How to remove tray icons from the system tray?


Goto regedit

by Start-> Run-> regedit

goto->HKEY_CURRENT_USER->Software->microsoft->Windows->Currentversion->Policies->explorer


create a new dword value as NoTrayItemsDisplay and set it to 1


W32/Mytob.gen@MMType Virus

W32/Mytob.gen@MMType Virus

W32/Mytob.gen@MM

Type
Virus
SubType
Email Generic
Discovery Date
03/02/2005
Length
Varies
Minimum DAT
4438 (03/02/2005)
Updated DAT
5249 (03/11/2008)
Minimum Engine
5.1.00
Description Added
03/02/2005
Description Modified
05/18/2005 12:08 PM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

-- Update May 18, 2005 --
This is a generic detection for over 100 variants of Mytob. As the virus authors modify their source code and release new variants, some of them will be detected. However some variants are likely to be missed. As such the generic detection routines are likely to be modified regularly to provide more detection for these threats.

-- Update April 13, 2005 --
The Mytob author(s) have been very busy recently, releasing multiple variants a day. There are now some 96 different "versions" known to exists. Many of these are simply repackaged versions of the same binary, and most variants function in a similar fashion. The mailing routine remains much the same, while the bot functionality is evolving in-line with the Sdbot worm family. Newer variants include the FURootkit , contain an Instant Messenger worm component (detected as W32/Mytob.worm!im), and spread via LSASS and DCOM RPC vulnerabilities.

-- Update March 2 4, 2005 --
AVERT has received 3 new variants within an hour of this threat. The variants are use multiple forms of compression/encryption and detection will be added to the 4455 DAT files. Initial seeding of the files can be identified as follows, HOWEVER replicated samples can not be identified by file hash or size as the virus appends garbage to the end of the executable.

  • 55,808 bytes (MD5: 3bd3dbd1bfe64ceaba2422f70ed6a69d)
  • 54,272 bytes (MD5: a23865437b5ea46c123b880b9726a249)
  • 58,808 bytes (MD5: 8817839e27e829f38c6f2041a7b92e40)

These new variants create a file named hellmsn.exe on the root of the C:\ drive (detected as W32/Generic.e with released DAT files).
--

This detection covers multiple variants of a mass-mailing worm that combines W32/Mydoom@MM functionality with W32/Sdbot.worm functionality. The following description serves as an example of some of the variants:

The virus arrives in an email message as follows:

From: (Spoofed email sender)
Do not assume that the sender address is an indication that the sender is infected. Additionally you may receive alert messages from a mail server that you are infected, which may not be the case.

Subject: (Varies, such as)

  • Error
  • Status
  • Server Report
  • Mail Transaction Failed
  • Mail Delivery System
  • hello
  • hi

Body: (Varies, such as)

  • The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
  • The message contains Unicode characters and has been sent as a binary attachment.
  • Mail transaction failed. Partial message is available.

Attachment: (varies [.bat, .exe, .pif, .cmd, .scr] - often arrives in a ZIP archive)

  • examples (common names, but can be random)
  • doc.bat
  • document.zip
  • message.zip
  • readme.zip
  • text.pif
  • hello.cmd
  • body.scr
  • test.htm.pif
  • data.txt.exe
  • file.scr

In the case of two file extensions, multiple spaces may be inserted as well, for example:

  • document.htm (many spaces) .pif

When the attachment is run, the virus copies itself to the WINDOWS SYSTEM directory (typically c:\windows\system32) as wfdmgr.exe . Registry keys are created to load this file at startup:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\
    CurrentVersion\Run "LSA" = wfdmgr.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
    CurrentVersion\Run "LSA" = wfdmgr.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    RunServices "LSA" = wfdmgr.exe

Additional keys/values are created, which are typically associated with W32/Sdbot.worm:

  • HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa "LSA" = wfdmgr.exe
  • HKEY_CURRENT_USER\Software\Microsoft\OLE
    "LSA" = wfdmgr.exe

Symptoms

The Sdbot functionality in the worm is designed to contact the IRC server named, irc.blackcarder.net , join a specified channel, and wait for further instructions. This bot can accept commands to download and execute other programs. The bot also contains code to spread via the LSASS exploit [ http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx ]

Method of Infection

The mailing component harvests address from the local system. Files with the following extensions are targeted:

  • wab
  • adb
  • tbb
  • dbx
  • asp
  • php
  • sht
  • htm
  • txt
  • pl

The worm avoids certain address, those using the following strings:

  • .gov
  • .mil
  • abuse
  • acketst
  • arin.
  • avp
  • berkeley
  • borlan
  • bsd
  • example
  • fido
  • foo.
  • fsf.
  • gnu
  • google
  • gov.
  • hotmail
  • iana
  • ibm.com
  • icrosof
  • ietf
  • inpris
  • isc.o
  • isi.e
  • kernel
  • linux
  • math
  • mit.e
  • mozilla
  • msn.
  • mydomai
  • nodomai
  • panda
  • pgp
  • rfc-ed
  • ripe.
  • ruslis
  • secur
  • sendmail
  • sopho
  • syma
  • tanford.e
  • unix
  • usenet
  • utgers.ed

Additionally, the worm contains strings, which it uses to randomly generate, or guess, email addresses. These are prepended as user names to harvested domain names:

  • sandra
  • linda
  • julie
  • jimmy
  • jerry
  • helen
  • debby
  • claudia
  • brenda
  • anna
  • alice
  • brent
  • adam
  • ted
  • fred
  • jack
  • bill
  • stan
  • smith
  • steve
  • matt
  • dave
  • dan
  • joe
  • jane
  • bob
  • robert
  • peter
  • tom
  • ray
  • mary
  • serg
  • brian
  • jim
  • maria
  • leo
  • jose
  • andrew
  • sam
  • george
  • david
  • kevin
  • mike
  • james
  • michael
  • john
  • alex

Finally the virus sends itself via SMTP - constructing messages using its own SMTP engine. The worm guesses the recipient email server, prepending the target domain name with the following strings:

  • mx.
  • mail.
  • smtp.
  • mx1.
  • mxs.
  • mail1.
  • relay.
  • ns.

Removal

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

  • Net-Worm.Win32.Mytob (AVP)
  • W32.Mytob
  • W32/Mytob

Characteristics

Characteristics -

-- Update May 18, 2005 --
This is a generic detection for over 100 variants of Mytob. As the virus authors modify their source code and release new variants, some of them will be detected. However some variants are likely to be missed. As such the generic detection routines are likely to be modified regularly to provide more detection for these threats.

-- Update April 13, 2005 --
The Mytob author(s) have been very busy recently, releasing multiple variants a day. There are now some 96 different "versions" known to exists. Many of these are simply repackaged versions of the same binary, and most variants function in a similar fashion. The mailing routine remains much the same, while the bot functionality is evolving in-line with the Sdbot worm family. Newer variants include the FURootkit , contain an Instant Messenger worm component (detected as W32/Mytob.worm!im), and spread via LSASS and DCOM RPC vulnerabilities.

-- Update March 2 4, 2005 --
AVERT has received 3 new variants within an hour of this threat. The variants are use multiple forms of compression/encryption and detection will be added to the 4455 DAT files. Initial seeding of the files can be identified as follows, HOWEVER replicated samples can not be identified by file hash or size as the virus appends garbage to the end of the executable.

  • 55,808 bytes (MD5: 3bd3dbd1bfe64ceaba2422f70ed6a69d)
  • 54,272 bytes (MD5: a23865437b5ea46c123b880b9726a249)
  • 58,808 bytes (MD5: 8817839e27e829f38c6f2041a7b92e40)

These new variants create a file named hellmsn.exe on the root of the C:\ drive (detected as W32/Generic.e with released DAT files).
--

This detection covers multiple variants of a mass-mailing worm that combines W32/Mydoom@MM functionality with W32/Sdbot.worm functionality. The following description serves as an example of some of the variants:

The virus arrives in an email message as follows:

From: (Spoofed email sender)
Do not assume that the sender address is an indication that the sender is infected. Additionally you may receive alert messages from a mail server that you are infected, which may not be the case.

Subject: (Varies, such as)

  • Error
  • Status
  • Server Report
  • Mail Transaction Failed
  • Mail Delivery System
  • hello
  • hi

Body: (Varies, such as)

  • The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
  • The message contains Unicode characters and has been sent as a binary attachment.
  • Mail transaction failed. Partial message is available.

Attachment: (varies [.bat, .exe, .pif, .cmd, .scr] - often arrives in a ZIP archive)

  • examples (common names, but can be random)
  • doc.bat
  • document.zip
  • message.zip
  • readme.zip
  • text.pif
  • hello.cmd
  • body.scr
  • test.htm.pif
  • data.txt.exe
  • file.scr

In the case of two file extensions, multiple spaces may be inserted as well, for example:

  • document.htm (many spaces) .pif

When the attachment is run, the virus copies itself to the WINDOWS SYSTEM directory (typically c:\windows\system32) as wfdmgr.exe . Registry keys are created to load this file at startup:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\
    CurrentVersion\Run "LSA" = wfdmgr.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
    CurrentVersion\Run "LSA" = wfdmgr.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    RunServices "LSA" = wfdmgr.exe

Additional keys/values are created, which are typically associated with W32/Sdbot.worm:

  • HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa "LSA" = wfdmgr.exe
  • HKEY_CURRENT_USER\Software\Microsoft\OLE
    "LSA" = wfdmgr.exe

Symptoms

Symptoms -

The Sdbot functionality in the worm is designed to contact the IRC server named, irc.blackcarder.net , join a specified channel, and wait for further instructions. This bot can accept commands to download and execute other programs. The bot also contains code to spread via the LSASS exploit [ http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx ]

Method of Infection

Method of Infection -

The mailing component harvests address from the local system. Files with the following extensions are targeted:

  • wab
  • adb
  • tbb
  • dbx
  • asp
  • php
  • sht
  • htm
  • txt
  • pl

The worm avoids certain address, those using the following strings:

  • .gov
  • .mil
  • abuse
  • acketst
  • arin.
  • avp
  • berkeley
  • borlan
  • bsd
  • example
  • fido
  • foo.
  • fsf.
  • gnu
  • google
  • gov.
  • hotmail
  • iana
  • ibm.com
  • icrosof
  • ietf
  • inpris
  • isc.o
  • isi.e
  • kernel
  • linux
  • math
  • mit.e
  • mozilla
  • msn.
  • mydomai
  • nodomai
  • panda
  • pgp
  • rfc-ed
  • ripe.
  • ruslis
  • secur
  • sendmail
  • sopho
  • syma
  • tanford.e
  • unix
  • usenet
  • utgers.ed

Additionally, the worm contains strings, which it uses to randomly generate, or guess, email addresses. These are prepended as user names to harvested domain names:

  • sandra
  • linda
  • julie
  • jimmy
  • jerry
  • helen
  • debby
  • claudia
  • brenda
  • anna
  • alice
  • brent
  • adam
  • ted
  • fred
  • jack
  • bill
  • stan
  • smith
  • steve
  • matt
  • dave
  • dan
  • joe
  • jane
  • bob
  • robert
  • peter
  • tom
  • ray
  • mary
  • serg
  • brian
  • jim
  • maria
  • leo
  • jose
  • andrew
  • sam
  • george
  • david
  • kevin
  • mike
  • james
  • michael
  • john
  • alex

Finally the virus sends itself via SMTP - constructing messages using its own SMTP engine. The worm guesses the recipient email server, prepending the target domain name with the following strings:

  • mx.
  • mail.
  • smtp.
  • mx1.
  • mxs.
  • mail1.
  • relay.
  • ns.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

You may be a victim of software counterfeiting.

Microsoft has finally activated the most aggressive part of their Windows Genuine Advantage program -- active notifications.

After downloading the latest Windows updates, if your Windows cd-key doesn't validate against Microsoft's online database of cd-keys, you may be greeted with this unpleasant five-second mandatory delay dialog at the login page:

This copy of Windows is not genuine. You may be a victim of software counterfeiting. This copy of Windows is not genuine and is not eligible to receive the full range of upgrades and product support from Microsoft.

On top of that, you get a repeating balloon notification that nags you periodically while you use the operating system:

You may be a victim of software counterfeiting. This copy of Windows is not genuine. Click this balloon to resolve now.

The warnings also get more dire as time progresses:



This copy of Windows is not genuine and you have not resolved the issue. This computer is no longer eligible to receive select security upgrades from Microsoft. To protect your computer, you must click Get Genuine now.

The language here is a little misleading. Microsoft is socially obligated to provide critical security updates to pirated machines. Otherwise those vulnerable machines will eventually be compromised and potentially used in denial of service attacks and other nefarious schemes. Microsoft does provide so-called "critical" updates to all Windows machines, regardless of whether or not they're genuine.

This is all courtesy of the mandatory "Windows Genuine Advantage Notification" service that is being delivered now through Windows Update. This isn't just a service you can disable, or a process you can kill in task manager, either. You'll have to install some kind of questionable third-party hack to get around it.

I suppose it's only malware if you're a pirate. What's a poor, beleaguered user to do? Microsoft offers five options:

  1. Purchase a valid Windows XP cd-key online from Microsoft.
  2. If you can produce high-quality counterfeit media, along with a proof of purchase, you can get a free replacement key from Microsoft.
  3. Contact your reseller for redress.
  4. Purchase Windows XP from a local OEM reseller.
  5. Purchase Windows XP at a retail location.

Notice the word "Purchase" appears in three of those five options. There's almost no way to finagle a free cd-key out of this.

Recover from a Corrupted Registry in Windows XP

When Will This Recovery Work?You'll want to use the steps on this page to recover from a corrupted registry when you have already tried other options such as System Restore and you receive a message similar to one of the following when you try to boot your computer with Windows XP.*
Windows XP could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM* Windows XP could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SOFTWARE* Stop: c0000218 {Registry File Failure}
The registry cannot load the hive (file): \SystemRoot\System32\Config\SOFTWARE or its log or alternate * System error: Lsass.exeWhen trying to update a password the return status indicates that the value provided as the current password is not correct.
Be careful using this procedure in other circumstances or with an OEM version of Windows XP since OEM installations create passwords and user accounts that did not exist previously and may cause you not to be able to log into the Recovery Console to restore files. Booting into the Recovery ConsoleYou'll need to use the Windows XP Recovery Console to fix a corrupted registry, this will either require you to boot from a Windows XP Installation CD or boot directly to the Recovery Console if its installed. Follow these steps to boot into the Recovery Console from a Windows XP Installation CD.
1) Place your Windows XP in the CD-ROM Drive
2) Restart your computer and make sure your BIOS is set to boot from CD
3) When you see the following command press the space bar."press any key to boot from cd...
"4) Wait until you see the "Welcome to Setup" screen, and press R to start the Recovery Console
5) Choose which Windows installation you wish to load (this is usually #1 unless you have a multi-boot system)
6) Type the administrator password and Press Enter
7) You should now be at the C:\Windows> promptCopy Repair Files Using the Recovery ConsoleThis procedure assumes Windows is installed on Drive C, if you have installed Windows on another drive, please substitute the appropriate drive letter in the procedure below.At the Recovery Console command prompt, type the following lines, pressing ENTER after you type each line:md tmpcopy c:\windows\system32\config\system c:\windows\tmp\system.bakcopy c:\windows\system32\config\software c:\windows\tmp\software.bakcopy c:\windows\system32\config\sam c:\windows\tmp\sam.bakcopy c:\windows\system32\config\security c:\windows\tmp\security.bakcopy c:\windows\system32\config\default c:\windows\tmp\default.bakdelete c:\windows\system32\config\systemdelete c:\windows\system32\config\softwaredelete c:\windows\system32\config\samdelete c:\windows\system32\config\securitydelete c:\windows\system32\config\defaultcopy c:\windows\repair\system c:\windows\system32\config\systemcopy c:\windows\repair\software c:\windows\system32\config\softwarecopy c:\windows\repair\sam c:\windows\system32\config\samcopy c:\windows\repair\security c:\windows\system32\config\securitycopy c:\windows\repair\default c:\windows\system32\config\defaultType exit to quit Recovery Console.
Your computer will restart, press F8 as it starts and choose Safe Mode.Restart in Safe Mode and Find a Recent Snapshot BackupRestart your computer in Safe Mode by pressing F8 during the initial bootup and choosing Safe Mode.
Once in Safe Mode, you need to make sure the files and folders are visible so you can access them.
Follow these instructions to accomplish this.
1. Open My Computer
2. Click on the Tools menu, then click Folder Options.
3. Click the View tab.
4. Under Hidden files and folders, click to select Show hidden files and folders, and then click to clear the Hide protected operating system files (Recommended) check box.
5. Click Yes when the dialog box that confirms that you want to display these files appears.In My Computer, Double-click the drive where you installed Windows XP (usually Drive C) to display a list of the folders. then double-click on the "System Volume Information" folder. This folder contains the system restore points stored on your computer. The folders will look similar to_restore{EE42BEB8-700A-495F-8004-53D26C2E12C5}You might receive an access denied error message similar to the following when trying to access the System Volume Information folder.C:\System Volume Information is not accessible. Access is denied.This is generally caused because the user you are logged in under does not have permissions set on the folder.
To fix this, follow the instructions in the Microsoft Knowledge Base article 309531 to gain access and continue.
Each version of Windows XP is different on how to change these permissions.Once you have access to the snapshots, use the instructions below to copy one of the latest snapshots to the Windows\TMP directory so you have access to it.
1) In the System Volume Information Folder, click on View, and then click Details to display the date of each snapshot folder.
2) Double-click on a folder that was not created at the current time but rather before the problem started.
3) Double-click on the Snapshot subfolder
4) Using your normal windows copy and paste techniques, highlight the following files and copy them into the C:\Windows\TMP folder* _REGISTRY_USER_.DEFAULT* _REGISTRY_MACHINE_SECURITY * _REGISTRY_MACHINE_SOFTWARE * _REGISTRY_MACHINE_SYSTEM * _REGISTRY_MACHINE_SAM
5) Rename the files that you just copied into the C:\Windows\TMP folder by right-clicking on each filename and choosing Rename, then typing the new name. Repeat this for each file in the list below.
* Rename _REGISTRY_USER_.DEFAULT to DEFAULT* Rename _REGISTRY_MACHINE_SECURITY to SECURITY * Rename _REGISTRY_MACHINE_SOFTWARE to SOFTWARE * Rename _REGISTRY_MACHINE_SYSTEM to SYSTEM * Rename _REGISTRY_MACHINE_SAM to SAM
6) Once you have renamed the files, restart your computer again with the Recovery Console (refer to the instructions above to do this)Replace the Repair Files with a Current Backup of the RegistryAfter rebooting the computer and starting the Recovery Console again, type the following commands at the prompt to replace the files with a current backup. You'll need to press Enter after each command.del c:\windows\system32\config\samdel c:\windows\system32\config\securitydel c:\windows\system32\config\softwaredel c:\windows\system32\config\defaultdel c:\windows\system32\config\systemcopy c:\windows\tmp\software c:\windows\system32\config\softwarecopy c:\windows\tmp\system c:\windows\system32\config\systemcopy c:\windows\tmp\sam c:\windows\system32\config\samcopy c:\windows\tmp\security c:\windows\system32\config\securitycopy c:\windows\tmp\default c:\windows\system32\config\defaultAfter the files have been replaced, type EXIT at the command prompt to restart Windows in normal mode.
Use System Restore to Return to a Good Backup PointBecause there is more to a System Restore than just the registry files, follow these steps to restore your computer to a good backup point.
1. Click Start, and then click All Programs.
2. Click Accessories, and then click System Tools.
3. Click System Restore, and then click Restore to a previous Restore Point and finish the restore.

SMASH Virus?

What is the SMASH Virus?
This virus launches on the 14th day of the month. As of July 13th, 2000 it has not been found in the wild so the threat is very low. However, the presentation of the virus and the level of destruction warrants discussing the virus. When the current system day is 14 and the month is greater than or equal to 6 (June), the virus activates.

The next time the computer starts, the system displays a Windows Blue Screen, commonly referred to as the Blue Screen of Death (BSOD).
This screen contains the following message and hangs the system:
"Virus Warning!Virus name is 'SMASH', project D version 0x0A.Created and compiled by Domitor.Seems like your bad dream comes true..."
The virus uses low-level system calls that are made directly to BIOS memory to activate it.
What damage does the Virus cause?
After the blue screen is displayed, the computer freezes.

The SMASH virus preys upon human reactions to activate the virus. The malicious code will only activate once the computer is rebooted after freezing. Since most computer users would press any key or try to reboot the computer after receiving the blue screen, they unwittingly cause the virus to activate.
Since the virus overwrites part of the IO.SYS file, the system hangs upon a reboot and displays the message "Formatting hard disk". It then formats the hard drive destroying all data.
How to Avoid the SMASH Virus
Since the virus is nearly impossible to stop once it has been activated, the only precautions one can take are to update their virus signatures and scan their system regularly.

Although it hasn't been seen in the wild and is a low risk virus, the possiblity of a virus attacking a computer in this way has now been proven. So, most likely there will be more viruses of this type in the future.

Cleaning the USB Drive infected with heap41a virus

Cleaning the USB Drive infected with heap41a virus

1. Before inserting the USB Drive please disable autorun to prevent the virus from infecting your computer again.
How to Disable USB Drive to autorun (Windows XP):

a. Open Windows Explorer or press the Windows + “e” key.

b. Right-click the drive of the USB Drive. Then select Properties. Drive Properties will appear.

c. Select the AutoPlay tab.

d. Choose Select an Action to Performe. At the bottom of the selection, click Take no Action, then click Apply.

f. Click OK to exit Drive Properties







By far the most common shut down problem is that the system will reboot rather than shutting down. In most cases, the reboot is triggered because Windows XP is designed to reboot after a critical failure. To put it simply, if something were to go wrong during the shut down sequence, Windows may interpret the problem as a crash, and reboot the system as a result.
If you just want to band-aid the problem, you can disable the restart on system failure setting. To do so, right click on My Computer and select the Properties command from the resulting shortcut menu. When you do, you will see the System Properties sheet.



Click the Advanced tab and click the Settings button found in the Startup and Recovery section. Finally, deselect the Automatically Restart check box, shown in Figure A, and click OK.
Figure A: The Automatically Restart check box allows Windows to automatically reboot after a failure
The technique that I have just shown you will prevent the system from rebooting itself, but it still doesn’t get rid of the root cause of the problem. There are several known causes of Windows shutdown problems.
Roxio Easy CD Creator
One of the most common causes of Windows shut down problems is a bug in Roxio’s Easy CD Creator (particularly version 5). Roxio does have a patch available at http://www.roxio.com/en/support/ecdc/software_updatesv5_2.jhtml Keep in mind though that the patch has been known to disable Roxio’s Take Two backup software that came with Easy CD Creator 5 Platinum.



You should also keep in mind that version 5 is an old version that Roxio no longer supports. The current version is Easy Media Creator 7.



If you suspect that Easy CD Creator may be causing your problem, then I recommend upgrading to a newer version rather than patching an old version.
Wake On
Another common cause of system restarts is the Wake On setting.



The Wake On setting allows a computer to be automatically booted if it receives LAN packets intended for it, or if the modem line rings. Typically, the Wake on LAN settings would be adjusted through your computer’s BIOS setting. If you have checked the BIOS though and the Wake On LAN setting is disabled, it is possible that Windows might be responsible for waking the system up. To find out, open the Device Manager and locate your system’s network card. Right click on the card and select the Properties command from the resulting shortcut menu. When you do, you will see the network card’s properties sheet. Now, select the Power Management tab and verify that the Allow This Device To Bring The Computer Out Of Standby option is deselected, as shown in Figure B.
Figure B: Certain types of network traffic can wake a computer up
Hardware Issues
Another common cause of reboots during shutdown are minor hardware incompatibilities. Microsoft maintains a hardware compatibility list for Windows XP. Only hardware appearing on the list is guaranteed to be 100% compatible with Windows XP. Even so, most people don’t pay any attention to the hardware compatibility list. Most of the time, minor hardware issues go unnoticed, but they can manifest themselves in the form of reboots during shutdown.
Unfortunately, I can’t possibly tell you every piece of hardware out there that’s known to cauyse reboot problems. What I can tell you though is that pariphrial devices are especially notorious for causing the problems. This is especially true of high end keyboards and mice with lots of extra features, and of various USB devices. I have even heard of cases in which USB devices would cause the reboot problem if they were plugged directly into the system’s USB port, but the problem would go away if the devices were plugged into a USB hub instead.
Unfortunately there is no quick fix to minor hardware compatibility issues. If you think that your system’s hardware may be to blame then you will have to use trial and error to locate the offending device (or devices).
I recommend starting by unplugging any external devices. If you have a high end keyboard or mouse, then temporarily replace your keyboard and mouse with a generic set. Now boot the computer up and try to shut it down. If the system shuts down properly, then one of the devices that you disconnected was causing the problem. If the system does not shut down properly, then I recommend leaving those devices disconnected during the rest of the testing for the purpose of simplifying the system’s configuration.
The next thing that I recommend doing is to open the device manager and make note of the make and model of your system’s major hardware components. Specifically, you should pay attention to things like network cards, video cards, sound cards, and modems. After you have documented the make and model of each device, then turn off and unplug your computer. At this point, you should remove the computer’s case and verify that the hardware listed in the device manager is what’s actually in your system. Windows XP is notorious for misidentifying hardware devices. For example, I recently helped a friend install Windows onto a new computer. Windows identified his system as having a D-Link network card. When I couldn’t get the card to function, I removed the case and realized that his system actually had a Net Gear card instead.
After you have verified that the hardware listed in the device manager is what’s actually in your system, then I recommend putting your computer back together and going online. I recommend visiting each hardware manufacturer’s Web site and downloading the latest driver for the corresponding hardware device. Hardware manufacturers frequently revise drivers when bugs are discovered. While you are at it, try visiting the Web site for your system’s motherboard manufacturer. It could be that an updated BIOS is available.
Extremely Slow Shutdown
Probably the second most common shut down problem for Windows XP is that the shut down takes an excessive amount of time to complete. To understand why this happens, you must remember that the Windows operating system is not a single program, but rather a collection of individual services. Each of these services must be stopped during shut down. Therefore, a glitch related to any one of the services may prolong the shut down process or cause the shut down process to fail completely.
Many people have claimed that the Nvidia Driver Helper Service (used with Nvidia video cards) causes extremely slow shut downs. However, this is one of those cases in which an updated video driver usually solves the problem. Other people have mentioned that disabling the terminal services greatly expedites the shut down process. The Terminal Services are used for remote assistance, remote desktop, and fast user switching. If you do not use any of these features, then the Terminal Services can be safely disabled. You can access the services console by entering the SERVICES.MSC command at the Run prompt.
Another potential cause of slow system shut downs is that Windows contains an option to erase the system’s virtual memory and system hibernation cache at shut down. These security features are disabled by default because they take a long time to complete, and cause the system shutdown to look like it has frozen. Although these features are disabled by default, some privacy software will enable it.
To determine whether or not these features are enabled on your PC, enter the GPEDIT.MSC command at the Run prompt to load the Group Policy Editor.
Now, navigate through the console tree to Computer Configuration Windows Settings Security Settings Local Policies Security Options. At this point, locate the Shutdown: Clear Virtual Memory Pagefile option in the column to the right and verify that it is disabled, as shown in . If this option is enabled, you can disable it by double clicking on the setting and choosing the Disabled option.
Clearing the virtual memory file during shut down takes a lot of time.

RAM Choosing!!!!


Random Access Memory (RAM) is the workhorse behind the performance of your computer. RAM temporarily stores information from your operating system, applications, and data in current use. This gives your processor easy access to the critical information that makes your programs run. The amount of RAM you have determines how many programs can be executed at one time and how much data can be readily available to a program.

It also determines how quickly your applications perform and how many applications you can easily toggle between at one time. Simply put, the more RAM you have, the more programs you can run smoothly and simultaneously.

If you want to upgrade your computer, you will have to know which memory you already use. There is two ways:
the first one is to use a program who will check the memory and determines what kind of memory you have.
The second one, the one I recommand, is to open your computer case and read on your memory to know what kind it is.
I recommand the second way because the program often make mistakes. By checking by yourself, you will also be able to view if there's a slot available for a new memory. Let your case open and you'll be ready to install it!! Why don't open the computer case BEFORE adding memory? You will have to do it anyway during the process!!
Be sure to buy the right memory... There's DDR, DDR2, DDR-SDRAM, DDR-200, DDR-266, DDR-333, DDR-400, etc, etc, etc... If you want the best performance from your computer, don't mix memory!
Follow this rules and your computer will thank you!






How to Turn off Security Alert Notifications
Open the Control Panel
Double-click on the Security Center icon
Click on the option "Change the way Security Center alerts me"
Uncheck the alert settings boxes you wish and click Ok



Windows XP SP2 added the security center to monitor firewall, automatic updates, and antivirus settings and to warn users when there is a problem.





This is a good idea for the most part, since it gives a visual warning to the user when their antivirus or firewall have been disabled or changed.





However, what if your computer doesnt connect to the internet often enough to update your antivirus, or if you have purposely turned off the Automatic Updates feature.





Maybe you dont want Windows to warn you each time you restart your computer or modify something.

I have had several instances where the Windows XP SP2 Security Alert balloons were more of a nuisance than anything else.

How to Fix "Click to Run an ActiveX Control on this webpage"


How to Fix "Click to Run an ActiveX Control on this webpage

PromptAre you receiving a windows prompt asking you to "click to run an ActiveX control on this webpage"?

If so, here why you are receiving it and how to fix it. The change was included in a recent Windows update because of a patent infringement lawsuit between Eolas Technologies and the Regents of the University of California v. Microsoft.

Because of this lawsuit, Microsoft is changing the way Internet Explorer handles ActiveX controls.

These changes will be in Internet Explorer 7.

However, to allow developers a chance to change their code. The change was included in the April Security update (KB912812). This is why you are receiving the following prompt when visiting some ActiveX web pages.How to Correct this Problem1)

Download the following Compatibility Patch to revert the IE Active X Control Behaviorhttp://www.microsoft.com/downloads/details.aspx?familyid=B7D9801B-4FB5-492E-903E-3400ABF1D731&displaylang=en2)

Install it and reboot your computer

Try the webpage you were receiving the prompt onThis should fix the issue for the time being, however when IE 7 is released this prompt will appear on web pages that have not changed the way they handle ActiveX components.

svchost.exe silly errors

I came across a new virus that have been spreadig through usb drives.The malware is known as w32.USBWorm.
Once affected you get the message “I Dnt hate Mozilla but use IE or Else..." This virus also shows error messages when you open youtube..It shows youtube IS BANNEDyoutube is banned you fool,The administrators didnt write this program guess who did??MUHAHAHA!!"Orkut is banned you fool,The administrators didnt write this program guess who did??MUHAHAHA!!"and it also plays an audio clip of evil laughter..This is a silly virus.
To get rid of this you just have to delete the virus file.To do that follow these steps
1)Go to Task Manager (Press Ctrl+Alt+Del)
2)Goto Processes Tab
3)End all processes with the name svchost.exe (only those with your user name to its right)
4)Note that you shouldn't end the system process svchost.exe(the SYSTEM process)
5)Goto Start>Run
6)Type in regedit and click OK
7)Navigate to HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ Folder\Hidden\SHOWALL and on the right pane doubleclick CheckedValue and change it back to
18)Now navigate to HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run and delete the winlogon key on the right pane
9)Now close regedit and searh your computer for a file named svchost.exe (enable Search hidden files and folders)
10)You will see a file with a green H icon in the search result(There will be another svchost.exe file in system32. Ignore it.Its a system file.)
11)Open that file location and delete the the folder that contained this file.
13)Now the virus is gone.This type of virus spreads through usbdrives(Which automatically runs the virus file.)To stop such infections you can disable the autorun feature.

false HTTP 404 error on the browser


The 404 or Not Found error message is a HTTP standard response code indicating that the client was able to communicate with the server but either the server could not find what was requested, or it was configured not to fulfill the request and not reveal the reason why. 404 errors should not be confused with "server not found" or similar errors, in which a connection to the destination server cannot be made at all.

When communicating via HTTP, a server is required to respond to a request, such as a web browser's request for an HTML document (web page), with a numeric response code and an email-like MIME message. In the code 404, the first "4" indicates a client error, such as a mistyped URL. The following two digits indicate the specific error encountered. HTTP's use of three-digit codes is similar to the use of such codes in earlier protocols such as FTP and NNTP.
At the HTTP level, a 404 response code is followed by a human-readable "reason phrase". The HTTP specification suggests the phrase "Not Found"[1] and many web servers by default issue an HTML page that includes both the 404 code and the "Not Found" phrase. Webservers can typically be configured to display a more natural description, a branded page or sometimes a search form, but the protocol level phrase, which is hidden from the user, is rarely customized.
Internet Explorer (before Internet Explorer 7[citation needed]), however, will not display custom pages unless they are larger than 512 bytes, opting to instead display a "friendly" error page. This default behaviour can be changed under Tools Internet Options by clicking on the Advanced tab and un-checking the "Show friendly HTTP error messages" check box.
A 404 error is often returned when pages have been moved or deleted. In the first case, a better response is to return a 301 Moved Permanently response, which can be configured in most server configuration files, or through URL rewriting; in the second case, a 410 Gone should be returned. Because these two options require special server configuration, most websites do not make use of them.
404 errors are often confused with DNS errors, which appear when the given URL refers to a webserver which does not exist. These are not 404 errors, which are always returned by a webserver.
False 404 errors
Some websites report a "not found" error by returning a standard web page with a "200 OK" response code; this is called a soft 404. Soft 404s are problematic for automated methods of discovering whether a link is broken.
Some proxy servers generate a 404 error when the remote host is not present, rather than returning lower level errors such as hostname lookup failing, or "connection refused". This can confuse programs that expect and act on specific responses -they can no longer easily distinguish between an absent web server and a missing web page on a web server that is present.


In July 2004, the UK telecom provider BT Group deployed the Cleanfeed content blocking system, which returns a 404 error to any request for content identified as illegal by the Internet Watch Foundation. Governments that censor the Internet also often return a fake 404 error when a user tries to access a blocked website



internet.exe what is it?

Description
internet.exe is a process which is registered as the W32.Mytob.LM@mm Worm. This virus is distributed via the Internet through e-mail and comes in the form of an e-mail message, in the hopes that you open its hostile attachment. The worm has its own SMTP engine which means it gathers E-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data. This process is a security risk and should be removed from your system.

Disable and Remove internet.exe IMMEDIATELY. This process is most likely a virus or trojan.

Part of:
W32.Mytob.LM@mm
Common Path(s):%windir%\internet.exe

SAS Window: Winlogon.exe Error

When you start Windows NT and you log on, the following error message may appear:
Error: SAS Window: Winlogon.exeThere is no disk in the drive. Please insert a disk into drive A:
CAUSE:

Systems that have bootable CD-ROMs and Award BIOS with a date code prior to September 25, 1996 may experience this problem. The Award BIOSes with release dates prior to September 25, 1996 enable bootable CD-ROM support by using floppy and hard disk emulation. Windows NT 4.0 does not support emulation mode CD-ROM booting.

RESOLUTION:
Disable the bootable CD-ROM functionality of the system BIOS or of the SCSI controller BIOS. To disable the bootable CD-ROM support of the Award BIOS:
1.Restart the system.
2.Press the DEL key to enter the BIOS Setup menu.
3.Move the cursor to BIOS Feature Setup and press the Enter key.
4.Click BOOT Sequence.
5.Change the boot sequence so that the CD-ROM appears after the hard disk drive.

how to enable folder options in tools or control panel?










run gpedit.msc
go with
User configuration > Administrator Templates >windows explorer>Remove the folder option menu item from the tool menu > disable it now it works fine

How to Fix SVCHOST.EXE Application Error 0x745f2780

Windows XP Professional with a password set for the main administrator account.

when computer is on and it came up to the user login screen. They were presented with this SVCHOST.EXE error message. The only options the error message allows are to click OK to terminate the program or click Cancel to debug the program.

After asking several questions about what they did before turning the computer off, it became apparent that Windows Update had run before the computer was shut down.Interestingly enough, even starting the computer in Safe Mode produced the same error. While the event log in Windows XP indicates the faulting application is truly svchost.exe.
How to Repair this SVCHOST.EXE errorAfter some investigating into the 0X745f2780 SVCHOST error, it became apparent the problem is a corrupted Windows Update in Windows XP.

Follow the steps below to fix this error.Verify Windows Update Service Settings
Click on Start, Run and type the following command in the open box and click OKservices.msc
Find the Automatic Updates service and double-click on it.
Click on the Log On Tab and make sure the "Local System Account" is selected as the logon account and the box for "allow service to interact with desktop" is UNCHECKED.
Under the Hardware Profile section in the Log On Tab, make sure the service is enabled.
On the General Tab, the Startup Type should be Automatic, if not, drop the box down and select Automatic.
Under "Service Status" on the General tab, the service should be Started, click the Start button enable it.
Repeat the steps above for the service "Background Intelligent Transfer Service (BITS)" Re-Register Windows Update DLLs
Click on Start, Run, and type CMD and click ok
In the black command window type the following command and press EnterREGSVR32 WUAPI.DLL
Wait until you receive the "DllRegisterServer in WUAPI.DLL succeeded" message and click OK
Repeat the last two steps above for each of the following commands:REGSVR32 WUAUENG.DLLREGSVR32 WUAUENG1.DLLREGSVR32 ATL.DLLREGSVR32 WUCLTUI.DLLREGSVR32 WUPS.DLLREGSVR32 WUPS2.DLLREGSVR32 WUWEB.DLLRemove Corrupted Windows Update Files
At the command prompt, type the following command and press Enternet stop WuAuServ
Still at the command prompt, type cd %windir% and press Enter
In the opened folder, type the following command and press Enter to rename the SoftwareDistribution Folderren SoftwareDistribution SD_OLD
Restart the Windows Update Service by typing the following at the command promptnet start WuAuServ
type Exit and Press Enter to close the command prompt Reboot Windows
click on Start, Shut Down, and Restart to reboot Windows XP Although this method may not solve all of the issues with a SVCHOST.EXE Application error, I have found it fixed the problem with the 0x745f2780 reference error. Other Issues with SVCHOST.EXEI've encountered other issues with SVCHOST taking up 100% of the CPU Cycles. These issues are usually experienced with Windows Update in some form or another. To fix this frustrating problem, following these steps:

1) Download and install Update for Windows XP (KB927891)

2) Download and install an update for Windows Update Agent WSUS 3.0

3) Restart your computer and your computer should run better with slowing to a crawl because of SVCHOST.EXE

Windows Update Error 0x80070420

If you have Windows XP and are receiving the Windows Update Error 0x80070420, please follow the steps below to solve it.
First, Check to see if you have Windows Installer 3.1 installed on your computer. To do this follow these steps:
1) Click on Start, Control Panel2) Double-click on Add/Remove Programs3) Search your Program List for the program Windows Installer 3.1
4) If you find it there, click on Remove to uninstall it. Then reboot your computer. If it is not there proceed to step 5.
5) Click on the following link to Microsoft's Download Center to download Windows Installer 3.1
http://www.microsoft.com/downloads/details.aspx?familyid=889482fc-5f56-4a38-b838-de776fd4138c&displaylang=en
6) Install Windows Installer 3.1 and reboot your computer
7) Go to Windows Update and try to download the updates again.
Note: sometimes you may also receive this error if Windows XP has not been activated. To read about How to Activate Windows XP, click on the following support article from Microsoft.
http://support.microsoft.com/?kbid=307890

How to fix Code 39 error for CD/DVD ROMS of WINDOWS XP

Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Because of this error, the drive did not show up in My Computer and the customer was unable to burn CDs or read any CDs.
so obviously it appeared to be a registry issue .
If you are receiving this Code 39 error and your CD or DVD drive is missing and has a yellow exclamation mark in Device Manager, I hope this information is useful.
To solve this Code 39 error, follow these instructions:
NOTE: After removing these registry keys and rebooting, it may be necessary to reinstall any CD or DVD recording applications.
1) Close all open programs
2) Click on Start, Run, and type REGEDIT and press Enter
3) Click on the plus signs (+) next to the following folders
HKEY_LOCAL_MACHINE
SYSTEM
CurrentControlSet
Control
Class
{4D36E965-E325-11CE-BFC1-08002BE10318} 4) This folder is the DVD/CD-ROM Drive Class Description in the registry. Look for any of the following names in the right hand column.
UpperFilters
LowerFilters
UpperFilters.bak
LowerFilters.bak
5) If any of the above keys shown in step 4 are listed, right-click on them and choose Delete
6) After deleting the keys, close the Registry Editor
7) Reboot your computer
8) Open My Computer and check to see if your CD or DVD drives have returned. You may also want to open Device Manager and verify that the yellow exclamation and error code on the CD or DVD drive is gone.Another possible CD/DVD issue you may want to investigate

SendTo folder option on right click on a particular item

SendTo folder option on right click on a particular item
How to create Sendto option in right click option on an itemIf you own Windows ME, 2000, or XP, the absolute easiest way to access the SendTo folder for the current user logged in is to:Click Start -> Run.Type in "sendto" (no quotes) and press Enter.

An Explorer window will appear; simply drag and drop shortcut icons over and they will appear in the SendTo dialogue menu when you right-click an object.

For Windows 95 and 98, the SendTo folder location is located at C:\Windows\SendTo.Side note: not all objects (shortcut to programs) will work with SendTo.

Only objects that accept some sort of input (such as a shortcut to MS Word, notepad, a folder, or drive letter), will work.

Error, "The Temp folder is on a drive that is full..."

Error, "The Temp folder is on a drive that is full..."
Error, "The Temp folder is on a drive that is full..." when installing Acrobat 8 trial or Adobe Reader 8 (Windows Vista)When you install Adobe Reader 8 on Windows Vista you see the error message, "The Temp folder is on a drive that is full or is inaccessible.
Free up space on the drive or verify that you have write permission on the Temp folder."ReasonYou have turned off User Account Control or you are logged in using the default administrator account.
SolutionDo one of the following solutions:
Solution 1: Enable User Account Control.In Control Panels, choose User Accounts. Click "Turn User Account Control on or off". Check the box to "Use User Account Control (UAC) to help protect your computer" and then click OK. Restart your computer. Install Adobe Reader 8.Note: You can turn off User Account Control after you successfully install Adobe Reader.
Solution 2: Run the installer in XP Compatibility Mode.Download the Adobe Reader installer from the Adobe website. When you are prompted to run or save the file, choose save.
Save the file to your desktop.
On the Desktop, right-click the AdbeRdr80_en_US file and then choose Properties.
Click the Compatibility tab.
Under Compatibility Mode, check Run this program in compatibility mode for: and choose Windows XP (Service Pack 2) from the drop down list.
Click Apply, then click OK to close the Properties window Double-click the AdbeRdr80_en_US file and continue with the installation.
Additional Information Acrobat trial and Adobe Reader use NetOpsystems Nosso optimizer to ensure the download files are not corrupted. This utility extracts the contents to the user temporary folder. Microsoft Windows Vista, with User Account Control disabled, does not allow write and execute access to the %TEMP% folder.

What is alg.exe?

What is alg.exe?
1)It is a process belonging to Microsoft Windows Operating System.
2)It is a core process for Microsoft Windows Internet Connection sharing and Internet connection firewall.
3)This program is important for the stable and secure running of your computer and should not be terminated.
4)Application Layer Gateway Service (alg)5)Application Layer Gateway service is a component of of Windows OS. It is required if you use a 3rd party firewall or Internet Connection Sharing (ICS) to connect to the internet. Do not end this program in task manager - you will lose all internet connectivity until next restart or login. LOCATION: The alg.exe file is located in the folder C:\Windows\System32.
In other cases, alg.exe is a virus, spyware, trojan or worm! Check this with Security Task Manager.

Where are all the install files located on a Windows XP install CD?

Where are all the install files located on a Windows XP install CD?
1. i386
2. Windows
3. Winnt
4. Instwinfile
5. Windows_XP

What command switch do you need with SFC.exe in order to scan your system?

What command switch do you need with SFC.exe in order to scan your system?
1. /Scan
2. /Checknow
3. /C
4. /S
5. Scannow

Answer: 5

Cannot Access Regedit, How to Fix It?


Cannot Access Regedit, How to Fix It?

Many times when working on a computer that has been infected with a virus, trojan, or piece of spyware I find myself with my most important command, Regedit, the Windows Registry Editor being disabled. Virus creators like to disable the Registry Editor so it makes solving the problem and removing the issue difficult.Sometimes administrators in IT departments may place restrictions on using the regedit command to keep employees from changes things on company computers, but viruses and other issues may also try to disable it.Listed below you will find the different ways to enable regedit, the Registry Editor. First we'll begin with the method that appears to work the best.

Method 1 - Enabling the Registry with VBScriptDoug Knox, a Microsoft Most Valuable Professional, has created a VBScript that enables or disables the Registry Editor based on the following location in the registry. Of course, since the registry editor is disabled, you can't change it manually, so Doug wrote a Visual Basic Script to accomplish the task.

HKey_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\System\Visit Doug's page and download Registry Tools VBScript to your desktop, double-click on it to run it, then reboot your computer and try to open the Registry Editor.If this fix didn't solve your problem, try method two shown below.

Method 2: Use Symantec's tool to reset shell\open\command registry keysSometimes worms and trojans will make changes to the shell\open\command registry entries as part of their infections. This will cause the virus to run each time you try to run an .exe file such as the Registry Editor. In these cases, visit Symantec's website and download the UnHookExec.inf file to your desktop. Right-click on it and choose Install. Restart your computer and then try to open the Registry Editor.

Method 3: Rename Regedit.com to Regedit.exeSome viruses and other malware will load a regedit.com file that is many times a zero byte dummy file. Because .com files have preference over .exe files when executed if you type REGEDIT in the run line, it will run the regedit.com instead of the real regedit.exe file. Delete the regedit.com file if its a zero byte file to restore access to REGEDIT. In some cases, such as the W32.Navidad worm, you'll need to rename the REGEDIT file to get it to work.Method 4: Windows XP Professional and Group Policy EditorIf you have Windows XP Professional and access to an administrative user account, you could change the registry editor options in the Group Policy Editor.Click Start, RunType GPEDIT.MSC and Press EnterGo to the following locationUser ConfigurationAdministrative TemplatesSystemIn the Settings Window, find the option for "Prevent Access to Registry Editing Tools" and double-click on it to change.Select Disabled or Not Configured and choose OKClose the Group Policy Editor and restart your computerTry opening REGEDIT againAlthough there are a few other ways, the above ways I have used with great success in re-enabling the REGEDIT command. If you are interested in more ways to reactive the REGEDIT command, you may want to visit a site called Killian's Guide, that goes into more detail on a variety of ways to get the registry editor to work again

My Windows XP Pro computer with a USB keyboard won't boot into Safe Mode

My Windows XP Pro computer with a USB keyboard won't boot into Safe Mode
Problem
After I was infected by spyware pop-ups, such as ErrorSafe and DriveCleaner, I was advised in a computer forum to update all of the anti-spyware tools I use and to boot into Safe Mode by pressing the F8 key after the memory count, because the scanners work more effectively in that mode. But, no matter how many times I press the F8 key at startup, my computer just continues to load Windows XP Professional. My computer has a USB Logitech iTouch keyboard. Is there any other way to force Windows to boot into Safe Mode?
Answer
The problem is no doubt caused by the fact that the device driver for the USB Logitech keyboard isn't being installed until after Windows XP has started to load, which is normal for USB device drivers, so you can't use it to enter Safe Mode by pressing the F8 key before Windows starts to load. You probably won't be able to enter the BIOS setup program for the same reason. You have to press the BIOS entry key(s) before Windows starts to install. That means that you won't be able to enter the BIOS in order to enable Legacy system support for a USB keyboard and USB mouse, which would install USB keyboard and mouse device drivers before Windows starts to load. To enter the BIOS would therefore require the use of a standard PS/2 keyboard, the device driver for which is installed before Windows starts to load. The motherboards of all standard desktop PCs have PS/2 ports for a mouse and a keyboard. You have to use the PS/2 keyboard port for a keyboard and the PS/2 mouse port for a mouse. Fortunately, most motherboards indicate in writing which motherboard port is for the keyboard and which port is for the mouse. Visit the Keyboards page on this site for more information on keyboards.
If you don't have a PS/2 keyboard, you can use the following method to force Windows XP/Windows Vista to boot into Safe Mode.
Open the System Configuration utility by entering msconfig in the Start => Run box. (In Windows Vista, enter msconfig in the Start => Start Search box.) Open the BOOT.INI tab by clicking on it with the mouse. There is a setting called SAFEBOOT under the Boot Options heading. Place a check mark in its box with the mouse pointer. The MINIMAL radio button is enabled by default. You can enable the NETWORK radio button if you want to boot into Safe Mode with network support. Windows will now boot into Safe Mode the next time Windows is booted. You can run your spyware scanners and then open the System Configuration utility (while still in Safe Mode) in order to disable the SAFEBOOT setting so that Windows boots into normal mode when the system is restarted.

After you install a new hardware device or new software, Windows XP may continuously restart, or you may receive an error message on a blue screen

After you install a new hardware device or new software, Windows XP may continuously restart, or you may receive an error message on a blue screen
Step 1: Start Windows XP in safe mode
Step 2: Use the Rollback Driver feature
Step 3: Determine whether a third-party program is causing the issue
Step 4: Determine the conflicting program or the conflicting utility
Step 5: Determine whether a third-party service is causing the issue
Step 6: Determine the conflicting service
The computer continuously restarts.

You receive an error message on a blue screen.
Step 1: Disconnect any new hardwareIf you recently installed a new hardware device, disconnect the device, and then try to start Windows XP again. If you can start Windows XP after you disconnect the device, contact the device manufacturer to obtain updated drivers for the device or to learn about any other known issues.Step 2: Start the computer by using the Last Known Good Configuration feature
a. Start the computer.
b. When you see the Please select the operating system to start message, press the F8 key.
c. When the Windows Advanced Options menu appears, use the ARROW keys to select Last Known Good Configuration (your most recent settings that worked), and then press ENTER.
d. If you are running other operating systems on the computer, use the ARROW keys to select Microsoft Windows XP, and then press ENTER. Notes

By using the Last Known Good Configuration feature, you can recover from configuration problems such as newly installed drivers that may be incorrect for the computer's hardware. This feature does not correct problems that are caused by missing drivers, by missing files, by corrupted drivers, or by corrupted files.

The Last Known Good Configuration feature uses information that is saved from the last time that you shut down the computer. This information is used to restore registry settings and drivers. Therefore, you can use this feature only if you can start the computer successfully before you restore the computer by using the last known good configuration.

After you start the computer by using the Last Known Good Configuration feature, changes that were made since the last successful startup are lost.Step 3: Use the System Restore featureMethod 1: If Windows XP does not start
a.
Restart the computer, and then press F8 during the initial startup to start the computer in safe mode by using a command prompt. Log on to the computer by using an administrator account or by using an account that has administrator credentials.
c. Type the following command at a command prompt, and then press ENTER:
%systemroot%\system32\restore\rstrui.exe
d. Follow the instructions that appear on the screen to restore the computer to an earlier state.
Method 2: If Windows XP starts
a. Log on to Windows by using an administrator account.
b. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore. System Restore starts.
c. On the Welcome to System Restore page, click Restore my computer to an earlier time if this option is not already selected. Then, click Next.
d. On the Select a Restore Point page, click the most recent system checkpoint in the On this list, click a restore point list, and then click Next. You may receive a message that lists configuration changes that System Restore will make. Click OK.
e. On the Confirm Restore Point Selection page, click Next. System Restore restores the previous Windows XP configuration, and then System Restore restarts the computer.
f. Log on to the computer as Administrator. The System Restore Restoration Complete page appears.
g. Click OK.

What is the Tilde (~) file that appears on Desktop

What is this ~ file?
The file appearing on your desktop with the filename ~, commonly known as a tilde, is a backup of your Windows Address Book. It is appearing as a result of the April 2003 Cumulative Patch for Outlook Express (330994). The patch is installed for Outlook Express 5.5 or 6 in response to a vulnerability that could allow an attacker to run code of the attacker’s choice on a user’s machine. To exploit the vulnerability, an attacker would have to be able to cause Windows to open a specially constructed MHTML URL, either on a web site or included in an HTML email message.
Unfortunately, there is a bug in the patch.Whenever you make a change in your Windows Address Book file (*.wab file), Windows makes a backup of this file. Generally this backup is called username.wa~ , however after the patch is installed the backup gets renamed to just ~ instead and saved in the directory where you start your Outlook Express. Most of the time, people start Outlook Express from a shortcut on their desktop, so the backup file gets placed there. This is how the tilde (~) file arrives on your desktop.
Is the File a Virus and will Spyware or Anti-virus Utilities Find it?
Because the file is simply a backup of your Windows Address Book, spyware searching utilities or anti-virus products wont flag it as anything suspicious.
Can I Delete the ~ File?
The simple answer is yes, the file can be deleted. However if it is deleted, you wont have a backup of your Windows Address Book if a virus or something else corrupts it or you accidentally delete the information in the address book. So I wouldnt necessarily delete the file without backing it up first. Personally, here are the steps I would take to remain safe in case you need the file again.
Right click on the file and choose Rename
Type in a name for the file and add the .wab extension to itFor Example, you might want to rename it to addressbook.wab or something similar
Now, put a blank, formatted floppy disk in your floppy drive and right-click on the newly named file
Choose Send To, Floppy Drive (most likely A)
Now the file is backed up in case of emergency, right-click on the file on your desktop and choose Delete
Each time you make a change to your address book, this file will reappear so its a good idea to keep that floppy drive around and make a backup each time you make changes. This protects you from losing valuable email addresses in case of a disaster.
An alternative to this would be to change the Start in option for Outlook Express. This has been suggested by a few visitors and works well.
Find the shortcut to Outlook Express and right-click on it
Click on Properties
Make sure Read-only is unchecked on the General tab
Click on the Shortcut tab
In the "Start In" field, change it to an alternative path where the tilde file will appear, for example C:\
Click on Apply
Is There a Patch to fix this?
Although Microsoft has indicated that it knows about this problem and intends to make a patch available, they have not released one yet, as of July 2003.
UPDATE: Finally, in June 2004, Microsoft has released a hotfix for this issue. Visit this link for more information about this problem and a solution for it.
Can I uninstall the April 2003 patch to fix it?
Yes, you can uninstall the patch, this will fix the tilde (~) file from appearing, however you will not be protected from this security vulnerability either. If you want to uninstall the April 2003 (330994) patch, simply visit this link and follow the uninstall directions. Although I wouldn't advise anyone doing this.

Outlook Express Backup Genie, a handy email backup utility that works with the top 9 popular Email Clients such as MS Outlook, Outlook Express, Eudora, Netscape Messenger, IncrediMail and PocoMail. It allows you to save your messages, address book, settings, mail and news accounts, message rules, blocked senders lists and the signatures, which can be easily restored when necessary.
Subscribe to: Posts (Atom)