Custom Search

Search My Download Corner

Friday, June 27, 2008

file _System_1021_services.exe

updates 10th July 2008: Remove The file system\1021\services.exe with Security Task Manager & follow step 8 below to complete the process.


The file system\1021\services.exe is labeled under W32/Dzan-C
W32/Dzan-C is a virus for the Windows platform that also spreads via removable storage devices.

W32/Dzan-C runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer.

The file \1021\services.exe is registered as a new system driver service named "services", with a display name of "Themes Plug and Play" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\services

Here is how you get rid of it from your system:
1) Right Click My Computer and select Explore
2) Click Tools>Folder Options>View> Check "Show hidden files & folders"
3) Click "Apply to all folders"
4) Go to C:\WINDOWS\system32
5) Delete folder 1021. You will not be able to delete it. Open the folder & you will see the services.exe
6) Install Unlocker & right click the io21 folder to delete it. To the bottom left drop down box select delete. To the bottom right tab select & click "Unlock All"
7) Get Sysinternal "AutoRuns" Run it. . Configure in Autoruns toolbar\Options to check all 3 boxes. Then click File>Refresh. This will coloured all safe results which does not require attentions. Click 1021\services.exe to highlight and delete it.
8)Type regedit in Start>Run box & click ok
(File>Export for back up. Restore in event of errors)
9)In the Registry Editor, Click Edit> Find & type 1021>click find next.
Delete each & every registry entry located by the line indicating the word "Image path" follow by 1021.

(Not all result has the exact four numerical 1021 e.g. 102152678 (in which case skip to find next)
Point mouse to 1st column & 2nd column separator and drag right to view full description as to fgollowing image:Delete as illustrated in image below.

Continue to click Edit>Find Next after each find until the end.

Reboot Windows

Read More...... View blog reactions

Google Web Accelerator with Firefox 3 Working

Fasterfox_Firefox does not works with Firefox 3

But you can turbo your surfing with Firefox 3 browser with Google Web Accelerator though the current version is not yet compatible with Firefox 3.

Google Web Accelerator is...
• Designed for Broadband – Web pages load even more quickly on DSL and cable connections.

There is this common bug however,
Error Message "we're sorry, this video is no longer available". in YouTube

community Help Forums in YouTube & Ask Metafilter


Google web accelerator was causing this problem for me Disabling software such as Google Web Accelerator which might be causing this issue. Also known to cause intermediate cut off with certain wifi connection.




Open the Firefox Options (Tools > Options >Advanced> Network > Settings), and tick the box that says "Automatic Proxy Configuration URL."

In the box, enter this: http://localhost:9100/proxy.pac

Restart Firefox, and experience the speedier access to websites.

However it doesn't enable the little time savings counter. At Firefox 3 toolbar, Tools/Adds-ons, though the Google Web Accelerator extension shows "Not Compatible With Firefox 3" but it works nevertheless.

Read More...... View blog reactions

Thursday, June 26, 2008

Tinyurl & Box.net block by ZoneAlarm Security Suite

http://tinyurl.com/ & http://www.box.net/ site are blocked by ZoneAlarm Security Suites as spyware site. Both of these sites are nevertheless safe.

1) With TinyURL, you can make a smaller URL that will work for any page on your site. Let's say that you have a website with the homepage that is at:

http://www.my-internet-isp.com/~myusername

Entering that URL into TinyURL will create a URL like

http://tinyurl.com/3


2) Box.net is the most secure, easy to use solution for managing and sharing files online

This site utilize both sites as mentioned above. To access these sites & to enable download do the following:-

Restore ZoneAlarm Security Suite Control Centre at system tray.
Click Anti-Virus/Anti-Spyware
Go to Spy Site Blocking column
Click Access box to select Allow for www.box.net & tinyurl.com

Read More...... View blog reactions

Wednesday, June 4, 2008

Data Execution Prevention & Boot.ini File

Microsoft introduced Data Execution Prevention (DEP) In Windows XP Service Pack 2 (SP2). Data Execution Prevention (DEP) is a security feature included in modern Microsoft Windows operating systems that is intended to prevent an application or service from executing code from a non-executable memory region.

Since late 2004 as with Hardware-enforced DEP, Intel has added NX ("No Execute") functionality to all desktop processors and mobile products. Prior to that, the only x86 processors that support No-Execute functionality are the AMD 32/64-bit Opteron and Athlon-64 & the Intel Itanium family of 64-bit processors (IA-64 architecture) support DEP.

In Software-enforced DEP Windows XP SP2 uses software-based DEP which monitors your programs to determine whether they use system memory safely.

DEP is occasionally the cause of software problems. DEP compatibility issues can occur for both programs and drivers




Disable Data Execution Prevention in XP SP2

Easy way: Edit your boot.ini (a hidden file in C:\ ). Add /EXECUTE to the end of "Windows XP" -line. That disables the D.E.P.
For example,
multi(0)disk(0)rdisk(1)partition(3)\WINDOWS="Micro soft Windows XP Professional" /execute

Restart the computer to apply

To verify the status of DEP:
1. Right-click My Computer, and then click Properties.
-or-
Click Start, click Run, type sysdm.cpl, and then click OK.
2. On the Advanced tab, click Settings under Perfomance.
3. Click Data Execution Prevention, if the turn on buttons option is blurred out, DEP is successfully disable.







Alternate way to Disable Data Execution Prevention in XP SP2

Softwares & Drivers refused to be properly installed
One could just disable the DEP to get it to work. Boot your machine in safe mode and open up a command prompt window and enter the following as it appears:
Code:

bootcfg /raw “/noexecute=alwaysoff /fastdetect” /id 1

Although, if you have a dual or multi-boot system then you will need to edit the 'boot.ini' file manually by changing the '/noexecute' policy to 'alwaysoff'.

This could be caused by hardware on the computer and the reason why one isn't getting the failure message on any other machine.






Editing the Boot.ini file in Windows XP:
To view and edit the Boot.ini file:
1. Right-click My Computer, and then click Properties.
-or-
Click Start, click Run, type sysdm.cpl, and then click OK.
2. On the Advanced tab, click Settings under Startup and Recovery.
3. Under System Startup, click Edit.

Using the command line utility, Bootcfg.exe.
Note The Bootcfg.exe utility is only available in Windows XP Professional. This utility is not available in Microsoft Windows XP Home Edition. Therefore, this section does not apply to Windows XP Home Edition.
1. Click Start, and then click Run.
2. In the Open text box, type cmd.
3. At the command prompt, type bootcfg /?
4. The help and parameters for BOOTCFG.exe will display.

The Boot.ini file switches are as follows:

* /noexecute=option - There are four options to this switch:
o OptIn - Default setting. Only Windows system binaries are monitored by DEP.
o OptOut - Enables DEP for all processes. Users can create a list of applications which are not monitored by DEP using the DEP configuration options listed in the System Control Panel applet.
o AlwaysOn - Enables DEP for all processes. DEP is always applied, and exceptions lists are ignored and not available for users to apply.
o AlwaysOff - This disables DEP
* /execute - This disables DEP.

When the Boot.ini file is set to either /noexecute=AlwaysOff or /execute, Physical Address Extension (PAE) mode is not invoked.

Likewise, on a processor that does not support hardware no-execute page-protection, PAE mode is not invoked.

Note: Microsoft recommends that you not disable DEP globally.This would put the computer in a less secure state. (We disable DEP permanently for compatibility but advise to install anti virus, spyware, firewall software for security. Look under label Protection in this Blog for recommendation.)







Repairing or Replacing Boot.ini in Windows XP
#

Enter Windows XP Recovery Console. The Recovery Console is an advanced diagnostic mode of Windows XP with special tools that will allow you to restore the boot.ini file.
#

When you reach the command prompt (detailed in Step 6 in the link above), type the following command and then press Enter.

bootcfg /rebuild

#

The bootcfg utility will scan your hard drives for any Windows XP installations and then display the results. Follow the remaining steps to add your Windows XP installation to the boot.ini file.
#

The first prompt asks Add installation to boot list? (Yes/No/All).

Type Y in response to this question and press Enter.

#

The next prompt asks you to Enter Load Identifier:.

This is the name of the operating system. For example, type Windows XP Professional or Windows XP Home Edition and press Enter.
#

The final prompt asks you to Enter OS Load options:.

Type /Fastdetect here and press Enter.
#

Take out the Windows XP CD, type exit and then press Enter to restart your PC.

Assuming that a missing or corrupt boot.ini file was your only issue, Windows XP should now start normally.







Turn Off Data Execution Prevention in Windows Vista

Click on the Start menu and in the search box, type "CMD". Right-click on the CMD shortcut that appears and select Run as administrator.

Then type the following:
bcdedit.exe /set {current} nx AlwaysOff

It should say that everything is ok.
Restart the computer to apply.

To turn it back on again, type the following

bcdedit.exe /set {current} nx AlwaysOn

If this does not work take out {current} and it should work.
Restart the computer to apply.

To Verify the Status of DEP -
A) In the command prompt, type wmic OS Get DataExecutionPrevention_SupportPolicy and press Enter.
B) You will get a number that will tell you the status of DEP.
C) Close command prompt when done.
NOTE: 2 is the default setting.
0 = AlwaysOff - DEP is disabled for all processes. (Step 6 above)
1 = AlwaysOn - DEP is enabled for all processes.
2 = OptIn - DEP is enabled for only Windows system components and services have DEP applied. Default setting. (Step 5 above)
3 = OptOut - DEP is enabled for all processes. Administrators can manually create a list of specific applications which do not have DEP applied. (How to Turn DEP On or Off for a Program)

To Enable or Disable DEP for IE7


NOTE: This will be for the 32 bit version of IE7. This is enabled by default in the 64 bit IE7. DEP is disabled by default in the 32 bit IE7.
WARNING: Some Active X add-ons may not work with DEP on. It can cause them to crash and prevent the startup of IE7 by DEP closing it.

1. Open the Start Menu.
2. Click on All Programs and right click on Internet Explorer, then click Run as administrator.
NOTE: If you cannot get IE7 to open using step 2, then click on All Programs and Accessories. Next, right click on Internet Explorer (No Add-ons) and click Run as administrator instead.
WARNING: If you do not use Run as administrator, the Enable memory protection to help mitigate online attacks option will be grayed out in steps 5 and 6 below.

3. In IE7, click on Tools -> Internet Options.
4. Click on the Advanced tab. (See screenshot below)

5. To Enable DEP for the 32 bit IE7 -
A) Under Security, check Enable memory protection to help
mitigate online attacks.

6. To Disable DEP for the 32 bit IE7 -
A) Under Security, uncheck Enable memory protection to help
mitigate online attacks.

7. Click OK to apply.

How to Fix a Crashing Internet Explorer in Vista

Read More...... View blog reactions