When you do a normal search using the word ‘grapes’, the URL bar usually looks like this:
http://www.google.com/search?hl=en&q=grapes

To filter results you can add the command &as_qdr=d at the end of the URL. You can change d (days) to w (weeks) or y (years), and adding a number at the end indicates how far back in time the search results should show.

Here are example usage:

http://www.google.com/search?hl=en&q=grapes&as_qdr=d
shows results over the past 24 hours for grapes

http://www.google.com/search?hl=en&q=grapes&as_qdr=d3
shows results over the past 3 days for grapes

http://www.google.com/search?hl=en&q=grapes&as_qdr=w5
shows results over the past 5 weeks for grapes

http://www.google.com/search?hl=en&q=grapes&as_qdr=y2
shows results over the past 2 years for grapes

Related Posts

• How to search for a specific image size on Google image search

© Ryman for Techie Bubble, 2009. | Permalink | No comment
Post tags: Google, search
This Feed is for personal non-commercial use only. If you are not reading this material in your Feed Reader, News Aggregator, or RSS Reader, then the site you are looking at is guilty of copyright infringement. Please contact infinity@eternalmoonlight.net so we can take legal action immediately.

Conficker, also known as Downup, Downadup and Kido, is a computer worm that surfaced in October 2008 and targets the Microsoft Windows operating system. The worm exploits a known vulnerability in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, and Windows 7 Beta. The latest variant will begin checking for a payload to download on April 1, 2009. [wiki]

The news report I got was from CNN regarding the Conficker C computer worm which is expected to activate on April Fool’s Day (April 1, 2009).

Those infections haven’t spawned many symptoms, but on April 1 a master computer is scheduled to gain control of these zombie machines, said Don DeBolt, director of threat research for CA, a New York-based IT and software company.

…

The program could delete all of the files on a person’s computer, use zombie PCs — those controlled by a master — to overwhelm and shut down Web sites or monitor a person’s keyboard strokes to collect private information like passwords or bank account information, experts said.

The Tech Herald is on the same note regarding the Conficker.

“This worm, detected as Win32/Conficker.C, is getting ready for April Fool’s Day on 1 April, although it definitely won’t be fooling around. On that day, Conficker.C will commence its attempt to generate 50,000 URLs daily and try to access (download or report back to) 500 of them. It is a clever strategy, but the security industry is certainly on the lookout.”

Conficker A was reportedly released around November 2008. While Conficker B evolved around January 2009. Conficker C is the latest version of this worm which most systems now are already affected, and is said to activate on April 1, 2009.

I have already posted a similar topic a couple of days ago titled “How to remove the jwgkvsq.vmx worm virus” which was when I started to notice the virus in our network, it was the Conficker worm. I dismissed it as an ordinary virus. But it seems that it has been spreading around a lot lately. Now its security level is ‘highly dangerous’.

Symptoms to check if your computer is infected with this:

• Show all hidden files and folders are not working
• Can’t access anti-virus websites like: Bitdefender.com Symantec.com, and patch sites like Microsoft.
• The existence of a file named: jwgkvsq.vmx inside the RECYCLED folder.
• Creates autorun.inf files on USB devices plugged in an infected machine. Also other viruses does this.
• Account lockout policies being reset automatically.
• Certain Microsoft Windows services such as Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender and Error Reporting Services are automatically disabled.
• Domain controllers respond slowly to client requests.
• System network gets unusually congested. This can be checked with network traffic chart on Windows Task Manager.
• Launches a brute force dictionary attack against administrator passwords to help it spread through ADMIN$ shares, making choice of sensible passwords advisable.

Remove the virus:

Some of the well-known security companies came up with tools for removing the Conficker/Downandup worm virus. Removal tools can be freely downloaded from any of the following security sites:

• Microsoft
• BitDefender
• ESET
• Symantec
• Sophos
• Kaspersky Lab
• McAfee Anti-virus with updated detections can remove this by scanning your system.
• AVG can also remove it via system scan, if you have it installed and updated.

How to remove the Conficker/Downandup worm virus?

1. Download Conficker/Downandup removal tools from the given sites above.
2. Disconnect from the internet, and remove any network cables at the back of your PC/laptop, and also remove any plugged-in USB devices.
3. Login as Administrator on your computer, or any account that has administrator privileges.
4. Run the removal tool. My recommendation is to use the removal tools from BitDefender (quick scan) and Symantec (thorough scan). But if you are not content, just run all the removal tools for greater detection.Simple-case: The removal tool will detect and remove the Conficker worm and ‘may’ require that you restart your computer.
   Extreme-case: The removal tool won’t run because the virus is preventing it from running. Quick solution:
   1. Open task manager (CTRL+ATL+DEL)
   2. Terminate (End) the process with these names: explorer.exe and svchost.exe
   3. A countdown timer will appear requiring you to restart your computer. DO NOT DO ANYTHING AT THIS POINT EXCEPT… Immediately run the BitDefender Tool (quick scan) so that it will remove the virus before your computer restarts.
   4. If the tool won’t still run, ‘end process’ all the svchost.exe and try running the removal tool again.

It only affects Windows system that aren’t patched with the latest update. Run autoupdate and patch your Windows. It is critical that these patches be installed:

Microsoft Security Bulletin MS08-067 – Critical
Vulnerability in Server Service Could Allow Remote Code Execution (958644)
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx (download for XP)

Microsoft Security Bulletin MS08-068 – Important
Vulnerability in SMB Could Allow Remote Code Execution (957097)
http://www.microsoft.com/technet/security/bulletin/ms08-068.mspx (download for XP)

Microsoft Security Bulletin MS09-001 – Critical
Vulnerabilities in SMB Could Allow Remote Code Execution (958687)
http://www.microsoft.com/technet/security/bulletin/ms09-001.mspx (download for XP)

For manual download of patches for Windows XP and Vista go to http://www.softwarepatch.com/windows/

TAKE NOTE:

The virus spreads via network, so plugging your computer/laptop again through the network the virus may infect it if your software isn’t patched.

The virus also spreads via autorun.inf on USB devices, plugging an infected USB device may infect your computer.

For questions regarding the removal of this virus and other inquiries regarding the topic feel free to leave a comment, and I’ll get back to you.

Extra resources you may find useful:
Removing Downadup and Repairing [downadup.com]

If your computer is infected, you won’t be able to visit sites (error timed out) with these keywords on their domain name:

• virus
• spyware
• malware
• rootkit
• defender
• microsoft
• symantec
• norton
• mcafee
• trendmicro
• sophos
• panda
• etrust
• networkassociates
• computerassociates
• f-secure
• kaspersky
• jotti
• f-prot
• nod32
• eset
• grisoft
• drweb
• centralcommand
• ahnlab
• esafe
• avast
• avira
• quickheal
• comodo
• clamav
• ewido
• fortinet
• gdata
• hacksoft
• hauri
• ikarus
• k7computing
• norman
• pctools
• prevx
• rising
• securecomputing
• sunbelt
• emsisoft
• arcabit
• cpsecure
• spamhaus
• castlecops
• threatexpert
• wilderssecurity
• windowsupdate
• nai.
• ca.
• avp.
• avg.
• vet.
• bit9.
• sans.
• cert.

Related Posts

• How to remove the ACROBAT.COM.EXE worm virus
• How to remove the jwgkvsq.vmx worm virus
• How to remove the lkhd.exe / cqtvs.exe virus

© Ryman for Techie Bubble, 2009. | Permalink | 5 comments
Post tags: anti-malware, anti-virus, Conficker, Downadup, removal, virus, worm
This Feed is for personal non-commercial use only. If you are not reading this material in your Feed Reader, News Aggregator, or RSS Reader, then the site you are looking at is guilty of copyright infringement. Please contact infinity@eternalmoonlight.net so we can take legal action immediately.

It also spreads via USB drives.

If you found a file with the name lkhd.exe or cqtvs.exe residing on your computer, or is running on a process (task manager), or in a startup program, it maybe a virus.

It is a variant of YDGP.EXE virus.

To remove the lkhd.exe or cqtvs.exe virus?
Just download and run the Prevx CSI scanner. It will remove any trace of the virus.

After downloading, installing, and running the program it will ask you for a purchase code to cleanup the infections it found. Don’t worry, you don’t have to pay, just navigate to the directory (in the report) where the infected file is located, and just delete it manually.

Related Posts

• Remove Conficker/Downadup/Kido worm virus before April 1, 2009
• How to remove the ACROBAT.COM.EXE worm virus
• How to remove the jwgkvsq.vmx worm virus

© Ryman for Techie Bubble, 2009. | Permalink | No comment
Post tags: cqtvs.exe, lkhd.exe, trojan, virus, ydgp.exe
This Feed is for personal non-commercial use only. If you are not reading this material in your Feed Reader, News Aggregator, or RSS Reader, then the site you are looking at is guilty of copyright infringement. Please contact infinity@eternalmoonlight.net so we can take legal action immediately.

How to remove the acrobat.com.exe virus?
Just download and run the Prevx CSI scanner. It will remove any trace of the virus.

After downloading, installing, and running the program it will ask you for a purchase code to cleanup the infections it found. Don’t worry, you don’t have to pay, just navigate to the directory (in the report) where the infected file is located, and just delete it manually.

Related Posts

• Remove Conficker/Downadup/Kido worm virus before April 1, 2009
• How to remove the jwgkvsq.vmx worm virus
• How to remove the lkhd.exe / cqtvs.exe virus

© Ryman for Techie Bubble, 2009. | Permalink | 2 comments
Post tags: Acrobat.com.exe, virus, worm
This Feed is for personal non-commercial use only. If you are not reading this material in your Feed Reader, News Aggregator, or RSS Reader, then the site you are looking at is guilty of copyright infringement. Please contact infinity@eternalmoonlight.net so we can take legal action immediately.

It is also known as:

• W32/Confi
• W32/Conficker.worm!inf
• Win32/Conficker.B – CA

It exploits Microsoft Windows vulnerability:
Microsoft Security Bulletin MS08-067 – Critical
Vulnerability in Server Service Could Allow Remote Code Execution (958644)
Published: October 23, 2008

Symptoms:

• ‘Show hidden files and folders’ doesn’t work. You can check this by going to a folder, then click Tools, then Folder Options, then View tab. Select the ‘Show hidden files and folders’ then click Apply, then Ok. Open Folder Options again, if it reverted back to ‘Do not show hidden files and folders’ then you have this virus.
• Evey time you plug in a USB device on your computer, it creates an autorun.inf file, and a RECYCLER folder with the jwgkvsq.vmx virus file.
• You can’t access anti-virus websites an other popular websites like microsoft.com or yahoo.com
• Windows won’t boot into Safe Mode. This happens on extreme cases. When you try to boot into Safe Mode, your computer restarts/shuts down

Side-effects

• Since this is a worm, system slowdown may (or may not) happen.
• Quickly spreads through networked computers and USB devices. Which includes flash drives, portable external hard drives, mobile phones, mp3 players, and anything that can be plugged into a USB port.
• Won’t let you access some websites.

Now let’s go back to the topic. Remember that this guide will only help you remove the jwgkvsq.vmx virus.

Click through the link to continue…

Here is a quick step to remove this virus from your computer, and from your USB devices.

Preparation:

• Download FixDownadup.exe from Symantec.com
• Download anti-Downadup-EN.zip from BitDefender.com (just in case the first one doesn’t work).
• Download Process Explorer and AutoRuns from Sysinternals (we may or may not use this).
• Download MoSo Force Delete (just in case we need to delete something that can’t be deleted).

Now let’s start…

Removing the jwgkvsq.vmx virus from your computer

1. Disconnect your computer from the network, if it is connected. Removing the network cable from your PC should do the trick.
2. Just run the FixDownadup.exe we downloaded from Symantec. It should clean the virus of the PC. This works if the infection is in a low-level state. Meaning you have anti-virus software already running and the infection is isolated.
3. After scanning you should see a report popup, and an option to go to Microsoft website to patch your computer with a critical security update.
4. Restart your computer. When you’re back on the desktop, check your programs/softwares if it is still running.
5. Turn of System Restore to delete all entries, which sometimes contains remnants of the virus. To do this:
   1. Right-click My Computer, select Properties.
   2. Click System Restore tab.
   3. Check ‘Turn off System Restore on all drives’. Click Apply, then Ok.
   4. Restart your computer.
   5. Then, uncheck ‘Turn off System Restore on all drives’ to enable it again.

Removing the jwgkvsq.vmx virus from your USB device

1. First. Start your computer on Safe Mode
   1. Shut down your computer
   2. Turn it back on, before the Windows loading screen comes up, press F8. Or just press it repeatedly after starting your computer
   3. Select Safe Mode on the menu by pressing the arrow keys and hitting Enter.
2. Plug your USB device. Notice that the autorun.inf won’t run in safe mode.
3. Enable the ‘Show hidden files and folders’. Instructions are listed on the Symptoms section above.
4. Delete autorun.inf file. It is usually located on the root of the USB drive.
5. Delete the hidden/system folder RECYCLER.
   1. If you can’t delete it, you have to disable it’s function (for external/portable hard drives). Right-click on the Recycle Bin icon on your desktop, then select Properties. Select ‘Configure drives independently’. Then tab to the external drive, and check ‘Do not move files to the Recycle Bin.’ Hit Apply, then Ok’
   2. If it is a flash drive or other USB device, use MoSo Force Delete, we’ve downloaded earlier on this guide.

Just in case the virus registered itself on the registry. Open the Run dialog box from the start menu, then type regedit. Then search for the file name jwgkvsq.vmx. If you found an entry, just press DEL to delete it.

If your computer is in a network, better check all the other computers connected to it. Also download and install the automatic update (Microsoft vulnerability) which I’ve posted at the beginning of this post.

In extreme cases, your computer won’t initiate Safe Mode and after using the removal tool above, your system may report a missing .dll file or something.

Credits (and for reference refer) to these two sites:
http://tuxvoid.blogspot.com/
http://arpeex.blogspot.com/

For any additional support or inquiry regarding this problem, just leave a comment here, and I’ll reply as soon as I can.

Related Posts

• Remove Conficker/Downadup/Kido worm virus before April 1, 2009
• How to remove the ACROBAT.COM.EXE worm virus
• How to remove the lkhd.exe / cqtvs.exe virus

© Ryman for Techie Bubble, 2009. | Permalink | 23 comments
Post tags: jwgkvsq.vmx, network virus, USB virus, virus, W32/Confi, worm
This Feed is for personal non-commercial use only. If you are not reading this material in your Feed Reader, News Aggregator, or RSS Reader, then the site you are looking at is guilty of copyright infringement. Please contact infinity@eternalmoonlight.net so we can take legal action immediately.

• Access denied.
• Cannot delete file: Access is denied
• There has been a sharing violation.
• The source or destination file may be in use.
• The file is in use by another program or user.
• Cannot delete file: It is being used by another person or program.
• Cannot delete Folder: It is being used by another person or program.
• The process cannot access the file because it is being used by another process.
• Close any programs that might be using the file and try again.
• Make sure the disk is not full or write-protected and that the file is not currently in use.

The two ways in which you can kill a process both involve using a small and nifty software, but don’t worry both of them are free.

The first one is using the popular Unlocker program. Just download and install, and that’s it. Now to use it just right click on the file that you can’t delete because it is locked or even a USB drive that you can’t unplug, then choose Unlocker. That’s it, just kill or shut down the process that is keeping the file/folder locked.

The second one is called the File & Folder Unlocker. After downloading the file, just double-click it to run the program. No installation is needed, and it can run on a flash drive. This program lists all the running processes on your computer so you can kill or eliminate the program that is stopping you from modifying or deleting a file or folder.

Just head over to their websites to view sample screen shots of the program.

Random Posts

• Remove Conficker/Downadup/Kido worm virus before April 1, 2009
• How to remove the extra spaces that appear in Dreamweaver
• How to fix error ‘8002801c’ that appears on your browser when you access localhost
• How to delete your Yahoo account
• How to remove the jwgkvsq.vmx worm virus

© Ryman for Techie Bubble, 2009. | Permalink | One comment
Post tags: file, process, Windows
This Feed is for personal non-commercial use only. If you are not reading this material in your Feed Reader, News Aggregator, or RSS Reader, then the site you are looking at is guilty of copyright infringement. Please contact infinity@eternalmoonlight.net so we can take legal action immediately.

First go to Google image search, then user the operator imagesize:

example…

and the output…

(click image for larger view)

Related Posts

• Filter Google searches by date or time

© Ryman for Techie Bubble, 2009. | Permalink | No comment
Post tags: Google, image, search
This Feed is for personal non-commercial use only. If you are not reading this material in your Feed Reader, News Aggregator, or RSS Reader, then the site you are looking at is guilty of copyright infringement. Please contact infinity@eternalmoonlight.net so we can take legal action immediately.

Back then I was having trouble deleting and closing my Yahoo account from Yahoo! So I copied the link to their account deletion page so that I have easy access to it.

So to delete or close your Yahoo account, just visit this URL:
https://edit.yahoo.com/config/delete_user

Before logging in (and to prevent phishing), verify and make sure the link is right. It should be pointing to yahoo.com and uses secure protocol (https://)

For more info regarding deletion of your Yahoo account, just visit their help page.

Random Posts

• How to remove the jwgkvsq.vmx worm virus
• How to fix error ‘8002801c’ that appears on your browser when you access localhost
• How to search for a specific image size on Google image search
• How to remove the ACROBAT.COM.EXE worm virus
• Remove Conficker/Downadup/Kido worm virus before April 1, 2009

© Ryman for Techie Bubble, 2008. | Permalink | One comment
Post tags: accounts, web portal, Yahoo!
This Feed is for personal non-commercial use only. If you are not reading this material in your Feed Reader, News Aggregator, or RSS Reader, then the site you are looking at is guilty of copyright infringement. Please contact infinity@eternalmoonlight.net so we can take legal action immediately.

One time at the office, my officemate encountered a tiny bit of problem, more like a hassle, when he download style.css from his live site to the Dreamweaver application. The program, adds additional lines on each of the code. So every time he download and update the file, Dreamweaver adds another white space line. This is problematic every time he updates the file, which made the file up to 12,000+ lines of code.

Here is how we removed the extra lines that appeared.

1. While the document is open in Dreamweaver, press CTRL+F to load the Find & Replace dialog box. Do the search on the source code view.
2. Check the box “Use regular expression” and uncheck any other boxes.
3. Find: [\r\n]{2,}
4. Replace: \n
5. The hit “replace all”

That’s it!

However, take note that this method will remove any existing white space on your code.

Another thing. When you download the file again, Dreamweaver will add another white space on your code. Messing it up again. This is because of encoding and server type.

This usually happens if you are using Dreamweaver CS3 and your are downloading a file from a Unix/Linux server to a Windows based local PC. To fix this…

1. Inside Dreamweaver, click Edit on the menu.
2. Then Preferences.
3. Then Code Format.
4. Then on the “Line Break Type” select “LF (unix)”
5. Click Ok. Done!

Related Posts

• Quick Tip #1

© Ryman for Techie Bubble, 2008. | Permalink | 6 comments
Post tags: Adobe, CS3, Dreamweaver, Macromedia, tip
This Feed is for personal non-commercial use only. If you are not reading this material in your Feed Reader, News Aggregator, or RSS Reader, then the site you are looking at is guilty of copyright infringement. Please contact infinity@eternalmoonlight.net so we can take legal action immediately.

error ‘8002801c’

Error accessing the OLE registry.

/iisHelp/common/500-100.asp, line17

I searched around the net for possible solutions…

(1) On Internet Explorer it works fine but in Firefox the error appears.
(2) Windows is not installed correctly, and some files are corrupted.
(3) IIS and .NET Framework incompatibilities.

and some others. But the best solution I used was disable IIS completely, since I’m not using it anyway. But if you are using it (like for .asp) then don’t do this.

Remember that I’ve used this method for WAMP (Apache, MySQL, PHP) to work on my PC.

Solution after the gap.

1. Open Start, then Control Panel.
2. Open Administrative Tools
3. Open Internet Information Services (IIS)
4. Browse to your Default Web Site (RED), then click the STOP button (BLUE). This will fix the problem.
   
   You can also stop the SMTP Virtual Server (indicated by the second RED circle).

That’s it. Install WAMP, or any program you need localhost to run. Then it should be working fine.

Related Posts

• Quick Tip #1

© Ryman for Techie Bubble, 2008. | Permalink | One comment
Post tags: localhost, Mozilla Firefox 3, WAMP
This Feed is for personal non-commercial use only. If you are not reading this material in your Feed Reader, News Aggregator, or RSS Reader, then the site you are looking at is guilty of copyright infringement. Please contact infinity@eternalmoonlight.net so we can take legal action immediately.