Archive

Archive for December, 2007

Get open with dialog when opening Windows drives?

December 28, 2007 Leave a comment

Recently, I had been facing this problem on all the virus hit systems on one of my client’s network. The problem was that I was getting the “Open With” dialog every time I double clicked any drive in My Computer. I had to select Internet Explorer from Open With dialog to open the drives. One of my friends came up with an idea and it worked great. The idea was to create a blank autorun.inf file in the drive having problems. And it was perfect .. now I can open all my drives (after placing the blank autorun.inf in the drive) by double clicking them.

To make a blank autorun.inf, open notepad and Save As “autorun.inf”. Place the autorun.inf in the affected drive.

Having the same problem? Did this trick solve your problem or you had a better solution? Share your experiences.

UPDATE: Please use the following DOS command for the ease of deleting the autorun.inf file.
C:\>attrib -S -H -R C:\autorun.inf
C:\>del /F C:\autorun.inf
Replace C with your drive that you want to disable autorun of.

For more technical articles, news and forum discussion logon

Advertisements
Categories: Windows

Removing the ntde1ect.com and autorun.inf files

December 21, 2007 2 comments

There is a trojan/virus (either the Win32/Pacex virus or the Win32/PSW.Agent.NDP trojan) that uses those two files. Here is how you can get rid of them:

1) Open up Task Manager (Ctrl-Alt-Del)
2) If wscript.exe is running, end it.
3) If explorer.exe is running, end it.
4) Open up “File | New Task (Run)” in the Task manager
5) Run cmd
6) Run the following command on all your drives by replacing c:\ with other drives in turn (note: if you have autorun.inf files that you think you need to backup, do so now):

del c:\autorun.* /f /a /s /q

7) Go to your Windows\System32 directory by typing cd c:\windows\system32
8) Type dir /a avp*.*
9) If you see any files names avp0.dll or avpo.exe or avp0.exe, use the following commands to delete each of them:

attrib -r -s -h avpo.exe
del avpo.exe

10) Use the Task Manager’s Run command to fire up regedit
11) Navigate to HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run (as usual, take a backup of your registry before touching it!)
12) If there are any entries for avpo.exe, delete them.
13) Do a complete search of your registry for ntde1ect.com and delete any entries you find.
14) Restart your computer.

For more technical articles, news and forum discussion logon

Categories: Windows

Task Manager has been disabled by your administrator

December 21, 2007 1 comment

“Task Manager has been disabled by your administrator”

Here is solution from the Microsoft article about enabling the task manager:

Enabling Task Manager from Group Policy Editor
1. Go to “Start” -> “Run” -> Write “Gpedit.msc” and press on “Enter” button.
2. Navigate to “User Configuration” -> “Administrative Templates” -> “System” -> “Ctrl+Alt+Del Options”
3. In the right side of the screen verity that “Remove Task Manager”” option set to “Disable” or “Not Configured”.
4. Close “Gpedit.msc” MMC.
5. Go to “Start” -> “Run” -> Write “gpupdate /force” and press on “Enter” button.

Enabling Task Manager from Registry Editor
1. Go to “Start” -> “Run” -> Write “regedit” and press on “Enter” button.
Warning: Modifying your registry can cause serious problems that may require you to reinstall your operating system.
Always backup your files before doing this registry hack.

2. Navigate to the following registry keys and verity that following settings set to default:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“DisableTaskMgr”=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“DisableTaskMgr”=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\]
“DisableTaskMgr”=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“DisableCAD”=dword:00000000
3. Reboot the computer.

For your convenience, I have created a registry file. Just download, double click it and add the info to your registry. The task manager will be enabled. Post your experiences please.

Download the registry file here.

Enabling Task Manager from the Run Menu

Abdullah mailed me this solution. Go to Start –> Run and copy and paste the following and press OK.

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

For more technical articles, news and forum discussion logon

Categories: Windows

Registry Editing Has Been Disabled By Your Administrator

December 21, 2007 19 comments

Here are two ways to enable the registry editing in Windows.

1- From Group Policy Editor

Go to Run –> gpedit.msc
In the left hand menu, go to User Config –> Administrative Templated –> System.
Now In the right hand pane, select “Prevent access to registry editing tools”. It will probably be not configured or enabled. If it’s enabled, disable it and if it’s not configured, first enable it, apply settings and then disable it. Most probably the settings have been applied instantly. If not, then run gpupdate in command prompt to apply the group policies.

2- From the Run Menu

I got this tweak while surfing the internet. Go to Start –> Run, copy and paste the follow in the Run box and press OK.

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

The effects are usually instant. If not then you should see the results after restarting your computer.

For more technical articles, news and forum discussion logon

Categories: Windows

How to make your own Operating System

December 18, 2007 1 comment

It’s funny, easy to make and it can be useful for many things, so I’ve made this tutorial to learn how to make the first pieces for a new os, don’t worry if it is crap, it can’t get any worse than Windows 😉

Requirements:

– Emu8086 (http://www.emu8086.com)
– Rawwrite (http://uranus.it.swin.edu.au/~jn/linux/rawwrite.htm)
– Some knowledge about 16-bit x86 assembler (If you don’t have got this, look for a tutorial)
– An empty floppy disk(optional but recommended)

Part I: the boot sector

When you start emu8086 choose a new BOOT template.
Ok, this is the base for the boot sector of a drive, there are 2 essential things in it, “#make_boot#” tells it is meant as boot sector.
“org 7c00h” is for telling it its loading address has to be 0000:7c00.
Let’s make it say hello world or something, without the dos interrupt, so we’ve got to make an own procedure to write a string.
There is a bios function to write a single char(The teletype function: ah = 0eh/int 10h) so we use that:

; You need to put a null byte at the end of your string
; Before calling this procedure you have to make si the offset of your string.
printstring proc near
nextchar:
mov al, [si] ; Copy the first char to al
cmp al, 0 ; Comparing al with 0
jz printed ; If it is null, jump to the end
inc si ; Move to the next char
mov ah, 0eh ; The teletype function.
int 10h ; Put the char
jmp nextchar ; Repeat it…
printed:
ret
printstring endp

And some function for waiting until a key is pressed:

mov ax, 0
int 16h

The key pressed will be returned in al.

For rebooting the pc you need this, unfortunately I don’t understand this piece, but is makes your os reboot the pc.
mov ax, 0040h
mov ds, ax
mov w.[0072h], 0000h ; I know this piece says to do a cold boot. To make it do a warm boot, replace 0000h with 1234h.

JMP 0FFFFh:0000h ; Yes, reboot!

Well, now you can combine that!
Let it print some text like hello world and wait until a key is pressed and then reboot!
The easiest way to test is emulating.

Part II: The kernel

Well, now you know how to make the boot sector but the boot sector can only be up to 512 bytes, that’s why you need a kernel.
We make a little kernel to put at sector 2, but you will need to make the boot sector loading it:

mov ah, 02h ; The read function
mov al, 5 ; Number of sectors to read, it is set to 5, if your kernel grows larger than this, change it
mov ch, 0 ; The cylinder number
mov cl, 2 ; The sector where it starts reading
mov dh, 0 ; The head number
; Set es to the address to load the kernel to
mov bx, 0800h
mov es, bx
mov bx, 0
; Read the kernel
int 13h
; Check if the kernel is loaded
cmp es:[0000],0E9h ; Comparing the first byte of kernel, it should be 0E9 which means jmp
jmp 0800h:0000h ; If the kernel is loaded, jump to it

This loads the kernel and checks if the kernel is loaded successfully by checking the first byte, usually you put something at the begin like:
jmp start
; A list of variables
start:
So the first byte is always jmp, whose hex value is 0E9…

Ok, let’s make the kernel!
Start start emu8086 a second time and choose a new BIN template.
The first thing to put in it is “ORG 0000h” to say it starts at that address, afther that, there has to be the command jmp (to somewhere) so the boot sector will recognise it.
An inportant piece for making the kernel running fine is this:
push cs
pop ds
I don’t know why it is required, but you get problems with variables if you haven’t inserted it.
Now you can just put code there as if it is the boot piece.

When you’ve finished the kernel, compile it and run the emulator for the booting part.
First choose “virtual drive > write 512 bytes at 0000:7c00 to boot sector > FLOPPY_0”
Then, “virtual drive > write ‘.bin’ to floppy…”, choose the kernel file you’ve just compiled, set the sector to 2 and write.
If you want to run it in the emulator choose “virtual drive > boot from virtual floppy > FLOPPY_0”, click run and have fun!
If you want to make a bootable disk, run rawwrite, choose the file FLOPPY_0 in the installation directory of emu8086 and have fun!

Good luck with making a real OS.

For more technical articles, news and forum discussion logon

Categories: General

Speed-up log-in tremendously in Windows

December 14, 2007 Leave a comment

If like me you’ve tried everything else and your log-in and log-off to XP is still tremendously slow then you might try this little trick. First, if there are any other users on your computer see if they have a similarly long log-in. If they don’t the problem might be your roaming profile, which is a folder where XP stores your settings you can access them from anywhere in the network. Since these profiles can get really bloated(as in my case) and are not really necessary unless you log-in from different computers in a large network, you should disable it. Here’s how:

1. Right click on My Computer, select the Manage option.

2. From the Management Console, select the Local Users and Groups option.

3. Double-Click on the Users folder that appears on the right panel.

4. Right click on the account with the slow log-in and select Properties.

5. Click on the Profile tab of the Properties Window.

6. Erase(but keep note a not of this) whatever path appears for Profile Path under User Profile and Local Path under Home Folder: LEAVE THESE LINES BLANK.

7. Reboot. Try to log-in into the problematic account, you should see a significant speed-boost, the computer might warn you once or twice that your Roaming Profile is not available, ignore it and it will go away, good luck!

Note: You also will not have your settings and files that a roaming profile provides across a network.

For more technical articles, news and forum discussion logon

Categories: Windows

How do hide a hardrive in windows?

December 14, 2007 Leave a comment

You can prevent users tampering with or viewing a drive by hiding it with a useful registry tweak.

Assuming you want to do this with individual users, go to:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer.

Create a DWORD value and call it NoDrives, the value that you give it will determine which drives will be made invisible. Use *decimal* values and hide drives by using the following numbers depending on the drive letter:

A: 1 B: 2 C: 4 D: 8
E: 16 F: 32 G: 64 H: 128
I: 256 J: 512 K: 1024 L: 2048

You get the picture To hide two or more drives, you need to add their values together, for example to hide C and D, add 4 + 8 and enter the decimal value 12.

In addition, to prevent Run, Map Network Drive, or the Dir command being used to view the contents of folders, you can create another DWORD called NoViewOnDrive, and use the same values given above. Logging off and back on again is needed to make the changes take effect.

You can make these changes on the whole system by editing the same key in HKEY_LOCAL_MACHINE and you can hide all drives by setting the decimal value at 67108863, but I can’t really see anyone wanting to it!

For more technical articles, news and forum discussion logon

Categories: Windows