun entry, download and run this batch file.


Today i would like to share with u my new version of virus washer for pc-off.bat, click the link below :-


Click _Here


In some reported cases, the pc-off.bat virus have other variations like bar311.exe, password_viewer.exe, and photos.zip.exe. The fix file above should remove these files as well.

After fixing the problem, update your anti-virus or buy an updated anti-virus to prevent further infection.

Configure Riger DB102

Fisrt of all:-

1)

Go to http://192.168.1.1.


* Username: tmadmin

* Password: tmadmin

Then you will see this above page. Go and click at the WAN Tab and click at PPP.

2)

Set the new interface as:


* PPP interface = 0

* ATM VC = aal5-0

* Protocol = PPoE

* Use DNS = enable

* Security = PAP

3)

Don’t forget to set your username as username@streamyx and also your TMNet Streamyx password. When done, click Submit.

Click on ATM VC and make sure interface are set as:


* aal5-0 VPI = 0

* VCI = 35

* MUX = LLC

* Max proto = 2

4)

After that, click on Admin and then Commit and then Reboot Once it’s done you should check your Internet connectivity by loading your favorite website.


If you’re unable to go to 192.168.1.1, please make sure that your PC IP is in the range of 192.168.x.x.


Done!

Change Computer Name On Registry

Got trouble when change computer name? No heart feelin..i will teach you how to change the computer name easily with the simple command line with parameters. There's no special tools needed,first of all, go to :-


♣Start>Run>Regedit

1.) Using registry
(HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\ComputerName)..
this method works after reboot, with some side effects.
(If you check in control
Panel->System it will keep show you old name, although system uses new
name). Any explanations how to fix that?;p


♣
2.) I'd really like to hear from MS expert whether any of command line
utils can change computer name (I believe it does). I've been playing
around with netsh, net.


That's all for today,. Im tired rite now.. C ya next day ^_^

How to disable Autorun for drives

To disable Autorun for drives,follow those instruction =>
♣Goto Start > Run > “gpedit.msc”

♣Goto UserConfiguration > AdministrativeTemplates > Syatem

♣Select TurnOffAutoplay > Properties > Enabled > AllDrives

Definisi Proxy

P

roxy boleh ditakrifkan sebagai suatu teknik yang standard untuk mendapat aksesan Internet bersama-sama beberapa komputer sekaligus dalam sebuah rangkaian tempatan (LAN) melalui sebuah modem ataupun sebuah saluran komunikasi. Proxy server adalah sebuah komputer server atau program komputer yang dapat bertindak sebagai komputer lainnya untuk melakukan permintaan(request) terhadap isi kandungan dari Internet atau intranet.


♣Proxy server bertindak sebagai gateway terhadap dunia maya untuk setiap komputer klien. Proxy server tidak terlihat oleh komputer klien sehingga seorang pengguna yang berinteraksi dengan Internet melalui sebuah proxy server tidak akan mengetahui bahawa sebuah proxy server sedang menangani permintaan(request) yang dilakukannya. Web server yang menerima permintaan(request) dari proxy server akan menginterpretasikan request-request tersebut seolah-olah request itu datang secara langsung dari komputer klien, bukan dari proxy server.



♣Proxy server juga dapat digunakan untuk mengakses private network yang dihubungkan ke sebuah jaringan publik (misalnya Internet). Proxy server memiliki lebih banyak fungsi daripada router yang memiliki ciri² packet filtering kerana memang proxy server beroperasi pada level yang lebih tinggi dan memiliki kontrol yang lebih menyeluruh terhadap akses jaringan. Proxy server yang berfungsi sebagai sebuah "agen keamanan" untuk sebuah jaringan pribadi, umumnya dikenal sebagai firewall.


‹‹‹‹‹‹‹‹‹‹‹


♣to be continue . .. ...

Hide Entire Drives Partition Without Registry

Here is a cool technique which hides entire hard disk drives by a simple procedure.
This is the best security tip to be employ against unauthorised users.

1) Go to Start > Run > type "diskpart".
A DOS window will appear with following description.

DISKPART

2) Then type "list volume"
The result will look something like one as shown below-




3)Suppose you want to hide drive E then type "select volume 3"
Then a message will appear in same window { Volume 3 is the selected volume}

4) Now type "remove letter E"
Now a message will come { Diskpart Removed the Drive letter }

sometime it requires to reboot the computer.
Diskpart will remove the letter.

Windows XP is not having capabilty to identify the unknown volume.
Your Data is now safe from unauthorised users.

To access the content of hidden Drive repeat the process mentioned above. But in 4th step replace " remove" by "assign".
It means type "assign letter E".

Activate Your XP Validation

Windows XP

will typically remind you to activate the product (most users will have 30 days to activate XP after installation). To activate XP..click the link

here

to download the wpa-kill.



Follow these instruction :-
1) Open the compress file

2) Double-click on wpa-kill

3) Choose Apply now

4) Enjoy your Windows Xp (^_^)


p/s:there's no reason to be the failure person..