Sunday, 8 December 2013


Virus type: trojan

file type: bath file(Shell)


activities :

1:  Copy itself to every drive

2 :  Corrupt the exe file type

3:  Creates exe files like MyProg.exe,and something like mkldgf



1:   Have an an antivirus copy with full update and online scanner.

2:   You can even use the antivirus that are freely available*.


Description :

AutoRun itself means that it runs automatically.That is the automatic executable file.for example:when you insert a pendrive the pendrive's autorun explorer open itself.The trojan can copy itself from the pen drive.
you can prevent it by disabling the autorun from your control panel.mostly it is caused due to the pendrive data transfers.

Like the autorun programs "AUTORUN.INF" is executed when we open a folder or a drive.
And then it copies itself with all the drives including the exe files mentioned above.
The autorun file is Hidden so you have therefore you have to see the hidden files(properties >show hidden files (check)>hide operating system protected files(uncheck))
The AUTORUN.INF file can be easily opened in the notepad but cannot be modified because it is write protected.

It cannot be deleted in normal mode,The exe files with it can be.but there is no advantage.cause it can be resurrected within 2 or 3 seconds by itself.
Even if you were able to delete it somehow then if there is any of its exe files remain in the drive it copys its own files again(recover its files).

The most important part of this virus is that whenever you click refresh or go from one drive to another by double clicking the hidden files disappears because this virus hide them.
after copying its contents this virus starts corrupting the exe files(softwares that you've downloaded).
So that even if you format the computer whenever you install some software(corrupted by this virus).This virus gets back into your computer again.


Cure :


The simplest one:
1:  Download any antivirus and transfer it into pen drive

2:  restart computer press f8 or f10.

3:  open safe mode normal.

4:  view hidden files and folders.

5:  Now you can see that you can even manually delete the autorun.inf from all drives and rest of all the exe files with it.

6:  intall antivirus from the pendrive.

7:  scan the whole computer.

8: open the registry by start > regedit(type in it) > run

DisableTaskMgr = 1
NoFolderOptions = 1
"Worms" = "%System%\logon.bat"

10 :  After whole scan restart computer in normally.


The Hardest One:
1:  ReInstall the operating system(windows) do not open any files or folders from your drive.

2:  Direct install antivirus from internet(you can open control panel to create the internet connection).

3:  Update the antivirus fully

4:  Run the whole scan of your computer.

5:  remove all the threatening files.


*free antivirus : 
You always get Microsoft security Essential free for windows thats the best.
The most famous one is CALMWIN (open source) with CLAM SENTINEL (open source scanner).
There are many other too but not that effective unless full version.
The above two are the full version antiviruses.

If counter any problems write in here

ERROR MESSAGE "windows is not genuine"


1:  Pop up at the startup "This copy of windows is not geniune" ask to go online and resolve.

2:  Black Screen background wallpaper

3:  Right down corner of the screen "This copy of windows is not Genuine"


This error message usually comes due to illegal windows copy downloaded from internet.Generally it does not happen in the start of the installation of windows but during active use of windows online.The windows installs update and after getting restarted.And suddenly a pop up window comes in front asking to go online and get a license online.

The message becomes little hectic when we regularly use windows.
If you have a license copy then sometimes the key expires and windows asks for the new key online.
But usually the key does not expires,generally some retailers give the cracked copy to customers to fool them and earn money by that.
Beware of these retailers.


This is caused due to the update of windows.There are many security updates of windows but there is one key verification update that checks for the genuine key and blocks the access.


Windows may not works as its full potential.


Firstly whenever you install the windows do not use the recommended settings to get online updates check the last option.If you done it by mistake(Recommended settings) then

go to >control panel > System and security > Windows update(right side) > Change settings(left side) >never check for updates.


"Prevention is better than cure " this is right in this case too.
but still if you want to cure it then

1:  Go to   c\Windows\System, and find WgaTray.exe (do not open).

2:  Open task manager :Task bar(icon bar lower strip) Right click > Open task manager
or ctlr+alt+delete >open task manager

3:  open processes >WgaTray.exe>end process.

4:  come to folder and completely delete(Shift+delete) WgaTray.exe.
you can also right click and open file location to easily get the file.this file open itself within 2 seconds so do this process quickly

5:  Start >Run>regedit(type it and then run) >open HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
delete WgaLogon.

6:  Do the prevention process above step and restart windows.

Another best cure is to install new windows with security updates off.or prevent it after installation

please reply if any difficulties


Sunday, 28 July 2013

She Did It In Public After Getting Drunk

When facebook users click on the link in the message, it redirect you to fake video page, and scammers secretly hide likes button into play, so when users are clicking on the play button then they are actually likes the message, so now this message also showing on your profile.

So just after clicking play button, the page redirects you to survey page, and claims that you must complete a survey to verify your age before viewing the video.
The page again redirect you to survey page and asking your personal details.
Scammers used this fake facebook scam to earn money through survey or premium service.
Or They use your contacts to expand their premise.
Either way you are going to be the target here so don't ever click on the video even by mistake.

What to Do ?

If you already clicked on the video and trapped in their scam, and provided your mobile phone number, then first block their service, and then remove all status of this scam, which are posting when you are trying to play the video.

Try to Explain others about this scam they often try to use peoples interest to pull up a scam like that.

How to avoid this ?
Most of these scams have links so try to avoid these links if you see one.
On the other hand some of them are harmless because is a type of URL Shortener so many people use it for Shortening their website links.

Comment if the problem is not solved