Software Fix

Archived Posts from this Category

August 7, 2008

Updates downloaded but not installed?

Posted by NINJA20 under Software Fix | Tags: , , , |
1 Comment 

Have you faced a problem where you’ve downloaded the Microsoft Updates file(s) but unable to install them? It kept saying “Unable to install blablabla”. I know this must be very annoying especially after recovering from a virus attack. Here I will show you one of the best solution that I’ve found and have solved LOTS of similar error. It is to re-register all your Windows Update DLL files (do it in command prompt):

regsvr32.exe %system%\wuweb.dll
regsvr32.exe %system%\wups2.dll
regsvr32.exe %system%\wups.dll
regsvr32.exe %system%\wucltui.dll
regsvr32.exe %system%\wuaueng1.dll
regsvr32.exe %system%\wuaueng.dll
regsvr32.exe %system%\wuapi.dll

*** If you are using XP/Vista, your %system% would be C:\Windows\System32. If you are using 2000/NT based system, your %system% would be C:\WinNT\System32. (considering that your OS is installed under C Drive)

Then restart your Automatic Update service under Administration Tools or restart your computer.

Walla, it’s done! :)

 

July 11, 2008

Windows Product Key Recovery

Posted by NINJA20 under Software Fix, Tools | Tags: , , , |
Leave a Comment 

Sometimes we face a problem whereby we need to format a PC but found out that the product key of that PC is missing or can’t be read. So, how to get it back? There are many programs available for extracting the product key from a Windows XP or Vista installation. The only problem is that they generally require the computer to be functional to run. Here, I will show you how you can retrieve the product key with just the ntuser.dat file from the machine.

1. Get the ntuser.dat file from the computer. Location:

  • Windows XP – C:\Documents and Settings\(Username)\ntuser.dat
  • Windows Vista – C:\Users\(Username)\ntuser.dat

*** Where (Username) is the primary account name.

2. Now, you need to be able to view the ntuser.dat file. Try using loadhive.exe. Just run the program and select the ntuser.dat file that you’ve just got.

3. Run regedit. Under HKEY_LOCAL_MACHINE you will notice a new sub-key called NTUSER. Starting with NTUSER go to Software > Microsoft > Windows NT > Current Version. In the right window, double-click on DigitalProductID. This is the entry that contains the encoded product key.

4. We want the information in bytes 52 to 66. You can use the chart below for reference. We need the 15 sets of numbers where the 1’s are located.

5. Now that you have the 15 byte encrypted code, you need a decrypter tool to decode those:

6. Walla! You should get your 25 digit Windows product key! Good Luck :)

Source: DagonDesign

 

July 2, 2008

Antivirus 2009

Posted by NINJA20 under Software Fix | Tags: , |
Leave a Comment 

Antivirus 2009 is a vicious rogue anti-spyware program known to be a clone of Antivirus 2008. There’s several ways to remove this anti-spyware program but before you start, please backup your computer in case you make a mistake.

Method 1

1. Download and save SmitFraudFix to your desktop.
2. Restart your computer in Safe Mode and then run the SmitFraudFix.exe.
3. Select Option 2, which is ‘Clean (Safe Mode recommended)‘, then Enter.
4. When the cleanup process is finish, it will automatically run Disk Cleanup.
5. Once Disk Cleanup is done, you will be prompted with the message “Registry cleaning – Do you want to clean the registry“. Answer “Yes” and hit “Enter
6. SmitFraudFix will then check if wininet.dll is infected. If the message “Replace infected file?” appear, answer by typing “Y” (Yes) and hit Enter.
7. Restart your computer in Safe Mode again and delete whole contents of:
i) C:\Windows\Temp
ii) C:\Documents and Settings\[LISTED USER]\Local Settings\Temp
DONE!!!

Method 2

Download and run Malwarebytes’ Anti-Malware

 

January 16, 2008

Hakaglan @ RVhost.exe

Posted by NINJA20 under Software Fix | Tags: , , |
[2] Comments 

Yesterday, my whole office was infected with a worm called Hakaglan. Someone in the office accidently “install” the worm and the worm planted every variant to each PC on the Network. There’s a total of 15 PC/Laptops in the office with only 1 person to get rid of it. Its just such a mess. Eventho, the worm is not very dangerous and have been discovered 1 year ago, it still creates a mess out of it. I’ve also discovered that the Free AVG Home Anti-virus and several other free anti-viruses software is unable to detect or clean this worm. The only free anti-virus that can detect & clean this worm is Avast Home Edition. Below are the infos on the worm and methods to clean it:

Risk Level 1: Very Low
Discovered: December 12, 2006
Updated: December 13, 2006 3:26:10 AM
Also Known As: IM-Worm.Win32.Sohanad.t [Kaspersky], W32/Sohana-R [Sophos]
Type: Worm
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP.
W32.Yautoit.N is a worm that spreads through Yahoo! Instant Messenger.

Worm Info:

It downloads a file from the internet and name it as RVHOST.exe in your System folder. It also creates a file, new folder.exe, on every shared folders.

Removal Methods:

1. Delete the At1.job or Ar2.job under your Scheduled Tasks.

2.Update your anti-virus virus definition and run a full system scan.

3. Navigate and delete the following registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”Shell” = “Explorer.exe ” RVHOST.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”Yahoo Messengger” = “%System%\RVHOST.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares\”shared” = “[SHARED DRIVE]\New Folder.exe”

4. Navigate and restore the following registry to it’s original value, if required:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\”DisableTaskMgr” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\”DisableRegistryTools” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NofolderOptions” = “1″
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\”AtTaskMaxHours” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\”Run” = “BkavFw”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\”Run” = “IEProtection”

Source from: Symantec

 

January 16, 2008

Registry Editing has been disabled

Posted by NINJA20 under Software Fix | Tags: , , |
Leave a Comment 

Regedit-Disabled

Your registry editor (“regedit”) has been disabled by someone/trojan/virus? Here’s 2 solutions to it:

1. From Group Policy Editor:

  • Goto Run -> gpedit.msc
  • In the left menu, goto User Config ->Administrative Templated -> System
  • Now in the right pane, select “Prevent access to registry editing tools“. It will probably be not configured or enabled. If it’s enabled, disable it and if it’s not configured, first enable it, apply settings and then disable it. Most probably the settings have been applied instantly. If not, then run gpupdate in command prompt to apply the group policies.

2. From the Run menu:

  • Goto Start -> Run, copy and paste the following command and press OK:

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

Source from: http://TechnoDigits.wordpress.com

 

Next Page »