Most of the time it can be a nasty little bugger to get removed, and most anti-virus and anti-spyware software doesn’t remove or fix the problem. That is because the bug likes to hide using different techniques.

So today I wanted to share all the types of explorer.exe killers I have found, and how I fix the problem.

Before we begin:

I just want to say before I get started on letting you know how to fix this problem, is the trick to fixing this issue, has more to do with identifying which technique the bug is using, or if it even a bug at all. Explorer.exe can also start to do the same thing if an update didn’t take correctly. So, make sure that it wasn’t an update that killed off Explorer.exe first before assuming it’s a bug. If you think it was an update problem, I suggest reading this article.

The Killer Driver:

The first type of explorer.exe killer I find is simply a bug that installs a startup driver that kills that restarts the explorer.exe process any time it starts up. It is one of the easiest to spot, and is easy to fix. The first process is to find what drivers are being loaded, and which one it is that it is. What I recommend to do is to start up into safe mode (Reboot, hold F8, select Safe Mode). The reason we want to startup into safe mode is safe mode only starts the operating system with the minimum startup items, services, and drivers. So if we indeed do have a startup driver that is causing the issue, we should be able to login into Safe Mode and not have any explorer.exe problems.

First thing is to optimize the machine, so lets have you startup Msconfig. Go to Start > Run > Type in “msconfig” and hit enter.

In the window that appears choose the startup tab, and choose to disable all. Now go over the the “services” tab, and check the box to hide all non-microsoft services. Click “Apply” and hit “Ok”.

What we have done is cleaned out your startup and services, so if by chance the bug is one of those, we have stopped it from starting up, typically it isn’t going to do the trick, but will cover all our bases.

Now lets download a quick tool. Download link. This tool will allow us to see what drivers are currently loaded in Windows.

Reboot your system into Normal mode and run the program. Scroll through the list of drivers that are loaded, and see if you find any with any description or file type that is blank. If a driver has blank information, it may be the file we are looking for. Once you have found one, do a search for it, and delete the .sys file.

The .DLL File:

The majority of the time, this problem comes from a .DLL file. I would say about 90% of the machines I have worked on with this problem comes from a bad .dll file in hidden in the Windows or System32 directory. The technique I use to find the file we want to look for is a simple process as long as you have the right tools. First, we need a tool to help us watch system processes.

Go ahead and download Process Explorer. Process Explorer will allow you to watch system processes, and see what files, directories, etc they are calling for.

Once you have that up and running, make sure that you have the program running when explorer.exe is currently crashing and restarting. What you want to do is watch Process Explorer for the explorer.exe startup, and see if any other processes start up along side of it.

Typically what I see is explorer.exe starts up, then you have x process open up, and explorer.exe quits, and then x process quits. When x process starts up we want to hurry and take a look at what .dll files it is calling for. Once you have that info, go to the location of the file while being booted into a Live CD. and change the x.dll file to x.dll.bak. This way, if by changing the file messes up your system, you can go back and change it back to x.dll.

On the other hand, if it fixes the problem, you can go in and completely remove the file all together.

I know I didn’t get really to technical here and I apologize. If you have any questions or other techniques please leave a comment.

First, here’s a potentially easier way to share the screens of other Macs on your network. First, realize that the screen sharing feature is just an application. It resides in /System/Library/CoreServices, under the tricky name of Screen Sharing. Find it now, and drag it onto your Dock, or into your sidebar, or your toolbar—whichever you prefer for quick launch access.

Now you can launch Screen Sharing directly from the Finder, without first selecting a machine in the SHARED section of the sidebar. When you do, a dialog box appears onscreen, asking for the remote machine’s address. Great, you’re thinking, now I have to type in a machine’s IP address to connect to it? This is progress? No, not yet it’s not. Quit Screen Sharing if you launched it, switch to Terminal, and copy and paste this line:

defaults write com.apple.ScreenSharing ShowBonjourBrowser_Debug 1

Now launch Screen Sharing again, and revel in the new Bonjour Browser window that allows you to pick which machine you’d like to connect to from a list:

You can now pick your machines from a list of all Macs on the network. (And if there are any other Bonjour-compatible operating systems that support VNC (the technology behind screen sharing), I would expect they’d show up here as well, but I can’t test that assumption.) If you click the Add to My Computers box, the machine you connect to will be added to that section of the browser window, making future access a bit easier (think of it as a Favorites section).

Now that connecting is easier, let’s add even more functionality to the program. Again, quit Screen Sharing if it’s running, and then pop back into Terminal. If you’ve presently got a screen sharing session open, close it. Then copy and paste the following lines into Terminal, then press Return:

defaults write com.apple.ScreenSharing \
'NSToolbar Configuration ControlToolbar' -dict-add 'TB Item Identifiers' \
'(Scale,Control,Share,Curtain,Capture,FullScreen,GetClipboard,SendClipboard,Quality)'

That’s all one long line, so feel free to copy and paste directly to Termianl. When you launch Screen Sharing again, you’ll see six new buttons on your toolbar. (If you can’t see the toolbar, use View -> Show Toolbar to make it visible.)

So what do these new buttons do? Here’s a quick rundown on each.

Switch between controlling the remote Mac (the default) and simply observing the other machine.

Switch between allowing the remote Mac’s keyboard and mouse to be used (the default) and locking them out.

This button will lock the other Mac’s screen, displaying an all-black background, a huge lock icon, and the text you enter after clicking this button. Note that there’s a minor bug here; you’ll actually see the name of a variable that Apple left in the text field, too—so if you type “Using remotely,” the displayed message will be “Using remotelylockedByString.” This button is off by default, meaning the other Mac’s screen displays what you’re doing.

Click this button to capture the remote Mac’s screen to a local file. You’ll capture the full screen, and the system will ask you to pick a name and save location for the file.

Toggle between windowed (the default) and full screen modes. In full screen mode, the toolbar floats in the top left of the screen. To exit full screen mode, click the “X” button on the toolbar.

Not really a button at all, this is the quality slider. If you’re finding that screen updates are going slowly, for instance, you can reduce the quality—all the way down to a badly dithered black-and-white representation—to speed things up.

You might run into the occasional glitch with some of these features—like the extra text displayed in the lock screen mode—but for the most part, they work quite well. You can customize the toolbar as you would in any app, too. Feel free to use Command-drag to rearrange the icons, for instance. The only thing you can’t do is drag the default set back into the toolbar. If you do that, you’ll lose all your custom buttons. Obviously, that’s also the easiest way to undo this hint; just pick View -> Customize Toolbar, and then drag the default set up onto the toolbar. But after trying screen sharing with these new features, I have no intent to give up the added functionality!

Microsoft’s Windows Genuine Validation is basically code that is slipped onto your PC when you update Windows. If you have automatic updates on, it was even more hidden because Microsoft won’t tell you what they are putting on your computer until it’s there. Anyways…what it does is checks your version of Windows XP for a Genuine CD key. So if you have a pirated version of Windows XP on your computer, it is going to tell that your version isn’t genuine. If it isn’t a genuine version of Windows XP, you will not be able to receive any of the updates (like anyone does update anyways).

For those who just can’t find life without Windows updates (Ya, there are times you need them.) here is the newest, and updated way around it. This will also include the new update of Microsofts’ of making annoying reminders that are copies are not “genuine”.

How To: Turn off the annoying WGA reminders-

This is so simple that It makes me wonder why Microsoft did it in the first place. When you load into a user, you will recieve a bubble on your taskbar, along with a icon. When right clicked, you get a “Change Notifications Settings” menu choice. Click on it. It will take you to the Microsoft site, and you will be given a check box to turn off the reminders that you aren’t running a genuine version of windows.

Like I said simple.

How To: Get Windows Updates With Non-Genuine Version of Windows-

Well, the way to get around WGA has changed since October of 2005, but if you have been checking out the original post I made, you would notice it still gets alot of activity.

The fix is the same as in the recent comments. It is a registery fix, and I’ll let you in on it.

Instructions-

1- Go to the Windows Updates page, and download all updates including windows genuine valdiation.

(You will know that you are ready to move on to step two when you go back to the Windows Updates page again, click “custom” or “express”, and you recieve a page that notifies you that your version of Windows is not Genuine. If this happens move on to step two.)

2- Go to start, run, and type in regedit

3- Locate yourself to HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ policies \ EXT \ CLSID

(HKLM= HKEY LOCAL MACHINE)

4. There will be two files, one has no value, and the other one should be set to 1.
Change the file value data that is “1″ to “0″.
5. Open windows update.

6. Select which way you want to go (either custom or express) it doesn’t matter at this point.

7. You will be asked to reinstall the Validation tool. It now thinks you don’t have Windows Genuine Validation installed, but you do. DON’T CLICK THE BUTTON! DON’T CLOSE THE PAGE! DON’T REFRESH THE PAGE! Instead…put the registry data variable string that you deleted back in with a value of “1″. Once you have the value set back to “1″ close regedit and return back to your open Windows Update window.
8. Click back and then click the update method of choice (Custom or Express) and voila! It works!

Deleteing it completely. (Advanced)-
End the process wgatray.exe in Windows TaskManager and restart Windows XP in safe mode. Now delete the following files:

Delete WgaTray.exe from c:\windowss\ystem32
Delete WgaTray.exe from c:\windows\system32\dllcache

Start Windows Registry editor and delete the folder “WGALOGON” located in the following location:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\WinlogonNotify. Delete all references in your registry to WgaTray.exe

Another alternative suggest that three files are installed Windows XP System Folder:

\WINDOWS\system32\WgaLogon.dll
\WINDOWS\system32\WgaTray.exe
\WINDOWS\system32\LegitCheckControl.dll

The wgatray.exe process makes the check for genuine windows software. You can disable WGA by removing the execute bit on WgaLogon.dll. That way, winlogon can’t call it as a notification package at boot, and since WgaLogon is responsible for running and maintaining WgaTray.exe, no more tray popups either.

To change the execute bit of WgaLogon.dll, first turn off Simple File Sharing. Now right click the file in Windows Explorer and open the Security Tab. Hit the Advanced button, uncheck the Inherit box at the bottom, hit the Copy button, then hit OK. Go through each listed user/group and remove the “Read & Execute” permission for that file, leaving the “Read” permission as-is.

Hit OK to apply the permission changes and close the file properties dialog. Restart the machine. You can now turn “Use simple file sharing” back on, if you want.

A third alternative posted on the internet suggest that users clear the content of file data.dat located in the following directory:
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage\data

Save the data.dat empty file and change the attributes to “Read Only” – Restart you computer. Or start your PC in Safe Mode and delete the following files from Windows system32 folder – wgalogon.dll spmgs.dll wgatray.exe The WGA setup file is in C:\WINDOWS\SoftwareDistribution\ Download\6c4788c9549d437e76e1773a7639582a

If you don’t use “Fast User Switching”, you can disable the Windows XP Welcome Screen if you are logged in as an Administrator. This will remove the initial WGA Warning Screen:

1. Click on Start -> Control Panel ->User Accounts
2. Click on “Change the way users log on or off”
3. Uncheck “Use the Welcome Screen” – Choose Apply
4. Close the User Accounts window and the Control Panel
5. The next time you reboot your computer, the classic login prompt will be used

I just want to report that I don’t believe the javascript code line in the address bar method works anymore. Neither can you disable WGA in your browser. That is basically what you are doing in the registery. You are making it seem like you didn’t have WGA, hence “0″, downloaded it and passed as genuine, hence the change to “1″.

I’m sure Microsoft will come out with more updates to WGA, and we’ll find ways around it. So if you have problems, just come check out this post comments and I’m sure will have the fix.

Also, you can download the new pirated version of Windows XP Pro SP2 that is out on torrent. That has a fix on it so it looks genuine to Windows all the time. I suggest if you are going to reformat, you download that image and use it on the reinstall.

Good luck my fellow Windows piraters!

Do not fret though my fellow windows zombies, there is a tool that windows has added that is very secret. I have no clue why it is secret, cuz everyone should know this. Maybe its not a secret, but more of just not talked about, but anyways its called “taskkiller”.

The consecpt is easy enough, good into taskmanager, find the name of the task that won’t quit, and write it down. Then open up Notepad and type something like this

@echo off
taskkill/im NAMEOFTASK.exe /f

and save as a .bat (Batch file)
In place of the NAMEOFTASK type in what you wrote down earlier, and run the batch file, and ta da! Instant end of the task.

Hopes this helps some of you techs out there that have been emailing me

P.S. Incase you are wondering a breakdown of the code to get the meaning, here it is.

taskkill= the .exe that runs to kill the task
/im= the image name of the task to be killed
/f= to force the kill

So here are some really easy things to do on your computer help protect your computer.

1-Changing your boot sequence, and setting BIOS password.

A person can easily still all the data on your hard drive by sticking in a live CD, like Knoppix, loading it up, and taking anything they want. They do this by putting in the CD to the drive, restarting your computer, changing the boot sequence to CD first, and booting their CD. When the user is in, they can take you SAM.SAM file (Windows Password File), crack it, and know your passwords.

It is really easy to fix this problem, but keep in mind, this will only discourage the hacker, or make slow him down, but it is not impossible to get around… like any other type of security.

Restart your computer and wait until the boot diagnostic screen tells you that you can enter the CMOS Config. To enter the CMOS config, hold down the key your boot diagnostic screen says, it will most likely be the DEL, F2, or F12 key.
Once you have entered CMOS, get to your boot loader page (all CMOS Configs are different, so I can’t really say where you will find it on your CMOS) Once located, change the setup to: FIRST= Hard Drive, SECOND= Floppy Drive, THIRD= CD Drive.
Now go in CMOS and find your “Set Supervisor Password” and password protect CMOS so a hacker can not change your boot sequence.
Save all changes

It is as easy as that, but remember the CMOS password will only slow down the hacker, or discourages him, if he really wants to get into the CMOS, he must pull the battery from the motherboard, or reset the CMOS by using the jumper on the motherboard.

2-Saving only NT Hash passwords

Microsoft for some reason saves two password hash files when you save a password to say… your user. You get a LM hash file, and a NT hash file. The difference is that NT hash is newer, and more secure, and LM hash has been used since Windows 3.1.

The funny thing is that you DO NOT need the LM hash at all! Your computer will run perfectly fine with out it, making your computer more secure.

So let’s get rid of that nasty LM hash

Log in as an Administrator
Go to the “Start” menu and click on “Run”
In the “Open:” text box type in “regedit” and click okay.
On the left hand side of the window you will see a tree menu, click on the folder HKEY_LOCAL_MACHINE.
Then click on SYSTEM, then CurrentControlSet, then Control, and then Lsa.
On the right side you will see the register file called “nolmhash”, double click and open that.
Change the “Value data:” to 0, and hit OK.

That wasn’t so bad now was it?

3- CTRL+ALT+DEL Real User Check

Some virus are coded to automatically login and begin to execute their code, we can easily stop them but screwing up there login code by making a user push CTRL+ALT+DEL, before logging in. In addition to that, we can change the login from the click and point to a user, to typing the in the Username, hence making your computer more secure (because the hackers won’t know your username).

In addition, say you have a little kid brother, or sister, and they love to screw with your computer. By doing the Real User Check, you can make it harder for them to login.

Log in as an Administrator
Go to the “Start” menu and click on Control Panel. (You may have to type “Control Panel” in your address bar in a explorer window if you do not see it on your start menu)
Go to “User Accounts” Under “Pick a task…” click on “Change the way users log on or off”
Uncheck “Use the Welcome Screen”.

You will now be switched back to the classic login, which is more secure.

4-Make a Lock Screen Shortcut

It is just one of the many human urges we get when we see someone else’s computer, or user logged in and unattended to. One just loves to get on and dink around with another’s stuff to screw it up.

It is so easy just to log off, but we don’t want to because that means closing apps. and when logging back on we would have to load all of are startup items again. So make a handy shortcut right on your desktop that you can easily click and lock the screen allowing no one to make any changes to your computer while not having to close any apps.

Right click on the desktop and click on New> Shortcut.
A wizard will come up and ask you to “Type the location of the item:” Point it to your Windows/System32/rundll32.exe (example: C:\WINDOWS\system32\rundll32.exe) Click Next
Name the shortcut something like… Lock Screen
YOU’RE DONE! That easy!

Well that was simple.

I hope you found all these tips helpful and trust me, it really does help. Questions are comments may be posted.

read more

There is a couple ways of stopping Vision. First, go to C:\Program Files\Master Solution you should see a folder inside called Vision, open it and see a program called MEUCONF, open it and hit “Run Manually�?, and that should solve that problem.

Another way is by simple unplugging the RJ45 connector from the NIC (Or in English, disconnect the wire coming from the networking card.)

FOR WINDOWS 95/98/ME:
Deep Freeze is a VxD (Virtual Device Driver) found in C:\Windows\System\Iosubsys\persifrz.vxd.
So the only way for hacking it is using a boot-disk and deleting the file. Yes…there is more files in C:\program~1\hypert~1\deepfre~1 but those are obsolete to us. They have nothing to do with what we are doing.

Note: persifrz.vxd IS Deep Freeze. Hence, deleting it will kill it completely

If you can’t boot from the floppy because your boot order is not setup that way, and your teacher has password-protected the bios, you can always 1-pull the battery out of the motherboard 2- move the “reset jumper�? by the bios to reset it.

FOR WINDOWS 2K/XP:
You need to delete 2 drivers and 1 service (I’m sure you can figure out the the paths)

DepFrzLo.sys (kernel driver)
DepFrzHi.sys (filesystem driver)
dfserv.exe (service)
frzstate.exe (password dialog)
persis00.sys (password file and “on/off switch”)

You should be good to go.

You should take Questions/Comments to the “Comments�? section of this post.

One of the most annoying things about Windows is that in order to have a decent experience, you need to reformat and reinstall Windows once every 6 months at most, or you will have to endure the pain and suffering of all hell breaking loose on your computer, once a year. The reasons behind this are long and complex to an extent, but primarily they stem from the fact that Windows requires software manufacturers to repeatedly overwrite various shared components with their own custom versions, hence making them vulnerable. To make matters worse, software writers are allowed to pitch files all over your hard drive. On a good day an uninstaller will seek and destroy the majority of these files. So the uninstallers, if they don’t fail outright, leave a lot of junk behind. All of this leads to awful performance over time, and an increasing number of crashes and other crap. Since MicroSucks is so stupid and won’t get rid of there registries, and I have no clue why they hold on to them, spyware and viruses are easily tucked away hidden, until you do a spyware search.

So, you are going to reinstall Windows if you know what’s good for you. But if you are like most computer people, you took that stack of manuals and documentation that came with your computer and put it in a safe place, such as a fire, the trash, or even sold it on Ebay for that money you needed to pay that guy off for the bet you placed. Needless to say, that Windows serial number is long gone, or at the very least it is inconveniently located on the back of the machine partying with the elephant sized dust bunnies that have gathered in the darkness. But fear not my little hackers, code crackers, slackers, Eric has an answer! Windows being about as secure as the US-Mexico border will cough up the goods with a little persuasion from Keyfinder. Best of all, it won’t cost you anything to regain this valuable string of letters and numbers. Of course, I am sure some people will put it to more nefarious purposes. You bad wittle kiddies.

Speaking of nefarious (cool word huh), have you ever forgotten your administrative password for Windows (or maybe you need to break into your bosses email before he reads that email you accidentally sent to the whole company while drunk on Saturday night documenting his affair with the less-than-runway-super-sized-model, or for us younger tots, you want to show your teacher up for that “F�? he/she gave you for proving him/her wrong)? Have no fear, MicroSucks comes to your rescue…again, with a handy knowledgebase article explaining just how one might go about this. (OK, this is another reason why MicroSucks… sucks, they tell you how to retrieve passwords on there own OS, which we all know only leads to the cause of havoc.) How to log on to Windows XP if you forget your password or your password expires

I know there is still a lot of unanswered questions, and I know a lot of people want to know how I make my “programs�? (*cough*viruses) and I know that people want to know how to successfully use NET commands non-remotely, and remotely, but I’m not going to answer those right now, I’ll leave you wanting more . If you have questions or comments, or need to know how to do something else, let me know in the comments. Until next time, enjoy!

1. What is Microsoft’s Windows Genuine Validation?

2. Why did Microsoft do that?

3. How do I bypass it.

Microsoft’s Windows Genuine Validation is basically code that is slipped onto your PC when you update Windows. If you have automatic updates on, it was even more hidden because Microsoft won’t tell you what they are putting on your computer until it’s there. Anyways…what it does is checks your version of Windows XP for a Genuine CD key. So if you have a pirated version of Windows XP on your computer, it is going to tell that your version isn’t genuine. If it isn’t a genuine version of Windows XP, you will not be able to receive any of the updates (like anyone does update anyways).

Microsoft did that because of the fact that they THINK they can stop people from paying for that OS. No one pays for it because of the hell Microsoft puts us through with their OS.

The fact of the matter is that Microsoft thinks they are smart, and they can stop us from pirating versions of there crappy operating system. Once you see the steps of bypassing this you will believe me when I say that “MICROSUCKS SUCKS!!!�?

Instructions:

Go to the Windows Update page. DO NOT CLICK THE “Custom�? or “Express�? buttons yet!

Copy and paste the following line into the address bar of your browser.

javascript:void(window.g_sDisableWGACheck=’all’)

Press Enter (THE PAGE SHOULDN’T CHANGE!)

Now you may click on one of the buttons “Custom�? or “Express�?

Told you it was so easy that it would make you go crazy. As you can see, it’s a simple JavaScript, by typing that into the browser and hitting enter; you disable that part of the code.

UPDATED: You may not be able to bypass using that javascript code, but don’t worry there is another way. In IE go to Tools -> Manage Add-ons -> “Add-ons that have been used by IE” -> Windows Genuine Advantage and check “disable”. Apply, hit Okay and reload the Microsoft Windows Update page.

UPATED AGAIN: Because of recent changes of IE and Windows tring to secure paying customers before they release Vista, Microsoft has made these previous ways of getting around not possible, but do not fear, here is the new way.

1- Download all updates including windows genuine valdiation

2- Go to start, run, and type in regedit

3- Locate yourself to HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ policies \ EXT \ CLSID

4. There will be two files, one has no value, and the other one should be set to 1.
Change the file value data that is “1″ to “0″.

5. Open windows update.

6. Select which way you want to go (either custom or express) it doesn’t matter at this point.

7. You will be asked to reinstall the Validation tool. DON’T DO IT! Instead…put the registry data variable string that you deleted back in with a value of 1

8. Click back and then click the update method of choice and voila!

There you go.