Skip navigation

Category Archives: Technical

Usually we access different networks in our Local Network in the office. Not only local networks, but even web sites and programs that stores our login credentials. For the easy access sake, we usually select the “Save Password” thing so we can access to that network easily the next time we visited it without prompting to enter another username and password.

But what if you have the need to clear these kinds of things, lets say, if there is some changes on the access level that needs to change your restriction. How can we reset it to prompt its Username/Password window again? It’s easy! Just do this step below and you’ll be entering the new username and password in no time.

  • Click START
  • Go to RUN
  • Copy and paste this text in the textbox without the parenthesis (rundll32.exe keymgr.dll, KRShowKeyMgr)
  • Click Ok

You should already saw this picture below. Click on the address that you wanted to edit or delete. Or you can manually add another logon credentials in this window. Goodluck! 🙂

Username and password

Username and password

 

Advertisements

It came up to my attention that my hard disk is nearly out of space so i need to check up my unused files and delete it permanently so i can save some space. Then after setting my folder options to see all things that are hidden, I have found out that there is a file named “hiberfil.sys” in my C: drive that took up 2gb of my hard disk space. Until i researched, what does “hiberfil.sys” do?

Hiberfil.sys “is the support file for the hibernation feature in Windows. When your system goes into hibernation, Windows writes a complete copy of RAM to the file hiberfil.sys.” – http://ask-leo.com

So basically, you will be needing this file if you are fond of using the hibernation feature of Windows. In my case, im not… so, here’s what i’ve did.

cmd

Accessing the command prompt as admin

* Click Start;
* now find your command prompt (cmd.exe) on your list of programs;
* and you must run it as the administrator. (In my case, i was the administrator, BUT still as a USER on my system) so i need to right click the cmd.exe and select Run as administrator;
* (or if you are the admin, you could just type the cmd in the RUN)

* while you are on the cmd prompt window, just type in “powercfg.exe -h off” (without the quotes) and click enter.
* the effect cannot be seen until you restart your system. After you have restarted, the hiberfil.sys will be gone and olah! free spaces for your drive c!

If you are wondering where the hiberfil.sys is located, there is another system file that is as BIG as much as hiberfil.sys right? It is the pagefile.sys..

Well to describe what is a pagefile.sys is, taken from Ask-leo.com – “Pagefile.sys is the Windows paging file, also known as the file that Windows uses as Virtual Memory. Virtual Memory is simply disk space that Windows uses when it runs out of physical memory or RAM.”

It means that if your PC has no virtual memory, PC applications that requires more memory than your actual memory have installed, they will just crash and fail.. Well, I don’t have any complaints on what virtual memory does to my system since it HELPS.. so i will leave this at ease. (Don’t wanna crash my pc applications just not having a virtual memory..)  🙂

Using Group Policy Editor – for Windows XP Professional

* Click Start, Run, type gpedit.msc and click OK.

* The Navigate to this location:

Click on:

> User Configuration

> Administrative Templates

> System

> Ctrl+Alt+Delete Options

> Remove Task Manager

* Then double click the Remove Task Manager in the choices, and select the option (ENABLE)

* Click Ok. Now Try Right Clicking in the Windows Taskbar and see if the ‘Task Manager’ is grayed. If it is grayed and not clickable then good job. 🙂

Have you experience using a computer then suddenly a blue screen appears with various texts, including a sentence that says physical dumping of memory.. and such? This error only appears at computers running in a Windows environment. Tech people usually call this the “BLUE SCREEN OF DEATH” because when the error occurs, the display will turn blue, the PC will freeze and will require rebooting. Making you lose any unsaved work. Your PC could be suffering from RAM problems or registry errors.

 

Prescription:

–          For the employees who are working in a company, call your IT support. They work great on these. 🙂

–          Run a full scan to check for any conflicts in your PC. Corruption of your registry is a possible reason.

–          Regular defragging and reformatting can also help in preventing this from occurring.

–          You might want to try to use a tool called ‘registry cleaner’ to go through your system and fix all the problems that are in there.

–          For individuals at home, before taking you computer to the computer technician, take note of the texts on the screen and browse the Net for other possible solutions.

– Open the Registry by typing regedit in the RUN
– Then search/go to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer
– Locate the registry entry “DisableMSI” (dword)
– You can create(if there is no entry) or modify(if “disablemsi” exist) dword called “DisableMSI”

1
2
– Set the value to; 0 (all enable installation); 1 (default-admin only-enable installation); 2 (disable installation)
-Set to Hexadecimal and click Ok.
– Restart Windows.


Recently my laptop has received numerous threats of virus coming from our office network called WIN32Conficker.A worm and some of its aliases is given below;

Win32/Conficker.A (Microsoft), Crypt.AVL (AVG), Mal/Conficker-A (Sophos), Trojan.Win32.Pakes.lxf (F-Secure), Trojan.Win32.Pakes.lxf (Kaspersky), W32.Downadup (Symantec), Worm:Win32/Conficker.B (Microsoft), WORM_DOWNAD.A (Trend Micro)

I was shocked and worriedly thinking, “has my laptop has been infected?” I rushly looked for any solutions in the net about the said virus and some solutions. I’ve carefully red in the section of mcafee antivirus about the virus characteristics and how dangerous it is:

Quoted from Mcafee:

Virus Characteristics
When executed, the worm copies itself using a random name to the %Sysdir% folder.
(Where %Sysdir% is the Windows system folder; e.g. C:\Windows\System32)
It modifies the following registry key to create a randomly-named service on the affected syetem:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{random}\Parameters\”ServiceDll” = “Path to worm”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{random}\”ImagePath” = %SystemRoot%\system32\svchost.exe -k netsvcs

Attempts to download a malware file from the remote website: (Rogue Russian site is up but not serving file anymore)
hxxp://trafficconverter.biz/[Removed]antispyware/[Removed].exe

Starts a HTTP server on a random port on the infected machine to host a copy of the worm.
Continuously scans the subnet of the infected host for vulnerable machines and executes the exploit. If the exploit is successful, the remote computer will then connect back to the http server and download a copy of the worm.
Analyzed malware does not have autorun or email capabilities.

Indications of Infection
This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.

Method of Infection
This worm exploits the MS08-067 Microsoft Windows Server Service vulnerability in order to propagate.

Machines should be patched and rebooted to protect against this worm re-infecting the system after cleaning.
Upon detection of this worm the system should be rebooted to clean memory correctly.
source taken: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=153464

Quoted from Microsoft:
“[The worm] opens a random port between port 1024 and 10000 and acts like a web server. It propagates to random computers on the network by exploiting MS08-067. Once the remote computer is exploited, that computer will download a copy of the worm via HTTP using the random port opened by the worm. The worm often uses a .JPG extension when copied over and then it is saved to the local system folder as a random named dll.”

And hopefully, i found some fixes and solutions that can help us.

1. F-Secure Solution:

Removal tool specific to remove this conficker/Downadup worm, Download here = ftp://ftp.f-secure.com/anti-virus/tools/DownadupRemovalTool.zip

2. Mcafee provided solution:

– Users infected by W32/Conficker.worm should perform an On Demand Scan to remove remnants of the worm in memory using the latest DATs(Mcafee Site).
– Upon detection of W32/Conficker!mem and REBOOT, the W32/Conficker.worm malware components will be removed.

3. Trend Micro Solution:

Before deploying the sysclean package, you need to apply Microsoft MS08-067 Critical System Patch first.

Please do the following:1. Download and extract the sysclean package.

2. Download the latest Controlled Pattern File (CPR).

3. Download the latest Detection and Cleanup (Trend Micro Anti-Spyware) or the Ssapiptn.Da5 file.

4.Using GPO or any third party deployment tool (i.e. SMS or BigFix), copy items 1-3 to the infected computer.

5. Execute sysclean.com/FULLSILENT.

6. Reboot the infected computer.

Beyond of all solutions that has been provided, to ensure that you willl not be attacked by this virus again, make sure your Windows System is always updated (especially the Windows MS08-067 patch from October), also your Antivirus/Firewall Security.

Antivirus found a “INF/Autorun.gen trojan” on any hard drives. Trojans still coming back whenever you cleaned it with antivirus because some major parts are still being left.

Here’s how to solve it.

1. Open the drive that detects a virus.
2. Click Tools in the windows menu
3. Select Folder Option

folder option

4. In the view tab select, “Hidden files and folders”
5. Select the option “Show hidden files and folders”
6. Uncheck the “Hide protected operating system files(Recommended)”
7. Click Apply

In the drive you should see all hidden files. If you can see a hidden “Autorun.inf” and some “XXXX.exe” (XXXX = any file name).

Delete it.

And your done, Tell me if it solve your problem.  🙂

1. The default speed of the Start Menu is pretty slow, but you can fix that by editing a Registry Key. Fire up the Registry Editor and navigate to the following key: HKEY_CURRENT_USER \ Control Panel \ Desktop \ MenuShowDelay By default, the value is 400. Change this to a smaller value, such as 0, to speed it up.

2. If your confounded by the slow speed of the Start Menu, even after using the tip above, then you might try the following: Navigate to Display Properties then Appearance then Advanced and turn off the option titled Show menu shadow . You will get much better overall performance.

1. Click the Start button, click Search.
2. In the Search Window, click All file types.
3. Then type *.scr in the search input
4. Check Local Hard Drives. ( Drive C or the drive where you have system files stored on your computer)
5. Click Search.
6. You will see a list of screensavers in the results. Pick a screensaver you want. You can preview it by double-clicking it.
7. Right click on the file, choose Send To, and then click Desktop (create shortcut).
8. To activate the screensaver, double-click the icon on your desktop

Would you like to change the Registered Owner of your operating system? Here’s the Trick.

1. Start Regedit
2. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
3. From there you can edit the name in the Registered Owner key