RSS

Nepal Declared a Republic.


गणतंत्र को प्रस्ताव पारित ।
Motion to declare Nepal as a Republic filed and voted for.

time-11:25 pm

final vote count 560 for the motion 4 against the motion

time-12:00am
People Spontaneously coming out to the road to celebrate in Thamel area.

Somebody opined Narayanhiti Palace be made Narayanhiti Party Palace do you agree?

time-12:05am past my bed time.Time to say good night sleep tight don't let the bed bugs bite.

Wishing & Hoping for a prosperous Nepalese Republic.

Remove kinza/isetup with AntiKinza tool


I just compiled something to kill kinza/isetup.The batch file solutions floating around in the web did not completely clean the virus.So i thought why not to write something.So i did.You can get it from bottom of this post.

I did a bit of research into how this particular virus acted.Apparently there are at least 3 known variant of this virus in the wild.Anti Virus programs detect only a portion of its installed or rather implanted files.Also they don't reverse the registry key changes.

In my case some memory corruption was also observed because of this virus in ctfmon.exe and explorer.exe processes.
I got messages like

"The instruction at "0*00a4143d" referenced memory at "0*00a4143d".The
memory could not be read ".

Whenever i wanted to shutdown.Clicking ok did let me shutdown though.

Warning:(This needs restart)

You have to run this AntiKinza file twice to completely get rid of the virus if you are running in Normal mode.In the first run you will have to restart your computer.Second run won't need
restart.Run this in safe mode to remove the virus without restart.

Please save all your important documents and file and close all the running applications before running this program.
I won't be responsible for any damages caused by your actions.

Read carefully.
Steps to be followed.(important:-Follow Step no.5 strictly in normal mode)

1)Double click AntiKinza.exe
You will be presented with this prompt.


2)Click OK if you're done as it says.

3)Second prompt tells you wheather or not your computer has the virus in your system

Click Yes if you want to clean it.Click No to exit.If Your computer does not have virus then another prompt will show up telling you that you don't have virus and if you want to disable your autorun feature?



Clicking here will disable autorun.Which is a recommended thing to do.Because increasing number of the viruses are resorting to use this path to get into your computer.

4)If you computer has virus and if you click yes in step 3) Virus cleaning willstart.

5)Next prompt will ask you if you are running antikinza for the first time in Normal mode.If this is the case click Yes.This will restart your computer.After restart you will have to run the antikinza one more time to completely remove kinza/isetup if you running it from Normal mode. Click no if you are running antikinza for the second time in normal mode.



6)Running antikinza from the safe mode would completely get you rid of thevirus in one run.Click No if you are running antikinza from safe mode.


Your IE homepage will be set to back2mangalman.blogspot.com if you agree to run this program.Do you think i should be hanged for doing this? Please comment.I had to spend
a lots of time come up with this.

This can be reversed any time you want from Internet
Explorer->tools->Internet options->General ->Home page.

Download AntiKinza here

Mozill firefox Orkut Youtube banned in your computer?


Today i went to a cyber for some work.I could not find firefox so i installed it well sort of tried to but the thing went haywire.Messege box appeared out of nowhere and started to scream that i was not allowed to run mozilla firefox.


Extact text was " USE INTERNET EXPLORER YOU DOPE,I DNT HATE MOZILLA BUT USE IE `r OR ELSE... "


It would not close even if i try to.So i fired up the process explorer and noticed two processes named svchost.exe .The legitimate svchost.exe do not run like that so i killed both the processes and the firefox installed like butter.I found it quite funny so i decided to investigate on the subject at home.Reaching home i disabled my nod32 antivirus and then plugged in my pen device sure enough there was a hidden file named MicrosoftPowerPoint.exe and a autorun.inf in it.


I was about to deleberately infect my computer with this malware.I don't have any important file that if computer crashes would kill me. Don't try to infect yourself just because i did.

When i double clicked the MicrosostPowerPoint.exe it immiditely changed to svchost.exe.Ahha these were the ones i killed back at the cyber cafe.Lets see what else do they do.


It creates a folder named MicrosostPowerPoint in %temp% folder.Folder contained six files.Namely


2.mp3
drivelist.txt
Install.txt

Icon.ico
pathlist.txt
svchost.exe


Also it created a folder named heap41a in the c drive.This folder had the following files


drivelist.txt
2.mp3
Icon.ico
script1.txt
reproduce.txt
std.txt
drivelist.txt
svchost.exe


and a folder offspring in it file

autorun.inf
MicrosoftPowerPoint.exe exist.


What does it do?


It runs in the background as two svchost.exe process using your 2.2 Mb of memory.You can see them in action using Task Manager as it shows up as user initiated s
vchost.exe processes.It scans for removable drives to reproduce.Changes three registry entries


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\Run\winlogon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\Run\status
HKLM\Software\Microsoft\Windows\CurrentVersion\CurrentVersion\Explorer\
Advanced\Folder\Hidden\SHOWALL\checkedvalue


When one tries to run firefox it displays error messege saying USE INT
ERNET EXPLORER YOU DOPE,I DNT HATE MOZILLA BUT USE IE `r OR ELSE... with evil laugh and then terminates the firefox.


Also when you try to open youtube or orkut it says "ORKUT/youtube IS BANNED,Orkut/youtube is banned you fool`,The administrators didnt write this program guess who did??`r`r MUHAHAHA!!" this with same evil laugh and closes the Internet Explorer.


Now steps to get rid of it (Solution).



1)Open task manager/process explorer


2)Click Processes tab in task manager.


3)Look under Image name for svchost.exe with User Name user
and not the ones with SYSTEM/Network Service/Local Service as User Name
and terminate those 2 processes.


4)If you don't get no 3 download process explorer unzip it open it look for pair of svchost.exe with AutoHotKey in description section (pink ones in the picture.)





5)open regedit.exe from run and navigate to


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curren
tVersion\policies\Explorer\Run\winlogon


right click winlogon and click delete also look for the entry named status and delete it as well.


6)Navigate to
HKLM\Software\Microsoft\Windows\CurrentVersion\CurrentVersion\Explorer\Advanced\
Folder\Hidden\SHOWALL\checkedvalue


right click the checkedvalue click modify and change the value from 0 to1.


7)Open My computer->Tools->Folder Options click View tab look for Hidden Files and folders click Show hidden files and folders radio button uncheck Hide extensions for known file types also uncheck Hide protected operating system files (Recommended) click apply and ok.


8)Don't double click your drives to so that the autorun.inf won't execute.Instead use start menu->run->type c: and click enter.


9)delete the folder named heap41a


10)type %temp% in start menu->run and hit enter then delete folder named MicrosoftPowerPoint


11)It is a good idea to disable the autorun feature altogether
do this by copy pasting line below saving it as whatever.reg and than double clicking it.


REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"


12)Look for and delete autorun.inf and MicrosoftPowerPoint.exe from all your pen/flash drives.


This particular malware seems to be created using AutoHotKey.

Internet explorer 7 the buggiest browser in the world.


No i am not a firefox fan boy but the Internet explorer really sucks.I have 
stopped to use it altogether.I have noticed that firefox does not do good 
memory wise in my old low memory computer.

So i have installed opera and safari too just to be sure.I think this safari thing is not stable enough at least not yet.But the page loads faster in safari then any other browser may be its just their punch line "Fastest browser in the world" that is making me think this way i don't know.

Today I came across 2 websites which talked about the bugs in Internet explorer.They have identified wooping 131 bugs in IE7.I am not a developer but by the looks of it this much of bugs would have driven me crazy if i were a serious one.

Just an example here :


 Code in question here  when saved as html and run from IE7 would make IE7 disappear for no reason.Is it magic?I think so.So Guys at microsoft really know some serious magic too.Ha ha ha.I am impressed really.

The site got this info here is http://www.0x000000.com/index.php?i=527&bin=1000001111 and     

Free sms and internet in mero mobile


Minimum requirment:-A gprs enabled mobile with mero mobile sim card

This is not a post about how to enable internet in mero mobile.You go look here for that.This post is about sharing some knowledge about mero mobile internet.

Mero mobile is private mobile service provider in Nepal.It's network is considered good quality wise but a bit expensive then the government mobile service provider Nepal telecom.Ok lets get started now

Did you know that you can still be surfing the wap sites even if you have few paisa in your account as long as your account is not suspended? Is it something mero mobile people don't know or is it something they cannot control i don't know and i don't want to know as long as it serves me well.

It seems that anything less than 5kb opens.If it exceeds 5kb while you don't have money transfer of data stops with some messege.Mig33 messenger works well in these condition very well with some occassional connection error messages.Chat sessions continue smoothly.This messenger supports msn/yahoo/google and you can send email from it too.

This also means free sms to mero mobile.As you can send sms in the form of email in mero mobile network.How do you do it? Well you send email to +977980#######@sms.spicenepal.com which your friend or whoever you wish get as a sms.Just replace the # with the intended numbers.

Also get yourself a opera mini browser.Disable the pictures to minimize the data transfer many of the site can be opened from there.

Downloads can not go ahead with out the money though so i would suggest a 50 rupees recharge to down these stuffs first.

Sujin & shyam.com.np are same get rid of it here


Some goon changed a line or two of a virusremoval.vbs script the infamous suijn script and made this a new one shyam.com.np. It had been on the circulation from probably few months though i was not aware of it.

Following are the changed lines in the script by this goon.

'Program developed by
'Shyam Uprety
'http://shyam. com.np
'shyamuprety@gmail.com

Shells.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Main\StartPage","http://shyam.com.np/"


Good news is my antisujin tool seeks and destroys this shyam.com.np thing.No more resource hijacking.Get rid of this browser hijack. Password is back2mangalman

Your home page will be changed to my blog which is totally reversible from Internet Explorer's properties.Some people might complain i do this but i had to put something other than sujin.com.np or in this case shyam.com.np. Would you be happy if i place google.com or yahoo or msn there? But i think that these are empires why should i be promoting internet empires?

Instead i choose to promote my individual no value blog. Love me or hate me just trying to help.I don't earn big buck from my blog.

And i would like to thank kingshuk for the comment here. For it made me investigate the problem.

Update:Even safyway.blogspot.com is the same thing get it removed from here.

How to change the Internet explorer's title bar text


I have been asked this question several times so a post had to be pushed for this. I must warn you people that editing registry has some risk involved so be sure about what you are doing before middling with the registry stuff.

Click start menu then run now type regedit and hit enter.
Navigate to this place

HKEY_CURRENT_USER -->Software -->Microsoft -->Internet Explorer -->Main

Look at right pane for "Window Title".Right click it and then click "modify"
This will present you with a box.You can enter what ever you want there and hit ok. This would change your Internet Explorers windows title to what ever you just typed in.

or alternatively you can press Ctrl+F once the registry Editor opens and type "Windows Title" without quote and then right click and modify it.




In case you are not able to open Registry Editor and you end up with the
message which says "Registry editing has been disabled by your administrator"
then either you have logged on from an account which does not have administrative privilege or your computer has some form of malware running.

Third possibliity would be that your computer might have had contracted a malware and cleaned but the changed brought by the malware persists.

Remove Kinza isetup virus from your computer.


Because i have been encountering a lots of computers with this virus these days i am compelled to write about it.I beg for your pardon for this one is not as organized as i would have liked it to be.

If you notice change in your pendrive or flash cards icon from the normal one to the one that resembles the "explorer.exe" or the "My computer" then you are infected with the virus. Ok lets get started.

It is a good idea to clean up temp files and turn off system restore for a while. I use ccleaner

If you have the virus running you won't be able to use task manager so i would recommend a download called process explorer and autoruns .Both are safe apps from sysinternals now accquired by microsoft.Just google search for it here on the box.

Extract it from zip file and double click "procexp.exe" .Now we will kill some processes.
Look for "wscript.exe" and right click then click kill process tree.kill any of these processes below if they are running just like you killed wscript.exe.

wproxp.exe
isetup.exe imapd.exe
dxdlg.exe
kinza.exe
imapdb.exe
imapdc.exe
scvvhsot.exe
blastclnnn.exe

be sure that any of these processes above are not running before proceding any further.

Now unhide the files in your computer by clicking tools->folder options->view->show hidden files and folders

Also uncheck Hide extentions from for known file types and Hide protected operating system files(Recommended) click yes when warning prompt shows up.
If you are unable to get hold of folder option then copy these lines of reg keys below to a notepad and save it as regfix.bat

reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /f /d "%windir%\system32\userinit.exe",
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /f /d "explorer.exe"
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /t Reg_dword /v NoFolderOptions /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisbleRegistryTools /f /d 0
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableTaskMgr /f /d 0

and then double click it. Now we delete the files. Click start menu->run and type system32 look for autorun.ini if exists delete it.from system32 folder.now delete these files from system32 folder

boot.vbs
wproxp.exe
isetup.exe
imapd.exe
ActMon.ini
dxdlg.exe
imapde.dll
imapdd.dll
imapdc.dll
imapdb.exe
imapd.exe
imapdb.dll
imapdb.exe
blastclnnn.exe

check if any of these files exist in the %SYSTEMROOT%\ that is windows folder also and delete if any.

Also go to %SYSTEMROOT%\system32\drivers\etc or C:\WINDOWS\system32\drivers\etc delete hints.exe or any other exe files that exist there.

Now click start menu->run and enter the other drive letters like
d:
this way we can avoid the autorun to do the damage.
Double clicking would nullify all the thing we have done till now and u will have to do it from start.
Look for and delete autorun.inf and/or kinza.exe and/or isetup.exe and/or explorer.exe
Repeat the same thing in all the partitioned drives.Like c:,e:,f: if you have.
Clean your pen drive or flash card the same way.

You can disable the autorun by copying the following lines on to notepad saving it as auto.reg and double clicking it.

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]@="@SYS:DoesNotExist"

Autorun was meant to simpify things for a user but it has turned out to be one of the biggest security blunders in microsoft os so disabling this feature is a sensible thing to do.

This should solve your problem if not write to me i will try to help.

 
You can remove Kinza/isetup virus with it

Bird flu virus knocking on the door


Don't mix it with the usual computer virus this one affects your dinner plate.This time the virus is too close to ignore. It has reached to the villages of India which are near the boarder areas of Nepal. So Nepal government has declared Inaruwa ,Biratnagar of Morang district which coincidently happens to be home town of Current Prime minister of Nepal Girija Prashad Koirala as high risk areas.I wonder why all Disasters enters via morang.First Girija now this bird flu. Oh chicken roast!!!!. Now it is just a matter of time.Do you know the weird correlation between Girija being Primier and Flood engulfing tarai.Well statistics shows that on years when he is at the top nepal suffers from flood.Terai gets flooded every year sure it does but the problem gets worse when this guy is at the top.

No matter how vigilant a government can be you can't do much as the entity has superhuman powers i mean it can fly or at least hitch hike on some wild duck. Why is h5n1 thing so important one might think? This is because it has the potential to spill disaster on human kind. With high mortality rate and no working cure it has the capability of becoming next Pandora's Box. Stockpiling on Tami flu and crossing your fingers hoping it won't mutate are some of the solutions. Nepal being a poor country can only afford the latter.

It is not yet time to panic though. Yes the poultry sector would be affected if it enters as government will surely cull the infected ones and the non infected ones too. May the souls of those culled rest in peace.

I have some serious problem with the logic. I have problem with the logic as a whole. If you follow this logic strictly i mean very strictly those humans who are infected should also be culled!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!. But this does not happen in the world the world is full of contradicting logics.There is no such thing as logic it is what you want.
The biggest myth about logic is that logic exists and it legitimizes your action.
Smelling some peta? Me too.
Powered by Blogger.