RSS

Wednesday, May 26, 2010

How to Fix Expired Certificate Error

How to Fix Expired Certificate Error
I’m receiving a lot of comments and mails about this problem. Solving Expired Certificate error is very easy
Open Menu >Settings
In settings Find Date & Time
Set your Year to “2006″. Because some applications are certificated for 2005-2006. After setting your Year to 2006 install the application who gives certificate error
Finish your installation and you can set your current date back:)
Posted by at No comments:
Labels:

Sunday, May 23, 2010

REFRESH UR BRAIN

Mind is the aspect of intellect and consciousness experienced as combinations of thought, perception, memory, emotion, will and imagination, including all unconscious cognitive processes. Mind manifests itself subjectively as a stream of consciousness. Neuroanatomists usually consider the brain to be the pivotal unit of what we refer to as mind. The Human Brain tricks us whenever it can. You don’t actually see what it is in real or you don’t even actually hear or smell the way it should be. Here is the time to play trick with the human brain. I assure here, trying them is completely safe.

10. Ganzfeld Procedure

Ganzfeld Procedure
At first this might sound like a bad practical joke. Begin by tuning a radio to a station playing static. Then lie down on a couch and tape a pair of halved ping pong ballsover your eyes. Within minutes you should begin to experience a bizzare set of sensory distortions.
Some people see horses prancing in the clouds or hear the voice of a dead relative. It turns out that the mind is addicted to sensation so that when there’s little to sense (that’s the purpose of ping pong balls and static) your brain ends up inventing its own.
Source: (Link)

9. Shrink your Pain

Shrink your Pain
In case you experience an injury, then see the injured part with an inverted binoculars, soon your pain will seem to be decreasing in its magnitude.
Recently, a reasearch at Oxford University has lead to the discovery of a new pain killer – the inverted binoculars. The scientists demonstrated that the subjects who looked at their wounded hands through wrong end of the binoculars, making the hand appear smaller, experienced significantly less pain and decreased swelling. According to the researchers, this demonstrates that even basic bodily sensations such as pain are modulated by what we see. So next time if you stub your toe or cut a finger, do yourself a favour, look away!
Source: (Link)

8. Confuse your Proprioreception

Confuse your Proprioreception
This requires two chairs and a blind fold. The person wearing the blindfold should sit in the rear chair, staring at the back of the person sitting in the front. The blindfolded person then reach around and place his hand on the nose of the other person. At the same time he should place his other hand on his own nose and begin gently stroking both noses. After about 1 minute, more than 50% of the subjects report their nose as incredibly long. Therefore this is called Pinocchio’s Effect.
The Pinocchio effect  is an illusion that ones nose is growing longer, as happened to the literary character, Pinocchio when he told a lie. It is an illusion of proprioception, reviewed by Lackner (1988).
To explain the effect the other way, a vibrator is applied to the biceps tendon while one holds one’s nose with the hand of that arm. The vibrator stimulates muscle spindles in the biceps that would normally be stimulated by the muscle’s stretching, creating a kinesthetic illusion that the arm is moving away from the face. Because the fingers holding the nose are still giving tactile information of being in contact with the nose, it appears that the nose is moving away from the face too, in a form of perceptual capture. Similar phenomenon happens using the blindfolded method.

7. Confuse your Mindedness

Lift your right foot a few inches from the floor and then begin to move it in a clockwise direction. While you’re doing this, use a finger your right index finger to draw a number 6 in the air. Your foot will turn in an anticlockwise direction and there’s nothing you can do about it!
The left side of your brain, which controls the right side of your body, is responsible for rhythm and timing. The left side of your brain cannot deal with operating two opposite movements at the same time and so it combines them into a single motion.
Source: (Link)

6. Confuse your Hearing

Confuse your Hearing
This can be performed with three people, one being subject and other two objects/ observers and we also need a headset connected to routine plastic pipes on the either side. Ask the subject to sit on a chair equidisant between you and the second observer. Now each one of you hold the pipes from the headset on the corresponding sides and one by one speak into the pipes. The subject will rightly tell the direction of the sound. Now exchange the pipes and repeat voicing into the pipes. The subject’s brain will get confused and he’ll point in the opposite direction of sound.
Sound localization is a listener’s ability to identify the location or origin of a detected sound in direction and distance or the methods in acoustical engineering to simulate the placement of an auditory cue in a virtual 3D space. The human auditory system has only limited possibilities to determine the distance of a sound source, mainly based on inter-aural time differences, exchanging the pipes would cause perception by the opposite sided neurons in the brain only and thus the subject will not be able to localize the sound.

5. Confuse your Depth Perception

Confuse your Depth Perception
Depth perception is the visual ability to perceive the world in three dimensions (3D). Looking at a sight that you have not seen before or entering into a 3d cinema with one eyes closed will alter the way your mind perceives things.
This would not happen for most already seen things because your brain is tuned to judge the time and space accurately. However, your brain will not be able to fill the gap if you use one eye. Depth perception arises from a variety of depth cues. These are typically classified into binocular cues that require input from both eyes and monocular cues that require the input from just one eye. Binocular cues include stereopsis, yielding depth from binocular vision through exploitation of parallax. Since (by definition), binocular depth perception requires two functioning eyes, a person with only one functioning eye has no binocular depth perception. And hence stepping into a 3d cinema will not be an amazing phenomenon as it used to be. This is more so in people who are blinded with one eye by birth.

4. Feel a Phantom Sensation

Phantom sensations are described as perceptions that an individual experiences relating to a limb or an organ that is not physically part of the body. Sensations are recorded most frequently following the amputation of an arm or a leg, but may also occur following the removal of a breast or an internal organ.

3. 18000 Hz Sine Wave

18000 Hz Sine Wave
Download Wave Here: 18000Hz Sinewave (under 20s)
Try hearing this sound. It is called “under 20s” sound as the elder’s can’t perceive it. It is a sine wave at 18,000 Hz (by comparison, a dog whistle sounds at 16,000 – 22,000 HZ – meaning a dog can hear this sound as well). This sound is used by some teenagers as a ring tone on their cellphone so that only they (and others of their age group ofcourse) can tell when the phone is ringing. It is also occasionally used in England to play very loud in areas that authorities don’t want teens to congregate in, as the noise annoys them.
The inner ear of the humans have a functional design to hear sounds in a range of a frequency. Hearing is not merely a function of ears but the oscillation amplitude is conducted to the brain. As people get older they lose the ability to hear higher pitched sounds. As people get older they lose the ability to hear higher pitched sounds – that is the reason that only young people can hear this sound – it is too high for most people over the age of 20.

2. Confuse your photoreception

Confuse your photoreception
Stare at the central point (plus sign) of the black and white picture for atleast 30 seconds and then look at a wall near you, you will see a bright spot, twinkle a few times, what do you see? or even who do you see?
Stare at the eye of the red parrot while you slowly count to 20, then immediately look at one spot in the empty birdcage. The faint, ghostly image of a blue-green bird should appear in the cage. Try the same thing with the green cardinal, and a faint magenta bird should appear.
When an image is looked at for a length of time (usually around 30 seconds) and then replaced with a white field, one type pf an effect called an afterimage can be seen. The common explanation given for an afterimage is that the photoreceptors (rods and cones) in the eye become “fatigued”, and do not work as well as the those photoreceptors that were not affected (the “fatigue” is actually caused by the temporary bleaching of the light sensitive pigments contained within the photoreceptors) This results in the information that is provided by the photoreceptors not being in balance, causing the afterimages to appear. As the photoreceptors become less “fatigued”, which takes between ten and thirty seconds, the balance is recovered, resulting in the afterimage disappearing.
Source: (Link)
Now do another trick to confuse your photoreceptors. This will temporarily blind you from one eye (for around 30 seconds and don’t worry it is of no harm) Go into a room, shut the door and turn out the lights so that the room is mostly dark. Wait until your eyes adapt to the darkness. You should be able to make out the basic shapes of the room from the tiny bit of light coming in from under the door. Next, close your right eye and cover it with your hand. Turn the light on, keeping your eye closed and covered. Leave the light on for about a minute or until your left eye has adapted to the light. Uncover your eye and look around the darkened room.
What do you see? What you might experience is an illusion discovered by researcher Uta Wolfe in which it seems that your left eye is closed, even though it is open.
The explaination to this is the visual cycle that takes time to be adapted, when it is not adapted as for the left eye, the eye will send wrong signals to the brain thus image would be darkened for the left eye until it adapts.

1. Confuse your Cognition

Confuse your Cognition
Take a look at the spinning girl. Do you see it spinning clockwise or counter-clockwise? I see it spinning counter-clockwise, but i was able to switch it in the other direction, its hard for many people. Give it a try.
The spinning girl is a form of the more general spinning silhouette illusion. The image is not objectively “spinning” in one direction or the other. It is a two-dimensional image that is simply shifting back and forth. But our brains did not evolve to interpret two-dimensional representations of the world but the actual three-dimensional world. So our visual processing assumes we are looking at a 3-D image and is uses clues to interpret it as such. Or, without adequate clues it may just arbitrarily decide a best fit – spinning clockwise or counterclockwise. And once this fit is chosen, the illusion is complete – we see a 3-D spinning image.
By looking around the image, focusing on the shadow or some other part, you may force your visual system to reconstruct the image and it may choose the opposite direction, and suddenly the image will spin in the opposite direction.
Posted by at 1 comment:

Saturday, May 22, 2010

Hibernate problem in Windows Vista (Microsoft solves)

How do I enable hibernation on my Windows Vista-based computer?

View products that this article applies to.

Support for Windows Vista without any service packs installed ended on April 13, 2010. To continue receiving security updates for Windows, make sure you're running Windows Vista with Service Pack 2 (SP2). For more information, refer to this Microsoft web page: Support is ending for some versions of Windows (http://windows.microsoft.com/en-us/windows/help/end-support-windows-xp-sp2-windows-vista-without-service-packs)

Expand all | Collapse all

Problem description
When you want to enable hibernation on your Windows Vista-based computer, you ma...

When you want to enable hibernation on your Windows Vista-based computer, you may experience one or more of the following problems:
  • The Hibernate option is not available on the Start
    Collapse this imageExpand this image
    Start button
    menu power options menu.
  • The Hibernate option is not available in the Shut Down Windows dialog box.

    Note To open the Shut Down Windows dialog box, press ALT+F4.
  • The Hibernate option is not available on the power button menu that appears on the secure desktop.

    Note You can access the secure desktop's power button menu when you log off Windows Vista.
To have us fix this problem for you, go to the “Fix it for me” section. If you’d rather fix this problem yourself, go to the “Let me fix it myself” section.
Back to the top

Fix it for me
Note If the computer does not support the hibernation feature, you cannot enable...

Note If the computer does not support the hibernation feature, you cannot enable the feature. To determine whether your computer supports the hibernation feature, see the "More information" section.

To fix this problem automatically, click the Fix this problem link. Then, click Run in the File Download dialog box, and follow the steps in this wizard.

Fix this problem
Microsoft Fix it 50078


Note In order to enable the hibernation file, you must have at least as much free space on your system drive as there is physical memory in the computer. If you do not have adequate free space available, you will get the following error when you run this Fix it Solution:
This "Fix it" does not apply to your system.

Note this wizard may be in English only; however, the automatic fix also works for other language versions of Windows.

Note If you are not on the computer that has the problem, you can save the automatic fix to a flash drive or a CD so that you can run it on the computer that has the problem.

To check whether this resolved the problem, go to the "Did this fix the problem?" section.
Back to the top

Let me fix it myself
This problem occurs for one of the following reasons: The Disk Cleanup Utility w...

This problem occurs for one of the following reasons:
  • The Disk Cleanup Utility was used to delete the Hibernation File Cleaner.
  • The computer does not support the hibernation feature.
  • The hibernation feature is disabled.
  • The Hybrid Sleep feature is enabled.

    Note The Hybrid Sleep feature puts the computer to sleep and generates a hibernation file when the user selects the Sleep option in any of the power option menus. Therefore, Hibernate is not offered as a power option when Hybrid Sleep is enabled.

To resolve this issue, use the PowerCfg tool to enable the hibernation feature. To do this, follow these steps.

Note If the computer does not support the hibernation feature, you cannot enable the feature. For information about how to use the PowerCfg tool to determine whether the computer supports the hibernation feature, see the "More Information" section.
  1. Click Start
    Collapse this imageExpand this image
    the Start button
    , type command in the Start Search box, right-click Command Prompt in the Programs list, and then click Run as administrator.

    Collapse this imageExpand this image
    User Account Control permission
    If you are prompted for an administrator password or for confirmation, type your password, or click Continue.
  2. At the command prompt, type powercfg /hibernate on.
Back to the top

More information
You can also use the PowerCfg tool to determine whether the computer supports th...

You can also use the PowerCfg tool to determine whether the computer supports the hibernation feature. To do this, follow these steps:
  1. Click Start
    Collapse this imageExpand this image
    the Start button
    , type command in the Start Search box, right-click Command Prompt in the Programs list, and then click Run as administrator.

    Collapse this imageExpand this image
    User Account Control permission
    If you are prompted for an administrator password or for confirmation, type your password, or click Continue.
  2. At the command prompt, type powercfg /a.
The PowerCfg tool generates output that resembles the following:
The following sleep states are available on this system: Standby ( S1 S3 ) Hibernate Hybrid Sleep 
The following sleep states are not available on this system: Standby (S2) 
The system firmware does not support this standby state.
The sleep states that are listed as available and as not available vary, depending on the computer's hardware.

Note If the computer does not support the hibernation feature, you cannot enable the feature.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
928897  (http://support.microsoft.com/kb/928897/ ) I used the Disk Cleanup Tool in Windows Vista, and now the hybrid sleep feature and the hibernation feature are unavailable
Back to the top

Did this fix the problem?
Check whether the problem is fixed. If the problem is fixed, you are finished wi...

Check whether the problem is fixed. If the problem is fixed, you are finished with this article. If the problem is not fixed, you can contact support (http://support.microsoft.com/contactus) .

For help with power consumption and battery life problems in Windows Vista, visit the following Microsoft Web page:
Fix problems in which power consumption is more than expected or the battery life is short (http://support.microsoft.com/gp/windows_battery_power_settings)
Back to the top
APPLIES TO
  • Windows Vista Home Basic
  • Windows Vista Home Premium
  • Windows Vista Ultimate
  • Windows Vista Business
  • Windows Vista Enterprise
  • Windows Vista Starter
  • Windows Vista Business 64-bit Edition
  • Windows Vista Enterprise 64-bit Edition
Back to the top
Keywords: 
kbmsifixme kbfixme kbexpertisebeginner kbtshoot kbprb KB929658
Back to the top
Posted by at No comments:
Labels:

Sunday, May 16, 2010

keyboard shortcuts in Mozilla Firefox

Keyboard shortcuts



This is a list of keyboard shortcuts in Mozilla Firefox.
CommandShortcut
Navigation
BackAlt+Left Arrow
Backspace
ForwardAlt+Right Arrow
Shift+Backspace
HomeAlt+Home
Open FileCtrl+O
ReloadF5
Ctrl+R
Reload (override cache)Ctrl+F5
Ctrl+Shift+R
StopEsc
Current Page
Go to Bottom of PageEnd
Go to Top of PageHome
Move to Next FrameF6
Move to Previous FrameShift+F6
Page Info
Page SourceCtrl+U
PrintCtrl+P
Save Page AsCtrl+S
Zoom InCtrl++
Zoom OutCtrl+-
Zoom ResetCtrl+0
Editing
CopyCtrl+C
CutCtrl+X
DeleteDelete
PasteCtrl+V
RedoCtrl+Y
Select AllCtrl+A
UndoCtrl+Z
Search
FindCtrl+F
Find AgainF3
Ctrl+G
Find As You Type Link'
Find As You Type Text/
Find PreviousShift+F3
Web SearchCtrl+K
Ctrl+E
Windows & Tabs (see Tabbed Browsing )
Close Tab Ctrl+W
Ctrl+F4
Close WindowCtrl+Shift+W
Alt+F4
Move Tab Left
(when tab is focused)		Ctrl+Left Arrow
Ctrl+Up Arrow
Move Tab Right
(when tab is focused)		Ctrl+Right Arrow
Ctrl+Down Arrow
Move Tab to Beginning
(when tab is focused)		Ctrl+Home
Move Tab to End
(when tab is focused)		Ctrl+End
New TabCtrl+T
New WindowCtrl+N
Next TabCtrl+Tab
Ctrl+Page Down
Open Address in New Tab
(from Location Bar or Search Bar)		Alt+Enter
Previous TabCtrl+Shift+Tab
Ctrl+Page Up
Undo Close TabCtrl+Shift+T
Undo Close WindowCtrl+Shift+N
Select Tab (1 to 8)Ctrl+(1 to 8)
Select Last TabCtrl+9
Tools
Bookmark All TabsCtrl+Shift+D
Bookmark This PageCtrl+D
BookmarksCtrl+B
Ctrl+I
Library windowCtrl+Shift+B
Caret BrowsingF7
DownloadsCtrl+J
HistoryCtrl+H
Toggle Private BrowsingCtrl+Shift+P
Clear Recent HistoryCtrl+Shift+Del
Error ConsoleCtrl+Shift+J
Miscellaneous
Complete .com AddressCtrl+Enter
Complete .net AddressShift+Enter
Complete .org AddressCtrl+Shift+Enter
Delete Selected Autocomplete EntryDel
Toggle Full ScreenF11
HelpF1
Select Location BarAlt+D
F6
Ctrl+L
Select or Manage Search Engines
(when Search Bar is focused)		Alt+Up Arrow
Alt+Down Arrow
F4
Media shortcuts(OGG/Theora Videos Only)
Toggle Play / PauseSpace
Decrease volumeArrow down
Increase volumeArrow up
Mute audioCtrl+Down Arrow
Unmute audioCtrl+Arrow up
Seek back 15 secondsLeft Arrow
Seek back 10 %Ctrl+Left Arrow
Seek forward 15 secondsRight Arrow
Seek forward 10 %Ctrl+Right Arrow
Seek to the beginningHome
Seek to the endEnd
Posted by at 2 comments:

Friday, May 7, 2010

Runouce.exe Virus Roval

W32.Chir@mm

Risk Level 2: Low

Discovered: June 8, 2002
Updated: February 13, 2007 11:54:44 AM
Also Known As: W32.Chier@mm
Type: Worm
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

SUMMARY


W32.Chir@mm is a mass-mailing worm. It uses its own SMTP engine to send itself to email addresses. The SMTP server that the worm uses is a static one, which means that if a specific SMTP server is not running, the worm cannot spread.

The worm creates Runouce.exe (note the letter "u") in the %System% folder. Runouce.exe has the same form as the worm file that was originally received as an email attachment. The email message arrives with the following characteristics:

From: @hotmail.com or iloveyou@btamail.net.cn
Subject: Hi, i am
Attachments: P.exe

W32.Chir@mm also searches across the network and accesses files on other computers. However, due to a bug, these files are not modified in any way.



If you open the message in an unpatched version of Microsoft Outlook or Outlook Express, the attachment may be executed automatically. Information about this vulnerability and a patch are available at:
http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

NOTE: Definitions dated prior to June 11, 2002 will detect this as W32.Chier@mm.

Antivirus Protection Dates

  • Initial Rapid Release version June 8, 2002
  • Latest Rapid Release version July 19, 2008 revision 019
  • Initial Daily Certified version June 8, 2002
  • Latest Daily Certified version January 20, 2009 revision 048
  • Initial Weekly Certified release date June 8, 2002
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Low

Distribution

  • Distribution Level: High

TECHNICAL DETAILS


This worm uses both an IFRAME exploit and a MIME exploit to execute the worm on your system. Because of this, it is possible that the worm could be executed simply by previewing the email in your email program.

When it is executed, the file \%System%\Runouce.exe is created; the file's attributes are set to Hidden, System, and Read-Only. These attributes prevent you from seeing the file in Windows Explorer if Windows Explorer is configured with its default settings.

NOTE: %System% is a variable. The worm locates the \Windows\System folder (by default this is C:\Windows\System or C:\Winnt\System32) and copies itself to that location.

W32.Chir@mm also adds the STRING value:

Runonce C:\Windows\System\Runouce.exe

to the registry key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

The worm sends email to all contacts found in the Windows Address Book. The email has the following characteristics:

From: @hotmail.com or iloveyou@btamail.net.cn
Subject: Hi, i am
Attachments: P.exe

W32.Chir@mm also searches across the network and accesses files on other computers. However, due to a bug, these files are not modified in any way.

Recommendations

Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":
  • Use a firewall to block all incoming connections from the Internet to services that should not be publicly available. By default, you should deny all incoming connections and only allow services you explicitly want to offer to the outside world.
  • Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
  • Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application.
  • Disable AutoPlay to prevent the automatic launching of executable files on network and removable drives, and disconnect the drives when not required. If write access is not required, enable read-only mode if the option is available.
  • Turn off file sharing if not needed. If file sharing is required, use ACLs and password protection to limit access. Disable anonymous access to shared folders. Grant access only to user accounts with strong passwords to folders that must be shared.
  • Turn off and remove unnecessary services. By default, many operating systems install auxiliary services that are not critical. These services are avenues of attack. If they are removed, threats have less avenues of attack.
  • If a threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
  • Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.
  • Configure your email server to block or remove email that contains file attachments that are commonly used to spread threats, such as .vbs, .bat, .exe, .pif and .scr files.
  • Isolate compromised computers quickly to prevent threats from spreading further. Perform a forensic analysis and restore the computers using trusted media.
  • Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.
  • If Bluetooth is not required for mobile devices, it should be turned off. If you require its use, ensure that the device's visibility is set to "Hidden" so that it cannot be scanned by other Bluetooth devices. If device pairing must be used, ensure that all devices are set to "Unauthorized", requiring authorization for each connection request. Do not accept applications that are unsigned or sent from unknown sources.
  • For further information on the terms used in this document, please refer to the Security Response glossary.

REMOVAL


To remove this worm:
  1. Update the virus definitions, restart in Safe mode, and run a full system scan. Delete all files that are detected as W32.Chir@mm.
  2. Delete the value

    Runonce     \Windows\System\Runouce.exe

    from the registry key

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run



W32.Chir@mm

Risk Level 2: Low

Discovered: June 8, 2002
Updated: February 13, 2007 11:54:44 AM
Also Known As: W32.Chier@mm
Type: Worm
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

SUMMARY


W32.Chir@mm is a mass-mailing worm. It uses its own SMTP engine to send itself to email addresses. The SMTP server that the worm uses is a static one, which means that if a specific SMTP server is not running, the worm cannot spread.

The worm creates Runouce.exe (note the letter "u") in the %System% folder. Runouce.exe has the same form as the worm file that was originally received as an email attachment. The email message arrives with the following characteristics:

From: @hotmail.com or iloveyou@btamail.net.cn
Subject: Hi, i am
Attachments: P.exe

W32.Chir@mm also searches across the network and accesses files on other computers. However, due to a bug, these files are not modified in any way.



If you open the message in an unpatched version of Microsoft Outlook or Outlook Express, the attachment may be executed automatically. Information about this vulnerability and a patch are available at:
http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

NOTE: Definitions dated prior to June 11, 2002 will detect this as W32.Chier@mm.

Antivirus Protection Dates

  • Initial Rapid Release version June 8, 2002
  • Latest Rapid Release version July 19, 2008 revision 019
  • Initial Daily Certified version June 8, 2002
  • Latest Daily Certified version January 20, 2009 revision 048
  • Initial Weekly Certified release date June 8, 2002

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Low

Distribution

  • Distribution Level: High

TECHNICAL DETAILS


This worm uses both an IFRAME exploit and a MIME exploit to execute the worm on your system. Because of this, it is possible that the worm could be executed simply by previewing the email in your email program.

When it is executed, the file \%System%\Runouce.exe is created; the file's attributes are set to Hidden, System, and Read-Only. These attributes prevent you from seeing the file in Windows Explorer if Windows Explorer is configured with its default settings.

NOTE: %System% is a variable. The worm locates the \Windows\System folder (by default this is C:\Windows\System or C:\Winnt\System32) and copies itself to that location.

W32.Chir@mm also adds the STRING value:

Runonce C:\Windows\System\Runouce.exe

to the registry key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

The worm sends email to all contacts found in the Windows Address Book. The email has the following characteristics:

From: @hotmail.com or iloveyou@btamail.net.cn
Subject: Hi, i am
Attachments: P.exe

W32.Chir@mm also searches across the network and accesses files on other computers. However, due to a bug, these files are not modified in any way.

Recommendations


  • Use a firewall to block all incoming connections from the Internet to services that should not be publicly available. By default, you should deny all incoming connections and only allow services you explicitly want to offer to the outside world.
  • Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
  • Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application.
  • Disable AutoPlay to prevent the automatic launching of executable files on network and removable drives, and disconnect the drives when not required. If write access is not required, enable read-only mode if the option is available.
  • Turn off file sharing if not needed. If file sharing is required, use ACLs and password protection to limit access. Disable anonymous access to shared folders. Grant access only to user accounts with strong passwords to folders that must be shared.
  • Turn off and remove unnecessary services. By default, many operating systems install auxiliary services that are not critical. These services are avenues of attack. If they are removed, threats have less avenues of attack.
  • If a threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
  • Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.
  • Configure your email server to block or remove email that contains file attachments that are commonly used to spread threats, such as .vbs, .bat, .exe, .pif and .scr files.
  • Isolate compromised computers quickly to prevent threats from spreading further. Perform a forensic analysis and restore the computers using trusted media.
  • Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.
  • If Bluetooth is not required for mobile devices, it should be turned off. If you require its use, ensure that the device's visibility is set to "Hidden" so that it cannot be scanned by other Bluetooth devices. If device pairing must be used, ensure that all devices are set to "Unauthorized", requiring authorization for each connection request. Do not accept applications that are unsigned or sent from unknown sources.

REMOVAL


To remove this worm:
  1. Update the virus definitions, restart in Safe mode, and run a full system scan. Delete all files that are detected as W32.Chir@mm.
  2. Delete the value

    Runonce     \Windows\System\Runouce.exe

    from the registry key

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Posted by at No comments:
Labels:

Saturday, April 10, 2010

Mailto Hotmail in Firefox

To make Firefox use Hotmail for mailto links, do the following.

1. Type about:config into your location bar and hit enter. If you've never edited used about:config before, you'll see a warning.
2. Click "I'll be careful, I promise!" This will bring you to the about:config window.
3. In the filter field type "gecko". Double click the first entry gecko.handlerService.allowRegisterFromDifferentHost to change the value to true.
4. Copy and paste the text between the following text into the location bar and hit enter: javascript:navigator.registerProtocolHandler('mailto','http://hotmail.msn.com/secure/start?action=compose&to=%s','Hotmail');
5. You will see an information bar drop down at the top of the window. Click "Add Application." You've finished installing the Hotmail protocol now you just need to select it.
6. Go to Firefox>Preferences>Applications, if you are using a Mac, or Tools>Options>Applications, if you are using Windows. Now scroll down the list by content type and find mailto. In the drop-down menu to the right select "Use Hotmail".
7. Next, return to about:config.
8. If the warning comes up again, click "I'll be careful, I promise!"
9. In the filter field type "gecko", and double click the first entry gecko.handlerService.allowRegisterFromDifferentHost to change the value back to false.
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)