Few days ago I was trying to help a friend troubleshoot a computer problem using teamviewer. For some weird reasons when I gave him the direct link to download the Teamviewer QuickSupport module, Windows Live Messenger gave me an error “The following message could not be delivered to all recipients” message.

I thought that MSN blocked the link because there was an .EXE extension which can be unsafe so I tried uploading to MediaFire which the download link contains only random letters and numbers without the extension, but it still got blocked. I also remembered very clearly that I tried on Rapidshare but it was blocked too. Finally I had to ask him visit teamviewer.com and click on the “Join a Session” button to download the quick support module.

I googled and found some people also had the problem of MSN blocking Mediafire links. I really thought that this is the case but after doing more research, it appears to be different and MSN doesn’t hate or intentionally block MediaFire links.


I found out from MSN Protocol website that it is possible to use the GCF payload command to request a configuration file Shields.xml that controls blocking of security sensitive items like hyperlinks, Winks and Dynamic Display Pictures from the server. From Wikipedia I also found out that the latest MSNP is now 18 but the GCF link is on 11. Further research tells me that ever since MSNP13, they no longer pushes Shields.xml and the configuration files are now called policies.

Now I have some idea on how it works so I fired up oSpy and attach it to Windows Live Messenger to start sniffing the received data. I search for the word SHIELDS in the packets and found one received packet that has very interesting data. As you can see at the screenshot below, it has tons of base64 encoded strings for imtext value.

When I decoded one of the strings “cGhvdG8yMzRcLnppcA==” with an online Base64 decoder, it shows a filename “photo234\.zip” which I am pretty sure that’s the blacklisted word because there used to be MSN virus circulating around with similar filenames. I tried sending a test message with any URL together with that filename and BINGO! that message is blocked with the error “The following message could not be delivered to all recipients”.

Later I discovered that you don’t really need a packet sniffer to get the base64 encoded blocked because Windows Live Messenger has an option to enable connection logging. Open Windows Live Messenger, go to Tools > Options > Connection > Advanced Settings button > check Save a log of my server connections to help troubleshoot connection problems. Now sign in to your MSN account, and again go Tools > Options > Connection > Advanced Settings button > and click the View Log button. Search for the word SHIELDS and at the same line you will find a lot of encrypted imtext value such as aW1nNS0yMDA3XC56aXA=.

I’ve decoded all 91 strings from the current block list which contains censored words and URLs but I still couldn’t find why mediafire links are blocked. Further online research shows that the censored list gets updated, for example, older censored word list used to have “.pif” but now doesn’t and it is still being blocked. Try appending .pif with any links and the instant message surely can’t go through. Finally through online research, I found out that Mediafire links are blocked because “download.php” is in the URL and it is one of the older censored words.

For your convenience, I have compiled a list of blocked words by MSN. It may not be complete but it is currently the biggest list you can find on the Internet.

.pif
168.169.78.19
1717wan.cn
51kongqi.com
51pingguo.cn
66663.cn
930le.com
94nile.com/apple
995ba.com
acilastir.info
acisalavans.info
acisalcap
albrahem.com
album.zip
amazondakayboldum.info
amazonhalki.info
amigosparasempre.smtp.ru
amigosparasempro.smtp.ru
armazfiles.smtp.ru
baratinha.mypets.ws
belgravehelpdesk.com
bezgi.info
bireyci.info
block-checker.com
blockinrio
bobblak.com
bobyup
bobzop.com
boyamagucu
burasiseninyerin.info
bush-gracioso.exe
checkmessenger.net
chinacircle.com
chirstmas-2007.zip
clipdeeps.com
dansadimi.info
downgrdr.exe
download.php
dreamlife365.com/member/
e-afyonkarahisar.info
ekars.info
ekastamonu.info
emret.info
fantasma.zip
fmconsulting
foto.exe
foto722a6
fotos.zip
friendims.com
friendly-offer.com
funbuddyicons.com
funpic.de
g038_jpg.zip
get-messenger
goldwindos2000.com
happy_2008.exe
happy2008.exe
hetandunhasde.com
hornymatches.com
hoto234.zip
imag091307.zip
image031.zip
image206.jpg-www.photoshare[1].com
image25.zip
images.coolpage.biz/images.php
images.getenjoyment.net
images.idohost.com
images.zip
imageswitch.info
img-0012.zip
img021.zip
img-0950.zip
img1756.zip
img301.zip
img-3773.zip
img5-2007.zip
img-6434.zip
img-8197.zip
imp.exe
implay.com
impluse.exe
improfile.net
iwantu.com
life365.com
love33.zip
mainmsn.com
mainmsn.net
malbranche.goracer.de
members.lycos.co.uk/svy21/t/contact.php
memebers.lycos.co.uk/getmessenger
mensagemparavc.mail15.com
messaging-names
messangerstats.net
messengerdeletechecker
messenger-scan
messengertools.org
miralafoto/foto.exe
monclocher.com
monica.zip
moorsh.com
mprofiles.net/members.php?msn=
msnblockerlist.com
msnblocklist.com
msn-friend.com
msnliststatus.com
msnspy.eu
msnwebimages.com
myalbum2007.zip
mydipan.cn
mymsngallery
mypengyou.com
myphoto94.zip
mypictures.zip
mypictures-0108.zip
no-ip.org
noticiasdobrasil.com.sapo.pt/noticiaurgentebrasilnumero9821.com
nowpounds.com
p1377.pic-myspace.info
photo2007-12.zip
photo234.zip
photo656.jpg
photoalbum2007
photogbase.com/pictures.php?photo656.jpg
photos.zip
photos1-2008.zip
pic.zip
pic1273.zip
pics.zip
pics-at-the-party.com
picts-7053.zip
pictura002
portakallidavet.info
profile.php?
quienteadmite.com
reuty.info
secretimages56.zip
shusu.cn
sjegat.pics.skaq.info
sontarih.info
stuff.zip
stuffplug.com/temp/downgrdr.exe
sulandirma
summer2008
sweetpictures.myphotos.cc/katiesex.pif
t35.com
tanyababe.zip
tufoto
tuhafkimse
tunabaligi
tutuskanlik
unknowntools.com
uysallik.info
verti2/fantasma.zip
viotagallery.com
windowslivemessenger.biz/msn/msn.php
wowbam.com
xpimad.com
yorungesel

Remember, MSN does not block these words alone. They must be in hyperlink. You can test them by adding www or http:// infront of those words. There are two ways to bypass this annoying censor by MSN. If you’re trying to send a mediafire link with download.php in the middle, you can use TinyURL to mask the URL. And if you’re trying to send a link with no-ip.org, do not include www or http:// infront of the URL. I find it hard to believe that no-ip.org is blocked by MSN!

I’ve been using Pingdom for at least 3 years already because they provide really good service and also the 1 minute checks from locations all over the world. I used to have problems sending SMS as notification and Pingdom’s support team fixed the problem really quick plus they even compensated more SMS credits to my account. I’ve always been using the Basic account because that is the cheapest plan they had back then. It’s pretty much a waste since I only have one blog site to monitor when the basic account offers checks on 5 websites.

My Pingdom account has just expired end of February and was billed $119.40 for a new invoice. I’ve just paid few thousand dollars for a years’ dedicated server at NetDepot and is really feeling the pinch for fork out another hundred bucks for a monitoring service. Moreover Adsense has stopped serving ads to this website and the revenue that is generated from other advertising companies is barely enough to cover the cost of this server. So I canceled my Pingdom account temporarily and thought that maybe I will re-sign up again at a later time when I have enough funds.

To my surprise I found out that Pingdom has started offering FREE accounts along with 20 SMS but limited to only monitor ONE website. Pingdom Free account is fine with me because I only have 1 website to monitor and can save money.


What I like about Pingdom is the control panel is easy to use and understand and most importantly it does 1 minute checks from different locations around the world. For me, I set Pingdom to check for a certain keyword on my blog site every minute and only notify me via SMS and email if detected 11 consecutive check errors (10 minutes).

Other than checking for downtimes, Pingdom can also check how responsive is your website. Even if you only have FTP or mail server, Pingdom can check TCP ports (21 for FTP) and also SMTP, POP3, IMAP. The TCP port check makes it possible to check nearly everything including a game server such as Counter-Strike that is normally on port 27015.

The important requirement to keep your free Pingdom account alive is to log in to the Pingdom control panel at least once every 90 days. If you’re not good at remembering things, the easiest way is to install a free app by Pingdom called Pingdom Desktop Notifier that runs in the background and notifies you if your website is down. This application connects to your control panel so you can get more information about an outage and access more Pingdom features such as our various reports.

If you think about it, you can register 5 free accounts and you’re able to monitor 5 websites. It’s doable but it’s wrong under Pingdom’s terms of service. One of the terms is “Only one free account per person or legal entity is allowed“. If they catch you using two or more free accounts, you will risk your accounts being terminated. Blacklisting your account is fine because you can always use a new email address and contact information, just don’t blacklist the IP or website that you want to monitor…

So far I can’t find any better free uptime monitoring service than Pingdom. Sign up FREE Pingdom account from this link.

Have you ever noticed one very annoying problem when checking your Hotmail from MSN Messenger, it only opens with Internet Explorer? Windows Live Messenger is closely integrated with IE since Microsoft has to promote their web browser so Windows Live Messenger will always open pages in IE instead of other web browsers. I am very sure that I have Mozilla Firefox set as my default browser.

What I don’t understand is, when someone send me a message with a link, I am able to open link with Firefox, but when I click the small email icon to open my Hotmail inbox, it uses Internet Explorer! It seems the Windows Live Messenger does not respect Windows default browser.

There seems to be a place where I can configure default programs for activities in Control Panel > Add or Remove Programs > Set Program Access and Defaults > Custom > and select Mozilla Firefox. Tried that but it did not work. Seems like the only way to open Hotmail when clicking the email icon at Windows Live Messenger is by installing plugins.


1. Download Messenger Plus! Live and install.
Important Note: When install, at the first screen, click Next. Take a careful look at the second screen because that’s where it will ask you whether to install sponsor program or not. Select “I refuse to give my support, don’t install the sponsor“.

2. Download StuffPlug and install.

3. Launch Windows Live Messenger and sign in.

4. Try clicking the email icon and see if your Hotmail inbox will be launched in Firefox. If not, then click StuffPlug 3 from menu and select Options. Go to General tab and make sure the option “Open all URLs in default browser” is checked.

Is it even necessary to install 2 types of Windows Live Messenger plugin for this feature? It depends… I guess it is only necessary for people who has problems launching Internet Explorer and they are used to opening Hotmail inbox from the email icon. For me, I can still live with opening Hotmail inbox with Internet Explorer although my default browser is Firefox.

ESET, the developer for one of the top popular antivirus NOD32 has launched the beta version of ESET SysInspector late last year. ESET SysInspector is an application that thoroughly inspects your computer and displays gathered data in a comprehensive way. Information like installed drivers and applications, network connections or important registry entries can help you to investigate suspicious system behavior be it due to software or hardware incompatibility or malware infection. Pretty much like HijackThis but it is able to dig up more information about your computer.

After few months of testing, they’ve finally released a newer beta version which contains many fixes, changes and new features. Two major features added to the latest SysInspector beta is the detection of master boot record (MBR) infecting rootkits, such as Win32/Mebroot and anti-stealth device driver which dynamically loads at runtime to to detect rootkits and other hidden objects.


ESET Inspector is portable. There is only one executable file (SysInspector.exe) which you run and it’ll start inspecting your computer. Each time ESET SysInspector is run, it examines the system to precisely determine its configuration. This process may take several minutes, depending upon the speed of your computer and the software installed on it. When ESET SysInspector has completed cataloging the system, it displays this information in its graphical user interface.

ESET SysInspector divides various types of information into several basic sections called nodes. If available you may find additional details by expanding each node into its subnodes. To open or collapse a node just double-click the name of the node or alternatively click or next to the name of the node. As you browse through the tree structure of nodes and subnodes in the Navigation Window you may find various details for each node shown in the Description Window. If you browse through items in the Description Window additional details for each item may be displayed in the Details Window.

ESET SysInspector assigns risk levels to objects (files, processes, registry keys and so forth) using a series of heuristic rules that examine the characteristics of each object and then weight the potential for malicious activity. Based on these heuristics, objects are assigned a risk level from “1 – Fine (green)” to “9 – Risky (red).” In the left navigation pane, sections are colored based on the highest risk level of an object inside them. By adjusting the slider you can filter items by their Risk Level. If the slider is set to the utmost left (Risk Level 1) then all items are displayed. By moving the slider to the right the program filters out all items less risky than current Risk Level and display only items which are more suspicious than the displayed level. With the slider on the utmost right the program displays only known harmful items.

All items belonging in the risk range 6 to 9 can “pose” security risk. It is recommended that you scan the files that poses a security risk with an antivirus or you can upload it to VirusTotal. However, since SysInspector is in BETA, there will be some of unknown applications such as shadowservice.exe from PowerShadow or even false positives which need to be corrected. There is also no way for you to add an application to a trusted or safe zone so SysInspector will not pick it up and flag it as security risk in future.

Currently, ESET SysInspector does not have any ability to make any changes to computers. It is “read-only” in that it is designed for analysis, not malware remediation. Perhaps when it is no longer in BETA, it might have the ability to make changes.

[ Download ESET SysInspector for Windows 32-bit | 64-bit ]

I do realize that giveaways are not so often in this blog anymore. The truth is there are actually a few software companies that has approached me in sponsoring free licenses for giveaways but some of you may know me better, I do not simply host any giveaway for just any type of software. It had to be good, useful and I am even willing to do it for free if you are going to pay me. However if the software is not that good, I won’t even consider posting it here if they are going to pay for me it. Today’s giveaway is about a software which I have been using for many years already and it has helped me saved more than a hundred hours in total. Remember, time is money.

I believe all of us here browse the web and very often check on our list of favorite websites and forums for updates and the whole process unknowingly takes a lot of time. You had to open every page in tabs, wait for it to load and then try to remember if you have seen this article yesterday on this website. Probably it won’t be very time consuming if it was only a few websites but if you had like 50 websites to check daily, you are losing a lot of time if you add all of them up for the whole year.

I have tested nearly all webpage monitoring software that is available but no software can beat Website-Watcher. I would say that it is the best of what it does that I have come across.


Basically what Website-Watcher does is it can monitor web pages, forums, RSS/Atom feeds, newsgroup, documents and binary files for updates. Then you can control what and when it gets checked with many other advanced features. Most blog sites including the one that you are currently reading now has RSS feeds and you can easily add it to Website-Watcher’s bookmark list. Checking the RSS feeds is faster because it doesn’t download all those unnecessary images and advertisements, saving both bandwidth and time.

Forums are the hardest to monitor for updates because it has a lot of real time data being generated such as the number of reads, views which could generate false alert. But with Website-Watcher, it supports popular forum such as Burning Board, IP.Board, SMF, phpBB and vBulletin through plugins where everything is configured automatically. For password protected websites, you can enter the username and password or if it is a custom web form, then you can use Macro to record the login process.

Website-Watcher 2010 has way too many features for me to mention everything on this article. For more detailed information, you can visit the official website or even better, download and install a 30 day trial and then you will know why I say that it is the best webpage update monitoring software. Below is the proof that Website-Watcher has saved me over 99 hours of time after using it for more than a year.

There are 3 editions of Website-Watcher. Basic, Personal and Business. The basic edition is the cheapest version that cost €29,95 for a single user license and it is most useful for people that just want to use it to auto check for website updates. As for the Personal edition, it cost €49,95 and it has more advanced feature such as AutoWatch, Newsgroup support, Scripting Language and Follow Links. As for Business, the features are very similar to Personal except it can password protect bookmarks and allows you to use in business environments.

Aignesberger Software GmbH has been very kind to sponsor 5 personal license to be given away at this blog. It is a 1 year license which allows you to install any updates within the licensed period but you can continue using it when the 1 year period is up. Same rule applies, first you need to be a subscriber and secondly, leave a comment on this page. The winner will be randomly picked and announced tomorrow.

[ Visit Aignesberger Software Website | Download Website-Watcher 2010 ]

Firefox can securely save passwords you enter in web forms to make it easier to log on to websites. By default the option “Remember passwords for sites” option is enabled but you will still be asked whether to save passwords for a site when you first visit it. Clicking the Remember button will save the login information, Not Now button to ignore it or Never for This Site, that site will be added to an exceptions list and will never prompt you to save the username and password for that site. This feature is available at every web browser and is offered as a convenience but also increases the risk of your login information being exposed.

I normally save most of the usernames and passwords on my laptop because I am the only user and that computer is not shared with anyone else. If the laptop is not stolen or Windows is not hacked, then my usernames and passwords are pretty safe. One big reason I never let anyone touch my laptop is because someone could just run either of the 2 free portable tools to grab all my website passwords. Of course, we can also put these 2 tools to good use such as recovering the sign-on details when Firefox fails to open.


1. FirePasswordViewer

– FirePasswordViewer is the GUI version of popular FirePassword tool designed to decrypt sign-on secrets stored by Firefox. FirePasswordViewer tool can decrypt and display these secrets on the same lines as the Firefox built-in password manager. The main advantage of FirePasswordViewer is that it does not require Firefox to be running. Also FirePasswordViewer can be used to display sign-on secrets from different profile (other than current profile) as well as from the different operating system (such as Linux, Mac etc) altogether. This greatly helps forensic investigators who can copy the relevant files from the target system to test machine and view the credentials offline without affecting the target environment. The displayed sign-on information can then be saved to a file in standard HTML format which can be used as valuable and quick offline reference.

[ Download FirePasswordViewer ]

2. PasswordFox

PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename.

[ Download PasswordFox ]

To protect yourself against these 2 tools, simple enabling and setting a Master password would stop this 2 tools from harvesting your login information. You can do that in Tools > Options > Security tab > check “Use a Master password” and enter the password twice.

Note: Here’s a weird case of false positives. According to VirusTotal, 27 out of 41 antivirus detects PasswordFox as hacktool/trojan but NONE detects FirePasswordViewer as a threat. Now both tool does the same thing, do you think that PasswordFox is infected or a false detection? To me, PasswordFox is a tool that’s more likely to be used by hackers because it can be ran with a command line using a backdoor trojan while the user is using the computer and he won’t know a thing about it. As for FirePasswordViewer, the hacker would have to run the program, click the Show button and then Export the results. You should read about what Nir Sofer has to say about the false detection on his programs.

I’ve played Master of Defense game before and it’s very addictive. I just kept on playing non-stop! I played Master of Defense few months back and today I found another similar game, a Macromedia Flash based Tower Defense game inspired by Elemental TD for WarcraftIII.

The aim of the game is to kill the creeps before they reach the end of the maze, do this by building attacking towers on the grass around the maze.


To build a tower click on it on the right hand side then click on the map where you want it to be built. Once built you can clock on towers to upgrade or sell them. To get a high score keep as much of your gold in the bank as possible, at the end of each round you earn interest on the gold in the bank.

This game is FREE. You only need to make sure you have Flash player for this game to load in your browser. If you love this game, do leave a comment and I might just put out “Master of Defense” which I finished few months ago!

[ Play Tower Defense ]

Back when I was using Windows 98 and XP, codec pack is the first thing that I will install after completing the driver installation. These codecs are required to play downloaded videos and sometimes even audio files or else you might end up hearing the sound but no video and vice versa. The only codec pack that I used before is K-Lite Codec Pack and I never had any playback problems with it. As for now, I have not installed any codec packs ever since I started using media players such as VLC media player and KM Player that has built-in codecs. Moreover most of time I watch downloaded videos in my WD TV Live player and not on my computer so there is no reason that I need to install any codec packs on my computer.

What I’ve learned last time was codec packs are very sensitive. After installing it and if it works perfectly, just leave it as it is and there is no need to update the codec pack. Reinstalling codec packs because of some playback problems may not even be advisable. You should probably try to use a tool called Codec Tweak Tool to scan the registry to detect and remove broken references to codecs and filters first.


Actually Codec Tweak Tool is already included in the K-Lite Codec Pack. If you don’t have K-Lite Codec Pack, then you can just download this portable and free tool to help you detect and remove broken codecs and filters. It comes with a very simple and straight forward user interface with a couple of buttons such as Fixes, Reset settings, Various tweaks, Backup settings, Manage DirectShow filters, Manage source filters, Thumbnail settings, Generate log, Speaker configuration, DirectShow filter configuration, Restore settings and Manage ACM/VFW codecs.

Most of the buttons there will probably confuse you if you are not familiar with codecs. So the best option to attempt fixing codec problems is to click the first button “Fixes” followed by detect and remove broken VFW/ACM codecs and DirectShow filters. Do not worry if some of the buttons in Codec Tweak Tool are grayed out or disabled. It merely meant that there is nothing to configure for that section.

Download Codec Tweak Tool

The most frequent problem that we(Malaysians) always get from using our ISP is slow connection to international sites. For locally hosted websites such as LowYat, there’s no such problem. Well, our Malaysian ISP TM Net has done it again, 2 weeks of really slow internet connection to international sites and they’re still not able to fix it. I find it really hard to even download a driver file from manufacturer’s website.

I am a big fan of Heroes and I wanted to use my RapidShare Premium account to download the latest Heroes episode 3×16. My maximum download speed is 1.5Mbps and I am downloading at only 238 bytes/sec, that is 0.2kilobytes per second!

Imagine this has been going on for 2 weeks. How humiliating… At first I waited patiently, keeping my fingers crossed hoping that this problem will last for a day or two but it just went on until today. Made me so fed up and I had to look for another method to download my favorite latest TV show.

Since this is a connection problem, rapidshare automated downloader tools such as jDownloader and CryptLoad are now totally useless. The solution to continue downloading from RapidShare is to install a transloading script on a web server hosted in Malaysia, and use the script to make your server download the file from RapidShare. Once the server finished downloading the file from RapidShare, I would then download from my server at maximum speed.


I found a free script called RapidLeech PlugMod rev. 36 that is able to do that. It supports downloading from RapidShare.com and 35 other file hosting servers such as 2shared.com, 4shared.com, adrive.com, depositfiles.com, downtown.vc, easy-share.com, filefactory.com, fileflyer.com, filego.net, files.to, filesend.net, gigasize.com, ifolder.ru, imageshack.us, letitbit.net, mediafire.com, megashare.com, megashares.com, megaupload.com, netload.in, rapidshare.de, savefile.com, sendspace.com, share-online.biz, sharebase.to, sharedzilla.com, speedyshare.com, turboupload.com, uploaded.to, uploading.com, uploads.bizhat.com, youtube.com, ziddu.com, zippyshare.com and zshare.net.

To download the latest RapidLeech script, you’d have to register at the forum in order to view the download link. Here’s a scenario on how to install the script on my www.mywebsite.com

Once I finished downloading the script, I extract and upload the contents to rapidleech folder on my web server using FTP client.

I then have to make the “files” folder writable for the script to download and dump the files there. If your websever is a linux server, simply right click on the folder, select CHMOD and check all so that the permissions will be set as 777. In Windows server, you’d have to ask the server administrator to set the file folder as writable.

Now I open up my browser, type www.mywebsite.com/rapidleech and I can start asking my server to download files from RapidShare by inserting the rapidshare link and hit the Transload File button.

When the server shows that it has finished downloading, I can then download the file to my computer by simply clicking on the link. As you can see that I can download the file that was in rapidshare at 150+KBps. For advanced users, you can take a look at the config.php in config folder. You can set restrictions and also use premium accounts if you have one.

This script is brilliant and will be very useful when your ISP has problems with international links or if your ISP has blocked you from file sharing websites. Even downloading from normal direct link works! If you want to make some money, you can even modify the script to provide premium download features to public and probably earn few hundreds of dollars per month via advertisement. Of course you will need a powerful server that allows a lot, if not unlimited bandwidth plus a large web space to store the downloaded files. Only one small problem that is the script must be constantly maintained and updated or else when some of the service gets updated, the script will fail to download or upload.

I’ve always loved the performance of Corsair USB flash drives because they are known to be the fastest in the world. 3 years ago I bought a 4GB Corsair Flash Voyager GT which was the fastest back then and I am very impressed with the read and write speed until today. Well back then 4GB is a lot of space but today it is not even enough to backup a DVD which is 4.37GB. So I checked Corsair’s website and they now have GTR range which claims to be even faster than GT! I searched very hard in Malaysia and no one seems to be selling a 128GB Corsair GTR USB flash drive. Fortunately I’ve got a friend living the United States coming back to Malaysia for summer holidays and he’s willing to help me bring it over.

I went to Amazon.com and they are selling the Corsair 128GB Flash Voyager GTR at the price of $289.99. It’s a little expensive but I think it’s worth the price since I can store nearly 30 DVD discs contents into one small plug and play USB flash drive that I can carry around in my pocket without requiring external power. I’ve done a little benchmark to compare against my other USB flash drives and also an external Maxtor hard drive 7200RPM.


First of all, here is how the Corsair 128GB Flash Voyager GTR looks like. It comes with a durable and water-resistant rubber housing. The size is also much bigger compared to normal USB flash drives but it is still very small when compared to an USB external hard drive.

Now the most important thing is to see how fast can Corsair 128GB Flash Voyager GTR perform when compared to others. I’ve used Nirsoft’s USBDeview to test the read and write speed, and also DiskBench to test the drive’s speed in a real life situation with file copying, file creation, and file reading instead in a benchmarking environment. Higher number is better in the benchmark report below.

As you can see from the USB flash drive benchmark result above, the Corsair GTR read speed is even faster than the Maxtor 7200RPM external hard drive! As for the writing speed, it’s averagely around 27% slower than the external hard drive but it’s the fastest if you sort the list in Nirsoft USB Flash Drive Speed test according to write. The drives that are faster than Corsair GTR in the Nirsoft Drive Speed list such as TOSHIBA MK4018GAS, BUFFALO HD-CXU2, Seagate FreeAgent Go and SAMSUNG HD103UJ HDD are actually external hard drives. If you’re looking for the fastest USB flash drive, go for Corsair GTR and you will definitely love the read and write performance.

The old Corsair GT which I’ve used for 3 years still performs very well without problems. The frequently asked questions regarding Corsair’s flash drive wear leveling mentions that Corsair flash drives are built with memory components that can handle AT LEAST 10,000 write cycles. It will definitely last more than 10 years with their dynamic wear leveling technology.

Web installation is getting very common especially when downloading software from Microsoft. The good thing about using web installation is it only download what is necessary, saving both time and bandwidth to install the software. However, for advanced users who doesn’t want to re-download, they prefer to go for offline redistributable setup. A one time download on a huge setup file and there is no need to download again whenever there is a need to reinstall.

The sames goes to Microsoft Visual Studio 2010 Express. If you want to download Visual C# 2010 Express, you can use the web installer vcs_web.exe file and it will download all necessary files and install it on the computer. The official download page also contains an ISO image (VS2010Express1.iso) file at 695MB in size that enables you to install Visual Studio Express products without requiring Internet access during installation. Out of curiosity, I tested another method on how to offline install Visual Studio Express without downloading the whole image file.


From the looks of it, the method has some really cool tricks which is extracting the web installer, opening the baseline.dat file with a text editor to extract the URL which the web installer downloads the files from, and finally installing it with a custom command line switch.

I’ve installed Microsoft Visual C# 2010 Express using the method above and everything seemed to fine until when I tried running Microsoft Visual C# 2010 Express. All I get is an error window telling me “Cannot create the window“.

There are a lot of tips on how to fix this error such as reverting the machine.config to the default version, reinstalling .NET Framework, reinstalling Visual Studio 2010, recreating msvcm100.dll, but none of it fixes the “Cannot create the window” error.

Finally I tried reinstalling Microsoft Visual C# 2010 Express using the web installer and noticed that it needs to download and install an additional 9 other components which are VC 9.0 Runtime, .NET Framework 4 Multi-Targeting Pack, Microsoft SQL Server Compact 3.5 SP2 and etc…

Visual C# 2010 Express cannot run if any of the required components are not installed. So the best is to either use the web installer if you have a fast internet connection or simply download the all-in-one ISO file and burn it to a CD, mount it as a virtual drive or extract it with 7-Zip.

Download Visual Studio 2010 Express All-In-One ISO
Download Visual Basic, C#, C++ 2010 Express Web Installer

I have my own private RapidLeech server which is hosted in Malaysia and it’s very useful whenever I am downloading a file at a very slow speed. I can make use of the server that has a very fast connection to download the file for me and save it to the server and then I will download it from the server. Since the server is located in the same country as I currently am, I am able to achieve maximum download speed. The only thing I have to worry is I have to make sure that my hosting does not run out of the given bandwidth which is 200GB. Once I exceed the bandwidth limit, all websites will be suspended until it reset in the new month.

I’ve updated to the latest Rapidleech v42 pr-t2 because the v41 wasn’t working very well. After the upgrade, I am seeing an error message at the footer of the rapidleech page which says “getCpuUsage(): couldn’t access STAT path or STAT file invalid“. I have tried installing RapidLeech on another server and there’s no such error message. It is supposed to display a nice information on server space and CPU load.

That error is not a big deal but I don’t want that error message to show. There are 447 files in RapidLeech archive and I am certainly not going to edit one by one with notepad and search for the getCpuUsage keyword. So I use TextCrawler to automatically help me find a keyword across multiple files and folders.


TextCrawler is a free tool for searching and replacing over multiple plain text files. It can search for straight text and supports advanced search/replace via regular expressions.

TextCrawler Features:

Find and Replace across files

Fast searching, even on large files

Simple to use interface

Flexible search parameters

Text Extractor – rip text into a new file

Search and replace using Regular Expressions. Create sophisticated searches

Regular Expression test tool

Regular Expression library – Save your searches

Create backup files

Highlighted search results

Export Results

Batch find and replace operations

To use TextCrawler search for a word, I first select the folder (Start Location) that I want to search in. Then set the Filename/Filter as *.* so it will try to search all files in that selected folder. At Find, I entered the word getCpuUsage and then clicked the Find button. In less than 3 seconds, TextCrawler is able to let me know which text files contains the word “getCpuUsage” and at which line.

In another scenario, during software giveaways, there are more than 1000 entries and copying every single email address to a text file to randomly select a winner is tough. So I hacked the WordPress core file to set it to display 300 comments for an article. Then I saved all the contents to a text file, and use TextCrawler’s Regular Expressions to easily extract all the email addresses.

[ Download TextCrawler ]

I thought Brontok virus from Indonesia was the most powerful, annoying and toughest virus to remove but now I have encountered another virus which is worst than Brontok. The virus will leave a HTML file which you can identify the virus name as JambanMu. In Malaysia, when say Jamban, it means toilet. But I have a Malay friend and he told me that jambanmu means “Your V@gina”. He also added that the word Jamban is used in Malaysia, so this virus might be originated from Malaysia!

Weirdly, antivirus company doesn’t identify the virus as JambanMu. I uploaded the virus file to VirusTotal and all antivirus is able to identify the file as Alman or Almanahe virus. Just like Brontok, some antivirus calls it Rontokbro.

Here are the symptoms of being infected by JambanMu, Alman or Almanahe virus and also how to easily removing this annoying virus.


1. You have a HELP ME!!.html file at your C:\ drive. When you open it, it has the title of W32.JambanMy.V2 which brings MESSEGE FROM HELL!! It insults and complain about KFC, McDONALD, 7 11, oil, water, electricity, azam, zawawi, kamal, dzulkifli, israel, bush and yahudi. At the bottom, it has a line that says “Reported by 666.JambanMu.V2″

2. Registry Editor (regedit) being disabled.

3. Command Prompt (cmd) being disabled.

4. Flash.10.exe and Macromedia.10.exe loaded in Windows Task Manager.

5. Folder Options missing

6. Search at Start Menu missing

7. You’re unable to access a lot of AntiVirus websites such as virustotal.com, symantec.com and etc because your HOSTS file has been modified to redirect antivirus websites to 127.0.0.1.

JambanMu virus spreads via mapped drives and also portable USB flash drive. When I plug in a USB flash drive on a computer that is infected by JambanMu virus, it automatically creates autorun.inf and Flash.10.Setup.exe. If I open the flash drive from My Computer, it’ll run Flash.10.Setup.exe and infects the computer. JambanMu virus reaches the computer in a file that has the icon of a flash file.

I also noticed another thing. When I insert a USB flash drive that is infected by JambanMu virus to a computer, I right click on the drive, there is a menu that says “Scan for Viruses“. I right click on local hard drives, but this menu didn’t appear.

Just as I’ve expected, there is an autorun.inf file at the root of my USB flash drive and gives this command. If I select this command, it’ll launch Scanner.exe which is also JambanMu virus.

At first I tried removing this virus using AIMfix, CaSIR, HijackThis and they all failed. After a little searching, I found a lot of research and testing, you only need to run 2 types of cleaners to easily and automatically remove JambanMu, Alman or Almanahe virus and also restoring the damages made by the virus. Do NOT run ComboFix and SDFix together simultaneously. Run ComboFix first, restart, then run SDFix.

1. ComboFix

Instructions: Do not mouseclick combofix’s window while it is running. That may cause it to stall.
[ Download ComboFix ]

2. SDFix

Instructions: Download and run SDFIX.exe. Click install button to extract SDFix files. Restart your computer in Safe Mode. Once you’re booted into Safe Mode, go to C:\SDFix folder and launch RunThis.bat. Press Y and hit ENTER. It will start scanning your computer and removing JambanMu virus.
[ Download SDFix ]

Once you’ve completed running both ComboFix and SDFix, the JambanMu, Alman or Almanahe virus will be removed and your registry editor, command prompt, folder options and windows search will be restored.

When I was doing my research on this virus, I found other 2 files to clean JambanMu virus. First one is Virus Remover Tool for Win32/Alman from AVG. It is able to “clean” JambanMu virus but it does not restore the damage. You must download the following two files ( rmalman.exe, rmalman.nt ) and run the rmalman.exe file.
[ Download AVG Win32/Alman Removal Tool ]

The second one is called KillFlash1.0 which claims to kill Flash.10.exe. I’ve tried this tool and it is not effective.
[ Download KillFlash1.0 ]

Recently I’ve been getting a lot of pingbacks and most of them comes from .co.cc websites. A pingback is a method for web authors to request notification when somebody links to one of their documents. Typically, web publishing software will automatically inform the relevant parties on behalf of the user, allowing for the possibility of automatically creating links to referring documents. For example, I’ve written an article on my Web log. Bob then reads this article and comments about it, linking back to my original post. Using pingback, Bob’s software can automatically notify me that my post has been linked to, and my software can then include this information on my site.

When I checked on these few websites, they appeared to be copycats, simply and blindly copying EVERYTHING word to word plus linking the images directly from my site stealing my server’s bandwidth. The reason why I got pingback notification is because sometimes I add links to my old article and they forgot to remove it causing them to link to my old post.

Dealing with copycats is easy. Normally I notify them via email IF there is a contact form (well most copycats don’t have one, maybe they don’t want to be contacted so that they can play ignorant) or leave a comment. If they don’t respond to my request, I will fax an abuse complaint letter to their webhost and they normally respond to it by suspending the website. Problem is .co.cc is not a webhost and they are just redirectors. Here is how I find their webhost for websites with .co.cc address.


CO.CC has an online form to report spam or abuse but all they do is just delete/suspend the URL. The copycats can sign up for a new account and redirect their original website to use a new .co.cc url. The best way is to find their webhost and then make sure that the copycat’s website get suspended and lose the articles that they spent hours or days copying.

This two sites (naisoft.co.xx & pcwilleasy.co.xx, replace the xx with cc) has been doing for it a long time and it’s time to let them know it’s wrong. All I needed to use is Robtex’s DNS tool that checks detailed DNS information for a hostname or a domain.

As you can see, naisoft is hosted at summerhost.info and pcwilleasy is hosted at atbhost.net. Try looking for the “Terms of Service” or “Terms of Use” page which contains information for you to contact them. If not, just try to contact the abuse department via support ticket or contact form. There will be times when these companies that provides free hosting ignores your request because they too think you cannot legally do anything to them. Well they are wrong. Normally they don’t own the servers at home and they rent the servers from datacenters. So contact their datacenter and they’ll surely comply with your request or else they’ll risk their servers being terminated. To find the datacenter, just do a whois on the IP address using DNS Tools.

As you can see, redirecting your wordpress, blogspot, 000webhost and etc hosted website to a .co.cc address to hide your original website don’t protect you nor let you get away from copying articles. The two copycats has complied with my request and removed the articles that they copied from here.