Restoring System against common attacks !

Registry editing has been disabled



If you ever encountered above error, i.e. "Registry editing has been disabled by your administrator" on Windows XP or any other Windows NT Operating system, this may help you.


I have encountered the above error while patching registry. Even manual "regedit" was not working.


Here is simple solution.


Click "Start >> Run" or press "[window key + R ]" and type this command exactly as given below (or you can copy-paste it too)


REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f





Folder Options Disabled



Go to run


Type "control folders"


If it doesnt work, try:



Solution 1:


->Run -> Type gpedit.msc


Then:->User Configuration ->Administrative Templates --> Windows Components --> Windows Explorer-> Removes the Folder Options menu item from the Tools menu.


Right click:-> Properties -> Disable ->Apply -> Again set it to not configured




Solution 2:


Go to Startmenu->Run and enter regedit there and press ok to execute regedit (registry editor).

There you’ll see a tree like structure of folders like stuff in left.

There navigate to registry entry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
and on right side you’ll see many values.


Out of these values in right see a value (key) named “NoFolderOptions” .Double click after highlighting it, if there under value box it’s written 1 then change it to 0 and press enter. Exit the registry editor and close any folder and open again to see the settings.

If you want to disable Folder Options then set the value of “NoFolderOptions” to 1 (and to retrieve it back change it to 0).





Orkut is banned u fool..MUHAHAHA...



How to fix the Orkut is banned you fool! Virus


Orkut is banned you fool, The administrators didnt write this program guess who did?? MUHAHAHA!!! with title ORKUT IS BANNED.

Well, a similar message was displayed for YouTube also.


Solution given here:


1. Press CTRL+ALT+DEL and go to the processes tab


2. Look for svchost.exe under the image name. There will be many but look for the ones which have your username under the username


3. Press DEL to kill these files. It will give you a warning, Press Yes


4. Repeat for more svchost.exe files with your username and repeat. Do not kill svchost.exe with system, local service or network service!


5. Now open My Computer


6. In the address bar, type C:\heap41a and press enter. It is a hidden folder, and is not visible by default.


7. Delete all the files here


8. Now go to Start --> Run and type Regedit


9. Go to the menu Edit --> Find


10. Type "heap41a" here and press enter. You will get something like this "[winlogon] C:\heap41a\svchost.exe C:\heap(some number)\std.txt"


11. Select that and Press DEL. It will ask "Are you sure you wanna delete this value", click Yes


12. Now close the registry editor.


Now the virus is gone. But be sure to delete the autorun.inf file and any folder whose name ends with .exe in the pen drive.


UPDATE


It seems that they have named this malware as w32.USBWorm and according my friend, Avast is able to detect and remove it. I hope the other antivirus software will also be able to remove it soon.





Remove ntde1ect.com virus=show hidden files problem



First method


1) Open up Task Manager (Ctrl-Alt-Del)


2) If wscript.exe is running, end it.


3) If explorer.exe is running, end it.
4) Open up “File | New Task (Run)” in the Task manager


5) Run cmd


6) Run the following command on all your drives by replacing c:\ with other drives in turn


del c:\autorun.* /f /a /s /q


7) Go to your Windows\System32 directory by typing cd c:\windows\system32


8) Type dir /a avp*.*


9) If you see any files names avp0.dll or avpo.exe or avp0.exe, use the following commands to delete each of them:


attrib -r -s -h avpo.exe


del avpo.exe


10) Use the Task Manager’s Run command to fire up regedit


11) Navigate to HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run


12) If there are any entries for avpo.exe, delete them.


13) Do a complete search of your registry for ntde1ect.com and delete any entries you find.


14) Restart your computer.





Second method


RUN>> type "regedit"(without quotes) & press enter >> then go to>>


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\


Now u can see two keys CheckedValue and DefaultValue


Double Click on CheckedValue and set the value 1 from 0


Double Click on DefaultValue and set the value 2 from 1


Now exit and watch