W32.Sality.AE

Hi All,

Now the days every system is being getting infected by virus. Every day new new viruses are being getting spread. Recently my system was been infected by W32.Sality.AE virus. It’s an LOW risk virus. Though, I thought of to remove from my system. I used Symantec antivirus to do this. Actually this virus spreads internally and infects all the exe’s of you system. All the exe’s will get corrupt finally.

While I am doing some search in net, I got some interesting information about this virus. Probably, this could help you also some time.

http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2008-042106-1847-99

W32.Sality.AE

Risk Level 1: Very Low

Also Known As: TROJ_AGENT.XOO [Trend], W32/Sality.ae [McAfee], Sality.AG [Panda Software], Win32/Sality.Z [Computer Associates], Win32/Sality.AA [Computer Associates]

Type: Virus

Infection Length: 57,344 bytes

Systems Affected: Windows XP, Windows NT, Windows 2000

W32.Sality.AE is a virus that spreads by infecting executable files and attempts to download potentially malicious files from the Internet.

Note: Symantec strongly recommends that customers take specific steps to control the execution of applications referenced in autorun.inf files that may be located on removable and network drives. Threats such as this one frequently attempt to spread to other computers using these avenues. Configuration changes made to a computer can limit the possibility of new threats compromising it. For more information, see the following document:

I got some more information from the Microsoft site just to enable and disable the autorun feature of the OS. This could help us to disable the virus spread through AutoRun. Take a look of the following link.

http://msdn.microsoft.com/en-us/library/bb776825.aspx

Enabling and Disabling AutoRun

There are many situations where AutoRun may need to be temporarily or persistently disabled. For example, AutoRun might interfere with the operation of a running application and need to be disabled for the duration. The system provides several ways to disable AutoRun.

• Suppressing AutoRun Programmatically
• Using the Registry to Disable AutoRun
• AutoRun for Other Types of Storage Media

Suppressing AutoRun Programmatically

There are a variety of situations where AutoRun may need to be suppressed programmatically. Two examples are:

• Your application has a setup program that requires the user to insert another disc that may contain an Autorun.inf file.
• During the operation of your application, the user may need to insert another disc that may contain an Autorun.inf file.

In either case, you will normally not want to launch another application while the original is in progress.

Users can manually suppress AutoRun by holding down the SHIFT key when they insert the CD-ROM. However, it is usually preferable to handle this operation programmatically rather than depending on the user.

With systems that have Shell version 4.70 and later, Microsoft Windows sends a "QueryCancelAutoPlay" message to the foreground window. Your application can respond to this message to suppress AutoRun. This approach is used by system utilities such as the Open common dialog box to disable AutoRun. You will not get a "QueryCancelAutoPlay" message with versions of Windows 95 that do not have the Microsoft Internet Explorer 4.0 integrated Shell installed.

The following code fragments illustrate how to set up and handle this message. Your application must be running in the foreground window. First, register "QueryCancelAutoPlay" as a Windows message:

uMessage = RegisterWindowMessage(TEXT("QueryCancelAutoPlay")); 

Your application's window must be in the foreground to receive this message. The message handler should return TRUE to cancel AutoRun and FALSE to enable it. The following code fragment illustrates how to use this message to disable AutoRun.

UINT g_uQueryCancelAutoPlay = 0;

LRESULT WndProc(HWND hwnd, UINT uMsg,  WPARAM wParam, LPARAM lParam) 

{ 

    switch (uMsg) 

    { 

    ... 

    default: 

        if (!g_uQueryCancelAutoPlay)

        { 

            g_uQueryCancelAutoPlay = RegisterWindowMessage(TEXT("QueryCancelAutoPlay"));

        } 

        if (uMsg && uMsg == g_uQueryCancelAutoPlay)

        { 

            return TRUE;       // cancel auto-play

        }

    }

}

If your application is using a dialog box and needs to respond to a "QueryCancelAutoPlay" message, it cannot simply return TRUE or FALSE. Instead, call SetWindowLong with nIndex set to DWL_MSGRESULT. Set the dwNewLong parameter to TRUE to cancel AutoRun, and FALSE to enable it. For example, the following sample dialog box procedure cancels AutoRun when it receives a "QueryCancelAutoPlay" message.

UINT g_uQueryCancelAutoPlay = 0;

BOOL DialogProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) 

{ 

    switch (uMsg) 

    { 

    ...

    default: 

        if (!g_uQueryCancelAutoPlay)

        {

            g_uQueryCancelAutoPlay = RegisterWindowMessage(TEXT("QueryCancelAutoPlay"));

        } 

        if (uMsg == g_uQueryCancelAutoPlay) 

        {

            SetWindowLong(hDlg, DWL_MSGRESULT, TRUE);          

            return 1;               

        }

    } 

}

Using the Registry to Disable AutoRun

There are two registry values that can be used to persistently disable AutoRun: NoDriveAutoRun and NoDriveTypeAutoRun. The first value disables AutoRun for specified drive letters and the second disables AutoRun for a class of drives. If either of these values is set to disable AutoRun for a particular device, it will be disabled.

The NoDriveAutoRun value disables AutoRun for specified drive letters. It is a REG_DWORD data value, found under the following key:

· HK

· HKEY_CURRENT_USER - Software - Microsoft - Windows - CurrentVersion - Policies - Explorer

The first bit of the value corresponds to drive A:, the second to B:, and so on. To disable AutoRun for one or more drive letters, set the corresponding bits. For example, to disable the A: and C: drives, set NoDriveAutoRun to 0x00000005.

The NoDriveTypeAutoRun value disables AutoRun for a class of drives. It is a REG_DWORD or 4-byte REG_BINARY data value, found under the same key.· H HKEY_CURRENT_USER - Software - Microsoft - Windows - CurrentVersion - Policies - Explorer

By setting the bits of this value's first byte, different drives can be excluded from working with AutoRun.

The following table gives the bits and bitmask constants, that can be set in the first byte of NoDriveTypeAutoRun to disable AutoRun for a particular drive type. For Microsoft Windows NT and later systems, you must restart Windows Explorer before the changes take effect.

Bit Number	Bitmask Constant	Description
0x04	DRIVE_REMOVEABLE	Disk can be removed from drive (such as a floppy disk).
0x08	DRIVE_FIXED	Disk cannot be removed from drive (a hard disk).
0x10	DRIVE_REMOTE	Network drive.
0x20	DRIVE_CDROM	CD-ROM drive.
0x40	DRIVE_RAMDISK	RAM disk.

AutoRun for Other Types of Storage Media

AutoRun is primarily intended for public distribution of applications on CD-ROM and DVD-ROM. However, it is often useful to enable AutoRun on other types of removable storage media. This feature is typically used simplify the debugging of AutoRun.inf files. AutoRun only works on removable storage devices when the following criteria are met:

• The device must have AutoRun-compatible drivers. To be AutoRun-compatible, a driver must notify the system that a disk has been inserted by sending a WM_DEVICECHANGE message.
• The root directory of the inserted media must contain an Autorun.inf file.
• The device must not have AutoRun disabled through the registry.
• The foreground application has not suppressed AutoRun.

Normally, AutoRun starts automatically, but it can also be started manually. If the device meets the criteria listed above, the drive letter's shortcut menu will include an AutoPlay command. To run AutoRun manually, either right-click the drive icon and select AutoPlay from the shortcut menu or double-click the drive icon. If the drivers are not AutoRun-compatible, the shortcut menu will not have an AutoPlay item and AutoRun cannot be started.

AutoRun-compatible drivers are provided with some floppy disk drives, as well as some other types of removable media such as CompactFlash cards. AutoRun also works with network drives that are mapped to a drive letter with Windows Explorer or mounted with the Microsoft Management Console (MMC). As with mounted hardware, a mounted network drive must have an Autorun.inf file in its root directory, and must not be disabled through the registry.

Java Excel Reading

To read the excel sheet data from java, Only few open source API's available currently.
The most popular one is Apache POI API. But some ppl prefer to use jexcelapi.

Whatever, Most of us will get stop when they read's Formula cells
in Formula cell some ppl use to read data from some other excel sheet or from other remote excel sheet.

To over come all this issues i have done a prototype which will read all kind of formula's.
This code i developed by using POI 3.5 API.

public class ExcelReaderHelper {

private InputStream excelStream;
private HSSFWorkbook workbook;
private POIFSFileSystem poiFileStream;
private HSSFSheet sheet;
private FormulaEvaluator evaluator;

public ExcelReaderHelper(String excelFileName) throws FileNotFoundException,IOException{

//excelStream = ExcelReaderHelper.class.getResourceAsStream(excelFileName);
excelStream = new FileInputStream(excelFileName);
if(excelStream == null)
throw new FileNotFoundException(excelFileName+ " File not found in spectfied path");

poiFileStream = new POIFSFileSystem( excelStream );
workbook = new HSSFWorkbook(poiFileStream);
evaluator = workbook.getCreationHelper().createFormulaEvaluator();
}


public getCellValue(final int columnId, final int rowId) throws NullPointerException, Exception{

String cellVal = null;

HSSFRow row = (HSSFRow)sheet.getRow(rowId);
if(row == null)
throw new NullPointerException("Row is null");

HSSFCell cell = (HSSFCell)row.getCell(columnId);
if(cell == null)
return cellVal = "";

try{//evaluateInCell(Cell cell) will check to see if the supplied cell is a formula cell.
//If it isn't, then no changes will be made to it. If it is, then the formula is evaluated,
//and the new value saved into the cell, in place of the old formula.
evaluator.evaluateInCell(cell);
}catch(Exception e){
//log.error("Cell evaluation error");
}

switch (cell.getCellType()) {

case HSSFCell.CELL_TYPE_NUMERIC:
if(DateUtil.isCellDateFormatted(cell)) {
cellVal = cell.getDateCellValue().toString();
} else {
cellVal = new Double(cell.getNumericCellValue()).toString();
}
break;

case HSSFCell.CELL_TYPE_STRING:
cellVal = cell.getStringCellValue();
break;

case HSSFCell.CELL_TYPE_FORMULA:
try{//Re-calculating all formulas in a Workbook
evaluator.evaluateFormulaCell(cell);
}catch(Exception e){
//log.error("Cell evaluation formula error");
}

if (cell.getCachedFormulaResultType() == HSSFCell.CELL_TYPE_STRING){
cellVal = cell.getStringCellValue();

}else if(cell.getCachedFormulaResultType() == HSSFCell.CELL_TYPE_NUMERIC){
double cellValDoub = cell.getNumericCellValue();
DecimalFormat df = new DecimalFormat("##");
cellVal = df.format(cellValDoub).toString();

}else if(cell.getCachedFormulaResultType() == HSSFCell.CELL_TYPE_FORMULA){
cellVal = "";
}else if(cell.getCachedFormulaResultType() == HSSFCell.CELL_TYPE_BOOLEAN){
cellVal = new Boolean(cell.getBooleanCellValue()).toString();
}else if(cell.getCachedFormulaResultType() == HSSFCell.CELL_TYPE_ERROR){
cellVal = "";
}else{
cellVal = "";
}

break;

case HSSFCell.CELL_TYPE_BLANK:
cellVal = "";
break;

case HSSFCell.CELL_TYPE_ERROR:
cellVal = "";
break;

default:
cellVal = cell.getStringCellValue();
break;
}

return cellVal;
}
}

Autoincrement in MySQL

Most of the ppl use to search in net for to add auto increment field in MySQL.
Its actually very easy like other databases. We have to add the property while creating the table it self like below.

CREATE TABLE emp (
   id INT(11) NOT NULL PRIMARY KEY AUTO_INCREMENT, fname VARCHAR(255)
)

99 Run Commands - Win XP

I found very nice article to know about windows XP RUN commands.
There are 99 command .Find the below commands.

Accessibility Controls
access.cpl

Add Hardware Wizard
hdwwiz.cpl

Add/Remove Programs
appwiz.cpl

Administrative Tools
control admintools

Automatic Updates
wuaucpl.cpl

Bluetooth Transfer Wizard
fsquirt

Calculator
calc

Certificate Manager
certmgr.msc

Character Map
charmap

Check Disk Utility
chkdsk

Clipboard Viewer
clipbrd

Command Prompt
cmd

Component Services
dcomcnfg

Computer Management
compmgmt.msc

Date and Time Properties
timedate.cpl

DDE Shares
ddeshare

Device Manager
devmgmt.msc

Direct X Control Panel (If Installed)*
directx.cpl

Direct X Troubleshooter
dxdiag

Disk Cleanup Utility
cleanmgr

Disk Defragment
dfrg.msc

Disk Management
diskmgmt.msc

Disk Partition Manager
diskpart

Display Properties
control desktop

Display Properties
desk.cpl

Display Properties (w/Appearance Tab Preselected)
control color

Dr. Watson System Troubleshooting Utility
drwtsn32

Driver Verifier Utility
verifier

Event Viewer
eventvwr.msc

File Signature Verification Tool
sigverif

Findfast
findfast.cpl

Folders Properties
control folders

Fonts
control fonts

Fonts Folder
fonts

Free Cell Card Game
freecell

Game Controllers
joy.cpl

Group Policy Editor (XP Prof)
gpedit.msc

Hearts Card Game
mshearts

Iexpress Wizard
iexpress

Indexing Service
ciadv.msc

Internet Properties
inetcpl.cpl

IP Configuration (Display Connection Configuration)
ipconfig /all

IP Configuration (Display DNS Cache Contents)
ipconfig /displaydns

IP Configuration (Delete DNS Cache Contents)
ipconfig /flushdns

IP Configuration (Release All Connections)
ipconfig /release

IP Configuration (Renew All Connections)
ipconfig /renew

IP Configuration (Refreshes DHCP & Re-Registers DNS)
ipconfig /registerdns

IP Configuration (Display DHCP Class ID)
ipconfig /showclassid

IP Configuration (Modifies DHCP Class ID)
ipconfig /setclassid

Java Control Panel (If Installed)
jpicpl32.cpl

Java Control Panel (If Installed)
javaws

Keyboard Properties
control keyboard

Local Security Settings
secpol.msc

Local Users and Groups
lusrmgr.msc

Logs You Out Of Windows
logoff

Microsoft Chat
winchat

Minesweeper Game
winmine

Mouse Properties
control mouse

Mouse Properties
main.cpl

Network Connections
control netconnections

Network Connections
ncpa.cpl

Network Setup Wizard
netsetup.cpl

Notepad
notepad

Nview Desktop Manager (If Installed)
nvtuicpl.cpl

Object Packager
packager

ODBC Data Source Administrator
odbccp32.cpl

On Screen Keyboard
osk

Opens AC3 Filter (If Installed)
ac3filter.cpl

Password Properties
password.cpl

Performance Monitor
perfmon.msc

Performance Monitor
perfmon

Phone and Modem Options
telephon.cpl

Power Configuration
powercfg.cpl

Printers and Faxes
control printers

Printers Folder
printers

Private Character Editor
eudcedit

Quicktime (If Installed)
QuickTime.cpl

Regional Settings
intl.cpl

Registry Editor
regedit

Registry Editor
regedit32

Remote Desktop
mstsc

Removable Storage
ntmsmgr.msc

Removable Storage Operator Requests
ntmsoprq.msc

Resultant Set of Policy (XP Prof)
rsop.msc

Scanners and Cameras
sticpl.cpl

Scheduled Tasks
control schedtasks

Security Center
wscui.cpl

Services
services.msc

Shared Folders
fsmgmt.msc

Shuts Down Windows
shutdown

Sounds and Audio
mmsys.cpl

Spider Solitare Card Game
spider

SQL Client Configuration
cliconfg

System Configuration Editor
sysedit

System Configuration Utility
msconfig

System File Checker Utility (Scan Immediately)
sfc /scannow

System File Checker Utility (Scan Once At Next Boot)
sfc /scanonce

System File Checker Utility (Scan On Every Boot)
sfc /scanboot

System File Checker Utility (Return to Default Setting)
sfc /revert

System File Checker Utility (Purge File Cache)
sfc /purgecache

System File Checker Utility (Set Cache Size to size x)
sfc /cachesize=x

System Properties
sysdm.cpl

Task Manager
taskmgr

Telnet Client
telnet

User Account Management
nusrmgr.cpl

Utility Manager
utilman

Windows Firewall
firewall.cpl

Windows Magnifier
magnify

Windows Management Infrastructure
wmimgmt.msc

Windows System Security Tool
syskey

Windows Update Launches
wupdmgr

Windows XP Tour Wizard
tourstart

Wordpad
write

HTML Color Chart

Hi All,
There is an interesting web page which will give complete information about HTML color codes.
Most of the Web Designers use to struggle for the color code, when they designing a web page or what ever. The following site would be the solution for then. They can find here all color value and color. Please look into the following URL.
http://immigration-usa.com/html_colors.html

JPEG Header Informations

Recently, I just started to work with J2ME based application. There i got a requirement like, i have to transfer some device based information as a MMS to other mobile device. Of-course, I have to send it as a JPEG . While i do search in net, i got a good articel about JPEG header.
http://www.obrador.com/essentialjpeg/headerinfo.htm

Before the image data is ever loaded when a JPEG image is selected for viewing the markers must be read. In a JPEG image, the very first marker is the SOI, or Start Of Image, marker. This is the first "hey, I'm a JPEG" declaration by the file. The JPEG standard, as written by the Joint Picture Expert's Group, specified the JPEG interchange format. This format had several shortcomings for which the JFIF (JPEG File Interchange Format) was an attempted remedy. The JFIF is the format used by almost all JPEG file readers/writers. It tells the image readers, "Hey, I'm a JPEG that almost anyone can understand."

Most markers will have additional information following them. When this is the case, the marker and its associated information is referred to as a "header." In a header the marker is immediately followed by two bytes that indicate the length of the information, in bytes, that the header contains. The two bytes that indicate the length are always included in that count.

A marker is prefixed by FF (hexadecimal). The marker/header information that follows does not specify all known markers, just the essential ones for baseline JPEG.

A component is a specific color channel in an image. For instance, an RGB image contains three components; Red, Green, and Blue.

Start of Image (SOI) marker -- two bytes (FFD8)

JFIF marker (FFE0)

• length -- two bytes
• identifier -- five bytes: 4A, 46, 49, 46, 00 (the ASCII code equivalent of a zero terminated "JFIF" string)
• version -- two bytes: often 01, 02
  • the most significant byte is used for major revisions
  • the least significant byte for minor revisions

• units -- one byte: Units for the X and Y densities
  • 0 => no units, X and Y specify the pixel aspect ratio
  • 1 => X and Y are dots per inch
  • 2 => X and Y are dots per cm
• Xdensity -- two bytes
• Ydensity -- two bytes
• Xthumbnail -- one byte: 0 = no thumbnail
• Ythumbnail -- one byte: 0 = no thumbnail
• (RGB)n -- 3n bytes: packed (24-bit) RGB values for the thumbnail pixels, n = Xthumbnail * Ythumbnail

Define Quantization table marker (FFDB)

• the first two bytes, the length, after the marker indicate the number of bytes, including the two length bytes, that this header contains
• until the length is exhausted (loads two quantization tables for baseline JPEG)
  • the precision and the quantization table index -- one byte: precision is specified by the higher four bits and index is specified by the lower four bits
    • precision in this case is either 0 or 1 and indicates the precision of the quantized values; 8-bit (baseline) for 0 and up to 16-bit for 1
  • the quantization values -- 64 bytes
    • the quantization tables are stored in zigzag format

Define Huffman table marker (FFC4)

• the first two bytes, the length, after the marker indicate the number of bytes, including the two length bytes, that this header contains
• until length is exhausted (usually four Huffman tables)
  • index -- one byte: if >15 (i.e. 0x10 or more) then an AC table, otherwise a DC table
  • bits -- 16 bytes
  • Huffman values -- # of bytes = the sum of the previous 16 bytes

Start of frame marker (FFC0)

• the first two bytes, the length, after the marker indicate the number of bytes, including the two length bytes, that this header contains
• P -- one byte: sample precision in bits (usually 8, for baseline JPEG)
• Y -- two bytes
• X -- two bytes
• Nf -- one byte: the number of components in the image
  • 3 for color baseline JPEG images
  • 1 for grayscale baseline JPEG images

• Nf times:
  • Component ID -- one byte
  • H and V sampling factors -- one byte: H is first four bits and V is second four bits
  • Quantization table number-- one byte

The H and V sampling factors dictate the final size of the component they are associated with. For instance, the color space defaults to YCbCr and the H and V sampling factors for each component, Y, Cb, and Cr, default to 2, 1, and 1, respectively (2 for both H and V of the Y component, etc.) in the Jpeg-6a library by the Independent Jpeg Group. While this does mean that the Y component will be twice the size of the other two components--giving it a higher resolution, the lower resolution components are quartered in size during compression in order to achieve this difference. Thus, the Cb and Cr components must be quadrupled in size during decompression.

Start of Scan marker (FFDA)

• the first two bytes, the length, after the marker indicate the number of bytes, including the two length bytes, that this header contains
• Number of components, n -- one byte: the number of components in this scan
• n times:
  • Component ID -- one byte
  • DC and AC table numbers -- one byte: DC # is first four bits and AC # is last four bits
• S_s -- one byte
• S_e -- one byte
• A_h and A_l -- one byte

Comment marker (FFFE)

• the first two bytes, the length, after the marker indicate the number of bytes, including the two length bytes, that this header contains

• whatever the user wants

End of Image (EOI) marker (FFD9)

• the very last marker