http://www.
starwebchannel
.com

Site Map

Information

World Holidays
MAS flight schedule
Conversion Table
Taxation
Links to other sites

Motivational Pages

Humour 
Advice

Its an 
IT World

Pets Memorial

Miscellaneous

l
webmaster

Report bugs

Home

 
Spiritual 
The whole
 Bible in html

Daily Bread

.

TIPS from the net & emails received

25 July 2002

Masalah “dialup” pengguna perisian Windows 2000 (Win2000).

[Versi BM]

1. Pengumuman ini ditujukan hanya kepada pengguna perkhidmatan “dialup” JARING yang menggunakan Win2000.

2. Didapati pengguna “dialup” JARING yang menggunakan Win2000 kerap menghadapi masalah penyambungan (“error 734 - The PPP link control protocol terminated”).

3. Untuk menyelesaikan masalah tersebut, pengguna dinasihatkan mengikuti langkah-langkah berikut:

Langkah 1.
Klik butang Start -> Program -> Accessories -> Communication -> Network And Dialup Connection.

Langkah 2.
Dwi klik “icon” JARING -> Properties (sila lengkapkan bahagian di bawah)

Bahagian “Option”.
Sila pastikan kolum "Include Windows Logon domain" tidak ditandakan.

Bahagian “Security”.
Sila pastikan "allow unsecured password" dipilih dan lain-lain pilihan dikekalkan.

Bahagian “Networking”.
Klik "Setting", dan sila pastikan "negotiate multi-link" tidak ditanda.

Untuk menamatkan konfigurasi, klik butang "apply" dan seterusnya klik butang "OK".

4. Kami memohon maaf atas kesulitan yang dialami.

Pusat Operasi Rangkaian JARING

Windows 2000 (Win2000) dialup connection problem.

[English Version]

1. This announcement is addressed to all JARING dialup subscribers,especially Win2000 users.

2. It is found that JARING dialup subscribers who are using Win2000, frequently experience connection error (error 734 - The PPP link control protocol terminated).

3. To solve the problem, please follow these steps:

Step 1.
Click at Start button -> Program -> Accessories -> Communication -> Network And Dialup Connection.

Step 2.
Double-click JARING icon -> Properties (please proceed with the steps below)

Option.
Please make sure that the "Include Windows Logon Domain" is not ticked.

Security.
Please choose "allow unsecured password" and the rest remain the same.

Networking.
Please make sure that the "negotiate multi-link" is not ticked.

To finish the configuration setting, please click "apply" and "OK" button.

4. We apologize for any inconvenience caused.


JARING Network Operation Center

TO REMOVE THE KAKWORM VIRUS

As spoken, please find the attached "kill_kak.exe" file and the kill
procedure from PC-cillin support. Like I said, you must manually go into the
registry to delete the entries. I tried just using the "kill_kak.exe" file
but could not kill the registry entries.

Good luck!


----- Original Message -----
From: Trend Support for PC-Cillin 
To: 'xx
Cc: Trend Support for PC-Cillin 
Sent: Saturday, October 28, 2000 1:27 AM
Subject: RE: kak.hta virus or worm


Good day!

Thank you for e-mailing us.

Sorry for the inconvenience.

Sir,most viruses are polymorphic which means that they tend to change to
different types of viruses from that single viruses. And so, there will be
times that detecting and cleaning will be harder. With regards to the
Kakworm virus you have, I will be providing you of two procedures you can
use to eradicate the KAKWORM virus.

1)

VBS_KAKWORM.A is a direct action worm that is compatible with the Windows
Scripting Host interpreter. You must have MS IE 5 or a browser that supports
Windows Scripting for this worm to execute. This worm modifies your default
signature in Outlook Express, embedding itself in the message. This worm is
compatible with both the English and French versions of Windows.
VBS_KakWorm.A utilizes the same security hole as VBS_BubbleBoy, wherein
simply viewing e-mail through the preview pane will trigger the worm
execution and/or payload. Users having the latest security patches for
Outlook Express, and High Security settings in their browsers can avoid this
worm from triggering. Upon receiving a spammed mail with this worm, it will
initially drop KAK.HTM into your C:\WINDOWS directory and a temporary file
with an HTA extension into your C:\WINDOWS\SYSTEM directory. It will also
drop KAK.HTA into your StartUp directory (appropriately for either version
of Windows).

The worm also adds the following lines into your AUTOEXEC.BAT file:

@echo off>C:\Windows\STARTM~1 \Programs\StartUp\kak.hta

del C:\Windows\STARTM~1\Programs\StartUp\kak.hta

This will effectively remove traces of KAK.HTA in your StartUp directory and
prevent duplication of the initial "drop procedure."

Changes in the Windows Registry include:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \Currentversion\Run\cAg0u =
C:\WINDOWS\SYSTEM\.hta

HKEY_CURRENT _USER\Identities\\Software\Microsoft\Outlook
Express\5.0\signatures\Default Signature = 00000000

Microsoft Outlook Express will have the default signature settings to the
KAK.HTM file.

The payload activates when Day is 1 and Time is 1700 Hrs or 5:00 PM. Upon
activation, the following message appears:

Kagou-Anti-Kro$oft says not today !

After displaying the message, the shutdown function of Windows is called.

To remove the virus,

1. Please delete the file kak.htm and kak.hta.

2. open your autoexec.bat and delete the following lines:

@echo off>C:\Windows\STARTM~1 \Programs\StartUp\kak.hta

del C:\Windows\STARTM~1\Programs\StartUp\kak.hta

3. open your registry by typing regedit (for Windows 9x) or regedt32 (for
Windows NT) in Start | Run and delete the values

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \Currentversion\Run\cAg0u =
C:\WINDOWS\SYSTEM\.hta

HKEY_CURRENT _USER\Identities\\Software\Microsoft\Outlook
Express\5.0\signatures\Default Signature = 00000000

TO BACKUP THE WINDOWS REGISTRY,

1. In the Windows taskbar, click Start | Run. Type REGEDIT in the Open
field, click OK.

2. In the Registry menu, click "Export Registry File" and select the
directory where you want to store the backup, for example, c:\temp.

3. In the File name field, type a name for the backup file (for example,
regback1).

4. Under "Export Range," choose "All" then click Save. A backup copy of the
registry is made.

TO RESTORE THE WINDOWS REGISTRY,

1. In the Windows taskbar, click Start | Run. Type REGEDIT in the Open
field, click OK.

2. In the Registry menu, click "Import Registry File".

3. In the File name field, choose the location of your backup registry and
click "Open."

4. Restart Windows to begin using the new registry.

For more information on KAKWORM VIRUSES, please visit this web site:

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_KAKWORM.A

May I also suggest to access our online virus scanner Housecall at this
website: http://housecall.antivirus.com.

Please also update your Outlook patches. May I suggest that you refer to the
following sites or links for security updates to ActiveX controls and MS
Outlook:

http://officeupdate.microsoft.com/2000/articles/Out2ksecFAQ.htm

http://officeupdate.microsoft.com/2000/downloadDetails/Out2ksec.htm

http://www.microsoft.com/technet/security/bulletin/ms99-032.asp

2)   Please use the attached KILL_KAK.exe file .

Again my apologies for the inconvenience.

In your future correspondence with us, please do not delete your previous
email so that we may have a history of your case. Thank you!

Please don't hesitate to email me if you need further assistance. Thank you
for choosing PC-cillin.

Regards,


HelpDesk Support Assistant
Trend Development and Support Center
Trend Micro, Inc.
mailto:support@support.trendmicro.com
http://www.antivirus.com/
If you have any comments or suggestions regarding our support, please e-mail
us at
mailto:comments@support.trendmicro.com

Visit our support on-line:
http://solutionbank.antivirus.com/

Did you fall prey?

IN RECENT weeks a “virus warning” has been circulating via e-mail all over the world about a file called Sulfnbk.exe present on Windows PCs.

The “warning” is a hoax. Sulfnbk.exe is actually a valid Microsoft Windows file.

The message exhorts users to immediately delete this file because it is a supposedly undetectable virus that activates on June 1. And of course, users are advised to forward the warning to everyone they know.

Thousands of users apparently heeded the message and went on to delete the file, but there are no exact figures on the number of people affected.

Fortunately, the file is not really a critical one to Windows. It is a utility that is used to restore long file names, and is not needed for normal system operation, according to Symantec Corp, an antivirus and utility software company.

If you have deleted this file, restoration is optional, according to Symantec. Just follow the instructions in the “How to recover” sidebar on this page.

Gullibility virus

In.Tech received dozens of e-mail messages and phone calls during that time from Malaysian users asking about the warning message.

Those who contacted us at least managed to verify that it was a hoax, but a lot more people simply believed the hoax message and deleted the file from their computer systems.

That this hoax could have succeeded at all reflects the widespread reach of the Internet and how quickly information (or disinformation) can spread.

Some users mistakenly assume that information they pick up from the Internet is somehow more accurate or more important than other sources.

This hoax can also be regarded as a form of social engineering, which in information technology (IT) circles means tricking users into revealing passwords or performing steps that compromise a system’s security.

A large percentage of computer users are still fairly IT-illiterate, and they are fearful of computer viruses.

To make matters worse, virus-scanning software or junk e-mail filters will not raise any alarms about the message because it doesn’t actually contain a virus.

The e-mail message itself does not contain anything potentially harmful to computers.

In addition, several people who fell for the hoax said it was because the message came from friends or colleagues.

Stay alert

Still, security experts warn that such hoaxes will continue to be created and perpetuated, and in some cases could even be malicious.

For instance, the hoax message could just have easily have asked users to delete a critical system file, such as one of the numerous DLL files that Windows depends on.

Antivirus vendors also stress the need for scanning software and regular updates of that software to maintain an up to date virgil against viruses.

Needless to say, you should still be wary of opening any e-mail attachments, even if they appear to be from someone you know.

How to recover

Windows Me

You can restore the file using the System Configuration Utility.

1. Click Start and then click Run.

2. Type msconfig and then press Enter.

3. Click Extract Files. The “Extract one file from installation disk” dialogue box appears.

4. In the “Specify the system file you would like to restore” box, type the following string –- c:\windows\command\sulfnbk.exe -– and then click Start.

Note: If you installed Windows to a different location, make the appropriate substitution in the string.

The Extract File dialogue box now appears.

5. Next to the “Restore from” box, click Browse and browse to the location of the Windows installation files. If they were copied to the hard drive, this is, by default, C:\Windows\ Options\Install. You can also insert the Windows installation CD in the CD-ROM drive and browse to that location.

6. Click OK and follow the prompts.

Windows 98

You can restore the file using the System File Checker.

1. Click Start and then click Run.

2. Type sfc and then press Enter.

3. Click “Extract one file from installation disk.”

4. In the “Specify the system file you would like to restore” box, type the following string –- c:\windows\command\sulfnbk.exe –- and then click Start.

Note: If you installed Windows to a different location, make the appropriate substitution in the string.

The Extract File dialogue box now appears.

5. Next to the “Restore from” box, click Browse and browse to the location of the Windows installation files. If they were copied to the hard drive, this is, by default, C:\Windows\ Options\Cabs. You can also insert the Windows installation CD in the CD-ROM drive and browse to that location.

6. Click OK and follow the prompts.

The New Generation of Virus Hoaxes
Looking So Real That They Cause Damage

In April/May 2001, a hoax message pertaining to a file named SULFNBK.EXE propagated all over the world. Millions of email users received in their inbox an email telling them about SULFNBK.EXE and that they should delete the virus-ridden file. This led to their Accessories Folder being disabled, as SULFNBK.EXE is a Windows System file that is installed in the Windows Command folder when the Windows Operating System is installed.

This is the next generation of hoaxes, moving beyond the average “there is a new virus” panic email, SULFNBK.EXE actually managed to cause damage by getting email users to delete a Windows System file.

How to pick out a hoax 

Hoax warnings often describe viruses or Trojans with fantastic characteristics such as the suggestion they can physically melt a hard drive or pass a deadly virus through contact with the keyboard. These hoax warnings frighten users needlessly or lead to misconceptions about computer viruses.  

Although you cannot prove a warning is a hoax without checking the facts, it is possible to spot telltale signs that indicate the email in your inbox warning you against a virus is a hoax.  

A typical phrase frequently seen in the body of a virus hoax is: This is not a hoax! Another give away is  emphatic statements, the frequent use of uppercase lettering, and multiple exclamation points. Hoax warnings generally encourage users to forward the information to all their email contacts. Such messages should be read carefully, and analyzed for inconsistencies, falsehoods, or violations of common sense. Many hoaxes have nothing to do with viruses, instead they may promise the user something for free in return for forwarding the message. 

What to do if you are not sure 

Source: trend.com 21-2-2002

Easy guide to viruses

ONE OF the first things you discover after installing a computer system is that it rarely does exactly what it says on the tin. Modern PCs promise to make your business run more smoothly and provide easy access to the Internet.

Each new release of Windows promises yet more unimaginable benefits that almost allow your business to run itself.

The truth, of course, isn’t like that. Computers crash, or break, or get hacked into, or run out of disk space. And worst of all, computers catch viruses.

It’s tempting to ignore the problem and to assume that viruses only affect hobbyist PC users who spend all night on suspect websites, or mega-corporations with thousands of users accessing e-mail all day. But sadly that’s just not true.

Small and medium-sized companies get viruses too, and because they typically don’t have experts on hand to detect and remove them, it is these companies who suffer the most. Even if you catch a virus that does nothing more sinister than pop up a harmless joke on the screen, inadvertently infecting your customers with it is not exactly good for business.

Protecting your systems against viruses is one of the most important things you can do. And thankfully you don’t need to be a techno wizard to do it. You don’t even need a huge budget, as some of the most useful programs and utilities are free.

Viruses are simply computer programs, just like Microsoft Office or your favourite game. They’re written by people who enjoy causing as much havoc as possible.

By definition a virus will attempt to copy itself to other computers, and this is why they are so dangerous. Programs that cause havoc by, say, deleting important files from your hard disk, but which don’t attempt to copy themselves, are not viruses. They are known as Trojans, after the historical wooden horse that concealed a nasty surprise.

The earliest computer viruses would spread on floppy disks. Once a computer was infected, the virus code would continually monitor the floppy disk drive. Every time you loaded a diskette, the virus would copy itself to that disk. If you then gave the disk to someone else, the virus would go along for the ride.

The Internet has made disk-based viruses almost redundant. Nowadays they spread by consulting your Microsoft Outlook address book and e-mailing themselves to all of your friends and colleagues without your knowledge or permission. That means all your acquaintances receive messages which appear to come from you, containing attachments disguised as important documents or links to interesting websites. When they click on the attachment they start the virus running on their own PC, and so the virus can now spread itself to each of these people’s address books too.

So how do you avoid viruses? In theory it’s easy. To make a program do anything, you have to run it. So if you don’t run the virus program, it won’t start its cycle of damaging your PC and copying itself.

1. Start by learning to recognise probable virus-like messages, and train your less technical staff to do the same. If anyone in the company receives an unexpected e-mail, even from someone they know well, which says something like “click on this – you’ll love it!,” do nothing of the sort.

2. Send a message back, asking if the sender really meant to send that message. Until you receive a satisfactory reply, don’t click on the attachment.

3. If in any doubt, delete it and forget about it. Deleting an infected e-mail without clicking on its attachment will prevent any virus from taking hold.

On the web at www.officeupdate.com you’ll find a free program from Microsoft that prevents any program from looking up the details of everyone in your Microsoft Outlook address book. Because the only programs that tend to do such a thing are viruses, this program will help prevent many of the most common viruses from spreading. This blocking facility is also part of Office 2000 Service Pack 2 (also available free from the same site) and is fitted as standard in the new Office XP.

Microsoft Word has a built-in programming language designed to allow people to write macros to automate common tasks. This language can also be used to write viruses which will automatically run when you open the document.

If you don’t use macros, disable them by going to the Tools/Macros menu. If anyone sends you a Word document file (one ending with. doc) attachment by e-mail, don’t open it. The sender’s machine may be infected with a virus which has surreptitiously attached itself to all of the person’s document files.

Many people, myself included, have a policy of replying to the senders of attached document files and asking them to save the file in RTF format and resend it. RTF files don’t support macros, so any virus which was in the. doc file will be removed by saving as. RTF format.

The best way to keep viruses away is to use a virus scanning program. If you don’t have a virus scanner installed, buy one for every PC in the company.

Scanners work by having a built-in database of all known viruses, and can detect and remove them automatically. However, new viruses are being discovered every day so it’s crucial that you update the database of known viruses at least once a month. Once a week would be best.

Most scanners come with at least one year of updates included in the price, and applying the latest update is often as simple as letting the program connect to the Internet for a few minutes to update itself.

But virus scanners are not infallible. Because they work by having a database of known viruses, they can’t detect unknown viruses. That’s why brand-new viruses such as Melissa, the Love Bug and the recent Homepage virus managed to infect so many computers so quickly.

It was only after the scanner companies updated their databases, and users installed those updates, that the virus could be stopped from spreading further.

Modern scanners also use something called heuristics in addition to the standard virus database, which helps them look for virus-like behaviour in programs that they have never encountered before. This adds another layer of protection but is not 100% reliable so an up-to-date scanner database is still a necessity. -– ROBERT SCHIFREEN (Guardian News Service)

Virus lexicon

Malware: Software written by “computer vandals” designed to cause damage when run. Viruses and Trojans are described as malware.

Attachment: A data file such as a Word document, an Excel spreadsheet or a PowerPoint presentation which is sent by e-mail.

Office XP: The most recent version of Microsoft’s office software suite for Windows. Includes additional protection against viruses spreading via e-mail.

Virus scanner: A program that continually checks your PC and reports if a virus is detected. Scanners are also capable of removing most viruses.

Virus hoax: An e-mail that warns you of a “dangerous new virus.” The e-mail urges you to forward the warning to everyone you know. Unless you are sure that the message is genuine, resist the temptation to forward it to anyone at all.

RTF: Rich Text Format. An alternative to the Word. doc format but which doesn’t support macros and is thus immune to viruses. -- ROBERT SCHIFREEN

THESTAR 14 August 2001

A guide to viruses

WHAT is a computer virus? Very simply, the term refers to a computer program that is designed to replicate, or make a copy of, itself, spreading into the user’s system without his knowledge or permission.

A virus does not cause any damage to the system by itself, usually.

However, there is a type of malicious software or “malware,” often mislabelled as a “virus,” that can cause major damage to a system.

A malware is a program which appears to be designed for a certain purpose, but actually does something quite different. Such programs are also known as “Trojan horses” – they can get into your system by hiding within a harmless or even useful bit of code, and lay low for a while.

When activated, through a trigger that can be as nondescript as your PC’s internal clock passing a certain date, they proceed to delete important system files or format your hard disk drive.

The payload

Each virus carries a different “payload,” a term used by antivirus software companies to describe the actions that will be carried out by the virus.

The payload itself can be relatively harmless feats such as playing music files – particularly malicious ones of this breed may play the latest hit single of this week’s boyband flavour!

Others just display text messages or images – the message can range from a bad joke to profanities, the images can be a funny sketch or something quite offensive.

Other payloads delete files or may even wipe out all your data.

These days, e-mail viruses, usually delivered as executable e-mail attachments (yep, those with “.exe” extension), are very popular. Their payloads are triggered when you just click on the attachment, which immediately launches the application – in this case, the virus.

Others may be triggered on certain dates, or when your computer performs a certain task.

Viruses are classified into various types depending on their file formats and infection routines.

File infectors:

A block of code which attaches itself to another programme and is able to copy itself into subsequent applications that the user runs.

Boot-sector viruses:

Viruses that infect the part of the hard disk that is read and executed by the computer when it starts up (the boot sector).

Macro viruses:

These use another application’s macro programming to distribute themselves. They infect documents such as Microsoft Corp’s Word or Excel.

Trojan horse:

A program that performs some unexpected or unauthorised, usually malicious, action, such as displaying messages, erasing files or formatting a disk. It does not reproduce.

Worms:

A computer worm is a self-contained program (or set of programs) that can spread functional copies of itself or its segments to other computer systems. The propagation usually takes place via network connections or e-mail attachments.

Script viruses:

Written in script programming languages, such as VBScript and JavaScript. These viruses make use of Microsoft’s Windows Scripting Host to activate themselves and infect other files.

Malicious Java code:

Java applets are small, portable programs embedded in HTML pages. They run automatically when the pages are viewed.

Risk rating

An antivirus scanner uses different methods to detect infections. Some compare the unique (or signature) code of the virus with its own database.

However, as each virus can be further “developed” to produce new variant strains, the pattern-matching antivirus model database can become too huge to be downloaded to support a typical PC.

So, antivirus companies have come out with smarter scanning methods, such as using behaviour blocking and heuristic (from the Greek word means “to find”) techniques to sniff out malicious code.

Behaviour blocking does not detect viruses based on simple scan signatures, specific threats or codes. Instead, it prevents infections by stopping suspicious virus-like activities (like a sudden downgrading of your system’s overall performance).

Heuristic or content filtering software is similar to behaviour blocking software. It analyses the code in files by keeping a list of all the likely ways a programmer might code a sequence that updates or changes the system registry in a Windows PC.

The software will only report the possibility of a virus when it finds a sufficient number of identical matches (or virus-like codes). Because installing new software also affects the system registry, content filters require more criteria before declaring a piece of code malicious.

These two methods, together with pattern-matching models, give antivirus software the flexibility and firepower to play catch-up with fast-spreading and new type of viruses.

When a new virus is found, antivirus companies will rate it. Different companies and organisations have their own risk rating schemes to assess the threat posed by a virus. A particular virus may be classified “low risk” by one company, but may be classified “medium risk” by others.

Each rating is based on a number of different factors including, but not limited to, potential to spread, destructiveness of the payload, and actual number of cases reported, etc.

Safe computing

Other than installing a good antivirus software and updating it regularly, users are also encouraged to take extra precautions:

1.       Disable Windows’ scripting host. This is to prevent Visual Basic script viruses such as LoveLetter from running.

2.       Do not “Hide File Extensions of Known File Types.” All Windows operating systems, by default, hide the known file extensions in Windows Explorer. This allows PC viruses to disguise themselves as being of some other file format, such as text, video or audio files. For example, a malicious program file named “readme.-txt.exe” is displayed as “readme.txt” in Windows Explorer.

3.       Set Internet Explorer’s security level to at least “medium.”

4.       Require a prompt before opening mail attachments. Users are also advised to save files to their hard drives; you can then scan them with up-to-date antivirus software.

5.       Be wary of any attachments you receive, even if it comes from a known source. Delete chain e-mail and junk e-mail.

6.       Enable the Macro-virus warning in Office 97 and 2000.

7.       Prompt before saving changes to the global template.

8.       Apply all the latest Microsoft security updates.

9.       Back all essential data regularly.

Safe computing makes it difficult for any virus to enter or execute on your PC. However, it can never replace the functionality of an antivirus software. For more info on current PC viruses and their status, visit the website of any antivirus company.

For local information, go to National ICT and Security Emergency Response Centre website at Niser or the Malaysian Computer Emergency Response Team (MyCERT) website at MyCERT.

Index    Home