Skip to main content

Posts

Showing posts from 2007

Removing jaymyka worm

Today is Gat Andres Bonifacio’s day. No work, no pressure, so I took the advantage of going to my aunt’s workplace to remove the so-called Jaymyka worm. All the computers were infected. Worm: Jaymyka Threat Level: Low Target Victims: Users viewing adult sites (Geez! Who did that in the office?) Description: It creates an autorun.inf file per drive with the following contents, [autorun] open=jay.exe ;shell\open=Open(&O) shell\open\Command=jay.exe shell\open\Default=1 ;shell\explore=Manager(&X) shell\explore\Command=jay.exe The autorun.inf file is paired with jay.exe. The jay.exe file handles the annoying duplication of files and some resource-hogging tasks leading to DoS attack. If this worm is able to infect the target device successfully, it attaches a file named mveo.exe at startup. This mveo.exe is responsible for the worm’s capability of regeneration. [Diagnosis] 1. Kill mveo.exe and jay.exe TASKKILL /F /IM mveo.exe /IM jay.exe 2. Delete...

Turn off error-causing ads from Yahoo! Messenger 8

Most users complain about the error pop-ups rooted from the ads attached to their Yahoo! IM clients. Turning off from the registry is the best way shun them. In the registry, [HKEY_CURRENT_USER\Software\Yahoo\Pager\YUrl] Set or add these values, Messenger Ad = * Webcam Upload Ad = * Webcam Viewer Ad = * Webcam Viewer Ad Medium = * Webcam Viewer Ad Big = * Change Room Banner = * Conf Adurl = * Chat Adurl = * Edit the file \Program Files\Yahoo!\Messenger\Cache\urls.xml, erase all the contents and leave 2 double quotes (” “), save it then mark as read-only.

CLI & Registry User Administration in Windows XP

This is a simple user administration in Windows XP. There are lots of hidden gems here. Adding a new user, net user somename somepassword /add Deleting a user, net user somename somepassword /delete Making a user an administrator, net localgroup Administrators somename /add Removing user administrator rights, net localgroup Administrators somename /delete Hiding a user from the login screen, REG ADD \\"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\ SpecialAccounts\\UserList\\" /f /v somename /t REG_DWORD /d 0 Showing a user on the login screen, REG ADD \\"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\ SpecialAccounts\\UserList\\" /f /v somename /t REG_DWORD /d 1

Java bytecode disassembly

In every programmer’s journey, the legendary “Hello World!” program excuses no one. So I wrote, compiled, then disassembled it. public class Hello { public static void main(String[] args) { System.out.println("Hello World!"); } } I fired up a hex editor to analyze the bytecode’s disassembly. This part contains the headers, class name and the superclass being extended . This is how a JDK 1.5-compiled bytecode looks. .bytecode 49.0 .source "Hello.java" .class public Hello .super java/lang/Object By default, a constructor is generated. Check that it constructs itself as an object of type ‘Object’ naturally because Java classes extend the ‘Object’ class. Here we have shown that a constructor is just a method. .method public ()V .limit stack 1 .limit locals 1 .line 1 aload_0 ; met001_slot000 invokespecial java/lang/Object. ()V return .end method Here’s the main method. .method...

Today I turned 0x15

31st of May 2007 minus 0x15, marked the day of Eradicus’ existence. It was with divine intervention that fate has chosen Santa Maria Health Center as his birthplace. .-----------------TTTT_-----_______ /''''''''''(______O] ----------____ \______/]_ __...---'\"\"\"\_ --'' Q ___________@ |''' ._ _______________=---------\"\"\"\"\"\"\" | ..--''| l L |_l | | ..--'' . /-___j ' ' | ..--'' / , ' ' |--'' / ` \ L__' \ - - '-. '. / '-./ Automatic Kalashnikov 47, can someone...

Evading Yahoo! Messenger worms

Dealing with worm-infected Yahoo! Messengers in Windows XP is fun. Just apply the fix. Do not reformat because it is the lazy way of fixing things! In file fix.reg REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"=dword:00000000 [HKEY_CURRENT_USER\Software\Yahoo\pager\View\YMSGR_buzz] "content url"=- [HKEY_CURRENT_USER\Software\Yahoo\pager\View\YMSGR_Launchcast] "content url"=- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = "http://eradicus.blogsome.com" [-HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\Homepage] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur...

MOSS: 1st Hands-on Power Training

Mindanao Open Source Society (MOSS) held its 1st Hands-on Power Training at the ADZU Open Source Laboratory. It was totally a new experience for me since I really do not know how to organize events. There is always a first time as they say. I really thank God for making this event a success though not yet perfect but hopefully the next will be planned and organized well. This event is so memorable for me since I have learned a lot of things that are not just technically related to Free and Open Source Software. To Sir Fhics , thank you so much and I salute you sir! Sir Fhics is the head of CISCO Zamboanga. He is so down-to-earth, very kind, open-minded and a skilled man yet so humble. He is one of those skilled persons who never sets a gap between himself and those who are just starting up (newbies). He even considers himself a “droplet of water in the ocean of knowledge.” Again, thank you sir! I have learned not just pure networking stuffs from you but also values that ...

Processor upgraded

Nothing special really, I have just upgraded the processor from 1.7GHz to 3.0GHz with HT technology. The 1.7GHz (1.9GHz overclocked) processor is now for sale. Too bad I’m still using Intel processors. Hopefully after graduation I’ll be able to make my switch to the dark side of the force, AMD. CPU : Intel Pentium 4 (*1) CPU Arch : 1 Cores - 2 Threads CPU PSN : Intel(R) Pentium(R) 4 CPU 3.00GHz CPU EXT : MMX SSE SSE2 CPU Cache : L1 : 12/8 KB - L2 : 512 KB Core : Northwood (0.130) / Revision : M0 CPUID : F.2.5 / Extended : F.2 Freq : 3006.76 MHz (200.45 * 15) Click here for more details.

Web application development framework

Web application development can be time consuming and complex. The development process can be simplified by using frameworks. A web application development framework contains a set of tools and libraries for easier development. Frameworks are preferred by enterprise developers since it simplify development process, reduce development time, improve readability of code, organize development and emphasize modularity. Using frameworks for enterprise development will surely make a team productive. Most frameworks use the Model-View-Controller design paradigm. The MVC design paradigm separates the data and user interface. Changes to the user interface will not affect the handling of data and the data can be restructured without changing the user interface. The MVC handles this by decoupling the data access layer (DAL) and business logic layer (BLL) from data presentation and user interaction through the controller.

Wireless connection restored

I had my canopy replaced. All systems operational. Average bandwidth has increased a bit. I guess my time is running out. I have to accelerate, deadline’s fast approaching. Judgment day is never scripted. [Thesis Update] Development phase is doing great! Coding spree. Signing off through Robert Collier’s words of wisdom: “We can only do what we think we can do. We can only be what we think we can be. We can only have what we think we can have. What we do, who we are, what we have, all depends upon what we think.”

Overclocked for Netbeans 5.5

With a processor clock of 1.70GHz and a pair of 256MB DDR PC3200 (200MHz), Netbeans 5.5 will never be an IDE of your choice especially if productivity concerns you. It runs on top of the Java Virtual Machine using the Swing Tool Kit which is a bit heavier compared to what Eclipse is using. Since I prefer using Netbeans 5.5 , a desperate move would be maximizing the use of the CPU’s core speed. Here’s a validation from CPU-Z : CPU : Intel Pentium 4 (*1) CPU Arch : 1 Cores - 1 Threads CPU PSN : Intel(R) Pentium(R) 4 CPU 1.70GHz CPU EXT : MMX SSE SSE2 CPU Cache : L1 : 12/8 KB - L2 : 256 KB Core : Willamette (0.180) / Revision : D0 CPUID : F.1.2 / Extended : F.1 Freq : 1953.28 MHz (114.9 * 17) Click here for more info. My CPU runs at 1.9GHz now. I just increased its Front-Side Bus clock to 114MHz and there’s a big impact on Netbeans’ performance. P.S.: Thanks to Betelgeuse for the correction

Crack: Some javascript

This can be found in a RAD tool for generating DHTML menus. The name of the tool will remain secret from here. It’s up to you to find out. Take note that the original developer of this tool wrote the entire code in one line. Well, to add confusion? in file tdqm_loader.js ... function q28(){ca=new Array(97,108,101,114,116,40,110,101,116,115,99,97,112,101,49,41); ct=new Array(69,114,114,111,114,32,45,32,85,110,114,101,103,105,115,116,101,114,101,100,32,79,112, 101,110,67,117,98,101,32,68,72,84,77,76,32,69,102,102,101,99,116,32,45,32,40,119,119,119,46,111, 112,101,110,99,117,98,101,46,99,111,109,41); ... To remove the annoying alert box, you have to apply diff and patch. The function above should be replaced by something like this: function q28(){ ca=new Array('CRACKED'); ct=new Array('CRACKED'); netscape1=""; ie1=""; for(i=0;i<ct .length;i++) netscape1+=String.fromCharCode(ct[i]); for(i=0;i<ca.length;i++) ie1+=String.fromCharC...