Archive for February, 2008

ActiveX Technology

Monday, February 25th, 2008

Before ActiveX technology, OLE(Object Linking and Embedding) and COM(Component Object Model) were very popular. Both of them were designed for software interoperability, OLE focusing on communicating and COM focusing on implementation. Then, in 1996, Microsoft combined both OLE and COM and refitted them into ActiveX Technology.

An ActiveX control is a reusable component program object that can be re-used by many application programs within a computer or among computers in a network. An ActiveX control can be created in any programming language that recognizes Microsoft’s Component Object Model (COM). An ActiveX Component does not amount to an entire application, rather it provides a small building-block that can be shared by different software. ActiveX Contros is very important prior to the computers security and is normally used to setup password.

Visual Basic and C++ are commonly used to develop ActiveX controls.

Besides ActiveX control, there are some other Activex technologies, among which ActiveX Data Objects(ADO) is still widely used now.

Notice: ActiveX is a technology which allows for programs to run on your PC with or without your knowledge which can be harmful. It’s how most spyware and viruses are introduces to your pc. If you are wondering if your PC gets any spyware or virus, please run an anti-spyware free scan to find out.

Disable Windows Auto Errors Reporting

Thursday, February 7th, 2008

(this article is applied on Windows XP).

Steps:

  1. Open Registry Editor by running regedit.exe. Find the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting. Under this key, find the value called “DoReport”, or create a new key called “DoReport” with type REG_DWORD.
  2. Modify registry key value “DoReport” ‘s value to 1. (1. disabled; 2. enabled)
  3. Close Registry Editor, and reboot the computer.

Registry snapshot

Warning: it may cause serious issues if you fail to use Registry Editor appropriately. We suggest you do a Registry Backup before using Registry Editor.

The hidden starting ways for most Trojans

Wednesday, February 6th, 2008

One of the most common characteristics of Trojans is that they are automatically started up when the operating system starts up. Otherwise, all Trojans are useless if they cannot get started running.

Method 1. use registry “Run” key values

I believe this is the most common method to be used right now. Please notice the registry key and values below:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

“Run” is a very sensitive keyword, so if you find any registry key or values containing keyword “Run”, you need to be very careful about it.

Method 2. use system files

The system files which could be used by Trojans include: Win.ini , system.ini , Autoexec.bat, and Config.sys. When the operating system starts up, some content of these files above is loaded into the memory along with the system starting up. This fact is the reason why Trojans use these files.

Method 3. system Startup group

You can find all the applications in the group by clicking “start” -> “All Programs” -> “Startup”. Or:

  • In Windows XP, C:\Documents and Settings\[Your User Name]\Start Menu\Programs\Startup.
  • In Windows 98, C:\WINDOWS\Start Menu\Programs\Startup.

The corresponding registry key is HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders.

Method 4. modify the default application which is related to specific file extensions.

For example, when everything is correct, we should be able to open a .txt file using Notepad.exe by default. However, once the system is infected with one Trojan which use this method, you are starting Trojan instead of Notepad.exe when you try to open a plain text file with .txt extision, by double clicking on it.

There are 2 ways to manually solve this problem:

  1. Modify registry. Let’s say, if .EXE extension was modified maliciously, you need to modify these 2 registry keys: HKEY_CLASSES_ROOT\exefile\shell\open\command and HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command.
  2. Go to “Control Panel”, double click “Folder Options” -> “File Types”, then choose the file type which you would like to modify, and click “Advanced”.

Method 5. use windows service

The windows operating system always needs some services running, which we call “system services”. All the services are started up automatically when the Operating System is started up. Some Trojan just install some new services to the system, then when you restart your Operating System next time, the Trojan gets started.

You can always find all your services in: “Control Panel” -> “Administrative Tools” -> “Services”.

You can also use command “net start [service name]” to manually start a service, and use command “net stop [service name]” to manually stop a service.

Registry Editor

Monday, February 4th, 2008

If you have used computers for a few years, maybe you know very well how to start Windows Registry Editor. Yes, it is very simple. If that is the case, you don’t need to read this post, because this post is just for computer newbies.

Why do you need to use Registry Editor?

No, I admit, there are no absolute good reasons for you to know how to use Registry Editor. Plus, it is supposed to be very dangerous if you are not sure how the registry key (value) affect the computer behavior. However, on the other hand, if you are interested in computer, and if you sometimes want to do some diagnose work for your PC by yourself, Registry Editor is the first tool you have to know.

How to start Windows Registry Editor?

Click on Start > Run, type Regedit and press OK .

WARNING: Before you do any modifications to the registry directly, please backup the registry first. It may cause the system failing to start up.

Windows Registry Editor

How to backup registry?

There are at least 2 ways to backup registry.

Method 1. If you need only to backup a small part of the registry, you can use the “export” function of Registry Editor.

Export function of  Registry Editor

Method 2. Use “System Restore” utility.
Microsoft Windows XP includes a feature known as system restore. This great new feature enables a user to backup and restore their important system files from an earlier day. By default this feature automatically creates a backup of the system each day. If you wish to create a restore point of your system follow the below steps.

  1. Click Start, Programs, Accessories, System Tools, System Restore
  2. Select the option to Create a restore point
  3. Click next and follow the remainder steps.

HijackThis

Sunday, February 3rd, 2008

HijackThis is a free spyware detection tool for experts to diagnose PC problems. It doesn’t do any removal directly. Instead, it generates a plain text log file, which you can publish on some security forums, and hopefully other people can help you to find your problem.

HijackThis was originally developed by Merijn. It is totally free, if you paid for it, you were either scammed or sold something else. You can download it from here.

Although HijackThis is for computer experts to find the problems, normally it is also very useful for all level computer users. The point is that as long as you know how to download it, run it on your PC, you can get the log file for your PC. If you suspect that your PC is infected by something bad, you can consult other people on internet, or in person, by providing them your HijackThis log file. At most times, people will directly tell you what’s wrong with your PC, and suggest you a solution to solve the problems.

HijackThis UI

Realplay.exe Virus and 7939.com

Sunday, February 3rd, 2008

One friend found that his IE’s main page was modified maliciously to 7939.com. He called me, and finally we together figured out how to remove this malware manually.

Our manual solution is:

1. Open registry editor (by running regedit.exe), search ’7939.com’, and delete all the items found.

2. Open Windows Task Manager or other processes managing tool, then terminate both Realplayer.exe and Explorer.exe processes. Note: when you terminate Explorer.exe, the desktop disappears. Next, start up Explorer.exe again by clicking Windows Task Manager -> Applications -> New Task.

3. Delete file C:\WINDOWS\system32\Realplayer.exe

4. Delete the following Registry Key values:

The startup key values:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Realplayer.exe”=”%System%\Realplayer.exe”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Realplayer.exe”=”%System%\Realplayer.exe”
The registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft NT]
and
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RunDown]

Firefox VS IE

Sunday, February 3rd, 2008

One of my friends is not very familiar with PC. Once she knew that my work is to solve PC problems, she asked me what’s my common suggestions for her. since she mostly uses PC to browse the internet, I recommended her to use Firefox instead of IE.

From the speed point of view, Firefox is running faster than IE. If you play web gaming, on the gaming site, you can see Firefox is much faster than IE. Also, in IE 7, it takes a much longer time to open a new tab.

Secondly, Firefox is more secure when you use it to browse the web. Many spywares or viruses are planted in your PC when you browse the web, by running active x control. By a default installation, Firefox doesn’t support Active , which diminished the chance of you PC getting infected.

However, IE has its own advantages. It comes with the operating system, which means you don’t need to install it by yourself, and you can use it on every PC. However, to use Firefox, you need to know where to get it, and how to install. Sometimes, it is not very easy to do these for Web Newbies.

I helped my friend downloading and installing Firefox. She really enjoyed it. Here is the link to download Firefox.