Repairing Damaged Winsock2
The symptoms when Winsock2 is damaged show when you try to release and renew the IP address using IPCONFIG...
And you get the following error message:
An error occurred while renewing interface 'Internet': An operation was attempted on something that is not a socket.
Also Internet Explorer may give the following error message:
The page cannot be displayed Additionally, you may have no IP address or no Automatic Private IP Addressing (APIPA) address, and you may be receiving IP packets but not sending them.
There are two easy ways to determine if Winsock2 is damaged:
From the XP source files, go to the Support / Tools directory
Winsock Test Method 1
Run netdiag /test:winsock
The end should say Winsock test ..... passed
Winsock Test Method 2
Run Msinfo32
Click on the + by Components
Click on the by Network
Click on Protocol
There should be 10 sections if the Winsock2 key is ok
MSAFD Tcpip [TCP/IP]
MSAFD Tcpip [UDP/IP]
RSVP UDP Service Provider
RSVP TCP Service Provider
MSAFD NetBIOS [\Device\NetBT_Tcpip...
MSAFD NetBIOS [\Device\NetBT_Tcpip...
MSAFD NetBIOS [\Device\NetBT_Tcpip...
MSAFD NetBIOS [\Device\NetBT_Tcpip...
MSAFD NetBIOS [\Device\NetBT_Tcpip...
MSAFD NetBIOS [\Device\NetBT_Tcpip...
If the names are anything different from those in this list, then likely Winsock2 is corrupted and needs to be repaired.
If you have any 3rd party software installed, the name MSAFD may be changed.
There should be no fewer than 10 sections.
To repair Winsock2
Run Regedit
Delete the following two registry keys:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2
Restart the computer
Go to Network Connections
Right click and select Properties
Click on the Install button
Select Protocol
Click on the Add button
Click on the Have Disk button
Browse to the \Windows\inf directory
Click on the Open button
Click on the OK button
Highlight Internet Protocol (TCP/IP)
Click on the OK button
Reboot
Jan 27, 2009
Winxp Tips And Tricks, Winsock 2 repair
Jan 17, 2009
Steps to Clean Install XP
If the above instructions for configuring your system to boot from CD
or you have acquired the necessary boot floppy/floppies; you can now
boot the computer and follow the on screen prompts. Have your Product Key
available, typical install is around 30 minutes. If setup seems to hang,
wait at least 10 minutes + before restarting system. You should experience
momentary screen blackouts.
1. Power on the computer. Press the Pause/Break key as soon as you see
text on the screen. [If you currently are running in an OS of any flavor,
insert XP CD and restart computer. Skip to #3 if system is configured
to boot from CD.]
2. Insert XP CD into CD drive. Press ENTER to resume booting from the XP CD.
(BIOS must support booting from CD and boot order must be set so CD
boots before hard drive. If computer does not support booting from CD
go to 2a for floppy install).
2a. Floppy install: Boot from Win98/Me/Special XP install floppy
disk with smartdrv.exe added to the boot disk; or the Win XP set
of 6 floppy disks.
3. Look for message "booting from CD" usually located at the bottom of
the screen. If you have a factory splash screen, press ESC to unload
it.
3a. Floppy install: From the A Prompt; A:\type: smartdrv.exe. then
press ENTER. If you are using the XP boot floppy setup disks skip
to step #5.
4. Press any Key when you see the prompt to "Press Any Key"
4a. Floppy install: CD to the location of the CD-ROM drive with the
XP setup files; CD to the i386 folder where you will type: winnt.exe
to start setup.
5. Setup will start copying files, if you need to install any third
- party or RAID drivers press F6 at this time. the copying of files
can take awhile.
6. Next you will get the option to repair or enter setup, choose to
enter setup. Press ENTER. To see images full size, place mouse cursor
over image and click/double click or press the left button and open.
7. Press F8 if you agree to the license.
8. Setup will scan for previous Windows installations
9. If you are using the upgrade version of XP on a computer without
any version of Windows currently installed, this is where you will
replace the XP CD with your qualifying CD, XP setup will scan the
qualifying CD and instruct you to replace it with the XP CD to continue
XP setup; otherwise, you will not see this screen. Clean install
qualifying media can be any of the following Win NT3.51, 4.0, 2000,
Win 95, 98, Me. 10. Choose the location to install.
10a If this is a clean hard drive, you can choose to create a
partition in the un-partitioned space. At this point, you can allow
Setup to use all the space or set a size for the partition.
10b If the hard drive or partition has a previous installation of
XP you want to remove, choose to delete the partition by pressing
"D". You will then be prompted to create a new partition in the
empty space. This will remove all data from the delete space.
10c If you intend to use multiple partitions, or dual boot, this is
where you specify the size of the boot partition and or setup
location for XP. If you are planning to dual boot XP, I would
create a small 100 meg DOS partition for the first primary partition,
then an 8 to 10 gig partition for XP. You can partition and format
the remaining space after XP is setup from Disk Manager. If you do not
intend to dual boot, you can either use all the un-partitioned space,
or create an 8 to 10 gig partition for XP and leave the rest free to
partition later.
Note: If a fat32 partition larger than 32 gigabyte is desired, the
hard drive or partition will need to be created before running XP
setup. XP will not create a fat 32 partition larger than 32 gig, but
will support one previously created.
11. Choose the file system from this screen. If dual booting and you
created the small 100 meg partition, make it a fat partition. NTFS is
configured at the optimal file size during the initial setup. See this
link for more on NTFS
12. If you have more that one partition or hard drive on your system,
make sure you are formatting the correct partition/drive.
13. Select F to continue.
14. Setup will show a progress box and reboot when copying files is
complete.
15. When you see the "Press any Key to Reboot" do not Press any Key.
If CD boots anyway, remove CD and reboot.
16. From this point, you will follow the on screen prompts.
17. If you live outside the US, you will probably need to modify the
default settings.
18. Personalize your XP Enter your Name and Organization.
19. Enter the Product Key. The Key is located on the back of the CD folder
in the Retail versions, and on a holographic label with the OEM
versions purchased with a piece of hardware. Write this key down and
secure it in a safe place in case the original is misplaced destroyed
through natural causes or stupidity. 8-)
20. Choose a name for the computer, this should be a unique name for
the computer, especially if it is to be connected to a network. In Pro,
you are given the option of creating a password or leaving it blank.
21. Set your Time Zone and Time and Date.
22. Setup will scan for network.
23. If detected you will have the choice to choose a typical
configuration or custom. Choose typical if you are unsure.
24. For home you will choose your workgroup, if a network is already
established and you intend to connect to it, use the existing
workgroup name, otherwise, I suggest using the default.
25. For Pro, the same goes for Pro as suggested for Home, but you will
have the choice to join a Domain, if you do not have a Domain or do
not know leave blank.
26. Setup will continue and reboot when completed ignore the "Press
Any Key".
27. The loading XP window will now display after reboot.
28. You will see a change display settings, say yes, and accept the
setting if you can see the screen after accepting.
29. You will see a welcome screen, press next and unfortunately you
have to wait for the dialog to finish.
30. Set up you internet or network connection.
31. This is the Activate, Register screen. You must activate within
30 days of installing XP, but you do not ever have to register,
Registration is completely optional and if you do not register, no
personal information will be transmitted during activation. If you
register, then activation will transmit that information along with
the activation. The first Activation is usually done over the internet
if the computer is connected to the internet, otherwise, it can be
accomplished by copying the alphanumeric string from the activation
screen and make a phone call to the on screen supplied phone number.
The activation center will then give you a slightly longer number to
input into for activation. I suggest you do not activate immediately
in case you need to make hard ware changes, or install to a different
system within the thirty days, and you will be reminded on boot up
until you do.
Blaster worm warning: Do not immediately activate over the internet
when asked, enable the XP firewall before connecting to the internet.
You can activate after the firewall is enabled.
Control Panel - Network Connections. Right click the connection you
use, Properties, and there is a check box on the Advanced page.
32. Setup users screen. Set at least one user for yourself or the person
that will be using the computer.
33. Thank You
34. Logon to XP and apply Service Pack and Critical updates from Windows
Update before installing any software or hardware.
35. Install your anti-virus software.
36. Install all applications and setup your email.
37. Restore from Files and Settings transfer after reinstalling all
applications.
Jan 16, 2009
Windows XP Tweaks
STARTUP
Windows Prefetcher
******************
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager \ Memory Management \ PrefetchParameters]
Under this key there is a setting called EnablePrefetcher, the default setting of which is 3. Increasing this number to 5 gives the prefetcher system more system resources to prefetch application data for faster load times. Depending on the number of boot processes you run on your computer, you may get benefits from settings up to 9. However, I do not have any substantive research data on settings above 5 so I cannot verify the benefits of a higher setting. This setting also may effect the loading times of your most frequently launched applications. This setting will not take effect until after you reboot your system.
Master File Table Zone Reservation
**********************************
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ FileSystem]
Under this key there is a setting called NtfsMftZoneReservation, the default setting of which is 1. The range of this value is from 1 to 4. The default setting reserves one-eighth of the volume for the MFT. A setting of 2 reserves one-quarter of the volume for the MFT. A setting of 3 for NtfsMftZoneReservation reserves three-eighths of the volume for the MFT and setting it to 4 reserves half of the volume for the MFT. Most users will never exceed one-quarter of the volume. I recommend a setting of 2 for most users. This allows for a "moderate number of files" commensurate with the number of small files included in most computer games and applications. Reboot after applying this tweak.
Optimize Boot Files
*******************
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Dfrg \ BootOptimizeFunction]
Under this key is a text value named Enable. A value of Y for this setting enables the boot files defragmenter. This setting defragments the boot files and may move the boot files to the beginning (fastest) part of the partition, but that last statement is unverified. Reboot after applying this tweak.
Optimizing Startup Programs [msconfig]
**************************************
MSConfig, similar to the application included in Win9x of the same name, allows the user to fine tune the applications that are launched at startup without forcing the user to delve deep into the registry. To disable some of the applications launched, load msconfig.exe from the run command line, and go to the Startup tab. From there, un-ticking the checkbox next to a startup item will stop it from launching. There are a few application that you will never want to disable (ctfmon comes to mind), but for the most part the best settings vary greatly from system to system.
As a good rule of thumb, though, it is unlikely that you will want to disable anything in the Windows directory (unless it's a third-party program that was incorrectly installed into the Windows directory), nor will you want to disable anything directly relating to your system hardware. The only exception to this is when you are dealing with software, which does not give you any added benefits (some OEM dealers load your system up with software you do not need). The nice part of msconfig is that it does not delete any of the settings, it simply disables them, and so you can go back and restart a startup application if you find that you need it. This optimization won't take effect until after a reboot.
Bootvis Application
*******************
The program was designed by Microsoft to enable Windows XP to cold boot in 30 seconds, return from hibernation in 20 seconds, and return from standby in 10 seconds. Bootvis has two extremely useful features. First, it can be used to optimize the boot process on your computer automatically. Second, it can be used to analyze the boot process for specific subsystems that are having difficulty loading. The first process specifically targets the prefetching subsystem, as well as the layout of boot files on the disk. When both of these systems are optimized, it can result in a significant reduction in the time it takes for the computer to boot.
Before attempting to use Bootvis to analyze or optimize the boot performance of your system, make sure that the task scheduler service has been enabled – the program requires the service to run properly. Also, close all open programs as well – using the software requires a reboot.
To use the software to optimize your system startup, first start with a full analysis of a fresh boot. Start Bootvis, go to the Tools menu, and select next boot. Set the Trace Repetition Settings to 2 repetitions, Start at 1, and Reboot automatically. Then set the trace into motion. The system will fully reboot twice, and then reopen bootvis and open the second trace file (should have _2 in the name). Analyze the graphs and make any changes that you think are necessary (this is a great tool for determining which startup programs you want to kill using msconfig). Once you have made your optimizations go to the Trace menu, and select the Optimize System item. This will cause the system to reboot and will then make some changes to the file structure on the hard drive (this includes a defragmentation of boot files and a shifting of their location to the fastest portion of the hard disk, as well as some other optimizations). After this is done, once again run a Trace analysis as above, except change the starting number to 3. Once the system has rebooted both times, compare the charts from the second trace to the charts for the fourth trace to show you the time improvement of the system's boot up.
The standard defragmenter included with Windows XP will not undo the boot optimizations performed by this application.
-----------------------------------
General Performance Tweaks
-----------------------------------
IRQ Priority Tweak
******************
[HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Control \ PriorityControl]
You will need to create a new DWORD: IRQ#Priority (where # is the number of the IRQ you want to prioritize) and give it a setting of 1. This setting gives the requisite IRQ channel priority over the other IRQs on a software level. This can be extremely important for functions and hardware subsystems that need real-time access to other parts of the system. There are several different subsystems that might benefit from this tweak. Generally, I recommend giving either the System CMOS or the video card priority. The System CMOS generally has an IRQ setting of 8, and giving it priority enhances the I/O performance of the system. Giving priority to the video card can increase frame rates and make AGP more effective.
You can give several IRQs priority, but I am not entirely certain how the system interacts when several IRQs are given priority – it may cause random instabilities in the system, although it is more likely that there's a parsing system built into Windows XP to handle such an occurrence. Either way, I would not recommend it.
QoS tweak
*********
QoS (Quality of Service) is a networking subsystem which is supposed to insure that the network runs properly. The problem with the system is that it eats up 20% of the total bandwidth of any networking service on the computer (including your internet connection). If you are running XP Professional, you can disable the bandwidth quota reserved for the system using the Group Policy Editor [gpedit.msc].
You can run the group policy editor from the Run command line. To find the setting, expand "Local Computer Policy" and go to "Administrative Templates" under "Computer Configuration." Then find the "Network" branch and select "QoS Packet Scheduler." In the right hand box, double click on the "Limit Reservable Bandwidth." From within the Settings tab, enable the setting and then go into the "Bandwidth Limit %" and set it to 0%. The reason for this is that if you disable this setting, the computer defaults to 20%. This is true even when you aren't using QoS.
Free Idle Tasks Tweak
*********************
This tweak will free up processing time from any idle processes and allow it to be used by the foreground application. It is useful particularly if you are running a game or other 3D application. Create a new shortcut to "Rundll32.exe advapi32.dll,ProcessIdleTasks" and place it on your desktop. Double-click on it anytime you need all of your processing power, before opening the application.
Windows Indexing Services
Windows Indexing Services creates a searchable database that makes system searches for words and files progress much faster – however, it takes an enormous amount of hard drive space as well as a significant amount of extra CPU cycles to maintain the system. Most users will want to disable this service to release the resources for use by the system. To turn off indexing, open My Computer and right click on the drive on which you wish to disable the Indexing Service. Enter the drive's properties and under the general tab, untick the box for "Allow the Indexing Service to index this disk for fast file searching."
Priority Tweak
**************
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ PriorityControl]
This setting effectively runs each instance of an application in its own process for significantly faster application performance and greater stability. This is extremely useful for users with stability problems, as it can isolate specific instances of a program so as not to bring down the entire application. And, it is particularly useful for users of Internet Explorer, for if a rogue web page crashes your browser window, it does not bring the other browser windows down with it. It has a similar effect on any software package where multiple instances might be running at once, such as Microsoft Word. The only problem is that this takes up significantly more memory, because such instances of a program cannot share information that is in active memory (many DLLs and such will have to be loaded into memory multiple times). Because of this, it is not recommended for anyone with less than 512 MB of RAM, unless they are running beta software (or have some other reason for needing the added stability).
There are two parts to this tweak. First is to optimize XP's priority control for the processes. Browse to HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ PriorityControl and set the "Win32PrioritySeparation" DWORD to 38. Next, go into My Computer and under Tools, open the Folder Options menu. Select the View tab and check the "Launch folder windows in separate process" box. This setting actually forces each window into its own memory tread and gives it a separate process priority.
Powertweak application
**********************
xxx.powertweak.com
Powertweak is an application, which acts much like a driver for our chipsets. It optimizes the communication between the chipset and the CPU, and unlocks several "hidden" features of the chipset that can increase the speed of the system. Specifically, it tweaks the internal registers of the chipset and processor that the BIOS does not for better communication performance between subsystems. Supported CPUs and chipsets can see a significant increase in I/O bandwidth, increasing the speed of the entire system. Currently the application supports most popular CPUs and chipsets, although you will need to check the website for your specific processor/chipset combo – the programmer is working on integrating even more chipsets and CPUs into the software.
Offload Network Task Processing onto the Network Card
*****************************************************
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters]
Many newer network cards have the ability of taking some of the network processing load off of the processor and performing it right on the card (much like Hardware T&L on most new video cards). This can significantly lower the CPU processes needed to maintain a network connection, freeing up that processor time for other tasks. This does not work on all cards, and it can cause network connectivity problems on systems where the service is enabled but unsupported, so please check with your NIC manufacturer prior to enabling this tweak. Find the DWORD "DisableTaskOffload" and set the value to 0 (the default value is 1). If the key is not already available, create it.
Force XP to Unload DLLs
***********************
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer]
"AlwaysUnloadDLL"=dword:00000001
XP has a bad habit of keeping dynamic link libraries that are no longer in use resident in memory. Not only do the DLLs use up precious memory space, but they also tend to cause stability problems in some systems. To force XP to unload any DLLs in memory when the application that called them is no longer in memory, browse to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer and find the DWORD "AlwaysUnloadDLL". You may need to create this key. Set the value to 1 to force the operating system to unload DLLs.
Give 16-bit apps their own separate processes
*********************************************
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ WOW]
"DefaultSeparateVDM"="Yes"
By default, Windows XP will only open one 16-bit process and cram all 16-bit apps running on the system at a given time into that process. This simulates how MS-DOS based systems viewed systems and is necessary for some older applications that run together and share resources. However, most 16-bit applications work perfectly well by themselves and would benefit from the added performance and stability of their own dedicated resources. To force Windows XP to give each 16-bit application it's own resources, browse to HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ WOW and find the String "DefaultSeparateVDM". If it is not there, you may need to create it. Set the value of this to Yes to give each 16-bit application its own process, and No to have the 16-bit application all run in the same memory space.
Disable User Tracking
*********************
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer]
"NoInstrumentation"=dword:00000001
The user tracking system built into Windows XP is useless to 99% of users (there are very few uses for the information collected other than for a very nosy system admin), and it uses up precious resources to boot, so it makes sense to disable this "feature" of Windows XP. To do so, browse to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer and find the DWORD "NoInstrumentation". You may need to create this key if it is not there. The default setting is 0, but setting it to 1 will disable most of the user tracking features of the system.
Thumbnail Cache
***************
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced]
"DisableThumbnailCache"=dword:00000001
Windows XP has a neat feature for graphic and video files that creates a "thumbnail" of the image or first frame of the video and makes it into an oversized icon for the file. There are two ways that Explorer can do this, it can create them fresh each time you access the folder or it can load them from a thumbnail cache. The thumbnail caches on systems with a large number of image and video files can become staggeringly large. To disable the Thumbnail Cache, browse to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced and find the DWORD "DisableThumbnailCache". You may need to create this key. A setting of 1 is recommended for systems where the number of graphic and video files is large, and a setting of 0 is recommended for systems not concerned about hard drive space, as loading the files from the cache is significantly quicker than creating them from scratch each time a folder is accessed.
Jan 14, 2009
Repair Windows XP
1. Boot the computer using the XP CD. You may need to change the
boot order in the system BIOS. Check your system documentation
for steps to access the BIOS and change the boot order.
2. When you see the "Welcome To Setup" screen, you will see the
options below This portion of the Setup program prepares Microsoft
Windows XP to run on your computer:
To setup Windows XP now, press ENTER.
To repair a Windows XP installation using Recovery Console, press R.
To quit Setup without installing Windows XP, press F3.
3. Press Enter to start the Windows Setup.
do not choose "To repair a Windows XP installation using the
Recovery Console, press R", (you do not want to load Recovery
Console). I repeat, do not choose "To repair a Windows XP
installation using the Recovery Console, press R".
4. Accept the License Agreement and Windows will search for existing
Windows installations.
5. Select the XP installation you want to repair from the list and
press R to start the repair. If Repair is not one of the options,
read this Warning!!
6. Setup will copy the necessary files to the hard drive and reboot.
Do not press any key to boot from CD when the message appears.
Setup will continue as if it were doing a clean install, but your
applications and settings will remain intact.
Blaster worm warning: Do not immediately activate over the internet
when asked, enable the XP firewall
[ http://support.microsoft.com/?kbid=283673 ]
before connecting to the internet. You can activate after the
firewall is enabled. Control Panel - Network Connections. Right click
the connection you use, Properties, and there is a check box on the
Advanced [ http://michaelstevenstech.com/xpfirewall1.jpg ] page.
7. Reapply updates or service packs applied since initial Windows XP
installation. Please note that a Repair Install from the Original
install XP CD will remove SP1/SP2 and service packs will need to be
reapplied.
Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=049C9DBE-3B8E-
4F30-8245-9E368D3CDB5A&displaylang=en
An option I highly recommend is creating a Slipstreamed XP CD with SP2.
Slipstreaming Windows XP with Service Pack 2 (SP2)
http://www.winsupersite.com/showcase/windowsxp_sp2_slipstream.asp
______________________________________________________________________
Warning!!
If the option to Repair Install is not available and you continue
with the install;you will delete your Windows folder and Documents
and Settings folder. All applications that place keys in the registry
will need to be re-installed. You should exit setup if the repair
option is not available and consider other options.
Try the link below if the repair option is not available.
Windows XP Crashed?
http://www.digitalwebcast.com/2002/03_mar/tutorials/cw_boot_toot.htm
Here's Help.
A salvage mission into the depths of Windows XP, explained by a
non-geek
by Charlie White
http://www.digitalwebcast.com/2002/03_mar/tutorials/cw_boot_toot.htm
Related links
You May Lose Data or Program Settings After Reinstalling, Repairing,
or Upgrading Windows XP (Q312369)
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q312369
System Restore "Restore Points" Are Missing or Deleted (Q301224)
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q301224
How to Perform an In-Place Upgrade (Reinstallation) of Windows XP
(Q315341)
http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q315341
Warning!! If the Repair Option is not Available
What should I do? Most important do not ignore the information below!
If the option to Repair Install is NOT available and you continue
with the install; you will delete your Windows folder, Documents and
Settings folders. All Applications that place keys in the registry
will need to be re-installed.
You should exit setup if the repair option is not available and
consider other options. I have found if the Repair option is not
available, XP is usually not repairable and will require a Clean
install.http://michaelstevenstech.com/cleanxpinstall.html
If you still have the ability to access the Windows XP installation,
backup all important files not restorable from other sources before
attempting any recovery console trouble shooting attempts.
Possible Fix by reconfiguring boot.ini using Recovery Console.
1.Boot with XP CD or 6 floppy boot disk set.
2. Press R to load the Recovery Console.
3. Type bootcfg.
4. This should fix any boot.ini errors causing setup not to see the
XP OS install.
5. Try the repair install.
One more suggestion from MVP Alex Nichol
"Reboot, this time taking the immediate R option, and if the CD
letter is say K: give these commands
COPY K:\i386\ntldr C:\
COPY K:\i386\ntdetect.com C:\
(two other files needed - just in case)
1. Type: ATTRIB -H -R -S C:\boot.ini DEL C:\boot.ini
2. Type: BootCfg /Rebuild
which will get rid of any damaged boot.ini, search the disk for
systems and make a new one. This might even result in a damaged
windows reappearing; but gives another chance of getting at the
repair"
Disable The Send Error Report, to Microsoft
To disable the stupid feature in WinXP which tries to send a report to microsoft every time a program crashes you will have to do this:
Open Control Panel
Click on Preformance and Maintenance.
Click on System.
Then click on the Advanced tab
Click on the error reporting button on the bottom of the windows.
Select Disable error reporting.
Click OK
Click OK
Disable The Send Error Report, to Microsoft
To disable the stupid feature in WinXP which tries to send a report to microsoft every time a program crashes you will have to do this:
Open Control Panel
Click on Preformance and Maintenance.
Click on System.
Then click on the Advanced tab
Click on the error reporting button on the bottom of the windows.
Select Disable error reporting.
Click OK
Click OK
Jan 9, 2009
Evolution Of Computer Viruses History Of Viruses
part 1
Like any other field in computer science, viruses have evolved -a great deal indeed- over the years. In the series of press releases which start today, we will look at the origins and evolution of malicious code since it first appeared up to the present.
Going back to the origin of viruses, it was in 1949 that Mathematician John Von Neumann described self-replicating programs which could resemble computer viruses as they are known today. However, it was not until the 60s that we find the predecessor of current viruses. In that decade, a group of programmers developed a game called Core Wars, which could reproduce every time it was run, and even saturate the memory of other players’ computers. The creators of this peculiar game also created the first antivirus, an application named Reeper, which could destroy copies created by Core Wars.
However, it was only in 1983 that one of these programmers announced the existence of Core Wars, which was described the following year in a prestigious scientific magazine: this was actually the starting point of what we call computer viruses today.
At that time, a still young MS-DOS was starting to become the preeminent operating system worldwide. This was a system with great prospects, but still many deficiencies as well, which arose from software developments and the lack of many hardware elements known today. Even like this, this new operating system became the target of a virus in 1986: Brain, a malicious code created in Pakistan which infected boot sectors of disks so that their contents could not be accessed. That year also saw the birth of the first Trojan: an application called PC-Write.
Shortly after, virus writers realized that infecting files could be even more harmful to systems. In 1987, a virus called Suriv-02 appeared, which infected COM files and opened the door to the infamous viruses Jerusalem or Viernes 13. However, the worst was still to come: 1988 set the date when the “Morris worm” appeared, infecting 6,000 computers.
From that date up to 1995 the types of malicious codes that are known today started being developed: the first macro viruses appeared, polymorphic viruses … Some of these even triggered epidemics, such as MichaelAngelo. However, there was an event that changed the virus scenario worldwide: the massive use of the Internet and e-mail. Little by little, viruses started adapting to this new situation until the appearance, in 1999, of Melissa, the first malicious code to cause a worldwide epidemic, opening a new era for computer viruses.
part 2
This second installment of ‘The evolution of viruses’ will look at how malicious code used to spread before use of the Internet and e-mail became as commonplace as it is today, and the main objectives of the creators of those earlier viruses.
Until the worldwide web and e-mail were adopted as a standard means of communication the world over, the main mediums through which viruses spread were floppy disks, removable drives, CDs, etc., containing files that were already infected or with the virus code in an executable boot sector.
When a virus entered a system it could go memory resident, infecting other files as they were opened, or it could start to reproduce immediately, also infecting other files on the system. The virus code could also be triggered by a certain event, for example when the system clock reached a certain date or time. In this case, the virus creator would calculate the time necessary for the virus to spread and then set a date –often with some particular significance- for the virus to activate. In this way, the virus would have an incubation period during which it didn’t visibly affect computers, but just spread from one system to another waiting for ‘D-day’ to launch its payload. This incubation period would be vital to the virus successfully infecting as many computers as possible.
One classic example of a destructive virus that lay low before releasing its payload was CIH, also known as Chernobyl. The most damaging version of this malicious code activated on April 26, when it would try to overwrite the flash-BIOS, the memory which includes the code needed to control PC devices. This virus, which first appeared in June 1998, had a serious impact for over two years and still continues to infect computers today.
Because of the way in which they propagate, these viruses spread very slowly, especially in comparison to the speed of today’s malicious code. Towards the end of the Eighties, for example, the Friday 13th (or Jerusalem) virus needed a long time to actually spread and continued to infect computers for some years. In contrast, experts reckon that in January 2003, SQLSlammer took just ten minutes to cause global communication problems across the Internet.
Notoriety versus stealth
For the most part, in the past, the activation of a malicious code triggered a series of on screen messages or images, or caused sounds to be emitted to catch the user’s attention. Such was the case with the Ping Pong virus, which displayed a ball bouncing from one side of the screen to another. This kind of elaborate display was used by the creator of the virus to gain as much notoriety as possible. Nowadays however, the opposite is the norm, with virus authors trying to make malicious code as discreet as possible, infecting users’ systems without them noticing that anything is amiss.
pat 3
This third installment of ‘The evolution of viruses’ will look at how the Internet and e-mail changed the propagation techniques used by computer viruses.
Internet and e-mail revolutionized communications. However, as expected, virus creators didn’t take long to realize that along with this new means of communication, an excellent way of spreading their creations far and wide had also dawned. Therefore, they quickly changed their aim from infecting a few computers while drawing as much attention to themselves as possible, to damaging as many computers as possible, as quickly as possible. This change in strategy resulted in the first global virus epidemic, which was caused by the Melissa worm.
With the appearance of Melissa, the economic impact of a virus started to become an issue. As a result, users -above all companies- started to become seriously concerned about the consequences of viruses on the security of their computers. This is how users discovered antivirus programs, which started to be installed widely. However, this also brought about a new challenge for virus writers, how to slip past this protection and how to persuade users to run infected files.
The answer to which of these virus strategies was the most effective came in the form of a new worm: Love Letter, which used a simple but effective ruse that could be considered an early type of social engineering. This strategy involves inserting false messages that trick users into thinking that the message includes anything, except a virus. This worm’s bait was simple; it led users to believe that they had received a love letter.
This technique is still the most widely used. However, it is closely followed by another tactic that has been the center of attention lately: exploiting vulnerabilities in commonly used software. This strategy offers a range of possibilities depending on the security hole exploited. The first malicious code to use this method –and quite successfully- were the BubbleBoy and Kakworm worms. These worms exploited a vulnerability in Internet Explorer by inserting HTML code in the body of the e-mail message, which allowed them to run automatically, without needing the user to do a thing.
Vulnerabilities allow many different types of actions to be carried out. For example, they allow viruses to be dropped on computers directly from the Internet -such as the Blaster worm-. In fact, the effects of the virus depend on the vulnerability that the virus author tries to exploit.
part 4
In the early days of computers, there were relatively few PCs likely to contain “sensitive” information, such as credit card numbers or other financial data, and these were generally limited to large companies that had already incorporated computers into working processes.
In any event, information stored in computers was not likely to be compromised, unless the computer was connected to a network through which the information could be transmitted. Of course, there were exceptions to this and there were cases in which hackers perpetrated frauds using data stored in IT systems. However, this was achieved through typical hacking activities, with no viruses involved.
The advent of the Internet however caused virus creators to change their objectives, and, from that moment on, they tried to infect as many computers as possible in the shortest time. Also, the introduction of Internet services -like e-banking or online shopping- brought in another change. Some virus creators started writing malicious codes not to infect computers, but, to steal confidential data associated to those services. Evidently, to achieve this, they needed viruses that could infect many computers silently.
Their malicious labor was finally rewarded with the appearance, in 1986, of a new breed of malicious code generically called “Trojan Horse”, or simply “Trojan”. This first Trojan was called PC-Write and tried to pass itself off as the shareware version of a text processor. When run, the Trojan displayed a functional text processor on screen. The problem was that, while the user wrote, PC-Write deleted and corrupted files on the computers’ hard disk.
After PC-Write, this type of malicious code evolved very quickly to reach the stage of present-day Trojans. Today, many of the people who design Trojans to steal data cannot be considered virus writers but simply thieves who, instead of using blowtorches or dynamite have turned to viruses to commit their crimes. Ldpinch.W or the Bancos or Tolger families of Trojans are examples of this
part 5
Even though none of them can be left aside, some particular fields of computer science have played a more determinant role than others with regard to the evolution of viruses. One of the most influential fields has been the development of programming languages.
These languages are basically a means of communication with computers in order to tell them what to do. Even though each of them has its own specific development and formulation rules, computers in fact understand only one language called "machine code".
Programming languages act as an interpreter between the programmer and the computer. Obviously, the more directly you can communicate with the computer, the better it will understand you, and more complex actions you can ask it to perform.
According to this, programming languages can be divided into "low and high level" languages, depending on whether their syntax is more understandable for programmers or for computers. A "high level" language uses expressions that are easily understandable for most programmers, but not so much for computers. Visual Basic and C are good examples of this type of language.
On the contrary, expressions used by "low level" languages are closer to machine code, but are very difficult to understand for someone who has not been involved in the programming process. One of the most powerful, most widely used examples of this type of language is "assembler".
In order to explain the use of programming languages through virus history, it is necessary to refer to hardware evolution. It is not difficult to understand that an old 8-bit processor does not have the power of modern 64-bit processors, and this of course, has had an impact on the programming languages used.
In this and the next installments of this series, we will look at the different programming languages used by virus creators through computer history:
- Virus antecessors: Core Wars
As was already explained in the first chapter of this series, a group of programs called Core Wars, developed by engineers at an important telecommunications company, are considered the antecessors of current-day viruses. Computer science was still in the early stages and programming languages had hardly developed. For this reason, authors of these proto-viruses used a language that was almost equal to machine code to program them.
Curiously enough, it seems that one of the Core Wars programmers was Robert Thomas Morris, whose son programmed -years later- the "Morris worm". This malicious code became extraordinarily famous since it managed to infect 6,000 computers, an impressive figure for 1988.
- The new gurus of the 8-bits and the assembler language.
The names Altair, IMSAI and Apple in USA and Sinclair, Atari and Commodore in Europe, bring memories of times gone by, when a new generation of computer enthusiasts "fought" to establish their place in the programming world. To be the best, programmers needed to have profound knowledge of machine code and assembler, as interpreters of high-level languages used too much run time. BASIC, for example, was a relatively easy to learn language which allowed users to develop programs simply and quickly. It had however, many limitations.
This caused the appearance of two groups of programmers: those who used assembler and those who turned to high-level languages (BASIC and PASCAL, mainly).
Computer aficionados of the time enjoyed themselves more by programming useful software than malware. However, 1981 saw the birth of what can be considered the first 8-bit virus. Its name was "Elk Cloner", and was programmed in machine code. This virus could infect Apple II systems and displayed a message when it infected a computer.
part 6
Computer viruses evolve in much the same way as in other areas of IT. Two of the most important factors in understanding how viruses have reached their current level are the development of programming languages and the appearance of increasingly powerful hardware.
In 1981, almost at the same time as Elk Kloner (the first virus for 8-bit processors) made its appearance, a new operating system was growing in popularity. Its full name was Microsoft Disk Operating System, although computer buffs throughout the world would soon refer to it simply as DOS.
DOS viruses
The development of MS DOS systems occurred in parallel to the appearance of new, more powerful hardware. Personal computers were gradually establishing themselves as tools that people could use in their everyday lives, and the result was that the number of PCs users grew substantially. Perhaps inevitably, more users also started creating viruses. Gradually, we witnessed the appearance of the first viruses and Trojans for DOS, written in assembler language and demonstrating a degree of skill on the part of their authors.
Far less programmers know assembler language than are familiar with high-level languages that are far easier to learn. Malicious code written in Fortran, Basic, Cobol, C or Pascal soon began to appear. The last two languages, which are well established and very powerful, are the most widely used, particularly in their TurboC and Turbo Pascal versions. This ultimately led to the appearance of “virus families”: that is, viruses that are followed by a vast number of related viruses which are slightly modified forms of the original code.
Other users took the less ‘artistic’ approach of creating destructive viruses that did not require any great knowledge of programming. As a result, batch processing file viruses or BAT viruses began to appear.
Win16 viruses
The development of 16-bit processors led to a new era in computing. The first consequence was the birth of Windows, which, at the time, was just an application to make it easier to handle DOS using a graphic interface.
The structure of Windows 3.xx files is rather difficult to understand, and the assembler language code is very complicated, as a result of which few programmers initially attempted to develop viruses for this platform. But this problem was soon solved thanks to the development of programming tools for high-level languages, above all Visual Basic. This application is so effective that many virus creators adopted it as their ‘daily working tool’. This meant that writing a virus had become a very straightforward task, and viruses soon appeared in their hundreds. This development was accompanied by the appearance of the first Trojans able to steal passwords. As a result, more than 500 variants of the AOL Trojan family -designed to steal personal information from infected computers- were identified.
part 7
This seventh edition on the history of computer viruses will look at how the development of Windows and Visual Basic has influenced the evolution of viruses, as with the development of these, worldwide epidemics also evolved such as the first one caused by Melissa in 1999.
While Windows changed from being an application designed to make DOS easier to manage to a 32-bit platform and operating system in its own right, virus creators went back to using assembler as the main language for programming viruses.
Versions 5 and 6 of Visual Basic (VB) were developed, making it the preferred tool, along with Borland Delphi (the Pascal development for the Windows environment), for Trojan and worm writers. Then, Visual C, a powerful environment developed in C for Windows, was adopted for creating viruses, Trojans and worms. This last type of malware gained unusual strength, taking over almost all other types of viruses. Even though the characteristics of worms have changed over time, they all have the same objective: to spread to as many computers as possible, as quickly as possible.
With time, Visual Basic became extremely popular and Microsoft implemented part of the functionality of this language as an interpreter capable of running script files with a similar syntax.
At the same time as the Win32 platform was implemented, the first script viruses also appeared: malware inside a simple text file. These demonstrated that not only executable files (.EXE and .COM files) could carry viruses. As already seen with BAT viruses, there are also other means of propagation, proving the saying "anything that can be executed directly or through a interpreter can contain malware." To be specific, the first viruses that infected the macros included in Microsoft Office emerged. As a result, Word, Excel, Access and PowerPoint become ways of spreading ‘lethal weapons’, which destroyed information when the user simply opened a document.
Melissa and self-executing worms
The powerful script interpreters in Microsoft Office allowed virus authors to arm their creations with the characteristics of worms. A clear example is Melissa, a Word macro virus with the characteristics of a worm that infects Word 97 and 2000 documents. This worm automatically sends itself out as an attachment to an e-mail message to the first 50 contacts in the Outlook address book on the affected computer. This technique, which has unfortunately become very popular nowadays, was first used in this virus which, in 1999, caused one of the largest epidemics in computer history in just a few days. In fact, companies like Microsoft, Intel or Lucent Technologies had to block their connections to the Internet due to the actions of Melissa.
The technique started by Melissa was developed in 1999 by viruses like VBS/Freelink, which unlike its predecessor sent itself out to all the contacts in the address book on the infected PC. This started a new wave of worms capable of sending themselves out to all the contacts in the Outlook address book on the infected computer. Of these, the worm that most stands out from the rest is VBS/LoveLetter, more commonly known as ‘I love You’, which emerged in May 2000 and caused an epidemic that caused damage estimated at 10,000 million euros. In order to get the user’s attention and help it to spread, this worm sent itself out in an e-mail message with the subject ‘ILOVEYOU’ and an attached file called ‘LOVE-LETTER-FOR-YOU.TXT.VBS’. When the user opened this attachment, the computer was infected.
As well as Melissa, in 1999 another type of virus emerged that also marked a milestone in virus history. In November of that year, VBS/BubbleBoy appeared, a new type of Internet worm written in VB Script. VBS/BubbleBoy was automatically run without the user needing to click on an attached file, as it exploited a vulnerability in Internet Explorer 5 to automatically run when the message was opened or viewed. This worm was followed in 2000 by JS/Kak.Worm, which spread by hiding behind Java Script in the auto-signature in Microsoft Outlook Express, allowing it to infect computers without the user needing to run an attached file. These were the first samples of a series of worms, which were joined later on by worms capable of attacking computers when the user is browsing the Internet.
Jan 8, 2009
Add A Url Address Bar To The Taskbar
You can add an Internet URL address bar to your Windows XP taskbar. Doing so will let you type in URLs and launch Web pages without first launching a browser. It will also let you launch some native Windows XP applications in much the same way as you would via the Run menu (so you could type in calc to launch the calculator or mspaint to launch Microsoft Paint. Here's how you add the address bar:
1. Right-click on the taskbar, select Toolbars, and then click Address.
2. The word Address will appear on your taskbar.
3. Double click it to access it.
4. If that doesn't work, your taskbar is locked. You can unlock it by right-clicking on the taskbar again and uncheck Lock the Taskbar.
NOTE: You may also need to grab the vertical dotted lines beside the word Address and drag it to the left to make the Address window appear.
Creating a Board or Forum on your own PC
First of all you need Apache Server, PHP, MySQL and a Forum Script i.e. phpBB or Invision or vBulletin.
Download phpDev here
http://keihanna.dl.sourceforge.net/sourceforge/phpdev5/phpdev423.exe
and you get a bundle of all the things above.
exttract & install php dev. start the apache server,its 90% done.
upload the forum script to X:/phpdev/www/public
(x is your drive, usually C: )
now to access the forum through internet you will not know your IP address thru ipconfig command..
go to
http://www.whatismyip.com
see whats your IP address.
now go to
http://your ip address/public/your forum directory/install.php
thats it!
Jan 6, 2009
Access Your Folders From Your Taskbar
This is an easy way to get to the folders on your system without having to open a Windows Explorer Window every time you want to access files. I find it very useful to have this feature as it allows me to access my Folders and Drives immediately and saves me a lot of time.
This works in Windows XP:
1. Right Click an empty spot on your Taskbar (Between your Start Button and your System Tray).
2. Click Toolbars.
3. Click New Toolbar.
4. A Small Window will Open that allows you to pick the folder you wish to make a Toolbar. If you want to access your Desktop Without having to minimize all your windows. Just Pick Desktop. If you want to access ONLY your My Documents Folder, Select that. Any folder will work for this.
5. Click OK.
The New Tool bar will appear at the bottom of your screen next to your System Tray.
If you find this to be not useful, Repeat Steps 1 and 2 and then check click the Toolbar you created that has a check mark next to it. And it will disappear.
Jan 4, 2009
Windows True Hidden Files
--ACRONYMS--
DOS = Disk Operating System, or MS-DOS
MSIE = Microsoft Internet Explorer
TIF = Temporary Internet Files (folder)
HD = Hard Drive
OS = Operating System
FYI = For Your Information
1)SEEING IS BELIEVING
No. Enabling Windows Explorer to "show all files" does not show the files in mention. No. DOS does not
list the files after receiving a proper directory listing from root. And yes. Microsoft intentionally
disabled the "Find" utility from searching through one of the folders.
Oh, but that's not all.
To see for yourself simply do as you would normally do to clear your browsing history. Go to Internet
Options under your Control Panel. Click on the [Clear History] and [Delete Files] buttons. (Make sure
to include all offline content.)
So, has your browsing history been cleared? One would think so.
These are the names and locations of the "really hidden files":
c:\windows\history\history.ie5\index.dat
c:\windows\tempor~1\content.ie5\index.dat
If you have upgraded MSIE several times, they might have alternative names of mm256.dat and
mm2048.dat, and may also be located here:
c:\windows\tempor~1\
c:\windows\history\
Not to mention the other alternative locations under:
c:\windows\profiles\%user%\...
c:\windows\application data\...
c:\windows\local settings\...
c:\windows\temp\...
c:\temp\...
(or as defined in your autoexec.bat.)
FYI, there are a couple other index.dat files that get hidden as well, but they are seemingly not very
important. See if you can find them.
2)IF YOU HAVE EVER USED MICROSOFT INTERNET EXPLORER
1) Shut your computer down, and turn it back on.
2) While your computer is booting keep pressing the [F8] key until you are given an option screen.
3) Choose "Command Prompt Only" (This will take you to true DOS mode.) Windows ME users must use a boot
disk to get into real DOS mode.
4) When your computer is done booting, you will have a C:\> followed by a blinking cursor.
Type this in, hitting enter after each line. (Obviously, don't type the comments in parentheses.)
C:\WINDOWS\SMARTDRV (Loads smartdrive to speed things up.)
CD\
DELTREE/Y TEMP (This line removes temporary files.)
CD WINDOWS
DELTREE/Y COOKIES (This line removes cookies.)
DELTREE/Y TEMP (This removes temporary files.)
DELTREE/Y HISTORY (This line removes your browsing history.)
DELTREE/Y TEMPOR~1 (This line removes your internet cache.)
(If that last line doesn't work, then type this
CD\WINDOWS\APPLIC~1
DELTREE/Y TEMPOR~1
(If that didn't work, then type this
CD\WINDOWS\LOCALS~1
DELTREE/Y TEMPOR~1
If you have profiles turned on, then it is likely located under \windows\profiles\%user%\, while older
versions of MSIE keep them under \windows\content\.)
FYI, Windows re-creates the index.dat files automatically when you reboot your machine, so don't be
surprised when you see them again. They should at least be cleared of your browsing history.
3)CLEARING YOUR REGISTRY
It was once believed that the registry is the central database of Windows that stores and maintains the
OS configuration information. Well, this is wrong. Apparently, it also maintains a bunch of other
information that has absolutely nothing to do with the configuration. I won't get into the other
stuff, but for one, your typed URLs are stored in the registry.
HKEY_USERS/Default/Software/Microsoft/Internet Explorer/TypedURLs/
HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/TypedURLs/
These "Typed URLs" come from MSIE's autocomplete feature. It records all URLs that you've typed in manually
in order to save you some time filling out the address field.
4)SLACK FILES
As you may already know, deleting files only deletes the references to them. They are in fact still sitting
there on your HD and can still be recovered by a very motivated person.
Use window washer to delete slack files. /http://www.webroot.com/download/0506/reg3ww.exe
5)STEP-BY-STEP GUIDE THROUGH YOUR HIDDEN FILES
The most important files to be paying attention to are your "index.dat" files. These are database files
that reference your history, cache and cookies. The first thing you should know is that the index.dat files
is that they don't exist in less you know they do. They second thing you should know about them is that
some will *not* get cleared after deleting your history and cache.
To view these files, follow these steps:
In MSIE 5.x, you can skip this first step by opening MSIE and going to Tools > Internet Options > [Settings] > [View Files].
Now write down the names of your alphanumeric folders on a piece of paper. If you can't see any alphanumeric
folders then start with step 1 here:
1) First, drop to a DOS box and type this at prompt (in all lower-case). It will bring up Windows Explorer
under the correct directory.
c:\windows\explorer /e,c:\windows\tempor~1\content.ie5\
You see all those alphanumeric names listed under "content.ie5?" (left-hand side.) That's Microsoft's
idea of making this project as hard as possible. Actually, these are your alphanumeric folders that was
created to keep your cache. Write these names down on a piece of paper. (They should look something like
this: 6YQ2GSWF, QRM7KL3F, U7YHQKI4, 7YMZ516U, etc.) If you click on any of the alphanumeric folders then
nothing will be displayed. Not because there aren't any files here, but because Windows Explorer has lied
to you. If you want to view the contents of these alphanumeric folders you will have to do so in DOS.
2) Then you must restart in MS-DOS mode. (Start > Shutdown > Restart in MS-DOS mode. ME users use a
bootdisk.)
Note that you must restart to DOS because windows has locked down some of the files and they can only be
accessed in real DOS mode.
3) Type this in at prompt:
CD\WINDOWS\TEMPOR~1\CONTENT.IE5
CD %alphanumeric%
(replace the "%alphanumeric%" with the first name that you just wrote down.)
DIR/P
The cache files you are now looking at are directly responsible for the mysterious erosion of HD space
you may have been noticing.
5) Type this in:
CD\WINDOWS\TEMPOR~1\CONTENT.IE5
EDIT /75 INDEX.DAT
You will be brought to a blue screen with a bunch of binary.
6) Press and hold the [Page Down] button until you start seeing lists of URLs. These are all the sites
that you've ever visited as well as a brief description of each. You'll notice it records everything
ou've searched for in a search engine in plain text, in addition to the URL.
7) When you get done searching around you can go to File > Exit. If you don't have mouse support in DOS
then use the [ALT] and arrow keys.
Next you'll probably want to erase these files by typing this:
C:\WINDOWS\SMARTDRV
CD\WINDOWS
DELTREE/Y TEMPOR~1
(replace "cd\windows" with the location of your TIF folder if different.)
9) Then check out the contents of your History folder by typing this:
CD\WINDOWS\HISTORY\HISTORY.IE5
EDIT /75 INDEX.DAT
You will be brought to a blue screen with more binary.
10) Press and hold the [Page Down] button until you start seeing lists of URLS again.
This is another database of the sites you've visited.
11) And if you're still with me, type this:
CD\WINDOWS\HISTORY
12) If you see any mmXXXX.dat files here then check them out (and delete them.) Then:
CD\WINDOWS\HISTORY\HISTORY.IE5
CD MSHIST~1
EDIT /75 INDEX.DAT
More URLs from your internet history. Note, there are probably other mshist~x folders here so you can
repeat these steps for every occurence if you please.
13) By now, you'll probably want to type in this:
CD\WINDOWS
DELTREE/Y HISTORY
6)HOW MICROSOFT DOES IT
How does Microsoft make these folders/files invisible to DOS?
The only thing Microsoft had to do to make the folders/files invisible to a directory listing is to
set them +s[ystem]. That's it.
So how does Microsoft make these folders/files invisible to Windows Explorer?
The "desktop.ini" is a standard text file that can be added to any folder to customize certain aspects of
the folder's behavior. In these cases, Microsoft utilized the desktop.ini file to make these files
invisible. Invisible to Windows Explorer and even to the "Find: Files or Folders" utility. All that
Microsoft had to do was create a desktop.ini file with certain CLSID tags and the folders would disappear
like magic.
To show you exactly what's going on:
Found in the c:\windows\temporary internet files\desktop.ini and
the c:\windows\temporary internet files\content.ie5\desktop.ini is this text:
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
Found in the c:\windows\history\desktop.ini and the c:\windows\history\history.ie5\desktop.ini is this text:
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
The UICLSID line cloaks the folder in Windows Explorer. The CLSID line disables the "Find" utility
from searching through the folder.
To see for yourself, you can simply erase the desktop.ini files. You'll see that it will instantly give
Windows Explorer proper viewing functionality again, and the "Find" utility proper searching capabilities
again. Problem solved right? Actually, no. As it turns out, the desktop.ini files get reconstructed every
single time you restart your computer. Nice one, Slick.
Luckily there is a loophole which will keep Windows from hiding these folders. You can manually edit the
desktop.ini's and remove everything except for the "[.ShellClassInfo]" line. This will trick windows into
thinking they have still covered their tracks, and wininet won't think to reconstruct them.
Blog Archive
-
▼
2009
(16)
-
▼
January
(11)
- Winxp Tips And Tricks, Winsock 2 repair
- Steps to Clean Install XP
- Windows XP Tweaks
- Repair Windows XP
- Disable The Send Error Report, to Microsoft
- Disable The Send Error Report, to Microsoft
- Evolution Of Computer Viruses History Of Viruses
- Add A Url Address Bar To The Taskbar
- Creating a Board or Forum on your own PC
- Access Your Folders From Your Taskbar
- Windows True Hidden Files
-
▼
January
(11)