this page is about cleaning up virus malware and file system damage
also see my other help pages helpself, fixit, & diypc,

READ THIS FIRST


C:\selfhelp>type selfhelp.htm
C:\selfhelp>cd..\shops to get your own parts, systems and contact other technicians
C:\selfhelp>cd..\slipstream scifi-xp enter the slipstream
cool web search bots
clean mru regfile
windows nt? 2k xp boot disk maker
throber.reg
web page template containing web page editing reg file
dell?, "darwin", are you spamming your friends
Macro virus in Word privacy? so do we RTF it? or
do you save as web page & cleanup you word.html or daub dung on paper? .
d o s u s b bootdisk
ntfsdos for free
hotflasher


Using thease DIY instructions constitutes an agreement
to the conditions of the statement listed below:
(( you are "I" and "my" "me" ))

"I" understand that the instructions on this page
are presented to inform people about computer maintainance. 

"I" understand that I may print and make copies of these 
instructions for informational purposes for my personal use.

"I" understand that I am also permitted to distribute 
copies of the instructions to others for their personal use.

"I" agree that the affect of these instructions 
are "my" responsibility, and are not the responsibility of WAP Tek.

"I" agree that WAP Tek assumes no responsibility for the 
integrity, functionality or safety of these instructions.

"I" agree to hold WAP Tek harmless 
for any affect of the instructions. 

"I" agree that most of if not all the problems
 my computer is having may be caused by;
 "I" and "my" "me"
 microsoft products like
 windows 95, 98, 9X(AKA Milenium or ME), nt, 2000, xp, iis server,
 internet explorer, media player, outlook, outlook express,  etc...  etc...

 and or

 spyware, malware, spam, real player, quick time, aol,

To proceed to the instructions page .......
. . . . . . . . . . . . . . . . . , . . . . . . . . . . . .

please read on ..











"right click" here to get the files i use to fix computers
save it to a directory on your computer..call the directory c:\f-prot
and run the bat file
... why the hell would they not allow "right click find" in My Documents folder
"right click" here to get a reg hack to fix this crap!!!!





============================================

virus's, worms, Trojans, and malware, oh my.

============================================

Windows Me/XP only
skip this step for dos/Windows; 31, 95, 98, nt,or 2k

0. turn off System Restore right now!

   Windows Me/XP "normaly" uses this feature
    to repair damaged files on your computer
   you need to turn off System Restore because;
    Windows prevents outside programs, from modifying System Restore 
    including antivirus programs or tools and
    system Restore will happily restore the unwanted file to your computer.
   ___________________________________________ 
   To disable Windows Me System Restore
   
    Click "Start", "Settings", "Control Panel".
    click "View all Control Panel options" if needed
    Double-click "System" icon, click "Performance",  "File System", 
    "Troubleshooting" check-mark the "Disable System Restore" box
    Click OK , Yes, Windows will restart.

    then after you are in windows again
    delete the c:\_RESTORE folder if possible
   ___________________________________________
   To disable Windows XP System Restore
   
    You must be logged in as an Administrator
    Click "Start", "Programs", "Accessories",
    "Windows Explorer", "My Computer",click "Properties".
    Click "System Restore" check-mark the "Turn off System Restore" 
    or check-mark the "Turn off System Restore on all drives" check box.
    Click Apply, and then click OK.

    then after you are in windows again
    delete the c:\_RESTORE folder if possible
   __________________________________________

1. make a directory named c:\f-prot to
   save all the files you need to fix the machiene

2. If your computer is "compromized" the web browser is 
   probibly not going to let you get all the nesesarry files.
   so download:
the 1/2 Mb "off by one" microbrowser at
http://browsers.evolt.org/?offbyone/win32
or the 1 Mb "off by one" browser at
http://www.offbyone.com
the 3.45 Mb opera web browser at
http://browsers.evolt.org/?opera/win/606/en/std
or the 6.08 Mb mozilla web browser at
http://browsers.evolt.org/?mozilla/phoenix

   save one or all of them to c:\f-prot
   and run the installs for each of them.
   use one to get the rest of the needed files

       IF YOU ARE TRYING TO REPAIR YOUR COMPUTER
         DO NOT USE INTERNET EXPLORER DAMNIT!!
       IT IS DESIGNED TO COOPERATE WITH MALWARE 

3. download art's f-prot for DOS updaters at
http://home.epix.net/~artnpeg/F-pup.exe
and
http://www.epix.net/~artnpeg/F-UPDATE.ZIP
   and save them to c:\f-prot

4. click "start" "run" and type "command.com" or "cmd.exe"
   command.com or cmd.exe
   then type:
  "cd c:\f-prot"
  "f-pup.exe"
   let it install itself to c:\f-prot
   (by default it will run fp-up.exe for you)
   let it get f-prot for dos, updates, etc..
   when it is done updating click its "menu" then "exit" 
   click "start" "run" and type "command.com" or "cmd.exe"
   "cd c:\f-prot"
   "unzip F-UPDATE.ZIP"
   press " [n] then [enter] " to any "overrite y/n" questions

   then type 
   "F-UPDATE.exe"
   let it get f-prot for dos, updates, etc.. again!!

   click "start" "run" and type: or paste this in as the command
   "c:\f-prot\f-prot.exe c:\*.* /archive /packed /collect /nomem /auto /disinf /delete /ARCHIVE "

   let it kill every thing it can
5. go to http://www.lavasoft.de/support/download/
   download "ad-aware", "the Latest reference file", and "reghance"
   to the c:\f-prot directory
   then
   click "start" "run" and type "command.com" or "cmd.exe"
   "cd c:\f-prot"
   "unzip reflist.zip"

   OR...
     alternativly
     click "start" "run" and type "command.com" or "cmd.exe"
     "cd c:\f-prot"
type "wget http://updates.ls-servers.com/reflist.zip"
type "wget http://updates.ls-servers.com/regh.exe"
     if you are very brave then click "start" "run" and type:      
"http://download.com.com/redir?pid=10214379&merid=69274&mfgid=69274<ype=dl_dlnow&lop=link&edId=3&siteId=4&oId=3002-8022-10214379&ontId=8022&destUrl=ftp%3A%2F%2Fftp.download.com%2Fpub%2Fwin95%2Futilities%2Faaw6181.exe"

     then type 
     "unzip reflist.zip"

6. goto http://windowsupdate.microsoft.com/
   run all critical updates for your operating system you can
   or download/save them to
   c:\f-prot


7. Download all the "Removal Tools" and instructions at
....... http://securityresponse.symantec.com/avcenter/tools.list.html andkaspertools,
   and save them to 
   c:\f-prot\Remove

8. now that we have some tools
   restart the computer and
   as it starts hold down [F8]
   select "safe mode"
   after it is in "safe mode"
   Press the keys [Ctrl] [Alt] and tap [Delete] key  once.
   this brings up "close program" or "task manager"
   click once on and "end task" any thing you can but "Explorer"
   do this again if there are more processes in the list
    
9. run all updates you downloaded for your operating
   system  if any require safe mode to install.

10. click "start" "run" c:\f-prot\regh.exe to install reghance and 
    tell it to install its self to c:\f-prot

    click "start" "run" "browse" to "c:\f-prot\aaw???.exe" (or similer)
    to install ad-aware and 
    tell it to install its self to c:\f-prot
   

    click "start" "run" and type "command.com" or "cmd.exe"
    then cd c:\f-prot
    type "unzip reflist.zip"

    click "start", "run" "C:\f-prot\Ad-aware.exe"
    to set the settings as follows 

     click "scan now" "use custom scanning options" and then "cusomize"

     click "general" then 
      uncheck   "run at windows startup"
      checkmark "automaticly save log file"
      uncheck   "automaticly quarentine.."
      uncheck   "safe mode.."

     click "scanning" then 
       checkmark all of them accept "skip non .." and "skip files .."
       click "click here to select drives and folders"
        click the [+] next to the drive (c:) 
        and then checkmark any folders named

         dos(anything)
         documents and settings
         i386 
         my (anything)
         my(anything)
         program files
         recycle(anything) 
         temp 
         win(anything)
          (or just checkmark the whole hard drive and be done with it)

        then click "proceed"

                                                          ___
                                                         /___\_________
                                                        |              |                                                   
                                                        |              |
                                                     ___|___________   |
                                                    `\              \  |
     click "advanced" then                            \              \ |
       on reghance exicutable click the folder icon    \,_____________\|






       and point it to or type C:\F-PROT\RegHance.exe
       checkmark all of the "log-file detail level" checkmarks

     click "automation" then 
      checkmark "use custom scan settings" 
      checkmark all of the "startup action" checkmarks
      
     click "tweak" then under "expert settings"

      click the [+] next to "scanning engine"
       checkmark everything you can

      click the [+] next to "cleaning engine"
       checkmark everything you can

      ignore the [+] next to "ad-watch"

      click the [+] next to "user interface"
       uncheck everything

      click the [+] next to "web update settings"
       checkmark everything you can

      click the [+] next to "misc settings"
       checkmark everything you can

     then click "proceed" twice
      wait 10 seconds then click (!!!once!!!) 
       "abort" and then "finish"
       click the [X] in the upper right hand corner of ad-aware
       thease steps force settings to "take"

    click "start", "run" type "C:\f-prot\Ad-aware.exe" +c
    to let it kill as many malware files as possible

11. goto the "c:\f-prot\Remove" directory on your computer
    read all the instructions for the "symantec Removal Tools"
    and run all of the "symantec Removal Tools" one at a time :-(

12. click "start", "run" and type or paste this in as the command
   "c:\f-prot\f-prot.exe c:\*.* /archive /packed /collect /nomem /auto /disinf /delete /ARCHIVE "
   let it kill every thing it can again!

13. finaly harden your system from attack
start here http://home.epix.net/~artnpeg/Win2KPro.html
  
=================================

"best practices" by Symantec:

=================================

1. Turn off and remove unneeded services.
 By default, many operating systems install auxiliary services
 that are not critical, such as
 an FTP server, telnet, and a Web server.
 These services are avenues of attack.
 If they are removed, blended threats have less
 avenues of attack and you have fewer services
 to maintain through patch updates.

2. If a blended threat exploits one or more network services,
 disable, or block access to, those services
 until a patch is applied.

3. Always keep your patch levels up-to-date,
 especially on computers that host public services
 and are accessible through the firewall,
 such as HTTP, FTP, mail, and DNS services.

4. Enforce a password policy.
 Complex passwords make it difficult to crack password files
 on compromised computers. This helps to prevent or limit
 damage when a computer is compromised.

5. Configure your email server to block or remove email that contains
 file attachments that are commonly used to spread viruses,
 such as .vbs, .bat, .exe, .pif and .scr files

6. Isolate infected computers quickly to prevent further
 compromising your organization. Perform a forensic analysis
 and restore the computers using trusted media.

7. Train employees not to open attachments unless they are expecting them.
 Also, do not execute software that is downloaded from the Internet
 unless it has been scanned for viruses.
 Simply visiting a compromised Web site can cause infection
 if certain browser vulnerabilities are not patched.


====================================================

              "messenger service"

====================================================

"messenger service" example (in ascii)
 _____________________________________________________
|messenger service                                 [X]|
|``````````````````````````````````````````````````   |
|                                                     |
|                                                     |
|                                                     |
|                                                     |
|                                                     |
|                                                     |
|         the Messenger service is enabled            |
|                                                     |
|                  please go to                       |
|                                                     |
| http://www.spywareguide.com/txt_messengerspam.html  |
|                                                     |
|                                                     |
|                                                     |
|                       ______                        |
|                      [  ok  ]                       |
|                       ``````                        |
|_____________________________________________________|

-----test it -----
You can verify that the Messenger service is enabled
by typing the following at a command prompt.

  net send 127.0.0.1 "the Messenger service is enabled"

If a message appears, the Messenger service is enabled.


--For Windows 2000--

Click Start | Settings | Control Panel | Administrative Tools | Services
Scroll down and highlight Messenger
Right-click the highlighted line and choose Properties.
Click the STOP button.
Select Disable  in the Startup Type scroll bar
Click OK


--Windows XP Home--

Click Start | Control Panel
Click Performance and Maintenance
Click Administrative Tools
Double click Services
Scroll down and highlight Messenger
Right-click the highlighted line and choose Properties .
Click the STOP button.
Select Disable  in the Startup Type scroll bar
Click OK

--Windows XP Professional--

Click Start | Control Panel
Click Performance and Maintenance
Click Administrative Tools
Double click Services
Scroll down and highlight Messenger
Right-click the highlighted line and choose Properties .
Click the STOP button.
Select Disable in the Startup Type scroll bar
Click OK

--hack it out-------
You can also "remove" it forcibly using this command line

click 'Start", "Run"
Copy or type in the following:

"RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove"

(This is permanent)

-----RE test it -----
You can verify that the service is disabled 
by typing the following at a command prompt.

    net send 127.0.0.1 "the Messenger service is enabled"

If no message appears, the Messenger service has been disabled.



this is NOT the same as "icq",  "aim",
 "instant Messenger", or "msn Messenger"
if you have no need for "Windows Messenger",
 then it can be disabled or removed from your system

from
 http://www.spywareguide.com/txt_messengerspam.html
 "
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 It probibly means your vulnerable.
 Quoting Microsoft's KnowledgeBase article on the subject,

  ..................................................
  "In addition to transmitting net send messages 
  to your computer over the Internet, 
  a malicious user may also be able to use 
  the NetBIOS connection to your computer 
  to perform the following tasks:

  Access your private information 

  Initiate denial of service (DoS) 
   attacks against a high profile Web site

  Distribute software illegally 
   by appropriating space on your hard disk

  For this reason, 
  Microsoft recommends that you install a firewall 
  and configure it to block NetBIOS traffic 
  instead of merely just turning off the Messenger service."
  ...................................................

 If you have not already, 
 block these ports usage on firewall:
 Incoming & Outgoing (anywhere to anywhere)
 UDP and TCP
 Port list: 135, 137, 138, 139, 445
 These ports are used for nothing good 
 and should be closed at once. 
 Contact your firewall vendor if needed
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"




======================================================================


zombie  a.k.a. spam relay, spam proxies, spam zombie, zombie box,.


======================================================================
based on http://cybercoyote.org/security/av-trojan.htm

 A computer under the control of a rouge program or some type of 
 Trojan Horse program.
 Zombie machines are typically used by spammers to relay spam
 and can be used for more nefarious purposes such as
 distributed denial of services attack.
 the computer and its data are basicly under their control.
 Typically zombies are created by users
 who have accidentally run a trojan horse,
 or who have improper security configurations.
 Thus the "nice grandma next door's computer" becomes
 an outlet for potententially damaging activity.


copy "EVERYTHING" off of YOUR computer to an "other computer"
virus scan "EVERYTHING" on the "other computer"
erase/format/"nuke" YOUR computer and reload its software
then copy "EVERYTHING" back to YOUR computer from the "other computer"

or.........
 call an expert to fix it HINT HINT (http://waptek.tk/)





========================================


self help links 
(cut and paste em)


========================================

-----------------------warning--------------------------

          View thease and all "helpfull" sites
only with java, javascript, active-x, plugins and popups turned off
        with a "safed ( de-nutted ) browser
              like opera or off-by-one

--------------------end warning--------------------------
http://www.endpopups.com/
http://www.mvps.org/serenitymacros/
http://www.cexx.org/
http://www.cexx.org/craputer.htm
http://www.cexx.org/junkmail.htm
http://merijn.castlecops.com/programs.php
http://www.ccleaner.com/ccdownload.asp
http://securityresponse.symantec.com/avcenter/tools.list.html
http://vil.nai.com/vil/stinger/
http://www.intermute.com/spysubtract/cwshredder_download.html
http://home.epix.net/~artnpeg/
ftp://ftp.f-prot.com/pub/dos/
http://www.lavasoftusa.com/support/download/
http://updates.ls-servers.com/reflist.zip
http://www.safer-networking.org/en/mirrors/index.html
http://support.microsoft.com/default.aspx?scid=kb;en-us;299958
http://www.majorgeeks.com/download458.html
http://download.zonelabs.com/bin/free/1012_zl/zlsSetup_51_011.exe
http://support.microsoft.com/?kbid=315246
http://www.toejumper.net/speed5/start5.htm
http://www.toejumper.net/maintain4/scan4.htm
http://www.kellys-korner-xp.com/xp_defrag.htm

you are being watched
http://evidence-eliminator-sucks.com/
example of a scam/scare-tactic site 
(with some usefull data in it) at
http://hacker-eliminator.com/bogusscare.html


raw info
http://www.mdgx.com/0.htm
http://users.iafrica.com/c/cq/cquirke/badpc.htm
http://users.iafrica.com/c/cq/cquirke/concept.htm

web mastering
http://w3c.org/
http://www.evolt.org/
http://www.csszengarden.com/
http://jansfreeware.com/jfinternet.htm
http://www.alistapart.com/articles/politics/

faq you
http://mvps.org/dts/Faq/Win-98_faq.htm
http://mvps.org/dts/Faq/win-me_faq.htm
http://users.iafrica.com/c/cq/cquirke/winme.htm

virus etc
http://www.mynetwatchman.com/
http://www.avdisk.org/
http://www.claymania.com/safe-hex.html
http://www.claymania.com/f-prot.html
http://www.claymania.com/virus-ntfs.html


windows mods

http://www.nu2.nu/pebuilder/
http://www.nu2.nu/corpmodboot/
http://www.nu2.nu/bootdisk/network/
http://www.nu2.nu/bootdisk/cdrom/
http://www.nu2.nu/eltorito/

http://www.geocities.com/politalk/win95/emrgcy95.htm
http://www.geocities.com/politalk/win95/ramwin.htm
http://www.geocities.com/politalk/win31/slimwin.htm
http://www.jankie.net/soedesh/20.htm
http://www.undercoverdesign.com/dosghost/dos/w31_vers.htm
http://sourceforge.net/projects/mw16
http://hk.geocities.com/roytam1/
http://vorck.com/2ksp4-basic.html
http://vorck.com/answers-ie.html
http://vorck.com/2ksp4.html
http://web.archive.org/web/19990220193820/http://www.geocities.com/SiliconValley/Pines/2242/nogui.html
http://web.archive.org/web/19991007081638/www.phys.uu.nl/~faber/Windows_No_GUI/
http://web.archive.org/web/20010512105846/http://www.mavrahane.com/program/assembly/assembly/Windows_No_GUI
http://emergedesktop.org/download.php



=====================================================
                                 _   _   _ 
           \  /\  / | |\ |   /  | \ | | |_ 
            \/  \/  | | \|  /   |_/ |_|  _|
  
=====================================================
         On a microsoft windows computer the 
    "filemanager/explorer/graphical user interface"
       is actualy internet explorer stripped down

       so when you notice my instructions saying
  _______________________________________________________
 |click "start" "run" and type "command.com" or "cmd.exe"|
  -------------------------------------------------------
                          DO IT
I am trying to stop your computers "most trusted program" 
                 from doing more damage


dos98
 http://www.fsref.com/pr/dos98.shtml

dos for windows 9X/me/millenium
 http://marcom.euweb.cz/drdos.html
 http://www.geocities.com/mfd4life_2000/
 http://mvps.org/dts/WinME_DOS/Win-ME.htm
 http://dos.e-stone.cn/msdos71/index.htm
 http://users.iafrica.com/c/cq/cquirke/me-dos.htm
 http://lists.contesting.com/archives/html/TRLog/2002-08/msg00031.html


dos for windows nt
 http://www.fsref.com/pr/dosnt.htm
 no "real" method available :(

"dos" for windows 2k
 http://support.microsoft.com/default.aspx?scid=kb;EN-US;216417#2
 http://www.fsref.com/pr/dos2k.htm

"dos" for windows xp
 http://support.microsoft.com/default.aspx?scid=kb;en-us;307654#2
 http://www.windows-help.net/WindowsXP/howto-12.html
 http://www.fsref.com/pr/dosxp.shtml
 
                  DOS propaganda alert
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
......................................................
                        _   _   _
                       | \ | | |_
                       |_/ |_|  _|

                         Because 
     sometimes YOU need ALL of the computers attention
                NOT the other way around

......................................................

 In the movies; if the computer says "NO!" to the human
       that means the computer is the problem ...
                        right???




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
               end DOS propaganda alert

         updated  and repaired via google "Cah-Hay"

             last updated 11:59 PM 11/26/06

C:\SELFHELP>cd.._