Message:
#66
This
week:
*
Microsoft will Patch WiFi
Vulnerability...but only for Windows XP
Plus:
*
Your Windows/PC Quick Tips of the Week Continuing with our Series on
Adding new Commands to Internet Explorer's
Right-click menu, this week
presents the
following new examples:
- Set the Size of Selected Web Page Text To Medium
- Copy Web Page Content with its HTML Code
*
Incoming Security Alerts to Keep Your PC Healthy
- Trojan.Awax
- Trojan.Tabela.D
-------------------
Microsoft
will Patch WiFi
Vulnerability...but only for Windows XP
Many
of us now use WiFi on our laptops when we are on the
go. Generally speaking, the networks that we connect to are
considered
secure and we are not putting our personal information in
danger. Right? Well...no...not
according to senior security
researcher Mark Loveless, speaking at the Shmoocon hackers conference
in
affecting both Windows 2000 and Windows XP. When a laptop with WiFi
starts up, it immediately scans for available networks. If it
doesn't
find any, then the laptop will attempt to connect to the last network
that was successfully used.
If
a hacker manages to discover your home or office network address
(he or she does not need to know a password, just the
address), they
can set up a dummy network (in a car outside a coffee bar or railway
station, for example) and fool your laptop into connecting. Once
your
laptop is networked, the hacker will have open access to any
personal
information stored on your drives.
It
should be noted that a hacker will not be able to get into your
laptop if you have a firewall enabled. This is probably why in
Windows
XP
Service Pack 2, Microsoft set the firewall to
auto-enable. Microsoft is aware of this potential
security threat and
are expected to release a patch for Windows XP (possibly in the next
Service Pack?). However, Windows 2000 is unlikely to see
another
Service
Pack and so there may be no immediate help from Microsoft
(except a suggestion that you should buy Windows XP!). The
best advice
seems to be that if you are running Windows 2000, get yourself a
firewall (only XP has one built-in). If you use Windows XP, enable
the
built-in firewall and watch out for a Microsoft update to fix the
vulnerability.
The
Shmoocon hackers conference:
-------------------
Windows/PC
Quick Tips of the Week
Set
the Size of Selected Web Page Text To Medium by Adding
a Command
to Internet Explorer's Right-click
(Windows
XP/2000/Me/98SE - all versions require Internet Explorer 6 -
as script functionality is unpredictable with version 5 or less)
Internet
Explorer has many useful functions on its right-click or
context menu. There is a way to add new right-click entries. This
will speed up your use of Internet Explorer, reducing tasks that
usually require several clicks, down to just one. The right-click
function added in this tip will allow you to select some (or all)
of
the text on a web page and then convert it to a medium-sized font
with
one click. This could be very useful for someone who has impaired
vision.
The
first step is to create a web page (using JavaScript) that will be
referenced by a new subkey
in the Windows registry:
1. Close all open instances of Internet Explorer
(the change to the
right-click menu
will only be visible if you do this).
2. Right-click on the desktop and then click New
> Text Document.
3. Double-click on NEW TEXT DOCUMENT.TXT.
4. When Notepad opens, type in the following:
<script language="Javascript" defer>
var
pwin = external.menuArguments;
var
doc = pwin.document;
var
sel = doc.selection;
var rng
= sel.createRange();
rng.execCommand("FontSize",false,"3");
rng.execCommand("UnSelect");
</script>
5. Click File > Save.
6. Click File > Exit.
7. Right-click on NEW TEXT DOCUMENT.TXT and then
click Rename.
8. Type: SETTEXTSIZE.HTM and press [Enter].
9. Right-click on Start and then click
Explore.
10.
If necessary, resize Windows Explorer so that the desktop is
also visible.
11.
In Windows Explorer, navigate to C:\
12.
Drag and drop SETTEXTSIZE.HTM from the desktop to C:\
in Windows
Explorer.
Next,
backup the Windows registry:
Windows
XP (setting a Manual System Restore Point):
1. Click Start > All Programs >
Accessories > System Tools >
System Restore.
2. Select Create a Restore Point and click Next.
3. Type a memorable name for your restore
point.
4. Click Create.
5. Click Close.
Windows
2000 (Using the Back Wizard):
1. Click Start > All Programs >
Accessories >
System Tools > Backup > Welcome >
Backup Wizard.
2. Click Next.
3. Select Only back up
the
4. Click Browse.
5. If the Insert Disk warning message is
displayed,
click Cancel.
6. From the Look in drop-down box, choose
Desktop.
7. In the File name field, type a suitable file
name.
8. Click Open > Next > Finish.
9. When you see the message The
backup is complete,
click Close.
10.
Close the Backup Utility window.
Windows
Me/98SE (using the Windows Registry Checker - SCANREGW.EXE)
1. Click Start > Run.
2. Type: scanregw
3. Click OK.
4. Click Yes > OK.
Once
you have backed up your registry, proceed as follows:
1. Click Start > Run.
2. Type: regedit and
press [Enter].
3. Navigate to the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\
4. If the key MenuExt
is not present: right-click on the key
Internet Explorer in the left-hand pane and
then
click New >
Key.
5. If the key MenuExt
is not present: type: MenuExt for the
new key name and
press [Enter].
6. Right-click on the key MenuExt
in the left-hand pane.
7. Click New > Key.
8. Type: Set Text Size To
Medium for the new subkey name
and press [Enter]
9. Select the subkey
Set Text Size To Medium in the
left-hand
pane.
10.
Double-click the value (Default).
11.
Type c:\SetTextSize.htm in the Value Data field.
12.
Click OK.
13.
Right-click somewhere empty in the right-hand pane of
the Registry
Editor.
14.
Click New > Binary Value.
15.
Type Contexts for the value name and press [Enter].
16.
Double-click on the new value Contexts and type 10
in the Value Data
field.
17.
Click OK.
18.
Exit the Registry Editor.
If
you now open Internet Explorer, you will see the new addition to
the right-click menu. If this is a function that is applied only to
selected text, you may need to select a word or phrase in a web
page,
before your new item appears when you right-click.
-------------------
Copy
Web Page Content with its HTML Code by Adding a Command to
Internet
Explorer's Right-click
(Windows
XP/2000/Me/98SE - all versions require Internet Explorer 6 -
as script functionality is unpredictable with version 5 or less)
This
tip will allow you to select and copy web page content and then
paste it into another application, where it will appear with its
related HTML coding. This could be useful if you are trying to
work
out how a particular effect was achieved on a web site.
The
first step is to create a web page (using JavaScript) that will be
referenced by a new subkey
in the Windows registry:
1. Close all open instances of Internet Explorer
(the change to the
right-click menu
will only be visible if you do this).
2. Right-click on the desktop and then click New
>
Text Document.
3. Double-click on NEW TEXT DOCUMENT.TXT.
4. When Notepad opens, type in the following:
<script language="Javascript" defer>
var
pwin = external.menuArguments;
var
doc = pwin.document;
var
sel = doc.selection;
var
rng = sel.createRange();
window.clipboardData.setData("Text", rng.htmlText);
</script>
5. Click File > Save.
6. Click File > Exit.
7. Right-click on NEW TEXT DOCUMENT.TXT and then
click Rename.
8. Type: COPYHTMLCODE.HTM and press
[Enter].
9. Right-click on Start and then click Explore.
10.
If necessary, resize Windows Explorer so that the desktop
is also
visible.
11.
In Windows Explorer, navigate to C:\
12.
Drag and drop COPYHTMLCODE.HTM from the desktop
to C:\ in Windows
Explorer.
Next,
backup the Windows registry, as described in the previous
Internet
Explorer tip.
Once
you have backed up your registry, proceed as follows:
1. Click Start > Run.
2. Type: regedit and
press [Enter].
3. Navigate to the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\
4. If the key MenuExt
is not present: right-click on the key
Internet Explorer in the
left-hand pane and then click New > Key.
5. If the key MenuExt
is not present: type: MenuExt for the new key
name and press
[Enter].
6. Right-click on the key MenuExt
in the left-hand pane.
7. Click New > Key.
8. Type: Copy HTML for the new subkey name and press [Enter].
9. Select the subkey
Copy HTML in the left-hand pane.
10.
Double-click the value (Default).
11.
Type c:\CopyHTMLCode.htm in the Value Data field.
12.
Click OK.
13.
Right-click somewhere empty in the right-hand pane of the
Registry Editor.
14.
Click New > Binary Value.
15.
Type Contexts for the value name and press [Enter].
16.
Double-click on the new value Contexts and type 10 in the Value
Data field.
17.
Click OK.
18.
Exit the Registry Editor.
-------------------
Incoming
Security Alerts to Keep Your PC Healthy
Trojan.Awax
This
virus downloads and executes malicious software. It also changes
the Windows registry to lower your security settings.
A
quick way to discover if your PC is infected is to search for the
following file(s):
Windows
XP: C:\Windows\System32\geede.dll
Windows
2000: C:\Winnt\System32\geede.dll
Windows
Me/98SE: C:\WindowsSystem\geede.dll
or
Windows
XP: C:\Windows\System32\gebcd.dll
Windows
2000: C:\Winnt\System32\gebcd.dll
Windows
Me/98SE: C:\Windows\System\gebcd.dll
To
remove this virus, first back up your registry using the
instructions given above.
Once
you have backed up your registry, proceed as follows:
1. Click Start > Run.
2. Type: regedit and
press [Enter].
3. Go to and delete the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
{EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D}
4. Go to and delete the registry subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Explorer\Browser
Helper Objects\
{EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D}
5. Go to and delete the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\
CurrentVersion\Winlogon\Notify\[NAME]
Note: [NAME] is likely to be geede.dll or
gebcd.dll
6. Go to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\ShellExecuteHooks
7. Delete the value:
"{EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D}" = ""
8. Exit the Registry Editor.
-------------------
Trojan.Tabela.D
This
beastie collects email addresses from your computer and then
posts them to a specific server.
A quick
way to discover if your PC is infected is to search for the
following registry key: HKEY_CURRENT_USER\SOFTWARE\32235wr
To
remove this virus, first back up your registry using the
instructions given above.
Once
you have backed up your registry, proceed as follows:
1. Click Start > Run.
2. Type: regedit and
press [Enter].
3. Go to and delete the registry subkey:
HKEY_CURRENT_USER\SOFTWARE\32235wr
4. Exit the Registry Editor.
-------------------
Not
very interesting things that happened vaguely around this date in
the history of computing:
On
the 27th January 1994 Jim Clark left Silicon Graphics Inc. to start
the company Mosaic Communications. This endeavour later changed its
name to Netscape Communications Corp. It is widely acknowledged that
Netscape's
free distribution of their browser helped to fuel the
global adoption of the World Wide Web.
-------------------
And
as always...remember "trust me, I'm a doctor"!
Dr.
Steve North
-------------------
IF CLICKING
A LINK DOESN'T WORK...
Copy
it, and then paste it into your browser's address bar. Select the entire
link (which starts with http:// and may include more than one line)
and then
copy it, usually by clicking the "Edit" menu item and then
clicking "Copy".
Next,
open your browser and click in the box where you usually see the Web page
address. Paste the link into this box (usually by clicking
"Paste" in the "Edit"
menu) and click "Go" or "Enter".
*****************************************************************************
You
are receiving this email because you have given us permission to contact
you. If you do not wish to receive further such emails, please click
on the
unsubscribe link at the bottom of this message. You
will receive no further
emails. If you do not wish to click on the unsubscribe link,
please call our
Customer
Services department, and one of our representatives will be happy to
unsubscribe you. The number to call is 0845 358 0030
between 8.30am-6.00pm,
Monday to Friday.
The
Windows Advisor E-Alert is a free weekly email service brought to you by
Agora
Publications Ltd. To ensure you receive all of your
free weekly
newsletters, add windowsadvisor@electricmessage.co.uk
to your email program's
white list.
Whilst
Agora Publications Ltd makes every effort to ensure that the information
contained within this email is accurate, Agora Publications Ltd
cannot accept
any liability for any loss of data or damage to your PC, peripherals
or software
as a result of acting or refraining to act on the material contained
in this
email. Agora Publications Ltd will not accept any liability for
any problems
arising from the use of any of the information supplied in this
email. Carrying
out any of the procedures contained within this email confirms your
agreement to
this condition.
Query?
Please do not reply to this email. Messages to the Windows Advisor
E-Alert
sending address will not be seen by customer services. All email
correspondence should be sent to: info@windowsadvisor.co.uk
Email address change? Please click on the 'change your
details' hyperlink below
to update the email address, name or salutation information we have
on record
for you.
Know
someone who'd like to receive The Windows Advisor E-Alert themselves?
Simply
forward the following link to anyone you think could benefit from our
weekly service:
http://www.electricmessage.co.uk/signup.php?sid=52
To
unsubscribe from The Windows Advisor E-Alert, please click on the hyperlink
below. If the link is broken, copy and paste the entire link
into the address
bar of your internet browser program, and click 'Go' to visit the
unsubscribe
web page.
To
change your details please go to
To
unsubscribe please go to
Dear
Mr Samuel Sigbeku,
Message:
#67
Saturday
28th January 2006
This
week:
* How does a Virus get its Name?
Plus:
*
Your Windows/PC Quick Tips of the Week
Continuing with our Series on Adding new
Commands to Internet
Explorer's Right-click menu, this week we
present the
following examples:
- Force a Web Page Link to Open in the Same
Window
- Open a Web Link in a new Window
*
Incoming Security Alerts to Keep Your PC Healthy
- W32.Looksky.H@mm
- PWSteal.Tarno.R
-------------------
How
does a Virus get its Name?
As
a regular reader you may have wondered about the origins of the
weird and wonderful virus names that we use in The Windows
Advisor
E-Alert
security updates. Well...we use the same standard as the
security company Symantec. I thought you'd be interested to know
about
the naming conventions used to define a new threat. The format for a
Symantec
name is: Prefix.Name.Suffix.
However,
not all viruses have a suffix. The prefix tells you the
target of the virus (Windows, Word, HTML). The name is just a
descriptive label decided by Symantec. It becomes the
name for a
family of viruses, if further variants aresubsequently
discovered.
The
suffix is either a description of the method of infection
(worm, mass emailing etc), or a version letter used to
identify a
new variant in an existing family of viruses (as provided in the name
field). Please note that a double suffix is sometimes used when
both
a letter for the version and a threat type is required. This takes
the format: Prefix.Name.Suffix.Suffix. For
example: W32.Blebla.B.Worm.
The
'B' is required because this is a variant of the original
Blebla virus.
There
is one special thing to note about prefixes. Viruses that target
the DOS platform do not use the DOS prefix. In fact, they have no
prefix at all. This is because, in the security world, DOS also
stands
for Denial Of Service attack.
The
PREFIXES used are: <NONE> (A DOS virus), A2KM (Access macro
viruses that are native to Access 2000), A97M (Access macro
viruses
that are native to Access 97), AM (Access macro viruses that are
native to Access 95), AOL (Trojan horses that are specific to
Online
environments and usually steal AOL password information), BAT
(Batch
file threats), Backdoor (Threats may allow unauthorized users
to access your computer across the Internet), Bloodhound (Bloodhound
is the name of the Norton AntiVirus
heuristic scanning technology for
detecting new and unknown viruses), DDoS
(Distributed Denial of
Service threats. Distributed Denial of Service involves
using zombie
computers in an attempt to flood an Internet site with traffic), DoS
(Denial
of Service threats), HLLC (High Level Language Companion
viruses. These are usually DOS viruses that create an additional
file
(the companion) to spread).
HLLO
(High Level Language Overwriting viruses) are usually DOS
viruses that overwrite host files with viral code, HLLP (High
Level
Language Parasitic viruses. These are usually DOS viruses
that attach
themselves to host files), HLLW (A worm that is
compiled using a High
Level Language. NOTE: This modifier is not always a
prefix, it is only
a prefix in the case of a DOS High Level Language Worm. If the Worm
is
a Win32 file, the proper name would be W32.HLLW), HTML (Threats
that
target HTML files), IRC (Threats that target IRC applications),
JS
(Threats
that are written using the JavaScript programming language),
Java
(Viruses that are written using the Java programming language),
Linux
(Threats that target the Linux operating system).
O2KM (Office 2000 macro viruses. May infect across different types
of
Office 2000 documents), O97M (Office 97 macro viruses. May infect
across different types of Office 97 documents),
viruses. May infect across different types of Office documents),
PWSTEAL
(Trojan horses that steal passwords), Palm (Threats that are
designed to run specifically on the Palm OS).
Trojan/Troj (These files are not viruses, but Trojan horses.
Trojan
horses are files that masquerade as helpful programs, but are
actually
malicious code. Trojan horses do not replicate), UNIX (Threats that
run under any UNIX-based operating system), VBS (Viruses that are
written using the Visual Basic Script programming language).
W2KM (Word 2000 macro viruses. These are native to Word 2000
and
replicate under Word 2000 only), W32 (32-bit Windows viruses that
can
infect under all 32-bit Windows platforms), W95 (Windows 95
viruses
that infect files under the Windows 95 operating system. Windows 95
viruses often work in Windows 98 also), W97M (Word 97 macro
viruses. These are native to Word 97 and replicate under Word 97
only), W98 (Windows 98 threats that infect files under the Windows 98
operating system. Will only work in Windows 98), WM (Word macro
viruses that replicate under Word 6.0 and Word 95 -Word 7.0. They
may
also replicate under Word 97 -Word 8.0, but are not native to Word
97),
WNT (32-bit Windows viruses that can infect under the Windows NT
operating system), Win (Windows 3.x viruses that infect files under
the Windows 3.x operating system).
X2KM
(Excel macro viruses that are native to Excel 2000), X97M (Excel
macro viruses that are native to Excel 97. These viruses may
replicate
under Excel 5.0 and Excel 95 as well), XF (Excel formula viruses
are
viruses using old Excel 4.0 embedded sheets within newer Excel
documents) and XM (Excel macro viruses that are native to Excel 5.0
and Excel 95. These viruses may replicate in Excel 97 as well).
The
SUFFIXES used are: @m (Signifies the virus or worm is a mailer. An
example is Happy99 -W32.Ska, which only sends itself by email when
you
-the
user- send mail), @mm (Signifies the virus or worm is a
mass-mailer. An example is Melissa, which sends
messages to every
email address in your mailbox), dam (Indicates a detection for
files
that have been corrupted by a threat, or that may contain inactive
remnants of a threat, causing the files to no longer be able to
execute properly or produce reliable results), dr
(Indicates that the
detected file is a dropper for another threat).
Family
(Indicates a generic detection for threats that belong to a
particular threat family based on viral
characteristics), Gen
(Indicates
a generic detection for threats that belong to a particular
threat type based on viral characteristics), Int
(Indicates an
intended threat. Threats that are intended to spread, but don't due
to
bugs or errors in the viral code) and Worm (Indicates a worm, not a
virus. Worms make copies of themselves that they send across a
network
or using email, or another transport mechanism).
Applying
this knowledge to this week's security alerts, we can see
that: W32.Looksky.H@mm is distributed by mass mailing (@mm) and that
it will affect all 32-bit Windows versions (W32). We also know that
it
is the 8th (H) variant of the virus named Looksky.
PWSteal.Tarno.R is the 18th member of the Tarno password stealing
(PWSteal) virus family.
Simple, huh?
You
might also be interested to know that Symantec and various other
key security companies are collaborating on a standard naming scheme
for malware. This is called CME (Common Malware Enumeration) and is
sponsored by the US Department of Homeland Security. Symantec now
quote CME numbers in conjunction with their own naming
conventions (as
detailed above). You can find the CME website at:
-------------------
Windows/PC
Quick Tips of the Week
Force
a Web Page Link to Open in the Same Window by Adding a Command
to Internet Explorer's Right-click
(Windows
XP/2000/Me/98SE - all versions require Internet Explorer 6 -
as script functionality is unpredictable with version 5 or less)
Internet
Explorer has many useful functions on its right-click or
context menu. There is a way to add new right-click entries. This
will speed up your use of Internet Explorer, reducing tasks that
usually require several clicks, down to just one. The right-click
function added in this tip will allow you to force Internet
Explorer
to open a web link in the current browser window, even if the HTML
code requires it to open a new instance. This complements the existing
'Open in New Window' command.
The
first step is to create a web page (using JavaScript) that will be
referenced by a new subkey
in the Windows registry:
1. Close all open instances of Internet Explorer
(the change to the
right-click menu
will only be visible if you do this).
2. Right-click on the desktop and then click New
> Text Document.
3. Double-click on NEW TEXT DOCUMENT.TXT.
4. When Notepad opens, type in the following:
<script language="Javascript" defer>
external.menuArguments.location
external.menuArguments.event.srcElement.href;
</script>
5. Click File > Save.
6. Click File > Exit.
7. Right-click on NEW TEXT DOCUMENT.TXT and then
click Rename.
8. Type: OPENLINKINSAME.HTM and press [Enter].
9. Right-click on Start and then click Explore.
10.
If necessary, resize Windows Explorer so that the desktop
is also
visible.
11.
In Windows Explorer, navigate to C:\
12.
Drag and drop OPENLINKINSAME.HTM from the desktop
to C:\ in Windows
Explorer.
Next,
backup the Windows registry:
Windows
XP (setting a Manual System Restore Point):
1. Click Start > All Programs >
Accessories >
System Tools > System
Restore.
2. Select Create a Restore Point and click Next.
3. Type a memorable name for your restore
point.
4. Click Create.
5. Click Close.
Windows
2000 - (Using the Backup Wizard):
1. Click Start > Programs > Accessories
>
System Tools > Backup > Welcome >
Backup Wizard.
2. Click Next.
3. Select Only back up
the
4. Click Browse.
5. If the Insert Disk warning message is
displayed,
click Cancel.
6. From the Look in drop-down box, choose
Desktop.
7. In the File name field, type a suitable file
name.
8. Click Open > Next > Finish.
9. When you see the message The
backup is complete, click Close.
10.
Close the Backup Utility window.
Windows
Me/98SE (using the Windows Registry Checker - SCANREGW.EXE):
1. Click Start > Run.
2. Type: scanregw
3. Click OK.
4. Click Yes > OK.
Once
you have backed up your registry, proceed as follows:
1. Click Start > Run.
2. Type: regedit and
press [Enter].
3. Navigate to the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\
4. If the key MenuExt
is not present: right-click on the key
Internet Explorer in the left-hand pane and
then
click New >
Key.
5. If the key MenuExt
is not present:
type: MenuExt for the new key name and press [Enter].
6. Right-click on the key MenuExt
in the left-hand pane.
7. Click New > Key.
8. Type: Open Link in same Window for the new subkey name and
press
[Enter].
9. Select the subkey
Open Link in same Window in the
left-hand
pane.
10.
Double-click the value: (Default).
11.
Type: c:\OpenLinkInSame.htm in the Value Data field.
12.
Click OK.
13.
Right-click somewhere empty in the right-hand pane of the
Registry Editor.
14.
Click New > Binary Value.
15.
Type Contexts for the value name and press [Enter].
16.
Double-click on the new value Contexts and type 20 in the
Value Data field.
17.
Click OK.
18.
Exit the Registry Editor.
If
you now open Internet Explorer, you will see the new addition to
the right-click menu. If this is a function that is applied only to
selected text, you may need to select a word or phrase in a web
page,
before your new item appears when you right-click.
-------------------
Open
a Web Link in a new Window by Adding a Command to Internet
Explorer's
Right-click
(Windows
XP/2000/Me/98SE - all versions require Internet Explorer 6 -
as script functionality is unpredictable with version 5 or less)
This
tip will allow you to force Internet Explorer to open a link in
another browser window, even when it is HTML coded to replace the
current page. This is very similar to Internet Explorer's existing
'Open in New Window' command. However, this new command is a
slight
improvement. It often works even when HTML and
scripting have been
designed not to allow you to open a new window.
The
first step is to create a web page (using JavaScript) that will be
referenced by a new subkey
in the Windows registry:
1. Close all open instances of Internet Explorer
(the change to the
right-click menu
will only be visible if you do this).
2. Right-click on the desktop and then click New
> Text Document.
3. Double-click on NEW TEXT DOCUMENT.TXT.
4. When Notepad opens, type in the following:
<script language="JavaScript"
defer>
var
st_link = unescape(external.menuArguments.event.srcElement.href);
var
pos = st_link.indexOf("http://", 7);
var
st_elink = st_link.substr(pos);
window.open(st_elink);
</script>
5. Click File > Save.
6. Click File > Exit.
7. Right-click on NEW TEXT DOCUMENT.TXT and then
click Rename.
8. Type: OPENENCODED.HTM and press [Enter].
9. Right-click on Start and then click
Explore.
10.
If necessary, resize Windows Explorer so that the desktop is
also visible.
11.
In Windows Explorer, navigate to C:\
12.
Drag and drop OPENENCODED.HTM from the desktop to C:\
in Windows
Explorer.
Next,
backup the Windows registry, as described in the previous
Internet
Explorer tip.
Once
you have backed up your registry, proceed as follows:
1. Click Start > Run.
2. Type: regedit and
press [Enter].
3. Navigate to the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\
4. If the key MenuExt
is not present: right-click on the key
Internet Explorer in the
left-hand pane and then click New > Key.
5. If the key MenuExt
is not present: type: MenuExt for the new
key name and press
[Enter].
6. Right-click on the key MenuExt
in the left-hand pane.
7. Click New > Key.
8. Type: Open Link in new Window for the new subkey name and
press
[Enter].
9. Select the subkey
Open Link in new Window in the left-hand pane.
10.
Double-click the value (Default).
11.
Type: c:\OpenEncoded.htm in the Value Data field.
12.
Click OK.
13.
Right-click somewhere empty in the right-hand pane of the
Registry Editor.
14.
Click New > Binary Value.
15.
Type Contexts for the value name and press [Enter].
16.
Double-click on the new value Contexts and type 20 in the
Value Data field.
17.
Click OK.
18.
Exit the Registry Editor.
-------------------
Incoming
Security Alerts to Keep Your PC Healthy
W32.Looksky.H@mm
This
virus collects email addresses from your computer and then uses
its own mail software to distribute itself. It also steals any
personal information that you type when visiting web sites.
A
quick way to discover if your PC is infected is to search for the
following file(s):
Windows
XP: C:\Windows\sachostx.exe
Windows
2000: C:\Winnt\sachostx.exe
Windows
Me/98SE: C:\Windows\sachostx.exe
To
remove this virus, first back up your registry using the
instructions given above.
Once
you have backed up your registry, proceed as follows:
1. Click Start > Run.
2. Type: regedit and
press [Enter].
3. Go to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run
4. In the right pane, delete the value:
"HostSrv"
= "%Windir%\sachostx.exe"
5. Exit the Registry Editor.
-------------------
PWSteal.Tarno.R
This
beastie steals passwords from web forms.
A
quick way to discover if your PC is infected is to search for the
following file(s):
Windows
XP: C:\Windows\System32\svchost.dll
Windows
2000: C:\Winnt\System32\svchost.dll
Windows
Me/98SE: C:\Windows\System\svchost.dll
Or
Windows
XP: C:\Windows\System32\winsetup.exe
Windows
2000: C:\Winnt\System32\winsetup.exe
Windows
Me/98SE: C:\Windows\System\winsetup.exe
To
remove this virus, first back up your registry using the
instructions given above.
Once
you have backed up your registry, proceed as follows:
1. Click Start > Run.
2. Type: regedit and
press [Enter].
3. Go to the registry subkey:
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\
sharedaccess\parameters\firewallpolicy\standardprofile\
authorizedapplications\list
4. In the right pane, delete the value:
"[LOCATION OF VIRUS]" =
"[LOCATION OF VIRUS]
:*:enabled:EarthWormJimm"
5. Go to and delete the registry subkey:
HKEY_LOCAL_MACHINE\Software\Classes\svchost.Update
6. Go to and delete the registry subkey:
HKEY_CLASSES_ROOT\CLSID\{3A4E6FF3-BF59-446E-9DC8-731BCE2F349A}
7. Go to and delete the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\BrowserHelper
Objects\
{3A4E6FF3-BF59-446E-9DC8-731BCE2F349A}
8. Exit the Registry Editor.
-------------------
Not
very interesting things that happened vaguely around this date in
the history of computing:
On
January 28th 1952, the Bank of America instructed SRI (Stanford
Research
Institute) to build the first model of ERMA (Electronic
Recording Machine Accounting). The bank needed ERMA to handle
cheque
processing and account maintenance. This was at a
time when the
creation of many new local branches and an increase in the use of
cheques, was threatening to overwhelm the bank's manual systems.
ERMA
remained in service until 1970. As with most contemporary IT
projects,
ERMA's estimated maximum budget of $850,000 is
widely believed to have
topped $10 million by completion!
-------------------
And
as always...remember "trust me, I'm a doctor"!
Dr.
Steve North
-------------------
IF
CLICKING A LINK DOESN'T WORK...
Copy
it, and then paste it into your browser's address bar. Select the entire
link (which starts with http:// and may include more than one line)
and then
copy it, usually by clicking the "Edit" menu item and then
clicking "Copy".
Next,
open your browser and click in the box where you usually see the Web page
address. Paste the link into this box (usually by clicking
"Paste" in the "Edit"
menu) and click "Go" or "Enter".
*****************************************************************************
You
are receiving this email because you have given us permission to contact
you. If you do not wish to receive further such emails, please click
on the
unsubscribe link at the bottom of this message. You
will receive no further
emails. If you do not wish to click on the unsubscribe link,
please call our
Customer
Services department, and one of our representatives will be happy to
unsubscribe you. The number to call is 0845 358 0030
between 8.30am-6.00pm,
Monday to Friday.
The
Windows Advisor E-Alert is a free weekly email service brought to you by
Agora
Publications Ltd. To ensure you receive all of your
free weekly
newsletters, add windowsadvisor@electricmessage.co.uk
to your email program's
white list.
Whilst
Agora Publications Ltd makes every effort to ensure that the information
contained within this email is accurate, Agora Publications Ltd
cannot accept
any liability for any loss of data or damage to your PC, peripherals
or software
as a result of acting or refraining to act on the material contained
in this
email. Agora Publications Ltd will not accept any liability for
any problems
arising from the use of any of the information supplied in this
email. Carrying
out any of the procedures contained within this email confirms your
agreement to
this condition.
Query?
Please do not reply to this email. Messages to the Windows Advisor
E-Alert
sending address will not be seen by customer services. All email
correspondence should be sent to: info@windowsadvisor.co.uk
Email address change? Please click on the 'change your
details' hyperlink below
to update the email address, name or salutation information we have
on record
for you.
Know
someone who'd like to receive The Windows Advisor E-Alert themselves?
Simply
forward the following link to anyone you think could benefit from our
weekly service:
http://www.electricmessage.co.uk/signup.php?sid=52
To
unsubscribe from The Windows Advisor E-Alert, please click on the hyperlink
below. If the link is broken, copy and paste the entire link
into the address
bar of your internet browser program, and click 'Go' to visit the
unsubscribe
web page.
To
change your details please go to
To
unsubscribe please go to