Remove OGA Office Not Genuine Notifications (Uninstall KB949810)

All Microsoft Office versions such as MS Office 2003, MS Office 2007, MS Office 2010 or MS Office XP are getting updated with Office Genuine Advantage Notifications (OGA KB949810) automatically. Once installed KB949810verifies your product key number and if it finds the product key number illegal or pirated, it will start showing a “This copy of Microsoft Office is not genuine” notification in your system tray area along with at splash screen whenever you try using Office programs.

OGA crack was a rumor and we are yet to see any KB949810 crack working. But we can manually uninstall this KB949810 update to get rid of these notifications. Do note that this update can’t be removed from ‘Add or Remove Programs’ interface as it does not show up there. But you can follow the below working tricks to disable and remove Office not genuine notifications from system tray and MS office programs interface.

Disable OGA Notification : Hack – 1

We can remove OGA notification by disabling OGAAddin.dll from loading when we start Office applications. OGAAddin.dll file shows the notification and removing this will stop such notifications from appearing. This below hack will make Windows think that KB949810 is properly installed and it will not prompt you for further installation.

1. Go to Start >> Run >> Type regedit in the box and hit Enter
2. This will open Registry Editor window, press Ctrl+F to open search box
3. Type OGAAddin.connect in the serach box to find this registry key
4. Once found, Right click on Load behaviour and select Modify option
5. Edit and change the value from 3 to 0
6. Repeat this process for each and every instances of OGAAddin.connectkey
7. You are done.

Disable OGA Notification – Hack 2

This hack will completely remove OGAAddin.connect registry key from system registry and the OGA notifications will be automatically removed. However the system might ask you to install this update using Windows Live Update again.

1. Go to Start >> Run >> Type regedit in the box and hit Enter
2. Navigate to the following key paths and remove these registry keys completely from your system. You might find any other key which contains OGAAddin.connect registry value, remember to remove all of them.

hkey_local_machine\software\microsoft\office\word\addins
hkey_local_machine\software\microsoft\office\excel\addins
hkey_local_machine\software\microsoft\office\powerpoint\addins
hkey_local_machine\software\microsoft\office\outlook\addins

3. Delete the OGAAddin.connect registry value from above paths
4. You are done.

Disable OGA Notifications – Hack – 3

This hack will remove OGAAddin from within MS Office applications, but you need to sign into any user profile on your computer with administrative access.

1. Navigate to C:\Program Files\Microsoft Office\Office12 (address might differ depending on your Office version and installation drive) >> Right click on any office applications such as inword.exe, excel.exe, powerpnt.exe etc and choose Run as Administrator option
2. Head to Options (at the bottom of the menu) >> Add-Ins
3. Select COM Add-ins under Manage drop down list >> Hit Go



4. Disable or remove OGAAddin
5. Follow the above process to remove OGAAddin from each and every office application
6. You are done.

Disable OGA Notifications – Hack – 4

We can completely disable OGA or KB949810 notifications by uninstalling KB949810 OGA Notification via OGANotifier.msi and this will stop and remove all OGA notifications.

1. Navigate toC:\Windows\SoftwareDistribution\Download\8998da55d52b36c0e98ba016ddd50de0\ folder (Assuming C:\ as your installation folder)
2. Extract OGANotifier.cab using WinRAR to find a file named asOGANotifier.msi
3. Right click on OGANotifier.msi >> select Uninstall
4. Block automatic update installation to avoid further installation
5. You are done.

Disable OGA Notification – Hack – 5

Microsoft does not allow people to uninstall OGA notifications, but you can easily delete and remove OGA components from your system manually. In this way, they will be automatically go inactive and you won’t see those boring “This copy of Microsoft Office is not genuine” notifications again.

1. Close all Office applications first
2. Navigate to C:\Wndows\System32 or C:\Windows\SysWow64 folder and delete the following files

OGAVerify.exe
OGAAddin.dll

3. You are done.

You can follow any of above 5 tricks to uninstall, remove or disable Office Genuine Advantage notifications (OGA or KB646810 notifications). Remember to disable auto-update feature else KB949810 update will get installed again.

TrustSoldier -- VIRUS ALERT

TrustSoldier

What this programs does:

TrustSoldier is a new scareware program that is installed and promoted through the use of Trojans. When the Trojan installs TrustSoldier it will configure it to start automatically when your computer starts. The Trojan will also install numerous harmless files that have random names onto your computer. When TrustSoldier starts it will scan your computer and detect these harmless files as malware and will state that you need to purchase the program to remove them. Though these files are harmless, it detects them as malware to try and trick you into thinking they are infections so that you will potentially purchase TrustSoldier. It goes without saying that you should not purchase this program.

TrustSoldier screen shot
For more screen shots of this infection click on the image above.
There are a total of 6 images you can view.

While TrustSoldier is running you will also see numerous security notices appear on your desktop warning you that your computer has a security problem. These alerts will contain messages ranging from warnings that your computer is under attack to a message stating that an active malware has been detected running on your computer. The Trojan will also display a Windows Security Center window that is an imposter of the legitimate Microsoft version. The difference is that the imposter will state that you should register TrustSoldier in order to protect your computer, while the legitimate version does not recommend any particular security software. Just like the fake scan results, these alerts are just another tactic to scare you into thinking that you are infected.

If you find that TrustSoldier is on your computer then please use the steps below to remove this infection and any related malware. If you have already purchased this program then we suggest you contact your credit card company and dispute the charges.

Threat Classification:

• Information on Rogue Programs & Scareware

Advanced information:

View TrustSoldier files.
View TrustSoldier Registry Information.

Entries for this program found in the Add or Remove Programs control panel:

TrustSoldier

Tools Needed for this fix:

• Malwarebytes' Anti-Malware

Symptoms that may be in a HijackThis Log:

O4 - HKCU\..\Run: [626ac87.exe] C:\WINDOWS\system32\626ac87.exe
O4 - HKCU\..\Run: [TrustSoldier] C:\Program Files\TrustSoldier Software\TrustSoldier\TrustSoldier.exe -min

WELCOME WINDOWS 7

http://www.desihotmasala.com/2008/12/windows-7-specifications-windows-7.html

FIVE SUPER-SECRET FEATURES IN WINDOWS 7

Five super-secret features in Windows 7

Here at TechRepublic we have been evaluating, experimenting with, and discussing Windows 7 throughout 2009. We’ve seen the same stuff that everyone else is talking about — the fact that Windows 7 cleans up the Vista interface, cleans out much of the code that made Vista too much of a resource hog, and finally suppresses most of those horribly-annoying UAC prompts.

However, during our Windows 7 exploration, I also spotted some secret features that are hidden deep within the recesses of over 50 million lines of code. In fact, these features are so secret that I doubt even the most dedicated, deeply-experienced IT professionals will be able to find them. Yes, they are that mysterious.

1. Software that turns normal displays into touchscreens

I don’t know how Microsoft did this. It seems like they would have needed cooperation from the hardware manufacturers. Nevertheless, it appears that the company has developed its own highly-secret software that can turn any standard LCD screen into a touchscreen. Now users will no longer have to a do a simple click-and-drag to resize photos. Instead they’ll be able to reach up to their screens with both hands and use a set of complicated multi-touch gestures to do the same thing, and it will only take 5-10 seconds longer. Upon further digging, I also discovered that all mouse and keyboard drivers appear to be in a time-bombed phase-out cycle.

2. PC-to-PC version of the Zune ’squirting’ feature

One of the most underused features in the Microsoft Zune platform is squirting, which allows a Zune user to share a song with another Zune user over Wi-Fi (although the squirted song can only be used for three days or three plays). Microsoft thinks this feature is very innovative and deserves much more attention and usage than it has received. Therefore, it has quietly integrated it into Windows 7. This will allow cubical mates to share songs with each other from their massive libraries of Zune Marketplace selections, and laptop users will even be use to shoot songs to each from other across the aisle in the subway, for example. In a surprising move, there is currently no PC-to-Zune or Zune-to-PC option. However, I’ve learned that Palm has also discovered this feature and apparently developed its own module to allow PC-to-Palm Pre squirting and vise-versa.

3. Registry: The Starter Edition

Much like the way Microsoft is offering a crimped version of Windows 7 called “Starter Edition,” I’ve also discovered an alternate version of the Windows Registry. Since this mysterious alternate Registry does not have an official name, let’s call it “Registry: The Starter Edition” because it is a greatly simplified and dumbed-down version. In fact, instead of five hives like the standard Registry, this one only has two: HKEY_CLUELESS_USER and HKEY_CRAPPY_MACHINE. I’m still not sure what purpose this alternate Registry will serve. The only thing I can think of is that it is designed to simplify the process of building Windows software for developers who have been writing Windows code for decades but are still too lazy to follow best practices in terms of file organization and user security.

4. Dual-boot software to run Mac OS X, known as ‘Training Camp’

Apple opened the door to more users - especially IT pros - in recent years by building Boot Camp into its Macintosh computers to allow them to run Windows along side Mac OS X in a dual-boot configuration. Not to be outdone, Microsoft as a secret dual-boot loader in Windows 7 that allows it to emulate Mac hardware and configure Mac OS X as an alternative boot option using the standard off-the-shelf Mac boot discs. In a fit of cleverness, Microsoft has decided to name it “Training Camp,” which I found out when I uncovered the Help file. However, I’m not sure what it is training for. If you have any ideas or theories, please post them in the discussion below.

5. The David Pogue spambot

The most puzzling and nefarious bit of code that I discovered in the bowels of Windows 7 was what appeared to be a spambot that could be used to flood the inbox of a targeted user, or even take down the person’s PC. Of course, this could just be next iteration of Windows Live Mail. However, I’m concerned that if this code fell into the wrong hands, it could be used to unfairly target the perceived enemies of Windows, such as New York Times tech writer David Pogue, who has recently been viciously targeted by the blogosphere as a Mac partisan in the guise of an objective technology journalist

usa.kaspersky.com hacked … full database acces , sql injection

usa.kaspersky.com hacked … full database acces , sql injection

Saturday 7, 2009
Kaspersky is one of the leading companies in the security and antivirus market. It seems as though they are not able to secure their own data bases.
Seems incredible but unfortunately, its true.
Alter one of the parameters and you have access to EVERYTHING: users, activation codes, lists of bugs, admins, shop, etc.
First, lets see the version, user and name of the database.

User host & password for mysql.user

This time I will not (for reasons that need no explanation) publish any screenshot with containing personal details or activation code.
I will only make public the names of the tables.
Though the list is long, the table are very interesting.
codesusersvouchersaffectstablebugs_settingsbugshistorybugstablebuildscategoriescommentstablecomputertableeditionsfilestablefrontpagegrouptableignoretablemilestonespakspmtablepriorityrepfielddetailrepfieldsrepfieldsetrepoptiondetailrepoptionsrepquickseveritystatustablesubstableuserstableadmin_usersbest_buycmscyberCrimeRegsemail_listfr_linkfr_link_importinterview_requestk_test_userskbfaqkbfaq_importkbrubkbrub_bukbrub_importlogin_statsmenumenu_relationsmenusnodepartnerspartners_buportal_cms_prod_annportal_cms_recent_articlesportal_cms_whats_newportal_product_ordersproduct_namesretail_login_statsretail_partnersretail_usersse_login_statsse_partnersse_userssetupshopping_com_salessmnr_itemssmnr_items_butrialstrials_butrials_downloaded_newtrials_rptsusersusers_buit_hardwareactivation_code_problemadmin_usersbest_buycmscyberCrimeRegse5usersemail_listfr_linkfr_link_bufr_link_importinterview_requestk_test_userskbfaqkbfaq_bukbfaq_importkbrubkbrub_bukbrub_importkbtop_poplogin_statsmenumenu_relationsmenusms_crm_filesms_crm_files_supportms_crm_intermediaryms_crm_intermediary_bums_crm_intermediary_supportnodeopt_outpartnerspartners_buportal_cms_prod_annportal_cms_recent_articlesportal_cms_whats_newproduct_namesretail_login_statsretail_partnersretail_usersse_login_statsse_partnersse_userssetupshopping_com_salessmnr_eventssmnr_itemssmnr_items_butest_userstest_users_newtrialstrials_butrials_downloadedtrials_downloaded_newtrials_rptsusersusers_buvirus_watchcolumns_privdbfunchelp_categoryhelp_keywordhelp_relationhelp_topichostprocprocs_privtables_privtime_zonetime_zone_leap_secondtime_zone_nametime_zone_transitiontime_zone_transition_typeusercodesstoresstores_buusers
And another picture with the colons name , and the name of userstable table.

Don’t forget to check our new article about same problem in bitdefender portugal.

for more infos and pics, please go to http://www.hackersblog.org/2009/02/07/usakasperskycom-hacked-full-database-acces-sql-injection/

Two More Methods to enable regedit

Two More Methods to enable regedit



This two methods I discovered on Ramesh’s troubleshooting Windows site - windowsxp.mvps.org.

First method

Type this command in Run box and press Ok.
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f


Second method

Using Group Policy editor. Once again in the Run box, type gpedit.msc and press Ok. Go to User Configuration-Administrative Templates-System, double click Disable registry editing tools and set it to Not Configured. Exit Group Policy editor.

UPDATE: Start your computer in safe mode with command prompt and type the following command to enable registry editor:-
reg delete HKCU\software\microsoft\windows\currentversion\policies\system /v “DisableRegistryTools” and run HKLM\software\microsoft\windows\currentversion\policies\system /v “DisableRegistryTools”


After you have run both commands your registry editor should be enabled
Found this on Rahul’s website. It was showing others how to remove Brontok virus actually, but since Brontok too disables the Registry Editor so it’s worth a shot.


http://pcproblems.wordpress.com/2007/10/06/two-more-methods-to-enable-regedit/

Countdown to Conficker

Countdown to Conficker

By Elinor Mills, CNET News.com
Wednesday, April 01, 2009 08:55 AM


The Conficker worm is stirring on some infected computers in Asia where it's April 1, but so far the activity is very tame, security researchers say.

"We've seen activity in honeypot machines in Asia.... They're generating the 50,000 list of (potential) domains to contact," said Paul Ferguson, an advanced threats researcher for Trend Micro.

The latest variant of the worm, Conficker.C, was set to activate on April 1, which for some of the infected machines will happen at local time and for others it will be GMT, depending on whether the machines are turned on and connected to the Internet, he said.

The process seems to be starting slowly, with infected machines starting to generate the list of domains and then picking one domain and trying to contact it and waiting before continuing on through 500 of those 50,000 domains, according to Ferguson.

The owners of the infected computers likely won't notice anything, unless they can't access the Web sites of security vendors and then they will know they are infected, he said. Trend Micro has figured out a way to unblock the computer from the sites that the worm has blocked using a Microsoft networking service, he said. More details are on the Trend Micro site.

"Nothing at this point; we're running updates every half hour or so," Dave Marcus, director of security research for McAfee Avert Labs, said when asked to report what he was seeing. "They're supposed to connect to one of a variety of Web sites and download a piece of code. What that code is supposed to do is up in the air."

IBM ISS's X-Force group also reported that things were quiet, at least for the moment, in Asia where most of the infections are. Nearly 45 percent are in Asia, followed by Europe at about 30 percent, according to the Frequency X blog.

IBM ISS also said it had found a way for ISPs to detect infected computers on a network by monitoring the peer-to-peer communications the worm makes between infected PCs.
Experts say the worm could be used to steal passwords or other sensitive data from infected computers, or turn them into a botnet that sends out spam.

The worm exploits a vulnerability in Windows that Microsoft patched in October and spreads through weakly protected network shares and via removable storage devices, like USB drives.
Conficker.C also shuts down security services, blocks computers from connecting to security Web sites, and downloads a Trojan. It reaches out to other infected computers via peer-to-peer networking, in addition to being programmed to reach out to 500 domains to receive updated copies or other malware instead of just 250 domains as earlier versions did.

Conficker worm digs in around the world

Conficker worm digs in around the world


By Glenn Chapman
Agence France-Presse
First Posted 14:16:00 04/01/2009

Filed Under: Technology (general), Internet


SAN FRANCISCO--Computer security top guns around the world watched warily as the dreaded Conficker worm squirmed deeper into infected machines with the arrival of an April 1st trigger date.

The malicious software evolved, as expected, from East to West, beginning in time zones first to greet April Fool's Day.

"Planes are not going to fall out of the sky and the Internet is not going to melt down," said threat analyst Paul Ferguson of Trend Micro computer security firm in Northern California.

"The big mystery is what those behind Conficker are going to do. When they have this many machines under their control it is kind of scary. With a click of a mouse they could get thousands of machines to do whatever they want."

A task force assembled by Microsoft has been working to stamp out the worm, referred to as Conficker or DownAdUP, and the US software colossus has placed a bounty of 250,000 dollars on the heads of those responsible for the threat.

The worm was programmed to modify itself on Wednesday to become harder to stop and began doing that when infected machines got cues, some from websites with Greenwich Mean Time and others based on local clocks.

Conficker task force members tracking Internet traffic in Asia and Europe after clocks struck April 1st there said there was no sign that the worm was doing anything other than modifying itself to be harder to exterminate.

Conficker had been programmed to reach out to 250 websites daily to download commands from its masters, they said, but on Wednesday it began generating daily lists of 50,000 websites and reaching randomly to 500 of those.

The hackers behind the worm have yet to give it any specific orders.

An estimated one to two million computers worldwide are infected with Conficker.

Computer security specialists warn that the Conficker threat will remain even if April 1st passes without it causing trouble.

"It doesn't seem to be doing anything right now," Ferguson said as Conficker made its way to the western United States.

"I hope April 1st comes and goes with no trouble. But, there is this loaded pistol looming large out there even if no one has pulled the trigger."

The FBI said Tuesday it is working with the Department of Homeland Security and other US agencies to "identify and mitigate" the Conficker threat.

"The public is once again reminded to employ strong security measures on their computers," FBI Cyber Division assistant director Shawn Henry said in a release.

"That includes the installation of the latest anti-virus software and having a firewall in place...Opening, responding to, or clicking on attachments contained in unsolicited e-mail is particularly harmful and should be avoided."

The worm, a self-replicating program, takes advantage of networks or computers that haven't kept up to date with security patches for Windows RPC Server Service.

It can infect machines from the Internet or by hiding on USB memory sticks carrying data from one computer to another.

Malware could be triggered to steal data or turn control of infected computers over to hackers amassing "zombie" machines into "botnet" armies.

Microsoft has modified its free Malicious Software Removal Tool to detect and get rid of Conficker.

The infection rate has slowed from a fierce pace earlier this year, but computers that are not updated with a software patch released by Microsoft remain vulnerable, according to security specialists.

Conficker was first detected in November 2008.

Among the ways one can tell if their machine is infected is that the worm will block efforts to connect with websites of security firms such as Trend Micro or Symantec where there are online tools for removing the virus.

Cyber-criminals have taken advantage of Conficker hype by using promises of information or cures to lure Internet users to websites booby-trapped with malicious software.