Dear Mr Samuel Sigbeku,

Message: #66

This week:

* Microsoft will Patch WiFi Vulnerability...but only for Windows XP

Plus:

* Your Windows/PC Quick Tips of the Week Continuing with our Series on

Adding new Commands to Internet Explorer's Right-click menu, this week

presents the following new examples:

- Set the Size of Selected Web Page Text To Medium

- Copy Web Page Content with its HTML Code

* Incoming Security Alerts to Keep Your PC Healthy

- Trojan.Awax

- Trojan.Tabela.D

-------------------

Microsoft will Patch WiFi Vulnerability...but only for Windows XP

Many of us now use WiFi on our laptops when we are on the

go. Generally speaking, the networks that we connect to are considered

secure and we are not putting our personal information in

danger. Right? Well...no...not according to senior security

researcher Mark Loveless, speaking at the Shmoocon hackers conference

in Washington DC. Loveless revealed a serious WiFi vulnerability

affecting both Windows 2000 and Windows XP. When a laptop with WiFi

startsup, it immediately scans for available networks. If it doesn't

find any, then the laptop will attempt to connect to the last network

that was successfully used.

If a hacker manages to discover your home or office network address

(he or she does not need to know a password, just the address), they

can set up a dummy network (in a car outside a coffee bar or railway

station, for example) and fool your laptop into connecting. Once your

laptopis networked, the hacker will have open access to any personal

information stored on your drives.

It should be noted that a hacker will not be able to get into your

laptopif you have a firewall enabled. This is probably why in Windows

XP Service Pack 2, Microsoft set the firewall to

auto-enable. Microsoft is aware of this potential security threat and

are expected to release a patch for Windows XP (possibly in the next

Service Pack?).However, Windows 2000 is unlikely to see another

Service Pack and so there may be no immediate help from Microsoft

(except a suggestion that you should buy Windows XP!). The best advice

seems to be that if you are running Windows 2000, get yourself a

firewall(only XP has one built-in). If you use Windows XP, enable the

built-in firewall and watch out for a Microsoft update to fix the

vulnerability.

The Shmoocon hackers conference:

http://www.shmoocon.org/

-------------------

Windows/PC Quick Tips of the Week

Set the Size of Selected Web Page Text To Medium by Adding a Command

to Internet Explorer's Right-click

(Windows XP/2000/Me/98SE - all versions require Internet Explorer 6 -

as script functionality is unpredictable with version 5 or less)

Internet Explorer has many useful functions on its right-click or

context menu. There is a way to add new right-click entries. This

will speed up your use of Internet Explorer, reducing tasks that

usually require several clicks, down to just one. The right-click

functionadded in this tip will allow you to select some (or all) of

thetext on a web page and then convert it to a medium-sized font with

one click. This could be very useful for someone who has impaired

vision.

The first step is to create a web page (using JavaScript) that will be

referencedby a new subkey in the Windows registry:

1. Close all open instances of Internet Explorer (the change to the

right-click menu will only be visible if you do this).

2. Right-click on the desktop and then click New > Text Document.

3. Double-click on NEW TEXT DOCUMENT.TXT.

4. When Notepad opens, type in the following:

<script language="Javascript" defer>

var pwin = external.menuArguments;

var doc = pwin.document;

var sel = doc.selection;

var rng = sel.createRange();

rng.execCommand("FontSize",false,"3");

rng.execCommand("UnSelect");

</script>

5. Click File > Save.

6. Click File > Exit.

7. Right-click on NEW TEXT DOCUMENT.TXT and then click Rename.

8. Type: SETTEXTSIZE.HTM and press [Enter].

9. Right-click on Start and then click Explore.

10. If necessary, resize Windows Explorer so that the desktop is

also visible.

11. In Windows Explorer, navigate to C:\

12. Drag and drop SETTEXTSIZE.HTM from the desktop to C:\

in Windows Explorer.

Next, backup the Windows registry:

Windows XP (setting a Manual System Restore Point):

1. Click Start > All Programs > Accessories > System Tools >

System Restore.

2. Select Create a Restore Point and click Next.

3. Type a memorable name for your restore point.

4. Click Create.

5. Click Close.

Windows 2000 (Using the Back Wizard):

1. Click Start > All Programs > Accessories >

System Tools > Backup > Welcome > Backup Wizard.

2. Click Next.

3. Select Only back up the System State data and click Next.

4. Click Browse.

5. If the Insert Disk warning message is displayed,

click Cancel.

6. From the Look in drop-down box, choose Desktop.

7. In the File name field, type a suitable file name.

8. Click Open > Next > Finish.

9. When you see the message The backup is complete,

click Close.

10. Close the Backup Utility window.

Windows Me/98SE (using the Windows Registry Checker - SCANREGW.EXE)

1. Click Start > Run.

2. Type: scanregw

3. Click OK.

4. Click Yes > OK.

Once you have backed up your registry, proceed as follows:

1. Click Start > Run.

2. Type: regedit and press [Enter].

3. Navigate to the registry key:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\

4. If the key MenuExt is not present: right-click on the key

Internet Explorer in the left-hand pane and then

click New > Key.

5. If the key MenuExt is not present: type: MenuExt for the

new key name and press [Enter].

6. Right-click on the key MenuExt in the left-hand pane.

7. Click New > Key.

8. Type: Set Text Size To Medium for the new subkey name

and press [Enter]

9. Select the subkey Set Text Size To Medium in the

left-hand pane.

10. Double-click the value (Default).

11. Type c:\SetTextSize.htm in the Value Data field.

12. Click OK.

13. Right-click somewhere empty in the right-hand pane of

the Registry Editor.

14. Click New > Binary Value.

15. Type Contexts for the value name and press [Enter].

16. Double-click on the new value Contexts and type 10

in the Value Data field.

17. Click OK.

18. Exit the Registry Editor.

If you now open Internet Explorer, you will see the new addition to

the right-click menu. If this is a function that is applied only to

selectedtext, you may need to select a word or phrase in a web page,

before your new item appears when you right-click.

-------------------

Copy Web Page Content with its HTML Code by Adding a Command to

Internet Explorer's Right-click

(Windows XP/2000/Me/98SE - all versions require Internet Explorer 6 -

as script functionality is unpredictable with version 5 or less)

This tip will allow you to select and copy web page content and then

paste it into another application, where it will appear with its

relatedHTML coding. This could be useful if you are trying to work

out how a particular effect was achieved on a web site.

The first step is to create a web page (using JavaScript) that will be

referencedby a new subkey in the Windows registry:

1. Close all open instances of Internet Explorer (the change to the

right-click menu will only be visible if you do this).

2. Right-click on the desktop and then click New >

Text Document.

3. Double-click on NEW TEXT DOCUMENT.TXT.

4. When Notepad opens, type in the following:

<script language="Javascript" defer>

var pwin = external.menuArguments;

var doc = pwin.document;

var sel = doc.selection;

var rng = sel.createRange();

window.clipboardData.setData("Text", rng.htmlText);

</script>

5. Click File > Save.

6. Click File > Exit.

7. Right-click on NEW TEXT DOCUMENT.TXT and then click Rename.

8. Type: COPYHTMLCODE.HTM and press [Enter].

9. Right-click on Start and then click Explore.

10. If necessary, resize Windows Explorer so that the desktop

is also visible.

11. In Windows Explorer, navigate to C:\

12. Drag and drop COPYHTMLCODE.HTM from the desktop

to C:\ in Windows Explorer.

Next, backup the Windows registry, as described in the previous

Internet Explorer tip.

Once you have backed up your registry, proceed as follows:

1. Click Start > Run.

2. Type: regedit and press [Enter].

3. Navigate to the registry key:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\

4. If the key MenuExt is not present: right-click on the key

Internet Explorer in the left-hand pane and then click New > Key.

5. If the key MenuExt is not present: type: MenuExt for the new key

name and press [Enter].

6. Right-click on the key MenuExt in the left-hand pane.

7. Click New > Key.

8. Type: Copy HTML for the new subkey name and press [Enter].

9. Select the subkey Copy HTML in the left-hand pane.

10. Double-click the value (Default).

11. Type c:\CopyHTMLCode.htm in the Value Data field.

12. Click OK.

13. Right-click somewhere empty in the right-hand pane of the

Registry Editor.

14. Click New > Binary Value.

15. Type Contexts for the value name and press [Enter].

16. Double-click on the new value Contexts and type 10 in the Value

Data field.

17. Click OK.

18. Exit the Registry Editor.

-------------------

Incoming Security Alerts to Keep Your PC Healthy

Trojan.Awax

This virus downloads and executes malicious software. It also changes

the Windows registry to lower your security settings.

A quick way to discover if your PC is infected is to search for the

following file(s):

Windows XP: C:\Windows\System32\geede.dll

Windows 2000: C:\Winnt\System32\geede.dll

Windows Me/98SE: C:\WindowsSystem\geede.dll

or

Windows XP: C:\Windows\System32\gebcd.dll

Windows 2000: C:\Winnt\System32\gebcd.dll

Windows Me/98SE: C:\Windows\System\gebcd.dll

To remove this virus, first back up your registry using the

instructions given above.

Once you have backed up your registry, proceed as follows:

1. Click Start > Run.

2. Type: regedit and press [Enter].

3. Go to and delete the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\

{EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D}

4. Go to and delete the registry subkey:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\

CurrentVersion\Explorer\Browser Helper Objects\

{EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D}

5. Go to and delete the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\

CurrentVersion\Winlogon\Notify\[NAME]

Note: [NAME] is likely to be geede.dll or gebcd.dll

6. Go to the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\

CurrentVersion\Explorer\ShellExecuteHooks

7. Delete the value:

"{EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D}" = ""

8. Exit the Registry Editor.

-------------------

Trojan.Tabela.D

This beastie collects email addresses from your computer and then

posts them to a specific server.

A quick way to discover if your PC is infected is to search for the

following registry key: HKEY_CURRENT_USER\SOFTWARE\32235wr

To remove this virus, first back up your registry using the

instructions given above.

Once you have backed up your registry, proceed as follows:

1. Click Start > Run.

2. Type: regedit and press [Enter].

3. Go to and delete the registry subkey:

HKEY_CURRENT_USER\SOFTWARE\32235wr

4. Exit the Registry Editor.

-------------------

Not very interesting things that happened vaguely around this date in

the history of computing:

On the 27th January 1994 Jim Clark left Silicon Graphics Inc. to start

the company Mosaic Communications. This endeavour later changed its

name to Netscape Communications Corp. It is widely acknowledged that

Netscape's free distribution of their browser helped to fuel the

global adoption of the World Wide Web.

-------------------

And as always...remember "trust me, I'm a doctor"!

Dr. Steve North

-------------------

IF CLICKING A LINK DOESN'T WORK...

Copy it, and then paste it into your browser's address bar. Select the entire

link(which starts with http:// and may include more than one line) and then

copyit, usually by clicking the "Edit" menu item and then clicking "Copy".

Next, open your browser and click in the box where you usually see the Web page

address. Paste the link into this box (usually by clicking "Paste" in the "Edit"

menu) and click "Go" or "Enter".

*****************************************************************************

You are receiving this email because you have given us permission to contact

you. If you do not wish to receive further such emails, please click on the

unsubscribelink at the bottom of this message. You will receive no further

emails. If you do not wish to click on the unsubscribe link, please call our

Customer Services department, and one of our representatives will be happy to

unsubscribeyou. The number to call is 0845 358 0030 between 8.30am-6.00pm,

Monday to Friday.

The Windows Advisor E-Alert is a free weekly email service brought to you by

Agora Publications Ltd. To ensure you receive all of your free weekly

newsletters, add windowsadvisor@electricmessage.co.uk to your email program's

white list.

Whilst Agora Publications Ltd makes every effort to ensure that the information

containedwithin this email is accurate, Agora Publications Ltd cannot accept

anyliability for any loss of data or damage to your PC, peripherals or software

asa result of acting or refraining to act on the material contained in this

email. Agora Publications Ltd will not accept any liability for any problems

arisingfrom the use of any of the information supplied in this email. Carrying

outany of the procedures contained within this email confirms your agreement to

this condition.

Query? Please do not reply to this email. Messages to the Windows Advisor

E-Alert sending address will not be seen by customer services. All email

correspondence should be sent to: info@windowsadvisor.co.uk

Email addresschange? Please click on the 'change your details' hyperlink below

toupdate the email address, name or salutation information we have on record

for you.

Know someone who'd like to receive The Windows Advisor E-Alert themselves?

Simply forward the following link to anyone you think could benefit from our

weekly service:

http://www.electricmessage.co.uk/signup.php?sid=52

To unsubscribe from The Windows Advisor E-Alert, please click on the hyperlink

below. If the link is broken, copy and paste the entire link into the address

barof your internet browser program, and click 'Go' to visit the unsubscribe

web page.

To change your details please go to

http://www.electricmessage.co.uk/mailer/edit_details.php?var=NTMyNjU2fGFzc2FtdWVsQG5ldHNjYXBlLm5ldHwxMjU=

To unsubscribe please go to

http://www.electricmessage.co.uk/mailer/unsubscribe.php?var=NTMyNjU2fGFzc2FtdWVsQG5ldHNjYXBlLm5ldHwxMjU=

Dear Mr Samuel Sigbeku,

Message: #67

Saturday 28th January 2006

This week:

* How does a Virus get its Name?

Plus:

* Your Windows/PC Quick Tips of the Week

Continuing with our Series on Adding new Commands to Internet

Explorer's Right-click menu, this week we present the

following examples:

- Force a Web Page Link to Open in the Same Window

- Open a Web Link in a new Window

* Incoming Security Alerts to Keep Your PC Healthy

- W32.Looksky.H@mm

- PWSteal.Tarno.R

-------------------

How does a Virus get its Name?

As a regular reader you may have wondered about the origins of the

weirdand wonderful virus names that we use in The Windows Advisor

E-Alert security updates. Well...we use the same standard as the

securitycompany Symantec. I thought you'd be interested to know about

the naming conventions used to define a new threat. The format for a

Symantec name is: Prefix.Name.Suffix.

However, not all viruses have a suffix. The prefix tells you the

target of the virus (Windows, Word, HTML). The name is just a

descriptivelabel decided by Symantec. It becomes the name for a

familyof viruses, if further variants aresubsequently discovered.

The suffix is either a description of the method of infection

(worm, mass emailing etc), or a version letter used to identify a

newvariant in an existing family of viruses (as provided in the name

field). Please note that a double suffix is sometimes used when both

a letter for the version and a threat type is required. This takes

theformat: Prefix.Name.Suffix.Suffix. For example: W32.Blebla.B.Worm.

The 'B' is required because this is a variant of the original

Blebla virus.

There is one special thing to note about prefixes. Viruses that target

the DOS platform do not use the DOS prefix. In fact, they have no

prefixat all. This is because, in the security world, DOS also stands

for Denial Of Service attack.

The PREFIXES used are: <NONE> (A DOS virus), A2KM (Access macro

virusesthat are native to Access 2000), A97M (Access macro viruses

that are native to Access 97), AM (Access macro viruses that are

native to Access 95), AOL (Trojan horses that are specific to America

Online environments and usually steal AOL password information), BAT

(Batch file threats), Backdoor (Threats may allow unauthorized users

to access your computer across the Internet), Bloodhound (Bloodhound

isthe name of the Norton AntiVirus heuristic scanning technology for

detectingnew and unknown viruses), DDoS (Distributed Denial of

Service threats.Distributed Denial of Service involves using zombie

computers in an attempt to flood an Internet site with traffic), DoS

(Denial of Service threats), HLLC (High Level Language Companion

viruses. These are usually DOS viruses that create an additional file

(the companion) to spread).

HLLO (High Level Language Overwriting viruses) are usually DOS

virusesthat overwrite host files with viral code, HLLP (High Level

Language Parasitic viruses.These are usually DOS viruses that attach

themselvesto host files), HLLW (A worm that is compiled using a High

Level Language.NOTE: This modifier is not always a prefix, it is only

aprefix in the case of a DOS High Level Language Worm. If the Worm is

aWin32 file, the proper name would be W32.HLLW), HTML (Threats that

targetHTML files), IRC (Threats that target IRC applications), JS

(Threats that are written using the JavaScript programming language),

Java (Viruses that are written using the Java programming language),

Linux (Threats that target the Linux operating system).

O2KM (Office 2000 macro viruses.May infect across different types of

Office 2000 documents), O97M (Office 97 macro viruses. May infect

acrossdifferent types of Office 97 documents), OM (Office macro

viruses. May infect across different types of Office documents),

PWSTEAL (Trojan horses that steal passwords), Palm (Threats that are

designed to run specifically on the Palm OS).

Trojan/Troj (These files are not viruses, but Trojan horses. Trojan

horsesare files that masquerade as helpful programs, but are actually

malicious code. Trojan horses do not replicate), UNIX (Threats that

run under any UNIX-based operating system), VBS (Viruses that are

written using the Visual Basic Script programming language).

W2KM (Word 2000 macro viruses.These are native to Word 2000 and

replicateunder Word 2000 only), W32 (32-bit Windows viruses that can

infectunder all 32-bit Windows platforms), W95 (Windows 95 viruses

that infect files under the Windows 95 operating system. Windows 95

viruses often work in Windows 98 also), W97M (Word 97 macro

viruses. These are native to Word 97 and replicate under Word 97

only), W98 (Windows 98 threats that infect files under the Windows 98

operating system. Will only work in Windows 98), WM (Word macro

virusesthat replicate under Word 6.0 and Word 95 -Word 7.0. They may

also replicate under Word 97 -Word 8.0, but are not native to Word

97), WNT (32-bit Windows viruses that can infect under the Windows NT

operating system), Win (Windows 3.x viruses that infect files under

the Windows 3.x operating system).

X2KM (Excel macro viruses that are native to Excel 2000), X97M (Excel

macroviruses that are native to Excel 97. These viruses may replicate

underExcel 5.0 and Excel 95 as well), XF (Excel formula viruses are

viruses using old Excel 4.0 embedded sheets within newer Excel

documents) and XM (Excel macro viruses that are native to Excel 5.0

and Excel 95. These viruses may replicate in Excel 97 as well).

The SUFFIXES used are: @m (Signifies the virus or worm is a mailer. An

exampleis Happy99 -W32.Ska, which only sends itself by email when you

-the user- send mail), @mm (Signifies the virus or worm is a

mass-mailer. An example is Melissa, which sends messages to every

emailaddress in your mailbox), dam (Indicates a detection for files

that have been corrupted by a threat, or that may contain inactive

remnants of a threat, causing the files to no longer be able to

executeproperly or produce reliable results), dr (Indicates that the

detected file is a dropper for another threat).

Family (Indicates a generic detection for threats that belong to a

particularthreat family based on viral characteristics), Gen

(Indicates a generic detection for threats that belong to a particular

threattype based on viral characteristics), Int (Indicates an

intendedthreat. Threats that are intended to spread, but don't due to

bugs or errors in the viral code) and Worm (Indicates a worm, not a

virus. Worms make copies of themselves that they send across a network

or using email, or another transport mechanism).

Applying this knowledge to this week's security alerts, we can see

that: W32.Looksky.H@mm is distributed by mass mailing (@mm) and that

itwill affect all 32-bit Windows versions (W32). We also know that it

is the 8th (H) variant of the virus named Looksky.

PWSteal.Tarno.R is the 18th member of the Tarno password stealing

(PWSteal) virus family.

Simple, huh?

You might also be interested to know that Symantec and various other

key security companies are collaborating on a standard naming scheme

for malware. This is called CME (Common Malware Enumeration) and is

sponsored by the US Department of Homeland Security. Symantec now

quoteCME numbers in conjunction with their own naming conventions (as

detailed above). You can find the CME website at:

http://cme.mitre.org/

-------------------

Windows/PC Quick Tips of the Week

Force a Web Page Link to Open in the Same Window by Adding a Command

to Internet Explorer's Right-click

(Windows XP/2000/Me/98SE - all versions require Internet Explorer 6 -

as script functionality is unpredictable with version 5 or less)

Internet Explorer has many useful functions on its right-click or

context menu. There is a way to add new right-click entries. This

will speed up your use of Internet Explorer, reducing tasks that

usually require several clicks, down to just one. The right-click

functionadded in this tip will allow you to force Internet Explorer

to open a web link in the current browser window, even if the HTML

code requires it to open a new instance. This complements the existing

'Open in New Window' command.

The first step is to create a web page (using JavaScript) that will be

referencedby a new subkey in the Windows registry:

1. Close all open instances of Internet Explorer (the change to the

right-click menu will only be visible if you do this).

2. Right-click on the desktop and then click New > Text Document.

3. Double-click on NEW TEXT DOCUMENT.TXT.

4. When Notepad opens, type in the following:

<script language="Javascript" defer>

external.menuArguments.location

external.menuArguments.event.srcElement.href;

</script>

5. Click File > Save.

6. Click File > Exit.

7. Right-click on NEW TEXT DOCUMENT.TXT and then click Rename.

8. Type: OPENLINKINSAME.HTM and press [Enter].

9. Right-click on Start and then click Explore.

10. If necessary, resize Windows Explorer so that the desktop

is also visible.

11. In Windows Explorer, navigate to C:\

12. Drag and drop OPENLINKINSAME.HTM from the desktop

to C:\ in Windows Explorer.

Next, backup the Windows registry:

Windows XP (setting a Manual System Restore Point):

1. Click Start > All Programs > Accessories >

System Tools > System Restore.

2. Select Create a Restore Point and click Next.

3. Type a memorable name for your restore point.

4. Click Create.

5. Click Close.

Windows 2000 - (Using the Backup Wizard):

1. Click Start > Programs > Accessories >

System Tools > Backup > Welcome > Backup Wizard.

2. Click Next.

3. Select Only back up the System State data and click Next.

4. Click Browse.

5. If the Insert Disk warning message is displayed,

click Cancel.

6. From the Look in drop-down box, choose Desktop.

7. In the File name field, type a suitable file name.

8. Click Open > Next > Finish.

9. When you see the message The backup is complete, click Close.

10. Close the Backup Utility window.

Windows Me/98SE (using the Windows Registry Checker - SCANREGW.EXE):

1. Click Start > Run.

2. Type: scanregw

3. Click OK.

4. Click Yes > OK.

Once you have backed up your registry, proceed as follows:

1. Click Start > Run.

2. Type: regedit and press [Enter].

3. Navigate to the registry key:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\

4. If the key MenuExt is not present: right-click on the key

Internet Explorer in the left-hand pane and then

click New > Key.

5. If the key MenuExt is not present:

type: MenuExt for the new key name and press [Enter].

6. Right-click on the key MenuExt in the left-hand pane.

7. Click New > Key.

8. Type: Open Link in same Window for the new subkey name and

press [Enter].

9. Select the subkey Open Link in same Window in the

left-hand pane.

10. Double-click the value: (Default).

11. Type: c:\OpenLinkInSame.htm in the Value Data field.

12. Click OK.

13. Right-click somewhere empty in the right-hand pane of the

Registry Editor.

14. Click New > Binary Value.

15. Type Contexts for the value name and press [Enter].

16. Double-click on the new value Contexts and type 20 in the

Value Data field.

17. Click OK.

18. Exit the Registry Editor.

If you now open Internet Explorer, you will see the new addition to

the right-click menu. If this is a function that is applied only to

selectedtext, you may need to select a word or phrase in a web page,

before your new item appears when you right-click.

-------------------

Open a Web Link in a new Window by Adding a Command to Internet

Explorer's Right-click

(Windows XP/2000/Me/98SE - all versions require Internet Explorer 6 -

as script functionality is unpredictable with version 5 or less)

This tip will allow you to force Internet Explorer to open a link in

another browser window, even when it is HTML coded to replace the

current page. This is very similar to Internet Explorer's existing

'Open in New Window' command.However, this new command is a slight

improvement. It often works even when HTML and scripting have been

designed not to allow you to open a new window.

The first step is to create a web page (using JavaScript) that will be

referencedby a new subkey in the Windows registry:

1. Close all open instances of Internet Explorer (the change to the

right-click menu will only be visible if you do this).

2. Right-click on the desktop and then click New > Text Document.

3. Double-click on NEW TEXT DOCUMENT.TXT.

4. When Notepad opens, type in the following:

<script language="JavaScript" defer>

var st_link = unescape(external.menuArguments.event.srcElement.href);

var pos = st_link.indexOf("http://", 7);

var st_elink = st_link.substr(pos);

window.open(st_elink);

</script>

5. Click File > Save.

6. Click File > Exit.

7. Right-click on NEW TEXT DOCUMENT.TXT and then click Rename.

8. Type: OPENENCODED.HTM and press [Enter].

9. Right-click on Start and then click Explore.

10. If necessary, resize Windows Explorer so that the desktop is

also visible.

11. In Windows Explorer, navigate to C:\

12. Drag and drop OPENENCODED.HTM from the desktop to C:\

in Windows Explorer.

Next, backup the Windows registry, as described in the previous

Internet Explorer tip.

Once you have backed up your registry, proceed as follows:

1. Click Start > Run.

2. Type: regedit and press [Enter].

3. Navigate to the registry key:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\

4. If the key MenuExt is not present: right-click on the key

Internet Explorer in the left-hand pane and then click New > Key.

5. If the key MenuExt is not present: type: MenuExt for the new

key name and press [Enter].

6. Right-click on the key MenuExt in the left-hand pane.

7. Click New > Key.

8. Type: Open Link in new Window for the new subkey name and

press [Enter].

9. Select the subkey Open Link in new Window in the left-hand pane.

10. Double-click the value (Default).

11. Type: c:\OpenEncoded.htm in the Value Data field.

12. Click OK.

13. Right-click somewhere empty in the right-hand pane of the

Registry Editor.

14. Click New > Binary Value.

15. Type Contexts for the value name and press [Enter].

16. Double-click on the new value Contexts and type 20 in the

Value Data field.

17. Click OK.

18. Exit the Registry Editor.

-------------------

Incoming Security Alerts to Keep Your PC Healthy

W32.Looksky.H@mm

This virus collects email addresses from your computer and then uses

its own mail software to distribute itself. It also steals any

personal information that you type when visiting web sites.

A quick way to discover if your PC is infected is to search for the

following file(s):

Windows XP: C:\Windows\sachostx.exe

Windows 2000: C:\Winnt\sachostx.exe

Windows Me/98SE: C:\Windows\sachostx.exe

To remove this virus, first back up your registry using the

instructions given above.

Once you have backed up your registry, proceed as follows:

1. Click Start > Run.

2. Type: regedit and press [Enter].

3. Go to the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\

CurrentVersion\Run

4. In the right pane, delete the value:

"HostSrv" = "%Windir%\sachostx.exe"

5. Exit the Registry Editor.

-------------------

PWSteal.Tarno.R

This beastie steals passwords from web forms.

A quick way to discover if your PC is infected is to search for the

following file(s):

Windows XP: C:\Windows\System32\svchost.dll

Windows 2000: C:\Winnt\System32\svchost.dll

Windows Me/98SE: C:\Windows\System\svchost.dll

Or

Windows XP: C:\Windows\System32\winsetup.exe

Windows 2000: C:\Winnt\System32\winsetup.exe

Windows Me/98SE: C:\Windows\System\winsetup.exe

To remove this virus, first back up your registry using the

instructions given above.

Once you have backed up your registry, proceed as follows:

1. Click Start > Run.

2. Type: regedit and press [Enter].

3. Go to the registry subkey:

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\

sharedaccess\parameters\firewallpolicy\standardprofile\

authorizedapplications\list

4. In the right pane, delete the value:

"[LOCATION OF VIRUS]" = "[LOCATION OF VIRUS]

:*:enabled:EarthWormJimm"

5. Go to and delete the registry subkey:

HKEY_LOCAL_MACHINE\Software\Classes\svchost.Update

6. Go to and delete the registry subkey:

HKEY_CLASSES_ROOT\CLSID\{3A4E6FF3-BF59-446E-9DC8-731BCE2F349A}

7. Go to and delete the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\

Explorer\BrowserHelper Objects\

{3A4E6FF3-BF59-446E-9DC8-731BCE2F349A}

8. Exit the Registry Editor.

-------------------

Not very interesting things that happened vaguely around this date in

the history of computing:

On January 28th 1952, the Bank of America instructed SRI (Stanford

Research Institute) to build the first model of ERMA (Electronic

Recording Machine Accounting).The bank needed ERMA to handle cheque

processingand account maintenance. This was at a time when the

creation of many new local branches and an increase in the use of

cheques, was threatening to overwhelm the bank's manual systems. ERMA

remainedin service until 1970. As with most contemporary IT projects,

ERMA'sestimated maximum budget of $850,000 is widely believed to have

topped $10 million by completion!

-------------------

And as always...remember "trust me, I'm a doctor"!

Dr. Steve North

-------------------

IF CLICKING A LINK DOESN'T WORK...

Copy it, and then paste it into your browser's address bar. Select the entire

link(which starts with http:// and may include more than one line) and then

copyit, usually by clicking the "Edit" menu item and then clicking "Copy".

Next, open your browser and click in the box where you usually see the Web page

address. Paste the link into this box (usually by clicking "Paste" in the "Edit"

menu) and click "Go" or "Enter".

*****************************************************************************

You are receiving this email because you have given us permission to contact

you. If you do not wish to receive further such emails, please click on the

unsubscribelink at the bottom of this message. You will receive no further

emails. If you do not wish to click on the unsubscribe link, please call our

Customer Services department, and one of our representatives will be happy to

unsubscribeyou. The number to call is 0845 358 0030 between 8.30am-6.00pm,

Monday to Friday.

The Windows Advisor E-Alert is a free weekly email service brought to you by

Agora Publications Ltd. To ensure you receive all of your free weekly

newsletters, add windowsadvisor@electricmessage.co.uk to your email program's

white list.

Whilst Agora Publications Ltd makes every effort to ensure that the information

containedwithin this email is accurate, Agora Publications Ltd cannot accept

anyliability for any loss of data or damage to your PC, peripherals or software

asa result of acting or refraining to act on the material contained in this

email. Agora Publications Ltd will not accept any liability for any problems

arisingfrom the use of any of the information supplied in this email. Carrying

outany of the procedures contained within this email confirms your agreement to

this condition.

Query? Please do not reply to this email. Messages to the Windows Advisor

E-Alert sending address will not be seen by customer services. All email

correspondence should be sent to: info@windowsadvisor.co.uk

Email addresschange? Please click on the 'change your details' hyperlink below

toupdate the email address, name or salutation information we have on record

for you.

Know someone who'd like to receive The Windows Advisor E-Alert themselves?

Simply forward the following link to anyone you think could benefit from our

weekly service:

http://www.electricmessage.co.uk/signup.php?sid=52

To unsubscribe from The Windows Advisor E-Alert, please click on the hyperlink

below. If the link is broken, copy and paste the entire link into the address

barof your internet browser program, and click 'Go' to visit the unsubscribe

web page.

To change your details please go to

http://www.electricmessage.co.uk/mailer/edit_details.php?var=NTMyNjU2fGFzc2FtdWVsQG5ldHNjYXBlLm5ldHwxMjU=

To unsubscribe please go to

http://www.electricmessage.co.uk/mailer/unsubscribe.php?var=NTMyNjU2fGFzc2FtdWVsQG5ldHNjYXBlLm5ldHwxMjU=