Wedding bells for Lola Aggie

June 24, 2008

Congratulations Lola Aggie! A toast to love, kids, and a journey full of happiness.

Sa wakas… 🙂

Advertisements

bar311.exe

June 22, 2008

A pretty annoying malware.

I share this laptop with my siblings. Of course we all do not have the same consciousness with regards to malwares, virus, etc. TO my surprise, after my brother used my laptop, i wasn’t able to use the Windows XP’s command prompt again… or at least the cmd.exe prompt. Whenever I would open a command prompt box, a shutdown window will appear, then my laptop will shutdown. It reminds me of an old worm. Running notepad was ok though. So I checked out of my theory was right.

I fired up noted, typed in shutdown -a, then saved the file as test.bat. Sure enough, after double-clicking the .bat file, the shutdown message will appear. But because of the shutdown -a command in the batch file, it will abort the shutdown process.

Checking the Task Manager, i could see a bar311.exe as one of the running processes, an immediate trail of the annoying malware.

Next thing was to check for hidden files. The folder options must be something like this:

image

But I saw mine as:

image

When I change the settings, it always reverts back to that setting. Something is really fishy.

I had to do something.

I started by killing the bar311.exe process using the Task Bar.

Then enable the Folder Options settings using Regedit

[HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Explorer\Advanced]
“Hidden”=dword:00000001
“HideFileExt”=dword:00000000
“ShowSuperHidden”=dword:00000001

Still using Regedit, search for all traces of the string bar311.exe.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“Userinit”=”userinit.exe,bar311.exe” —> remove “, bar311.exe”

Looking at the registry key

[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]

reveals an interesting find. pc-off.bat. Must be the source of the shutdown command.

[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
“autorun”=”c:\Windows\pc-off.bat”

remove “c:\Windows\pc-off.bat” or delete the autorun key.

Must also be where bar311.exe is located. Need to create another batch file.

Opening notepad, type the following:

@echo off
del /a /f c:\windows\bar311.exe
del /a /f c:\windows\pc-off.bat
pause

save the file as remover.bat on the desktop then double-click on its icon to run.

Reboot.

Whew!


Proof of Identity

June 19, 2008

Yehey!!! May office ID na ulit ako. After so many months!