Coding Blog

Today is Gat Andres Bonifacio’s day. No work, no pressure, so I took the advantage of going to my aunt’s workplace to remove the so-called Jaymyka worm. All the computers were infected. Worm: Jaymyka Threat Level: Low Target Victims: Users viewing adult sites (Geez! Who did that in the office?) Description: It creates an autorun.inf file per drive with the following contents, [autorun] open=jay.exe ;shell\open=Open(&O) shell\open\Command=jay.exe shell\open\Default=1 ;shell\explore=Manager(&X) shell\explore\Command=jay.exe The autorun.inf file is paired with jay.exe. The jay.exe file handles the annoying duplication of files and some resource-hogging tasks leading to DoS attack. If this worm is able to infect the target device successfully, it attaches a file named mveo.exe at startup. This mveo.exe is responsible for the worm’s capability of regeneration. [Diagnosis] 1. Kill mveo.exe and jay.exe TASKKILL /F /IM mveo.exe /IM jay.exe 2. Delete...

Most users complain about the error pop-ups rooted from the ads attached to their Yahoo! IM clients. Turning off from the registry is the best way shun them. In the registry, [HKEY_CURRENT_USER\Software\Yahoo\Pager\YUrl] Set or add these values, Messenger Ad = * Webcam Upload Ad = * Webcam Viewer Ad = * Webcam Viewer Ad Medium = * Webcam Viewer Ad Big = * Change Room Banner = * Conf Adurl = * Chat Adurl = * Edit the file \Program Files\Yahoo!\Messenger\Cache\urls.xml, erase all the contents and leave 2 double quotes (” “), save it then mark as read-only.

This is a simple user administration in Windows XP. There are lots of hidden gems here. Adding a new user, net user somename somepassword /add Deleting a user, net user somename somepassword /delete Making a user an administrator, net localgroup Administrators somename /add Removing user administrator rights, net localgroup Administrators somename /delete Hiding a user from the login screen, REG ADD \\"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\ SpecialAccounts\\UserList\\" /f /v somename /t REG_DWORD /d 0 Showing a user on the login screen, REG ADD \\"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\ SpecialAccounts\\UserList\\" /f /v somename /t REG_DWORD /d 1

In every programmer’s journey, the legendary “Hello World!” program excuses no one. So I wrote, compiled, then disassembled it. public class Hello { public static void main(String[] args) { System.out.println("Hello World!"); } } I fired up a hex editor to analyze the bytecode’s disassembly. This part contains the headers, class name and the superclass being extended . This is how a JDK 1.5-compiled bytecode looks. .bytecode 49.0 .source "Hello.java" .class public Hello .super java/lang/Object By default, a constructor is generated. Check that it constructs itself as an object of type ‘Object’ naturally because Java classes extend the ‘Object’ class. Here we have shown that a constructor is just a method. .method public ()V .limit stack 1 .limit locals 1 .line 1 aload_0 ; met001_slot000 invokespecial java/lang/Object. ()V return .end method Here’s the main method. .method...

31st of May 2007 minus 0x15, marked the day of Eradicus’ existence. It was with divine intervention that fate has chosen Santa Maria Health Center as his birthplace. .-----------------TTTT_-----_______ /''''''''''(______O] ----------____ \______/]_ __...---'\"\"\"\_ --'' Q ___________@ |''' ._ _______________=---------\"\"\"\"\"\"\" | ..--''| l L |_l | | ..--'' . /-___j ' ' | ..--'' / , ' ' |--'' / ` \ L__' \ - - '-. '. / '-./ Automatic Kalashnikov 47, can someone...

Dealing with worm-infected Yahoo! Messengers in Windows XP is fun. Just apply the fix. Do not reformat because it is the lazy way of fixing things! In file fix.reg REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"=dword:00000000 [HKEY_CURRENT_USER\Software\Yahoo\pager\View\YMSGR_buzz] "content url"=- [HKEY_CURRENT_USER\Software\Yahoo\pager\View\YMSGR_Launchcast] "content url"=- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = "http://eradicus.blogsome.com" [-HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\Homepage] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur...

Mindanao Open Source Society (MOSS) held its 1st Hands-on Power Training at the ADZU Open Source Laboratory. It was totally a new experience for me since I really do not know how to organize events. There is always a first time as they say. I really thank God for making this event a success though not yet perfect but hopefully the next will be planned and organized well. This event is so memorable for me since I have learned a lot of things that are not just technically related to Free and Open Source Software. To Sir Fhics , thank you so much and I salute you sir! Sir Fhics is the head of CISCO Zamboanga. He is so down-to-earth, very kind, open-minded and a skilled man yet so humble. He is one of those skilled persons who never sets a gap between himself and those who are just starting up (newbies). He even considers himself a “droplet of water in the ocean of knowledge.” Again, thank you sir! I have learned not just pure networking stuffs from you but also values that ...