I found cracks for Windows Genuine Advantage Validation v1.5.554 and v1.5.708. I went to Windows Update and didn’t find any KB905474 updates as I am still using WGA 1.5.540. Team CRUDE cracked Windows Genuine Advantage Validation v1.5.554 on 2nd October 2006 and they claimed that it is the newest Windows Genuine Advantage from Microsoft. A day later on 3rd October 2006, Team ETH0 released a newer version which is v1.5.708 and they claim that this is the same crack that Microsoft shipped with their Windows XP release some days ago.

Anyway, if you’ve installed the either of the WGA versions above, you can get the cracks at the end of this post.


Team CRUDE’s crack for Windows Genuine Advantage Validation v1.5.554.0 contains cracked LegitCheckControl.dll, WgaLogon.dll and WgaTray.exe. You need to replace the files in your Windows System32 directory. If it says that the file is in use, you’ll need to boot into Safe Mode to replace the files.

As for Team ETH0, it comes with LegitCheckControl.DLL, WgaLogon.dll, WgaTray.exe and an additional batch file installer.bat. Just run the installer.bat file and it will auto kill wgatray.exe process and auto replace LegitCheckControl.DLL, WgaLogon.dll and WgaTray.exe file. Much simpler.

Remember, Team CRUDE’s crack is for WGA v1.5.554 and Team ETH0′s crack is for WGA v1.5.708. Don’t be confused with both different versions! I noticed that Team ETH0′s LegitCheckControl.dll doesn’t have Digital Signatures on it when view the file properties.

[Download Team CRUDE Windows Genuine Advantage Validation v1.5.554.0]
[Download Team ETH0 Windows Genuine Advantage Validation v1.5.708.0]

Probably some of you have heard of BootVis, which can be used to check how long a Windows XP machine takes to boot, and then to optimize the boot process, sometimes considerably reducing the time required. BootVis can be considered as a very useful tool but unfortunately it can only work in Windows XP and it is no longer being supported by Microsoft. There is another alternative called Boot Log XP which is a shareware. It is easier to use compared to BootVis and it gives you important information about started drivers, running processes and loaded DLLs. Boot Log XP also only works on XP because it extracts information from binary ETL file (as BootVis) and interprets results using our own method.

The author of Boot Log XP claims that they are working on a new version which will support XP-64 and for Windows Vista/Seven but it’s been a long time they posted that on their website without any updates. So if you’re on Windows Vista or 7, you can use WinBootInfo as Bootvis alternative.


WinBootInfo is the advanced Windows Boot Analyzer that logs drivers and applications loaded during system boot, measures Windows boot times, records CPU and I/O activity during the boot, and much more! With WinBootInfo, you get to know what actually happens during Windows boot and what process is taking up a long time to start that makes Windows bootup time slower.

WinBootInfo Features:

Windows Boot Time Logging

Detailed information about loaded drivers, applications and system DLLs

Each loaded system component is displayed on the detailed time map

Tree-View of Loaded Processes sorted in time, with all belonging DLLs/Drivers

Different times logged (boot to Login Prompt, Explorer, Session Manager)

Detailed CPU utilization tracking during boot, per every CPU core

I/O activity tracking during boot

System Interrupt / Context Switch tracking during boot

Text Log generation and Printing

History Feature, for comparing current with the past boot results

WinBootInfo is very easy to use. The first time you run it, the program will inform you that there is no boot analysis data recorded and ask if you you want WinBootInfo to log your next Windows boot and collect boot information for analysis.

Clicking Yes will schedule WinBootInfo to track what is being loaded at next restart. The screenshot below shows boot performance. The Boot Process Tree which is on the left shows the process being loaded in order by Windows during startup. In the middle it has detailed boot load history for drivers and applications, and at the bottom it also shows the CPU and disk utilization history during boot.

WinBootInfo only tells you what are being loaded and you will need other software such as Autoruns to disable the process from startup. WinBootInfo is probably the ONLY software in the world that is able to do what it does unless BootLogXP is able to come up with a new version… It cost $14.95 to purchase a single license but you can use it for 30 day free trial without limitations. Although the product page did not mention that it supports Windows 7, but I’ve got confirmation from the author of WinBootInfo that it does. In fact I’ve personally tested WinBootInfo on my Windows 7 Ultimate 32bit and it works perfectly.

[ Download WinBootInfo ]

If you didn’t know, Microsoft Windows does not allow you to autorun USB drives when they are inserted. The Windows Autorun capabilities are restricted to CD-ROM drives and fixed disk drives. No, there are no registry hacks to enable USB drives autorun feature because of security issues. Data theft is one security concern for example. The simplicity of reading and writing to basic USB drives and the reasonable amount of data they can hold makes them an ideal target for this.

Usually when you plug in your USB flash drive, you’ll get a notification asking you what would you like to do.

If your end “Explorer.exe” process, and you plug in your USB flash drive, you won’t even get the prompt. Usually computers that are used for giving exams won’t have “explorer.exe” loaded and that can prevent you from copying the exam data out.

Anyway, if you still would like to automatically launch the program of your choice on your USB Flash Drive everytime you plug it in your computer, then please continue reading. There is a way to make Windows autorun USB flash drives.


Since Windows does not allow flash drive to automatically auto execute any programs, we’ll turn to 3rd party software to do that. I found a few and here is what I have to say about it.

1. AutoRun USB

If you visit AutoRun USB official website now, they no longer offering free version of AutoRun USB. Their latest version of AutoRun USB is version 4 and it cost $4.99. But if you don’t mind using their first version of AutoRun USB, then you can use it for FREE. One thing I don’t like about AutoRun USB is it recognizes autorun.usb instead of autorun.inf. Why don’t they make it standard? You need to manually copy the autorun.usb from C:\Program Files\AutoRun USB to the root of your USB flash drive and edit it with notepad.

[ Download AutoRun USB v1.0 ]

2. BusRunner

If you think AutoRun USB is bad, this is even worst! First of all, I can’t find anything about BusRunner on the official website. Looks like they’ve removed it for good! Next, after installing BusRunner, I see an icon appear at your tray bar. When I plug in my USB flash drive, I can right click on the icon to set the default program to run when it’s plugged in. After I did that, I wasn’t able to safely remove my USB flash drive. I get the error message “Problem Ejecting USB Mass Storage Device. The device ‘Generic volume’ cannot be stopped right now. Try stopping the device again later.” No matter how long I wait, I still won’t be able to safely eject my USB flash drive. The only safe way to eject my USB flash drive is to close BusRunner first, then only I am able to safely remove my USB flash drive. Oh, and BusRunner also doesn’t recognize Autorun.inf. It uses BusRunner.cfg file at the root of your USB flash drive.

[ Download BusRunner ]

3. APO USB Autorun

This is the best if compared with the first two software to can make Windows autorun USB flash drives. APO USB Autorun recognizes the standard autorun.inf (as used with CDs) and executes it. If you don’t know how to write autorun.inf file, this software includes an autorun.inf builder. In addition to the autorun functionality, the program also allows you to quickly access the files on the USB drive(s) from the tray icon menu. APO USB Autorun now comes with plugins to backup/restore folder upon drive insertion.

[ Download APO USB Autorun ]

On December last year I found out about Windows Live Messenger 2009 and mistakenly thought it was official final version but it was actually a public beta. Anyway I installed it on my laptop and is using it until today. So far it has been perfect and never got any problems with it. While I was back in my home town for two weeks last month, I wanted to see my wife from her webcam in her laptop but the “Show my webcam” option has been grayed out. I used TeamViewer to remotely control the computer and ran Audio and video setup, the webcam test was fine… Weirdly the “Start a video call” worked as well.

As you all know, the Internet connection in my hometown is really slow and the video call between me and my wife is terribly slow and I could only see her 1 frame in . I didn’t want to use video call because it requires more bandwidth to transfer both audio and video compared to Show My Webcam which only streams the video. I wasn’t able to find a solution at that time but today I’ve found a workaround to enable Show My Webcam on Windows Live Messenger 2009.


Only my new Acer laptop running Windows Vista with Windows Live Messenger 2009 has the show my webcam missing problem but it was fine on my old laptop that’s running Windows XP with Windows Live Messenger 2009. First thing I did was to uninstall WLM 2009 and then do a reinstallation but no go. Then I thought that the problem could be caused by the Acer Crystal Eye Webcam that is installed by default, so I uninstalled it but still couldn’t use show my webcam option. I also read that antivirus could cause such problems. I terminated Kaspersky Antivirus 2009, all connections has been reset and I had to reconnect the Windows Live Messenger 2009. Suddenly the Show my webcam option is AVAILABLE! I then tried to show my webcam and it worked!

OK I hit the jackpot and thought it was Kaspersky but I was wrong. I rebooted the computer, terminated Kaspersky, ran Windows Live Messenger 2009, connected but this time the show my webcam option is again unavailable. I had to uninstall Kaspersky to confirm that it is not the cause of the problem but still the same. So it’s not Kaspersky…

After further testing, I found out that the show my webcam will be available after syncing the Windows Live Messenger 2009 connection. What you need to do is to run Windows Live Messenger 2009 and sign in as usual. Once you’re signed in, click the small button on the top right, select File > Sign Out.

When you’ve successfully signed out, sign in again. Weirdly that will enable the show my webcam option.

There’s no such problem on my old laptop which I manually installed Windows XP and Vista with external webcam. I am not sure what is the cause of this problem but I believe it should have something to do with either some of the pre-installed software/driver by Acer or the build-in webcam on my new laptop. Well Windows Live Messenger 2009 is still in public beta, so it is expected to have some bugs. With this workaround, I don’t need to revert back to the old Messenger 8.5 and can continue using the beautiful Windows Live Messenger 2009 😉

If we want to know whether a file contains virus or not is by downloading the file to our computer first and then let the antivirus that is installed on our computer do the job. Or another method is to also download the suspicious file to our computer and then upload it to Virustotal or independant antivirus website for scanning. I get a little upset yesterday when I wanted to send a link that contains photos taken during my wedding to a friend in an archive (.zip) file. The first thing that she asked was is that a virus? Are you sending something awful to me? Even after I said that it’s my wedding photo, she still didn’t dare to download because her computer friend told her not to simply download stuff from the Internet…

I don’t know what kind of computer friend she had but am sure he/she is a newbie that is just too afraid too download anything over the Internet even from a trusted friend. If one antivirus doesn’t give her any confidence, then maybe over 40 antivirus in VirusTotal scanning that one file should do it. However that requires her to download the file to her computer first. To solve this problem, here’s a way to scan files with 22 antivirus engines without first downloading it to your computer.


NoVirusThanks, a website that offers free service to analyze your file with 22 AntiVirus Engines and will report back the analysis result has now included a new feature to scan web address. Last year I’ve written about NoVirusThanks but back then it didn’t have such feature.

The new “Scan Web Address” option allow users to scan a file before they download it in their own computer. You can scan, for example, the file located in www.site.com/file.exe before download it in your computer. It can also be used to scan a single web page .html/.php/.js with all the Antivirus engines. Sometimes when a direct download link to a file is being hidden, Scan Web Address can also handle the redirection or any changes in the filename. Other than that, the online scanning feature by NoVirusThanks has been recently optimized for stability and with improved binder detector.

Let me walk you through it on how to scan a file without downloading it to your computer using NoVirusThanks.

1. Find the link that you want to scan. Let’s take DPC Latency Checker for an example. Visit the official DPC Latency Checker download page.

2. Right click on the link that lets you download the file and select Copy Link Location.

3. Now go to NoVirusThanks and click Scan Web Address tab.

4. Right click on the box just below the text that says “Web Address to Scan”, select Paste and finally click the Submit Address button.

5. Wait for about a minute and you will have your report on how many antivirus detected the file as infected.

The advantage of this feature allows you to save your time and bandwidth if you are on a limited plan from your ISP. Other than that, people with fear from downloading files over the Internet can now feel safer to download. I believe the maximum file size limit to scan is 20MB. I tried scanning Kaspersky Anti-Virus 2010 v9.0.0.463 installer file (kav9.0.0.463en.exe) but got the error “Could not fetch the requested address: Failed writing body”.

We all know that we can do nearly everything with Firefox browser. We can check emails, download torrents, upload files to FTP, and the list goes on… Did you know that there’s a collection of extensions to turn your Firefox browser into a security platform? FireCAT stands for FireFox Catalog of Auditing Toolbox and it is a Firefox Framework Map collection of the most useful security oriented extensions. It can be used to turn your favorite browser (Firefox) into a powerful security framework.



At first I thought that FireCAT is a Firefox plugin which you can install and automatically have all 60 security extensions but I was wrong. The official website has 3 types of FireCAT files, FireCAT 1.2 Source (FreeMind), FireCAT 1.2 HTML Browsable and FireCAT 1.2 PDF. Just download the HTML browsable file and you’ll see 7 categories. Expanding the category will give you the place to download the specific extension.

1. Information Gathering
2. Proxying / Web Utilities
3. Editors
4. Security auditing
5. Network Utilities
6. Misc
7. IT Security Related

If you don’t want to try those security extensions on your Firefox browser because it might affect your browser speed, then I suggest you to install it on a Portable Firefox. This way you can have a clean and fast Firefox for browsing and then another Firefox for security auditing. Do take note that you can only run either the installed Firefox on your system or the Portable Firefox at a time.

So which is your favorite Firefox security extension featured in FireCAT?

[ Download FireCAT 1.2 HTML | PDF ]

I’ve found two application that is classified as Deny-A-Buddy (DenyBuddy & No-Buddy) program which allows you to remove your Yahoo! ID from someone elses buddy list. Quick and effective…

Simply login to the name you need to remove and then enter the persons id that you need to remove your name from and then remove it.


1. DenyBuddy

[ Download DenyBuddy ]

2. No-Buddy

[ Download No-Buddy ]

I personally prefer to use DenyBuddy because it has better status reporting than No-Buddy. It will tell you if you’ve signed on, removed your Yahoo! ID from someone elses buddy list, and even closing the application. Even the DenyBuddy Graphical User Interface (GUI) looks better than No-Buddy.

An open proxy is a proxy server which is accessible by any Internet user. Generally, a proxy server allows users within a network group to store and forward internet services such as DNS or web pages so that the bandwidth used by the group is reduced and controlled. With an “open” proxy, however, any user on the Internet is able to use this forwarding service. Most of the time the owner of the proxy server doesn’t know that he/she is running an “open” proxy because of the proxy software misconfiguration. I still remember that the first IT company that I worked in 10 years ago had a Microsoft Proxy server in the network and it is an open proxy.

Open proxy is most commonly used to mask the user’s IP address. It could be to bypass censorship, privacy, or even to avoid detection. To be able to use the open proxy, a software such as Internet Explorer must support using proxy server. Go to Tools > Internet Options > Connections tab > LAN settings. Check “Use a proxy server for your LAN” and enter the proxy IP address and port. Now when you surf the web, the site can’t see your original IP address. Check out the animation below. I visit www.cmyip.com to view my original IP address. Then I configure Internet Explorer to use an open proxy. Refreshing www.cmyip.com website shows the open proxy instead of my original IP.

Unfortunately not all software supports proxy server. If for some reason you need a software to go through a proxy server, here are some third party software that you can use to tunnel windows applications through proxy servers.


There are some freeware such as FreeCap, Hummingbird and SocksCap which is able to redirect connections from programs through SOCKS or Proxy server. I am not going to talk about the free proxy tunneling software because some of them can be really tough to configure for a basic computer user.

However, the paid ones such as Proxifier, ProxyCap and WideCap are way easier to configure and use. So let’s take a look at it.

1. Proxifier

– Proxifier is a program that allows network applications that do not support working through proxy servers to operate through an HTTPS or SOCKS proxy or a chain of proxy servers. With Proxifier you can easily tunnel all connections on the system or separate applications. By default, Proxifier will tunnel all connections automatically after the installation. No configuration needed, however you’ll need to look for open proxy servers and add them to proxy settings. The latest Proxifier v2.7 cost $39.95 for a single user license, but it has been cracked by MAZE (Proxifier.v2.7.Cracked-MAZE)

[ Download Proxifier ]

2. ProxyCap

– ProxyCap enables you to tunnel Internet applications through HTTP, SOCKS v4, and SOCKS v5 Proxy Servers. You can tell ProxyCap which applications will connect to the Internet through a proxy and under what circumstances. This is done through a user friendly interface, without the need to reconfigure any of your Internet clients. ProxyCap provides flexible rule system and allows you to define your own “tunneling” rules. After installation, you’ll need to add a proxy server and then set a rule whether to allow all or specified programs to tunnel through the proxy server. The latest ProxyCap v3.15 cost $30 for a single user license but has been cracked by NJOY from Revenge Crew (ProxyCap.3.15.Crack-REV)

[ Download ProxyCap ]

3. WideCap

– WideCap is system proxifier. It was created as an extended version of FreeCap program with a fully rewritten proxy engine to handle reloading everything on-the-fly. WideCap is fully functional Winsock Service and Namespace provider. That means simply integration into your network subsystem. FreeCap uses injection technology which could cause errors and incompatible problems with some firewalls and anti-viruses. WideCap acts as virtual network driver covering all your TCP/IP activity. No launchers – just run your program as usual and work via proxy. I spent half an hour trying to get WideCap to work because I was unable to get the rules working. Finally I found out that I need to add ANY for address that should go through Proxy. The latest version of WideCap v1.4 cost $20 for 1 license but also has been cracked by lord_Phoenix from Revenge Crew (widecap.1.4.0.539.read.nfo.cracked.exe-rev).

[ Download WideCap ]

Proxifier is the easiest to use with no configuration needed while WideCap is the most advanced proxy tunneling software if compared with the other two. Do take note that WideCap conflicts with other proxy tunneling software. I had to uninstall Proxifier and ProxyCap to get WideCap working.

John Weis, Software Test Engineer for MSN Messenger, posted an update to the now official 7.5.0322 version.
Build 324 only includes a one-line fix, but if you’re still having problems with 322 you’re advised to try this one.
Important Note: If your 322 is working fine, you don’t have to upgrade.

[ Download MSN Messenger 7.5.0324 (unofficial, English-only build) ]

9 February 2006 Update: 7.5.0.324 is now OFFICIAL! Download the OFFICIAL MSN Messenger 7.5.0.324 at this link.

I personally think that keylogger is the most scariest threat. Imagine all your passwords being captured and the person who installed the keylogger is able to access all your password protected websites such as your emails, paypal, online banking and etc. One of the most effective method to counter keylogger is by using Zemana AntiLogger.

Zemana AntiLogger is one of the security products that I’ve recommended and will continue to recommend to everyone. The last time I tested Zemana AntiLogger and it was able to block virtually ALL keylogging, webcam capture and screenshot capture methods from different trojans. A year has gone by and again I’ve tested Zemana AntiLogger with 2 keyloggers (one of it uses rootkit method and the other advertises that it is completely invisible bypassing antivirus and firewall) and 1 trojan crypted with incognito which by bypassed many antivirus and internet security products. Zemana AntiLogger was able to detect injection on both of the keyloggers and the trojan while successfully blocking the installation of those dangerous files.

Zemana has collaborated with Softpedia to offer everyone FREE license for Zemana AntiLogger ONLY FOR TODAY. Hurry and grab your license as soon as possible.


To get your free Zemana AntiLogger license worth $39.50:
1. Go to this page http://www.zemana.com/softpedia/
2. Click the FREE Full Version Download Now button to download the installer AntiLogger_SOFTPEDIA_1.9.2.185.exe
3. Install and reboot your computer
4. Activate the program by following the on-screen instructions.

Zemana AntiLogger is easy to use. Just install and let it protect your computer. It is made to protect your computer real-time without relying on virus signatures so you won’t find any Scan button. Most if not all injections are threats, so if you get such warnings, make sure you block them first.

I believe the installer that is custom built for Softpedia which has the license number integrated to activate the program. I am not sure whether is it still possible to continue activate the license using the custom installer when this promo is expired. If the activation is limited to only today, that means if we reformat our hard drive we wouldn’t be able to use Zemana AntiLogger for free anymore. I’ve did some tracing and found that the activated license information is stored in C:\Program Files\AntiLogger\config.cfg. You can backup the config.cfg and restore it at a later time IF the online activation blocks the SOFTPEDIA-OEM-12809 license number. If you starting to think about piracy using the config.cfg, you will not succeed because the license is hardware dependent and if you transfer the config.cfg on another computer, it won’t work.

One thing I noticed about Zemana AntiLogger is it doesn’t aggressively checks the current process for threats. One example is, I am using Input Director to share keyboard and mouse between computers and it took a while before Zemana found out that Input Director is capturing the screen. Not to worry because I’ve tried turning off Zemana and then install a keylogger that auto uploads captured data but I’ve waited 30 minutes and still didn’t receive any captured data. I assume that although Zemana AntiLogger haven’t detect the threat, but it can block sensitive data from being transferred.

You can install and run Zemana AntiLogger together with your antivirus. Check here for a list of compatible security products. You have no idea how many undetectable threats out there today and relying solely on just antivirus itself is not enough to keep your personal data safe. Go tell your friends and families about this promotion.

Update: Zemana AntiLogger is only compatible with Windows XP with Service Pack 2 or higher, Vista and 7 32 bit ONLY. AntiLogger is not available for 64-bit Windows.

If you go to the official DefenseWall’s website which is at SoftSphere Technologies, you will find DefenseWall HIPS v2.56 but not the Personal Firewall v3 version. That’s because the v2.56 is about to be dropped and replaced with the new DefenseWall Personal Firewall v3. I’ve long heard of DefenseWall but has never given it a try but since I’ve been contacted by people from SoftSphere to do a review on v3, I’ve decided to test it out. DefenseWall claims to protect yourself from malicious software (spyware, botnets, adware, keyloggers, rootkits, etc.) and identification theft, that can not be stopped by your anti-virus and anti-spyware programs, when you surf the Internet.

I’ve been testing a lot on antivirus and this is actually my first time testing a HIPS software. This is nothing like the normal antivirus that you use. Well virus normally comes in to your computer from either the web browser, email, USB drives or network. If you disable all of them, it’s impossible that your computer will be infected by virus but who can live without an internet connection nowadays? So what DefenseWall does is it labels all those applications that comes from location where virus can come in as “Untrusted” and run them in limited rights in a virtual zone that is specially allocated for them.


Here is an example. Lets say you downloaded a file using BitTorrent. Scanned it with your antivirus and it didn’t warn you that it is a threat. Then you run it thinking that its safe and the virus started to modify the system settings such as disabling Windows Task Manager, regedit, adding autostartup to the virus and etc. Well thanks to DefenseWall, you got nothing to be afraid of because all the damages done by the virus only affects the virtual zone and not your real Windows system. With only a reboot, your system is back to normal and the damages done by the virus will be restored. Now this is very different from system snapshot software because a snapshot reverts everything back to a specific date. As for DefenseWall, everything is still intact except for the damages that the virus seems to have done. That is how a HIPS software supposed to work according to the description and manual. I’ve put DefenseWall to the test and it managed to block the threat in some way or another.

Test 1: Install Rootkit based Keylogger
There is a keylogger that goes by the name of All In One Keylogger for Windows by RelyTec. It uses rootkit method to hide itself so that it is harder to detect. When I downloaded it using Firefox, the keylogger installer file automatically being labeled as Untrusted file. Installed it and after a few seconds DefenseWall tells me that it found a process reading keystrokes via GetKeyState method.

I clicked the Terminate button and the keylogger process immediately got terminated. I rebooted the computer and the keylogger is no longer running but the files are still in the computer. As long as the keylogger doesn’t auto load when Windows is booted up, then you’re safe.

Test 2: Install Keylogger that bypasses antivirus and firewall
Probably the most expensive and popular keylogger in the world WebWatcher that cost $169.95 per year claims to bypass antivirus and firewall. There’s no trial for it and I had to pay the full price in order to test this. With DefenseWall running, I couldn’t get WebWatcher keylogger installed until I turn off the HIPS protection. So I turn off the HIPS protection, installed WebWatcher and DefenseWall didn’t detect any process reading keystrokes. I wouldn’t say DefenseWall failed this test because it managed to block WebWatcher from sending the keylogs and screenshot data to WebWatcher’s servers, making the keylogger useless.

Test 3: Install a crypted Bifrost trojan
I wanted to simulate a real scenario where a normal user unknowingly downloads a trojan from a website and then gets infected. I uploaded the Bifrost trojan crypted with Incognito to a website and then download it to my test computer using Firefox which is flagged as Untrusted by DefenseWall. I ran the trojan and DefenseWall managed to block it. I rebooted the computer and no sign of the trojan running in background.

Test 4: Run 20 different type of virus from network share
This is the last hardcore test which I did. I dropped 20 different virus on another computer and shared the folder. Then on my test computer with DefenseWall installed, I access the shared folder that contains 20 different type of virus and ran ALL of them! It created so much havoc on the test computer that it made Windows blue screen and auto reboot. To my surprise, when Windows is booted up, everything is back to normal like nothing ever happened. By default DefenseWall categorize network shared folders as Untrusted.

As long as you run ANY malicious files as Untrusted, your computer will be fine. However when you want to install legitimate software like Kaspersky Anti-Virus, you must remember to run it as “trusted” or else the installation will fail. So if you’re unsure, always run it as Untrusted and see what happens. The feature that I liked most in DefenseWall is the Events Log. I am able to see what the untrusted file is trying to open or do to my computer.

There are some other useful small features which is file and registry rollback which you can easily use to manually cleanup the debris left behind on your hard drive by malware after an infection attempt. The “Go Banking/Shopping” button is a special browser mode that allows safe access to online banking. While in this mode, your information is protected from untrusted computer processes by terminating all untrusted process.

Please be informed that this is NOT meant to be a replacement software for an antivirus but you can run it together. DefenseWall does not protect from file drops as many programs need to drop a file in order to run successfully (such as FireFox) and there is no security risk when a file is dropped (only when it is loaded into memory). Therefore, if the program is prevented from running in the memory, we can classify this as protected. Your antivirus will be useful in detecting these malicious files that has been dropped into your computer. DefenseWall is very light on your computer as it takes up only 14.6MB of memory and its peak is only 17.1MB.

SoftSphere Technologies, the maker of DefenseWall is very generous and kind to offer 75 one year license worth over $2000 to Raymond.CC readers. If you would like to win a license, write a comment at the end of this article and I will pick the 75 winners 24 hours later. Your email will be sent to SoftSphere and they will be contacting you.

[ Visit SoftSphere Technologies ]

Update: 75 lucky winners has been randomly selected. Your email contact has been sent to SoftSphere and they will be contacting you.

We have already covered RegFromApp where you can use it to track real time registry changes by injecting it into the process that you want to trace. Other than tracking what registry changes are being made to a computer, it is also equally important to track the changes on folders. Here is a simple tool called Track Folder Changes which you can use to track real time changes on folders that you specify. By default, Track Folder Changes tracks the whole C:\ drive where normally the operating system is installed. You can easily change the folder that you want to monitor by clicking the browse button. Upon running Track Folder Changes, it instantly displays in real time a tree with the list of created/deleted/changed files in a specific directory and its subdirectories. The coloring on the files helps to easily determine if a file is deleted, modified or created.


Folder monitoring tools can be very useful to track installation or uninstallation changes and etc. In fact it can even be used to detect if there is a keylogger monitoring your keystrokes and saving them to a log file. Remember that Track Folder Changes is able to detect files that are being “modified” which means when the keylogger saves the keystrokes to a log file, Track Folder Changes will be able to catch it. However it will still require human intelligence to determine if the file is indeed used by a keylogger. Below is an example of detecting a DarkComet RAT trojan with keylogging enabled with Track Folder Changes.

A .dc file located in TEMP folder constantly appears to be modified even after clearing the results.

When opened the .dc file with Notepad, it looks like a log file of captured keystrokes.

As useful as it is, Track Folder Changes is not a hardcore tool that is able to work on all situations. I tried uninstalling iTunes and monitor the whole C:\ drive with Track Folder Changes. When iTunes has finished uninstalled, Track Folder Changes stopped responding and Windows Task Manager shows that the process is taking up 100% CPU usage. After waiting a couple of minutes, Track Folder Changes displays the changes and starts to work normally again.

My only gripe is it lacks of a pause button or an option to export it to a log file so that it is easier to analyze the folder changes. If you have a process that is constantly making changes on the files and folders on your Windows computer, there is no way you can track or analyze the changes on files/folders.

Download Track Folder Changes

Previously I’ve shared with you on how to download multiple files from RapidShare automatically using Orbit download manager. If you don’t like to use Orbit, you can use a small DOS tool called gRapid to automate downloading of files without having to attend to them. Both methods requires you to have a premium account. If you don’t have a premium account, you can use third party tools such as Cryptload or (E)lephant to renew your IP address and continue downloading without limits.

Today I will share with you an official tool released by RapidShare.com. Finally RapidShare has their own free download manager to handle all downloads and uploads from RapidShare. This is of course if you have a premium account, you can make full use of the program. If you are a free user or have a collectors account, you can still use RapidShare Manager to upload your files to RapidShare.


The RapidShare Manager (RSM) is a user friendly tool to upload and download files from RapidShare.com. The multiple setting possibility’s allow the professional up- and downloading for beginners and experienced users. Upload is possible for premium, collector’s and free user. As for download, I’m sorry to say that it is only for Premium users UNLESS the file is set to direct-download.

I will show you a short walkthrough on how to use RapidShare Manager to download multiple rapidshare links.

1. Run RapidShare Manager and go to Account/Configuration tab.

2. Click Add button at the login area and enter your login for premium account and password. Check use this account and click OK.

3. Go to Download tab, and click Add button. Paste the rapidshare links at the top box and click Take Links button. You can also set the location where the downloaded files be saved to.

4. Click Download button. You can set the maximum number of parallel downloads running. Maximum is 5. If you’re able to maxed out your download speed, then I’d advice you to set it to 1.

RapidShare Manager requires you to have Microsoft .NET Framework installed. I found a small bug in the program which is you can’t add more than 1 rapidshare premium account. They should also add a feature to auto shutdown computer after finish downloading. From what I see, it’s still a very new download manager for rapidshare that works, but can be improved.

One thing I’m unsure of is the upload limit for premium user. At RapidShare’s website, it stated that premium users can upload files with a file size up to 4000MB but at the program it says up to 2000MB. No matter whether it’s 4000MB or 2000MB, files bigger than 100 MB can only be downloaded by Premium users, unless the files have been a direct download and the traffic is paid by the file holder. I’m pretty sure not many people would actually upload file size that big when you can easily split it.

[ Download RapidShare Manager (RSM) ]

One of my client has asked me if he could check his email when he’s overseas using a USB thumb drive or hard drive.
I believe Microsoft Outlook or Outlook Express is not possible because they have loads of entries in the Registry.

Searched for a few third-party software and found quite a few…


1. Portable Thunderbird 1.0.7

2. Tech-Pro POP3 Pal

3. i.Scribe/InScribe

4. JBMail 3.2

5. PocoMail PE

6. Koma-Mail 3.42

I am in the midst of testing it and will post it out which I think it works the best for me 🙂

Mailbombing or e-mail bomb is a form of net abuse consisting of sending huge volumes of e-mail to an address in an attempt to overflow the mailbox or overwhelm the server. This is something that I’ve played around with more than 10 years ago. During that time if you mailbomb someone, their slow computers would even hang when trying to access the inbox because it contains thousands of same or random messages. You can do that and get away with it but if you do that NOW, you can get into trouble with the law and end up in jail.

So instead of doing it from their computer, nowadays people would just install a mass mailing PHP or CGI script to automate mailbombing someone using the server’s resources. There are two things to do when being mailbombed. First is to know how to trace where the email came from via headers and next is to perform an inbox cleanup.

I’ve been mailbombed once from a Sikh guy who resides in India which I managed to trace the origin of the mailbombing activity have that site “SUSPENDED”. Cleaning up the junk mails took only a second. Now, a Spanish speaking person from Argentina is doing the same thing and I’ve already reported the abuse to the webhost.

I am going to show you how I trace the email messages and also how I easily cleanup my inbox after being mailbombed.


Before deleting email bomb messages, you should trace where the email came from. Simply view the email headers to check the origin of the email.

You can refer to this excellent article on how to view the full headers for an email using some popular email clients such as Outlook Express, Hotmail, MSN, Yahoo, Gmail, Thunderbird, Eudora and etc. Once you know how to view the email headers, you should learn how to determine who sent you that email and where are they located. Here is another complete tutorial to help you figure out who sent you that nasty email and report them to the proper authorities!

Once you’ve reported the email bombing activity to the proper authorities, you can go ahead and delete those nasty emails from your inbox. For web based email, you can always save any real mails that you got and delete all the rest (any web-based mail account should have such a feature). Or if you’re using Gmail, it’s even easier. As you can see at the image below, deleting 300 over emails is just a matter of clicking a few check boxes and then click the Delete button.

Now, to delete those hundreds or thousands of useless mails in your POP3 mailbox, you can use Mailbox Exterminator to delete all the mail in your POP account. This program will not filter, but delete ALL mails that it finds. It is useful to clean up and account that you haven`t used in a while and is filled up with spam or similar. Just enter the POP server address, username, password and click the Zap Mailbox button.

Or if you have some important emails that you want to keep in inbox, you can use QuickDelete or pop3clean. QuickDelete only downloads the email header (which is small) and you can easily mark the messages that you want to delete. As for pop3clean, you have to create an auth file (no extension) in the same directory as pop3clean. It contains two lines, namely username and password in that order.

The spanish mailbomber accused me of spamming my blog and he is mailbombing me out of revent. He is wrong! A user would have to subscribe for the newsletter himself and VERIFY the subscription by clicking the verification link in his email. Even if I can enter a person’s email address in Feedburner subscription list, the person would have to confirm the subscription before the daily newsletter email will be sent to him. Finally, he can unsubscribe himself from the newsletter by clicking the unsubscribe link at the end of the newsletter email.