AKS™ – Feel The Change!

     Need to find out where programs launch themselves from? Check out the following..

      Run - These are the most common startup locations for programs. In HKEY_LOCAL_MACHINE, the file will startup for all users. In HKEY_CURRENT_USER, it will startup only with the current user. By default these keys are not executed in Safe mode. If you prefix the value of these keys with an asterisk, *, it will run in Safe Mode.

Registry Keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Run

    

      RunOnce Local Machine Key – These keys are designed to be used primarily by Setup programs. Entries in these keys are started once and then are deleted from the key. If there a exclamation point preceding the value of the key, the entry will not be deleted until after the program completes, otherwise it will be deleted before the program runs. This is important, because if the exclamation point is not used, and the program referenced in this key fails to complete, it will not run again as it will have already been deleted. All entries in this key are started synchronously in an undefined order. Due to this, all programs in this key must be finished before any entries in HKEY_LOCAL_MACHINE\…\Run, HKEY_CURRENT_USER\…\Run, HKEY_CURRENT_USER\…\RunOnce, and Startup Folders can be loaded. The RunOnce keys are ignored under Windows 2000 and Windows XP in Safe Mode. The RunOnce keys are not supported by Windows NT 3.51.

Registry Keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\RunOnceEx

 

    

RunOnce Current User Key

Registry Key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\RunOnce

    

      RunServicesOnce - This key is designed to start services when a computer boots up (only on next startup). These entries can also continue running even after you log on, but must be completed before the HKEY_LOCAL_MACHINE\…\RunOnce registry can start loading its programs.

Registry Keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\RunServicesOnce 

HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\RunServicesOnce

     

      RunServices – This key is designed to start services as well. These entries can also continue running even after you log on, but must be completed before the HKEY_LOCAL_MACHINE\…\RunOnce registry can start loading its programs.

Registry Keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\RunServices 

HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\RunServices

Logon Prompt is placed on Screen. After a user logs in the rest of the keys continue.

      ActiveX Component – This is the startup method used by Bifrost
Registry keys:

HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{4175C5F3-D47F-143B-DD4D-E67A0EB4E773} – StubPath = "Exe path"

HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{4175C5F3-D47F-143B-DD4D-E67A0EB4E773} – StubPath = "Exe path"

      

      All Users Startup Folder – For Windows XP, 2000, and NT, this folder is used for programs that should be auto started for all users who will login to this computer. It is generally found at:

Windows XP C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Windows NT C:\wont\Profiles\All Users\Start Menu\Programs\Startup

Windows 2000 C:\Documents and Settings\All Users\Start Menu\Programs\Startup

     

      User Profile Startup Folder – This folder will be executed for the particular user who logs in. This folder is usually found in:

 
Win 9X, ME C:\windows\start menu\programs\startup

Windows XP C:\Documents and Settings\LoginName\Start Menu\Programs\Startup

    

       Explorer Run – These keys is generally used to load programs as part of a policy set in place on the computer or user. Pain RAT server can use this key to run on startup

Registry Keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\Policies\Explorer\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Policies\Explorer\Run

 

        UserInit Key – This key specifies what program should be launched right after a user logs into Windows. The default program for this key is C:\windows\system32\userinit.exe. Userinit.exe is a program that restores your profile, fonts, colors, etc for your username. It is possible to add further programs that will launch from this key by separating the programs with a comma.

For example:

  HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit =C:\windows\system32\userinit.exe, c:\windows\badprogram.exe.

     This will make both programs launch when you log in and is a common place for trojans, hijackers, and spyware to launch from.

Registry Key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

  

       Load Key – This key is not commonly used anymore, but can be used to auto start programs.

Registry Key:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load

    

       Notify – This key is used to add a program that will run when a particular event occurs. Events include logon, logoff, startup, shutdown, startscreensaver, and stopscreensaver. When Winlogon.exe generates an event such as the ones listed, Windows will look in the Notify registry key for a DLL that will handle this event. Malware has been known to use this method to load itself when a user logs on to their computer. Loading in such a way allows the malware program to load in such a way that it is not easy to stop.

Registry Key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

   

       AppInit_DLLs – This value corresponds to files being loaded through the AppInit_DLLs Registry value.
The AppInit_DLLs registry value contains a list of dlls that will be loaded when user32.dll is loaded. As most Windows executables use the user32.dll, that means that any DLL that is listed in the AppInit_DLLs registry key will be loaded also. This makes it very difficult to remove the DLL as it will be loaded within multiple processes, some of which can not be stopped without causing system instability. The user32.dll file is also used by processes that are automatically started by the system when you log on. This means that the files loaded in the AppInit_DLLs value will be loaded very early in the Windows startup routine allowing the DLL to hide itself or protect itself before we have access to the system.

Registry Key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows

     

        ShellServiceObjectDelayLoad – This Registry contains values in a similar way as the Run key does. The difference is that instead of pointing to the file itself, it points to the CLSID’s InProcServer, which contains the information about the particular DLL file that is being used.

The files under this key are loaded automatically by Explorer.exe when your computer starts. Because Explorer.exe is the shell for your computer, it will always start, thus always loading the files under this key. These files are therefore loaded early in the startup process before any human intervention occurs.

Registry Key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\ShellServiceObjectDelayLoad

    

       SharedTaskScheduler – This section corresponds to files being loaded through the SharedTaskScheduler registry value for XP, NT, 2000 machines..
The entries in this registry run automatically when you start windows.

Registry Key:

 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Explorer\SharedTaskScheduler

The following are files that programs can autostart from on bootup:

1. c:\autoexec.bat

2. c:\config.sys

3. windir\wininit.ini – Usually used by setup programs to have a file run once and then get deleted.

4. windir\winstart.bat

5. windir\win.ini – [windows] "load"

6. windir\win.ini – [windows] "run"

7. windir\system.ini – [boot] "shell"

8. windir\system.ini – [boot] "scrnsave.exe"

9. windir\dosstart.bat – Used in Win95 or 98 when you select the "Restart in MS-DOS mode" in the shutdown menu.

10. windir\system\autoexec.nt

11. windir\system\config.nt

 

[Source]

 

         In windows environment, the hibernation is a built-in feature used to increases your work performance and also minimizes the windows start up time. For example, if you have to keep open a lot of files and windows applications then you can leave you system in hibernation mode without closing the open programs. When you restart computer after hibernation, all the running files and applications will be restore as you have left them. Windows store the all hibernated information in the Hiberfil.sys file using system root folder. The size of this file is roughly equal to the RAM of your system.

Follow the given steps to activate the hibernation in windows XP:

To use this feature, you will need to be logged into your computer with administrative rights.

1. First click on Start button and then Control Panel.

       

2. Click on Performance and Maintenance

    

3. Then click on Power Options

    

4. A new "Power Options Properties" dialog box will appear, select Hibernate tab and then select the "Enable hibernation" check box to enable the hibernate feature.

          

5. After enabling the hibernation feature click on Start button then click on "Turn off Computer". In the "Turn off Computer" dialog box, press the "Shift" for some time and click on Hibernate button. Your system will take some time to complete the hibernation process.

             

Enjoy !

       This tutorial will basically sum up speeding up Firefox. I will also post add-ons that are very helpful for smooth browsing on firefox.

       First make sure you download Firefox. Why? Because its much faster, updated frequently, and allows you to do much more then any other browser.

Download Firefox

Speeding Up Firefox

      Alright these are some simple and easy changes that will speed up Firefox by about 300%!

Pipelining:- Pipelining is what loads every single page you click. At default, it is set to download 1 thing at a time. That can take a long time, so were going to make it load 30 at a time! This will speed up web browsing quite a bit.

               Steps to follow:-

       

• Open up Firefox
• Type “about:config” in the URL bar
• In the config, search “pipelining”
• Look for a file called “network.http.pipelining”
• Double click network.http.pipelining, which will set it to true
• Now look for “network.http.pipelining.maxrequests”
• Double click network.http.pipelining.maxrequests and set the value to 30 NOT HIGHER!
• Now Restart firefox

note how much faster web pages will load! (especially akshat.07x.net:P)

   Firefox Ultimate Optimizer:- When Firefox is running, it uses quite a lot of ram. This can slow down other programs that you may have running and web browsing. This program will cut it down by about 95%!

How much memory do you use?

• Open Firefox
• Open control manager (Ctrl+Alt+delete)
• On the control manger click the “Processes” tab
• Under Image Name look for “firefox.exe”
• Look at the Mem Usage

Firefox Ultimate Optimizer Tutorial

• Download Firefox Ultimate Optimizer
• Extract it to you desktop
• While Firefox is running, run the program
• Check your memory usage again

     note how much less memory (RAM) is being used by Firefox!

Faster Fox:- Faster Fox is an add-on that loads page links before you click them. For instance, if you were on YouTube’s front page, it would be loading every link, video, etc. That way when you click that link, there is much less loading time.

Faster Fox Tutorial:-

• Download it
• Restart Firefox

Do all that and Firefox run, so fast, you can’t imagine .

Add-ons 

    Add-ons are the second reason I use Firefox. Firefox has so many help add-on’s. This is a list of some of my favorites and must haves.

Adblock Plus

       This blocks advertisements from showing up when searching the web.

NoScript

     Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks.

Enjoy your faster firefox

 

       Yes, you read it right .You can change the name of Recycle Bin of your system if you wish. It is very easy and interesting but it require some changes in windows registry.

Follow these steps :-

1. First click on the Start button and click Run

2. Type regedit.exe or just regedit and press enter.

            

3. In regedit editor open HKEY_CLASSES_ROOT folder, in this folder open the CLSID folder then open the {645FF040-5081-101B-9F08-00AA002F954E} folder and then ShellFolder folder at last.

          

4. Here simply change the data value from "40 01 00 20" to "50 01 00 20".

5. Once completed change the "CallForAttributes" dword value to "0×00000000" (double-click and change value data to 0). You must change both of these values to get the rename option to appear

           

    After performing all above steps close registry now check for rename option after right clicking on Recycle Bin icon if it doesn’t appear then restart your computer then again check this time you will find rename option. 

                        

Now you can change new name as you wish.

                         

Isn’t it interesting ?

Enjoy !

 

 

       Today, i read an article on my friend Rick’s (whatsonmypc ) blog about “Free layers of protection”. It somehow inspired me to write about how to check the security of your machine on Internet. So now, I’m starting an Internet security Test Series which cover all test to check your computer security on internet one by one, which helps you to know how much safe you are.

              In Internet Security Series-I  today we test firewall

         Basically, a firewall is a barrier to keep destructive forces away from your property/computer. In fact, that’s why its called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next.

       So, this test will check your computer for ports that are commonly left open. Open ports could allow your computer to be compromised. This firewall test will also check for open ports known to be used by Viruses and Trojans.

      

       Are you ready to test your firewall?

    1. if yes,then Click Here

       

    2. Scroll down and you find a heading firewall testing -get started. In a box enter your IP which is written on that page and enter.

                   

    3.  Here you can choose which type of security scan you want to perform:

• Standard Security Scan- This is for most internet users. This security scan checks commonly used ports as well as test for known ports used by trojan and virus programs.
• Ranged Security Scan – This scan allows you to test a range of ports to help determine services running on all 65,535 ports. This is for network administrators and security professionals .
• Advanced Security Scan- This gives you option to enter the ports you want scanned. Simply separate them with a comma such as 23,80,27374. For a UDP port scan ,simply add UDP, to the list of ports, for example: UDP,20,23.

   

      4. After Select anyone of the above three click start scan. After few seconds this will display your result.

      Now you can see how powerful and secure firewall you have ..

      To see which firewall is good, check Matousec firewall challenge.

 

 

               Keep checking my posts…More to come…!!